OSBS : Configure aarch64 cluster in stg

Signed-off-by: Clement Verna <cverna@tutanota.com>

inventory/group_vars/osbs-aarch64-masters-stg

@@ -49,109 +49,6 @@ osbs_conf_readwrite_users:
   - "system:serviceaccount:{{ osbs_namespace }}:default"
   - "system:serviceaccount:{{ osbs_namespace }}:builder"
 
-osbs_conf_worker_clusters:
-  aarch64:
-  - name: aarch64
-    max_concurrent_builds: 1
-    openshift_url: "https://osbs.stg.fedoraproject.org/"
-    verify_ssl: 'false'
-
-osbs_platform_descriptors:
-- platform: aarch64
-  architecture: aarch64
-  enable_v1: True
-
-_osbs_reactor_config_map:
-    version: 1
-
-    clusters:
-      aarch64:
-      - name: "aarch64"
-        max_concurrent_builds: 1
-
-    clusters_client_config_dir: "/var/run/secrets/atomic-reactor/client-config-secret"
-
-    koji:
-      hub_url: "https://koji{{ env_suffix }}.fedoraproject.org/kojihub"
-      root_url: "https://koji{{ env_suffix }}.fedoraproject.org/"
-      auth:
-        krb_principal: "osbs/{{osbs_url}}@{{ ipa_realm }}"
-        krb_keytab_path: "FILE:/etc/krb5.osbs_{{ osbs_url }}.keytab"
-
-    odcs:
-        api_url: "https://odcs{{ env_suffix }}.fedoraproject.org/api/1"
-        auth:
-          openidc_dir: "/var/run/secrets/atomic-reactor/odcs-oidc-secret"
-        signing_intents:
-          - name: unsigned
-            keys: []
-        default_signing_intent: "unsigned"
-
-    pdc:
-        api_url: "https://pdc{{ env_suffix }}.fedoraproject.org/rest_api/v1/"
-
-    image_labels:
-      vendor: "{{ osbs_conf_vendor }}"
-      authoritative-source-url: "{{ source_registry }}"
-      distribution-scope: public
-
-    image_equal_labels:
-      - ['description', 'io.k8s.description']
-    openshift:
-      url: "https://{{ osbs_url }}"
-      insecure: true
-      build_json_dir: /usr/share/osbs
-      auth:
-        enable: True
-
-    platform_descriptors: "{{ osbs_platform_descriptors }}"
-
-    prefer_schema1_digest: False
-
-    content_versions:
-    - v1
-    - v2
-
-    registries:
-    - url: https://candidate-registry.stg.fedoraproject.org/v2
-      insecure: False
-      auth:
-        cfg_path: /var/run/secrets/atomic-reactor/v2-registry-dockercfg
-
-    source_registry:
-      url: "{{ source_registry }}"
-      insecure: True
-
-    group_manifests: True
-
-    sources_command: "{{ osbs_conf_sources_command }}"
-
-    artifacts_allowed_domains: []
-    #- download.devel.redhat.com/released
-    #- download.devel.redhat.com/devel/candidates
-
-    required_secrets:
-    - v2-registry-dockercfg
-    - odcs-oidc-secret
-
-    worker_token_secrets:
-    - aarch64-orchestrator
-    - client-config-secret
-
-_osbs_scratch_reactor_config_map_overrides:
-  image_labels:
-    distribution-scope: private
-
-osbs_reactor_config_maps:
-- name: reactor-config-map
-  data: "{{ _osbs_reactor_config_map }}"
-- name: reactor-config-map-scratch
-  data: >
-    {{ _osbs_reactor_config_map |
-       combine(_osbs_scratch_reactor_config_map_overrides, recursive=True) }}
-
-osbs_odcs_enabled: false
-
 #Docker command delegated host
 composer: composer.stg.phx2.fedoraproject.org
 

inventory/group_vars/osbs-masters-stg

@@ -63,6 +63,9 @@ _osbs_reactor_config_map:
       - name: "x86_64"
         max_concurrent_builds: 2
 
+      -name: "aarch64"
+       max_concurrent_builds: 1
+
     clusters_client_config_dir: "/var/run/secrets/atomic-reactor/client-config-secret"
 
     koji:
@@ -130,6 +133,7 @@ _osbs_reactor_config_map:
 
     worker_token_secrets:
     - x86-64-orchestrator
+    - aarch64-orchestrator
     - client-config-secret
 
 _osbs_scratch_reactor_config_map_overrides:

playbooks/groups/osbs-cluster.yml

@@ -289,7 +289,7 @@
         dest: "/etc/dnsmasq.d/fedora-dns.conf"
 
 - name: Create worker namespace
-  hosts: osbs-masters-stg[0]:osbs-masters[0]
+  hosts: osbs-masters-stg[0]:osbs-masters[0]:osbs-aarch64-masters-stg[0]
   tags:
     - osbs-worker-namespace
   user: root
@@ -312,7 +312,7 @@
       osbs_sources_command: "{{ osbs_conf_sources_command }}"
       osbs_vendor: "{{ osbs_conf_vendor }}"
 
-
+#TODO Remove post F29 freeze
 - name: setup koji secret in worker namespace
   hosts: osbs-masters[0]
   vars_files:
@@ -330,7 +330,7 @@
       dest: cert
 
 - name: setup ODCS secret in worker namespace
-  hosts: osbs-masters-stg[0]:osbs-masters[0]
+  hosts: osbs-masters-stg[0]:osbs-masters[0]:osbs-aarch64-masters-stg[0]
   vars_files:
     - /srv/web/infra/ansible/vars/global.yml
     - "/srv/private/ansible/vars.yml"
@@ -460,6 +460,21 @@
   tags:
     - osbs-orchestrator-namespace
 
+- name: setup orchestrator token for aarch64-osbs
+  hosts: osbs-masters-stg[0]
+  vars_files:
+    - /srv/web/infra/ansible/vars/global.yml
+    - "/srv/private/ansible/vars.yml"
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+  roles:
+  - role: osbs-secret
+    osbs_secret_name: aarch64-orchestrator
+    osbs_secret_files:
+    - source: "{{ private }}/files/osbs/{{ env }}/aarch64-osbs-orchestrator"
+      dest: token
+  tags:
+    - osbs-orchestrator-namespace
+
 - name: Add dockercfg secret to allow registry push orchestrator
   hosts: osbs-masters-stg[0]:osbs-masters[0]
   tags:
@@ -500,7 +515,7 @@
         path="/tmp/.dockercfg"
 
 - name: Add dockercfg secret to allow registry push worker
-  hosts: osbs-masters-stg[0]:osbs-masters[0]
+  hosts: osbs-masters-stg[0]:osbs-masters[0]:osbs-aarch64-masters-stg[0]
   tags:
     - osbs-dockercfg-secret
   user: root
@@ -540,7 +555,7 @@
         path="/tmp/.dockercfg"
 
 - name: post-install master host osbs tasks
-  hosts: osbs-masters-stg:osbs-masters
+  hosts: osbs-masters-stg:osbs-masters:osbs-aarch64-masters-stg[0]
   tags:
     - osbs-post-install
   vars_files:
@@ -580,7 +595,7 @@
 
 
 - name: post-install osbs tasks
-  hosts: osbs-nodes-stg:osbs-nodes
+  hosts: osbs-nodes-stg:osbs-nodes:osbs-aarch64-nodes-stg
   tags:
     - osbs-post-install
   vars_files: