diff --git a/inventory/group_vars/osbs-aarch64-masters-stg b/inventory/group_vars/osbs-aarch64-masters-stg index c996456e39..db9b6a4e7f 100644 --- a/inventory/group_vars/osbs-aarch64-masters-stg +++ b/inventory/group_vars/osbs-aarch64-masters-stg @@ -49,109 +49,6 @@ osbs_conf_readwrite_users: - "system:serviceaccount:{{ osbs_namespace }}:default" - "system:serviceaccount:{{ osbs_namespace }}:builder" -osbs_conf_worker_clusters: - aarch64: - - name: aarch64 - max_concurrent_builds: 1 - openshift_url: "https://osbs.stg.fedoraproject.org/" - verify_ssl: 'false' - -osbs_platform_descriptors: -- platform: aarch64 - architecture: aarch64 - enable_v1: True - -_osbs_reactor_config_map: - version: 1 - - clusters: - aarch64: - - name: "aarch64" - max_concurrent_builds: 1 - - clusters_client_config_dir: "/var/run/secrets/atomic-reactor/client-config-secret" - - koji: - hub_url: "https://koji{{ env_suffix }}.fedoraproject.org/kojihub" - root_url: "https://koji{{ env_suffix }}.fedoraproject.org/" - auth: - krb_principal: "osbs/{{osbs_url}}@{{ ipa_realm }}" - krb_keytab_path: "FILE:/etc/krb5.osbs_{{ osbs_url }}.keytab" - - odcs: - api_url: "https://odcs{{ env_suffix }}.fedoraproject.org/api/1" - auth: - openidc_dir: "/var/run/secrets/atomic-reactor/odcs-oidc-secret" - signing_intents: - - name: unsigned - keys: [] - default_signing_intent: "unsigned" - - pdc: - api_url: "https://pdc{{ env_suffix }}.fedoraproject.org/rest_api/v1/" - - image_labels: - vendor: "{{ osbs_conf_vendor }}" - authoritative-source-url: "{{ source_registry }}" - distribution-scope: public - - image_equal_labels: - - ['description', 'io.k8s.description'] - openshift: - url: "https://{{ osbs_url }}" - insecure: true - build_json_dir: /usr/share/osbs - auth: - enable: True - - platform_descriptors: "{{ osbs_platform_descriptors }}" - - prefer_schema1_digest: False - - content_versions: - - v1 - - v2 - - registries: - - url: https://candidate-registry.stg.fedoraproject.org/v2 - insecure: False - auth: - cfg_path: /var/run/secrets/atomic-reactor/v2-registry-dockercfg - - source_registry: - url: "{{ source_registry }}" - insecure: True - - group_manifests: True - - sources_command: "{{ osbs_conf_sources_command }}" - - artifacts_allowed_domains: [] - #- download.devel.redhat.com/released - #- download.devel.redhat.com/devel/candidates - - required_secrets: - - v2-registry-dockercfg - - odcs-oidc-secret - - worker_token_secrets: - - aarch64-orchestrator - - client-config-secret - -_osbs_scratch_reactor_config_map_overrides: - image_labels: - distribution-scope: private - -osbs_reactor_config_maps: -- name: reactor-config-map - data: "{{ _osbs_reactor_config_map }}" -- name: reactor-config-map-scratch - data: > - {{ _osbs_reactor_config_map | - combine(_osbs_scratch_reactor_config_map_overrides, recursive=True) }} - -osbs_odcs_enabled: false - #Docker command delegated host composer: composer.stg.phx2.fedoraproject.org diff --git a/inventory/group_vars/osbs-masters-stg b/inventory/group_vars/osbs-masters-stg index 272ae705b8..149e835673 100644 --- a/inventory/group_vars/osbs-masters-stg +++ b/inventory/group_vars/osbs-masters-stg @@ -63,6 +63,9 @@ _osbs_reactor_config_map: - name: "x86_64" max_concurrent_builds: 2 + -name: "aarch64" + max_concurrent_builds: 1 + clusters_client_config_dir: "/var/run/secrets/atomic-reactor/client-config-secret" koji: @@ -130,6 +133,7 @@ _osbs_reactor_config_map: worker_token_secrets: - x86-64-orchestrator + - aarch64-orchestrator - client-config-secret _osbs_scratch_reactor_config_map_overrides: diff --git a/playbooks/groups/osbs-cluster.yml b/playbooks/groups/osbs-cluster.yml index f107c0229b..f839d7f54f 100644 --- a/playbooks/groups/osbs-cluster.yml +++ b/playbooks/groups/osbs-cluster.yml @@ -289,7 +289,7 @@ dest: "/etc/dnsmasq.d/fedora-dns.conf" - name: Create worker namespace - hosts: osbs-masters-stg[0]:osbs-masters[0] + hosts: osbs-masters-stg[0]:osbs-masters[0]:osbs-aarch64-masters-stg[0] tags: - osbs-worker-namespace user: root @@ -312,7 +312,7 @@ osbs_sources_command: "{{ osbs_conf_sources_command }}" osbs_vendor: "{{ osbs_conf_vendor }}" - +#TODO Remove post F29 freeze - name: setup koji secret in worker namespace hosts: osbs-masters[0] vars_files: @@ -330,7 +330,7 @@ dest: cert - name: setup ODCS secret in worker namespace - hosts: osbs-masters-stg[0]:osbs-masters[0] + hosts: osbs-masters-stg[0]:osbs-masters[0]:osbs-aarch64-masters-stg[0] vars_files: - /srv/web/infra/ansible/vars/global.yml - "/srv/private/ansible/vars.yml" @@ -460,6 +460,21 @@ tags: - osbs-orchestrator-namespace +- name: setup orchestrator token for aarch64-osbs + hosts: osbs-masters-stg[0] + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + roles: + - role: osbs-secret + osbs_secret_name: aarch64-orchestrator + osbs_secret_files: + - source: "{{ private }}/files/osbs/{{ env }}/aarch64-osbs-orchestrator" + dest: token + tags: + - osbs-orchestrator-namespace + - name: Add dockercfg secret to allow registry push orchestrator hosts: osbs-masters-stg[0]:osbs-masters[0] tags: @@ -500,7 +515,7 @@ path="/tmp/.dockercfg" - name: Add dockercfg secret to allow registry push worker - hosts: osbs-masters-stg[0]:osbs-masters[0] + hosts: osbs-masters-stg[0]:osbs-masters[0]:osbs-aarch64-masters-stg[0] tags: - osbs-dockercfg-secret user: root @@ -540,7 +555,7 @@ path="/tmp/.dockercfg" - name: post-install master host osbs tasks - hosts: osbs-masters-stg:osbs-masters + hosts: osbs-masters-stg:osbs-masters:osbs-aarch64-masters-stg[0] tags: - osbs-post-install vars_files: @@ -580,7 +595,7 @@ - name: post-install osbs tasks - hosts: osbs-nodes-stg:osbs-nodes + hosts: osbs-nodes-stg:osbs-nodes:osbs-aarch64-nodes-stg tags: - osbs-post-install vars_files: