Allow composer.stg to receive messages from modularity.fic.o

See https://fedorahosted.org/rel-eng/ticket/6441
2016-07-13 13:16:56 +00:00 · 2016-07-13 13:16:56 +00:00 · b1d0171a84
commit b1d0171a84
parent fbc2f402e8
5 changed files with 47 additions and 2 deletions
--- a/inventory/group_vars/all
+++ b/inventory/group_vars/all
@ -88,6 +88,12 @@ max_cpu: "{{ num_cpus * 5 }}"
 # the staging group and is used in the proxies.yml playbook.
 wildcard_cert_name: wildcard-2014.fedoraproject.org

+# Everywhere, always, we should sign messages and validate signatures.
+# However, we allow individual hosts and groups to override this.  Use this very
+# carefully.. and never in production (good for testing stuff in staging).
+fedmsg_sign_messages: True
+fedmsg_validate_signatures: True
+
 # By default, nodes get no fedmsg certs.  They need to declare them explicitly.
 fedmsg_certs: []

--- a/inventory/group_vars/releng-stg
+++ b/inventory/group_vars/releng-stg
@ -5,5 +5,10 @@ koji_topurl: "http://kojipkgs.fedoraproject.org/"

 nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=4"

+# This line should be removed whenever the modularity-wg is done doing its tests
+# on composer.stg.
+#   See:  https://fedorahosted.org/rel-eng/ticket/6441
+fedmsg_validate_signatures: False
+
 mem_size: 8192
 num_cpus: 4
--- a/roles/fedmsg/base/tasks/main.yml
+++ b/roles/fedmsg/base/tasks/main.yml
@ -177,6 +177,27 @@
  - restart fedmsg-irc
  - restart fedmsg-relay

+- name: setup external facing bus loop for composer.stg.phx2.fp.o
+  template: >
+    src="{{ item }}.j2"
+    dest="/etc/fedmsg.d/{{ item }}"
+    owner=root
+    group=root
+    mode=644
+  with_items:
+  - endpoints-external-composer.py
+  when: "'releng-stg' in group_names"
+  tags:
+  - config
+  - fedmsgdconfig
+  - fedmsg/base
+  notify:
+  - reload httpd
+  - restart fedmsg-gateway
+  - restart fedmsg-hub
+  - restart fedmsg-irc
+  - restart fedmsg-relay
+
 - name: install fedmsg-relay in case we're in debug mode.
  yum: name=fedmsg-relay state=present
  when: fedmsg_debug_loopback == true and ansible_distribution_major_version|int < 22
--- a/roles/fedmsg/base/templates/endpoints-external-composer.py.j2
+++ b/roles/fedmsg/base/templates/endpoints-external-composer.py.j2
@ -0,0 +1,13 @@
+# This file was added in order to allow modularity developers to bridge the
+# staging bus with the modularity development server in the cloud.
+# If the modularity development work on composer.stg.phx2.fp.o is done, this
+# file and its references in ansible can be removed.
+#   See https://fedorahosted.org/rel-eng/ticket/6441
+#   Ralph Bean <rbean@redhat.com
+config = dict(
+    endpoints = {
+        "modularity-development-server": [
+            "tcp://modularity.fedorainfracloud.org:4001",
+        ],
+    }
+)
--- a/roles/fedmsg/base/templates/ssl.py.j2
+++ b/roles/fedmsg/base/templates/ssl.py.j2
@ -1,6 +1,6 @@
 config = dict(
-    sign_messages=True,
-    validate_signatures=True,
+    sign_messages={{fedmsg_sign_messages}},
+    validate_signatures={{fedmsg_validate_signatures}},
    ssldir="/etc/pki/fedmsg",

    {% if env == 'staging' %}