From 295d60b87c80a609ef0489ce2a415f336adb1fd9 Mon Sep 17 00:00:00 2001
From: Clement Verna <cverna@tutanota.com>
Date: Thu, 5 Jul 2018 15:14:27 +0200
Subject: [PATCH] Add manage-container-images role to bodhi backend for
 container updates

Signed-off-by: Clement Verna <cverna@tutanota.com>
---
 playbooks/groups/bodhi-backend.yml              | 5 +++++
 roles/manage-container-images/defaults/main.yml | 5 +++++
 roles/manage-container-images/tasks/main.yml    | 4 ++--
 3 files changed, 12 insertions(+), 2 deletions(-)
 create mode 100644 roles/manage-container-images/defaults/main.yml

diff --git a/playbooks/groups/bodhi-backend.yml b/playbooks/groups/bodhi-backend.yml
index 09cbc8f04f..7760e01b7a 100644
--- a/playbooks/groups/bodhi-backend.yml
+++ b/playbooks/groups/bodhi-backend.yml
@@ -68,6 +68,11 @@
     service: bodhi
     host: "bodhi.stg.fedoraproject.org"
     when: env == "staging"
+  - role: manage-container-images
+    cert_dest_dir: "/etc/docker/certs.d/registry{{ env_suffix }}.fedoraproject.org"
+    cert_src: "{{private}}/files/docker-registry/{{env}}/docker-registry-internal.pem"
+    key_src: "{{private}}/files/docker-registry/{{env}}/docker-registry-internal.key"
+    certs_group: apache
 
 
   tasks:
diff --git a/roles/manage-container-images/defaults/main.yml b/roles/manage-container-images/defaults/main.yml
new file mode 100644
index 0000000000..c1f21c78bf
--- /dev/null
+++ b/roles/manage-container-images/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+# defaults file for manage-container-images
+#
+
+certs_group: "releng-team"
\ No newline at end of file
diff --git a/roles/manage-container-images/tasks/main.yml b/roles/manage-container-images/tasks/main.yml
index 64c88cb071..a4b0a5fb05 100644
--- a/roles/manage-container-images/tasks/main.yml
+++ b/roles/manage-container-images/tasks/main.yml
@@ -18,12 +18,12 @@
     src: "{{cert_src}}"
     dest: "{{cert_dest_dir}}/client.cert"
     owner: root
-    group: "releng-team"
+    group: "{{ certs_group }}"
     mode: 0640
 
 - name: install docker client key for registry
   copy:
     src: "{{key_src}}"
     dest: "{{cert_dest_dir}}/client.key"
-    group: "releng-team"
+    group: "{{ certs_group }}"
     mode: 0640