From 95c19484bb88ef9d34d5a8dd9f966fa05d54f5ff Mon Sep 17 00:00:00 2001
From: Adam Miller <admiller@redhat.com>
Date: Fri, 15 Apr 2016 23:12:59 +0000
Subject: [PATCH] osbs-master: set atomic-reactor buildroot access to docker
 registry

Signed-off-by: Adam Miller <admiller@redhat.com>
---
 ...oot-Dockerfile => buildroot-Dockerfile.j2} |  3 +++
 playbooks/groups/osbs-master.yml              | 20 +++++++++++++++++--
 2 files changed, 21 insertions(+), 2 deletions(-)
 rename files/osbs/{buildroot-Dockerfile => buildroot-Dockerfile.j2} (66%)

diff --git a/files/osbs/buildroot-Dockerfile b/files/osbs/buildroot-Dockerfile.j2
similarity index 66%
rename from files/osbs/buildroot-Dockerfile
rename to files/osbs/buildroot-Dockerfile.j2
index f5735c9cb4..e59cd535d9 100644
--- a/files/osbs/buildroot-Dockerfile
+++ b/files/osbs/buildroot-Dockerfile.j2
@@ -3,5 +3,8 @@ RUN dnf -y install docker git python-docker-py python-setuptools e2fsprogs koji
 ADD ./atomic-reactor.tar.gz /tmp/
 RUN cd /tmp/atomic-reactor-*/ && python setup.py install
 ADD ./ca.crt /etc/pki/ca-trust/source/anchors/osbs-dev.ca.crt
+RUN mkdir -p /etc/docker/certs.d/{{docker_registry}}
+ADD ./client.key /etc/docker/certs.d/{{docker_registry}}/client.key
+ADD ./client.cert /etc/docker/certs.d/{{docker_registry}}/client.cert
 RUN update-ca-trust
 CMD ["atomic-reactor", "--verbose", "inside-build"]
diff --git a/playbooks/groups/osbs-master.yml b/playbooks/groups/osbs-master.yml
index c25e81ba32..ed310ea9a6 100644
--- a/playbooks/groups/osbs-master.yml
+++ b/playbooks/groups/osbs-master.yml
@@ -278,9 +278,25 @@
         path: "/etc/osbs/buildroot/"
         state: directory
 
-    - name: Upload Dockerfile for buildroot container
+    - name: install docker client cert for buildroot to auth to registry
       copy:
-        src: "{{ files }}/osbs/buildroot-Dockerfile"
+        src: "{{private}}/files/koji/containerbuild.cert.pem"
+        dest: "/etc/osbs/buildroot/client.cert"
+        mode: 0400
+      notify:
+        - buildroot container
+
+    - name: install docker client key for buildroot to auth to registry
+      copy:
+        src: "{{private}}/files/koji/containerbuild.key.pem"
+        dest: "/etc/osbs/buildroot/client.key"
+        mode: 0400
+      notify:
+        - buildroot container
+
+    - name: Upload Dockerfile for buildroot container
+      template:
+        src: "{{ files }}/osbs/buildroot-Dockerfile.j2"
         dest: "/etc/osbs/buildroot/Dockerfile"
         mode: 0400
       notify: