mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-05-04 08:24:50 +08:00
a9f0785b5c
identity.api.openshift.com was shut down several hours ago. The plugin now needs to use sso.redhat.com instead. This commit adjusts the token URL and the script that pokes holes in the firewall for selected domains.
32 lines
983 B
Bash
32 lines
983 B
Bash
#!/bin/bash
|
|
|
|
# Make sure the ipset is created.
|
|
/usr/sbin/ipset create osbuildapi hash:ip >& /dev/null
|
|
|
|
# in staging we need to allow api.stage and in prod api.
|
|
{% if env == 'staging' %}
|
|
RESOLVEQUERY=`resolvectl -4 --cache=no --legend=no query api.stage.openshift.com 2> /dev/null`
|
|
{% else %}
|
|
RESOLVEQUERY=`resolvectl -4 --cache=no --legend=no query api.openshift.com 2> /dev/null`
|
|
{% endif %}
|
|
test $? -eq 0 || exit $?
|
|
|
|
NEWIPS=`echo "$RESOLVEQUERY" | grep link | sed -E 's/.* ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+).*/\1/g' | sort -n`
|
|
|
|
/usr/sbin/ipset flush osbuildapi
|
|
for j in $NEWIPS
|
|
do
|
|
/usr/sbin/ipset add osbuildapi $j
|
|
done
|
|
|
|
# both stage and prod authenticate using sso.redhat.com
|
|
RESOLVEQUERY=`resolvectl -4 --cache=no --legend=no query sso.redhat.com 2> /dev/null`
|
|
test $? -eq 0 || exit $?
|
|
|
|
NEWIDENTITYIPS=`echo "$RESOLVEQUERY" | grep link | sed -E 's/.* ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+).*/\1/g' | sort -n`
|
|
|
|
for j in $NEWIDENTITYIPS
|
|
do
|
|
/usr/sbin/ipset add osbuildapi $j
|
|
done
|