Try and fix cecert definitions for openQA lab/stg

Signed-off-by: Adam Williamson <awilliam@redhat.com>
2021-04-01 17:18:37 -07:00 · 2021-04-01 17:18:37 -07:00 · cd09666b16
commit cd09666b16
parent c1324ea2bf
5 changed files with 6 additions and 2 deletions
--- a/inventory/group_vars/openqa
+++ b/inventory/group_vars/openqa
@ -18,6 +18,7 @@ openqa_webapi_plugins: FedoraMessaging FedoraUpdateRestart
 # break some other plays, but we do need the env suffix for the
 # fedora-messaging bits, so let's make our own
 openqa_env_suffix:
+openqa_env_prefix:
 openqa_env: production

 # 2020-11: we're deploying prod from u-t ATM because I don't
--- a/inventory/group_vars/openqa_lab
+++ b/inventory/group_vars/openqa_lab
@ -31,6 +31,7 @@ openqa_webapi_plugins: FedoraMessaging FedoraUpdateRestart
 # break some other plays, but we do need the env suffix for the
 # fedora-messaging bits, so let's make our own
 openqa_env_suffix: .stg
+openqa_env_prefix: stg-
 openqa_env: staging

 # install openQA from updates-testing - this is staging, we live
--- a/inventory/group_vars/openqa_lab_workers
+++ b/inventory/group_vars/openqa_lab_workers
@ -9,6 +9,7 @@ openqa_secret: "{{ stg_openqa_apisecret }}"
 # break some other plays, but we do need the env suffix for the
 # fedora-messaging bits, so let's make our own
 openqa_env_suffix: .stg
+openqa_env_prefix: stg-
 openqa_env: staging

 # install openQA and os-autoinst from updates-testing - this is
--- a/inventory/group_vars/openqa_servers_common
+++ b/inventory/group_vars/openqa_servers_common
@ -23,7 +23,7 @@ openqa_amqp_publisher_prefix: org.fedoraproject.{{ fedmsg_env }}
 openqa_amqp_publisher_url: "amqps://openqa{{ openqa_env_suffix }}:@rabbitmq{{ openqa_env_suffix }}.fedoraproject.org/%2Fpubsub"
 # openQA isn't very ssl-aware here, so we're abusing its URL construction
 # to stuff the cert and key values in here
-openqa_amqp_publisher_exchange: "amq.topic&cacertfile=/etc/fedora-messaging/cacert{{ openqa_env_suffix }}.pem&certfile=/etc/pki/fedora-messaging/openqa{{ openqa_env_suffix }}-cert.pem&keyfile=/etc/pki/fedora-messaging/openqa{{ openqa_env_suffix }}-key.pem"
+openqa_amqp_publisher_exchange: "amq.topic&cacertfile=/etc/fedora-messaging/{{ openqa_env_prefix }}cacert.pem&certfile=/etc/pki/fedora-messaging/openqa{{ openqa_env_suffix }}-cert.pem&keyfile=/etc/pki/fedora-messaging/openqa{{ openqa_env_suffix }}-key.pem"

 # fedora-messaging job scheduler settings: most of these are the same
 # for prod and stg as they both must listen for prod messages. Only
@ -39,7 +39,7 @@ openqa_amqp_scheduler_routing_keys: ["org.fedoraproject.prod.pungi.compose.statu

 # fedora-messaging reporter settings
 openqa_amqp_reporter_url: "amqps://openqa{{ openqa_env_suffix }}:@rabbitmq{{ openqa_env_suffix }}.fedoraproject.org/%2Fpubsub"
-openqa_amqp_reporter_cacert: /etc/fedora-messaging/cacert{{ openqa_env_suffix }}.pem
+openqa_amqp_reporter_cacert: /etc/fedora-messaging/{{ openqa_env_prefix }}cacert.pem
 openqa_amqp_reporter_key: /etc/pki/fedora-messaging/openqa{{ openqa_env_suffix }}-key.pem
 openqa_amqp_reporter_cert: /etc/pki/fedora-messaging/openqa{{ openqa_env_suffix }}-cert.pem

--- a/inventory/group_vars/openqa_workers
+++ b/inventory/group_vars/openqa_workers
@ -9,6 +9,7 @@ openqa_secret: "{{ prod_openqa_apisecret }}"
 # break some other plays, but we do need the env suffix for the
 # fedora-messaging bits, so let's make our own
 openqa_env_suffix:
+openqa_env_prefix:
 openqa_env: production

 # 2020-11: we're deploying prod from u-t ATM because I don't