From 010732969e3752472e12eec449a9f5ddb240dc5d Mon Sep 17 00:00:00 2001 From: Adam Miller Date: Tue, 12 Jul 2016 21:19:42 +0000 Subject: [PATCH] only osbs-client on buildvm (just schedules with osbs) and koji-hub (status checking), ssl_verify everywhere, enable in prod Signed-off-by: Adam Miller --- playbooks/groups/buildhw.yml | 31 ------------------------ playbooks/groups/buildvm.yml | 32 ++++++++++++++++++++++++- playbooks/groups/koji-hub.yml | 31 +++++++++++++++++++++++- roles/koji_builder/templates/kojid.conf | 6 +---- 4 files changed, 62 insertions(+), 38 deletions(-) diff --git a/playbooks/groups/buildhw.yml b/playbooks/groups/buildhw.yml index 7e6a9747d0..b4168a78eb 100644 --- a/playbooks/groups/buildhw.yml +++ b/playbooks/groups/buildhw.yml @@ -24,37 +24,6 @@ - hosts - { role: fas_client, when: not inventory_hostname.startswith('bkernel') } - { role: sudo, when: not inventory_hostname.startswith('bkernel') } - - { - role: osbs-client, - when: env == 'staging', - general: { - verbose: 0, - build_json_dir: '/usr/share/osbs/', - openshift_required_version: 1.1.0, - }, - default: { - username: "{{ osbs_koji_stg_username }}", - password: "{{ osbs_koji_stg_password }}", - koji_certs_secret: "koji", - openshift_url: 'https://{{ osbs_fqdn }}/', - registry_uri: 'https://{{ docker_registry }}/v2', - source_registry_uri: 'https://{{ docker_registry }}/v2', - build_host: '{{ osbs_fqdn }}', - koji_root: 'http://{{ koji_root }}', - koji_hub: 'http://{{ koji_hub }}', - sources_command: 'fedpkg sources', - build_type: 'prod', - authoritative_registry: 'registry.example.com', - vendor: 'Fedora Project', - verify_ssl: false, - use_auth: true, - builder_use_auth: true, - distribution_scope: 'private', - registry_api_versions: 'v2', - builder_openshift_url: 'https://172.17.0.1:8443/' - } - } - tasks: - include: "{{ tasks }}/2fa_client.yml" diff --git a/playbooks/groups/buildvm.yml b/playbooks/groups/buildvm.yml index 771155c51e..e9c7bb8b82 100644 --- a/playbooks/groups/buildvm.yml +++ b/playbooks/groups/buildvm.yml @@ -50,7 +50,37 @@ build_type: 'prod', authoritative_registry: 'registry.example.com', vendor: 'Fedora Project', - verify_ssl: false, + verify_ssl: true, + use_auth: true, + builder_use_auth: true, + distribution_scope: 'private', + registry_api_versions: 'v2', + builder_openshift_url: 'https://172.17.0.1:8443/' + } + } + - { + role: osbs-client, + when: env == 'production', + general: { + verbose: 0, + build_json_dir: '/usr/share/osbs/', + openshift_required_version: 1.1.0, + }, + default: { + username: "{{ osbs_koji_prod_username }}", + password: "{{ osbs_koji_prod_password }}", + koji_certs_secret: "koji", + openshift_url: 'https://{{ osbs_fqdn }}/', + registry_uri: 'https://{{ docker_registry }}/v2', + source_registry_uri: 'https://{{ docker_registry }}/v2', + build_host: '{{ osbs_fqdn }}', + koji_root: 'http://{{ koji_root }}', + koji_hub: 'http://{{ koji_hub }}', + sources_command: 'fedpkg sources', + build_type: 'prod', + authoritative_registry: 'registry.example.com', + vendor: 'Fedora Project', + verify_ssl: true, use_auth: true, builder_use_auth: true, distribution_scope: 'private', diff --git a/playbooks/groups/koji-hub.yml b/playbooks/groups/koji-hub.yml index bb814bd880..1316364a44 100644 --- a/playbooks/groups/koji-hub.yml +++ b/playbooks/groups/koji-hub.yml @@ -62,7 +62,36 @@ builder_openshift_url: 'https://172.17.0.1:8443/' } } - + - { + role: osbs-client, + when: env == 'staging', + general: { + verbose: 0, + build_json_dir: '/usr/share/osbs/', + openshift_required_version: 1.1.0, + }, + default: { + username: "{{ osbs_koji_prod_username }}", + password: "{{ osbs_koji_prod_password }}", + koji_certs_secret: "koji", + openshift_url: 'https://{{ osbs_fqdn }}/', + registry_uri: 'https://{{ docker_registry }}/v2', + source_registry_uri: 'https://{{ docker_registry }}/v2', + build_host: '{{ osbs_fqdn }}', + koji_root: 'http://{{ koji_root }}', + koji_hub: 'http://{{ koji_hub }}', + sources_command: 'fedpkg sources', + build_type: 'prod', + authoritative_registry: 'registry.example.com', + vendor: 'Fedora Project', + verify_ssl: false, + use_auth: true, + builder_use_auth: true, + distribution_scope: 'private', + registry_api_versions: 'v2', + builder_openshift_url: 'https://172.17.0.1:8443/' + } + } - { role: nfs/server, when: env == "staging" } - { role: keepalived, when: env == "production" and inventory_hostname.startswith('koji') } - role: nfs/client diff --git a/roles/koji_builder/templates/kojid.conf b/roles/koji_builder/templates/kojid.conf index ce7b60f6cd..598aad68ff 100644 --- a/roles/koji_builder/templates/kojid.conf +++ b/roles/koji_builder/templates/kojid.conf @@ -77,15 +77,11 @@ serverca = /etc/kojid/cacert.pem {% if 'runroot' in group_names %} ; Config for it lives in /etc/kojid/runroot.conf -{% if env == 'staging' %} plugins = runroot builder_containerbuild -{% else %} -plugins = runroot -{% endif %} {% else %} -{% if env == 'staging' and not inventory_hostname.startswith('arm') %} +{% if not inventory_hostname.startswith('arm') %} plugins = builder_containerbuild {% else %} plugins =