OSBS: move the flatpak base image from osbs.conf to the configmap.

Fixes https://pagure.io/fedora-infrastructure/issue/7614 Signed-off-by: Clement Verna <cverna@tutanota.com>
2019-03-05 08:46:21 +01:00 · 2019-03-05 08:46:21 +01:00 · 43bbc53007
commit 43bbc53007
parent f0812c273e
4 changed files with 163 additions and 158 deletions
--- a/inventory/group_vars/osbs-masters
+++ b/inventory/group_vars/osbs-masters
@ -102,6 +102,9 @@ _osbs_reactor_config_map:
    pdc:
        api_url: "https://pdc{{ env_suffix }}.fedoraproject.org/rest_api/v1/"
    flatpak:
        base_image: "registry.fedoraproject.org/fedora:latest"
    image_labels:
      vendor: "Fedora Project"
      authoritative-source-url: "{{ source_registry }}"
--- a/inventory/group_vars/osbs-masters-stg
+++ b/inventory/group_vars/osbs-masters-stg
@ -97,6 +97,9 @@ _osbs_reactor_config_map:
    pdc:
        api_url: "https://pdc{{ env_suffix }}.fedoraproject.org/rest_api/v1/"
    flatpak:
        base_image: "registry.fedoraproject.org/fedora:latest"
    image_labels:
      vendor: "Fedora Project"
      authoritative-source-url: "{{ source_registry }}"
--- a/playbooks/groups/buildvm.yml
+++ b/playbooks/groups/buildvm.yml
@ -11,54 +11,59 @@
  gather_facts: True
  vars_files:
-   - /srv/web/infra/ansible/vars/global.yml
+    - /srv/web/infra/ansible/vars/global.yml
-   - "/srv/private/ansible/vars.yml"
+    - "/srv/private/ansible/vars.yml"
-   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
  pre_tasks:
-  - import_tasks: "{{ tasks_path }}/yumrepos.yml"
+    - import_tasks: "{{ tasks_path }}/yumrepos.yml"
  roles:
-  - base
+    - base
-  - hosts
+    - hosts
-  - { role: nfs/client, mnt_dir: '/mnt/fedora_koji',  nfs_src_dir: "{{ koji_hub_nfs }}", when: "env == 'staging' or createrepo" }
+    - {
-  - { role: fas_client, when: not inventory_hostname.startswith('bkernel') }
+        role: nfs/client,
-  - { role: sudo, when: not inventory_hostname.startswith('bkernel') }
+        mnt_dir: "/mnt/fedora_koji",
-  - koji_builder
+        nfs_src_dir: "{{ koji_hub_nfs }}",
-  - role: keytab/service
+        when: "env == 'staging' or createrepo",
-    kt_location: /etc/kojid/kojid.keytab
+      }
-    service: compile
+    - { role: fas_client, when: not inventory_hostname.startswith('bkernel') }
-  - role: keytab/service
+    - { role: sudo, when: not inventory_hostname.startswith('bkernel') }
-    owner_user: root
+    - koji_builder
-    owner_group: root
+    - role: keytab/service
-    service: osbs
+      kt_location: /etc/kojid/kojid.keytab
-    host: "osbs.fedoraproject.org"
+      service: compile
-    when: env == "production"
+    - role: keytab/service
-  - role: keytab/service
+      owner_user: root
-    owner_user: root
+      owner_group: root
-    owner_group: root
+      service: osbs
-    service: osbs
+      host: "osbs.fedoraproject.org"
-    host: "osbs.stg.fedoraproject.org"
+      when: env == "production"
-    when: env == "staging"
+    - role: keytab/service
-  - role: keytab/service
+      owner_user: root
-    owner_user: root
+      owner_group: root
-    owner_group: root
+      service: osbs
-    service: innercompose
+      host: "osbs.stg.fedoraproject.org"
-    host: "odcs{{ env_suffix }}.fedoraproject.org"
+      when: env == "staging"
-    kt_location: /etc/kojid/secrets/odcs_inner.keytab
+    - role: keytab/service
-    when: env == "staging"
+      owner_user: root
      owner_group: root
      service: innercompose
      host: "odcs{{ env_suffix }}.fedoraproject.org"
      kt_location: /etc/kojid/secrets/odcs_inner.keytab
      when: env == "staging"
  tasks:
-  - import_tasks: "{{ tasks_path }}/2fa_client.yml"
+    - import_tasks: "{{ tasks_path }}/2fa_client.yml"
-    when: not inventory_hostname.startswith('bkernel')
+      when: not inventory_hostname.startswith('bkernel')
-  - import_tasks: "{{ tasks_path }}/motd.yml"
+    - import_tasks: "{{ tasks_path }}/motd.yml"
-    when: not inventory_hostname.startswith('bkernel')
+      when: not inventory_hostname.startswith('bkernel')
-  - name: make sure kojid is running
+    - name: make sure kojid is running
-    service: name=kojid state=started enabled=yes
+      service: name=kojid state=started enabled=yes
  handlers:
-  - import_tasks: "{{ handlers_path }}/restart_services.yml"
+    - import_tasks: "{{ handlers_path }}/restart_services.yml"
 - name: configure osbs on koji builders
  hosts: buildvm:buildvm-stg
@ -68,96 +73,97 @@
  gather_facts: True
  vars_files:
-   - /srv/web/infra/ansible/vars/global.yml
+    - /srv/web/infra/ansible/vars/global.yml
-   - "/srv/private/ansible/vars.yml"
+    - "/srv/private/ansible/vars.yml"
-   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
  pre_tasks:
-  - import_tasks: "{{ tasks_path }}/osbs_certs.yml"
+    - import_tasks: "{{ tasks_path }}/osbs_certs.yml"
-  - import_tasks: "{{ tasks_path }}/osbs_koji_token.yml"
+    - import_tasks: "{{ tasks_path }}/osbs_koji_token.yml"
  roles:
-  - {
+    - {
-      role: osbs-client,
+        role: osbs-client,
        when: env == 'staging' and ansible_architecture == 'x86_64',
-        general: {
+        general:
-          verbose: 0,
+          {
-          build_json_dir: '/usr/share/osbs/',
+            verbose: 0,
-          openshift_required_version: 1.1.0,
+            build_json_dir: "/usr/share/osbs/",
-        },
+            openshift_required_version: 1.1.0,
-        default: {
+          },
-          username: "{{ osbs_koji_stg_username }}",
+        default:
-          password: "{{ osbs_koji_stg_password }}",
+          {
-          koji_use_kerberos: True,
+            username: "{{ osbs_koji_stg_username }}",
-          koji_kerberos_keytab: "FILE:/etc/krb5.osbs_{{osbs_url}}.keytab",
+            password: "{{ osbs_koji_stg_password }}",
-          koji_kerberos_principal: "osbs/{{osbs_url}}@{{ipa_realm}}",
+            koji_use_kerberos: True,
-          openshift_url: 'https://{{ osbs_url }}/',
+            koji_kerberos_keytab: "FILE:/etc/krb5.osbs_{{osbs_url}}.keytab",
-          build_host: '{{ osbs_url }}',
+            koji_kerberos_principal: "osbs/{{osbs_url}}@{{ipa_realm}}",
-          koji_root: 'http://{{ koji_root }}',
+            openshift_url: "https://{{ osbs_url }}/",
-          koji_hub: 'https://koji.stg.fedoraproject.org/kojihub',
+            build_host: "{{ osbs_url }}",
-          sources_command: 'fedpkg sources',
+            koji_root: "http://{{ koji_root }}",
-          build_type: 'prod',
+            koji_hub: "https://koji.stg.fedoraproject.org/kojihub",
-          verify_ssl: true,
+            sources_command: "fedpkg sources",
-          use_auth: true,
+            build_type: "prod",
-          builder_use_auth: true,
+            verify_ssl: true,
-          registry_api_versions: 'v2',
+            use_auth: true,
-          builder_openshift_url: 'https://{{osbs_url}}',
+            builder_use_auth: true,
-          client_config_secret: 'client-config-secret',
+            registry_api_versions: "v2",
-          reactor_config_secret: 'reactor-config-secret',
+            builder_openshift_url: "https://{{osbs_url}}",
-          token_secrets: 'x86-64-osbs:/var/run/secrets/atomic-reactor/x86-64-orchestrator',
+            client_config_secret: "client-config-secret",
-          token_file: '/etc/osbs/x86-64-osbs-koji',
+            reactor_config_secret: "reactor-config-secret",
-          namespace: 'osbs-fedora',
+            token_secrets: "x86-64-osbs:/var/run/secrets/atomic-reactor/x86-64-orchestrator",
-          can_orchestrate: true,
+            token_file: "/etc/osbs/x86-64-osbs-koji",
-          builder_odcs_url: "https://odcs{{ env_suffix }}.fedoraproject.org",
+            namespace: "osbs-fedora",
