diff --git a/files/osbs/buildroot-Dockerfile-production.j2 b/files/osbs/buildroot-Dockerfile-production.j2 index dc047fa184..fcc55681e2 100644 --- a/files/osbs/buildroot-Dockerfile-production.j2 +++ b/files/osbs/buildroot-Dockerfile-production.j2 @@ -1,5 +1,5 @@ FROM fedora:24 -ADD ./infrastructure.repo /etc/yum.repos.d/infrastructure.repo +ADD ./infra-tags.repo /etc/yum.repos.d/infra-tags.repo RUN dnf -y install --refresh dnf-plugins-core && dnf -y install docker git python-docker-py python-setuptools e2fsprogs koji python-backports-lzma osbs-client gssproxy fedpkg python-docker-squash atomic-reactor python-atomic-reactor* RUN sed -i 's|.*default_ccache_name.*| default_ccache_name = DIR:/tmp/ccache_%{uid}|g' /etc/krb5.conf ADD ./krb5.osbs_{{osbs_url}}.keytab /etc/ diff --git a/files/osbs/buildroot-Dockerfile-staging.j2 b/files/osbs/buildroot-Dockerfile-staging.j2 index 5b69d5a990..17c15735c5 100644 --- a/files/osbs/buildroot-Dockerfile-staging.j2 +++ b/files/osbs/buildroot-Dockerfile-staging.j2 @@ -1,5 +1,5 @@ FROM fedora:24 -ADD ./infrastructure.repo /etc/yum.repos.d/infrastructure.repo +ADD ./infra-tags.repo /etc/yum.repos.d/infra-tags.repo RUN curl -o /etc/yum.repos.d/maxamillion-atomic-reactor-copr.repo https://copr.fedorainfracloud.org/coprs/maxamillion/atomic-reactor/repo/fedora-24/maxamillion-atomic-reactor-fedora-24.repo RUN dnf -y install --refresh dnf-plugins-core && dnf -y install docker git python-docker-py python-setuptools e2fsprogs koji python-backports-lzma osbs-client gssproxy fedpkg python-docker-squash atomic-reactor python-atomic-reactor* RUN sed -i 's|.*default_ccache_name.*| default_ccache_name = DIR:/tmp/ccache_%{uid}|g' /etc/krb5.conf diff --git a/playbooks/groups/buildvm.yml b/playbooks/groups/buildvm.yml index 6b10061be7..1290a79d39 100644 --- a/playbooks/groups/buildvm.yml +++ b/playbooks/groups/buildvm.yml @@ -123,7 +123,7 @@ source_registry_uri: 'https://{{ source_registry }}/v2', build_host: '{{ osbs_url }}', koji_root: 'http://{{ koji_root }}', - koji_hub: 'https://koji.stg.fedoraproject.org/kojihub', + koji_hub: 'https://koji.fedoraproject.org/kojihub', sources_command: 'fedpkg sources', build_type: 'prod', authoritative_registry: 'registry.example.com', diff --git a/playbooks/groups/osbs-cluster.yml b/playbooks/groups/osbs-cluster.yml index 65105820b5..f305086844 100644 --- a/playbooks/groups/osbs-cluster.yml +++ b/playbooks/groups/osbs-cluster.yml @@ -625,24 +625,24 @@ - name: stat infra repofile stat: - path: "/etc/yum.repos.d/infrastructure.repo" + path: "/etc/yum.repos.d/infra-tags.repo" register: infra_repo_stat - name: stat /etc/osbs/buildroot/ infra repofile stat: - path: "/etc/osbs/buildroot/infrastructure.repo" + path: "/etc/osbs/buildroot/infra-tags.repo" register: etcosbs_infra_repo_stat - name: remove old /etc/osbs/buildroot/ infra repofile file: - path: "/etc/osbs/buildroot/infrastructure.repo" + path: "/etc/osbs/buildroot/infra-tags.repo" state: absent when: etcosbs_infra_repo_stat.stat.exists and infra_repo_stat.stat.checksum != etcosbs_infra_repo_stat.stat.checksum - name: Copy repofile for buildroot container (because Docker) copy: - src: "/etc/yum.repos.d/infrastructure.repo" - dest: "/etc/osbs/buildroot/infrastructure.repo" + src: "/etc/yum.repos.d/infra-tags.repo" + dest: "/etc/osbs/buildroot/infra-tags.repo" remote_src: true notify: - buildroot container diff --git a/playbooks/include/proxies-reverseproxy.yml b/playbooks/include/proxies-reverseproxy.yml index a45c74d3c8..4966eea505 100644 --- a/playbooks/include/proxies-reverseproxy.yml +++ b/playbooks/include/proxies-reverseproxy.yml @@ -558,3 +558,9 @@ destname: modernpaste proxyurl: http://localhost:10055 when: env == "staging" + + - role: httpd/reverseproxy + website: koji.stg.fedoraproject.org + destname: koji + proxyurl: http://localhost:10056 + when: env == "staging" diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml index aee7bc26a4..dbeb040949 100644 --- a/playbooks/include/proxies-websites.yml +++ b/playbooks/include/proxies-websites.yml @@ -475,6 +475,14 @@ cert_name: "{{wildcard_cert_name}}" when: env == "staging" + - role: httpd/website + name: koji.stg.fedoraproject.org + sslonly: true + server_aliases: + - koji.stg.stg.fedoraproject.org + cert_name: "{{wildcard_cert_name}}" + when: env == "staging" + - role: httpd/website name: apps.fedoraproject.org server_aliases: [apps.stg.fedoraproject.org] diff --git a/roles/ansible-ansible-openshift-ansible/templates/cluster-inventory.j2 b/roles/ansible-ansible-openshift-ansible/templates/cluster-inventory.j2 index 97f2fb7789..620cea2214 100644 --- a/roles/ansible-ansible-openshift-ansible/templates/cluster-inventory.j2 +++ b/roles/ansible-ansible-openshift-ansible/templates/cluster-inventory.j2 @@ -9,6 +9,7 @@ ansible_ssh_user=root debug_level=2 deployment_type=origin openshift_release={{ openshift_release }} +openshift_master_manage_htpasswd=false openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '{{ openshift_htpasswd_file }}'}] openshift_master_public_api_url={{ openshift_master_public_api_url }} diff --git a/roles/haproxy/templates/haproxy.cfg b/roles/haproxy/templates/haproxy.cfg index 56c88afa1f..a96720376a 100644 --- a/roles/haproxy/templates/haproxy.cfg +++ b/roles/haproxy/templates/haproxy.cfg @@ -358,6 +358,14 @@ listen modernpaste 0.0.0.0:10055 server modernpaste01 modernpaste01:80 check inter 10s rise 1 fall 2 option httpchk GET / +{% endif %} +{% if env == "staging" %} + +listen modernpaste 0.0.0.0:10056 + balance hdr(appserver) + server koji01 koji01:80 check inter 10s rise 1 fall 2 + option httpchk GET / + {% endif %} # Apache doesn't handle the initial connection here like the other proxy diff --git a/roles/keytab/service/tasks/main.yml b/roles/keytab/service/tasks/main.yml index 441dac6619..a98c89604f 100644 --- a/roles/keytab/service/tasks/main.yml +++ b/roles/keytab/service/tasks/main.yml @@ -44,7 +44,7 @@ - keytab - config - krb5 - when: not keytab_status.stat.exists + when: not keytab_status.stat.exists and service != "host" - name: Grant host access to keytab delegate_to: "{{ ipa_server }}"