From b1d0171a84085ece3cde61d11b4d356f3e5b9a14 Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Wed, 13 Jul 2016 13:16:56 +0000 Subject: [PATCH] Allow composer.stg to receive messages from modularity.fic.o See https://fedorahosted.org/rel-eng/ticket/6441 --- inventory/group_vars/all | 6 ++++++ inventory/group_vars/releng-stg | 5 +++++ roles/fedmsg/base/tasks/main.yml | 21 +++++++++++++++++++ .../endpoints-external-composer.py.j2 | 13 ++++++++++++ roles/fedmsg/base/templates/ssl.py.j2 | 4 ++-- 5 files changed, 47 insertions(+), 2 deletions(-) create mode 100644 roles/fedmsg/base/templates/endpoints-external-composer.py.j2 diff --git a/inventory/group_vars/all b/inventory/group_vars/all index 973fca2c27..27dda8913e 100644 --- a/inventory/group_vars/all +++ b/inventory/group_vars/all @@ -88,6 +88,12 @@ max_cpu: "{{ num_cpus * 5 }}" # the staging group and is used in the proxies.yml playbook. wildcard_cert_name: wildcard-2014.fedoraproject.org +# Everywhere, always, we should sign messages and validate signatures. +# However, we allow individual hosts and groups to override this. Use this very +# carefully.. and never in production (good for testing stuff in staging). +fedmsg_sign_messages: True +fedmsg_validate_signatures: True + # By default, nodes get no fedmsg certs. They need to declare them explicitly. fedmsg_certs: [] diff --git a/inventory/group_vars/releng-stg b/inventory/group_vars/releng-stg index 36cce98e94..93c3afe4d8 100644 --- a/inventory/group_vars/releng-stg +++ b/inventory/group_vars/releng-stg @@ -5,5 +5,10 @@ koji_topurl: "http://kojipkgs.fedoraproject.org/" nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=4" +# This line should be removed whenever the modularity-wg is done doing its tests +# on composer.stg. +# See: https://fedorahosted.org/rel-eng/ticket/6441 +fedmsg_validate_signatures: False + mem_size: 8192 num_cpus: 4 diff --git a/roles/fedmsg/base/tasks/main.yml b/roles/fedmsg/base/tasks/main.yml index 001f3d8c75..76f26e70d2 100644 --- a/roles/fedmsg/base/tasks/main.yml +++ b/roles/fedmsg/base/tasks/main.yml @@ -177,6 +177,27 @@ - restart fedmsg-irc - restart fedmsg-relay +- name: setup external facing bus loop for composer.stg.phx2.fp.o + template: > + src="{{ item }}.j2" + dest="/etc/fedmsg.d/{{ item }}" + owner=root + group=root + mode=644 + with_items: + - endpoints-external-composer.py + when: "'releng-stg' in group_names" + tags: + - config + - fedmsgdconfig + - fedmsg/base + notify: + - reload httpd + - restart fedmsg-gateway + - restart fedmsg-hub + - restart fedmsg-irc + - restart fedmsg-relay + - name: install fedmsg-relay in case we're in debug mode. yum: name=fedmsg-relay state=present when: fedmsg_debug_loopback == true and ansible_distribution_major_version|int < 22 diff --git a/roles/fedmsg/base/templates/endpoints-external-composer.py.j2 b/roles/fedmsg/base/templates/endpoints-external-composer.py.j2 new file mode 100644 index 0000000000..a00b8378a6 --- /dev/null +++ b/roles/fedmsg/base/templates/endpoints-external-composer.py.j2 @@ -0,0 +1,13 @@ +# This file was added in order to allow modularity developers to bridge the +# staging bus with the modularity development server in the cloud. +# If the modularity development work on composer.stg.phx2.fp.o is done, this +# file and its references in ansible can be removed. +# See https://fedorahosted.org/rel-eng/ticket/6441 +# Ralph Bean