Merge branch 'master' of /git/ansible

2016-12-09 00:42:52 +00:00 · 2016-12-09 00:42:52 +00:00 · cf7ebb58d9
commit cf7ebb58d9
parent 059def09c9 ceae802733
9 changed files with 32 additions and 9 deletions
--- a/files/osbs/buildroot-Dockerfile-production.j2
+++ b/files/osbs/buildroot-Dockerfile-production.j2
@ -1,5 +1,5 @@
 FROM fedora:24
-ADD ./infrastructure.repo /etc/yum.repos.d/infrastructure.repo
+ADD ./infra-tags.repo /etc/yum.repos.d/infra-tags.repo
 RUN dnf -y install --refresh dnf-plugins-core && dnf -y install docker git python-docker-py python-setuptools e2fsprogs koji python-backports-lzma osbs-client gssproxy fedpkg python-docker-squash atomic-reactor python-atomic-reactor*
 RUN sed -i 's|.*default_ccache_name.*| default_ccache_name = DIR:/tmp/ccache_%{uid}|g' /etc/krb5.conf
 ADD ./krb5.osbs_{{osbs_url}}.keytab /etc/
--- a/files/osbs/buildroot-Dockerfile-staging.j2
+++ b/files/osbs/buildroot-Dockerfile-staging.j2
@ -1,5 +1,5 @@
 FROM fedora:24
-ADD ./infrastructure.repo /etc/yum.repos.d/infrastructure.repo
+ADD ./infra-tags.repo /etc/yum.repos.d/infra-tags.repo
 RUN curl -o /etc/yum.repos.d/maxamillion-atomic-reactor-copr.repo https://copr.fedorainfracloud.org/coprs/maxamillion/atomic-reactor/repo/fedora-24/maxamillion-atomic-reactor-fedora-24.repo
 RUN dnf -y install --refresh dnf-plugins-core && dnf -y install docker git python-docker-py python-setuptools e2fsprogs koji python-backports-lzma osbs-client gssproxy fedpkg python-docker-squash atomic-reactor python-atomic-reactor*
 RUN sed -i 's|.*default_ccache_name.*| default_ccache_name = DIR:/tmp/ccache_%{uid}|g' /etc/krb5.conf
--- a/playbooks/groups/buildvm.yml
+++ b/playbooks/groups/buildvm.yml
@ -123,7 +123,7 @@
          source_registry_uri: 'https://{{ source_registry }}/v2',
          build_host: '{{ osbs_url }}',
          koji_root: 'http://{{ koji_root }}',
-          koji_hub: 'https://koji.stg.fedoraproject.org/kojihub',
+          koji_hub: 'https://koji.fedoraproject.org/kojihub',
          sources_command: 'fedpkg sources',
          build_type: 'prod',
          authoritative_registry: 'registry.example.com',
--- a/playbooks/groups/osbs-cluster.yml
+++ b/playbooks/groups/osbs-cluster.yml
@ -625,24 +625,24 @@

    - name: stat infra repofile
      stat:
-        path: "/etc/yum.repos.d/infrastructure.repo"
+        path: "/etc/yum.repos.d/infra-tags.repo"
      register: infra_repo_stat

    - name: stat /etc/osbs/buildroot/ infra repofile
      stat:
-        path: "/etc/osbs/buildroot/infrastructure.repo"
+        path: "/etc/osbs/buildroot/infra-tags.repo"
      register: etcosbs_infra_repo_stat

    - name: remove old /etc/osbs/buildroot/ infra repofile
      file:
-        path: "/etc/osbs/buildroot/infrastructure.repo"
+        path: "/etc/osbs/buildroot/infra-tags.repo"
        state: absent
      when: etcosbs_infra_repo_stat.stat.exists and infra_repo_stat.stat.checksum != etcosbs_infra_repo_stat.stat.checksum

    - name: Copy repofile for buildroot container (because Docker)
      copy:
-        src: "/etc/yum.repos.d/infrastructure.repo"
-        dest: "/etc/osbs/buildroot/infrastructure.repo"
+        src: "/etc/yum.repos.d/infra-tags.repo"
+        dest: "/etc/osbs/buildroot/infra-tags.repo"
        remote_src: true
      notify:
        - buildroot container
--- a/playbooks/include/proxies-reverseproxy.yml
+++ b/playbooks/include/proxies-reverseproxy.yml
@ -558,3 +558,9 @@
    destname: modernpaste
    proxyurl: http://localhost:10055
    when: env == "staging"
+
+  - role: httpd/reverseproxy
+    website: koji.stg.fedoraproject.org
+    destname: koji
+    proxyurl: http://localhost:10056
+    when: env == "staging"
--- a/playbooks/include/proxies-websites.yml
+++ b/playbooks/include/proxies-websites.yml
@ -475,6 +475,14 @@
    cert_name: "{{wildcard_cert_name}}"
    when: env == "staging"

+  - role: httpd/website
+    name: koji.stg.fedoraproject.org
+    sslonly: true
+    server_aliases:
+    - koji.stg.stg.fedoraproject.org
+    cert_name: "{{wildcard_cert_name}}"
+    when: env == "staging"
+
  - role: httpd/website
    name: apps.fedoraproject.org
    server_aliases: [apps.stg.fedoraproject.org]
--- a/roles/ansible-ansible-openshift-ansible/templates/cluster-inventory.j2
+++ b/roles/ansible-ansible-openshift-ansible/templates/cluster-inventory.j2
@ -9,6 +9,7 @@ ansible_ssh_user=root
 debug_level=2
 deployment_type=origin
 openshift_release={{ openshift_release }}
+openshift_master_manage_htpasswd=false
 openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '{{ openshift_htpasswd_file }}'}]
 openshift_master_public_api_url={{ openshift_master_public_api_url }}

--- a/roles/haproxy/templates/haproxy.cfg
+++ b/roles/haproxy/templates/haproxy.cfg
@ -358,6 +358,14 @@ listen modernpaste 0.0.0.0:10055
    server  modernpaste01 modernpaste01:80 check inter 10s rise 1 fall 2
    option httpchk GET /

+{% endif %}
+{% if env == "staging" %}
+
+listen modernpaste 0.0.0.0:10056
+    balance hdr(appserver)
+    server  koji01 koji01:80 check inter 10s rise 1 fall 2
+    option httpchk GET /
+
 {% endif %}

 # Apache doesn't handle the initial connection here like the other proxy
--- a/roles/keytab/service/tasks/main.yml
+++ b/roles/keytab/service/tasks/main.yml
@ -44,7 +44,7 @@
  - keytab
  - config
  - krb5
-  when: not keytab_status.stat.exists
+  when: not keytab_status.stat.exists and service != "host"

 - name: Grant host access to keytab
  delegate_to: "{{ ipa_server }}"