Consolidate prod and stg configs

2014-02-16 21:19:10 +00:00 · 2014-02-16 21:19:10 +00:00 · 392ee5a552
commit 392ee5a552
parent 3df290581e
3 changed files with 16 additions and 71 deletions
--- a/roles/fedoauth/tasks/main.yml
+++ b/roles/fedoauth/tasks/main.yml
@ -21,17 +21,6 @@
  template: src=fedoauth.cfg
            dest=/etc/fedoauth/fedoauth.cfg
            owner=fedoauth group=fedoauth mode=0600
-  when: env != "staging"
-  tags:
-  - config
-  notify:
-  - restart apache
-
- name: copy fedoauth STG configuration
-  template: src=fedoauth.stg.cfg
-            dest=/etc/fedoauth/fedoauth.cfg
-            owner=fedoauth group=fedoauth mode=0600
-  when: env == "staging"
  tags:
  - config
  notify:
--- a/roles/fedoauth/templates/fedoauth.cfg
+++ b/roles/fedoauth/templates/fedoauth.cfg
@ -2,16 +2,27 @@

 # GENERAL CONFIGURATION
 ### url to the database server:
+{% if env == 'staging' %}
+SQLALCHEMY_DATABASE_URI="postgresql://{{ fedoauth_db_user }}:{{ fedoauth_db_pass }}@{{ fedoauth_db_host }}.stg/{{ fedoauth_db_name }}"
+{% else %}
 SQLALCHEMY_DATABASE_URI="postgresql://{{ fedoauth_db_user }}:{{ fedoauth_db_pass }}@{{ fedoauth_db_host }}/{{ fedoauth_db_name }}"
-#SQLALCHEMY_DATABASE_URI='sqlite:///fedoauth.sqlite'
-#SQLALCHEMY_DATABASE_URI='mysql://user:pass@host/db_name'
-#SQLALCHEMY_DATABASE_URI='postgresql://user:pass@host/db_name'
+{% endif %}

 # This is the OpenID endpoint url, at which the server is available
+{% if env == 'staging' %}
+WEBSITE_ROOT = 'https://id.stg/fedoraproject.org'
+COOKIE_DOMAIN = 'id.stg.fedoraproject.org'
+OPENID_IDENTITY_URL = 'http://%(username)s.id.stg.fedoraproject.org/'
+PERSONA_DOMAIN = 'stg.fedoraproject.org'
+PERSONA_ISSUER = 'id.stg.fedoraproject.org'
+{% else %}
 WEBSITE_ROOT = 'https://id.fedoraproject.org'
 COOKIE_DOMAIN = 'id.fedoraproject.org'
-COOKIE_SECURE = True
 OPENID_IDENTITY_URL = 'http://%(username)s.id.fedoraproject.org/'
+PERSONA_DOMAIN = 'fedoraproject.org'
+PERSONA_ISSUER = 'id.fedoraproject.org'
+{% endif %}
+COOKIE_SECURE = True

 # Modules to use
 AUTH_MODULE='fedoauth.auth.fas.Auth_FAS'
@ -29,8 +40,6 @@ FAS_AVAILABLE_TO = []

 # PERSONA CONFIGURATION
 # This is the domain for which we are willing to sign
-PERSONA_DOMAIN = 'fedoraproject.org'
-PERSONA_ISSUER = 'id.fedoraproject.org'
 PERSONA_PRIVATE_KEY_PATH = '/etc/fedoauth/persona.key'
 PERSONA_PRIVATE_KEY_PASSPHRASE = '{{ fedoauth_persona_key_passphrase }}'

@ -45,7 +54,7 @@ OPENID_TRUSTED_ROOTS = ['http://jenkins.cloud.fedoraproject.org/securityRealm/fi
                        'https://apps.fedoraproject.org/nuancier/',
                        'https://apps.fedoraproject.org/datagrepper/',
                        'https://apps.fedoraproject.org/calendar/',
-                        'https://apps.fedoraproject.org/notifications/',
+                        'http://apps.fedoraproject.org/notifications/',
                        'http://copr.fedoraproject.org/',
                        'http://copr-fe.cloud.fedoraproject.org/']
 OPENID_NON_TRUSTED_ROOTS = []
--- a/roles/fedoauth/templates/fedoauth.stg.cfg
+++ b/roles/fedoauth/templates/fedoauth.stg.cfg
@ -1,53 +0,0 @@
-# Beware that the quotes around the values are mandatory
-
-# GENERAL CONFIGURATION
-### url to the database server:
-SQLALCHEMY_DATABASE_URI="postgresql://{{ fedoauth_db_user }}:{{ fedoauth_db_pass }}@{{ fedoauth_db_host }}.stg/{{ fedoauth_db_name }}"
-#SQLALCHEMY_DATABASE_URI='sqlite:///fedoauth.sqlite'
-#SQLALCHEMY_DATABASE_URI='mysql://user:pass@host/db_name'
-#SQLALCHEMY_DATABASE_URI='postgresql://user:pass@host/db_name'
-
-# This is the OpenID endpoint url, at which the server is available
-WEBSITE_ROOT = 'https://id.stg.fedoraproject.org'
-COOKIE_DOMAIN = 'id.stg.fedoraproject.org'
-COOKIE_SECURE = True
-OPENID_IDENTITY_URL = 'http://%(username)s.id.stg.fedoraproject.org/'
-
-# Modules to use
-AUTH_MODULE='fedoauth.auth.fas.Auth_FAS'
-
-# FAS PROVIDER CONFIGURATION
-FAS_USER_AGENT = 'FAS-OpenID'
-FAS_BASE_URL='https://admin.fedoraproject.org/accounts/'
-FAS_CHECK_CERT=False
-FAS_HTTPS_REQUIRED=False
-FAS_HANDLE_GROUPS_MAGIC_VALUE=True
-
-# Enable a filter to make this only available to a specific list of users
-FAS_AVAILABLE_FILTER = False
-FAS_AVAILABLE_TO = []
-
-# PERSONA CONFIGURATION
-# This is the domain for which we are willing to sign
-PERSONA_DOMAIN = 'stg.fedoraproject.org'
-PERSONA_ISSUER = 'id.stg.fedoraproject.org'
-PERSONA_PRIVATE_KEY_PATH = '/etc/fedoauth/persona.stg.key'
-PERSONA_PRIVATE_KEY_PASSPHRASE = '{{ fedoauth_persona_key_passphrase }}'
-
-# OPENID CONFIGURATION
-# This is the OpenID url provided to users. Add %(username)s where the username should be entered
-# A list of trust roots for which the user will not need to confirm again
-OPENID_TRUSTED_ROOTS = ['http://jenkins.cloud.fedoraproject.org/securityRealm/finishLogin',
-                        'https://ask.fedoraproject.org/',
-                        'https://fedorahosted.org/',
-                        'https://badges.fedoraproject.org',
-                        'https://apps.fedoraproject.org/tagger/',
-                        'https://apps.fedoraproject.org/nuancier/',
-                        'https://apps.fedoraproject.org/datagrepper/',
-                        'https://apps.fedoraproject.org/calendar/',
-                        'https://apps.fedoraproject.org/notifications/',
-                        'http://copr.fedoraproject.org/',
-                        'http://copr-fe.cloud.fedoraproject.org/']
-OPENID_NON_TRUSTED_ROOTS = []
-### The maximum time after which the user must re-authenticate for OpenID in minutes (use 0 for no limit)
-OPENID_MAX_AUTH_TIME = 120