From e6e0e2f42d08d49706b5c66803d1dc8969b1e25b Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Wed, 11 May 2022 17:05:23 -0700
Subject: [PATCH] openqa: set up for new resultsdb location and auth on lab

This sets up the openQA lab instance to report to the new stg
instance of resultsdb, and use authentication. The scheduler
config file is now mode 0600 because it has a password in it.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
---
 inventory/group_vars/openqa_lab                    | 4 +++-
 roles/openqa/dispatcher/tasks/main.yml             | 8 +++++++-
 roles/openqa/dispatcher/templates/schedule.conf.j2 | 6 ++++++
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/inventory/group_vars/openqa_lab b/inventory/group_vars/openqa_lab
index 5d3c81c753..9b6cf64a5f 100644
--- a/inventory/group_vars/openqa_lab
+++ b/inventory/group_vars/openqa_lab
@@ -40,7 +40,9 @@ openqa_nfs_workers: "{{ groups['openqa_lab_workers'] }}"
 # install openQA from updates-testing - this is staging, we live
 # ON THE EDGE (radical guitar riff)
 openqa_repo: updates-testing
-openqa_resultsdb_url: http://resultsdb01.stg.iad2.fedoraproject.org/resultsdb_api/api/v2.0/
+openqa_resultsdb_url: https://resultsdb.stg.fedoraproject.org/api/v2.0/
+openqa_resultsdb_user: "{{ stg_resultsdb_httpd_user }}"
+openqa_resultsdb_password: "{{ stg_resultsdb_httpd_password }}"
 openqa_secret: "{{ stg_openqa_apisecret }}"
 openqa_update_arches: ['x86_64', 'ppc64le']
 openqa_webapi_plugins: FedoraMessaging FedoraUpdateRestart
diff --git a/roles/openqa/dispatcher/tasks/main.yml b/roles/openqa/dispatcher/tasks/main.yml
index cc505eec38..e1124a97e2 100644
--- a/roles/openqa/dispatcher/tasks/main.yml
+++ b/roles/openqa/dispatcher/tasks/main.yml
@@ -34,6 +34,12 @@
 ##               also set openqa_amqp_resultsdb_reporter_queue if this
 ##               is set. You should probably NOT set this unless you
 ##               are maintaining the Fedora infrastructure deployment.
+# - openqa_resultsdb_user
+##      string - username for ResultsDB API authentication. If not
+##               set, no authentication will be attempted.
+# - openqa_resultsdb_password
+##      string - password for ResultsDB API authentication. If not
+##               set, no authentication will be attempted.
 # - deployment_type
 ##      string - Fedora Infrastructure thing; for this role, the
 ##               fedora_openqa config file and fedora-messaging config
@@ -231,7 +237,7 @@
   file: path=/etc/fedora-openqa state=directory owner=root group=root mode=0755
 
 - name: Write schedule.conf
-  template: src=schedule.conf.j2 dest=/etc/fedora-openqa/schedule.conf owner=root group=root mode=0644
+  template: src=schedule.conf.j2 dest=/etc/fedora-openqa/schedule.conf owner=root group=root mode=0600
   notify:
   - restart openqa consumers
   tags:
diff --git a/roles/openqa/dispatcher/templates/schedule.conf.j2 b/roles/openqa/dispatcher/templates/schedule.conf.j2
index 0d3c3b3d39..4218fc6f53 100644
--- a/roles/openqa/dispatcher/templates/schedule.conf.j2
+++ b/roles/openqa/dispatcher/templates/schedule.conf.j2
@@ -1,5 +1,11 @@
 [report]
 resultsdb_url: {{ openqa_resultsdb_url }}
+{% if openqa_resultsdb_user is defined %}
+resultsdb_user: {{ openqa_resultsdb_user }}
+{% endif %}
+{% if openqa_resultsdb_password is defined %}
+resultsdb_password: {{ openqa_resultsdb_password }}
+{% endif %}
 wiki_hostname: {{ openqa_wikitcms_hostname }}
 
 [schedule]