-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathmain.yml
More file actions
69 lines (60 loc) · 2.63 KB
/
Copy pathmain.yml
File metadata and controls
69 lines (60 loc) · 2.63 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# Defaults variables for role stylo
# Worth knowing that this role doesn't touch gpg nor distribute/unlock keys for signing
# This is a manual process (unlock-keys) but once unlocked in session, local cron will keep them in cache
# and so process_tag process will be able to sign rpm on demand for keys configured in this role
# see stylo_gpg_sigs settings for public key id in gnupg ring
# Local user for stylo service
stylo_local_user: stylo
# In case we need to share the nfs volume with koji and that it's owned by same uid
stylo_local_user_uid: 48
# gpg settings
# Defining also all SIGs and each time (lowercase) the gpg pub key id to use to know how to sign for specific tags
stylo_gpg_cache_ttl: 15552000
stylo_gpg_digest_algo: SHA512
stylo_gpg_sigs:
- name: cloud
key_id: 645d13aa
- name: storage
key_id: bb6f0535
- name: sclo
key_id: 3e0ccc20
# push settings
# Which node to push generated repositories to
stylo_master_node: remote.node
# Which target user to use for ssh push : it needs obviously to have ssh pub key on that host/user
stylo_push_user: push
stylo_mirror_basedir:
stylo_mirror_stream_basedir:
stylo_buildlogs_basedir:
stylo_debug_basedir:
stylo_vault_basedir:
# Which images/spins artifacts should we push out to mirror CDN
# worth knowing that we need to import .sha256 files but they'll be concatenated into SHA256SUM so deleted before being pushed out
stylo_images_artifacts: "iso qcow2 sha256 raw.xz tar.xz wsl"
# Koji cli part
# Do we need to use specific repo to deploy newer/specific koji pkgs and newer rpm/rpm-sign
stylo_kojihub_repo: True
stylo_kojihub_repo_gpgkey: RPM-GPG-KEY-CentOS-Infra
# How to mount kojishare/nfs (we need to have access RW for DuD .iso creation
# Also creating /mnt/koji symlink to real place to match upstream koji (boolean)
stylo_koji_mountpoint: /mnt/kojishare
stylo_koji_nfs_path: nfs-host.domain.com:/exports/kojishare
stylo_koji_mnt_symlink_workaround: True
# Koji user TLS we'll use to interact with kojihub (also defined)
stylo_kojihub_url: https://cbs.centos.org/kojihub/
stylo_kojiweb_url: https://cbs.centos.org/koji/
stylo_kojifiles_url: https://cbs.centos.org/kojifiles/
stylo_koji_user_cert: admin.pem
stylo_koji_ca_cert:
# Mqtt broker settings (we'll be using stylo_koji_user_cert to auth against it
# So it should be first allowed in mqtt acl on the mqtt broker host
stylo_mqtt_host: mqtt.dev.centos.org
# topic on which to subscribe (where koji will publish)
stylo_mqtt_topic: koji
# topic on which we'll publish (where consumers can
stylo_mqtt_topic_pub: cbs-signing
# Zabbix/monitoring part
stylo_zabbix_templates:
- Template CentOS stylo
stylo_zabbix_groups:
- CentOS CBS koji hosts