Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Sync out keytab as secret

Browse source 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
This commit is contained in:
Patrick Uiterwijk 2019-05-10 21:55:29 +02:00
parent 266eecc0fe
commit 3288e5fd8c
4 changed files with 20 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

8
playbooks/openshift-apps/fas.yml
View file

@ -38,6 +38,14 @@
app: fas app: fas
template_fullpath: "{{roles_path}}/fas_server/templates/configmap.yml" template_fullpath: "{{roles_path}}/fas_server/templates/configmap.yml"
objectname: configmap.yml objectname: configmap.yml
- role: openshift/secret-file
app: fas
privatefile: "keytabs/{{env}}/fas_sync"
key: fas_sync_keytab
- role: openshift/secret-file
app: fas
privatefile: "fas-gpg/pubring.gpg"
key: fas_gpg_pubring
- role: openshift/object - role: openshift/object
app: fas app: fas
file: service-fas.yml file: service-fas.yml

4
roles/fas_server/templates/configmap.yml
View file

@ -80,14 +80,10 @@ data:
# FAS stuff # FAS stuff
{{ load_file('fas-app.conf.j2') | indent() }} {{ load_file('fas-app.conf.j2') | indent() }}
fas_sync_keytab: |-
{{ lookup('file', '{{ private }}/files/keytabs/{{env}}/fas_sync') | indent() }}
fas_sync_cert.pem: |- fas_sync_cert.pem: |-
{{ lookup('file', '{{ roles_path }}/fas_server/files/ipa.{{env}}.pem') | indent() }} {{ lookup('file', '{{ roles_path }}/fas_server/files/ipa.{{env}}.pem') | indent() }}
fas-log.cfg: |- fas-log.cfg: |-
{{ lookup('file', '{{ roles_path }}/fas_server/files/fas-log.cfg') | indent() }} {{ lookup('file', '{{ roles_path }}/fas_server/files/fas-log.cfg') | indent() }}
pubring.gpg: |-
{{ lookup('file', '{{ private }}/files/fas-gpg/pubring.gpg') | indent() }}
fas.cfg: |- fas.cfg: |-
{{ load_file('fas.cfg.j2') | indent() }} {{ load_file('fas.cfg.j2') | indent() }}
export-bugzilla.cfg: |- export-bugzilla.cfg: |-

3
roles/openshift-apps/fas/templates/buildconfig-fas.yml
View file

@ -29,15 +29,12 @@ spec:
# Set up config symlinks # Set up config symlinks
RUN rm -f /etc/krb5.conf && \ RUN rm -f /etc/krb5.conf && \
rm -f /etc/fas-gpg/pubring.gpg && \
rm -f /etc/fas.cfg && \ rm -f /etc/fas.cfg && \
rm -f /usr/sbin/export-bugzilla && \ rm -f /usr/sbin/export-bugzilla && \
rm -f /usr/lib/python2.6/site-packages/fas/config/log.cfg && \ rm -f /usr/lib/python2.6/site-packages/fas/config/log.cfg && \
ln -sf /etc/fas/krb5.conf /etc/krb5.conf && \ ln -sf /etc/fas/krb5.conf /etc/krb5.conf && \
ln -sf /etc/fas/pubring.gpg /etc/fas-gpg/pubring.gpg &&\
ln -sf /etc/fas/fas.cfg /etc/fas.cfg && \ ln -sf /etc/fas/fas.cfg /etc/fas.cfg && \
ln -sf /etc/fas/fas-log.cfg /usr/lib/python2.6/site-packages/fas/config/log.cfg && \ ln -sf /etc/fas/fas-log.cfg /usr/lib/python2.6/site-packages/fas/config/log.cfg && \
ln -sf /etc/fas/fas_sync_keytab /etc/fas_sync_keytab
EXPOSE 8080 EXPOSE 8080
ENTRYPOINT bash /etc/fas/start.sh ENTRYPOINT bash /etc/fas/start.sh

12
roles/openshift-apps/fas/templates/deploymentconfig-fas.yml
View file

@ -37,6 +37,12 @@ spec:
- name: config-volume - name: config-volume
mountPath: /etc/fas mountPath: /etc/fas
readOnly: true readOnly: true
- name: secret-sync-keytab
mountPath: /etc/fas_sync_keytab
readOnly: true
- name: secret-pubring
mountPath: /etc/fas-gpg/pubring.gpg
readOnly: true
- name: httpdir-volume - name: httpdir-volume
mountPath: /httpdir mountPath: /httpdir
readinessProbe: readinessProbe:
@ -55,6 +61,12 @@ spec:
- name: config-volume - name: config-volume
configMap: configMap:
name: fas name: fas
- name: secret-sync-keytab
secret:
secretName: fas_sync_keytab
- name: secret-pubring
secret:
secretName: fas_gpg_pubring
- name: httpdir-volume - name: httpdir-volume
emptyDir: {} emptyDir: {}
triggers: triggers: