Grant sysadmin-osbuild shell and sudo access to osbuild workers

The IPA client groups configuration for osbuild workers was missed in the original PR#1498 [1]. As a result, no member of the `sysadmin-osbuild` FAS group can SSH to the osbuild workers. Set the appropriate IPA client variables to grant access for this group. Also grant access for the `sysadmin-releng` group. There is no specific reason, it just felt sensible since osbuild workers are running in the Fedora infrastructure. [1] https://pagure.io/fedora-infra/ansible/pull-request/1498 Signed-off-by: Tomáš Hozza <thozza@redhat.com>
2023-07-31 11:17:10 +02:00 · 2023-07-31 11:17:10 +02:00 · 7c0bb96714
commit 7c0bb96714
parent 6279149fb4
2 changed files with 16 additions and 0 deletions
--- a/inventory/group_vars/buildvm_osbuild_ppc64le
+++ b/inventory/group_vars/buildvm_osbuild_ppc64le
@ -20,6 +20,14 @@ num_cpus: 2
 virt_install_command: "{{ virt_install_command_ppc64le_one_nic_unsafe }}"
 volgroup: /dev/vg_guests

+# setup access to workers
+ipa_client_shell_groups:
+  - sysadmin-osbuild
+  - sysadmin-releng
+ipa_client_sudo_groups:
+  - sysadmin-osbuild
+  - sysadmin-releng
+
 # osbuild worker variables
 osbuild_worker_server_hostname: "api.openshift.com"
 osbuild_worker_server_api_base_path: "/api/image-builder-worker/v1"
--- a/inventory/group_vars/buildvm_osbuild_ppc64le_staging
+++ b/inventory/group_vars/buildvm_osbuild_ppc64le_staging
@ -20,6 +20,14 @@ num_cpus: 2
 virt_install_command: "{{ virt_install_command_ppc64le_one_nic_unsafe }}"
 volgroup: /dev/vg_guests

+# setup access to workers
+ipa_client_shell_groups:
+  - sysadmin-osbuild
+  - sysadmin-releng
+ipa_client_sudo_groups:
+  - sysadmin-osbuild
+  - sysadmin-releng
+
 # osbuild worker variables
 osbuild_worker_server_hostname: "api.stage.openshift.com"
 osbuild_worker_server_api_base_path: "/api/image-builder-worker/v1"