openqa/dispatcher: fix staging AMQP broker setup

The correct auth bits are missing from the package so I'll ship
them here for now, and correct the config.

Signed-off-by: Adam Williamson <awilliam@redhat.com>

roles/openqa/dispatcher/files/fedora.stg-cert.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDXjCCAkagAwIBAgIRALHR1hq+kHfuLTS1LROUfPswDQYJKoZIhvcNAQELBQAw
+HjEcMBoGA1UEAwwTUmFiYml0TVEgU1RBR0lORyBDQTAeFw0xOTAzMjAxNzIzMTRa
+Fw0yOTAzMTcxNzIzMTRaMBUxEzARBgNVBAMMCmZlZG9yYS5zdGcwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpxSXT6HUOQMyjppdtH+ArXuV/ly/bTLLs
+tyj6vgYW5YMDOMDThH5CCr1b6WKycYa+RYA/Dsfve+KxzO5HtVExSuFFAM0QdgVP
+22a+bjeBPrhNulO/ZU3KEPETjSOlAMEDdiCn78/ZaNKPbXyr4appALOdXClxvu4T
+8ETa41i4HwSN7dgGhIO+1nwrPxg/7GcLIcmezdhfAimAyEulZZYPMWC09xZCVgji
+dUsWJWkqDKhehxYNmFqcku2ttb3FZSWIb9m1EJhaONuQXtO2R4FuYdayHL3kL/ed
+VhqscEzt5TgB4CocglOIaDS80h+u8YDKZnVj33kE1GK6BGre4lHfAgMBAAGjgZ8w
+gZwwCQYDVR0TBAIwADAdBgNVHQ4EFgQUvzAphNGj16H+bQzYSdjeauNoD30wTgYD
+VR0jBEcwRYAUHQkozm78SQy7f7WYcpNhFB4Ue1ehIqQgMB4xHDAaBgNVBAMME1Jh
+YmJpdE1RIFNUQUdJTkcgQ0GCCQCk7xrk7xTWfzATBgNVHSUEDDAKBggrBgEFBQcD
+AjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAADIb9WY/y43zsDhd8fo
+ZpxgQPJ6ytNFsM+KU9Cp0hpNDMYY/HLQmI7mEfBiPqOCs3qksWjfBSj7TxrWzBpQ
+WEBHYpgMWfMeZMuzHfOJ4KbOekJhV1lw8t6W5ddhWnGW0aBxQfaKiOCiQhgVKQUK
+CV0KHZ/3O+ilKet5AbFMw8TsyXb+CjJOpbBi2sVAzB2EnW5r1kPxLkiYKhaT9Qsl
+qgMaR0OtOmfjCALuXCdi9yfNJHb+8RDYtxNRnv0BvmI58hNHAgtSjBupttKTSyXV
+l6V8+pHth9id9mKHsiYDaTIyup2/vo0TQS/RDSgeOVY4Xqzaz4m9GK+sTZCUmETM
+B3o=
+-----END CERTIFICATE-----

