infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 7 Projects Releases Packages Wiki Activity Actions

openshift-apps: fix yamllint on coreos/ostree files

Browse source
This commit is contained in:
Dusty Mabe 2023-05-19 15:48:00 -04:00 committed by dustymabe
parent faede3940d
commit 3152c186a1
31 changed files with 341 additions and 316 deletions
Download patch file Download diff file Expand all files Collapse all files

18
playbooks/openshift-apps/coreos-ci.yml
View file

@ -3,10 +3,10 @@
user: root
gather_facts: false
############################################
# actions to create the project in OpenShift
############################################
# to run: sudo rbac-playbook -l os_control_stg openshift-apps/coreos-ci.yml
############################################
# actions to create the project in OpenShift
############################################
# to run: sudo rbac-playbook -l os_control_stg openshift-apps/coreos-ci.yml
roles:
- role: openshift-apps/coreos-ci
project_name: coreos-ci
@ -19,12 +19,12 @@
- ravanelli
- walters
###############################################
# actions to delete the project from OpenShift
###############################################
# to run: sudo rbac-playbook -l os_control_stg -t delete openshift-apps/coreos-ci.yml
###############################################
# actions to delete the project from OpenShift
###############################################
# to run: sudo rbac-playbook -l os_control_stg -t delete openshift-apps/coreos-ci.yml
- role: openshift/object-delete
app: coreos-ci
objecttype: project
objectname: coreos-ci
tags: [ never, delete ]
tags: [never, delete]

3
playbooks/openshift-apps/coreos-cincinnati.yml
View file

@ -1,7 +1,8 @@
---
- name: provision CoreOS Cincinnati backend
hosts: os_control:os_control_stg
user: root
gather_facts: False
gather_facts: false
vars_files:
- /srv/web/infra/ansible/vars/global.yml

21
playbooks/openshift-apps/coreos-koji-tagger.yml
View file

@ -1,17 +1,18 @@
---
- name: make the app be real
hosts: os_control:os_control_stg
user: root
gather_facts: False
gather_facts: false
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
############################################
# actions to create the project in OpenShift
############################################
# to run: sudo rbac-playbook -l os_control_stg openshift-apps/coreos-koji-tagger.yml
############################################
# actions to create the project in OpenShift
############################################
# to run: sudo rbac-playbook -l os_control_stg openshift-apps/coreos-koji-tagger.yml
roles:
- role: openshift/project
app: coreos-koji-tagger
@ -58,12 +59,12 @@
template: deploymentconfig.yml
objectname: deploymentconfig.yml
###############################################
# actions to delete the project from OpenShift
###############################################
# to run: sudo rbac-playbook -l os_control_stg -t delete openshift-apps/coreos-koji-tagger.yml
###############################################
# actions to delete the project from OpenShift
###############################################
# to run: sudo rbac-playbook -l os_control_stg -t delete openshift-apps/coreos-koji-tagger.yml
- role: openshift/object-delete
app: coreos-koji-tagger
objecttype: project
objectname: coreos-koji-tagger
tags: [ never, delete ]
tags: [never, delete]

29
playbooks/openshift-apps/coreos-ostree-importer.yml
View file

@ -1,7 +1,8 @@
---
- name: make the app be real
hosts: os_control:os_control_stg
user: root
gather_facts: False
gather_facts: false
vars_files:
- /srv/web/infra/ansible/vars/global.yml
@ -18,18 +19,18 @@
# Set the fedora_messaging_routing_keys var based on the environment
pre_tasks:
- set_fact:
fedora_messaging_routing_keys:
- "org.fedoraproject.stg.coreos.build.request.ostree-import"
fedora_messaging_routing_keys:
- "org.fedoraproject.stg.coreos.build.request.ostree-import"
when: env == 'staging'
- set_fact:
fedora_messaging_routing_keys:
- "org.fedoraproject.prod.coreos.build.request.ostree-import"
fedora_messaging_routing_keys:
- "org.fedoraproject.prod.coreos.build.request.ostree-import"
when: env != 'staging'
############################################
# actions to create the project in OpenShift
############################################
# to run: sudo rbac-playbook -l os_control_stg openshift-apps/coreos-ostree-importer.yml
############################################
# actions to create the project in OpenShift
############################################
# to run: sudo rbac-playbook -l os_control_stg openshift-apps/coreos-ostree-importer.yml
roles:
- role: openshift/project
app: coreos-ostree-importer
@ -92,12 +93,12 @@
template: pvc.yml
objectname: pvc.yml
###############################################
# actions to delete the project from OpenShift
###############################################
# to run: sudo rbac-playbook -l os_control_stg -t delete openshift-apps/coreos-ostree-importer.yml
###############################################
# actions to delete the project from OpenShift
###############################################
# to run: sudo rbac-playbook -l os_control_stg -t delete openshift-apps/coreos-ostree-importer.yml
- role: openshift/object-delete
app: coreos-ostree-importer
objecttype: project
objectname: coreos-ostree-importer
tags: [ never, delete ]
tags: [never, delete]

