docstranslation: git ssh key moved to /srv/private on batcave

2020-11-10 00:45:14 +01:00 · 2020-11-10 00:45:14 +01:00 · 2e8857c681
commit 2e8857c681
parent 22ef05d3f2
4 changed files with 21 additions and 18 deletions
--- a/playbooks/openshift-apps/docstranslation.yml
+++ b/playbooks/openshift-apps/docstranslation.yml
@ -4,6 +4,7 @@
  gather_facts: False
  vars:
    app: docstranslation
+    ssh_key_path: "{{ private }}/files/id_rsa_docstrans_{{ env_short }}"
  vars_files:
    - /srv/web/infra/ansible/vars/global.yml
    - "/srv/private/ansible/vars.yml"
@ -23,18 +24,14 @@
    tags:
      - apply-appowners

-  - name: Generate ssh keypair, if none exist
+  - name: Generate new ssh keypair, if none exist
    openssh_keypair:
-      path: "/etc/openshift_apps/{{ app }}/id_rsa_docs_trans"
+      path: "{{ ssh_key_path }}"
      mode: "600"
      type: rsa
      size: 4096
    register: r_ssh_key
-
-  - name: Retrieve ssh priv key
-    slurp:
-      path: r_ssh_key.filename
-    register: r_docs_priv_key
+    delegate_to: localhost

  - name: Define imagestream
    include_role:
@ -47,7 +44,7 @@
      name: openshift/object
    vars:
      objectname: buildconfig.yml
-      file: buildconfig.yml
+      template: buildconfig.yml

  - name: Start build
    include_role:
@ -68,7 +65,7 @@
    include_role:
      name: openshift/object
    vars:
-      file: cron.yml
+      template: cron.yml
      objectname: cron.yml
    tags:
      - deploy-cronjob
@ -88,6 +85,6 @@
    - delete

  post_tasks:
-  - name: Display git ssh key for adding in pagure
+  - name: "Display git ssh key for adding in pagure"
    debug:
-      msg: "{{ r_ssh_key.public_key }}"
+      msg: "{{ env }}: {{ r_ssh_key.public_key }}"
--- a/roles/openshift-apps/docstranslation/templates/buildconfig.yml
+++ b/roles/openshift-apps/docstranslation/templates/buildconfig.yml
@ -11,7 +11,11 @@ spec:
  source:
    git:
      uri: "https://pagure.io/fedora-docs/translations-scripts.git"
+{%    if env == 'staging' %}
+      ref: staging
+{%    else %}
      ref: master
+{%    endif %}
  strategy:
    type: Docker
  output:
--- a/roles/openshift-apps/docstranslation/templates/cron.yml
+++ b/roles/openshift-apps/docstranslation/templates/cron.yml
@ -19,10 +19,12 @@ spec:
            - /workspace/build.py
            - "--clone_sources"
            - "true"
+{#          Both environment get commit disabled for safety reasons for now
+            TODO: Set these to true on production when old app is removed from sundries #}
            - "--commit_l10n"
-            - "true"
+            - "{% if env == 'staging' %}false{% else %}false{% endif %}"
            - "--commit_tsources"
-            - "true"
+            - "{% if env == 'staging' %}false{% else %}false{% endif %}"
            - "--clone-po4a"
            env: []
            volumeMounts: 
--- a/roles/openshift-apps/docstranslation/templates/secrets.yml
+++ b/roles/openshift-apps/docstranslation/templates/secrets.yml
@ -7,9 +7,9 @@ metadata:
    app: docstranslation
 stringData:
  id_rsa_docs_trans: |-
-    {{ r_docs_priv_key.content | b64decode | indent(4) }}
+    {{ lookup('file', ssh_key_path) | indent(4) }}
  config: |-
-      Host pagure.io
-        User git
-        IdentityFile /workspace/.ssh/id_rsa_docs_trans
-        StrictHostKeyChecking no
+    Host pagure.io
+      User git
+      IdentityFile /workspace/.ssh/id_rsa_docs_trans
+      StrictHostKeyChecking no