roles/openqa/dispatcher/files/fedora.stg-key.pem

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDpxSXT6HUOQMyj
+ppdtH+ArXuV/ly/bTLLstyj6vgYW5YMDOMDThH5CCr1b6WKycYa+RYA/Dsfve+Kx
+zO5HtVExSuFFAM0QdgVP22a+bjeBPrhNulO/ZU3KEPETjSOlAMEDdiCn78/ZaNKP
+bXyr4appALOdXClxvu4T8ETa41i4HwSN7dgGhIO+1nwrPxg/7GcLIcmezdhfAimA
+yEulZZYPMWC09xZCVgjidUsWJWkqDKhehxYNmFqcku2ttb3FZSWIb9m1EJhaONuQ
+XtO2R4FuYdayHL3kL/edVhqscEzt5TgB4CocglOIaDS80h+u8YDKZnVj33kE1GK6
+BGre4lHfAgMBAAECggEBAJ4xUFjnPJdJmHHCIUSyRmNzE0DVUYhIjegMRknv33UN
+GSxL8ojwZvRQCjYxaB2zH2iQ5alGWlwgbJa/RBv4ghomPu0QDrTt+MhCg3OoaB0p
+EVVgGp4xcoOkFU+SuiVFrlemT5D1gqTv/1UZ1T0HN+dYlzOMk2sqtjd950psgLQO
+1ky965XIzCYHi/dtEUyecTqFAw8gyKl+k7l4HEw1zyiIS8509QM37BMzbRaQ29mF
+vG76Nwx6gmDzVpAU8lDnpcG1Q/7rEKWfom4PivhkIDeKse7OJ7ZLxaptvBmJnNA0
+ZKLE+dYn3jed9Jmxyq028Ue9jcWuWTvqptE8W0jsCVECgYEA90kKRDxu/oOql2fi
+3ViAFjF8sKy1kYnZ1J9Ffb31KJapvbeg5NsaaYuH3tcr1sK9Cgc7BW0oTy04N3vk
+sduylJBzR6cQ/5RHLC4of35uIUNcQYMyTe34SEDGSkDYKdBc4sDqhYCq4/19mJd5
+i+8TbNZnDAb5Ax4Kj3kXivjmPNkCgYEA8gItFj3RgqzKki7yLOncTRqm+dTnnF9H
+LwrmZZVd2w7LUmQcG8F5ICfYSdY3vnTPK+G+iv9ci9zEFvACIfhWJvTi/qfNttfq
+7ltBs06mR9nSb8OCHxOMz42VnML0lH9xV61eDPSiXjAiCn+xe0Bbgl6NI2TyPhS2
+12GrzKPasXcCgYA5PVz1ApAmtc+NEG0BE3VCrd3Q/4lf0OrtPpjVTF0tMgLEeXby
+wozQlY2z1Va+dYFQiu/sh6HnAe6bWUBMszAZF363vUJABtCat2yEZn2TkYYPXBEO
+3OC1yNidY3kl5Kc7jbA7itcDwy+JXLaz33k9njtoG00UnaWQJFWAw7B3sQKBgAfC
+JBnjb3UF/xSCpsbj1GkwYov91FMCBvEuI0a8bB7asY/5n6EQKcbrIBb15CGZ8w5Q
+FWC1YQ0mza6CkT7vjCuBjElnrcOf1ms/x7Js4g3JoOJuXRyL7ua0fkhhQ6ADGeoa
+p7o4mX/1gRHfGByAaq6aQ2IQGWf+GAJ9ohlUY21vAoGBAJG346Dqv/O5IKtFyAxF
+eqeAD9igJGM3TupbAk9XGahQMEkAf4zHKN3edtM3uDc46AN/mVoUQHaldG6cu/jp
+vJJqkXT4Oab8Qk6IJcQnKadQFfFQAZlhoXLqEXZgENiZhIHe0N2ExkwpvpcoKhlO
+91ZLMSn7W0w263vci3U88aas
+-----END PRIVATE KEY-----

roles/openqa/dispatcher/files/stg-cacert.pem

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDTTCCAjWgAwIBAgIJAKTvGuTvFNZ/MA0GCSqGSIb3DQEBCwUAMB4xHDAaBgNV
+BAMME1JhYmJpdE1RIFNUQUdJTkcgQ0EwHhcNMTgwODAyMTk1NjMwWhcNMjgwNzMw
+MTk1NjMwWjAeMRwwGgYDVQQDDBNSYWJiaXRNUSBTVEFHSU5HIENBMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZBkTjpV/8wVVv98q9l+Wb7ItgWUKAbE
+9T6N28T+SyhwNEzVACW8eCqUlY3Jfz/GSa+FG5pUcNu8soI8IL9F2bXQDtqWGp6+
+lxiEUKWzKwAAdNSsC4LCzj0pJvAbpWjTZs9tGxO/LfubsFx4BK93G5dyT1z9VV2n
+lStBn/WZeow53ZiOl4Ue/BYjDyZX+pN9V38SavNDjwphvYdtUooimNu4FdngHJtF
+fonssFPf2b0H9z89QVaZEcRpDPTLY+/868VQWuTPnT7ass5d1bliCNJ29GZEhqTD
+yZjFVml6abN4DLJkSoN58DoST0DvAw+0WlR6JnG2296k9e9RInHQkwIDAQABo4GN
+MIGKMB0GA1UdDgQWBBQdCSjObvxJDLt/tZhyk2EUHhR7VzBOBgNVHSMERzBFgBQd
+CSjObvxJDLt/tZhyk2EUHhR7V6EipCAwHjEcMBoGA1UEAwwTUmFiYml0TVEgU1RB
+R0lORyBDQYIJAKTvGuTvFNZ/MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0G
+CSqGSIb3DQEBCwUAA4IBAQAiXp2ljGrEuhLB6byVXm7lQLfxcWECcmbCR/3XsOir
+csVQaOtSY5jDVMWFnuArPMMzZPc81zmOdYwwuxqPVvki751LPNCQuqWkEwqLVRXO
+y8mET1efnFvHgXMszg01KSa1YPa5iVhIRGZkyckIkzB5pT45zk3FB10ty78nSozZ
+qvSm7uZhmtb9ZwcSeQIRx3pnCZks/BgBUIzCvW/oDmeya9oirZfMVq5zqv83iwcW
+svdtE43C/zHSlgr10JxzA5lXl16DxOXUXO6gZoavkI++7fB13xkYUSl0VgiIbI+7
+LZ+v5VAIDNtwvHxkjey6Mz5P0fHazrmXTaIzs5JSZwln
+-----END CERTIFICATE-----

roles/openqa/dispatcher/tasks/main.yml

@@ -193,6 +193,24 @@
   tags:
   - config
 
+- name: Install fedora-messaging staging CA cert (because it's not in the package)
+  copy: src=stg-cacert.pem dest=/etc/fedora-messaging/stg-cacert.pem owner=root group=root mode=0644
+  when: "openqa_fedoramessaging"
+  tags:
+  - config
+
+- name: Install fedora-messaging staging broker cert (because it's not in the package)
+  copy: src=fedora.stg-cert.pem dest=/etc/fedora-messaging/fedora.stg-cert.pem owner=root group=root mode=0644
+  when: "openqa_fedoramessaging"
+  tags:
+  - config
+
+- name: Install fedora-messaging staging broker key (because it's not in the package)
+  copy: src=fedora.stg-key.pem dest=/etc/fedora-messaging/fedora.stg-key.pem owner=root group=root mode=0644
+  when: "openqa_fedoramessaging"
+  tags:
+  - config
+
 - name: Configure fedora-messaging scheduler
   template: src=fedora_openqa_scheduler.toml.j2 dest=/etc/fedora-messaging/fedora_openqa_scheduler.toml owner=root group=root mode=0640
   when: "openqa_fedoramessaging"

roles/openqa/dispatcher/templates/fedora_openqa_resultsdb_reporter.toml.j2

@@ -11,9 +11,15 @@ amqp_url = "amqps://fedora:@rabbitmq.fedoraproject.org/%2Fpublic_pubsub"
 callback = "fedora_openqa.consumer:OpenQAResultsDBReporter"
 
 [tls]
+{% if deployment_type is defined and deployment_type == 'stg' %}
+ca_cert = "/etc/fedora-messaging/stg-cacert.pem"
+keyfile = "/etc/fedora-messaging/fedora.stg-key.pem"
+certfile = "/etc/fedora-messaging/fedora.stg-cert.pem"
+{% else %}
 ca_cert = "/etc/fedora-messaging/cacert.pem"
 keyfile = "/etc/fedora-messaging/fedora-key.pem"
 certfile = "/etc/fedora-messaging/fedora-cert.pem"
+{% endif %}
 
 [client_properties]
 app = "Fedora openQA"

roles/openqa/dispatcher/templates/fedora_openqa_scheduler.toml.j2

@@ -11,9 +11,15 @@ amqp_url = "amqps://fedora:@rabbitmq.fedoraproject.org/%2Fpublic_pubsub"
 callback = "fedora_openqa.consumer:OpenQAScheduler"
 
 [tls]
+{% if deployment_type is defined and deployment_type == 'stg' %}
+ca_cert = "/etc/fedora-messaging/stg-cacert.pem"
+keyfile = "/etc/fedora-messaging/fedora.stg-key.pem"
+certfile = "/etc/fedora-messaging/fedora.stg-cert.pem"
+{% else %}
 ca_cert = "/etc/fedora-messaging/cacert.pem"
 keyfile = "/etc/fedora-messaging/fedora-key.pem"
 certfile = "/etc/fedora-messaging/fedora-cert.pem"
+{% endif %}
 
 [client_properties]
 app = "Fedora openQA"

roles/openqa/dispatcher/templates/fedora_openqa_wiki_reporter.toml.j2

@@ -11,9 +11,15 @@ amqp_url = "amqps://fedora:@rabbitmq.fedoraproject.org/%2Fpublic_pubsub"
 callback = "fedora_openqa.consumer:OpenQAWikiReporter"
 
 [tls]
+{% if deployment_type is defined and deployment_type == 'stg' %}
+ca_cert = "/etc/fedora-messaging/stg-cacert.pem"
+keyfile = "/etc/fedora-messaging/fedora.stg-key.pem"
+certfile = "/etc/fedora-messaging/fedora.stg-cert.pem"
+{% else %}
 ca_cert = "/etc/fedora-messaging/cacert.pem"
 keyfile = "/etc/fedora-messaging/fedora-key.pem"
 certfile = "/etc/fedora-messaging/fedora-cert.pem"
+{% endif %}
 
 [client_properties]
 app = "Fedora openQA"