Merge branch 'master' of /git/ansible

2016-03-02 21:26:09 +00:00 · 2016-03-02 21:26:09 +00:00 · 9c2b0fc0f0
commit 9c2b0fc0f0
parent a606d7aa7f f0d975c3df
8 changed files with 118 additions and 9 deletions
--- a/inventory/group_vars/badges-backend
+++ b/inventory/group_vars/badges-backend
@ -12,6 +12,11 @@ tcp_ports: [ 3000, 3001, 3002, 3003,

 fas_client_groups: sysadmin-noc,sysadmin-badges

+# These people get told when something goes wrong.
+fedmsg_error_recipients:
+- sysadmin-badges-members@fedoraproject.org
+
+
 # These are consumed by a task in roles/fedmsg/base/main.yml
 fedmsg_certs:
 - service: shell
--- a/inventory/group_vars/badges-backend-stg
+++ b/inventory/group_vars/badges-backend-stg
@ -12,6 +12,10 @@ tcp_ports: [ 3000, 3001, 3002, 3003,

 fas_client_groups: sysadmin-noc,sysadmin-badges

+# These people get told when something goes wrong.
+fedmsg_error_recipients:
+- sysadmin-badges-members@fedoraproject.org
+
 # These are consumed by a task in roles/fedmsg/base/main.yml
 fedmsg_certs:
 - service: shell
--- a/playbooks/hosts/osbs-dev.fedorainfracloud.org.yml
+++ b/playbooks/hosts/osbs-dev.fedorainfracloud.org.yml
@ -31,6 +31,25 @@
    - name: install python and deps for ansible modules
      raw: dnf install -y python2 python2-dnf libselinux-python libsemanage-python python-firewall

+- name: pre-install osbs tasks
+  hosts: osbs-dev.fedorainfracloud.org
+  vars_files:
+    - /srv/web/infra/ansible/vars/global.yml
+    - /srv/private/ansible/vars.yml
+    - /srv/private/ansible/files/openstack/passwords.yml
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  tasks:
+    - name: override DNS for internal host network
+      lineinfile:
+        dest: /etc/hosts
+        line: "{{ ansible_default_ipv4.address }} osbs osbs-dev.fedorainfracloud.org"
+
+    - name: place htpasswd file
+      copy:
+        src: "{{private}}/files/httpd/osbs.htpasswd"
+        dest: /etc/origin/htpasswd
+
 - name: setup osbs
  hosts: osbs-dev.fedorainfracloud.org
  vars_files:
@ -43,7 +62,32 @@
    - osbs-atomic-reactor
    - osbs-common
    - osbs-install-openshift
-    - osbs-master
+    - {
+        role: osbs-master,
+          osbs_master_export_port: true,
+          osbs_manage_firewalld: true,
+          osbs_proxy_cert_file: '/etc/origin/proxy_selfsigned.crt',
+          osbs_proxy_key_file: '/etc/origin/proxy_selfsigned.key',
+          osbs_proxy_certkey_file: '/etc/origin/proxy_certkey.crt',
+          osbs_proxy_ca_file: '/etc/origin/proxy_selfsigned.crt',
+          osbs_readonly_users: [],
+          osbs_readonly_groups: [],
+          osbs_readwrite_users: [ "{{ osbs_koji_stg_username }}" ],
+          osbs_readwrite_groups: [],
+          osbs_admin_users: [],
+          osbs_admin_groups: [],
+          osbs_master_max_pods: 3,
+          osbs_update_packages: false,
+          osbs_image_gc_high_threshold: 90,
+          osbs_image_gc_low_threshold: 80,
+          osbs_identity_provider: "htpasswd_provider",
+          osbs_identity_htpasswd: {
+            name: htpasswd_provider,
+            challenge: true,
+            login: true,
+            provider_file: "/etc/origin/htpasswd"
+          }
+      }
    - {
      role: osbs-client,
        general: {
@ -52,6 +96,8 @@
          openshift_required_version: 1.1.0,
        },
        default: {
+          username: "{{ osbs_koji_stg_username }}",
+          password: "{{ osbs_koji_stg_password }}",
          openshift_url: 'https://osbs-dev.fedorainfracloud.org:8443/',
          registry_uri: 'https://osbs-dev.fedorainfracloud.org:5000/v2',
          source_registry_uri: 'https://osbs-dev.fedorainfracloud.org:5000/v2',
@ -101,11 +147,6 @@


  tasks:
-    - name: override DNS for internal host network
-      lineinfile:
-        dest: /etc/hosts
-        line: "{{ ansible_default_ipv4.address }} osbs osbs-dev.fedorainfracloud.org"
-
    - name: install docker
      action: "{{ ansible_pkg_mgr }} name=docker state=installed"

--- a/roles/dns/files/named.conf
+++ b/roles/dns/files/named.conf
@ -161,6 +161,11 @@ view "QA" {
             file "/var/named/master/built/arm.fedoraproject.org";
     };

