From 1b35c7cb2756b362345ee02e249c289bc5140a86 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= Date: Thu, 14 Apr 2022 11:23:41 +0200 Subject: [PATCH] Also adjust the openshift/keytab role MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Aurélien Bompard --- playbooks/openshift-apps/bodhi.yml | 5 +---- roles/openshift/keytab/defaults/main.yml | 1 + roles/openshift/keytab/tasks/main.yml | 7 +++++++ roles/openshift/secret-tls/tasks/main.yml | 7 ++++++- 4 files changed, 15 insertions(+), 5 deletions(-) create mode 100644 roles/openshift/keytab/defaults/main.yml diff --git a/playbooks/openshift-apps/bodhi.yml b/playbooks/openshift-apps/bodhi.yml index 3c78e621ee..3328bb91c5 100644 --- a/playbooks/openshift-apps/bodhi.yml +++ b/playbooks/openshift-apps/bodhi.yml @@ -16,6 +16,7 @@ - "org.fedoraproject.*.buildsys.tag" - "org.fedoraproject.*.resultsdb.result.new" - "org.fedoraproject.*.waiverdb.waiver.new" + - ocp4: true pre_tasks: - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README @@ -77,25 +78,21 @@ secret_name: bodhi-keytab service: bodhi host: "bodhi{{ env_suffix }}.fedoraproject.org" - ocp4: true - role: openshift/secret-file app: bodhi secret_name: bodhi-fedora-messaging-ca key: cacert.pem privatefile: "rabbitmq/{{env}}/pki/ca.crt" - ocp4: true - role: openshift/secret-file app: bodhi secret_name: bodhi-fedora-messaging-crt key: bodhi-cert.pem privatefile: "rabbitmq/{{env}}/pki/issued/bodhi{{env_suffix}}.crt" - ocp4: true - role: openshift/secret-file app: bodhi secret_name: bodhi-fedora-messaging-key key: bodhi-key.pem privatefile: "rabbitmq/{{env}}/pki/private/bodhi{{env_suffix}}.key" - ocp4: true - role: openshift/object app: bodhi template: imagestreams-tagged.yml diff --git a/roles/openshift/keytab/defaults/main.yml b/roles/openshift/keytab/defaults/main.yml new file mode 100644 index 0000000000..08687d00e7 --- /dev/null +++ b/roles/openshift/keytab/defaults/main.yml @@ -0,0 +1 @@ +ocp4: false diff --git a/roles/openshift/keytab/tasks/main.yml b/roles/openshift/keytab/tasks/main.yml index 5f99be1970..7dbd66d783 100644 --- a/roles/openshift/keytab/tasks/main.yml +++ b/roles/openshift/keytab/tasks/main.yml @@ -7,4 +7,11 @@ - name: Call `oc secrets new` on the copied file shell: oc -n {{app}} secrets new {{secret_name}} {{key}}=/etc/openshift_apps/{{app}}/{{key}}.kt register: create_out + when: not ocp4 + failed_when: "create_out.rc != 0 and 'AlreadyExists' not in create_out.stderr" + +- name: Call `oc create secret generic` on the copied file + shell: oc -n {{app}} create secret generic {{secret_name}} --from-file={{key}}=/etc/openshift_apps/{{app}}/{{key}}.kt + register: create_out + when: ocp4 failed_when: "create_out.rc != 0 and 'AlreadyExists' not in create_out.stderr" diff --git a/roles/openshift/secret-tls/tasks/main.yml b/roles/openshift/secret-tls/tasks/main.yml index e184bfcaf0..ebda1de031 100644 --- a/roles/openshift/secret-tls/tasks/main.yml +++ b/roles/openshift/secret-tls/tasks/main.yml @@ -13,7 +13,12 @@ failed_when: "('NotFound' not in delete_out.stderr) and (delete_out.rc != 0)" when: secret_privatecert.changed or secret_privatekey.changed -- name: Call `oc secrets new` on the copied file +- name: Call `oc create secret tls` on the copied file + shell: oc -n {{app}} create secret tls {{secret_name}} --cert=/etc/openshift_apps/{{app}}/{{key}}.crt --key=/etc/openshift_apps/{{app}}/{{key}}.key + register: create_out + when: secret_privatecert.changed or secret_privatekey.changed + +- name: Call `oc create secret tls` on the copied file shell: oc -n {{app}} create secret tls {{secret_name}} --cert=/etc/openshift_apps/{{app}}/{{key}}.crt --key=/etc/openshift_apps/{{app}}/{{key}}.key register: create_out when: secret_privatecert.changed or secret_privatekey.changed