diff --git a/playbooks/openshift-apps/coreos-ci.yml b/playbooks/openshift-apps/coreos-ci.yml index 7216e1f04c..2ec34eb04d 100644 --- a/playbooks/openshift-apps/coreos-ci.yml +++ b/playbooks/openshift-apps/coreos-ci.yml @@ -3,10 +3,10 @@ user: root gather_facts: false -############################################ -# actions to create the project in OpenShift -############################################ -# to run: sudo rbac-playbook -l os_control_stg openshift-apps/coreos-ci.yml + ############################################ + # actions to create the project in OpenShift + ############################################ + # to run: sudo rbac-playbook -l os_control_stg openshift-apps/coreos-ci.yml roles: - role: openshift-apps/coreos-ci project_name: coreos-ci @@ -19,12 +19,12 @@ - ravanelli - walters -############################################### -# actions to delete the project from OpenShift -############################################### -# to run: sudo rbac-playbook -l os_control_stg -t delete openshift-apps/coreos-ci.yml + ############################################### + # actions to delete the project from OpenShift + ############################################### + # to run: sudo rbac-playbook -l os_control_stg -t delete openshift-apps/coreos-ci.yml - role: openshift/object-delete app: coreos-ci objecttype: project objectname: coreos-ci - tags: [ never, delete ] + tags: [never, delete] diff --git a/playbooks/openshift-apps/coreos-cincinnati.yml b/playbooks/openshift-apps/coreos-cincinnati.yml index fe7339a656..70d4840d24 100644 --- a/playbooks/openshift-apps/coreos-cincinnati.yml +++ b/playbooks/openshift-apps/coreos-cincinnati.yml @@ -1,7 +1,8 @@ +--- - name: provision CoreOS Cincinnati backend hosts: os_control:os_control_stg user: root - gather_facts: False + gather_facts: false vars_files: - /srv/web/infra/ansible/vars/global.yml diff --git a/playbooks/openshift-apps/coreos-koji-tagger.yml b/playbooks/openshift-apps/coreos-koji-tagger.yml index b16db26633..26c59022db 100644 --- a/playbooks/openshift-apps/coreos-koji-tagger.yml +++ b/playbooks/openshift-apps/coreos-koji-tagger.yml @@ -1,17 +1,18 @@ +--- - name: make the app be real hosts: os_control:os_control_stg user: root - gather_facts: False + gather_facts: false vars_files: - /srv/web/infra/ansible/vars/global.yml - "/srv/private/ansible/vars.yml" - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml -############################################ -# actions to create the project in OpenShift -############################################ -# to run: sudo rbac-playbook -l os_control_stg openshift-apps/coreos-koji-tagger.yml + ############################################ + # actions to create the project in OpenShift + ############################################ + # to run: sudo rbac-playbook -l os_control_stg openshift-apps/coreos-koji-tagger.yml roles: - role: openshift/project app: coreos-koji-tagger @@ -58,12 +59,12 @@ template: deploymentconfig.yml objectname: deploymentconfig.yml -############################################### -# actions to delete the project from OpenShift -############################################### -# to run: sudo rbac-playbook -l os_control_stg -t delete openshift-apps/coreos-koji-tagger.yml + ############################################### + # actions to delete the project from OpenShift + ############################################### + # to run: sudo rbac-playbook -l os_control_stg -t delete openshift-apps/coreos-koji-tagger.yml - role: openshift/object-delete app: coreos-koji-tagger objecttype: project objectname: coreos-koji-tagger - tags: [ never, delete ] + tags: [never, delete] diff --git a/playbooks/openshift-apps/coreos-ostree-importer.yml b/playbooks/openshift-apps/coreos-ostree-importer.yml index 704d0cb5df..edb7564e46 100644 --- a/playbooks/openshift-apps/coreos-ostree-importer.yml +++ b/playbooks/openshift-apps/coreos-ostree-importer.yml @@ -1,7 +1,8 @@ +--- - name: make the app be real hosts: os_control:os_control_stg user: root - gather_facts: False + gather_facts: false vars_files: - /srv/web/infra/ansible/vars/global.yml @@ -18,18 +19,18 @@ # Set the fedora_messaging_routing_keys var based on the environment pre_tasks: - set_fact: - fedora_messaging_routing_keys: - - "org.fedoraproject.stg.coreos.build.request.ostree-import" + fedora_messaging_routing_keys: + - "org.fedoraproject.stg.coreos.build.request.ostree-import" when: env == 'staging' - set_fact: - fedora_messaging_routing_keys: - - "org.fedoraproject.prod.coreos.build.request.ostree-import" + fedora_messaging_routing_keys: + - "org.fedoraproject.prod.coreos.build.request.ostree-import" when: env != 'staging' -############################################ -# actions to create the project in OpenShift -############################################ -# to run: sudo rbac-playbook -l os_control_stg openshift-apps/coreos-ostree-importer.yml + ############################################ + # actions to create the project in OpenShift + ############################################ + # to run: sudo rbac-playbook -l os_control_stg openshift-apps/coreos-ostree-importer.yml roles: - role: openshift/project app: coreos-ostree-importer @@ -92,12 +93,12 @@ template: pvc.yml objectname: pvc.yml -############################################### -# actions to delete the project from OpenShift -############################################### -# to run: sudo rbac-playbook -l os_control_stg -t delete openshift-apps/coreos-ostree-importer.yml + ############################################### + # actions to delete the project from OpenShift + ############################################### + # to run: sudo rbac-playbook -l os_control_stg -t delete openshift-apps/coreos-ostree-importer.yml - role: openshift/object-delete app: coreos-ostree-importer objecttype: project objectname: coreos-ostree-importer - tags: [ never, delete ] + tags: [never, delete] diff --git a/playbooks/openshift-apps/fedora-coreos-pipeline.yml b/playbooks/openshift-apps/fedora-coreos-pipeline.yml index 90c9936c8c..632281b789 100644 --- a/playbooks/openshift-apps/fedora-coreos-pipeline.yml +++ b/playbooks/openshift-apps/fedora-coreos-pipeline.yml @@ -3,10 +3,10 @@ user: root gather_facts: false -############################################ -# actions to create the project in OpenShift -############################################ -# to run: sudo rbac-playbook -l os_control_stg openshift-apps/fedora-coreos-pipeline.yml + ############################################ + # actions to create the project in OpenShift + ############################################ + # to run: sudo rbac-playbook -l os_control_stg openshift-apps/fedora-coreos-pipeline.yml roles: - role: openshift-apps/fedora-coreos-pipeline project_name: fedora-coreos-pipeline @@ -42,10 +42,10 @@ - marmijo - ravanelli -############################################### -# actions to delete the project from OpenShift -############################################### -# to run: sudo rbac-playbook -l os_control_stg -t delete openshift-apps/fedora-coreos-pipeline.yml + ############################################### + # actions to delete the project from OpenShift + ############################################### + # to run: sudo rbac-playbook -l os_control_stg -t delete openshift-apps/fedora-coreos-pipeline.yml - role: openshift/object-delete app: fedora-coreos-pipeline objecttype: project diff --git a/playbooks/openshift-apps/fedora-ostree-pruner.yml b/playbooks/openshift-apps/fedora-ostree-pruner.yml index f86308d939..41d5ec4607 100644 --- a/playbooks/openshift-apps/fedora-ostree-pruner.yml +++ b/playbooks/openshift-apps/fedora-ostree-pruner.yml @@ -1,17 +1,18 @@ +--- - name: make the app be real hosts: os_control:os_control_stg user: root - gather_facts: False + gather_facts: false vars_files: - /srv/web/infra/ansible/vars/global.yml - "/srv/private/ansible/vars.yml" - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml -############################################ -# actions to create the project in OpenShift -############################################ -# to run: sudo rbac-playbook -l os_control_stg openshift-apps/fedora-ostree-pruner.yml + ############################################ + # actions to create the project in OpenShift + ############################################ + # to run: sudo rbac-playbook -l os_control_stg openshift-apps/fedora-ostree-pruner.yml roles: - role: openshift/project app: fedora-ostree-pruner @@ -41,12 +42,12 @@ template: pvc.yml objectname: pvc.yml -############################################### -# actions to delete the project from OpenShift -############################################### -# to run: sudo rbac-playbook -l os_control_stg -t delete openshift-apps/fedora-ostree-pruner.yml + ############################################### + # actions to delete the project from OpenShift + ############################################### + # to run: sudo rbac-playbook -l