-          builder_odcs_openidc_secret: "odcs-oidc-secret",
+            can_orchestrate: true,
-          builder_pdc_url: "https://pdc.stg.fedoraproject.org/api/1",
+            builder_odcs_url: "https://odcs{{ env_suffix }}.fedoraproject.org",
-          flatpak_base_image: "registry.stg.fedoraproject.org/fedora:28",
+            builder_odcs_openidc_secret: "odcs-oidc-secret",
-          reactor_config_map: "reactor-config-map",
+            builder_pdc_url: "https://pdc.stg.fedoraproject.org/api/1",
-          reactor_config_map_scratch: "reactor-config-map-scratch",
+            reactor_config_map: "reactor-config-map",
-          build_from: "image:buildroot:latest"
+            reactor_config_map_scratch: "reactor-config-map-scratch",
-        }
+            build_from: "image:buildroot:latest",
-    }
+          },
-  - {
+      }
-      role: osbs-client,
+    - {
        role: osbs-client,
        when: env == 'production' and ansible_architecture == 'x86_64',
-        general: {
+        general:
-          verbose: 0,
+          {
-          build_json_dir: '/usr/share/osbs/',
+            verbose: 0,
-          openshift_required_version: 1.1.0,
+            build_json_dir: "/usr/share/osbs/",
-        },
+            openshift_required_version: 1.1.0,
-        default: {
+          },
-          username: "{{ osbs_koji_prod_username }}",
+        default:
-          password: "{{ osbs_koji_prod_password }}",
+          {
-          koji_use_kerberos: True,
+            username: "{{ osbs_koji_prod_username }}",
-          koji_kerberos_keytab: "FILE:/etc/krb5.osbs_{{osbs_url}}.keytab",
+            password: "{{ osbs_koji_prod_password }}",
-          koji_kerberos_principal: "osbs/{{osbs_url}}@{{ipa_realm}}",
+            koji_use_kerberos: True,
-          openshift_url: 'https://{{ osbs_url }}/',
+            koji_kerberos_keytab: "FILE:/etc/krb5.osbs_{{osbs_url}}.keytab",
-          build_host: '{{ osbs_url }}',
+            koji_kerberos_principal: "osbs/{{osbs_url}}@{{ipa_realm}}",
-          koji_root: 'http://{{ koji_root }}',
+            openshift_url: "https://{{ osbs_url }}/",
-          koji_hub: 'https://koji.fedoraproject.org/kojihub',
+            build_host: "{{ osbs_url }}",
-          sources_command: 'fedpkg sources',
+            koji_root: "http://{{ koji_root }}",
-          build_type: 'prod',
+            koji_hub: "https://koji.fedoraproject.org/kojihub",
-          verify_ssl: true,
+            sources_command: "fedpkg sources",
-          use_auth: true,
+            build_type: "prod",
-          builder_use_auth: true,
+            verify_ssl: true,
-          registry_api_versions: 'v2',
+            use_auth: true,
-          builder_openshift_url: 'https://{{osbs_url}}',
+            builder_use_auth: true,
-          token_secrets: 'x86-64-osbs:/var/run/secrets/atomic-reactor/x86-64-orchestrator',
+            registry_api_versions: "v2",
-          token_file: '/etc/osbs/x86-64-osbs-koji',
+            builder_openshift_url: "https://{{osbs_url}}",
-          namespace: 'osbs-fedora',
+            token_secrets: "x86-64-osbs:/var/run/secrets/atomic-reactor/x86-64-orchestrator",
-          can_orchestrate: true,
+            token_file: "/etc/osbs/x86-64-osbs-koji",
-          builder_odcs_url: "https://odcs{{ env_suffix }}.fedoraproject.org",
+            namespace: "osbs-fedora",
-          builder_odcs_openidc_secret: "odcs-oidc-secret",
+            can_orchestrate: true,
-          builder_pdc_url: "https://pdc.fedoraproject.org/api/1",
+            builder_odcs_url: "https://odcs{{ env_suffix }}.fedoraproject.org",
-          flatpak_base_image: "registry.fedoraproject.org/fedora:latest",
+            builder_odcs_openidc_secret: "odcs-oidc-secret",
-          reactor_config_map: "reactor-config-map",
