From dd523981056d98b365eaed8608e171d5ced5eb61 Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Tue, 28 Apr 2015 12:43:59 +0000
Subject: [PATCH] Fedmsg config for retrace.

---
 inventory/group_vars/retrace            | 10 ++++++++++
 playbooks/groups/retrace.yml            |  1 +
 roles/fedmsg/base/templates/relay.py.j2 |  5 +++++
 roles/fedmsg/base/templates/ssl.py.j2   |  6 ++++++
 4 files changed, 22 insertions(+)

diff --git a/inventory/group_vars/retrace b/inventory/group_vars/retrace
index 145ec48aab..778eebcd12 100644
--- a/inventory/group_vars/retrace
+++ b/inventory/group_vars/retrace
@@ -11,3 +11,13 @@ custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.78.11 --dport 2049 -j ACCEPT',
 
 nrpe_procs_warn: 900
 nrpe_procs_crit: 1000
+
+# Declare fedmsg certs that should be put in /etc/pki/fedmsg/
+# These are consumed by a task in roles/fedmsg/base/main.yml
+fedmsg_certs:
+- service: shell
+  owner: root
+  group: retrace
+- service: faf
+  owner: root
+  group: faf
diff --git a/playbooks/groups/retrace.yml b/playbooks/groups/retrace.yml
index 67519ce3e9..959b0d1cc8 100644
--- a/playbooks/groups/retrace.yml
+++ b/playbooks/groups/retrace.yml
@@ -17,6 +17,7 @@
   - { role: denyhosts, when: ansible_distribution_major_version != '7' }
   - nagios_client
   - sudo
+  - fedmsg/base
 
   tasks:
   - include: "{{ tasks }}/2fa_client.yml"
diff --git a/roles/fedmsg/base/templates/relay.py.j2 b/roles/fedmsg/base/templates/relay.py.j2
index 899d7b4a08..f7eaebe5fb 100644
--- a/roles/fedmsg/base/templates/relay.py.j2
+++ b/roles/fedmsg/base/templates/relay.py.j2
@@ -33,6 +33,11 @@ config = dict(
         # not getting messages in from proxies across the vpn.  So, only use
         # proxy01 for now.
         "tcp://209.132.181.16:9941",
+        {% else if 'retrace' in group_names %}
+
+        # We want the retrace boxes to talk to our stg bus while we get them
+        # ready.
+        "tcp://stg.fedoraproject.org:9941",
 
         {% else %}
 
diff --git a/roles/fedmsg/base/templates/ssl.py.j2 b/roles/fedmsg/base/templates/ssl.py.j2
index 9e1eaba626..c7179142ca 100644
--- a/roles/fedmsg/base/templates/ssl.py.j2
+++ b/roles/fedmsg/base/templates/ssl.py.j2
@@ -181,6 +181,12 @@ config = dict(
         ("shell.anitya-backend01", "shell-anitya-backend01.fedoraproject.org"),
         ("anitya.anitya-backend01", "anitya-anitya-backend01.fedoraproject.org"),
 
+        # FAF/retrace is on the qa network and talks to an inbound relay.
+        ("shell.retrace01", "shell-retrace01.qa.fedoraproject.org"),
+        ("shell.retrace02", "shell-retrace02.qa.fedoraproject.org"),
+        ("faf.retrace01", "faf-retrace01.qa.fedoraproject.org"),
+        ("faf.retrace02", "faf-retrace02.qa.fedoraproject.org"),
+
         # This is for the copr backend, which is a little different.  The
         # "cert-prefix" is just "copr", and is hardcoded in
         # backend/dispatcher.py.  The hostname is also a little different,