diff --git a/files/osbs/buildroot-Dockerfile b/files/osbs/buildroot-Dockerfile.j2 similarity index 66% rename from files/osbs/buildroot-Dockerfile rename to files/osbs/buildroot-Dockerfile.j2 index f5735c9cb4..e59cd535d9 100644 --- a/files/osbs/buildroot-Dockerfile +++ b/files/osbs/buildroot-Dockerfile.j2 @@ -3,5 +3,8 @@ RUN dnf -y install docker git python-docker-py python-setuptools e2fsprogs koji ADD ./atomic-reactor.tar.gz /tmp/ RUN cd /tmp/atomic-reactor-*/ && python setup.py install ADD ./ca.crt /etc/pki/ca-trust/source/anchors/osbs-dev.ca.crt +RUN mkdir -p /etc/docker/certs.d/{{docker_registry}} +ADD ./client.key /etc/docker/certs.d/{{docker_registry}}/client.key +ADD ./client.cert /etc/docker/certs.d/{{docker_registry}}/client.cert RUN update-ca-trust CMD ["atomic-reactor", "--verbose", "inside-build"] diff --git a/playbooks/groups/osbs-master.yml b/playbooks/groups/osbs-master.yml index c25e81ba32..ed310ea9a6 100644 --- a/playbooks/groups/osbs-master.yml +++ b/playbooks/groups/osbs-master.yml @@ -278,9 +278,25 @@ path: "/etc/osbs/buildroot/" state: directory - - name: Upload Dockerfile for buildroot container + - name: install docker client cert for buildroot to auth to registry copy: - src: "{{ files }}/osbs/buildroot-Dockerfile" + src: "{{private}}/files/koji/containerbuild.cert.pem" + dest: "/etc/osbs/buildroot/client.cert" + mode: 0400 + notify: + - buildroot container + + - name: install docker client key for buildroot to auth to registry + copy: + src: "{{private}}/files/koji/containerbuild.key.pem" + dest: "/etc/osbs/buildroot/client.key" + mode: 0400 + notify: + - buildroot container + + - name: Upload Dockerfile for buildroot container + template: + src: "{{ files }}/osbs/buildroot-Dockerfile.j2" dest: "/etc/osbs/buildroot/Dockerfile" mode: 0400 notify: