Merge branch 'master' of /git/ansible

* 'master' of /git/ansible: Drop osbs-dev instance.
2016-07-11 21:11:56 +00:00 · 2016-07-11 21:11:56 +00:00 · a1d359540f
commit a1d359540f
parent 9fea815c1e c3aadedb5d
4 changed files with 0 additions and 310 deletions
--- a/inventory/host_vars/osbs-dev.fedorainfracloud.org
+++ b/inventory/host_vars/osbs-dev.fedorainfracloud.org
@ -1,19 +0,0 @@
---
-image: "{{ fedora23_x86_64 }}"
-instance_type: m1.medium
-keypair: fedora-admin-20130801
-security_group: ssh-anywhere-persistent,web-8443-anywhere-persistent,web-443-anywhere-persistent,web-80-anywhere-persistent,docker-registry-5000-persistent,default
-zone: nova
-tcp_ports: [22, 80, 443, 8443]
-
-inventory_tenant: persistent
-inventory_instance_name: osbs-dev
-hostbase: osbs-dev
-public_ip: 209.132.184.60
-root_auth_users: maxamillion
-description: osbs development instance
-
-cloud_networks:
-  # persistent-net
-  - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f"
-
--- a/inventory/inventory
+++ b/inventory/inventory
@ -1008,8 +1008,6 @@ java-deptools.fedorainfracloud.org
 developer.fedorainfracloud.org
 # insim
 insim.fedorainfracloud.org
-# osbs devel machine
-osbs-dev.fedorainfracloud.org
 # fedimg-dev development instance
 fedimg-dev.fedorainfracloud.org
 # piwik testing
--- a/master.yml
+++ b/master.yml
@ -143,7 +143,6 @@
 - include: /srv/web/infra/ansible/playbooks/hosts/lists-dev.fedorainfracloud.org.yml
 - include: /srv/web/infra/ansible/playbooks/hosts/magazine.fedorainfracloud.org.yml
 - include: /srv/web/infra/ansible/playbooks/hosts/modernpaste.fedorainfracloud.org.yml
-#- include: /srv/web/infra/ansible/playbooks/hosts/osbs-dev.fedorainfracloud.org.yml
 - include: /srv/web/infra/ansible/playbooks/hosts/piwik.fedorainfracloud.org.yml
 - include: /srv/web/infra/ansible/playbooks/hosts/regcfp.fedorainfracloud.org.yml
 - include: /srv/web/infra/ansible/playbooks/hosts/shogun-ca.cloud.fedoraproject.org.yml
--- a/playbooks/hosts/osbs-dev.fedorainfracloud.org.yml
+++ b/playbooks/hosts/osbs-dev.fedorainfracloud.org.yml
@ -1,288 +0,0 @@
- name: check/create instance
-  hosts: osbs-dev.fedorainfracloud.org
-  gather_facts: False
-
-  vars_files:
-    - /srv/web/infra/ansible/vars/global.yml
-    - /srv/private/ansible/vars.yml
-    - /srv/web/infra/ansible/vars/fedora-cloud.yml
-    - /srv/private/ansible/files/openstack/passwords.yml
-
-  tasks:
-  - include: "{{ tasks }}/persistent_cloud.yml"
-
- name: setup all the things
-  hosts: osbs-dev.fedorainfracloud.org
-  vars_files:
-    - /srv/web/infra/ansible/vars/global.yml
-    - /srv/private/ansible/vars.yml
-    - /srv/private/ansible/files/openstack/passwords.yml
-    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
-
-  pre_tasks:
-    - include: "{{ tasks }}/cloud_setup_basic.yml"
-    - name: set hostname (required by some services, at least postfix need it)
-      hostname: name="{{inventory_hostname}}"
-
- name: bootstrap ansible py2
-  hosts: osbs-dev.fedorainfracloud.org
-  gather_facts: false
-  tasks:
-    - name: install python and deps for ansible modules
-      raw: dnf install -y python2 python2-dnf libselinux-python libsemanage-python python-firewall
-
- name: pre-install osbs tasks
-  hosts: osbs-dev.fedorainfracloud.org
-  vars_files:
-    - /srv/web/infra/ansible/vars/global.yml
-    - /srv/private/ansible/vars.yml
-    - /srv/private/ansible/files/openstack/passwords.yml
-    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
-
-  tasks:
-    - name: override DNS for internal host network
-      lineinfile:
-        dest: /etc/hosts
-        line: "{{ ansible_default_ipv4.address }} osbs osbs-dev.fedorainfracloud.org"
-
-    - name: place htpasswd file
-      copy:
-        src: "{{private}}/files/httpd/osbs.htpasswd"
-        dest: /etc/origin/htpasswd
-
-    - name: create cert dir for openshift public facing REST API SSL
-      file:
-        path: "/etc/origin/master/named_certificates"
-        state: "directory"
-
-    - name: install cert for openshift public facing REST API SSL
-      copy:
-        src: "{{private}}/files/osbs/osbs-dev.certs/osbs-dev.fedorainfracloud.org.crt"
-        dest: "/etc/origin/master/named_certificates/osbs-dev.fedorainfracloud.org.crt"
-
-    - name: install key for openshift public facing REST API SSL
-      copy:
-        src: "{{private}}/files/osbs/osbs-dev.certs/osbs-dev.fedorainfracloud.org.key"
-        dest: "/etc/origin/master/named_certificates/osbs-dev.fedorainfracloud.org.key"
-
- name: setup osbs
-  hosts: osbs-dev.fedorainfracloud.org
-  vars_files:
-    - /srv/web/infra/ansible/vars/global.yml
-    - /srv/private/ansible/vars.yml
-    - /srv/private/ansible/files/openstack/passwords.yml
-    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
-
-  roles:
-    - osbs-atomic-reactor
-    - osbs-common
-    - osbs-install-openshift
-    - {
-        role: osbs-master,
-          osbs_master_export_port: true,
-          osbs_manage_firewalld: true,
-          osbs_proxy_cert_file: '/etc/origin/proxy_selfsigned.crt',
-          osbs_proxy_key_file: '/etc/origin/proxy_selfsigned.key',
-          osbs_proxy_certkey_file: '/etc/origin/proxy_certkey.crt',
-          osbs_proxy_ca_file: '/etc/origin/proxy_selfsigned.crt',
-          osbs_readonly_users: [],
-          osbs_readonly_groups: [],
-          osbs_readwrite_users: [ "{{ osbs_koji_stg_username }}" ],
-          osbs_readwrite_groups: [],
-          osbs_admin_users: [],
-          osbs_admin_groups: [],
-          osbs_master_max_pods: 3,
-          osbs_update_packages: false,
-          osbs_image_gc_high_threshold: 90,
-          osbs_image_gc_low_threshold: 80,
-          osbs_identity_provider: "htpasswd_provider",
-          osbs_identity_htpasswd: {
-            name: htpasswd_provider,
-            challenge: true,
-            login: true,
-            provider_file: "/etc/origin/htpasswd"
-          },
-          osbs_named_certificates: {
-            enabled: true,
-            cert_file: "named_certificates/osbs-dev.fedorainfracloud.org.crt",
-            key_file: "named_certificates/osbs-dev.fedorainfracloud.org.key",
-            names: [ "osbs-dev.fedorainfracloud.org" ],
-          },
-          osbs_public_api_url: "osbs-dev.fedorainfracloud.org",
-      }
-    - {
-      role: osbs-client,
-        general: {
-          verbose: 0,
-          build_json_dir: '/usr/share/osbs/',
-          openshift_required_version: 1.1.0,
-        },
-        default: {
-          username: "{{ osbs_koji_stg_username }}",
-          password: "{{ osbs_koji_stg_password }}",
-          koji_certs_secret: "koji",
-          openshift_url: 'https://osbs-dev.fedorainfracloud.org:8443/',
-          registry_uri: 'https://osbs-dev.fedorainfracloud.org:5000/v2',
-          source_registry_uri: 'https://osbs-dev.fedorainfracloud.org:5000/v2',
-          build_host: 'osbs-dev.fedorainfracloud.org',
-          koji_root: 'http://koji.fedoraproject.org/koji',
-          koji_hub: 'http://koji.fedoraproject.org/kojihub',
-          sources_command: 'fedpkg sources',
-          build_type: 'prod',
-          authoritative_registry: 'registry.example.com',
-          vendor: 'Fedora Project',
-          verify_ssl: false,
-          use_auth: true,
-          builder_use_auth: true,
-          distribution_scope: 'private',
-          registry_api_versions: 'v2',
-          builder_openshift_url: 'https://172.17.0.1:8443/'
-        }
-      }
-    - {
-      role: docker-distribution,
-        cert: {
-          dest_dir: "/etc/pki/docker/osbs-dev.fedorainfracloud.org:5000/",
-          cert_src: "{{private}}/files/osbs/osbs-dev.certs/osbs-dev.fedorainfracloud.org.crt",
-          cert_dest: "ca.key",
-          key_src: "{{private}}/files/osbs/osbs-dev.certs/osbs-dev.fedorainfracloud.org.key",
-          key_dest: "ca.cert",
-        },
-        tls: {
-          enabled: True,
-          certificate: "/etc/pki/docker/osbs-dev.fedorainfracloud.org:5000/ca.cert",
-          key: "/etc/pki/docker/osbs-dev.fedorainfracloud.org:5000/ca.key",
-        }
-      }
-
- name: post-install osbs tasks
-  hosts: osbs-dev.fedorainfracloud.org
-  vars_files:
-    - /srv/web/infra/ansible/vars/global.yml
-    - /srv/private/ansible/vars.yml
-    - /srv/private/ansible/files/openstack/passwords.yml
-    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
-  vars:
-    osbs_kubeconfig_path: /etc/origin/master/admin.kubeconfig
-    osbs_environment:
-      KUBECONFIG: "{{ osbs_kubeconfig_path }}"
-    koji_pki_dir: /etc/pki/koji
-    koji_ca_cert_path: "{{koji_pki_dir}}/fedora-server-ca.cert"
-    koji_cert_path: "{{koji_pki_dir}}/fedora-builder.pem"
-    koji_builder_user: dockerbuilder
-    osbs_builder_user: builder
-
-
-  handlers:
-    - name: buildroot container
-      shell: atomic-reactor create-build-image --reactor-tarball-path /usr/share/atomic-reactor/atomic-reactor.tar.gz /etc/osbs/buildroot/ buildroot
-
-    - name: oc secrets new
-      shell: "oc secrets new koji cert={{ koji_cert_path }} ca={{ koji_ca_cert_path }} serverca={{ koji_ca_cert_path }}"
-      environment: "{{ osbs_environment }}"
-      notify: oc secrets add
-
-    - name: oc secrets add
-      shell: "oc secrets add serviceaccount/{{ osbs_builder_user }} secrets/koji --for=mount"
-      environment: "{{ osbs_environment }}"
-
-
-  tasks:
-    - name: Ensure koji dockerbuilder cert path exists
-      file:
-        path: "{{ koji_pki_dir }}"
-        state: "directory"
-        mode: 0400
-
-    - name: Add koji dockerbuilder cert for Content Generator import
-      copy:
-        src: "{{private}}/files/koji/containerbuild.pem"
-        dest: "{{ koji_cert_path }}"
-      notify: oc secrets new
-
-    - name: Add koji dockerbuilder ca cert for Content Generator import
-      copy:
-        src: "{{private}}/files/koji/buildercerts/fedora-ca.cert"
-        dest: "{{ koji_ca_cert_path }}"
-      notify: oc secrets new
-
-    - name: install docker
-      action: "{{ ansible_pkg_mgr }} name=docker state=installed"
-
-    - name: ensure docker daemon cert dir exists
-      file:
-        path: "/etc/docker/certs.d/"
-        state: directory
-
-    - name: create symlink for docker daemon cert
-      file:
-        dest: "/etc/docker/certs.d/osbs-dev.fedorainfracloud.org:5000"
-        src: "/etc/pki/docker/osbs-dev.fedorainfracloud.org:5000"
-        state: "link"
-
-    - name: ensure docker stage cert dir exists
-      file:
-        path: "/etc/docker/certs.d/registry.stg.fedoraproject.org"
-        state: directory
-
-    - name: install docker client cert for stage registry
-      copy:
-        src: "{{private}}/files/koji/containerbuild.cert.pem"
-        dest: "/etc/docker/certs.d/registry.stg.fedoraproject.org/client.cert"
-
-    - name: install docker client key for stage registry
-      copy:
-        src: "{{private}}/files/koji/containerbuild.key.pem"
-        dest: "/etc/docker/certs.d/registry.stg.fedoraproject.org/client.key"
-
-    - name: start and enable docker
-      service: name=docker state=started enabled=yes
-
-    - name: create fedora image stream for OpenShift
-      shell: "echo '{ \"apiVersion\": \"v1\", \"kind\": \"ImageStream\", \"metadata\": { \"name\": \"fedora\" }, \"spec\": { \"dockerImageRepository\": \"osbs-dev.fedorainfracloud.org:5000/fedora\" } }' | oc create -f -"
-      environment: "{{ osbs_environment }}"
-      args:
-        creates: /etc/osbs_fedora_imagestream_created
-
-    - name: set policy for koji builder in openshift for osbs
-      shell: "oadm policy add-role-to-user -n default edit htpasswd_provider: {{ osbs_koji_stg_username }}"
-
-    - name: set policy for koji builder in openshift for atomic-reactor
-      shell: "oadm policy add-role-to-user -n default edit system:serviceaccount:default:builder"
-
-    - name: make sure latest fedora image is pulled and pushed to osbs registry
-      shell: docker pull fedora && docker tag -f fedora:latest osbs-dev.fedorainfracloud.org:5000/fedora:latest && docker push osbs-dev.fedorainfracloud.org:5000/fedora:latest
-      tags:
-        - containerupdate
-
-    - name: Create buildroot container conf directory
-      file:
-        path: "/etc/osbs/buildroot/"
-        state: directory
-
-    - name: Upload Dockerfile for buildroot container
-      copy:
-        src: "{{ files }}/osbs/buildroot-Dockerfile"
-        dest: "/etc/osbs/buildroot/Dockerfile"
-        mode: 0400
-      notify:
-        - buildroot container
-
-    - name: Upload internal CA for buildroot
-      copy:
-        src: "{{private}}/files/osbs/osbs-dev.certs/osbs-dev.fedorainfracloud.org.crt"
-        dest: "/etc/osbs/buildroot/ca.crt"
-        mode: 0400
-      notify:
-        - buildroot container
-
-    - name: clean up exited containers
-      shell: for i in $(docker ps -a | awk '/Exited/ { print $1 }') ; do docker rm $i; done
-      tags:
-        - cleanup
-
-    - name: clean up dangling images
-      shell: for i in $(docker images -q -f "dangling=true") ; do docker rmi $i; done
-      tags:
-        - cleanup
-