Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

OSBS : Configure aarch64 cluster in stg

Browse source 
Signed-off-by: Clement Verna <cverna@tutanota.com>
This commit is contained in:
Clement Verna 2018-10-23 10:58:29 +02:00
parent 2ffb0edf37
commit 6ee43e67dc
3 changed files with 25 additions and 109 deletions
Download patch file Download diff file Expand all files Collapse all files

103
inventory/group_vars/osbs-aarch64-masters-stg
View file

@ -49,109 +49,6 @@ osbs_conf_readwrite_users:
- "system:serviceaccount:{{ osbs_namespace }}:default"
- "system:serviceaccount:{{ osbs_namespace }}:builder"
osbs_conf_worker_clusters:
aarch64:
- name: aarch64
max_concurrent_builds: 1
openshift_url: "https://osbs.stg.fedoraproject.org/"
verify_ssl: 'false'
osbs_platform_descriptors:
- platform: aarch64
architecture: aarch64
enable_v1: True
_osbs_reactor_config_map:
version: 1
clusters:
aarch64:
- name: "aarch64"
max_concurrent_builds: 1
clusters_client_config_dir: "/var/run/secrets/atomic-reactor/client-config-secret"
koji:
hub_url: "https://koji{{ env_suffix }}.fedoraproject.org/kojihub"
root_url: "https://koji{{ env_suffix }}.fedoraproject.org/"
auth:
krb_principal: "osbs/{{osbs_url}}@{{ ipa_realm }}"
krb_keytab_path: "FILE:/etc/krb5.osbs_{{ osbs_url }}.keytab"
odcs:
api_url: "https://odcs{{ env_suffix }}.fedoraproject.org/api/1"
auth:
openidc_dir: "/var/run/secrets/atomic-reactor/odcs-oidc-secret"
signing_intents:
- name: unsigned
keys: []
default_signing_intent: "unsigned"
pdc:
api_url: "https://pdc{{ env_suffix }}.fedoraproject.org/rest_api/v1/"
image_labels:
vendor: "{{ osbs_conf_vendor }}"
authoritative-source-url: "{{ source_registry }}"
distribution-scope: public
image_equal_labels:
- ['description', 'io.k8s.description']
openshift:
url: "https://{{ osbs_url }}"
insecure: true
build_json_dir: /usr/share/osbs
auth:
enable: True
platform_descriptors: "{{ osbs_platform_descriptors }}"
prefer_schema1_digest: False
content_versions:
- v1
- v2
registries:
- url: https://candidate-registry.stg.fedoraproject.org/v2
insecure: False
auth:
cfg_path: /var/run/secrets/atomic-reactor/v2-registry-dockercfg
source_registry:
url: "{{ source_registry }}"
insecure: True
group_manifests: True
sources_command: "{{ osbs_conf_sources_command }}"
artifacts_allowed_domains: []
#- download.devel.redhat.com/released
#- download.devel.redhat.com/devel/candidates
required_secrets:
- v2-registry-dockercfg
- odcs-oidc-secret
worker_token_secrets:
- aarch64-orchestrator
- client-config-secret
_osbs_scratch_reactor_config_map_overrides:
image_labels:
distribution-scope: private
osbs_reactor_config_maps:
- name: reactor-config-map
data: "{{ _osbs_reactor_config_map }}"
- name: reactor-config-map-scratch
data: >
{{ _osbs_reactor_config_map |
combine(_osbs_scratch_reactor_config_map_overrides, recursive=True) }}
osbs_odcs_enabled: false
#Docker command delegated host
composer: composer.stg.phx2.fedoraproject.org

4
inventory/group_vars/osbs-masters-stg
View file

@ -63,6 +63,9 @@ _osbs_reactor_config_map:
- name: "x86_64"
max_concurrent_builds: 2
-name: "aarch64"
max_concurrent_builds: 1
clusters_client_config_dir: "/var/run/secrets/atomic-reactor/client-config-secret"
koji:
@ -130,6 +133,7 @@ _osbs_reactor_config_map:
worker_token_secrets:
- x86-64-orchestrator
- aarch64-orchestrator
- client-config-secret
_osbs_scratch_reactor_config_map_overrides:

27
playbooks/groups/osbs-cluster.yml
View file

@ -289,7 +289,7 @@
dest: "/etc/dnsmasq.d/fedora-dns.conf"
- name: Create worker namespace
hosts: osbs-masters-stg[0]:osbs-masters[0]
hosts: osbs-masters-stg[0]:osbs-masters[0]:osbs-aarch64-masters-stg[0]
tags:
- osbs-worker-namespace
user: root
@ -312,7 +312,7 @@
osbs_sources_command: "{{ osbs_conf_sources_command }}"
osbs_vendor: "{{ osbs_conf_vendor }}"
#TODO Remove post F29 freeze
- name: setup koji secret in worker namespace
hosts: osbs-masters[0]
vars_files:
@ -330,7 +330,7 @@
dest: cert
- name: setup ODCS secret in worker namespace
hosts: osbs-masters-stg[0]:osbs-masters[0]
hosts: osbs-masters-stg[0]:osbs-masters[0]:osbs-aarch64-masters-stg[0]
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
@ -460,6 +460,21 @@
tags:
- osbs-orchestrator-namespace
- name: setup orchestrator token for aarch64-osbs
hosts: osbs-masters-stg[0]
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- role: osbs-secret
osbs_secret_name: aarch64-orchestrator
osbs_secret_files:
- source: "{{ private }}/files/osbs/{{ env }}/aarch64-osbs-orchestrator"
dest: token
tags:
- osbs-orchestrator-namespace
- name: Add dockercfg secret to allow registry push orchestrator
hosts: osbs-masters-stg[0]:osbs-masters[0]
tags:
@ -500,7 +515,7 @@
path="/tmp/.dockercfg"
- name: Add dockercfg secret to allow registry push worker
hosts: osbs-masters-stg[0]:osbs-masters[0]
hosts: osbs-masters-stg[0]:osbs-masters[0]:osbs-aarch64-masters-stg[0]
tags:
- osbs-dockercfg-secret
user: root
@ -540,7 +555,7 @@
path="/tmp/.dockercfg"
- name: post-install master host osbs tasks
hosts: osbs-masters-stg:osbs-masters
hosts: osbs-masters-stg:osbs-masters:osbs-aarch64-masters-stg[0]
tags:
- osbs-post-install
vars_files:
@ -580,7 +595,7 @@
- name: post-install osbs tasks
hosts: osbs-nodes-stg:osbs-nodes
hosts: osbs-nodes-stg:osbs-nodes:osbs-aarch64-nodes-stg
tags:
- osbs-post-install
vars_files: