diff --git a/roles/sigul/bridge/files/koji-primary.stg.conf b/roles/sigul/bridge/files/koji-primary.stg.conf deleted file mode 100644 index d7a40692a1..0000000000 --- a/roles/sigul/bridge/files/koji-primary.stg.conf +++ /dev/null @@ -1,19 +0,0 @@ -[koji] -realm = STG.FEDORAPROJECT.ORG - -;configuration for koji cli tool - -;url of XMLRPC server -server = https://koji.stg.fedoraproject.org/kojihub - -;url of web interface -weburl = https://koji.stg.fedoraproject.org/koji - -;url of package download site -topurl = https://kojipkgs.stg.fedoraproject.org/ -serverca = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem - -authtype = kerberos -principal = sigul/secondary-bridge01.phx2.fedoraproject.org@FEDORAPROJECT.ORG -keytab = /etc/krb5.sigul_secondary-bridge01.phx2.fedoraproject.org.keytab -krb_rdns = false diff --git a/roles/sigul/bridge/tasks/main.yml b/roles/sigul/bridge/tasks/main.yml index 632d0c889a..c250fcf0b7 100644 --- a/roles/sigul/bridge/tasks/main.yml +++ b/roles/sigul/bridge/tasks/main.yml @@ -15,14 +15,7 @@ - name: Setup primary koji config file template: src=koji-primary.conf.j2 dest=/etc/koji-primary.conf owner=root group=root mode=644 - when: inventory_hostname.startswith('sign') and env == "production" - tags: - - sigul - - sigul/bridge - -- name: Setup primary stg koji config file - copy: src=koji-primary.stg.conf dest=/etc/koji-primary.conf owner=root group=root mode=644 - when: inventory_hostname.startswith('sign') and env == "staging" + when: inventory_hostname.startswith('sign') tags: - sigul - sigul/bridge diff --git a/roles/sigul/bridge/templates/bridge.conf.j2 b/roles/sigul/bridge/templates/bridge.conf.j2 index ce561a71ec..7b47afcabc 100644 --- a/roles/sigul/bridge/templates/bridge.conf.j2 +++ b/roles/sigul/bridge/templates/bridge.conf.j2 @@ -2,7 +2,7 @@ # [bridge] # Nickname of the bridge's certificate in the NSS database specified below -bridge-cert-nickname: sign-bridge.phx2.fedoraproject.org +bridge-cert-nickname: sign-bridge{{ env_suffix }}.phx2.fedoraproject.org # Maximum accepted total size of all RPM payloads stored on disk for one request max-rpms-payload-size: 70737418240 diff --git a/roles/sigul/bridge/templates/koji-primary.conf.j2 b/roles/sigul/bridge/templates/koji-primary.conf.j2 index bff79891d5..548d3df59e 100644 --- a/roles/sigul/bridge/templates/koji-primary.conf.j2 +++ b/roles/sigul/bridge/templates/koji-primary.conf.j2 @@ -4,13 +4,13 @@ realm = FEDORAPROJECT.ORG ;configuration for koji cli tool ;url of XMLRPC server -server = https://koji.fedoraproject.org/kojihub +server = https://koji{{ env_suffix }}.fedoraproject.org/kojihub ;url of web interface -weburl = https://koji.fedoraproject.org/koji +weburl = https://koji{{ env_suffix }}.fedoraproject.org/koji ;url of package download site -topurl = https://kojipkgs.fedoraproject.org/ +topurl = https://kojipkgs{{ env_suffix }}.fedoraproject.org/ ;path to the koji top directory ;topdir = /mnt/koji diff --git a/roles/sigul/server/templates/server.conf.j2 b/roles/sigul/server/templates/server.conf.j2 index 20fea0a197..6e9a13fd39 100644 --- a/roles/sigul/server/templates/server.conf.j2 +++ b/roles/sigul/server/templates/server.conf.j2 @@ -3,8 +3,8 @@ [server] # Host name of the publically acessible bridge to clients -bridge-hostname: sign-bridge.phx2.fedoraproject.org -server-cert-nickname: sign-vault.phx2.fedoraproject.org +bridge-hostname: sign-bridge{{ env_suffix }}.phx2.fedoraproject.org +server-cert-nickname: sign-vault{{ env_suffix }}.phx2.fedoraproject.org # Port on which the bridge expects server connections bridge-port: 44333 @@ -50,6 +50,7 @@ nss-min-tls: tls1.2 nss-max-tls: tls1.2 [binding] +{% if env == "production" %} # List of binding modules enabled enabled: pkcs11 pkcs11_tokens: yubikey_sv03,yubikey_sv04,yubikey_sv05,yubikey_sv06 @@ -66,3 +67,4 @@ pkcs11_yubikey_sv05_privkey: pkcs11:serial=e8dae68ae187ff13;id=%03;type=private {% elif inventory_hostname.startswith('sign-vault06') %} pkcs11_yubikey_sv06_privkey: pkcs11:serial=e3c4804a6631dd5f;id=%03;type=private {% endif %} +{% endif %}