Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

docstranslation: git ssh key moved to /srv/private on batcave

Browse source
This commit is contained in:
Francois Andrieu 2020-11-10 00:45:14 +01:00 committed by kevin
parent 22ef05d3f2
commit 2e8857c681
4 changed files with 21 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

19
playbooks/openshift-apps/docstranslation.yml
View file

@ -4,6 +4,7 @@
gather_facts: False gather_facts: False
vars: vars:
app: docstranslation app: docstranslation
ssh_key_path: "{{ private }}/files/id_rsa_docstrans_{{ env_short }}"
vars_files: vars_files:
- /srv/web/infra/ansible/vars/global.yml - /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml" - "/srv/private/ansible/vars.yml"
@ -23,18 +24,14 @@
tags: tags:
- apply-appowners - apply-appowners
- name: Generate ssh keypair, if none exist - name: Generate new ssh keypair, if none exist
openssh_keypair: openssh_keypair:
path: "/etc/openshift_apps/{{ app }}/id_rsa_docs_trans" path: "{{ ssh_key_path }}"
mode: "600" mode: "600"
type: rsa type: rsa
size: 4096 size: 4096
register: r_ssh_key register: r_ssh_key
delegate_to: localhost
- name: Retrieve ssh priv key
slurp:
path: r_ssh_key.filename
register: r_docs_priv_key
- name: Define imagestream - name: Define imagestream
include_role: include_role:
@ -47,7 +44,7 @@
name: openshift/object name: openshift/object
vars: vars:
objectname: buildconfig.yml objectname: buildconfig.yml
file: buildconfig.yml template: buildconfig.yml
- name: Start build - name: Start build
include_role: include_role:
@ -68,7 +65,7 @@
include_role: include_role:
name: openshift/object name: openshift/object
vars: vars:
file: cron.yml template: cron.yml
objectname: cron.yml objectname: cron.yml
tags: tags:
- deploy-cronjob - deploy-cronjob
@ -88,6 +85,6 @@
- delete - delete
post_tasks: post_tasks:
- name: Display git ssh key for adding in pagure - name: "Display git ssh key for adding in pagure"
debug: debug:
msg: "{{ r_ssh_key.public_key }}" msg: "{{ env }}: {{ r_ssh_key.public_key }}"

4
roles/openshift-apps/docstranslation/files/buildconfig.yml → roles/openshift-apps/docstranslation/templates/buildconfig.yml
View file

@ -11,7 +11,11 @@ spec:
source: source:
git: git:
uri: "https://pagure.io/fedora-docs/translations-scripts.git" uri: "https://pagure.io/fedora-docs/translations-scripts.git"
{% if env == 'staging' %}
ref: staging
{% else %}
ref: master ref: master
{% endif %}
strategy: strategy:
type: Docker type: Docker
output: output:

6
roles/openshift-apps/docstranslation/files/cron.yml → roles/openshift-apps/docstranslation/templates/cron.yml
View file

@ -19,10 +19,12 @@ spec:
- /workspace/build.py - /workspace/build.py
- "--clone_sources" - "--clone_sources"
- "true" - "true"
{# Both environment get commit disabled for safety reasons for now
TODO: Set these to true on production when old app is removed from sundries #}
- "--commit_l10n" - "--commit_l10n"
- "true" - "{% if env == 'staging' %}false{% else %}false{% endif %}"
- "--commit_tsources" - "--commit_tsources"
- "true" - "{% if env == 'staging' %}false{% else %}false{% endif %}"
- "--clone-po4a" - "--clone-po4a"
env: [] env: []
volumeMounts: volumeMounts:

10
roles/openshift-apps/docstranslation/templates/secrets.yml
View file

@ -7,9 +7,9 @@ metadata:
app: docstranslation app: docstranslation
stringData: stringData:
id_rsa_docs_trans: |- id_rsa_docs_trans: |-
{{ r_docs_priv_key.content | b64decode | indent(4) }} {{ lookup('file', ssh_key_path) | indent(4) }}
config: |- config: |-
Host pagure.io Host pagure.io
User git User git
IdentityFile /workspace/.ssh/id_rsa_docs_trans IdentityFile /workspace/.ssh/id_rsa_docs_trans
StrictHostKeyChecking no StrictHostKeyChecking no