commit 9fa457a38c646f52230f4d972e9cd49c45619527 Author: Nicolas Chauvet <kwizart(a)gmail.com&gt; Date: Tue Oct 4 16:46:08 2016 +0200 Add robosignatory roles/robosignatory/files/koji.conf | 7 ++ .../files/robosignatory.production.py | 68 ++++++++++++++++++++ roles/robosignatory/tasks/main.yml | 49 ++++++++++++++ 3 files changed, 124 insertions(+), 0 deletions(-) --- diff --git a/roles/robosignatory/files/koji.conf b/roles/robosignatory/files/koji.conf new file mode 100644 index 0000000..1713a77 --- /dev/null +++ b/roles/robosignatory/files/koji.conf @@ -0,0 +1,7 @@ +[koji] +server = http://koji.rpmfusion.org/kojihub +weburl = http://koji.rpmfusion.org/koji +topurl = https://kojipkgs.rpmfusion.org/ +anon_retry = false +cert = /etc/robosignatory/koji.cert +serverca = /etc/robosignatory/serverca.cert diff --git a/roles/robosignatory/files/robosignatory.production.py b/roles/robosignatory/files/robosignatory.production.py new file mode 100644 index 0000000..2ba3fad --- /dev/null +++ b/roles/robosignatory/files/robosignatory.production.py @@ -0,0 +1,68 @@ +config = { + 'logging': { + 'loggers': { + 'robosignatory': { + 'handlers': ['console', 'mailer'], + 'level': 'DEBUG', + 'propagate': False + }, + }, + }, + + 'robosignatory.enabled.tagsigner': True, + 'robosignatory.signing.user': 'autopen', + 'robosignatory.signing.passphrase_file': '/etc/sigul/autosign.pass', + 'robosignatory.signing.config_file': '/etc/sigul/client.conf', + + # The keys here need to be the same in the sigul bridge + 'robosignatory.koji_instances': { + 'primary': { + 'url': 'https://koji.rpmfusion.org/kojihub', + 'options': { + # Only ssl is supported at the moment + 'authmethod': 'ssl', + 'cert': '/etc/sigul/autopen.pem', + 'serverca': '/etc/sigul/fedoraca.pem', + }, + 'tags': [ + { + "from": "f23-free-candidate", + "key": "f23-free", + "keyid": "e051b67e", + "to": "f23-free-updates-testing" + }, + { + "from": "f24-free-candidate", + "key": "f24-free", + "keyid": "b7546f06", + "to": "f24-free-updates-testing" + }, + { + "from": "f25-free-candidate", + "key": "f25-free", + "keyid": "6806a9cb", + "to": "f25-free-updates-testing" + }, + { + "from": "f23-nonfree-candidate", + "key": "f23-nonfree", + "keyid": "e051b67e", + "to": "f23-nonfree-updates-testing" + }, + { + "from": "f24-nonfree-candidate", + "key": "f24-nonfree", + "keyid": "b7546f06", + "to": "f24-nonfree-updates-testing" + }, + { + "from": "f25-nonfree-candidate", + "key": "f25-nonfree", + "keyid": "6806a9cb", + "to": "f25-nonfree-updates-testing" + } + + ] + }, + }, +} diff --git a/roles/robosignatory/tasks/main.yml b/roles/robosignatory/tasks/main.yml new file mode 100644 index 0000000..851d3ef --- /dev/null +++ b/roles/robosignatory/tasks/main.yml @@ -0,0 +1,49 @@ +- name: Install packages + yum: state=present name={{ item }} + with_items: + - python-robosignatory + - trousers + - tpm-tools + tags: + - packages + - robosignatory + +- name: Create config directory + file: path=/etc/robosignatory state=directory owner=fedmsg group=fedmsg mode=0750 + tags: + - config + - robosignatory + +- name: Create sigul directory + file: path=/etc/robosignatory/sigul state=directory owner=fedmsg group=fedmsg mode=0750 + tags: + - config + - robosignatory + +- name: Install koji certificate and key + copy: src="{{ private }}/files/koji/autopen.pem" dest=/etc/robosignatory/koji.cert + owner=fedmsg group=fedmsg mode=0640 + tags: + - config + - robosignatory + +- name: Install koji config + copy: src=koji.conf dest=/etc/robosignatory/koji.config + owner=fedmsg group=fedmsg mode=0640 + tags: + - config + - robosignatory + +- name: Install koji CA certificate + copy: src="{{ private }}/files/fedora-ca.cert" dest=/etc/robosignatory/serverca.cert + owner=fedmsg group=fedmsg mode=0640 + tags: + - config + - robosignatory + +- name: Setup robosignatory config + copy: src=robosignatory.{{env}}.py dest=/etc/fedmsg.d/robosignatory.py + owner=fedmsg group=fedmsg mode=0640 + tags: + - config + - robosignatory