16
playbooks/openshift-apps/fedora-coreos-pipeline.yml
View file

@ -3,10 +3,10 @@
user: root
gather_facts: false
############################################
# actions to create the project in OpenShift
############################################
# to run: sudo rbac-playbook -l os_control_stg openshift-apps/fedora-coreos-pipeline.yml
############################################
# actions to create the project in OpenShift
############################################
# to run: sudo rbac-playbook -l os_control_stg openshift-apps/fedora-coreos-pipeline.yml
roles:
- role: openshift-apps/fedora-coreos-pipeline
project_name: fedora-coreos-pipeline
@ -42,10 +42,10 @@
- marmijo
- ravanelli
###############################################
# actions to delete the project from OpenShift
###############################################
# to run: sudo rbac-playbook -l os_control_stg -t delete openshift-apps/fedora-coreos-pipeline.yml
###############################################
# actions to delete the project from OpenShift
###############################################
# to run: sudo rbac-playbook -l os_control_stg -t delete openshift-apps/fedora-coreos-pipeline.yml
- role: openshift/object-delete
app: fedora-coreos-pipeline
objecttype: project

21
playbooks/openshift-apps/fedora-ostree-pruner.yml
View file

@ -1,17 +1,18 @@
---
- name: make the app be real
hosts: os_control:os_control_stg
user: root
gather_facts: False
gather_facts: false
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
############################################
# actions to create the project in OpenShift
############################################
# to run: sudo rbac-playbook -l os_control_stg openshift-apps/fedora-ostree-pruner.yml
############################################
# actions to create the project in OpenShift
############################################
# to run: sudo rbac-playbook -l os_control_stg openshift-apps/fedora-ostree-pruner.yml
roles:
- role: openshift/project
app: fedora-ostree-pruner
@ -41,12 +42,12 @@
template: pvc.yml
objectname: pvc.yml
###############################################
# actions to delete the project from OpenShift
###############################################
# to run: sudo rbac-playbook -l os_control_stg -t delete openshift-apps/fedora-ostree-pruner.yml
###############################################
# actions to delete the project from OpenShift
###############################################
# to run: sudo rbac-playbook -l os_control_stg -t delete openshift-apps/fedora-ostree-pruner.yml
- role: openshift/object-delete
app: fedora-ostree-pruner
objecttype: project
objectname: fedora-ostree-pruner
tags: [ never, delete ]
tags: [never, delete]

1
roles/openshift-apps/coreos-ci/defaults/main.yaml
View file

@ -1,3 +1,4 @@
---
project_name: coreos-ci
project_description: CoreOS CI Infrastructure
project_service_account: coreos-ci-sa

3
roles/openshift-apps/coreos-ci/tasks/main.yaml
View file

@ -1,3 +1,4 @@
---
- name: Create the directories to hold the templates
file:
path: "/root/ocp4/openshift-apps/{{project_name}}"
@ -5,7 +6,7 @@
owner: root
group: root
mode: 0770
recurse: yes
recurse: true
# generate the templates for project to be created
- name: create the templates

3
roles/openshift-apps/coreos-ci/templates/group.yaml
View file

@ -1,8 +1,9 @@
---
kind: Group
apiVersion: user.openshift.io/v1
metadata:
name: "{{project_name}}-appowners"
users:
{% for item in appowners %}
- "{{ item }}"
- "{{ item }}"
{% endfor %}

1
roles/openshift-apps/coreos-ci/templates/rolebinding.yaml
View file

@ -1,3 +1,4 @@
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:

22
roles/openshift-apps/coreos-ci/templates/securitycontextconstraints.yaml
View file

@ -1,3 +1,4 @@
---
allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostNetwork: false
@ -8,13 +9,13 @@ allowPrivilegedContainer: false
allowedCapabilities: null
apiVersion: security.openshift.io/v1
defaultAddCapabilities:
- CAP_SETFCAP
- CAP_SETFCAP
fsGroup:
type: RunAsAny
groups:
- system:cluster-admins
- system:cluster-admins
users:
- system:serviceaccount:coreos-ci:coreos-ci-sa
- system:serviceaccount:coreos-ci:coreos-ci-sa
kind: SecurityContextConstraints
metadata:
annotations:
@ -23,7 +24,7 @@ metadata:
priority: 10
readOnlyRootFilesystem: false
requiredDropCapabilities:
- MKNOD
- MKNOD
runAsUser:
type: RunAsAny
seLinuxContext:
@ -31,10 +32,9 @@ seLinuxContext:
supplementalGroups:
type: RunAsAny
volumes:
- configMap
- downwardAPI
- emptyDir
- persistentVolumeClaim
- projected
- secret
- configMap
- downwardAPI
- emptyDir
- persistentVolumeClaim
- projected
- secret

1
roles/openshift-apps/coreos-cincinnati/templates/buildconfig.yml
View file

@ -1,3 +1,4 @@
---
apiVersion: build.openshift.io/v1
kind: BuildConfig
metadata:

1
roles/openshift-apps/coreos-cincinnati/templates/deploymentconfig.yml
View file

@ -1,3 +1,4 @@
---
apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:

48
roles/openshift-apps/coreos-cincinnati/templates/egresspolicy.yml
View file

@ -5,27 +5,27 @@ metadata:
name: default
spec:
egress:
- type: Allow
to:
dnsName: builds.coreos.fedoraproject.org
- type: Allow
to:
dnsName: github.com
- type: Allow
to:
dnsName: crates.io
- type: Allow
to:
dnsName: static.crates.io
- type: Allow
to:
dnsName: mirrors.fedoraproject.org
- type: Allow
to:
dnsName: dl.fedoraproject.org
- type: Allow
to:
dnsName: dl.iad2.fedoraproject.org
- type: Allow
to:
cidrSelector: "0.0.0.0/0"
- type: Allow
to:
dnsName: builds.coreos.fedoraproject.org
- type: Allow
to:
dnsName: github.com
- type: Allow
to:
dnsName: crates.io
- type: Allow
to:
dnsName: static.crates.io
- type: Allow
to:
dnsName: mirrors.fedoraproject.org
- type: Allow
to:
dnsName: dl.fedoraproject.org
- type: Allow
to:
dnsName: dl.iad2.fedoraproject.org
- type: Allow
to:
cidrSelector: "0.0.0.0/0"

19
roles/openshift-apps/coreos-koji-tagger/templates/buildconfig.yml
View file

@ -1,3 +1,4 @@
---
apiVersion: build.openshift.io/v1
kind: BuildConfig
metadata:
@ -27,15 +28,15 @@ spec:
kind: ImageStreamTag
name: coreos-koji-tagger-img:latest
triggers:
- type: ImageChange
imageChange: {}
- type: ConfigChange
- type: ImageChange
imageChange: {}
- type: ConfigChange
{% if env == "staging" and coreos_koji_tagger_webhook_secret_stg is defined %}
- type: GitHub
github:
secret: "{{ coreos_koji_tagger_webhook_secret_stg }}"
- type: GitHub
github:
secret: "{{ coreos_koji_tagger_webhook_secret_stg }}"
{% elif coreos_koji_tagger_webhook_secret_prod is defined %}
- type: GitHub
github:
secret: "{{ coreos_koji_tagger_webhook_secret_prod }}"
- type: GitHub
github:
secret: "{{ coreos_koji_tagger_webhook_secret_prod }}"
{% endif %}

1
roles/openshift-apps/coreos-koji-tagger/templates/configmap.yml
View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: ConfigMap
metadata:

93
roles/openshift-apps/coreos-koji-tagger/templates/deploymentconfig.yml
View file

@ -1,3 +1,4 @@
---
apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
@ -17,55 +18,55 @@ spec:
name: coreos-koji-tagger
spec:
containers:
- env:
- name: COREOS_KOJI_TAGGER_KEYTAB_FILE
value: /etc/coreos-koji-tagger-keytab/koji-keytab
- env:
- name: COREOS_KOJI_TAGGER_KEYTAB_FILE
value: /etc/coreos-koji-tagger-keytab/koji-keytab
{% if env == "staging" %}
- name: COREOS_KOJI_TAGGER_USE_STG
value: "true"
# Knobs you can change to point to whatever repo you want for testing
# stage code. Feel free to fork/create your own repo to test with and
# replace the values below. The repo must be set up with
# https://apps.fedoraproject.org/github2fedmsg so that it can get
# messages on the message bus when commits are made.
- name: GITHUB_REPO_FULLNAME
value: "coreos/fedora-coreos-config"
- name: GITHUB_REPO_BRANCHES
value: "refs/heads/testing-devel refs/heads/next-devel"
- name: COREOS_KOJI_TAGGER_USE_STG
value: "true"
# Knobs you can change to point to whatever repo you want for testing
# stage code. Feel free to fork/create your own repo to test with and
# replace the values below. The repo must be set up with
# https://apps.fedoraproject.org/github2fedmsg so that it can get
# messages on the message bus when commits are made.
- name: GITHUB_REPO_FULLNAME
value: "coreos/fedora-coreos-config"
- name: GITHUB_REPO_BRANCHES
value: "refs/heads/testing-devel refs/heads/next-devel"
{% endif %}
# sleep infinity is useful for debugging environment issues
# comment out when not debugging
# args: ['infinity']
# command: ['/usr/bin/sleep']
volumeMounts:
- name: coreos-koji-tagger-keytab-volume
mountPath: /etc/coreos-koji-tagger-keytab
readOnly: true
- name: coreos-koji-tagger-krb5-conf-volume
mountPath: /etc/krb5.conf
subPath: krb5.conf
readOnly: true
image: ""
imagePullPolicy: IfNotPresent
name: coreos-koji-tagger
resources: {}
# sleep infinity is useful for debugging environment issues
# comment out when not debugging
# args: ['infinity']
# command: ['/usr/bin/sleep']
volumeMounts:
- name: coreos-koji-tagger-keytab-volume
mountPath: /etc/coreos-koji-tagger-keytab
readOnly: true
- name: coreos-koji-tagger-krb5-conf-volume
mountPath: /etc/krb5.conf
subPath: krb5.conf
readOnly: true
image: ""
imagePullPolicy: IfNotPresent
name: coreos-koji-tagger
resources: {}
volumes:
- name: coreos-koji-tagger-keytab-volume
secret:
secretName: coreos-koji-tagger-keytab
optional: true
- name: coreos-koji-tagger-krb5-conf-volume
configMap:
name: coreos-koji-tagger-krb5-conf
- name: coreos-koji-tagger-keytab-volume
secret:
secretName: coreos-koji-tagger-keytab
optional: true
- name: coreos-koji-tagger-krb5-conf-volume
configMap:
name: coreos-koji-tagger-krb5-conf
restartPolicy: Always
test: false
triggers:
- type: ConfigChange
- type: ImageChange
imageChangeParams:
automatic: true
containerNames:
- coreos-koji-tagger
from:
kind: ImageStreamTag
name: coreos-koji-tagger-img:latest
- type: ConfigChange
- type: ImageChange
imageChangeParams:
automatic: true
containerNames:
- coreos-koji-tagger
from:
kind: ImageStreamTag
name: coreos-koji-tagger-img:latest

53
roles/openshift-apps/coreos-koji-tagger/templates/imagestream.yml
View file

@ -1,29 +1,30 @@
---
apiVersion: image.openshift.io/v1
kind: List
items:
# ImageStream for Fedora image
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
labels:
build: coreos-koji-tagger
name: fedora
spec:
lookupPolicy:
local: false
tags:
- name: "38"
from:
kind: DockerImage
name: registry.fedoraproject.org/fedora:38
importPolicy:
scheduled: true
referencePolicy:
type: Source
# ImageStream for resulting built coreos-koji-tagger-img
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
labels:
build: coreos-koji-tagger
name: coreos-koji-tagger-img
# ImageStream for Fedora image
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
labels:
build: coreos-koji-tagger
name: fedora
spec:
lookupPolicy:
local: false
tags:
- name: "38"
from:
kind: DockerImage
name: registry.fedoraproject.org/fedora:38
importPolicy:
scheduled: true
referencePolicy:
type: Source
# ImageStream for resulting built coreos-koji-tagger-img
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
labels:
build: coreos-koji-tagger
name: coreos-koji-tagger-img

