diff --git a/playbooks/groups/fedimg.yml b/playbooks/groups/fedimg.yml index 8fc063addd..26c76f4a7b 100644 --- a/playbooks/groups/fedimg.yml +++ b/playbooks/groups/fedimg.yml @@ -57,7 +57,16 @@ roles: - fedmsg/hub - - fedimg + - role: fedimg + aws_keyname: fedimg-dev + aws_keypath: /etc/pki/fedimg/fedimg-dev + aws_pubkeypath: /etc/pki/fedimg/fedimg-dev.pub + when: env == 'staging' + - role: fedimg + aws_keyname: releng-ap-northeast-1 + aws_keypath: /etc/pki/fedimg/fedimg-prod + aws_pubkeypath: /etc/pki/fedimg/fedimg-prod.pub + when: env != 'staging' - role: collectd/fedmsg-service process: fedmsg-hub diff --git a/roles/fedimg/tasks/main.yml b/roles/fedimg/tasks/main.yml index 154512fc24..b18f54fd0f 100644 --- a/roles/fedimg/tasks/main.yml +++ b/roles/fedimg/tasks/main.yml @@ -65,13 +65,8 @@ copy: src={{private}}/files/fedimg/{{item}} dest=/etc/pki/fedimg/{{item}} owner=fedmsg group=fedmsg mode=0100 with_items: - # TODO -- we should be using the 'prod' "official account" creds here, but we - # don't have access to them yet. In the mean time, just re-used the - # "community account" creds from staging. - #- fedimg-prod - #- fedimg-prod.pub - - fedimg-dev - - fedimg-dev.pub + - fedimg-prod + - fedimg-prod.pub notify: - restart fedmsg-hub when: env != "staging" diff --git a/roles/fedimg/templates/fedimg.cfg b/roles/fedimg/templates/fedimg.cfg index a75a7945b1..41e4791082 100644 --- a/roles/fedimg/templates/fedimg.cfg +++ b/roles/fedimg/templates/fedimg.cfg @@ -18,9 +18,11 @@ access_id = {{fedimg_aws_prod_access_id}} secret_key = {{fedimg_aws_prod_secret_key}} {% endif %} iam_profile = {{aws_iam_profile}} + keyname = {{aws_keyname}} keypath = {{aws_keypath}} pubkeypath = {{aws_pubkeypath}} + test = {{aws_test}} amis = ap-northeast-1|RHEL|6.5|x86_64|ami-e7aee0e6|aki-176bf516 ap-southeast-1|RHEL|6.5|x86_64|ami-c683df94|aki-503e7402 diff --git a/roles/fedimg/vars/main.yml b/roles/fedimg/vars/main.yml index 922cc9b872..045986b994 100644 --- a/roles/fedimg/vars/main.yml +++ b/roles/fedimg/vars/main.yml @@ -5,7 +5,4 @@ aws_util_username: ec2-user aws_test_username: fedora # access_id and secret_key are in private vars aws_iam_profile: "arn:aws:iam::013116697141:user/oddshocks" -aws_keyname: fedimg-dev -aws_keypath: /etc/pki/fedimg/fedimg-dev -aws_pubkeypath: /etc/pki/fedimg/fedimg-dev.pub aws_test: "/bin/true"