+     zone "ppc.fedoraproject.org" {
+             type master;
+             file "/var/named/master/built/ppc.fedoraproject.org";
+     };
+
     zone "78.5.10.in-addr.arpa" {
 	     type master;
 	     file "/var/named/master/built/78.5.10.in-addr.arpa";
@ -196,6 +201,11 @@ view "QA" {
 	     file "/var/named/master/built/128.5.10.in-addr.arpa";
     };

+     zone "129.5.10.in-addr.arpa" {
+	     type master;
+	     file "/var/named/master/built/129.5.10.in-addr.arpa";
+     };
+
     zone "130.5.10.in-addr.arpa" {
 	     type master;
 	     file "/var/named/master/built/130.5.10.in-addr.arpa";
@ -301,6 +311,11 @@ view "PHX2" {
             file "/var/named/master/built/arm.fedoraproject.org";
     };

+     zone "ppc.fedoraproject.org" {
+             type master;
+             file "/var/named/master/built/ppc.fedoraproject.org";
+     };
+
     zone "78.5.10.in-addr.arpa" {
 	     type master;
 	     file "/var/named/master/built/78.5.10.in-addr.arpa";
@ -336,6 +351,11 @@ view "PHX2" {
 	     file "/var/named/master/built/128.5.10.in-addr.arpa";
     };

+     zone "129.5.10.in-addr.arpa" {
+	     type master;
+	     file "/var/named/master/built/129.5.10.in-addr.arpa";
+     };
+
     zone "130.5.10.in-addr.arpa" {
 	     type master;
 	     file "/var/named/master/built/130.5.10.in-addr.arpa";
--- a/roles/osbs-client/defaults/main.yml
+++ b/roles/osbs-client/defaults/main.yml
@ -14,6 +14,8 @@ general:

 # Settings for the [default] section of the osbs.conf file
 default:
+  username: ""
+  password: ""
  openshift_url: https://osbs.localdomain:8443/
  koji_root: http://koji.fedoraproject.org/koji
  koji_hub: http://koji.fedoraproject.org/kojihub
--- a/roles/osbs-client/templates/osbs.conf.j2
+++ b/roles/osbs-client/templates/osbs.conf.j2
@ -4,6 +4,12 @@ build_json_dir = {{ general.build_json_dir }}
 openshift_required_version = {{ general.openshift_required_version }}

 [default]
+{% if default.username %}
+username = {{ default.username }}
+{% endif %}
+{% if default.password %}
+password = {{ default.password }}
+{% endif %}
 openshift_url = {{ default.openshift_url }}
 koji_root = {{ default.koji_root }}
 koji_hub = {{ default.koji_hub }}
--- a/roles/osbs-master/defaults/main.yml
+++ b/roles/osbs-master/defaults/main.yml
@ -72,3 +72,23 @@ osbs_update_packages: false

 osbs_image_gc_high_threshold: 90
 osbs_image_gc_low_threshold: 80
+
+
+# Specify different identity providers and options needed for the master-config
+# template
+#
+# Currently supported options are:
+#   request_header
+#   htpasswd_provider
+osbs_identity_provider: "request_header"
+
+osbs_identity_request:
+  name: request_header
+  challenge: true
+  login: true
+
+osbs_identity_htpasswd:
+  name: htpasswd_provider
+  challenge: true
+  login: true
+  provider_file: /etc/openshift/htpasswd
--- a/roles/osbs-master/templates/master-config.yaml.j2
+++ b/roles/osbs-master/templates/master-config.yaml.j2
@ -107,15 +107,26 @@ oauthConfig:
  grantConfig:
    method: auto
  identityProviders:
-  - name: request_header
-    challenge: false
-    login: false
+{% if osbs_identity_provider == "request_header" %}
+  - name: {{ osbs_identity_request.name }}
+    challenge: {{ osbs_identity_request.challenge }}
+    login: {{ osbs_identity_request.login }}
    provider:
      apiVersion: v1
      kind: RequestHeaderIdentityProvider
      clientCA: {{ osbs_proxy_ca_file | default('/etc/origin/master/ca.crt') }}
      headers:
      - X-Remote-User
+{% endif %}
+{% if osbs_identity_provider == "htpasswd_provider" %}
+  - name: {{ osbs_identity_htpasswd.name }}
+    challenge: {{ osbs_identity_htpasswd.challenge }}
+    login: {{ osbs_identity_htpasswd.login }}
+    provider:
+      apiVersion: v1
+      kind: HTPasswdPasswordIdentityProvider
+      file: {{ osbs_identity_htpasswd.provider_file }}
+{% endif %}
  masterCA: ca.crt
  masterPublicURL: https://{{ ansible_default_ipv4.address }}:8443
  masterURL: https://{{ ansible_default_ipv4.address }}:8443