diff --git a/inventory/host_vars/osbs-dev.fedorainfracloud.org b/inventory/host_vars/osbs-dev.fedorainfracloud.org deleted file mode 100644 index 3c699b7745..0000000000 --- a/inventory/host_vars/osbs-dev.fedorainfracloud.org +++ /dev/null @@ -1,19 +0,0 @@ ---- -image: "{{ fedora23_x86_64 }}" -instance_type: m1.medium -keypair: fedora-admin-20130801 -security_group: ssh-anywhere-persistent,web-8443-anywhere-persistent,web-443-anywhere-persistent,web-80-anywhere-persistent,docker-registry-5000-persistent,default -zone: nova -tcp_ports: [22, 80, 443, 8443] - -inventory_tenant: persistent -inventory_instance_name: osbs-dev -hostbase: osbs-dev -public_ip: 209.132.184.60 -root_auth_users: maxamillion -description: osbs development instance - -cloud_networks: - # persistent-net - - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" - diff --git a/inventory/inventory b/inventory/inventory index 41afe78c70..9a21bc76ee 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -1008,8 +1008,6 @@ java-deptools.fedorainfracloud.org developer.fedorainfracloud.org # insim insim.fedorainfracloud.org -# osbs devel machine -osbs-dev.fedorainfracloud.org # fedimg-dev development instance fedimg-dev.fedorainfracloud.org # piwik testing diff --git a/master.yml b/master.yml index 612b12a532..664b205616 100644 --- a/master.yml +++ b/master.yml @@ -143,7 +143,6 @@ - include: /srv/web/infra/ansible/playbooks/hosts/lists-dev.fedorainfracloud.org.yml - include: /srv/web/infra/ansible/playbooks/hosts/magazine.fedorainfracloud.org.yml - include: /srv/web/infra/ansible/playbooks/hosts/modernpaste.fedorainfracloud.org.yml -#- include: /srv/web/infra/ansible/playbooks/hosts/osbs-dev.fedorainfracloud.org.yml - include: /srv/web/infra/ansible/playbooks/hosts/piwik.fedorainfracloud.org.yml - include: /srv/web/infra/ansible/playbooks/hosts/regcfp.fedorainfracloud.org.yml - include: /srv/web/infra/ansible/playbooks/hosts/shogun-ca.cloud.fedoraproject.org.yml diff --git a/playbooks/hosts/osbs-dev.fedorainfracloud.org.yml b/playbooks/hosts/osbs-dev.fedorainfracloud.org.yml deleted file mode 100644 index 078918f840..0000000000 --- a/playbooks/hosts/osbs-dev.fedorainfracloud.org.yml +++ /dev/null @@ -1,288 +0,0 @@ -- name: check/create instance - hosts: osbs-dev.fedorainfracloud.org - gather_facts: False - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/fedora-cloud.yml - - /srv/private/ansible/files/openstack/passwords.yml - - tasks: - - include: "{{ tasks }}/persistent_cloud.yml" - -- name: setup all the things - hosts: osbs-dev.fedorainfracloud.org - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/private/ansible/files/openstack/passwords.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - include: "{{ tasks }}/cloud_setup_basic.yml" - - name: set hostname (required by some services, at least postfix need it) - hostname: name="{{inventory_hostname}}" - -- name: bootstrap ansible py2 - hosts: osbs-dev.fedorainfracloud.org - gather_facts: false - tasks: - - name: install python and deps for ansible modules - raw: dnf install -y python2 python2-dnf libselinux-python libsemanage-python python-firewall - -- name: pre-install osbs tasks - hosts: osbs-dev.fedorainfracloud.org - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/private/ansible/files/openstack/passwords.