From 2e8857c681ed8a33342eb088b4b14ec0fbb31a63 Mon Sep 17 00:00:00 2001 From: Francois Andrieu Date: Tue, 10 Nov 2020 00:45:14 +0100 Subject: [PATCH] docstranslation: git ssh key moved to /srv/private on batcave --- playbooks/openshift-apps/docstranslation.yml | 19 ++++++++----------- .../{files => templates}/buildconfig.yml | 4 ++++ .../{files => templates}/cron.yml | 6 ++++-- .../docstranslation/templates/secrets.yml | 10 +++++----- 4 files changed, 21 insertions(+), 18 deletions(-) rename roles/openshift-apps/docstranslation/{files => templates}/buildconfig.yml (84%) rename roles/openshift-apps/docstranslation/{files => templates}/cron.yml (74%) diff --git a/playbooks/openshift-apps/docstranslation.yml b/playbooks/openshift-apps/docstranslation.yml index 04777eb275..c690436103 100644 --- a/playbooks/openshift-apps/docstranslation.yml +++ b/playbooks/openshift-apps/docstranslation.yml @@ -4,6 +4,7 @@ gather_facts: False vars: app: docstranslation + ssh_key_path: "{{ private }}/files/id_rsa_docstrans_{{ env_short }}" vars_files: - /srv/web/infra/ansible/vars/global.yml - "/srv/private/ansible/vars.yml" @@ -23,18 +24,14 @@ tags: - apply-appowners - - name: Generate ssh keypair, if none exist + - name: Generate new ssh keypair, if none exist openssh_keypair: - path: "/etc/openshift_apps/{{ app }}/id_rsa_docs_trans" + path: "{{ ssh_key_path }}" mode: "600" type: rsa size: 4096 register: r_ssh_key - - - name: Retrieve ssh priv key - slurp: - path: r_ssh_key.filename - register: r_docs_priv_key + delegate_to: localhost - name: Define imagestream include_role: @@ -47,7 +44,7 @@ name: openshift/object vars: objectname: buildconfig.yml - file: buildconfig.yml + template: buildconfig.yml - name: Start build include_role: @@ -68,7 +65,7 @@ include_role: name: openshift/object vars: - file: cron.yml + template: cron.yml objectname: cron.yml tags: - deploy-cronjob @@ -88,6 +85,6 @@ - delete post_tasks: - - name: Display git ssh key for adding in pagure + - name: "Display git ssh key for adding in pagure" debug: - msg: "{{ r_ssh_key.public_key }}" + msg: "{{ env }}: {{ r_ssh_key.public_key }}" diff --git a/roles/openshift-apps/docstranslation/files/buildconfig.yml b/roles/openshift-apps/docstranslation/templates/buildconfig.yml similarity index 84% rename from roles/openshift-apps/docstranslation/files/buildconfig.yml rename to roles/openshift-apps/docstranslation/templates/buildconfig.yml index 1d9bca3e6a..2e7aecc72f 100644 --- a/roles/openshift-apps/docstranslation/files/buildconfig.yml +++ b/roles/openshift-apps/docstranslation/templates/buildconfig.yml @@ -11,7 +11,11 @@ spec: source: git: uri: "https://pagure.io/fedora-docs/translations-scripts.git" +{% if env == 'staging' %} + ref: staging +{% else %} ref: master +{% endif %} strategy: type: Docker output: diff --git a/roles/openshift-apps/docstranslation/files/cron.yml b/roles/openshift-apps/docstranslation/templates/cron.yml similarity index 74% rename from roles/openshift-apps/docstranslation/files/cron.yml rename to roles/openshift-apps/docstranslation/templates/cron.yml index b56043923b..62bc541fc2 100644 --- a/roles/openshift-apps/docstranslation/files/cron.yml +++ b/roles/openshift-apps/docstranslation/templates/cron.yml @@ -19,10 +19,12 @@ spec: - /workspace/build.py - "--clone_sources" - "true" +{# Both environment get commit disabled for safety reasons for now + TODO: Set these to true on production when old app is removed from sundries #} - "--commit_l10n" - - "true" + - "{% if env == 'staging' %}false{% else %}false{% endif %}" - "--commit_tsources" - - "true" + - "{% if env == 'staging' %}false{% else %}false{% endif %}" - "--clone-po4a" env: [] volumeMounts: diff --git a/roles/openshift-apps/docstranslation/templates/secrets.yml b/roles/openshift-apps/docstranslation/templates/secrets.yml index 48a8cc84e1..6b5a3992fd 100644 --- a/roles/openshift-apps/docstranslation/templates/secrets.yml +++ b/roles/openshift-apps/docstranslation/templates/secrets.yml @@ -7,9 +7,9 @@ metadata: app: docstranslation stringData: id_rsa_docs_trans: |- - {{ r_docs_priv_key.content | b64decode | indent(4) }} + {{ lookup('file', ssh_key_path) | indent(4) }} config: |- - Host pagure.io - User git - IdentityFile /workspace/.ssh/id_rsa_docs_trans - StrictHostKeyChecking no + Host pagure.io + User git + IdentityFile /workspace/.ssh/id_rsa_docs_trans + StrictHostKeyChecking no