ipa/client: enable for osbs in prod

Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-19 17:25:38 +01:00 · 2021-03-19 17:25:38 +01:00 · bc6c2d4edd
commit bc6c2d4edd
parent fd76ec07a2
6 changed files with 3 additions and 16 deletions
--- a/inventory/group_vars/osbs
+++ b/inventory/group_vars/osbs
@ -9,6 +9,7 @@ tcp_ports: [ 80, 443, 8443]
 fas_client_groups: sysadmin-releng,fi-apprentice,sysadmin-noc,sysadmin-veteran,sysadmin-osbs
 sudoers: "{{ private }}/files/sudo/osbs-sudoers"

+primary_auth_source: ipa
 ipa_host_group: osbs
 ipa_host_group_desc: OpenShift Build Service
 ipa_client_shell_groups:
--- a/inventory/group_vars/osbs_aarch64_masters
+++ b/inventory/group_vars/osbs_aarch64_masters
@ -12,9 +12,6 @@ tcp_ports: [ 80, 443, 8443]
 openshift_node_labels: {'region':'infra'}
 openshift_schedulable: False

-fas_client_groups: sysadmin-releng,sysadmin-noc,sysadmin-osbs
-sudoers: "{{ private }}/files/sudo/osbs-sudoers"
-
 docker_cert_dir: "/etc/docker/certs.d/candidate-registry.fedoraproject.org"
 source_registry: "registry.fedoraproject.org"
 docker_registry: "candidate-registry.fedoraproject.org"
--- a/inventory/group_vars/osbs_masters
+++ b/inventory/group_vars/osbs_masters
@ -6,9 +6,6 @@ num_cpus: 2

 tcp_ports: [ 80, 443, 8443]

-fas_client_groups: sysadmin-releng,fi-apprentice,sysadmin-noc,sysadmin-veteran,sysadmin-osbs
-sudoers: "{{ private }}/files/sudo/osbs-sudoers"
-
 docker_cert_dir: "/etc/docker/certs.d/candidate-registry.fedoraproject.org"
 source_registry: "registry.fedoraproject.org"
 docker_registry: "candidate-registry.fedoraproject.org"
--- a/inventory/group_vars/osbs_nodes
+++ b/inventory/group_vars/osbs_nodes
@ -6,9 +6,6 @@ num_cpus: 2

 tcp_ports: [ 80, 443, 8443, 10250]

-fas_client_groups: sysadmin-releng,fi-apprentice,sysadmin-noc,sysadmin-veteran,sysadmin-osbs
-sudoers: "{{ private }}/files/sudo/osbs-sudoers"
-
 docker_cert_dir: "/etc/docker/certs.d/candidate-registry.fedoraproject.org"
 docker_registry: "candidate-registry.fedoraproject.org"
 source_registry: "registry.fedoraproject.org"
--- a/playbooks/groups/osbs-cluster.yml
+++ b/playbooks/groups/osbs-cluster.yml
@ -24,7 +24,7 @@
    - rkhunter
    - nagios_client
    - hosts
-    - { role: fas_client, when: env != "staging" }
+    - ipa/client
    - sudo
    - collectd/base
    - rsyncd
@ -40,8 +40,6 @@
      package:
         name: subscription-manager-rhsm-certificates
         state: present
-    - import_tasks: "{{ tasks_path }}/2fa_client.yml"
-      when: env != "staging"
    - import_tasks: "{{ tasks_path }}/motd.yml"

  handlers:
--- a/playbooks/groups/osbs/deploy-cluster.yml
+++ b/playbooks/groups/osbs/deploy-cluster.yml
@ -27,8 +27,7 @@
    - rkhunter
    - nagios_client
    - hosts
-    - { role: ipa/client, when: env == "staging" }
-    - { role: fas_client, when: env != "staging" }
+    - ipa/client
    - sudo
    - collectd/base
    - rsyncd
@ -44,8 +43,6 @@
      package:
         name: subscription-manager-rhsm-certificates
         state: present
-    - import_tasks: "{{ tasks_path }}/2fa_client.yml"
-      when: env != "staging"
    - import_tasks: "{{ tasks_path }}/motd.yml"

  handlers: