[sysadmin-notify] [ansible] Drop ca and deprecate serverca usage

Friday, 13 November 2020

commit b31eaa42bae19f04a0866a65c6db6abdac1aa784
Author: Nicolas Chauvet <kwizart(a)gmail.com&gt;
Date:   Fri Nov 13 10:35:56 2020 +0100

    Drop ca and deprecate serverca usage

 roles/bodhi2/backend/files/koji-config             |    5 +----
 .../templates/bodhi-masher-jobrunner.cfg.j2        |    2 +-
 roles/bodhi2/backend/templates/owner-sync-pkgdb.j2 |    3 ++-
 roles/koji_builder/templates/koji.conf             |    5 +----
 roles/koji_builder/templates/kojid.conf            |    5 +----
 roles/koji_hub/files/koji-gc.conf                  |    2 +-
 roles/koji_hub/files/kojira.conf                   |    5 +----
 roles/sigul/bridge/files/koji-primary.conf         |    4 +---
 8 files changed, 9 insertions(+), 22 deletions(-)
---

diff --git a/roles/bodhi2/backend/files/koji-config
b/roles/bodhi2/backend/files/koji-config
index 2e8afcb..e003655 100644
--- a/roles/bodhi2/backend/files/koji-config
+++ b/roles/bodhi2/backend/files/koji-config
@@ -2,8 +2,5 @@
 ;client certificate
 cert = /etc/pki/pkgdb/pkgdb.pem
 
-;certificate of the CA that issued the client certificate
-ca = /etc/pki/pkgdb/fedora-server-ca.cert
-
 ;certificate of the CA that issued the HTTP server certificate
-serverca = /etc/pki/pkgdb/fedora-server-ca.cert
+;serverca = /etc/pki/pkgdb/fedora-server-ca.cert
diff --git a/roles/bodhi2/backend/templates/bodhi-masher-jobrunner.cfg.j2
b/roles/bodhi2/backend/templates/bodhi-masher-jobrunner.cfg.j2
index 4e1fa33..af51d3c 100644
--- a/roles/bodhi2/backend/templates/bodhi-masher-jobrunner.cfg.j2
+++ b/roles/bodhi2/backend/templates/bodhi-masher-jobrunner.cfg.j2
@@ -97,7 +97,7 @@ pkgdb_url = 'https://admin.rpmfusion.org/pkgdb'
 buildsystem = 'koji'
 client_cert = '/etc/pki/bodhi/bodhi.pem'
 clientca_cert = '/etc/pki/bodhi/fedora-upload-ca.cert'
-serverca_cert = '/etc/pki/bodhi/fedora-server-ca.cert'
+#serverca_cert = '/etc/pki/bodhi/fedora-server-ca.cert'
 
 masher_lock_id = 'FEDORA'
 
diff --git a/roles/bodhi2/backend/templates/owner-sync-pkgdb.j2
b/roles/bodhi2/backend/templates/owner-sync-pkgdb.j2
index 356bbeb..cad4b55 100755
--- a/roles/bodhi2/backend/templates/owner-sync-pkgdb.j2
+++ b/roles/bodhi2/backend/templates/owner-sync-pkgdb.j2
@@ -130,7 +130,8 @@ if __name__ == '__main__':
         else:
             session = koji.ClientSession("http://%s.koji.rpmfusion.org/kojihub"
% arch)
         try:
-            session.ssl_login(options['cert'], options['ca'],
options['serverca'])
+            #session.ssl_login(options['cert'], options['ca'],
options['serverca'])
+            session.ssl_login(options['cert'], options['ca'])
         except:
             print "Unable to sync to %s hub" % arch
             continue
diff --git a/roles/koji_builder/templates/koji.conf
b/roles/koji_builder/templates/koji.conf
index f4fcfd5..f28ea24 100644
--- a/roles/koji_builder/templates/koji.conf
+++ b/roles/koji_builder/templates/koji.conf
@@ -24,8 +24,5 @@ topurl = {{ koji_topurl }}
 ;client certificate
 cert = ~/.fedora.cert
 
-;certificate of the CA that issued the client certificate
-ca = ~/.fedora-server-ca.cert
-
 ;certificate of the CA that issued the HTTP server certificate
-serverca = ~/.fedora-server-ca.cert
+;serverca = ~/.fedora-server-ca.cert
diff --git a/roles/koji_builder/templates/kojid.conf
b/roles/koji_builder/templates/kojid.conf
index 1a60b48..e3b09a7 100644
--- a/roles/koji_builder/templates/kojid.conf
+++ b/roles/koji_builder/templates/kojid.conf
@@ -79,11 +79,8 @@ from_addr=RPM Fusion Koji Build System <buildsys(a)rpmfusion.org&gt;
 ;client certificate - puppet generated
 cert = /etc/kojid/kojibuilder.pem
 
-;certificate of the CA that issued the client certificate
-ca = /etc/kojid/cacert.pem
-
 ;certificate of the CA that issued the HTTP server certificate
-serverca = /etc/kojid/cacert.pem
+;serverca = /etc/kojid/cacert.pem
 
 {% if 'runroot' in group_names %}
 ; Config for it lives in /etc/kojid/runroot.conf
diff --git a/roles/koji_hub/files/koji-gc.conf b/roles/koji_hub/files/koji-gc.conf
index 1f9d431..f37f91f 100644
--- a/roles/koji_hub/files/koji-gc.conf
+++ b/roles/koji_hub/files/koji-gc.conf
@@ -55,7 +55,7 @@ unprotected_keys =
     fedora-el-8-nonfree
 
 server = https://koji.rpmfusion.org/kojihub
-serverca = /etc/koji-gc/serverca.crt
+#serverca = /etc/koji-gc/serverca.crt
 weburl = https://koji.rpmfusion.org/koji
 from_addr = RPM Fusion Koji Build System <buildsys(a)rpmfusion.org&gt;
 email-domain = rpmfusion.org
diff --git a/roles/koji_hub/files/kojira.conf b/roles/koji_hub/files/kojira.conf
index 56d51fe..5c7e93e 100644
--- a/roles/koji_hub/files/kojira.conf
+++ b/roles/koji_hub/files/kojira.conf
@@ -33,8 +33,5 @@ max_repo_tasks=6
 ;client certificate
 cert = /etc/kojira/kojira_cert_key.pem
 
-;certificate of the CA that issued the client certificate
-ca = /etc/kojira/extras_cacert.pem
-
 ;certificate of the CA that issued the HTTP server certificate
-serverca = /etc/kojira/extras_cacert.pem
+;serverca = /etc/kojira/extras_cacert.pem
diff --git a/roles/sigul/bridge/files/koji-primary.conf
b/roles/sigul/bridge/files/koji-primary.conf
index e04fa9c..cf0f73c 100644
--- a/roles/sigul/bridge/files/koji-primary.conf
+++ b/roles/sigul/bridge/files/koji-primary.conf
@@ -21,8 +21,6 @@ authtype = ssl
 ;client certificate
 cert = /etc/sigul/rpmfusion.cert
 
-ca = /etc/sigul/rpmfusion-upload-ca.cert
-
 ;certificate of the CA that issued the HTTP server certificate
-serverca = /etc/sigul/rpmfusion-server-ca.cert
+;serverca = /etc/sigul/rpmfusion-server-ca.cert
 
    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

[sysadmin-notify] [ansible] Drop ca and deprecate serverca usage