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: override DNS for internal host network - lineinfile: - dest: /etc/hosts - line: "{{ ansible_default_ipv4.address }} osbs osbs-dev.fedorainfracloud.org" - - - name: place htpasswd file - copy: - src: "{{private}}/files/httpd/osbs.htpasswd" - dest: /etc/origin/htpasswd - - - name: create cert dir for openshift public facing REST API SSL - file: - path: "/etc/origin/master/named_certificates" - state: "directory" - - - name: install cert for openshift public facing REST API SSL - copy: - src: "{{private}}/files/osbs/osbs-dev.certs/osbs-dev.fedorainfracloud.org.crt" - dest: "/etc/origin/master/named_certificates/osbs-dev.fedorainfracloud.org.crt" - - - name: install key for openshift public facing REST API SSL - copy: - src: "{{private}}/files/osbs/osbs-dev.certs/osbs-dev.fedorainfracloud.org.key" - dest: "/etc/origin/master/named_certificates/osbs-dev.fedorainfracloud.org.key" - -- name: setup osbs - hosts: osbs-dev.fedorainfracloud.org - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/private/ansible/files/openstack/passwords.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - osbs-atomic-reactor - - osbs-common - - osbs-install-openshift - - { - role: osbs-master, - osbs_master_export_port: true, - osbs_manage_firewalld: true, - osbs_proxy_cert_file: '/etc/origin/proxy_selfsigned.crt', - osbs_proxy_key_file: '/etc/origin/proxy_selfsigned.key', - osbs_proxy_certkey_file: '/etc/origin/proxy_certkey.crt', - osbs_proxy_ca_file: '/etc/origin/proxy_selfsigned.crt', - osbs_readonly_users: [], - osbs_readonly_groups: [], - osbs_readwrite_users: [ "{{ osbs_koji_stg_username }}" ], - osbs_readwrite_groups: [], - osbs_admin_users: [], - osbs_admin_groups: [], - osbs_master_max_pods: 3, - osbs_update_packages: false, - osbs_image_gc_high_threshold: 90, - osbs_image_gc_low_threshold: 80, - osbs_identity_provider: "htpasswd_provider", - osbs_identity_htpasswd: { - name: htpasswd_provider, - challenge: true, - login: true, - provider_file: "/etc/origin/htpasswd" - }, - osbs_named_certificates: { - enabled: true, - cert_file: "named_certificates/osbs-dev.fedorainfracloud.org.crt", - key_file: "named_certificates/osbs-dev.fedorainfracloud.org.key", - names: [ "osbs-dev.fedorainfracloud.org" ], - }, - osbs_public_api_url: "osbs-dev.fedorainfracloud.org", - } - - { - role: osbs-client, - general: { - verbose: 0, - build_json_dir: '/usr/share/osbs/', - openshift_required_version: 1.1.0, - }, - default: { - username: "{{ osbs_koji_stg_username }}", - password: "{{ osbs_koji_stg_password }}", - koji_certs_secret: "koji", - openshift_url: 'https://osbs-dev.fedorainfracloud.org:8443/', - registry_uri: 'https://osbs-dev.fedorainfracloud.org:5000/v2', - source_registry_uri: 'https://osbs-dev.fedorainfracloud.org:5000/v2', - build_host: 'osbs-dev.fedorainfracloud.org', - koji_root: 'http://koji.fedoraproject.org/koji', - koji_hub: 'http://koji.fedoraproject.org/kojihub', - sources_command: 'fedpkg sources', - build_type: 'prod', - authoritative_registry: 'registry.example.com', - vendor: 'Fedora Project', - verify_ssl: false, - use_auth: true, - builder_use_auth: true, - distribution_scope: 'private', - registry_api_versions: 'v2', - builder_openshift_url: 'https://172.17.0.1:8443/' - } - } - - { - role: docker-distribution, - cert: { - dest_dir: "/etc/pki/docker/osbs-dev.fedorainfracloud.org:5000/", - cert_src: "{{private}}/files/osbs/osbs-dev.certs/osbs-dev.fedorainfracloud.org.crt", - cert_dest: "ca.key", - key_src: "{{private}}/files/osbs/osbs-dev.certs/osbs-dev.fedorainfracloud.org.key", - key_dest: "ca.cert", - }, - tls: { - enabled: True, - certificate: "/etc/pki/docker/osbs-dev.fedorainfracloud.org:5000/ca.cert", - key: "/etc/pki/docker/osbs-dev.fedorainfracloud.org:5000/ca.key", - } - } - -- name: post-install osbs tasks - hosts: osbs-dev.fedorainfracloud.org - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/private/ansible/files/openstack/passwords.