Add staging robosig config

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2019-07-03 12:43:39 +00:00 · 2019-07-03 12:43:39 +00:00 · a4d1aadb95
commit a4d1aadb95
parent 5f7f05b8e6
2 changed files with 63 additions and 2 deletions
--- a/roles/robosignatory/files/robosignatory.staging.py
+++ b/roles/robosignatory/files/robosignatory.staging.py
@ -0,0 +1,61 @@
+config = {
+    'logging': {
+        'loggers': {
+            'robosignatory': {
+                'handlers': ['console', 'mailer'],
+                'level': 'DEBUG',
+                'propagate': False
+            },
+        },
+    },
+
+    'robosignatory.enabled.tagsigner': True,
+    'robosignatory.enabled.atomicsigner': True,
+
+    # Any tag prefixed with "module-" will be considered a module.
+    'robosignatory.module_prefixes': ['module-'],
+
+
+    'robosignatory.signing': {
+        'backend': 'sigul',
+        'user': 'autopen',
+        'passphrase_file': '/etc/sigul/autosign.pass',
+        'config_file': '/etc/sigul/client.conf'
+    },
+
+    # The keys here need to be the same in the sigul bridge
+    'robosignatory.koji_instances': {
+        'primary': {
+            'url': 'https://koji.stg.fedoraproject.org/kojihub',
+            'options': {
+                # Only ssl is supported at the moment
+                'authmethod': 'kerberos',
+                'principal': 'autosign/autosign01.stg.phx2.fedoraproject.org@STG.FEDORAPROJECT.ORG',
+                'keytab': '/etc/krb5.autosign_autosign01.stg.phx2.fedoraproject.org.keytab',
+                'krb_rdns': False
+            },
+            'mbs_user': 'mbs/mbs.stg.fedoraproject.org',
+            'tags': [
+                # Temporary tags
+                # Infra tags
+                # Gated coreos-pool tag
+                # Gated rawhide and branched
+                {
+                    "from": "f31-pending",
+                    "to": "f31",
+                    "key": "fedora-31",
+                    "keyid": "3c3359c4"
+                },
+                # Gated bodhi updates
+                # Non-gated bodhi triggered
+            ],
+        },
+    },
+
+    'robosignatory.ostree_refs': {
+        'fedora/rawhide/x86_64/iot': {
+            'directory': '/mnt/fedora_koji/koji/compose/iot/repo/',
+            'key': 'fedora-31'
+        },
+    }
+}
--- a/roles/robosignatory/files/sigul.staging.conf
+++ b/roles/robosignatory/files/sigul.staging.conf
@ -1,6 +1,6 @@
 [client]
-bridge-hostname: sign-bridge1
-server-hostname: sign-vault1
+bridge-hostname: sign-bridge01.stg.phx2.fedoraproject.org
+server-hostname: sign-vault01.stg.phx2.fedoraproject.org
 client-cert-nickname: sigul-client-cert
 user-name: autopen