More sigul adjustments for secondary

2015-04-27 19:50:21 +00:00 · 2015-04-27 19:50:21 +00:00 · 7157da1221
commit 7157da1221
parent 740c26fc93
4 changed files with 114 additions and 7 deletions
--- a/files/sign/bridge.conf.secondary.j2
+++ b/files/sign/bridge.conf.secondary.j2
@ -0,0 +1,44 @@
 # This is a configuration for the sigul bridge.
 #
 [bridge]
 # Nickname of the bridge's certificate in the NSS database specified below
 bridge-cert-nickname: secondary-signer
 # Port on which the bridge expects client connections
 client-listen-port: 44334
 # Port on which the bridge expects server connections
 server-listen-port: 44333
 # A Fedora account system group required for access to the signing server.  If
 # empty, no Fedora account check is done.
 ; required-fas-group:
 # User name and password for an account on the Fedora account system that can
 # be used to verify group memberships
 ; fas-user-name:
 ; fas-password:
 #
 [koji]
 # Config file used to connect to the Koji hub
 # ; koji-config: ~/.koji/config
 # # Recognized alternative instances
 koji-instances: ppc s390 arm sparc
 #
 # # Example configuration of alternative instances:
 # # koji-instances: ppc64 s390
 # # Configuration paths for alternative instances:
 koji-config-ppc: /etc/koji-ppc.conf
 koji-config-s390: /etc/koji-s390.conf
 koji-config-arm: /etc/koji-arm.conf
 koji-config-sparc: /etc/koji-sparc.conf
 #
 #
 [daemon]
 # The user to run as
 unix-user: sigul
 # The group to run as
 unix-group: sigul
 #
 [nss]
 # Path to a directory containing a NSS database
 nss-dir: /var/lib/sigul
 # Password for accessing the NSS database.  If not specified, the bridge will
 # ask on startup
 #
--- a/files/sign/server.conf.primary
+++ b/files/sign/server.conf.primary
--- a/files/sign/server.conf.secondary
+++ b/files/sign/server.conf.secondary
@ -0,0 +1,51 @@
 # This is a configuration for the sigul server.
 # FIXME: remove my data
 [server]
 # Host name of the publically acessible bridge to clients
 bridge-hostname: secondary-signer
 # Port on which the bridge expects server connections
 ; bridge-port: 44333
 # Maximum accepted size of payload stored on disk
 max-file-payload-size: 2073741824
 # Maximum accepted size of payload stored in server's memory
 max-memory-payload-size: 1048576
 # Nickname of the server's certificate in the NSS database specified below
 server-cert-nickname: secondary-signer-server
 signing-timeout: 4000
 [database]
 # Path to a SQLite database
 ; database-path: /var/lib/sigul/server.conf
 [gnupg]
 # Path to a directory containing GPG configuration and keyrings
 gnupg-home: /var/lib/sigul/gnupg
 # Default primary key type for newly created keys
 gnupg-key-type: RSA
 # Default primary key length for newly created keys
 gnupg-key-length: 4096
 # Default subkey type for newly created keys, empty for no subkey
 #gnupg-subkey-type: ELG-E
 # Default subkey length for newly created keys if gnupg-subkey-type is not empty
 # gnupg-subkey-length: 4096
 # Default key usage flags for newly created keys
 gnupg-key-usage: encrypt, sign
 # Length of key passphrases used for newsly created keys
 ; passphrase-length: 64
 [daemon]
 # The user to run as
 unix-user: sigul
 # The group to run as
 unix-group: sigul
 [nss]
 # Path to a directory containing a NSS database
 nss-dir: /var/lib/sigul
 # Password for accessing the NSS database.  If not specified, the server will
 # ask on startup
 ; nss-password is not specified by default
--- a/tasks/sign_setup.yml
+++ b/tasks/sign_setup.yml
@ -1,7 +1,7 @@
 ---
 - name: put builder-repo on system
-  action: copy src="{{ files }}/sign/{{ item }}" dest="/etc/yum.repos.d/{{ item }}"
+  copy: src="{{ files }}/sign/{{ item }}" dest="/etc/yum.repos.d/{{ item }}"
  with_items:
  - builder-rpms.repo
  when: is_rhel is defined
@ -10,7 +10,7 @@
  - packages
 - name: install sigul
-  action: yum state=present name={{ item }}
+  yum: state=present name={{ item }}
  with_items:
  - sigul
  - ntp
@ -22,18 +22,30 @@
  - packages
 - name: setup /etc/sigul/bridge.conf file
-  action: template src="{{ files }}/sign/bridge.conf.j2" dest=/etc/sigul/bridge.conf owner=root group=sigul mode=640
+  template: src="{{ files }}/sign/bridge.conf.j2" dest=/etc/sigul/bridge.conf owner=root group=sigul mode=640
  tags:
  - config
  when: inventory_hostname.startswith('sign')
 - name: setup /etc/sigul/server.conf file
-  action: copy src="{{ files }}/sign/server.conf" dest=/etc/sigul/server.conf owner=root group=sigul mode=640
+  copy: src="{{ files }}/sign/server.conf.primary" dest=/etc/sigul/server.conf owner=root group=sigul mode=640
  when: inventory_hostname.startswith('sign')
 - name: setup secondary /etc/sigul/bridge.conf file
  template: src="{{ files }}/sign/bridge.conf.secondary.j2" dest=/etc/sigul/bridge.conf owner=root group=sigul mode=640
  tags:
  - config
  when: inventory_hostname.startswith('secondary')
 - name: setup secondary /etc/sigul/server.conf file
  copy: src="{{ files }}/sign/server.conf.secondary" dest=/etc/sigul/server.conf owner=root group=sigul mode=640
  when: inventory_hostname.startswith('secondary')
 - name: ntp steptickers
-  action: copy src="{{ files }}/common/step-tickers" dest=/etc/ntp/step-tickers
+  copy: src="{{ files }}/common/step-tickers" dest=/etc/ntp/step-tickers
 - name: ntp.conf
-  action: copy src="{{ files }}/common/ntp.conf" dest=/etc/ntp.conf
+  copy: src="{{ files }}/common/ntp.conf" dest=/etc/ntp.conf
 - name: enable ntpd
-  action: service name=ntpd enabled=true state=started
+  service: name=ntpd enabled=true state=started