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - vars: - osbs_kubeconfig_path: /etc/origin/master/admin.kubeconfig - osbs_environment: - KUBECONFIG: "{{ osbs_kubeconfig_path }}" - koji_pki_dir: /etc/pki/koji - koji_ca_cert_path: "{{koji_pki_dir}}/fedora-server-ca.cert" - koji_cert_path: "{{koji_pki_dir}}/fedora-builder.pem" - koji_builder_user: dockerbuilder - osbs_builder_user: builder - - - handlers: - - name: buildroot container - shell: atomic-reactor create-build-image --reactor-tarball-path /usr/share/atomic-reactor/atomic-reactor.tar.gz /etc/osbs/buildroot/ buildroot - - - name: oc secrets new - shell: "oc secrets new koji cert={{ koji_cert_path }} ca={{ koji_ca_cert_path }} serverca={{ koji_ca_cert_path }}" - environment: "{{ osbs_environment }}" - notify: oc secrets add - - - name: oc secrets add - shell: "oc secrets add serviceaccount/{{ osbs_builder_user }} secrets/koji --for=mount" - environment: "{{ osbs_environment }}" - - - tasks: - - name: Ensure koji dockerbuilder cert path exists - file: - path: "{{ koji_pki_dir }}" - state: "directory" - mode: 0400 - - - name: Add koji dockerbuilder cert for Content Generator import - copy: - src: "{{private}}/files/koji/containerbuild.pem" - dest: "{{ koji_cert_path }}" - notify: oc secrets new - - - name: Add koji dockerbuilder ca cert for Content Generator import - copy: - src: "{{private}}/files/koji/buildercerts/fedora-ca.cert" - dest: "{{ koji_ca_cert_path }}" - notify: oc secrets new - - - name: install docker - action: "{{ ansible_pkg_mgr }} name=docker state=installed" - - - name: ensure docker daemon cert dir exists - file: - path: "/etc/docker/certs.d/" - state: directory - - - name: create symlink for docker daemon cert - file: - dest: "/etc/docker/certs.d/osbs-dev.fedorainfracloud.org:5000" - src: "/etc/pki/docker/osbs-dev.fedorainfracloud.org:5000" - state: "link" - - - name: ensure docker stage cert dir exists - file: - path: "/etc/docker/certs.d/registry.stg.fedoraproject.org" - state: directory - - - name: install docker client cert for stage registry - copy: - src: "{{private}}/files/koji/containerbuild.cert.pem" - dest: "/etc/docker/certs.d/registry.stg.fedoraproject.org/client.cert" - - - name: install docker client key for stage registry - copy: - src: "{{private}}/files/koji/containerbuild.key.pem" - dest: "/etc/docker/certs.d/registry.stg.fedoraproject.org/client.key" - - - name: start and enable docker - service: name=docker state=started enabled=yes - - - name: create fedora image stream for OpenShift - shell: "echo '{ \"apiVersion\": \"v1\", \"kind\": \"ImageStream\", \"metadata\": { \"name\": \"fedora\" }, \"spec\": { \"dockerImageRepository\": \"osbs-dev.fedorainfracloud.org:5000/fedora\" } }' | oc create -f -" - environment: "{{ osbs_environment }}" - args: - creates: /etc/osbs_fedora_imagestream_created - - - name: set policy for koji builder in openshift for osbs - shell: "oadm policy add-role-to-user -n default edit htpasswd_provider: {{ osbs_koji_stg_username }}" - - - name: set policy for koji builder in openshift for atomic-reactor - shell: "oadm policy add-role-to-user -n default edit system:serviceaccount:default:builder" - - - name: make sure latest fedora image is pulled and pushed to osbs registry - shell: docker pull fedora && docker tag -f fedora:latest osbs-dev.fedorainfracloud.org:5000/fedora:latest && docker push osbs-dev.fedorainfracloud.org:5000/fedora:latest - tags: - - containerupdate - - - name: Create buildroot container conf directory - file: - path: "/etc/osbs/buildroot/" - state: directory - - - name: Upload Dockerfile for buildroot container - copy: - src: "{{ files }}/osbs/buildroot-Dockerfile" - dest: "/etc/osbs/buildroot/Dockerfile" - mode: 0400 - notify: - - buildroot container - - - name: Upload internal CA for buildroot - copy: - src: "{{private}}/files/osbs/osbs-dev.certs/osbs-dev.fedorainfracloud.org.crt" - dest: "/etc/osbs/buildroot/ca.crt" - mode: 0400 - notify: - - buildroot container - - - name: clean up exited containers - shell: for i in $(docker ps -a | awk '/Exited/ { print $1 }') ; do docker rm $i; done - tags: - - cleanup - - - name: clean up dangling images - shell: for i in $(docker images -q -f "dangling=true") ; do docker rmi $i; done - tags: - - cleanup -