+            builder_pdc_url: "https://pdc.fedoraproject.org/api/1",
-          reactor_config_map_scratch: "reactor-config-map-scratch",
+            reactor_config_map: "reactor-config-map",
-          build_from: "image:buildroot:latest"
+            reactor_config_map_scratch: "reactor-config-map-scratch",
-        }
+            build_from: "image:buildroot:latest",
-    }
+          },
      }
  handlers:
-  - import_tasks: "{{ handlers_path }}/restart_services.yml"
+    - import_tasks: "{{ handlers_path }}/restart_services.yml"
 - name: configure varnish cache
  hosts: buildvm-s390x-07.s390.fedoraproject.org:buildvm-s390x-01.stg.s390.fedoraproject.org
@ -167,15 +173,15 @@
  gather_facts: True
  vars_files:
-   - /srv/web/infra/ansible/vars/global.yml
+    - /srv/web/infra/ansible/vars/global.yml
-   - "/srv/private/ansible/vars.yml"
+    - "/srv/private/ansible/vars.yml"
-   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
  roles:
-  - varnish
+    - varnish
  handlers:
-  - import_tasks: "{{ handlers_path }}/restart_services.yml"
+    - import_tasks: "{{ handlers_path }}/restart_services.yml"
 - name: configure sshfs on buildvm-s390x-01
  hosts: buildvm-s390x-01.s390.fedoraproject.org:buildvm-s390x-01.stg.s390.fedoraproject.org
@ -185,32 +191,33 @@
  gather_facts: True
  vars_files:
-   - /srv/web/infra/ansible/vars/global.yml
+    - /srv/web/infra/ansible/vars/global.yml
-   - "/srv/private/ansible/vars.yml"
+    - "/srv/private/ansible/vars.yml"
-   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
  tasks:
-  - name: Put sshfs key in place
+    - name: Put sshfs key in place
-    copy: src="{{ private }}/files/releng/sshkeys/primary-s390x-sshfs{{ '-staging' if env == 'staging' else '' }}"
+      copy:
-          dest="/etc/primary-s390x-sshfs"
+        src="{{ private }}/files/releng/sshkeys/primary-s390x-sshfs{{ '-staging' if env == 'staging' else '' }}"
-          owner=root group=root mode=0600
+        dest="/etc/primary-s390x-sshfs"
-    tags:
+        owner=root group=root mode=0600
-    - sshfs
+      tags:
        - sshfs
-  - name: Install sshfs
+    - name: Install sshfs
-    package: name=sshfs
+      package: name=sshfs
-             state=present
+        state=present
-    tags:
+      tags:
-    - sshfs
+        - sshfs
-  - name: Add /mnt/fedora_koji sshfs
+    - name: Add /mnt/fedora_koji sshfs
-    mount: path="/mnt/fedora_koji"
+      mount: path="/mnt/fedora_koji"
-           state=present
+        state=present
-           fstype=fuse.sshfs
+        fstype=fuse.sshfs
-           src="root@koji01{{ env_suffix }}.phx2.fedoraproject.org:/mnt/fedora_koji"
+        src="root@koji01{{ env_suffix }}.phx2.fedoraproject.org:/mnt/fedora_koji"
-           opts="noauto,_netdev,ServerAliveInterval=20,IdentityFile=/etc/primary-s390x-sshfs"
+        opts="noauto,_netdev,ServerAliveInterval=20,IdentityFile=/etc/primary-s390x-sshfs"
-    tags:
+      tags:
-    - sshfs
+        - sshfs
  handlers:
-  - import_tasks: "{{ handlers_path }}/restart_services.yml"
+    - import_tasks: "{{ handlers_path }}/restart_services.yml"
--- a/roles/osbs-client/templates/osbs.conf.j2
+++ b/roles/osbs-client/templates/osbs.conf.j2
@ -82,10 +82,6 @@ pdc_url = {{ default.builder_pdc_url }}
 pdc_insecure = {{ default.builder_pdc_insecure }}
 {% endif %}
 {% if default.flatpak_base_image %}
 flatpak_base_image = {{ default.flatpak_base_image }}
 {% endif %}
 {% if default.reactor_config_map is defined %}
 reactor_config_map = {{ default.reactor_config_map }}
 {% endif %}
@ -175,10 +171,6 @@ pdc_url = {{ default.builder_pdc_url }}
 pdc_insecure = {{ default.builder_pdc_insecure }}
 {% endif %}
 {% if default.flatpak_base_image %}
 flatpak_base_image = {{ default.flatpak_base_image }}
 {% endif %}
 {% if default.reactor_config_map_scratch is defined %}
 reactor_config_map = {{ default.reactor_config_map_scratch }}
 {% endif %}