19
roles/openshift-apps/coreos-ostree-importer/templates/buildconfig.yml
View file

@ -1,3 +1,4 @@
---
apiVersion: build.openshift.io/v1
kind: BuildConfig
metadata:
@ -27,15 +28,15 @@ spec:
kind: ImageStreamTag
name: coreos-ostree-importer-img:latest
triggers:
- type: ImageChange
imageChange: {}
- type: ConfigChange
- type: ImageChange
imageChange: {}
- type: ConfigChange
{% if env == "staging" and coreos_ostree_importer_webhook_secret_stg is defined %}
- type: GitHub
github:
secret: "{{ coreos_ostree_importer_webhook_secret_stg }}"
- type: GitHub
github:
secret: "{{ coreos_ostree_importer_webhook_secret_stg }}"
{% elif coreos_ostree_importer_webhook_secret_prod is defined %}
- type: GitHub
github:
secret: "{{ coreos_ostree_importer_webhook_secret_prod }}"
- type: GitHub
github:
secret: "{{ coreos_ostree_importer_webhook_secret_prod }}"
{% endif %}

1
roles/openshift-apps/coreos-ostree-importer/templates/configmap.yml
View file

@ -9,4 +9,3 @@ metadata:
data:
config.toml: |-
{{ load_file('fedora-messaging.toml') | indent }}

101
roles/openshift-apps/coreos-ostree-importer/templates/deploymentconfig.yml
View file

@ -1,3 +1,4 @@
---
apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
@ -17,61 +18,61 @@ spec:
name: coreos-ostree-importer
spec:
containers:
- name: coreos-ostree-importer
# sleep infinity is useful for debugging environment issues
# comment out when not debugging
# args: ['/usr/bin/sleep', 'infinity']
# command: ['/usr/bin/dumb-init']
volumeMounts:
- name: fedora-ostree-content-volume
mountPath: /mnt/koji
- name: fedora-messaging-config-volume
mountPath: /etc/fedora-messaging
readOnly: true
- name: fedora-messaging-ca-volume
mountPath: "/etc/pki/fedora-messaging/{{ fedora_messaging_ca_file }}"
subPath: "{{ fedora_messaging_ca_file }}"
readOnly: true
- name: fedora-messaging-crt-volume
mountPath: "/etc/pki/fedora-messaging/{{ fedora_messaging_cert_file }}"
subPath: "{{ fedora_messaging_cert_file }}"
readOnly: true
- name: fedora-messaging-key-volume
mountPath: "/etc/pki/fedora-messaging/{{ fedora_messaging_key_file }}"
subPath: "{{ fedora_messaging_key_file }}"
readOnly: true
image: ""
imagePullPolicy: IfNotPresent
resources: {}
- name: coreos-ostree-importer
# sleep infinity is useful for debugging environment issues
# comment out when not debugging
# args: ['/usr/bin/sleep', 'infinity']
# command: ['/usr/bin/dumb-init']
volumeMounts:
- name: fedora-ostree-content-volume
mountPath: /mnt/koji
- name: fedora-messaging-config-volume
mountPath: /etc/fedora-messaging
readOnly: true
- name: fedora-messaging-ca-volume
mountPath: "/etc/pki/fedora-messaging/{{ fedora_messaging_ca_file }}"
subPath: "{{ fedora_messaging_ca_file }}"
readOnly: true
- name: fedora-messaging-crt-volume
mountPath: "/etc/pki/fedora-messaging/{{ fedora_messaging_cert_file }}"
subPath: "{{ fedora_messaging_cert_file }}"
readOnly: true
- name: fedora-messaging-key-volume
mountPath: "/etc/pki/fedora-messaging/{{ fedora_messaging_key_file }}"
subPath: "{{ fedora_messaging_key_file }}"
readOnly: true
image: ""
imagePullPolicy: IfNotPresent
resources: {}
# The files in the ostree volumes are created with group ownership of 263.
# We need to have 263 in our supplemental groups. See https://pagure.io/releng/issue/8811#comment-629051
securityContext:
supplementalGroups: [263]
volumes:
- name: fedora-ostree-content-volume
persistentVolumeClaim:
claimName: fedora-ostree-content-volume
- name: fedora-messaging-config-volume
configMap:
name: fedora-messaging-configmap
- name: fedora-messaging-ca-volume
secret:
secretName: fedora-messaging-ca
- name: fedora-messaging-crt-volume
secret:
secretName: fedora-messaging-crt
- name: fedora-messaging-key-volume
secret:
secretName: fedora-messaging-key
- name: fedora-ostree-content-volume
persistentVolumeClaim:
claimName: fedora-ostree-content-volume
- name: fedora-messaging-config-volume
configMap:
name: fedora-messaging-configmap
- name: fedora-messaging-ca-volume
secret:
secretName: fedora-messaging-ca
- name: fedora-messaging-crt-volume
secret:
secretName: fedora-messaging-crt
- name: fedora-messaging-key-volume
secret:
secretName: fedora-messaging-key
restartPolicy: Always
test: false
triggers:
- type: ConfigChange
- type: ImageChange
imageChangeParams:
automatic: true
containerNames:
- coreos-ostree-importer
from:
kind: ImageStreamTag
name: coreos-ostree-importer-img:latest
- type: ConfigChange
- type: ImageChange
imageChangeParams:
automatic: true
containerNames:
- coreos-ostree-importer
from:
kind: ImageStreamTag
name: coreos-ostree-importer-img:latest

53
roles/openshift-apps/coreos-ostree-importer/templates/imagestream.yml
View file

@ -1,29 +1,30 @@
---
apiVersion: image.openshift.io/v1
kind: List
items:
# ImageStream for Fedora image
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
labels:
build: coreos-ostree-importer
name: fedora
spec:
lookupPolicy:
local: false
tags:
- name: "38"
from:
kind: DockerImage
name: registry.fedoraproject.org/fedora:38
importPolicy:
scheduled: true
referencePolicy:
type: Source
# ImageStream for resulting built coreos-ostree-importer-img
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
labels:
build: coreos-ostree-importer
name: coreos-ostree-importer-img
# ImageStream for Fedora image
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
labels:
build: coreos-ostree-importer
name: fedora
spec:
lookupPolicy:
local: false
tags:
- name: "38"
from:
kind: DockerImage
name: registry.fedoraproject.org/fedora:38
importPolicy:
scheduled: true
referencePolicy:
type: Source
# ImageStream for resulting built coreos-ostree-importer-img
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
labels:
build: coreos-ostree-importer
name: coreos-ostree-importer-img

1
roles/openshift-apps/coreos-ostree-importer/templates/pvc.yml
View file

@ -1,3 +1,4 @@
---
# PVC to mount the fedora-ostree-content-volume NFS share
# that has been mapped in to OpenShift by Fedora Infra for
# us from the NetApp. This corresponds to the fedora-ostree-content{,-stg}

1
roles/openshift-apps/fedora-coreos-pipeline/defaults/main.yaml
View file

@ -1,3 +1,4 @@
---
project_name: fedora-coreos-pipeline
project_description: Fedora CoreOS Pipeline
appowners: []

3
roles/openshift-apps/fedora-coreos-pipeline/tasks/main.yaml
View file

@ -1,3 +1,4 @@
---
- name: Create the directories to hold the templates
file:
path: "/root/ocp4/openshift-apps/{{project_name}}"
@ -5,7 +6,7 @@
owner: root
group: root
mode: 0770
recurse: yes
recurse: true
# generate the templates for project to be created
- name: create the templates

3
roles/openshift-apps/fedora-coreos-pipeline/templates/group.yaml
View file

@ -1,8 +1,9 @@
---
kind: Group
apiVersion: user.openshift.io/v1
metadata:
name: "{{project_name}}-appowners"
users:
{% for item in appowners %}
- "{{ item }}"
- "{{ item }}"
{% endfor %}

1
roles/openshift-apps/fedora-coreos-pipeline/templates/rolebinding.yaml
View file

@ -1,3 +1,4 @@
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:

