From 70c25021cc8860b2dd32ff5d66ce2b3de8c068ef Mon Sep 17 00:00:00 2001 From: Pavel Raiskup Date: Fri, 17 Jan 2020 21:58:57 +0100 Subject: [PATCH] copr: update infrastructure password https://pagure.io/fedora-infrastructure/issue/8555 --- roles/copr/backend/tasks/main.yml | 1 + roles/copr/backend/templates/copr-be.conf.j2 | 6 ++++++ roles/copr/dist_git/tasks/main.yml | 1 + roles/copr/dist_git/templates/copr-dist-git.conf.j2 | 6 ++++++ roles/copr/frontend-cloud/tasks/main.yml | 1 + roles/copr/frontend-cloud/templates/copr.conf | 7 +++++++ 6 files changed, 22 insertions(+) diff --git a/roles/copr/backend/tasks/main.yml b/roles/copr/backend/tasks/main.yml index 1e5b06a619..a92ff89f82 100644 --- a/roles/copr/backend/tasks/main.yml +++ b/roles/copr/backend/tasks/main.yml @@ -225,6 +225,7 @@ - restart copr-backend tags: - config + - copr_infrastructure_password - name: create messaging config directory file: dest=/etc/copr/msgbuses state=directory owner=copr group=copr mode=0700 diff --git a/roles/copr/backend/templates/copr-be.conf.j2 b/roles/copr/backend/templates/copr-be.conf.j2 index e72b0172a1..095d6a70cf 100644 --- a/roles/copr/backend/templates/copr-be.conf.j2 +++ b/roles/copr/backend/templates/copr-be.conf.j2 @@ -8,7 +8,13 @@ frontend_base_url={{ frontend_base_url }} # must have same value as BACKEND_PASSWORD from have frontend in /etc/copr/copr.conf # default is PASSWORDHERE but you really should change it. really. +{% if env == 'production' %} frontend_auth={{ copr_backend_password }} +{% elif devel %} +frontend_auth={{ copr_backend_password_dev }} +{% else %} +frontend_auth={{ copr_backend_password_stg }} +{% endif %} # For each build group set: # name - name of the group (will be shown in the worker process name) diff --git a/roles/copr/dist_git/tasks/main.yml b/roles/copr/dist_git/tasks/main.yml index 6078574325..cc84e83ba2 100644 --- a/roles/copr/dist_git/tasks/main.yml +++ b/roles/copr/dist_git/tasks/main.yml @@ -40,6 +40,7 @@ template: src=copr-dist-git.conf.j2 dest=/etc/copr/copr-dist-git.conf mode=0644 tags: - config + - copr_infrastructure_password - name: set git variables for copr-dist-git user copy: src=".gitconfig" dest="/home/copr-dist-git/.gitconfig" diff --git a/roles/copr/dist_git/templates/copr-dist-git.conf.j2 b/roles/copr/dist_git/templates/copr-dist-git.conf.j2 index da9d4f3839..a8e5c60ab6 100644 --- a/roles/copr/dist_git/templates/copr-dist-git.conf.j2 +++ b/roles/copr/dist_git/templates/copr-dist-git.conf.j2 @@ -5,7 +5,13 @@ frontend_base_url={{frontend_base_url}} # must have same value as BACKEND_PASSWORD from have frontend in /etc/copr/copr.conf # default is PASSWORDHERE but you really should change it. really. +{% if env == 'production' %} frontend_auth={{ copr_backend_password }} +{% elif devel %} +frontend_auth={{ copr_backend_password_dev }} +{% else %} +frontend_auth={{ copr_backend_password_stg }} +{% endif %} # where import logs should be stored per_task_log_dir=/var/lib/copr-dist-git/per-task-logs/ diff --git a/roles/copr/frontend-cloud/tasks/main.yml b/roles/copr/frontend-cloud/tasks/main.yml index d05305a41a..050c4adffa 100644 --- a/roles/copr/frontend-cloud/tasks/main.yml +++ b/roles/copr/frontend-cloud/tasks/main.yml @@ -56,6 +56,7 @@ - restart copr-fe-fedora-messaging-reader tags: - config + - copr_infrastructure_password - name: enable and start redis # TODO: .service in copr-backend should depend on redis service: name=redis enabled=yes state=started diff --git a/roles/copr/frontend-cloud/templates/copr.conf b/roles/copr/frontend-cloud/templates/copr.conf index 3a7d8f28c3..3abed44636 100644 --- a/roles/copr/frontend-cloud/templates/copr.conf +++ b/roles/copr/frontend-cloud/templates/copr.conf @@ -11,7 +11,14 @@ WHOOSHEE_MIN_STRING_LEN = 2 WHOOSHEE_WRITER_TIMEOUT = 10 SECRET_KEY = '{{ copr_secret_key }}' +{% if env == 'production' %} BACKEND_PASSWORD = '{{ copr_backend_password }}' +{% elif devel %} +BACKEND_PASSWORD = '{{ copr_backend_password_dev }}' +{% else %} +BACKEND_PASSWORD = '{{ copr_backend_password_stg }}' +{% endif %} + BACKEND_BASE_URL = '{{ backend_base_url }}' # restrict access to a set of users