Set up staging sigul in ansible

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2019-07-03 10:29:47 +00:00 · 2019-07-03 10:29:47 +00:00 · 5d5300020f
commit 5d5300020f
parent 449264faba
5 changed files with 9 additions and 33 deletions
--- a/roles/sigul/bridge/files/koji-primary.stg.conf
+++ b/roles/sigul/bridge/files/koji-primary.stg.conf
@ -1,19 +0,0 @@
-[koji]
-realm = STG.FEDORAPROJECT.ORG
-
-;configuration for koji cli tool
-
-;url of XMLRPC server
-server = https://koji.stg.fedoraproject.org/kojihub
-
-;url of web interface
-weburl = https://koji.stg.fedoraproject.org/koji
-
-;url of package download site
-topurl = https://kojipkgs.stg.fedoraproject.org/
-serverca = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
-
-authtype = kerberos
-principal = sigul/secondary-bridge01.phx2.fedoraproject.org@FEDORAPROJECT.ORG
-keytab = /etc/krb5.sigul_secondary-bridge01.phx2.fedoraproject.org.keytab
-krb_rdns = false
--- a/roles/sigul/bridge/tasks/main.yml
+++ b/roles/sigul/bridge/tasks/main.yml
@ -15,14 +15,7 @@

 - name: Setup primary koji config file
  template: src=koji-primary.conf.j2 dest=/etc/koji-primary.conf owner=root group=root mode=644
-  when: inventory_hostname.startswith('sign') and env == "production"
-  tags:
-  - sigul
-  - sigul/bridge
-
- name: Setup primary stg koji config file
-  copy: src=koji-primary.stg.conf dest=/etc/koji-primary.conf owner=root group=root mode=644
-  when: inventory_hostname.startswith('sign') and env == "staging"
+  when: inventory_hostname.startswith('sign')
  tags:
  - sigul
  - sigul/bridge
--- a/roles/sigul/bridge/templates/bridge.conf.j2
+++ b/roles/sigul/bridge/templates/bridge.conf.j2
@ -2,7 +2,7 @@
 #
 [bridge]
 # Nickname of the bridge's certificate in the NSS database specified below
-bridge-cert-nickname: sign-bridge.phx2.fedoraproject.org
+bridge-cert-nickname: sign-bridge{{ env_suffix }}.phx2.fedoraproject.org

 # Maximum accepted total size of all RPM payloads stored on disk for one request
 max-rpms-payload-size: 70737418240
--- a/roles/sigul/bridge/templates/koji-primary.conf.j2
+++ b/roles/sigul/bridge/templates/koji-primary.conf.j2
@ -4,13 +4,13 @@ realm = FEDORAPROJECT.ORG
 ;configuration for koji cli tool

 ;url of XMLRPC server
-server = https://koji.fedoraproject.org/kojihub
+server = https://koji{{ env_suffix }}.fedoraproject.org/kojihub

 ;url of web interface
-weburl = https://koji.fedoraproject.org/koji
+weburl = https://koji{{ env_suffix }}.fedoraproject.org/koji

 ;url of package download site
-topurl = https://kojipkgs.fedoraproject.org/
+topurl = https://kojipkgs{{ env_suffix }}.fedoraproject.org/

 ;path to the koji top directory
 ;topdir = /mnt/koji
--- a/roles/sigul/server/templates/server.conf.j2
+++ b/roles/sigul/server/templates/server.conf.j2
@ -3,8 +3,8 @@
 [server]
 # Host name of the publically acessible bridge to clients

-bridge-hostname: sign-bridge.phx2.fedoraproject.org
-server-cert-nickname: sign-vault.phx2.fedoraproject.org
+bridge-hostname: sign-bridge{{ env_suffix }}.phx2.fedoraproject.org
+server-cert-nickname: sign-vault{{ env_suffix }}.phx2.fedoraproject.org

 # Port on which the bridge expects server connections
 bridge-port: 44333
@ -50,6 +50,7 @@ nss-min-tls: tls1.2
 nss-max-tls: tls1.2

 [binding]
+{% if env == "production" %}
 # List of binding modules enabled
 enabled: pkcs11
 pkcs11_tokens: yubikey_sv03,yubikey_sv04,yubikey_sv05,yubikey_sv06
@ -66,3 +67,4 @@ pkcs11_yubikey_sv05_privkey: pkcs11:serial=e8dae68ae187ff13;id=%03;type=private
 {% elif inventory_hostname.startswith('sign-vault06') %}
 pkcs11_yubikey_sv06_privkey: pkcs11:serial=e3c4804a6631dd5f;id=%03;type=private
 {% endif %}
+{% endif %}