koji / mirrormanager: split staging and prod db config

Signed-off-by: Kevin Fenzi <kevin@scrye.com>

roles/koji_hub/templates/hub.conf.j2

@@ -7,10 +7,11 @@ DBUser = koji
 DBHost = db-koji01
 LogLevel = koji:INFO koji-fedmsg-plugin:INFO
 LogFormat = %(asctime)s [%(levelname)s] m=%(method)s u=%(user_name)s p=%(process)s r=%(remoteaddr)s %(name)s: %(message)s
+DBPass = {{ kojiStgPassword }}
 {% else %}
 DBHost = db-koji01
-{% endif %}
 DBPass = {{ kojiPassword }}
+{% endif %}
 AuthPrincipal = host/koji{{env_suffix}}.fedoraproject.org
 {% if env == "staging" %}
 ProxyPrincipals = modularity@STG.FEDORAPROJECT.ORG,HTTP/koji.stg.fedoraproject.org@STG.FEDORAPROJECT.ORG,sigul/sign-bridge01.stg.iad2.fedoraproject.org@STG.FEDORAPROJECT.ORG

roles/koji_hub/templates/web.conf.j2

@@ -19,7 +19,11 @@ WebPrincipal = HTTP/koji{{env_suffix}}.fedoraproject.org
 LoginTimeout = 72
 
 # This must be changed and uncommented before deployment
+{% if env == 'staging' %}
 Secret = {{ kojiSecret }}
+{% else %}
+Secret = {{ kojiStgSecret }}
+{% endif %}
 
 LibPath = /usr/share/koji-web/lib
 

roles/mirrormanager/backend/templates/generate-mirrorlist-cache.cfg

@@ -1 +1,5 @@
+{% if env == 'staging' %}
+DB_URL="postgresql://{{ mirrormanager_stg_db_user }}:{{ mirrormanager_stg_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_stg_db_name }}"
+{% else %}
 DB_URL="postgresql://{{ mirrormanager_db_user }}:{{ mirrormanager_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_db_name }}"
+{% endif %}

roles/mirrormanager/backend/templates/scan-primary-mirror-centos.toml

@@ -4,7 +4,11 @@ max_stale_days = 0
 excludes=[".*\\.snapshot", ".*/\\.~tmp~"]
 
 [database]
+{% if env == 'staging' %}
+url="postgresql://{{ mirrormanager_stg_db_user }}:{{ mirrormanager_stg_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_stg_db_name }}"
+{% else %}
 url="postgresql://{{ mirrormanager_db_user }}:{{ mirrormanager_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_db_name }}"
+{% endif %}
 
 [[category]]
 name="CentOS"

roles/mirrormanager/backend/templates/scan-primary-mirror.toml

@@ -7,7 +7,11 @@ skip_repository_paths = ["Cloud", "Workstation", "Server", "drpms", "releases/te
 do_not_display_paths = ["_Beta"]
 
 [database]
+{% if env == 'staging' %}
+url="postgresql://{{ mirrormanager_stg_db_user }}:{{ mirrormanager_stg_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_stg_db_name }}"
+{% else %}
 url="postgresql://{{ mirrormanager_db_user }}:{{ mirrormanager_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_db_name }}"
+{% endif %}
 
 ### EPEL ###
 

roles/mirrormanager/frontend2/templates/alembic.ini

@@ -11,7 +11,11 @@ script_location = /usr/share/mirrormanager2/alembic
 # the 'revision' command, regardless of autogenerate
 # revision_environment = false
 
+{% if env == 'staging' %}
+sqlalchemy.url = postgresql://{{ mirrormanager_stg_db_user }}:{{ mirrormanager_stg_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_stg_db_name }}
+{% else %}
 sqlalchemy.url = postgresql://{{ mirrormanager_db_user }}:{{ mirrormanager_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_db_name }}
+{% endif %}
 
 # Logging configuration
 [loggers]

roles/mirrormanager/frontend2/templates/mirrormanager2.cfg

@@ -15,12 +15,27 @@ ITEMS_PER_PAGE = 50
 
 {% if mm2_checkin %}
 # url to the database server:
+{% if env == 'staging' %}
+DB_URL='postgresql://{{ mirrormanager_stg_checkin_db_user }}:{{ mirrormanager_stg_checkin_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_stg_db_name }}'
+{% else %}
 DB_URL='postgresql://{{ mirrormanager_checkin_db_user }}:{{ mirrormanager_checkin_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_db_name }}'
+{% endif %}
 
 # The checkin server does not use the secret key or password secret. Let's not leak it.
 SECRET_KEY = 'invalid'
 PASSWORD_SEED = 'invalid'
 
+{% else %}
+{% if env == 'staging' %}
+# url to the database server:
+DB_URL='postgresql://{{ mirrormanager_stg_db_user }}:{{ mirrormanager_stg_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_stg_db_name }}'
+
+# secret key used to generate unique csrf token
+SECRET_KEY = '{{ mirrormanager_stg_secret_key }}'
+
+# Seed used to make the password harder to brute force in case of leaking
+# This should be kept really secret!
+PASSWORD_SEED = "{{ mirrormanager_stg_password_seed }}"
 {% else %}
 # url to the database server:
 DB_URL='postgresql://{{ mirrormanager_db_user }}:{{ mirrormanager_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_db_name }}'
@@ -32,6 +47,7 @@ SECRET_KEY = '{{ mirrormanager_secret_key }}'
 # This should be kept really secret!
 PASSWORD_SEED = "{{ mirrormanager_password_seed }}"
 {% endif %}
+{% endif %}
 
 # Make browsers send session cookie only via HTTPS
 SESSION_COOKIE_SECURE=True