os_control_stg -t delete openshift-apps/fedora-ostree-pruner.yml - role: openshift/object-delete app: fedora-ostree-pruner objecttype: project objectname: fedora-ostree-pruner - tags: [ never, delete ] + tags: [never, delete] diff --git a/roles/openshift-apps/coreos-ci/defaults/main.yaml b/roles/openshift-apps/coreos-ci/defaults/main.yaml index d3ad7cc537..05311d6641 100644 --- a/roles/openshift-apps/coreos-ci/defaults/main.yaml +++ b/roles/openshift-apps/coreos-ci/defaults/main.yaml @@ -1,3 +1,4 @@ +--- project_name: coreos-ci project_description: CoreOS CI Infrastructure project_service_account: coreos-ci-sa diff --git a/roles/openshift-apps/coreos-ci/tasks/main.yaml b/roles/openshift-apps/coreos-ci/tasks/main.yaml index 259b50a004..36281bf3e3 100644 --- a/roles/openshift-apps/coreos-ci/tasks/main.yaml +++ b/roles/openshift-apps/coreos-ci/tasks/main.yaml @@ -1,3 +1,4 @@ +--- - name: Create the directories to hold the templates file: path: "/root/ocp4/openshift-apps/{{project_name}}" @@ -5,7 +6,7 @@ owner: root group: root mode: 0770 - recurse: yes + recurse: true # generate the templates for project to be created - name: create the templates diff --git a/roles/openshift-apps/coreos-ci/templates/group.yaml b/roles/openshift-apps/coreos-ci/templates/group.yaml index b4cefa6acb..682ae52180 100644 --- a/roles/openshift-apps/coreos-ci/templates/group.yaml +++ b/roles/openshift-apps/coreos-ci/templates/group.yaml @@ -1,8 +1,9 @@ +--- kind: Group apiVersion: user.openshift.io/v1 metadata: name: "{{project_name}}-appowners" users: {% for item in appowners %} -- "{{ item }}" + - "{{ item }}" {% endfor %} diff --git a/roles/openshift-apps/coreos-ci/templates/rolebinding.yaml b/roles/openshift-apps/coreos-ci/templates/rolebinding.yaml index e2b09fcd8f..37cc2557c1 100644 --- a/roles/openshift-apps/coreos-ci/templates/rolebinding.yaml +++ b/roles/openshift-apps/coreos-ci/templates/rolebinding.yaml @@ -1,3 +1,4 @@ +--- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: diff --git a/roles/openshift-apps/coreos-ci/templates/securitycontextconstraints.yaml b/roles/openshift-apps/coreos-ci/templates/securitycontextconstraints.yaml index 6ac62d2660..37eb50cbb0 100644 --- a/roles/openshift-apps/coreos-ci/templates/securitycontextconstraints.yaml +++ b/roles/openshift-apps/coreos-ci/templates/securitycontextconstraints.yaml @@ -1,3 +1,4 @@ +--- allowHostDirVolumePlugin: false allowHostIPC: false allowHostNetwork: false @@ -8,13 +9,13 @@ allowPrivilegedContainer: false allowedCapabilities: null apiVersion: security.openshift.io/v1 defaultAddCapabilities: -- CAP_SETFCAP + - CAP_SETFCAP fsGroup: type: RunAsAny groups: -- system:cluster-admins + - system:cluster-admins users: -- system:serviceaccount:coreos-ci:coreos-ci-sa + - system:serviceaccount:coreos-ci:coreos-ci-sa kind: SecurityContextConstraints metadata: annotations: @@ -23,7 +24,7 @@ metadata: priority: 10 readOnlyRootFilesystem: false requiredDropCapabilities: -- MKNOD + - MKNOD runAsUser: type: RunAsAny seLinuxContext: @@ -31,10 +32,9 @@ seLinuxContext: supplementalGroups: type: RunAsAny volumes: -- configMap -- downwardAPI -- emptyDir -- persistentVolumeClaim -- projected -- secret - + - configMap + - downwardAPI + - emptyDir + - persistentVolumeClaim + - projected + - secret diff --git a/roles/openshift-apps/coreos-cincinnati/templates/buildconfig.yml b/roles/openshift-apps/coreos-cincinnati/templates/buildconfig.yml index 62a6517333..c339193674 100644 --- a/roles/openshift-apps/coreos-cincinnati/templates/buildconfig.yml +++ b/roles/openshift-apps/coreos-cincinnati/templates/buildconfig.yml @@ -1,3 +1,4 @@ +--- apiVersion: build.openshift.io/v1 kind: BuildConfig metadata: diff --git a/roles/openshift-apps/coreos-cincinnati/templates/deploymentconfig.yml b/roles/openshift-apps/coreos-cincinnati/templates/deploymentconfig.yml index 65519a77fd..465109e077 100644 --- a/roles/openshift-apps/coreos-cincinnati/templates/deploymentconfig.yml +++ b/roles/openshift-apps/coreos-cincinnati/templates/deploymentconfig.yml @@ -1,3 +1,4 @@ +--- apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: diff --git a/roles/openshift-apps/coreos-cincinnati/templates/egresspolicy.yml b/roles/openshift-apps/coreos-cincinnati/templates/egresspolicy.yml index 64edeec764..62fe6e1ab0 100644 --- a/roles/openshift-apps/coreos-cincinnati/templates/egresspolicy.yml +++ b/roles/openshift-apps/coreos-cincinnati/templates/egresspolicy.yml @@ -5,27 +5,27 @@ metadata: name: default spec: egress: - - type: Allow - to: - dnsName: builds.coreos.fedoraproject.org - - type: Allow - to: - dnsName: github.com - - type: Allow - to: - dnsName: crates.io - - type: Allow - to: - dnsName: static.crates.io - - type: Allow - to: - dnsName: mirrors.fedoraproject.org - - type: Allow - to: - dnsName: dl.fedoraproject.org - - type: Allow - to: - dnsName: dl.iad2.fedoraproject.org - - type: Allow - to: - cidrSelector: "0.0.0.0/0" + - type: Allow + to: + dnsName: builds.coreos.fedoraproject.org + - type: Allow + to: + dnsName: github.com + - type: Allow + to: + dnsName: crates.io + - type: Allow + to: + dnsName: static.crates.io + - type: Allow + to: + dnsName: mirrors.fedoraproject.org + - type: Allow + to: + dnsName: dl.fedoraproject.org + - type: Allow + to: + dnsName: dl.iad2.fedoraproject.org + - type: Allow + to: + cidrSelector: "0.0.0.0/0" diff --git a/roles/openshift-apps/coreos-koji-tagger/templates/buildconfig.yml b/roles/openshift-apps/coreos-koji-tagger/templates/buildconfig.yml index 988e6e2897..9ff7177ea6 100644 --- a/roles/openshift-apps/coreos-koji-tagger/templates/buildconfig.yml +++ b/roles/openshift-apps/coreos-koji-tagger/templates/buildconfig.yml @@ -1,3 +1,4 @@ +--- apiVersion: build.openshift.io/v1 kind: BuildConfig metadata: @@ -27,15 +28,15 @@ spec: kind: ImageStreamTag name: coreos-koji-tagger-img:latest triggers: - - type: ImageChange - imageChange: {} - - type: ConfigChange + - type: ImageChange + imageChange: {} + - type: ConfigChange {% if env == "staging" and coreos_koji_tagger_webhook_secret_stg is defined %} - - type: GitHub - github: - secret: "{{ coreos_koji_tagger_webhook_secret_stg }}" + - type: GitHub + github: + secret: "{{ coreos_koji_tagger_webhook_secret_stg }}" {% elif coreos_koji_tagger_webhook_secret_prod is defined %} - - type: GitHub - github: - secret: "{{ coreos_koji_tagger_webhook_secret_prod }}" + - type: GitHub + github: + secret: "{{ coreos_koji_tagger_webhook_secret_prod }}" {% endif %} diff --git a/roles/openshift-apps/coreos-koji-tagger/templates/configmap.yml b/roles/openshift-apps/coreos-koji-tagger/templates/configmap.yml index f8b15bb7c1..4e2fcc3301 100644 --- a/roles/openshift-apps/coreos-koji-tagger/templates/configmap.yml +++ b/roles/openshift-apps/coreos-koji-tagger/templates/configmap.yml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: ConfigMap metadata: diff --git a/roles/openshift-apps/coreos-koji-tagger/templates/deploymentconfig.yml b/roles/openshift-apps/coreos-koji-tagger/templates/deploymentconfig.yml index 71f073472d..4ffdc5c257 100644 --- a/roles/openshift-apps/coreos-koji-tagger/templates/deploymentconfig.yml +++ b/roles/openshift-apps/coreos-koji-tagger/templates/deploymentconfig.yml @@ -1,3 +1,4 @@ +--- apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: @@ -17,55 +18,55 @@ spec: name: coreos-koji-tagger spec: containers: - - env: - - name: COREOS_KOJI_TAGGER_KEYTAB_FILE - value: /etc/coreos-koji-tagger-keytab/koji-keytab + - env: + - name: COREOS_KOJI_TAGGER_KEYTAB_FILE + value: /etc/coreos-koji-tagger-keytab/koji-keytab {% if env == "staging" %} - - name: COREOS_KOJI_TAGGER_USE_STG - value: "true" - # Knobs you can change to point to whatever repo you want for testing - # stage code. Feel free to fork/create your own repo to test with and - # replace the values below. The repo must be set up with - # https://apps.fedoraproject.org/github2fedmsg so that it can get - # messages on the message bus when commits are made. - - name: GITHUB_REPO_FULLNAME - value: "coreos/fedora-coreos-config" - - name: GITHUB_REPO_BRANCHES - value: "refs/heads/testing-devel refs/heads/next-devel" + - name: COREOS_KOJI_TAGGER_USE_STG + value: "true" + # Knobs you can change to point to whatever repo you want for testing + # stage code. Feel free to fork/create your own repo to test with and + # replace the values below. The repo must be set up with + # https://apps.fedoraproject.org/github2fedmsg so that it can get + # messages on the message bus when commits are made. + - name: GITHUB_REPO_FULLNAME + value: "coreos/fedora-coreos-config" + - name: GITHUB_REPO_BRANCHES + value: "refs/heads/testing-devel refs/heads/next-devel" {% endif %} - # sleep infinity is useful for debugging environment issues - # comment out when not debugging -# args: ['infinity'] -# command: ['/usr/bin/sleep'] - volumeMounts: - - name: coreos-koji-tagger-keytab-volume - mountPath: /etc/coreos-koji-tagger-keytab - readOnly: true - - name: coreos-koji-tagger-krb5-conf-volume - mountPath: /etc/krb5.conf - subPath: krb5.conf - readOnly: true - image: "" - imagePullPolicy: IfNotPresent - name: coreos-koji-tagger - resources: {} + # sleep infinity is useful for debugging environment issues + # comment out when not debugging + # args: ['infinity'] + # command: ['/usr/bin/sleep'] + volumeMounts: + - name: coreos-koji-tagger-keytab-volume + mountPath: /etc/coreos-koji-tagger-keytab + readOnly: true + - name: coreos-koji-tagger-krb5-conf-volume + mountPath: /etc/krb5.conf + subPath: krb5.conf + readOnly: true + image: "" + imagePullPolicy: IfNotPresent + name: coreos-koji-tagger + resources: {} volumes: - - name: coreos-koji-tagger-keytab-volume - secret: - secretName: coreos-koji-tagger-keytab - optional: true - - name: coreos-koji-tagger-krb5-conf-volume - configMap: - name: coreos-koji-tagger-krb5-conf + - name: coreos-koji-tagger-keytab-volume + secret: + secretName: coreos-koji-tagger-keytab + optional: true + - name: coreos-koji-tagger-krb5-conf-volume + configMap: + name: coreos-koji-tagger-krb5-conf restartPolicy: Always test: false triggers: - - type: ConfigChange - - type: ImageChange - imageChangeParams: - automatic: true - containerNames: - - coreos-koji-tagger - from: - kind: ImageStreamTag - name: coreos-koji-tagger-img:latest + - type: ConfigChange + - type: ImageChange + imageChangeParams: + automatic: true + containerNames: + - coreos-koji-tagger + from: + kind: ImageStreamTag + name: coreos-koji-tagger-img:latest diff --git a/roles/openshift-apps/coreos-koji-tagger/templates/imagestream.yml b/roles/openshift-apps/coreos-koji-tagger/templates/imagestream.yml index e95987c998..58e769d67a 100644 --- a/roles/openshift-apps/coreos-koji-tagger/templates/imagestream.yml +++ b/roles/openshift-apps/coreos-koji-tagger/templates/imagestream.yml @@ -1,29 +1,30 @@ +--- apiVersion: image.openshift.io/v1 kind: List items: -# ImageStream for Fedora image -- apiVersion: image.openshift.io/v1 - kind: ImageStream - metadata: - labels: - build: coreos-koji-tagger - name: fedora - spec: - lookupPolicy: - local: false - tags: - - name: "38" - from: - kind: DockerImage - name: registry.fedoraproject.org/fedora:38 - importPolicy: - scheduled: true - referencePolicy: - type: Source -# ImageStream for resulting built coreos-koji-tagger-img -- apiVersion: image.openshift.io/v1 - kind: ImageStream - metadata: - labels: - build: coreos-koji-tagger - name: coreos-koji-tagger-img + # ImageStream for Fedora image + - apiVersion: image.openshift.io/v1 + kind: ImageStream + metadata: + labels: + build: coreos-koji-tagger + name: fedora + spec: + lookupPolicy: + local: false + tags: + - name: "38" + from: + kind: DockerImage + name: registry.fedoraproject.org/fedora:38 + importPolicy: + scheduled: true + referencePolicy: + type: Source + # ImageStream for resulting built coreos-koji-tagger-img + - apiVersion: image.openshift.io/v1 + kind: ImageStream + metadata: + labels: + build: coreos-koji-tagger + name: coreos-koji-tagger-img diff --git a/roles/openshift-apps/coreos-ostree-importer/templates/buildconfig.yml b/roles/openshift-apps/coreos-ostree-importer/templates/buildconfig.yml index 5f0468e7f1..edc5a87c82 100644 --- a/roles/openshift-apps/coreos-ostree-importer/templates/buildconfig.yml +++ b/roles/openshift-apps/coreos-ostree-importer/templates/buildconfig.yml @@ -1,3 +1,4 @@ +--- apiVersion: build.openshift.io/v1 kind: BuildConfig metadata: @@ -27,15 +28,15 @@ spec: kind: ImageStreamTag name: coreos-ostree-importer-img:latest triggers: - - type: ImageChange - imageChange: {} - - type: ConfigChange + - type: ImageChange + imageChange: {} + - type: ConfigChange {% if env == "staging" and coreos_ostree_importer_webhook_secret_stg is defined %} - - type: GitHub - github: - secret: "{{ coreos_ostree_importer_webhook_secret_stg }}" + - type: GitHub + github: + secret: "{{ coreos_ostree_importer_webhook_secret_stg }}" {% elif coreos_ostree_importer_webhook_secret_prod is defined %} - - type: GitHub - github: - secret: "{{ coreos_ostree_importer_webhook_secret_prod }}" + - type: GitHub + github: + secret: "{{ coreos_ostree_importer_webhook_secret_prod }}" {% endif %} diff --git a/roles/openshift-apps/coreos-ostree-importer/templates/configmap.yml b/roles/openshift-apps/coreos-ostree-importer/templates/configmap.yml index ebebf02c3f..ea9577fcec 100644 --- a/roles/openshift-apps/coreos-ostree-importer/templates/configmap.yml +++ b/roles/openshift-apps/coreos-ostree-importer/templates/configmap.yml @@ -9,4 +9,3 @@ metadata: data: config.toml: |- {{ load_file('fedora-messaging.toml') | indent }} - diff --git a/roles/openshift-apps/coreos-ostree-importer/templates/deploymentconfig.yml b/roles/openshift-apps/coreos-ostree-importer/templates/deploymentconfig.yml index ad9c508922..9483c45158 100644 --- a/roles/openshift-apps/coreos-ostree-importer/templates/deploymentconfig.yml +++ b/roles/openshift-apps/coreos-ostree-importer/templates/deploymentconfig.yml @@ -1,3 +1,4 @@ +--- apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: @@ -17,61 +18,61 @@ spec: name: coreos-ostree-importer spec: containers: - - name: coreos-ostree-importer - # sleep infinity is useful for debugging environment issues - # comment out when not debugging - # args: ['/usr/bin/sleep', 'infinity'] - # command: ['/usr/bin/dumb-init'] - volumeMounts: - - name: fedora-ostree-content-volume - mountPath: /mnt/koji - - name: fedora-messaging-config-volume - mountPath: /etc/fedora-messaging - readOnly: true - - name: fedora-messaging-ca-volume - mountPath: "/etc/pki/fedora-messaging/{{ fedora_messaging_ca_file }}" - subPath: "{{ fedora_messaging_ca_file }}" - readOnly: true - - name: fedora-messaging-crt-volume - mountPath: "/etc/pki/fedora-messaging/{{ fedora_messaging_cert_file }}" - subPath: "{{ fedora_messaging_cert_file }}" - readOnly: true - - name: fedora-messaging-key-volume - mountPath: "/etc/pki/fedora-messaging/{{ fedora_messaging_key_file }}" - subPath: "{{ fedora_messaging_key_file }}" - readOnly: true - image: "" - imagePullPolicy: IfNotPresent - resources: {} + - name: coreos-ostree-importer + # sleep infinity is useful for debugging environment issues + # comment out when not debugging + # args: ['/usr/bin/sleep', 'infinity'] + # command: ['/usr/bin/dumb-init'] + volumeMounts: + - name: fedora-ostree-content-volume + mountPath: /mnt/koji + - name: fedora-messaging-config-volume + mountPath: /etc/fedora-messaging + readOnly: true + - name: fedora-messaging-ca-volume + mountPath: "/etc/pki/fedora-messaging/{{ fedora_messaging_ca_file }}" + subPath: "{{ fedora_messaging_ca_file }}" + readOnly: true + - name: fedora-messaging-crt-volume + mountPath: "/etc/pki/fedora-messaging/{{ fedora_messaging_cert_file }}" + subPath: "{{ fedora_messaging_cert_file }}" + readOnly: true + - name: fedora-messaging-key-volume + mountPath: "/etc/pki/fedora-messaging/{{ fedora_messaging_key_file }}" + subPath: "{{ fedora_messaging_key_file }}" + readOnly: true + image: "" + imagePullPolicy: IfNotPresent + resources: {} # The files in the ostree volumes are created with group ownership of 263. # We need to have 263 in our supplemental groups. See https://pagure.io/releng/issue/8811#comment-629051 securityContext: supplementalGroups: [263] volumes: - - name: fedora-ostree-content-volume - persistentVolumeClaim: - claimName: fedora-ostree-content-volume - - name: fedora-messaging-config-volume - configMap: - name: fedora-messaging-configmap - - name: fedora-messaging-ca-volume - secret: - secretName: fedora-messaging-ca - - name: fedora-messaging-crt-volume - secret: - secretName: fedora-messaging-crt - - name: fedora-messaging-key-volume - secret: - secretName: fedora-messaging-key + - name: fedora-ostree-content-volume + persistentVolumeClaim: + claimName: fedora-ostree-content-volume + - name: fedora-messaging-config-volume + configMap: + name: fedora-messaging-configmap + - name: fedora-messaging-ca-volume + secret: + secretName: fedora-messaging-ca + - name: fedora-messaging-crt-volume + secret: + secretName: fedora-messaging-crt + - name: fedora-messaging-key-volume + secret: + secretName: fedora-messaging-key restartPolicy: Always test: false triggers: - - type: ConfigChange - - type: ImageChange - imageChangeParams: - automatic: true - containerNames: - - coreos-ostree-importer - from: - kind: ImageStreamTag - name: coreos-ostree-importer-img:latest + - type: ConfigChange + - type: ImageChange + imageChangeParams: + automatic: true + containerNames: + - coreos-ostree-importer + from: + kind: ImageStreamTag + name: coreos-ostree-importer-img:latest diff --git a/roles/openshift-apps/coreos-ostree-importer/templates/imagestream.yml b/roles/openshift-apps/coreos-ostree-importer/templates/imagestream.yml index a93847dfd4..e90f6699ae 100644 --- a/roles/openshift-apps/coreos-ostree-importer/templates/imagestream.yml +++ b/roles/openshift-apps/coreos-ostree-importer/templates/imagestream.yml @@ -1,29 +1,30 @@ +--- apiVersion: image.openshift.io/v1 kind: List items: -# ImageStream for Fedora image -- apiVersion: image.openshift.io/v1 - kind: ImageStream - metadata: - labels: - build: coreos-ostree-importer - name: fedora - spec: - lookupPolicy: - local: false - tags: - - name: "38" - from: - kind: DockerImage - name: registry.fedoraproject.org/fedora:38 - importPolicy: - scheduled: true - referencePolicy: - type: Source -# ImageStream for resulting built coreos-ostree-importer-img -- apiVersion: image.openshift.io/v1 - kind: ImageStream - metadata: - labels: - build: coreos-ostree-importer - name: coreos-ostree-importer-img + # ImageStream for Fedora image + - apiVersion: image.openshift.io/v1 + kind: ImageStream + metadata: + labels: + build: coreos-ostree-importer + name: fedora + spec: + lookupPolicy: + local: false + tags: + - name: "38" + from: + kind: DockerImage + name: registry.fedoraproject.org/fedora:38 + importPolicy: + scheduled: true + referencePolicy: + type: Source + # ImageStream for resulting built coreos-ostree-importer-img + - apiVersion: image.openshift.io/v1 + kind: ImageStream + metadata: + labels: + build: coreos-ostree-importer + name: coreos-ostree-importer-img diff --git a/roles/openshift-apps/coreos-ostree-importer/templates/pvc.yml b/roles/openshift-apps/coreos-ostree-importer/templates/pvc.yml index 37d1c27297..a8363bff31 100644 --- a/roles/openshift-apps/coreos-ostree-importer/templates/pvc.yml +++ b/roles/openshift-apps/coreos-ostree-importer/templates/pvc.yml @@ -1,3 +1,4 @@ +--- # PVC to mount the fedora-ostree-content-volume NFS share # that has been mapped in to OpenShift by Fedora Infra for # us from the NetApp. This corresponds to the fedora-ostree-content{,-stg} diff --git a/roles/openshift-apps/fedora-coreos-pipeline/defaults/main.yaml b/roles/openshift-apps/fedora-coreos-pipeline/defaults/main.yaml index ab0ea98f06..c5137b08fb 100644 --- a/roles/openshift-apps/fedora-coreos-pipeline/defaults/main.yaml +++ b/roles/openshift-apps/fedora-coreos-pipeline/defaults/main.yaml @@ -1,3 +1,4 @@ +--- project_name: fedora-coreos-pipeline project_description: Fedora CoreOS Pipeline appowners: [] diff --git a/roles/openshift-apps/fedora-coreos-pipeline/tasks/main.yaml b/roles/openshift-apps/fedora-coreos-pipeline/tasks/main.yaml index 7b460ef135..9b8c79d280 100644 --- a/roles/openshift-apps/fedora-coreos-pipeline/tasks/main.yaml +++ b/roles/openshift-apps/fedora-coreos-pipeline/tasks/main.yaml @@ -1,3 +1,4 @@ +--- - name: Create the directories to hold the templates file: path: "/root/ocp4/openshift-apps/{{project_name}}" @@ -5,7 +6,7 @@ owner: root group: root mode: 0770 - recurse: yes + recurse: true # generate the templates for project to be created - name: create the templates diff --git a/roles/openshift-apps/fedora-coreos-pipeline/templates/group.yaml b/roles/openshift-apps/fedora-coreos-pipeline/templates/group.yaml index b4cefa6acb..682ae52180 100644 --- a/roles/openshift-apps/fedora-coreos-pipeline/templates/group.yaml +++ b/roles/openshift-apps/fedora-coreos-pipeline/templates/group.yaml @@ -1,8 +1,9 @@ +--- kind: Group apiVersion: user.openshift.io/v1 metadata: name: "{{project_name}}-appowners" users: {% for item in appowners %} -- "{{ item }}" + - "{{ item }}" {% endfor %} diff --git a/roles/openshift-apps/fedora-coreos-pipeline/templates/rolebinding.yaml b/roles/openshift-apps/fedora-coreos-pipeline/templates/rolebinding.yaml index e2b09fcd8f..37cc2557c1 100644 --- a/roles/openshift-apps/fedora-coreos-pipeline/templates/rolebinding.yaml +++ b/roles/openshift-apps/fedora-coreos-pipeline/templates/rolebinding.yaml @@ -1,3 +1,4 @@ +--- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: diff --git a/roles/openshift-apps/fedora-ostree-pruner/templates/buildconfig.yml b/roles/openshift-apps/fedora-ostree-pruner/templates/buildconfig.yml index 92d51c1f38..94bfe7f20f 100644 --- a/roles/openshift-apps/fedora-ostree-pruner/templates/buildconfig.yml +++ b/roles/openshift-apps/fedora-ostree-pruner/templates/buildconfig.yml @@ -1,3 +1,4 @@ +--- apiVersion: build.openshift.io/v1 kind: BuildConfig metadata: @@ -27,15 +28,15 @@ spec: kind: ImageStreamTag name: fedora-ostree-pruner-img:latest triggers: - - type: ImageChange - imageChange: {} - - type: ConfigChange + - type: ImageChange + imageChange: {} + - type: ConfigChange {% if env == "staging" and fedora_ostree_pruner_webhook_secret_stg is defined %} - - type: GitHub - github: - secret: "{{ fedora_ostree_pruner_webhook_secret_stg }}" + - type: GitHub + github: + secret: "{{ fedora_ostree_pruner_webhook_secret_stg }}" {% elif fedora_ostree_pruner_webhook_secret_prod is defined %} - - type: GitHub - github: - secret: "{{ fedora_ostree_pruner_webhook_secret_prod }}" + - type: GitHub + github: + secret: "{{ fedora_ostree_pruner_webhook_secret_prod }}" {% endif %} diff --git a/roles/openshift-apps/fedora-ostree-pruner/templates/deploymentconfig.yml b/roles/openshift-apps/fedora-ostree-pruner/templates/deploymentconfig.yml index df0fb13baf..2440650530 100644 --- a/roles/openshift-apps/fedora-ostree-pruner/templates/deploymentconfig.yml +++ b/roles/openshift-apps/fedora-ostree-pruner/templates/deploymentconfig.yml @@ -1,3 +1,4 @@ +--- apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: @@ -17,34 +18,34 @@ spec: name: fedora-ostree-pruner spec: containers: - - name: fedora-ostree-pruner - # sleep infinity is useful for debugging environment issues - # comment out when not debugging - # args: ['/usr/bin/sleep', 'infinity'] - # command: ['/usr/bin/dumb-init'] - volumeMounts: - - name: fedora-ostree-content-volume - mountPath: /mnt/koji - image: "" - imagePullPolicy: IfNotPresent - resources: {} + - name: fedora-ostree-pruner + # sleep infinity is useful for debugging environment issues + # comment out when not debugging + # args: ['/usr/bin/sleep', 'infinity'] + # command: ['/usr/bin/dumb-init'] + volumeMounts: + - name: fedora-ostree-content-volume + mountPath: /mnt/koji + image: "" + imagePullPolicy: IfNotPresent + resources: {} # The files in the ostree volumes are created with group ownership of 263. # We need to have 263 in our supplemental groups. See https://pagure.io/releng/issue/8811#comment-629051 securityContext: supplementalGroups: [263] volumes: - - name: fedora-ostree-content-volume - persistentVolumeClaim: - claimName: fedora-ostree-content-volume + - name: fedora-ostree-content-volume + persistentVolumeClaim: + claimName: fedora-ostree-content-volume restartPolicy: Always test: false triggers: - - type: ConfigChange - - type: ImageChange - imageChangeParams: - automatic: true - containerNames: - - fedora-ostree-pruner - from: - kind: ImageStreamTag - name: fedora-ostree-pruner-img:latest + - type: ConfigChange + - type: ImageChange + imageChangeParams: + automatic: true + containerNames: + - fedora-ostree-pruner + from: + kind: ImageStreamTag + name: fedora-ostree-pruner-img:latest diff --git a/roles/openshift-apps/fedora-ostree-pruner/templates/imagestream.yml b/roles/openshift-apps/fedora-ostree-pruner/templates/imagestream.yml index 930444ee62..f20414597d 100644 --- a/roles/openshift-apps/fedora-ostree-pruner/templates/imagestream.yml +++ b/roles/openshift-apps/fedora-ostree-pruner/templates/imagestream.yml @@ -1,29 +1,30 @@ +--- apiVersion: image.openshift.io/v1 kind: List items: -# ImageStream for Fedora image -- apiVersion: image.openshift.io/v1 - kind: ImageStream - metadata: - labels: - build: fedora-ostree-pruner - name: fedora - spec: - lookupPolicy: - local: false - tags: - - name: "38" - from: - kind: DockerImage - name: registry.fedoraproject.org/fedora:38 - importPolicy: - scheduled: true - referencePolicy: - type: Source -# ImageStream for resulting built fedora-ostree-pruner-img -- apiVersion: image.openshift.io/v1 - kind: ImageStream - metadata: - labels: - build: fedora-ostree-pruner - name: fedora-ostree-pruner-img + # ImageStream for Fedora image + - apiVersion: image.openshift.io/v1 + kind: ImageStream + metadata: + labels: + build: fedora-ostree-pruner + name: fedora + spec: + lookupPolicy: + local: false + tags: + - name: "38" + from: + kind: DockerImage + name: registry.fedoraproject.org/fedora:38 + importPolicy: + scheduled: true + referencePolicy: + type: Source + # ImageStream for resulting built fedora-ostree-pruner-img + - apiVersion: image.openshift.io/v1 + kind: ImageStream + metadata: + labels: + build: fedora-ostree-pruner + name: fedora-ostree-pruner-img diff --git a/roles/openshift-apps/fedora-ostree-pruner/templates/pvc.yml b/roles/openshift-apps/fedora-ostree-pruner/templates/pvc.yml index fdcddda51d..e26b9c2910 100644 --- a/roles/openshift-apps/fedora-ostree-pruner/templates/pvc.yml +++ b/roles/openshift-apps/fedora-ostree-pruner/templates/pvc.yml @@ -1,3 +1,4 @@ +--- # PVC to mount the fedora-ostree-content-volume NFS share # that has been mapped in to OpenShift by Fedora Infra for # us from the NetApp. This corresponds to the fedora-ostree-content{,-stg}