openqa: rejig env_suffix handling

env_suffix isn't actually set to .stg on openQA staging because
it's not a normal staging host. Let's not set it in case it
breaks other plays, but use a custom var instead.

Signed-off-by: Adam Williamson <awilliam@redhat.com>

inventory/group_vars/openqa

@@ -21,6 +21,12 @@ openqa_assetsize_updates: 100
 openqa_key: "{{ prod_openqa_apikey }}"
 openqa_secret: "{{ prod_openqa_apisecret }}"
 
+# this is because openqa staging isn't really a staging host
+# we don't want to set env_suffix to stg on it because that may
+# break some other plays, but we do need the env suffix for the
+# fedora-messaging bits, so let's make our own
+openqa_env_suffix:
+
 wikitcms_token: "{{ private }}/files/openidc/production/wikitcms.json"
 openqa_resultsdb_url: http://resultsdb01.qa.fedoraproject.org/resultsdb_api/api/v2.0/
 

inventory/group_vars/openqa_stg

@@ -37,6 +37,12 @@ openqa_assetsize_updates: 100
 openqa_key: "{{ stg_openqa_apikey }}"
 openqa_secret: "{{ stg_openqa_apisecret }}"
 
+# this is because openqa staging isn't really a staging host
+# we don't want to set env_suffix to stg on it because that may
+# break some other plays, but we do need the env suffix for the
+# fedora-messaging bits, so let's make our own
+openqa_env_suffix: .stg
+
 # for now, we have the 'extra' arches (ppc64 and aarch64) on stg
 openqa_extraarches: true
 

inventory/group_vars/openqa_stg_workers

@@ -4,6 +4,12 @@ openqa_hostname: openqa-stg01.qa.fedoraproject.org
 openqa_key: "{{ stg_openqa_apikey }}"
 openqa_secret: "{{ stg_openqa_apisecret }}"
 
+# this is because openqa staging isn't really a staging host
+# we don't want to set env_suffix to stg on it because that may
+# break some other plays, but we do need the env suffix for the
+# fedora-messaging bits, so let's make our own
+openqa_env_suffix: .stg
+
 # These boxes are F30, so we need Python 3 ansible
 ansible_python_interpreter: /usr/bin/python3
 

inventory/group_vars/openqa_workers

@@ -4,5 +4,11 @@ openqa_hostname: openqa01.qa.fedoraproject.org
 openqa_key: "{{ prod_openqa_apikey }}"
 openqa_secret: "{{ prod_openqa_apisecret }}"
 
+# this is because openqa staging isn't really a staging host
+# we don't want to set env_suffix to stg on it because that may
+# break some other plays, but we do need the env suffix for the
+# fedora-messaging bits, so let's make our own
+openqa_env_suffix:
+
 deployment_type: prod
 freezes: false

roles/openqa/dispatcher/tasks/main.yml

@@ -222,8 +222,8 @@
 
 - name: Deploy the Fedora infra fedora-messaging cert
   copy:
-    src: "{{ private }}/files/rabbitmq/{{env}}/pki/issued/openqa{{env_suffix}}.crt"
-    dest: /etc/pki/fedora-messaging/openqa{{env_suffix}}-cert.pem
+    src: "{{ private }}/files/rabbitmq/{{env}}/pki/issued/openqa{{openqa_env_suffix}}.crt"
+    dest: /etc/pki/fedora-messaging/openqa{{openqa_env_suffix}}-cert.pem
     mode: 0644
     owner: root
     group: root
@@ -233,8 +233,8 @@
 
 - name: Deploy the Fedora infra fedora-messaging key
   copy:
-    src: "{{ private }}/files/rabbitmq/{{env}}/pki/private/openqa{{env_suffix}}.key"
-    dest: /etc/pki/fedora-messaging/openqa{{env_suffix}}-key.pem
+    src: "{{ private }}/files/rabbitmq/{{env}}/pki/private/openqa{{openqa_env_suffix}}.key"
+    dest: /etc/pki/fedora-messaging/openqa{{openqa_env_suffix}}-key.pem
     mode: 0600
     owner: root
     group: root

roles/openqa/dispatcher/templates/fedora_openqa_resultsdb_reporter.toml.j2

@@ -4,7 +4,7 @@
 #
 # This file is in the TOML format.
 {% if deployment_type is defined %}
-amqp_url = "amqps://openqa{{ env_suffix }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpublic_pubsub"
+amqp_url = "amqps://openqa{{ openqa_env_suffix }}:@rabbitmq{{ openqa_env_suffix }}.fedoraproject.org/%2Fpublic_pubsub"
 {% else %}
 amqp_url = "amqps://fedora:@rabbitmq.fedoraproject.org/%2Fpublic_pubsub"
 {% endif %}
@@ -12,9 +12,9 @@ callback = "fedora_openqa.consumer:OpenQAResultsDBReporter"
 
 [tls]
 {% if deployment_type is defined %}
-ca_cert = "/etc/fedora-messaging/cacert{{ env_suffix }}.pem"
-keyfile = "/etc/pki/fedora-messaging/openqa{{ env_suffix }}-key.pem"
-certfile = "/etc/pki/fedora-messaging/openqa{{ env_suffix }}-cert.pem"
+ca_cert = "/etc/fedora-messaging/cacert{{ openqa_env_suffix }}.pem"
+keyfile = "/etc/pki/fedora-messaging/openqa{{ openqa_env_suffix }}-key.pem"
+certfile = "/etc/pki/fedora-messaging/openqa{{ openqa_env_suffix }}-cert.pem"
 {% else %}
 ca_cert = "/etc/fedora-messaging/cacert.pem"
 keyfile = "/etc/fedora-messaging/fedora-key.pem"
@@ -32,7 +32,7 @@ arguments = {}
 
 {% if deployment_type is defined %}
 # Private queue name.
-[queues.openqa{{ env_suffix }}_resultsdb_reporter]
+[queues.openqa{{ openqa_env_suffix }}_resultsdb_reporter]
 {% else %}
 # Queue names *must* be in the normal UUID format: run "uuidgen" and use the
 # output as your queue name. If your queue is not exclusive, anyone can connect
@@ -51,7 +51,7 @@ arguments = {}
 
 [[bindings]]
 {% if deployment_type is defined %}
-queue = "openqa{{ env_suffix }}_resultsdb_reporter"
+queue = "openqa{{ openqa_env_suffix }}_resultsdb_reporter"
 {% else %}
 queue = "{{ openqa_resultsdb_reporter_uuid }}"
 {% endif %}

roles/openqa/dispatcher/templates/fedora_openqa_scheduler.toml.j2

@@ -35,7 +35,7 @@ arguments = {}
 
 {% if deployment_type is defined %}
 # Private queue name.
-[queues.openqa{{ env_suffix }}_scheduler]
+[queues.openqa{{ openqa_env_suffix }}_scheduler]
 {% else %}
 # Queue names *must* be in the normal UUID format: run "uuidgen" and use the
 # output as your queue name. If your queue is not exclusive, anyone can connect
@@ -54,7 +54,7 @@ arguments = {}
 
 [[bindings]]
 {% if deployment_type is defined %}
-queue = "openqa{{ env_suffix }}_scheduler"
+queue = "openqa{{ openqa_env_suffix }}_scheduler"
 {% else %}
 queue = "{{ openqa_scheduler_uuid }}"
 {% endif %}

roles/openqa/dispatcher/templates/fedora_openqa_wiki_reporter.toml.j2

@@ -4,7 +4,7 @@
 #
 # This file is in the TOML format.
 {% if deployment_type is defined %}
-amqp_url = "amqps://openqa{{ env_suffix }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpublic_pubsub"
+amqp_url = "amqps://openqa{{ openqa_env_suffix }}:@rabbitmq{{ openqa_env_suffix }}.fedoraproject.org/%2Fpublic_pubsub"
 {% else %}
 amqp_url = "amqps://fedora:@rabbitmq.fedoraproject.org/%2Fpublic_pubsub"
 {% endif %}
@@ -12,9 +12,9 @@ callback = "fedora_openqa.consumer:OpenQAWikiReporter"
 
 [tls]
 {% if deployment_type is defined %}
-ca_cert = "/etc/fedora-messaging/cacert{{ env_suffix }}.pem"
-keyfile = "/etc/pki/fedora-messaging/openqa{{ env_suffix }}-key.pem"
-certfile = "/etc/pki/fedora-messaging/openqa{{ env_suffix }}-cert.pem"
+ca_cert = "/etc/fedora-messaging/cacert{{ openqa_env_suffix }}.pem"
+keyfile = "/etc/pki/fedora-messaging/openqa{{ openqa_env_suffix }}-key.pem"
+certfile = "/etc/pki/fedora-messaging/openqa{{ openqa_env_suffix }}-cert.pem"
 {% else %}
 ca_cert = "/etc/fedora-messaging/cacert.pem"
 keyfile = "/etc/fedora-messaging/fedora-key.pem"
@@ -32,7 +32,7 @@ arguments = {}
 
 {% if deployment_type is defined %}
 # Private queue name.
-[queues.openqa{{ env_suffix }}_wiki_reporter]
+[queues.openqa{{ openqa_env_suffix }}_wiki_reporter]
 {% else %}
 # Queue names *must* be in the normal UUID format: run "uuidgen" and use the
 # output as your queue name. If your queue is not exclusive, anyone can connect
@@ -51,7 +51,7 @@ arguments = {}
 
 [[bindings]]
 {% if deployment_type is defined %}
-queue = "openqa{{ env_suffix }}_wiki_reporter"
+queue = "openqa{{ openqa_env_suffix }}_wiki_reporter"
 {% else %}
 queue = "{{ openqa_wiki_reporter_uuid }}"
 {% endif %}