From 57984e872c104340418971350e7d848efcba53db Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Tue, 28 Apr 2015 13:24:03 +0000 Subject: [PATCH] (fedmsg) allow hosts to override their cert_prefix globally. --- inventory/group_vars/retrace | 1 + roles/fedmsg/base/templates/base.py.j2 | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/inventory/group_vars/retrace b/inventory/group_vars/retrace index c27a581b5a..d6678a4a99 100644 --- a/inventory/group_vars/retrace +++ b/inventory/group_vars/retrace @@ -15,6 +15,7 @@ nrpe_procs_crit: 1000 # Since retrace is on the qa network, it needs to actively connect to our # inbound relay. fedmsg_active: True +fedmsg_cert_prefix: faf # Declare fedmsg certs that should be put in /etc/pki/fedmsg/ # These are consumed by a task in roles/fedmsg/base/main.yml diff --git a/roles/fedmsg/base/templates/base.py.j2 b/roles/fedmsg/base/templates/base.py.j2 index 20487a9f6d..8a4427a221 100644 --- a/roles/fedmsg/base/templates/base.py.j2 +++ b/roles/fedmsg/base/templates/base.py.j2 @@ -14,6 +14,16 @@ config = dict( # on. active={{fedmsg_active}}, + {% if fedmsg_cert_prefix is defined %} + # Most fedmsg enabled services dynamically guess their cert_prefix by + # looking at the namespace of the python code that they're running in. For + # instance, bodhi's code is in the 'bodhi' python module, so fedmsg grabs + # that and uses it for its cert prefix. Some code, however, runs in an + # oddly-namespaced module, and so we allow the option here to override that + # at the host level. + cert_prefix='{{fedmsg_cert_prefix}}', + {% endif %} + {% if not ansible_hostname.startswith('busgateway') %} # These options provide a place for hub processes to write out their last # processed message. This let's them read it in at startup and figure out