WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-11 18:36:53 +08:00
Code Issues Packages Projects Releases Wiki Activity

koji_build: add identity to allowed list, add some comments

Browse Source 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi
2022-07-28 12:33:11 -07:00
parent 20e0e74096
commit 29efa52e94
1 changed files with 16 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
roles/koji_builder/templates/osbuildapi-update.sh
View File

@@ -1,18 +1,31 @@
#!/bin/bash
# Make sure the ipset is created.
/usr/sbin/ipset create osbuildapi hash:ip >& /dev/null
# in staging we need to allow api.stage and in prod api.
{% if env == 'staging' %}
RESOLVEQUERY=`resolvectl --cache=no --legend=no query api.stage.openshift.com 2> /dev/null`
RESOLVEQUERY=`resolvectl --cache=no --legend=no query api.stage.openshift.com 2> /dev/null`
{% else %}
RESOLVEQUERY=`resolvectl --cache=no --legend=no query api.openshift.com 2> /dev/null`
RESOLVEQUERY=`resolvectl --cache=no --legend=no query api.openshift.com 2> /dev/null`
{% endif %}
test $? -eq 0 || exit $?
NEWIPS=`echo $RESOLVEQUERY | grep link | awk '{print $2 " " $6}' | sort -n`
NEWIPS=`echo $RESOLVEQUERY | grep link | awk '{print $2 " " $6}' | sort -n`
/usr/sbin/ipset flush osbuildapi
for j in $NEWIPS
do
/usr/sbin/ipset add osbuildapi $j
done
# in both stg and prod apparently we use idenity.adpi.openshift.com for auth
RESOLVEQUERY=`resolvectl --cache=no --legend=no query identity.api.openshift.com 2> /dev/null`
test $? -eq 0 || exit $?
NEWIDENTITYIPS=`echo $RESOLVEQUERY | grep link | awk '{print $2 " " $6}' | sort -n`
for j in $NEWIDENTITYIPS
do
/usr/sbin/ipset add osbuildapi $j
done