From 2b181e86c0c75fd513bcd5cc9910ca3a011ff38d Mon Sep 17 00:00:00 2001 From: Clement Verna Date: Thu, 29 Mar 2018 14:31:57 +0200 Subject: [PATCH 1/6] Give custom build permission to default and builder account Signed-off-by: Clement Verna --- inventory/group_vars/osbs-masters-stg | 4 ++++ playbooks/groups/osbs-cluster.yml | 2 ++ 2 files changed, 6 insertions(+) diff --git a/inventory/group_vars/osbs-masters-stg b/inventory/group_vars/osbs-masters-stg index f4bc374137..bf4da3dc13 100644 --- a/inventory/group_vars/osbs-masters-stg +++ b/inventory/group_vars/osbs-masters-stg @@ -32,6 +32,10 @@ osbs_conf_vendor: Fedora Project osbs_orchestrator_cpu_limitrange: "95m" osbs_orchestrator_default_nodeselector: "orchestrator=true" +osbs_readwrite_users: + - default + - builder + nagios_Check_Services: nrpe: true sshd: true diff --git a/playbooks/groups/osbs-cluster.yml b/playbooks/groups/osbs-cluster.yml index d5641344a1..0a45383372 100644 --- a/playbooks/groups/osbs-cluster.yml +++ b/playbooks/groups/osbs-cluster.yml @@ -432,6 +432,7 @@ osbs_authoritative_registry: "{{ source_registry }}" osbs_sources_command: "{{ osbs_conf_sources_command }}" osbs_vendor: "{{ osbs_conf_vendor }}" + osbs_readwrite_users: "{{ osbs_readwrite_users }}" when: env == "staging" - name: setup koji secret in worker namespace @@ -480,6 +481,7 @@ osbs_authoritative_registry: "{{ source_registry }}" osbs_sources_command: "{{ osbs_conf_sources_command }}" osbs_vendor: "{{ osbs_conf_vendor }}" + osbs_readwrite_users: "{{ osbs_readwrite_users }}" when: env == "staging" - name: setup reactor config secret in orchestrator namespace From 14d4e036e0ee0dbcc9281fd0f60efcbbb9f534df Mon Sep 17 00:00:00 2001 From: Clement Verna Date: Thu, 29 Mar 2018 14:38:02 +0200 Subject: [PATCH 2/6] Change the name of the conf variable Signed-off-by: Clement Verna --- inventory/group_vars/osbs-masters-stg | 2 +- playbooks/groups/osbs-cluster.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/inventory/group_vars/osbs-masters-stg b/inventory/group_vars/osbs-masters-stg index bf4da3dc13..55b36ffb81 100644 --- a/inventory/group_vars/osbs-masters-stg +++ b/inventory/group_vars/osbs-masters-stg @@ -32,7 +32,7 @@ osbs_conf_vendor: Fedora Project osbs_orchestrator_cpu_limitrange: "95m" osbs_orchestrator_default_nodeselector: "orchestrator=true" -osbs_readwrite_users: +osbs_conf_readwrite_users: - default - builder diff --git a/playbooks/groups/osbs-cluster.yml b/playbooks/groups/osbs-cluster.yml index 0a45383372..619ff0312b 100644 --- a/playbooks/groups/osbs-cluster.yml +++ b/playbooks/groups/osbs-cluster.yml @@ -432,7 +432,7 @@ osbs_authoritative_registry: "{{ source_registry }}" osbs_sources_command: "{{ osbs_conf_sources_command }}" osbs_vendor: "{{ osbs_conf_vendor }}" - osbs_readwrite_users: "{{ osbs_readwrite_users }}" + osbs_readwrite_users: "{{ osbs_conf_readwrite_users }}" when: env == "staging" - name: setup koji secret in worker namespace @@ -481,7 +481,7 @@ osbs_authoritative_registry: "{{ source_registry }}" osbs_sources_command: "{{ osbs_conf_sources_command }}" osbs_vendor: "{{ osbs_conf_vendor }}" - osbs_readwrite_users: "{{ osbs_readwrite_users }}" + osbs_readwrite_users: "{{ osbs_conf_readwrite_users }}" when: env == "staging" - name: setup reactor config secret in orchestrator namespace From be2b4af30c404dc81dda8971acd321d53c3ab6b9 Mon Sep 17 00:00:00 2001 From: Clement Verna Date: Thu, 29 Mar 2018 15:27:04 +0200 Subject: [PATCH 3/6] Account should service account and not users Signed-off-by: Clement Verna --- inventory/group_vars/osbs-masters-stg | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/inventory/group_vars/osbs-masters-stg b/inventory/group_vars/osbs-masters-stg index 55b36ffb81..3421b3ed3c 100644 --- a/inventory/group_vars/osbs-masters-stg +++ b/inventory/group_vars/osbs-masters-stg @@ -33,8 +33,8 @@ osbs_orchestrator_cpu_limitrange: "95m" osbs_orchestrator_default_nodeselector: "orchestrator=true" osbs_conf_readwrite_users: - - default - - builder + - "system:serviceaccount:{{ osbs_namespace }}:default" + - "system:serviceaccount:{{ osbs_namespace }}:builder" nagios_Check_Services: nrpe: true From 48f71cb3eb8ddff0453d2aa3a438ee2826becb42 Mon Sep 17 00:00:00 2001 From: Clement Verna Date: Thu, 29 Mar 2018 15:53:32 +0200 Subject: [PATCH 4/6] Let's remove the double quotes Signed-off-by: Clement Verna --- inventory/group_vars/osbs-masters-stg | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/inventory/group_vars/osbs-masters-stg b/inventory/group_vars/osbs-masters-stg index 3421b3ed3c..f1d6108730 100644 --- a/inventory/group_vars/osbs-masters-stg +++ b/inventory/group_vars/osbs-masters-stg @@ -33,8 +33,8 @@ osbs_orchestrator_cpu_limitrange: "95m" osbs_orchestrator_default_nodeselector: "orchestrator=true" osbs_conf_readwrite_users: - - "system:serviceaccount:{{ osbs_namespace }}:default" - - "system:serviceaccount:{{ osbs_namespace }}:builder" + - system:serviceaccount:{{ osbs_namespace }}:default + - system:serviceaccount:{{ osbs_namespace }}:builder nagios_Check_Services: nrpe: true From 230a9e78c92c07880956072046080353d73f215f Mon Sep 17 00:00:00 2001 From: Nick Bebout Date: Thu, 29 Mar 2018 17:39:34 +0000 Subject: [PATCH 5/6] Add a bugzilla email exception for jbwillia --- roles/distgit/pagure/files/fas2.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/distgit/pagure/files/fas2.py b/roles/distgit/pagure/files/fas2.py index 7886c025c3..f20b0bdc13 100644 --- a/roles/distgit/pagure/files/fas2.py +++ b/roles/distgit/pagure/files/fas2.py @@ -273,6 +273,8 @@ class AccountSystem(BaseClient): 172063: 'roshi@fedoraproject.org', # Dusty Mabe: dusty@dustymabe.com 170115: 'dustymabe@redhat.com', + # Ben Williams: vaioof@gmail.com + 100572: 'jbwillia@math.vt.edu ', } # A few people have an email account that is used in owners.list but # have setup a bugzilla account for their primary account system email From 77bd7da1c323db8dd89cc0aeaaae9dd52ff87698 Mon Sep 17 00:00:00 2001 From: Nick Bebout Date: Thu, 29 Mar 2018 20:32:49 +0000 Subject: [PATCH 6/6] Add BZ email exception for jbwillia --- roles/distgit/pagure/files/fas2.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/distgit/pagure/files/fas2.py b/roles/distgit/pagure/files/fas2.py index f20b0bdc13..ff0fa6e01d 100644 --- a/roles/distgit/pagure/files/fas2.py +++ b/roles/distgit/pagure/files/fas2.py @@ -274,7 +274,7 @@ class AccountSystem(BaseClient): # Dusty Mabe: dusty@dustymabe.com 170115: 'dustymabe@redhat.com', # Ben Williams: vaioof@gmail.com - 100572: 'jbwillia@math.vt.edu ', + 100572: 'jbwillia@math.vt.edu', } # A few people have an email account that is used in owners.list but # have setup a bugzilla account for their primary account system email