From c5450c9cfe83fbb9104d3ac2472f908d6fe309f2 Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Thu, 16 Nov 2017 12:58:11 -0800 Subject: [PATCH] openqa, relvalconsumer: write wikitcms token file for new auth Unattended wiki interaction with the new openidc auth method requires a special token file which @puiterwijk created and put in the private store for us. Have the appropriate roles install it. Signed-off-by: Adam Williamson --- inventory/group_vars/openqa | 1 + inventory/group_vars/openqa-stg | 1 + roles/openqa/dispatcher/tasks/main.yml | 11 ++++++++++- roles/relvalconsumer/tasks/main.yml | 8 +++++++- 4 files changed, 19 insertions(+), 2 deletions(-) diff --git a/inventory/group_vars/openqa b/inventory/group_vars/openqa index cc9e2bb807..973c24f611 100644 --- a/inventory/group_vars/openqa +++ b/inventory/group_vars/openqa @@ -22,6 +22,7 @@ openqa_secret: "{{ prod_openqa_apisecret }}" wikitcms_user: coconut wikitcms_password: "{{ prod_wikitcms_password }}" +wikitcms_token: "{{ private }}/files/openidc/production/wikitcms.json" # The checkcompose settings below cause system(s) in this group to # send out check-compose reports. This could cause duplicate reports diff --git a/inventory/group_vars/openqa-stg b/inventory/group_vars/openqa-stg index c02fa11351..ad043bcc2f 100644 --- a/inventory/group_vars/openqa-stg +++ b/inventory/group_vars/openqa-stg @@ -32,6 +32,7 @@ openqa_key: "{{ stg_openqa_apikey }}" openqa_secret: "{{ stg_openqa_apisecret }}" wikitcms_password: "{{ stg_wikitcms_password }}" +wikitcms_token: "{{ private }}/files/openidc/staging/wikitcms.json" checkcompose_url: "https://{{ external_hostname }}" diff --git a/roles/openqa/dispatcher/tasks/main.yml b/roles/openqa/dispatcher/tasks/main.yml index e1e8b42203..a6b494b85a 100644 --- a/roles/openqa/dispatcher/tasks/main.yml +++ b/roles/openqa/dispatcher/tasks/main.yml @@ -14,7 +14,10 @@ # - wikitcms_user ## string - FAS username for reporting results to wiki # - wikitcms_password -## string - password for relval_user +## string - password for wikitcms_user +# - wikitcms_token +## string - a token file to install for unattended reporting to +# a wiki using openidc auth (Fedora wikis after 2017-11) # - deployment_type ## string - Fedora Infrastructure thing; for this role, the ## fedora_openqa config file will be set appropriately @@ -130,6 +133,12 @@ tags: - config +- name: Write wikitcms token file + copy: src={{ wikitcms_token }} dest=/root/.openidc/oidc_wikitcms.json owner=root group=root mode=0600 + when: "wikitcms_token is defined" + tags: + - config + - name: Enable fedmsg consumer template: src=openqa_consumer.py.j2 dest=/etc/fedmsg.d/openqa_consumer.py owner=root group=root mode=0644 notify: diff --git a/roles/relvalconsumer/tasks/main.yml b/roles/relvalconsumer/tasks/main.yml index 9a9d95c11b..b12e8868d8 100644 --- a/roles/relvalconsumer/tasks/main.yml +++ b/roles/relvalconsumer/tasks/main.yml @@ -50,6 +50,12 @@ tags: - config +- name: Write wikitcms token file + copy: src={{ wikitcms_token }} dest=/root/.openidc/oidc_wikitcms.json owner=root group=root mode=0600 + when: "wikitcms_token is defined" + tags: + - config + - name: Check out relvalconsumer git: repo: https://pagure.io/fedora-qa/relvalconsumer.git @@ -66,7 +72,7 @@ - name: Enable fedmsg consumer template: src=relvalconsumer.py.j2 dest=/etc/fedmsg.d/relvalconsumer.py owner=root group=root mode=0644 - when: "wikitcms_user is defined and wikitcms_password is defined" + when: "wikitcms_user is defined and (wikitcms_password is defined or wikitcms_token is defined)" notify: - restart fedmsg-hub tags: