From 7c0bb96714f8fdd477a8892fca779fe146215979 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hozza?= <thozza@redhat.com>
Date: Mon, 31 Jul 2023 11:17:10 +0200
Subject: [PATCH] Grant sysadmin-osbuild shell and sudo access to osbuild
 workers
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The IPA client groups configuration for osbuild workers was missed in
the original PR#1498 [1]. As a result, no member of the
`sysadmin-osbuild` FAS group can SSH to the osbuild workers.

Set the appropriate IPA client variables to grant access for this
group.

Also grant access for the `sysadmin-releng` group. There is no specific
reason, it just felt sensible since osbuild workers are running in the
Fedora infrastructure.

[1] https://pagure.io/fedora-infra/ansible/pull-request/1498

Signed-off-by: Tomáš Hozza <thozza@redhat.com>
---
 inventory/group_vars/buildvm_osbuild_ppc64le         | 8 ++++++++
 inventory/group_vars/buildvm_osbuild_ppc64le_staging | 8 ++++++++
 2 files changed, 16 insertions(+)

diff --git a/inventory/group_vars/buildvm_osbuild_ppc64le b/inventory/group_vars/buildvm_osbuild_ppc64le
index 313ac14fb2..866f13bd96 100644
--- a/inventory/group_vars/buildvm_osbuild_ppc64le
+++ b/inventory/group_vars/buildvm_osbuild_ppc64le
@@ -20,6 +20,14 @@ num_cpus: 2
 virt_install_command: "{{ virt_install_command_ppc64le_one_nic_unsafe }}"
 volgroup: /dev/vg_guests
 
+# setup access to workers
+ipa_client_shell_groups:
+  - sysadmin-osbuild
+  - sysadmin-releng
+ipa_client_sudo_groups:
+  - sysadmin-osbuild
+  - sysadmin-releng
+
 # osbuild worker variables
 osbuild_worker_server_hostname: "api.openshift.com"
 osbuild_worker_server_api_base_path: "/api/image-builder-worker/v1"
diff --git a/inventory/group_vars/buildvm_osbuild_ppc64le_staging b/inventory/group_vars/buildvm_osbuild_ppc64le_staging
index 97c00bce2e..eea6c638f8 100644
--- a/inventory/group_vars/buildvm_osbuild_ppc64le_staging
+++ b/inventory/group_vars/buildvm_osbuild_ppc64le_staging
@@ -20,6 +20,14 @@ num_cpus: 2
 virt_install_command: "{{ virt_install_command_ppc64le_one_nic_unsafe }}"
 volgroup: /dev/vg_guests
 
+# setup access to workers
+ipa_client_shell_groups:
+  - sysadmin-osbuild
+  - sysadmin-releng
+ipa_client_sudo_groups:
+  - sysadmin-osbuild
+  - sysadmin-releng
+
 # osbuild worker variables
 osbuild_worker_server_hostname: "api.stage.openshift.com"
 osbuild_worker_server_api_base_path: "/api/image-builder-worker/v1"