koji / mirrormanager: split staging and prod db config

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2022-09-19 14:53:04 -07:00 · 2022-09-19 14:53:04 -07:00 · bd4ab085bd
commit bd4ab085bd
parent 1c1780c931
7 changed files with 38 additions and 1 deletions
--- a/roles/koji_hub/templates/hub.conf.j2
+++ b/roles/koji_hub/templates/hub.conf.j2
@ -7,10 +7,11 @@ DBUser = koji
 DBHost = db-koji01
 LogLevel = koji:INFO koji-fedmsg-plugin:INFO
 LogFormat = %(asctime)s [%(levelname)s] m=%(method)s u=%(user_name)s p=%(process)s r=%(remoteaddr)s %(name)s: %(message)s
+DBPass = {{ kojiStgPassword }}
 {% else %}
 DBHost = db-koji01
-{% endif %}
 DBPass = {{ kojiPassword }}
+{% endif %}
 AuthPrincipal = host/koji{{env_suffix}}.fedoraproject.org
 {% if env == "staging" %}
 ProxyPrincipals = modularity@STG.FEDORAPROJECT.ORG,HTTP/koji.stg.fedoraproject.org@STG.FEDORAPROJECT.ORG,sigul/sign-bridge01.stg.iad2.fedoraproject.org@STG.FEDORAPROJECT.ORG
--- a/roles/koji_hub/templates/web.conf.j2
+++ b/roles/koji_hub/templates/web.conf.j2
@ -19,7 +19,11 @@ WebPrincipal = HTTP/koji{{env_suffix}}.fedoraproject.org
 LoginTimeout = 72

 # This must be changed and uncommented before deployment
+{% if env == 'staging' %}
 Secret = {{ kojiSecret }}
+{% else %}
+Secret = {{ kojiStgSecret }}
+{% endif %}

 LibPath = /usr/share/koji-web/lib

--- a/roles/mirrormanager/backend/templates/generate-mirrorlist-cache.cfg
+++ b/roles/mirrormanager/backend/templates/generate-mirrorlist-cache.cfg
@ -1 +1,5 @@
+{% if env == 'staging' %}
+DB_URL="postgresql://{{ mirrormanager_stg_db_user }}:{{ mirrormanager_stg_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_stg_db_name }}"
+{% else %}
 DB_URL="postgresql://{{ mirrormanager_db_user }}:{{ mirrormanager_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_db_name }}"
+{% endif %}
--- a/roles/mirrormanager/backend/templates/scan-primary-mirror-centos.toml
+++ b/roles/mirrormanager/backend/templates/scan-primary-mirror-centos.toml
@ -4,7 +4,11 @@ max_stale_days = 0
 excludes=[".*\\.snapshot", ".*/\\.~tmp~"]

 [database]
+{% if env == 'staging' %}
+url="postgresql://{{ mirrormanager_stg_db_user }}:{{ mirrormanager_stg_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_stg_db_name }}"
+{% else %}
 url="postgresql://{{ mirrormanager_db_user }}:{{ mirrormanager_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_db_name }}"
+{% endif %}

 [[category]]
 name="CentOS"
--- a/roles/mirrormanager/backend/templates/scan-primary-mirror.toml
+++ b/roles/mirrormanager/backend/templates/scan-primary-mirror.toml
@ -7,7 +7,11 @@ skip_repository_paths = ["Cloud", "Workstation", "Server", "drpms", "releases/te
 do_not_display_paths = ["_Beta"]

 [database]
+{% if env == 'staging' %}
+url="postgresql://{{ mirrormanager_stg_db_user }}:{{ mirrormanager_stg_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_stg_db_name }}"
+{% else %}
 url="postgresql://{{ mirrormanager_db_user }}:{{ mirrormanager_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_db_name }}"
+{% endif %}

 ### EPEL ###

--- a/roles/mirrormanager/frontend2/templates/alembic.ini
+++ b/roles/mirrormanager/frontend2/templates/alembic.ini
@ -11,7 +11,11 @@ script_location = /usr/share/mirrormanager2/alembic
 # the 'revision' command, regardless of autogenerate
 # revision_environment = false

+{% if env == 'staging' %}
+sqlalchemy.url = postgresql://{{ mirrormanager_stg_db_user }}:{{ mirrormanager_stg_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_stg_db_name }}
+{% else %}
 sqlalchemy.url = postgresql://{{ mirrormanager_db_user }}:{{ mirrormanager_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_db_name }}
+{% endif %}

 # Logging configuration
 [loggers]
--- a/roles/mirrormanager/frontend2/templates/mirrormanager2.cfg
+++ b/roles/mirrormanager/frontend2/templates/mirrormanager2.cfg
@ -15,12 +15,27 @@ ITEMS_PER_PAGE = 50

 {% if mm2_checkin %}
 # url to the database server:
+{% if env == 'staging' %}
+DB_URL='postgresql://{{ mirrormanager_stg_checkin_db_user }}:{{ mirrormanager_stg_checkin_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_stg_db_name }}'
+{% else %}
 DB_URL='postgresql://{{ mirrormanager_checkin_db_user }}:{{ mirrormanager_checkin_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_db_name }}'
+{% endif %}

 # The checkin server does not use the secret key or password secret. Let's not leak it.
 SECRET_KEY = 'invalid'
 PASSWORD_SEED = 'invalid'

+{% else %}
+{% if env == 'staging' %}
+# url to the database server:
+DB_URL='postgresql://{{ mirrormanager_stg_db_user }}:{{ mirrormanager_stg_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_stg_db_name }}'
+
+# secret key used to generate unique csrf token
+SECRET_KEY = '{{ mirrormanager_stg_secret_key }}'
+
+# Seed used to make the password harder to brute force in case of leaking
+# This should be kept really secret!
+PASSWORD_SEED = "{{ mirrormanager_stg_password_seed }}"
 {% else %}
 # url to the database server:
 DB_URL='postgresql://{{ mirrormanager_db_user }}:{{ mirrormanager_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_db_name }}'
@ -32,6 +47,7 @@ SECRET_KEY = '{{ mirrormanager_secret_key }}'
 # This should be kept really secret!
 PASSWORD_SEED = "{{ mirrormanager_password_seed }}"
 {% endif %}
+{% endif %}

 # Make browsers send session cookie only via HTTPS
 SESSION_COOKIE_SECURE=True