From bd4ab085bd214c0cafb13e30152518db2861f55b Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Mon, 19 Sep 2022 14:53:04 -0700 Subject: [PATCH] koji / mirrormanager: split staging and prod db config Signed-off-by: Kevin Fenzi --- roles/koji_hub/templates/hub.conf.j2 | 3 ++- roles/koji_hub/templates/web.conf.j2 | 4 ++++ .../templates/generate-mirrorlist-cache.cfg | 4 ++++ .../templates/scan-primary-mirror-centos.toml | 4 ++++ .../backend/templates/scan-primary-mirror.toml | 4 ++++ .../frontend2/templates/alembic.ini | 4 ++++ .../frontend2/templates/mirrormanager2.cfg | 16 ++++++++++++++++ 7 files changed, 38 insertions(+), 1 deletion(-) diff --git a/roles/koji_hub/templates/hub.conf.j2 b/roles/koji_hub/templates/hub.conf.j2 index ac9e1cafd3..59bb17e9a7 100644 --- a/roles/koji_hub/templates/hub.conf.j2 +++ b/roles/koji_hub/templates/hub.conf.j2 @@ -7,10 +7,11 @@ DBUser = koji DBHost = db-koji01 LogLevel = koji:INFO koji-fedmsg-plugin:INFO LogFormat = %(asctime)s [%(levelname)s] m=%(method)s u=%(user_name)s p=%(process)s r=%(remoteaddr)s %(name)s: %(message)s +DBPass = {{ kojiStgPassword }} {% else %} DBHost = db-koji01 -{% endif %} DBPass = {{ kojiPassword }} +{% endif %} AuthPrincipal = host/koji{{env_suffix}}.fedoraproject.org {% if env == "staging" %} ProxyPrincipals = modularity@STG.FEDORAPROJECT.ORG,HTTP/koji.stg.fedoraproject.org@STG.FEDORAPROJECT.ORG,sigul/sign-bridge01.stg.iad2.fedoraproject.org@STG.FEDORAPROJECT.ORG diff --git a/roles/koji_hub/templates/web.conf.j2 b/roles/koji_hub/templates/web.conf.j2 index 99538f63ed..ccfc456399 100644 --- a/roles/koji_hub/templates/web.conf.j2 +++ b/roles/koji_hub/templates/web.conf.j2 @@ -19,7 +19,11 @@ WebPrincipal = HTTP/koji{{env_suffix}}.fedoraproject.org LoginTimeout = 72 # This must be changed and uncommented before deployment +{% if env == 'staging' %} Secret = {{ kojiSecret }} +{% else %} +Secret = {{ kojiStgSecret }} +{% endif %} LibPath = /usr/share/koji-web/lib diff --git a/roles/mirrormanager/backend/templates/generate-mirrorlist-cache.cfg b/roles/mirrormanager/backend/templates/generate-mirrorlist-cache.cfg index 9ef9de89c7..324dcb1d7e 100644 --- a/roles/mirrormanager/backend/templates/generate-mirrorlist-cache.cfg +++ b/roles/mirrormanager/backend/templates/generate-mirrorlist-cache.cfg @@ -1 +1,5 @@ +{% if env == 'staging' %} +DB_URL="postgresql://{{ mirrormanager_stg_db_user }}:{{ mirrormanager_stg_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_stg_db_name }}" +{% else %} DB_URL="postgresql://{{ mirrormanager_db_user }}:{{ mirrormanager_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_db_name }}" +{% endif %} diff --git a/roles/mirrormanager/backend/templates/scan-primary-mirror-centos.toml b/roles/mirrormanager/backend/templates/scan-primary-mirror-centos.toml index 0ac3040cfc..dd86371d7a 100644 --- a/roles/mirrormanager/backend/templates/scan-primary-mirror-centos.toml +++ b/roles/mirrormanager/backend/templates/scan-primary-mirror-centos.toml @@ -4,7 +4,11 @@ max_stale_days = 0 excludes=[".*\\.snapshot", ".*/\\.