From e5d34dd9d3ed58a6fc7ad005d8ac1c1637a87e69 Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Fri, 7 Jun 2019 19:01:01 -0700 Subject: [PATCH] openqa/dispatcher: fix staging AMQP broker setup The correct auth bits are missing from the package so I'll ship them here for now, and correct the config. Signed-off-by: Adam Williamson --- .../dispatcher/files/fedora.stg-cert.pem | 21 ++++++++++++++ .../dispatcher/files/fedora.stg-key.pem | 28 +++++++++++++++++++ roles/openqa/dispatcher/files/stg-cacert.pem | 20 +++++++++++++ roles/openqa/dispatcher/tasks/main.yml | 18 ++++++++++++ .../fedora_openqa_resultsdb_reporter.toml.j2 | 6 ++++ .../templates/fedora_openqa_scheduler.toml.j2 | 6 ++++ .../fedora_openqa_wiki_reporter.toml.j2 | 6 ++++ 7 files changed, 105 insertions(+) create mode 100644 roles/openqa/dispatcher/files/fedora.stg-cert.pem create mode 100644 roles/openqa/dispatcher/files/fedora.stg-key.pem create mode 100644 roles/openqa/dispatcher/files/stg-cacert.pem diff --git a/roles/openqa/dispatcher/files/fedora.stg-cert.pem b/roles/openqa/dispatcher/files/fedora.stg-cert.pem new file mode 100644 index 0000000000..73179bb068 --- /dev/null +++ b/roles/openqa/dispatcher/files/fedora.stg-cert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDXjCCAkagAwIBAgIRALHR1hq+kHfuLTS1LROUfPswDQYJKoZIhvcNAQELBQAw +HjEcMBoGA1UEAwwTUmFiYml0TVEgU1RBR0lORyBDQTAeFw0xOTAzMjAxNzIzMTRa +Fw0yOTAzMTcxNzIzMTRaMBUxEzARBgNVBAMMCmZlZG9yYS5zdGcwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpxSXT6HUOQMyjppdtH+ArXuV/ly/bTLLs +tyj6vgYW5YMDOMDThH5CCr1b6WKycYa+RYA/Dsfve+KxzO5HtVExSuFFAM0QdgVP +22a+bjeBPrhNulO/ZU3KEPETjSOlAMEDdiCn78/ZaNKPbXyr4appALOdXClxvu4T +8ETa41i4HwSN7dgGhIO+1nwrPxg/7GcLIcmezdhfAimAyEulZZYPMWC09xZCVgji +dUsWJWkqDKhehxYNmFqcku2ttb3FZSWIb9m1EJhaONuQXtO2R4FuYdayHL3kL/ed +VhqscEzt5TgB4CocglOIaDS80h+u8YDKZnVj33kE1GK6BGre4lHfAgMBAAGjgZ8w +gZwwCQYDVR0TBAIwADAdBgNVHQ4EFgQUvzAphNGj16H+bQzYSdjeauNoD30wTgYD +VR0jBEcwRYAUHQkozm78SQy7f7WYcpNhFB4Ue1ehIqQgMB4xHDAaBgNVBAMME1Jh +YmJpdE1RIFNUQUdJTkcgQ0GCCQCk7xrk7xTWfzATBgNVHSUEDDAKBggrBgEFBQcD +AjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAADIb9WY/y43zsDhd8fo +ZpxgQPJ6ytNFsM+KU9Cp0hpNDMYY/HLQmI7mEfBiPqOCs3qksWjfBSj7TxrWzBpQ +WEBHYpgMWfMeZMuzHfOJ4KbOekJhV1lw8t6W5ddhWnGW0aBxQfaKiOCiQhgVKQUK +CV0KHZ/3O+ilKet5AbFMw8TsyXb+CjJOpbBi2sVAzB2EnW5r1kPxLkiYKhaT9Qsl +qgMaR0OtOmfjCALuXCdi9yfNJHb+8RDYtxNRnv0BvmI58hNHAgtSjBupttKTSyXV +l6V8+pHth9id9mKHsiYDaTIyup2/vo0TQS/RDSgeOVY4Xqzaz4m9GK+sTZCUmETM +B3o= +-----END CERTIFICATE----- diff --git a/roles/openqa/dispatcher/files/fedora.stg-key.pem b/roles/openqa/dispatcher/files/fedora.stg-key.pem new file mode 100644 index 0000000000..21427b6de7 --- /dev/null +++ b/roles/openqa/dispatcher/files/fedora.stg-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDpxSXT6HUOQMyj +ppdtH+ArXuV/ly/bTLLstyj6vgYW5YMDOMDThH5CCr1b6WKycYa+RYA/Dsfve+Kx +zO5HtVExSuFFAM0QdgVP22a+bjeBPrhNulO/ZU3KEPETjSOlAMEDdiCn78/ZaNKP +bXyr4appALOdXClxvu4T8ETa41i4HwSN7dgGhIO+1nwrPxg/7GcLIcmezdhfAimA +yEulZZYPMWC09xZCVgjidUsWJWkqDKhehxYNmFqcku2ttb3FZSWIb9m1EJhaONuQ +XtO2R4FuYdayHL3kL/edVhqscEzt5TgB4CocglOIaDS80h+u8YDKZnVj33kE1GK6 +BGre4lHfAgMBAAECggEBAJ4xUFjnPJdJmHHCIUSyRmNzE0DVUYhIjegMRknv33UN +GSxL8ojwZvRQCjYxaB2zH2iQ5alGWlwgbJa/RBv4ghomPu0QDrTt+MhCg3OoaB0p +EVVgGp4xcoOkFU+SuiVFrlemT5D1gqTv/1UZ1T0HN+dYlzOMk2sqtjd950psgLQO +1ky965XIzCYHi/dtEUyecTqFAw8gyKl+k7l4HEw1zyiIS8509QM37BMzbRaQ29mF +vG76Nwx6gmDzVpAU8lDnpcG1Q/7rEKWfom4PivhkIDeKse7OJ7ZLxaptvBmJnNA0 +ZKLE+dYn3jed9Jmxyq028Ue9jcWuWTvqptE8W0jsCVECgYEA90kKRDxu/oOql2fi +3ViAFjF8sKy1kYnZ1J9Ffb31KJapvbeg5NsaaYuH3tcr1sK9Cgc7BW0oTy04N3vk +sduylJBzR6cQ/5RHLC4of35uIUNcQYMyTe34SEDGSkDYKdBc4sDqhYCq4/19mJd5 +i+8TbNZnDAb5Ax4Kj3kXivjmPNkCgYEA8gItFj3RgqzKki7yLOncTRqm+dTnnF9H +LwrmZZVd2w7LUmQcG8F5ICfYSdY3vnTPK+G+iv9ci9zEFvACIfhWJvTi/qfNttfq +7ltBs06mR9nSb8OCHxOMz42VnML0lH9xV61eDPSiXjAiCn+xe0Bbgl6NI2TyPhS2 +12GrzKPasXcCgYA5PVz1ApAmtc+NEG0BE3VCrd3Q/4lf0OrtPpjVTF0tMgLEeXby +wozQlY2z1Va+dYFQiu/sh6HnAe6bWUBMszAZF363vUJABtCat2yEZn2TkYYPXBEO +3OC1yNidY3kl5Kc7jbA7itcDwy+JXLaz33k9njtoG00UnaWQJFWAw7B3sQKBgAfC +JBnjb3UF/xSCpsbj1GkwYov91FMCBvEuI0a8bB7asY/5n6EQKcbrIBb15CGZ8w5Q +FWC1YQ0mza6CkT7vjCuBjElnrcOf1ms/x7Js4g3JoOJuXRyL7ua0fkhhQ6ADGeoa +p7o4mX/1gRHfGByAaq6aQ2IQGWf+GAJ9ohlUY21vAoGBAJG346Dqv/O5IKtFyAxF +eqeAD9igJGM3TupbAk9XGahQMEkAf4zHKN3edtM3uDc46AN/mVoUQHaldG6cu/jp +vJJqkXT4Oab8Qk6IJcQnKadQFfFQAZlhoXLqEXZgENiZhIHe0N2ExkwpvpcoKhlO +91ZLMSn7W0w263vci3U88aas +-----END PRIVATE KEY----- diff --git a/roles/openqa/dispatcher/files/stg-cacert.pem b/roles/openqa/dispatcher/files/stg-cacert.pem new file mode 100644 index 0000000000..cf26c7f274 --- /dev/null +++ b/roles/openqa/dispatcher/files/stg-cacert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDTTCCAjWgAwIBAgIJAKTvGuTvFNZ/MA0GCSqGSIb3DQEBCwUAMB4xHDAaBgNV +BAMME1JhYmJpdE1RIFNUQUdJTkcgQ0EwHhcNMTgwODAyMTk1NjMwWhcNMjgwNzMw +MTk1NjMwWjAeMRwwGgYDVQQDDBNSYWJiaXRNUSBTVEFHSU5HIENBMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZBkTjpV/8wVVv98q9l+Wb7ItgWUKAbE +9T6N28T+SyhwNEzVACW8eCqUlY3Jfz/GSa+FG5pUcNu8soI8IL9F2bXQDtqWGp6+ +lxiEUKWzKwAAdNSsC4LCzj0pJvAbpWjTZs9tGxO/LfubsFx4BK93G5dyT1z9VV2n +lStBn/WZeow53ZiOl4Ue/BYjDyZX+pN9V38SavNDjwphvYdtUooimNu4FdngHJtF +fonssFPf2b0H9z89QVaZEcRpDPTLY+/868VQWuTPnT7ass5d1bliCNJ29GZEhqTD +yZjFVml6abN4DLJkSoN58DoST0DvAw+0WlR6JnG2296k9e9RInHQkwIDAQABo4GN +MIGKMB0GA1UdDgQWBBQdCSjObvxJDLt/tZhyk2EUHhR7VzBOBgNVHSMERzBFgBQd +CSjObvxJDLt/tZhyk2EUHhR7V6EipCAwHjEcMBoGA1UEAwwTUmFiYml0TVEgU1RB +R0lORyBDQYIJAKTvGuTvFNZ/MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0G +CSqGSIb3DQEBCwUAA4IBAQAiXp2ljGrEuhLB6byVXm7lQLfxcWECcmbCR/3XsOir +csVQaOtSY5jDVMWFnuArPMMzZPc81zmOdYwwuxqPVvki751LPNCQuqWkEwqLVRXO +y8mET1efnFvHgXMszg01KSa1YPa5iVhIRGZkyckIkzB5pT45zk3FB10ty78nSozZ +qvSm7uZhmtb9ZwcSeQIRx3pnCZks/BgBUIzCvW/oDmeya9oirZfMVq5zqv83iwcW +svdtE43C/zHSlgr10JxzA5lXl16DxOXUXO6gZoavkI++7fB13xkYUSl0VgiIbI+7 +LZ+v5VAIDNtwvHxkjey6Mz5P0fHazrmXTaIzs5JSZwln +-----END CERTIFICATE----- diff --git a/roles/openqa/dispatcher/tasks/main.yml b/roles/openqa/dispatcher/tasks/main.yml index 5205130d9f..510b0ecae2 100644 --- a/roles/openqa/dispatcher/tasks/main.yml +++ b/roles/openqa/dispatcher/tasks/main.yml @@ -193,6 +193,24 @@ tags: - config +- name: Install fedora-messaging staging CA cert (because it's not in the package) + copy: src=stg-cacert.pem dest=/etc/fedora-messaging/stg-cacert.pem owner=root group=root mode=0644 + when: "openqa_fedoramessaging" + tags: + - config + +- name: Install fedora-messaging staging broker cert (because it's not in the package) + copy: src=fedora.stg-cert.pem dest=/etc/fedora-messaging/fedora.stg-cert.pem owner=root group=root mode=0644 + when: "openqa_fedoramessaging" + tags: + - config + +- name: Install fedora-messaging staging broker key (because it's not in the package) + copy: src=fedora.stg-key.pem dest=/etc/fedora-messaging/fedora.stg-key.pem owner=root group=root mode=0644 + when: "openqa_fedoramessaging" + tags: + - config + - name: Configure fedora-messaging scheduler template: src=fedora_openqa_scheduler.toml.j2 dest=/etc/fedora-messaging/fedora_openqa_scheduler.toml owner=root group=root mode=0640 when: "openqa_fedoramessaging" diff --git a/roles/openqa/dispatcher/templates/fedora_openqa_resultsdb_reporter.toml.j2 b/roles/openqa/dispatcher/templates/fedora_openqa_resultsdb_reporter.toml.j2 index 45994f878f..c9ba458078 100644 --- a/roles/openqa/dispatcher/templates/fedora_openqa_resultsdb_reporter.toml.j2 +++ b/roles/openqa/dispatcher/templates/fedora_openqa_resultsdb_reporter.toml.j2 @@ -11,9 +11,15 @@ amqp_url = "amqps://fedora:@rabbitmq.fedoraproject.org/%2Fpublic_pubsub" callback = "fedora_openqa.consumer:OpenQAResultsDBReporter" [tls] +{% if deployment_type is defined and deployment_type == 'stg' %} +ca_cert = "/etc/fedora-messaging/stg-cacert.pem" +keyfile = "/etc/fedora-messaging/fedora.stg-key.pem" +certfile = "/etc/fedora-messaging/fedora.stg-cert.pem" +{% else %} ca_cert = "/etc/fedora-messaging/cacert.pem" keyfile = "/etc/fedora-messaging/fedora-key.pem" certfile = "/etc/fedora-messaging/fedora-cert.pem" +{% endif %} [client_properties] app = "Fedora openQA" diff --git a/roles/openqa/dispatcher/templates/fedora_openqa_scheduler.toml.j2 b/roles/openqa/dispatcher/templates/fedora_openqa_scheduler.toml.j2 index 41a0253666..fe8247b906 100644 --- a/roles/openqa/dispatcher/templates/fedora_openqa_scheduler.toml.j2 +++ b/roles/openqa/dispatcher/templates/fedora_openqa_scheduler.toml.j2 @@ -11,9 +11,15 @@ amqp_url = "amqps://fedora:@rabbitmq.fedoraproject.org/%2Fpublic_pubsub" callback = "fedora_openqa.consumer:OpenQAScheduler" [tls] +{% if deployment_type is defined and deployment_type == 'stg' %} +ca_cert = "/etc/fedora-messaging/stg-cacert.pem" +keyfile = "/etc/fedora-messaging/fedora.stg-key.pem" +certfile = "/etc/fedora-messaging/fedora.stg-cert.pem" +{% else %} ca_cert = "/etc/fedora-messaging/cacert.pem" keyfile = "/etc/fedora-messaging/fedora-key.pem" certfile = "/etc/fedora-messaging/fedora-cert.pem" +{% endif %} [client_properties] app = "Fedora openQA" diff --git a/roles/openqa/dispatcher/templates/fedora_openqa_wiki_reporter.toml.j2 b/roles/openqa/dispatcher/templates/fedora_openqa_wiki_reporter.toml.j2 index 2d92defc7a..c5fa332ae9 100644 --- a/roles/openqa/dispatcher/templates/fedora_openqa_wiki_reporter.toml.j2 +++ b/roles/openqa/dispatcher/templates/fedora_openqa_wiki_reporter.toml.j2 @@ -11,9 +11,15 @@ amqp_url = "amqps://fedora:@rabbitmq.fedoraproject.org/%2Fpublic_pubsub" callback = "fedora_openqa.consumer:OpenQAWikiReporter" [tls] +{% if deployment_type is defined and deployment_type == 'stg' %} +ca_cert = "/etc/fedora-messaging/stg-cacert.pem" +keyfile = "/etc/fedora-messaging/fedora.stg-key.pem" +certfile = "/etc/fedora-messaging/fedora.stg-cert.pem" +{% else %} ca_cert = "/etc/fedora-messaging/cacert.pem" keyfile = "/etc/fedora-messaging/fedora-key.pem" certfile = "/etc/fedora-messaging/fedora-cert.pem" +{% endif %} [client_properties] app = "Fedora openQA"