19
roles/openshift-apps/fedora-ostree-pruner/templates/buildconfig.yml
View file

@ -1,3 +1,4 @@
---
apiVersion: build.openshift.io/v1
kind: BuildConfig
metadata:
@ -27,15 +28,15 @@ spec:
kind: ImageStreamTag
name: fedora-ostree-pruner-img:latest
triggers:
- type: ImageChange
imageChange: {}
- type: ConfigChange
- type: ImageChange
imageChange: {}
- type: ConfigChange
{% if env == "staging" and fedora_ostree_pruner_webhook_secret_stg is defined %}
- type: GitHub
github:
secret: "{{ fedora_ostree_pruner_webhook_secret_stg }}"
- type: GitHub
github:
secret: "{{ fedora_ostree_pruner_webhook_secret_stg }}"
{% elif fedora_ostree_pruner_webhook_secret_prod is defined %}
- type: GitHub
github:
secret: "{{ fedora_ostree_pruner_webhook_secret_prod }}"
- type: GitHub
github:
secret: "{{ fedora_ostree_pruner_webhook_secret_prod }}"
{% endif %}

47
roles/openshift-apps/fedora-ostree-pruner/templates/deploymentconfig.yml
View file

@ -1,3 +1,4 @@
---
apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
@ -17,34 +18,34 @@ spec:
name: fedora-ostree-pruner
spec:
containers:
- name: fedora-ostree-pruner
# sleep infinity is useful for debugging environment issues
# comment out when not debugging
# args: ['/usr/bin/sleep', 'infinity']
# command: ['/usr/bin/dumb-init']
volumeMounts:
- name: fedora-ostree-content-volume
mountPath: /mnt/koji
image: ""
imagePullPolicy: IfNotPresent
resources: {}
- name: fedora-ostree-pruner
# sleep infinity is useful for debugging environment issues
# comment out when not debugging
# args: ['/usr/bin/sleep', 'infinity']
# command: ['/usr/bin/dumb-init']
volumeMounts:
- name: fedora-ostree-content-volume
mountPath: /mnt/koji
image: ""
imagePullPolicy: IfNotPresent
resources: {}
# The files in the ostree volumes are created with group ownership of 263.
# We need to have 263 in our supplemental groups. See https://pagure.io/releng/issue/8811#comment-629051
securityContext:
supplementalGroups: [263]
volumes:
- name: fedora-ostree-content-volume
persistentVolumeClaim:
claimName: fedora-ostree-content-volume
- name: fedora-ostree-content-volume
persistentVolumeClaim:
claimName: fedora-ostree-content-volume
restartPolicy: Always
test: false
triggers:
- type: ConfigChange
- type: ImageChange
imageChangeParams:
automatic: true
containerNames:
- fedora-ostree-pruner
from:
kind: ImageStreamTag
name: fedora-ostree-pruner-img:latest
- type: ConfigChange
- type: ImageChange
imageChangeParams:
automatic: true
containerNames:
- fedora-ostree-pruner
from:
kind: ImageStreamTag
name: fedora-ostree-pruner-img:latest

53
roles/openshift-apps/fedora-ostree-pruner/templates/imagestream.yml
View file

@ -1,29 +1,30 @@
---
apiVersion: image.openshift.io/v1
kind: List
items:
# ImageStream for Fedora image
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
labels:
build: fedora-ostree-pruner
name: fedora
spec:
lookupPolicy:
local: false
tags:
- name: "38"
from:
kind: DockerImage
name: registry.fedoraproject.org/fedora:38
importPolicy:
scheduled: true
referencePolicy:
type: Source
# ImageStream for resulting built fedora-ostree-pruner-img
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
labels:
build: fedora-ostree-pruner
name: fedora-ostree-pruner-img
# ImageStream for Fedora image
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
labels:
build: fedora-ostree-pruner
name: fedora
spec:
lookupPolicy:
local: false
tags:
- name: "38"
from:
kind: DockerImage
name: registry.fedoraproject.org/fedora:38
importPolicy:
scheduled: true
referencePolicy:
type: Source
# ImageStream for resulting built fedora-ostree-pruner-img
- apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
labels:
build: fedora-ostree-pruner
name: fedora-ostree-pruner-img

1
roles/openshift-apps/fedora-ostree-pruner/templates/pvc.yml
View file

@ -1,3 +1,4 @@
---
# PVC to mount the fedora-ostree-content-volume NFS share
# that has been mapped in to OpenShift by Fedora Infra for
# us from the NetApp. This corresponds to the fedora-ostree-content{,-stg}