~tmp~"] [database] +{% if env == 'staging' %} +url="postgresql://{{ mirrormanager_stg_db_user }}:{{ mirrormanager_stg_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_stg_db_name }}" +{% else %} url="postgresql://{{ mirrormanager_db_user }}:{{ mirrormanager_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_db_name }}" +{% endif %} [[category]] name="CentOS" diff --git a/roles/mirrormanager/backend/templates/scan-primary-mirror.toml b/roles/mirrormanager/backend/templates/scan-primary-mirror.toml index 670029f943..4752b50a64 100644 --- a/roles/mirrormanager/backend/templates/scan-primary-mirror.toml +++ b/roles/mirrormanager/backend/templates/scan-primary-mirror.toml @@ -7,7 +7,11 @@ skip_repository_paths = ["Cloud", "Workstation", "Server", "drpms", "releases/te do_not_display_paths = ["_Beta"] [database] +{% if env == 'staging' %} +url="postgresql://{{ mirrormanager_stg_db_user }}:{{ mirrormanager_stg_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_stg_db_name }}" +{% else %} url="postgresql://{{ mirrormanager_db_user }}:{{ mirrormanager_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_db_name }}" +{% endif %} ### EPEL ### diff --git a/roles/mirrormanager/frontend2/templates/alembic.ini b/roles/mirrormanager/frontend2/templates/alembic.ini index 06a04f720f..2715736222 100644 --- a/roles/mirrormanager/frontend2/templates/alembic.ini +++ b/roles/mirrormanager/frontend2/templates/alembic.ini @@ -11,7 +11,11 @@ script_location = /usr/share/mirrormanager2/alembic # the 'revision' command, regardless of autogenerate # revision_environment = false +{% if env == 'staging' %} +sqlalchemy.url = postgresql://{{ mirrormanager_stg_db_user }}:{{ mirrormanager_stg_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_stg_db_name }} +{% else %} sqlalchemy.url = postgresql://{{ mirrormanager_db_user }}:{{ mirrormanager_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_db_name }} +{% endif %} # Logging configuration [loggers] diff --git a/roles/mirrormanager/frontend2/templates/mirrormanager2.cfg b/roles/mirrormanager/frontend2/templates/mirrormanager2.cfg index cba98e9225..5e893f8b7a 100644 --- a/roles/mirrormanager/frontend2/templates/mirrormanager2.cfg +++ b/roles/mirrormanager/frontend2/templates/mirrormanager2.cfg @@ -15,12 +15,27 @@ ITEMS_PER_PAGE = 50 {% if mm2_checkin %} # url to the database server: +{% if env == 'staging' %} +DB_URL='postgresql://{{ mirrormanager_stg_checkin_db_user }}:{{ mirrormanager_stg_checkin_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_stg_db_name }}' +{% else %} DB_URL='postgresql://{{ mirrormanager_checkin_db_user }}:{{ mirrormanager_checkin_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_db_name }}' +{% endif %} # The checkin server does not use the secret key or password secret. Let's not leak it. SECRET_KEY = 'invalid' PASSWORD_SEED = 'invalid' +{% else %} +{% if env == 'staging' %} +# url to the database server: +DB_URL='postgresql://{{ mirrormanager_stg_db_user }}:{{ mirrormanager_stg_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_stg_db_name }}' + +# secret key used to generate unique csrf token +SECRET_KEY = '{{ mirrormanager_stg_secret_key }}' + +# Seed used to make the password harder to brute force in case of leaking +# This should be kept really secret! +PASSWORD_SEED = "{{ mirrormanager_stg_password_seed }}" {% else %} # url to the database server: DB_URL='postgresql://{{ mirrormanager_db_user }}:{{ mirrormanager_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_db_name }}' @@ -32,6 +47,7 @@ SECRET_KEY = '{{ mirrormanager_secret_key }}' # This should be kept really secret! PASSWORD_SEED = "{{ mirrormanager_password_seed }}" {% endif %} +{% endif %} # Make browsers send session cookie only via HTTPS SESSION_COOKIE_SECURE=True