add osbs orchestrator/worker playbooks/roles

Signed-off-by: Adam Miller <maxamillion@fedoraproject.org>
Signed-off-by: Adam Miller <admiller@redhat.com>

inventory/group_vars/all

@@ -226,17 +226,6 @@ csi_relationship: |
 
     To update this text, add the csi_* vars to group_vars/ in ansible.
 
-
-# docker images required by OpenShift Origin
-openshift_required_images:
-  - "openshift/origin-pod"
-
-# docker images required by OSBS for builds
-fedora_required_images:
-  - "fedora:24"
-  - "fedora:25"
-  - "fedora:latest"
-
 #
 # say if we want the apache role dependency for mod_wsgi or not
 # In some cases we want mod_wsgi and no apache (for python3 httpaio stuff)
@@ -265,7 +254,7 @@ vpn: False
 createrepo: True
 
 # Nagios global variables
-nagios_Check_Services: 
+nagios_Check_Services:
   nrpe: true
   sshd: true
   named: false

inventory/group_vars/osbs

@@ -21,3 +21,8 @@ koji_url: "koji.fedoraproject.org"
 osbs_client_conf_path: /etc/osbs.conf
 
 baseiptables: False
+
+# docker images required by OpenShift Origin
+openshift_required_images:
+  - "openshift/origin-pod"
+

inventory/group_vars/osbs-masters-stg

@@ -6,19 +6,5 @@ num_cpus: 2
 
 tcp_ports: [ 80, 443, 8443]
 
-fas_client_groups: sysadmin-releng,fi-apprentice,sysadmin-noc,sysadmin-veteran
-sudoers: "{{ private }}/files/sudo/00releng-sudoers"
-
-docker_cert_dir: "/etc/docker/certs.d/candidate-registry.stg.fedoraproject.org"
-source_registry: "registry.stg.fedoraproject.org"
-docker_registry: "candidate-registry.stg.fedoraproject.org"
-
-osbs_url: "osbs.stg.fedoraproject.org"
-osbs_koji_username: "kojibuilder_stg"
-
-koji_url: "koji.stg.fedoraproject.org"
-
-osbs_client_conf_path: /etc/osbs.conf
-
 openshift_node_labels: {'region':'infra'}
 openshift_schedulable: False

inventory/group_vars/osbs-nodes-stg

@@ -6,18 +6,4 @@ num_cpus: 2
 
 tcp_ports: [ 80, 443, 8443, 10250]
 
-fas_client_groups: sysadmin-releng,fi-apprentice,sysadmin-noc,sysadmin-veteran
-sudoers: "{{ private }}/files/sudo/00releng-sudoers"
-
-docker_cert_dir: "/etc/docker/certs.d/candidate-registry.stg.fedoraproject.org"
-source_registry: "registry.stg.fedoraproject.org"
-docker_registry: "candidate-registry.stg.fedoraproject.org"
-
-osbs_url: "osbs.stg.fedoraproject.org"
-osbs_koji_username: "kojibuilder_stg"
-
-koji_url: "koji.stg.fedoraproject.org"
-
-osbs_client_conf_path: /etc/osbs.conf
-
 openshift_node_labels: {'region': 'primary', 'zone': 'default'}

inventory/group_vars/osbs-orchestrators-stg

@@ -0,0 +1,34 @@
+---
+osbs_manage_firewalld: false
+osbs_namespace: "osbs"
+# Allow 'oc' command to find its configuration file
+osbs_kubeconfig_path: /etc/origin/master/admin.kubeconfig
+osbs_environment:
+  HOME: "{{ lookup('env', 'HOME') }}"
+  KUBECONFIG: "{{ osbs_kubeconfig_path }}"
+osbs_service_accounts:
+- koji
+- metrics
+osbs_readonly_users:
+- "system:serviceaccount:{{ osbs_namespace }}:metrics"
+osbs_readonly_groups:
+- "system:authenticated"
+osbs_readwrite_groups: []
+osbs_readwrite_users:
+- "{{ ansible_hostname }}"
+- "system:serviceaccount:{{ osbs_namespace }}:default"
+- "system:serviceaccount:{{ osbs_namespace }}:builder"
+osbs_admin_users:
+- kevin
+- puiterwijk
+- maxamillion
+- dgilmore
+osbs_admin_groups: []
+env: prod
+osbs_ha_install: true
+osbs_nodes: "{{ groups['osbs-orchestrator-' + env + '-nodes'] }}"
+
+
+#nodeselectors
+osbs_orchestrator_default_nodeselector: "orchestrator=true"
+osbs_worker_default_nodeselector: "worker=true"

inventory/group_vars/osbs-stg

@@ -1,2 +1,103 @@
 ---
+
 baseiptables: False
+
+fas_client_groups: sysadmin-releng,fi-apprentice,sysadmin-noc,sysadmin-veteran
+sudoers: "{{ private }}/files/sudo/00releng-sudoers"
+
+docker_cert_dir: "/etc/docker/certs.d/candidate-registry.stg.fedoraproject.org"
+stable_registry: "registry.stg.fedoraproject.org"
+candidate_registry: "candidate-registry.stg.fedoraproject.org"
+
+osbs_url: "osbs.stg.fedoraproject.org"
+osbsworker_x86_64_url: "osbsworker-x86-64.stg.fedoraproject.org"
+
+koji_url: "koji.stg.fedoraproject.org"
+
+osbs_builder_user: builder
+koji_builder_user: dockerbuilder
+
+osbs_client_conf_path: /etc/osbs.conf
+
+openshift_htpasswd_file: /etc/origin/htpasswd
+openshift_ansible_version: openshift-ansible-3.5.97-1
+openshift_ansible_ssh_user: root
+openshift_ansible_install_examples: false
+openshift_ansible_containerized_deploy: false
+openshift_auth_profile: osbs
+origin_release: v1.5.1
+openshift_debug_level: 2
+
+osbs_namespace: "osbs"
+osbs_koji_username: "kojibuilder_stg"
+
+osbs_openshift_home: /var/lib/origin
+osbs_kubeconfig_path: /etc/origin/master/admin.kubeconfig
+osbs_generated_config_path: /tmp
+
+osbs_environment:
+  KUBECONFIG: "{{ osbs_kubeconfig_path }}"
+
+osbs_is_admin: true
+
+osbs_service_accounts:
+- worker
+- orchestrator
+- metrics
+
+osbs_cpu_limitrange: '200m'
+
+# FIXME
+# I'm not sure who all should be admins and we might want some read-only user
+# for the purpose of monitoring
+osbs_admin_groups: []
+osbs_admin_users: []
+osbs_readonly_groups: []
+osbs_readonly_users: []
+osbs_readwrite_groups: []
+osbs_readwrite_users: []
+
+osbs_orchestrator: false
+
+osbs_worker_namespace: "worker"
+
+osbs_worker_service_accounts:
+- worker
+- orchestrator
+
+osbs_worker_clusters:
+  x86_64:
+  - name: osbsworker-x86-64
+    max_concurrent_builds: 12
+    openshift_url: "https://{{ osbsworker_x86_64_url }}"
+    verify_ssl: 'false'
+    artifacts_allowed_domains:
+    - "{{stable_registry}}"
+    - "{{candidate_registry}}"
+
+osbs_koji_hub: "https://{{koji_url}}/kojihub
+osbs_koji_root: https://{{koji_url}}/koji
+
+osbs_pulp_registry_name: brew-prod
+
+osbs_registry_uri: https://{{candidate_registry}}/v2
+
+osbs_source_registry_uri: http://brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888
+
+osbs_koji_secret_name: koji
+osbs_distribution_scope: public
+osbs_authoritative_registry: "{{ stable_registry }}"
+osbs_registry_api_versions:
+- v2
+osbs_registry_secret_name: v2-registry-dockercfg
+osbs_registry_uri: ''
+osbs_source_registry_uri: ''
+osbs_build_json_dir: /usr/share/osbs
+osbs_sources_command: fedpkg sources
+osbs_vendor: Fedora Project
+
+#nodeselectors
+osbs_orchestrator_default_nodeselector: "orchestrator=true"
+osbs_worker_default_nodeselector: "worker=true"
+
+

inventory/group_vars/osbsworker-x86-64-masters-stg

@@ -0,0 +1,10 @@
+---
+# Define resources for this group of hosts here.
+lvm_size: 60000
+mem_size: 8192
+num_cpus: 2
+
+tcp_ports: [ 80, 443, 8443]
+
+openshift_node_labels: {'region':'infra'}
+openshift_schedulable: False

inventory/group_vars/osbsworker-x86-64-nodes-stg

@@ -0,0 +1,9 @@
+---
+# Define resources for this group of hosts here.
+lvm_size: 60000
+mem_size: 8192
+num_cpus: 2
+
+tcp_ports: [ 80, 443, 8443, 10250]
+
+openshift_node_labels: {'region': 'primary', 'zone': 'default'}

inventory/inventory

@@ -1333,16 +1333,16 @@ osbs-master01.phx2.fedoraproject.org
 [osbs-masters-stg]
 osbs-master01.stg.phx2.fedoraproject.org
 
-[osbsworker-masters-stg]
-#osbsworker-x86-64-master01.stg.phx2.fedoraproject.org
+[osbsworker-x86-64-masters-stg]
+osbsworker-x86-64-master01.stg.phx2.fedoraproject.org
 
 [osbs-nodes-stg]
 osbs-node01.stg.phx2.fedoraproject.org
 osbs-node02.stg.phx2.fedoraproject.org
 
-[osbsworker-nodes-stg]
-#osbsworker-x86-64-node01.stg.phx2.fedoraproject.org
-#osbsworker-x86-64-node02.stg.phx2.fedoraproject.org
+[osbsworker-x86-64-nodes-stg]
+osbsworker-x86-64-node01.stg.phx2.fedoraproject.org
+osbsworker-x86-64-node02.stg.phx2.fedoraproject.org
 
 [osbs:children]
 osbs-control
@@ -1353,8 +1353,16 @@ osbs-masters
 osbs-control-stg
 osbs-nodes-stg
 osbs-masters-stg
-osbsworker-nodes-stg
-osbsworker-masters-stg
+osbsworker-x86-64-nodes-stg
+osbsworker-x86-64-masters-stg
+
+[osbs-orchestrators-stg:children]
+osbs-nodes-stg
+osbs-masters-stg
+
+[osbs-workers-stg:children]
+osbsworker-x86-64-nodes-stg
+osbsworker-x86-64-masters-stg
 
 [os-control-stg]
 os-control01.stg.phx2.fedoraproject.org