Prefix openshift/keytab

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>

playbooks/openshift-apps/badges.yml

@@ -173,10 +173,10 @@
     - role: openshift/ipa-client
       app: badges
     - role: openshift/keytab
-      app: badges
-      key: fedbadges.keytab
-      secret_name: fedbadges-keytab
-      service: fedbadges
+      keytab_app: badges
+      keytab_key: fedbadges.keytab
+      keytab_secret_name: fedbadges-keytab
+      keytab_service: fedbadges
 
     # Deployment config
     - role: openshift/object

playbooks/openshift-apps/bodhi.yml

@@ -74,11 +74,11 @@
     object_file: pvc.yml
     object_objectname: pvc.yml
   - role: openshift/keytab
-    app: bodhi
-    key: koji-keytab
-    secret_name: bodhi-keytab
-    service: bodhi
-    host: "bodhi{{ env_suffix }}.fedoraproject.org"
+    keytab_app: bodhi
+    keytab_key: koji-keytab
+    keytab_secret_name: bodhi-keytab
+    keytab_service: bodhi
+    keytab_host: "bodhi{{ env_suffix }}.fedoraproject.org"
   - role: openshift/secret-file
     app: bodhi
     secret_name: bodhi-fedora-messaging-ca

playbooks/openshift-apps/bugzilla2fedmsg.yml

@@ -60,10 +60,10 @@
   - role: openshift/ipa-client
     app: bugzilla2fedmsg
   - role: openshift/keytab
-    app: bugzilla2fedmsg
-    key: service.keytab
-    secret_name: keytab
-    service: bugzilla2fedmsg
+    keytab_app: bugzilla2fedmsg
+    keytab_key: service.keytab
+    keytab_secret_name: keytab
+    keytab_service: bugzilla2fedmsg
 
   - role: openshift/imagestream
     app: bugzilla2fedmsg

playbooks/openshift-apps/coreos-koji-tagger.yml

@@ -27,11 +27,11 @@
   # Create a keytab. The default username will be like:
   # coreos-koji-tagger/coreos-koji-tagger.fedoraproject.org@FEDORAPROJECT.ORG
   - role: openshift/keytab
-    app: coreos-koji-tagger
-    key: koji-keytab
-    secret_name: coreos-koji-tagger-keytab
-    service: coreos-koji-tagger
-    host: "coreos-koji-tagger{{ env_suffix }}.fedoraproject.org"
+    keytab_app: coreos-koji-tagger
+    keytab_key: koji-keytab
+    keytab_secret_name: coreos-koji-tagger-keytab
+    keytab_service: coreos-koji-tagger
+    keytab_host: "coreos-koji-tagger{{ env_suffix }}.fedoraproject.org"
 
   # Copy in a kerberos config that is unique to fedora infra
   - role: openshift/object

playbooks/openshift-apps/elections.yml

@@ -45,11 +45,11 @@
     - appowners
 
   - role: openshift/keytab
-    app: elections
-    key: service.keytab
-    secret_name: elections-keytab
-    service: HTTP
-    host: "elections{{ env_suffix }}.fedoraproject.org"
+    keytab_app: elections
+    keytab_key: service.keytab
+    keytab_secret_name: elections-keytab
+    keytab_service: HTTP
+    keytab_host: "elections{{ env_suffix }}.fedoraproject.org"
 
   - role: openshift/ipa-client
     app: elections

playbooks/openshift-apps/fasjson.yml

@@ -56,11 +56,11 @@
 
   # Keytabs
   - role: openshift/keytab
-    app: fasjson
-    key: http
-    secret_name: fasjson-keytab-http
-    service: HTTP
-    host: "fasjson{{ env_suffix }}.fedoraproject.org"
+    keytab_app: fasjson
+    keytab_key: http
+    keytab_secret_name: fasjson-keytab-http
+    keytab_service: HTTP
+    keytab_host: "fasjson{{ env_suffix }}.fedoraproject.org"
 
   # Session secret key
   - role: openshift/secret-file

playbooks/openshift-apps/fmn.yml

@@ -209,10 +209,10 @@
     - role: openshift/ipa-client
       app: fmn
     - role: openshift/keytab
-      app: fmn
-      key: service.keytab
-      secret_name: keytab
-      service: fmn
+      keytab_app: fmn
+      keytab_key: service.keytab
+      keytab_secret_name: keytab
+      keytab_service: fmn
 
     # Cron jobs
     - role: openshift/object

playbooks/openshift-apps/koschei.yml

@@ -22,10 +22,11 @@
   - openshift/project
 
   - role: openshift/keytab
-    secret_name: keytab
-    key: krb5.keytab
-    service: koschei
-    host: "koschei-backend01{{ env_suffix }}.iad2.fedoraproject.org"
+    keytab_app: "{{ app }}"
+    keytab_secret_name: keytab
+    keytab_key: krb5.keytab
+    keytab_service: koschei
+    keytab_host: "koschei-backend01{{ env_suffix }}.iad2.fedoraproject.org"
 
   - role: openshift/route
     route_routename: frontend

playbooks/openshift-apps/maubot.yml

@@ -43,11 +43,11 @@
     - kevin
 
   - role: openshift/keytab
-    app: maubot
-    key: service.keytab
-    secret_name: maubot-keytab
-    service: HTTP
-    host: "maubot.apps.ocp{{env_suffix}}.fedoraproject.org"
+    keytab_app: maubot
+    keytab_key: service.keytab
+    keytab_secret_name: maubot-keytab
+    keytab_service: HTTP
+    keytab_host: "maubot.apps.ocp{{env_suffix}}.fedoraproject.org"
 
   - role: openshift/ipa-client
     app: maubot

playbooks/openshift-apps/monitor_gating.yml

@@ -25,10 +25,10 @@
     user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.monitor-gating\..*
 
   - role: openshift/keytab
-    app: monitor-gating
-    key: monitor-gating-keytab
-    secret_name: monitor-gating-keytab
-    service: packagerbot
+    keytab_app: monitor-gating
+    keytab_key: monitor-gating-keytab
+    keytab_secret_name: monitor-gating-keytab
+    keytab_service: packagerbot
 
   - role: openshift/secret-file
     app: monitor-gating

playbooks/openshift-apps/openscanhub.yml

@@ -55,18 +55,18 @@
     object_template: osh-hub-httpd-configmap.yml
     object_objectname: osh-hub-httpd-configmap
   - role: openshift/keytab
-    app: openscanhub
-    key: service.keytab
-    secret_name: openscanhub-keytab
-    service: HTTP
-    host: "openscanhub.stg.fedoraproject.org"
+    keytab_app: openscanhub
+    keytab_key: service.keytab
+    keytab_secret_name: openscanhub-keytab
+    keytab_service: HTTP
+    keytab_host: "openscanhub.stg.fedoraproject.org"
     when: env == "staging"
   - role: openshift/keytab
-    app: openscanhub
-    key: service.keytab
-    secret_name: openscanhub-keytab
-    service: HTTP
-    host: "openscanhub.fedoraproject.org"
+    keytab_app: openscanhub
+    keytab_key: service.keytab
+    keytab_secret_name: openscanhub-keytab
+    keytab_service: HTTP
+    keytab_host: "openscanhub.fedoraproject.org"
     when: env == "production"
   - role: openshift/object
     object_app: openscanhub

playbooks/openshift-apps/planet.yml

@@ -21,11 +21,11 @@
 
   # Keytabs
   - role: openshift/keytab
-    app: planet
-    key: http
-    secret_name: planet-keytab-http
-    service: HTTP
-    host: "planet.apps.ocp{{env_suffix}}.fedoraproject.org"
+    keytab_app: planet
+    keytab_key: http
+    keytab_secret_name: planet-keytab-http
+    keytab_service: HTTP
+    keytab_host: "planet.apps.ocp{{env_suffix}}.fedoraproject.org"
 
   - role: openshift/imagestream
     app: planet

playbooks/openshift-apps/poddlers.yml

@@ -47,10 +47,10 @@
         - appowners
 
     - role: openshift/keytab
-      app: poddlers
-      key: service.keytab
-      secret_name: keytab
-      service: toddlers
+      keytab_app: poddlers
+      keytab_key: service.keytab
+      keytab_secret_name: keytab
+      keytab_service: toddlers
 
     - role: openshift/ipa-client
       app: poddlers

playbooks/openshift-apps/the-new-hotness.yml

@@ -30,19 +30,19 @@
     - zlopez
 
   - role: openshift/keytab
-    app: the-new-hotness
-    key: koji-keytab
-    secret_name: the-new-hotness-keytab
-    service: the-new-hotness
-    host: "release-monitoring.org"
+    keytab_app: the-new-hotness
+    keytab_key: koji-keytab
+    keytab_secret_name: the-new-hotness-keytab
+    keytab_service: the-new-hotness
+    keytab_host: "release-monitoring.org"
     when: env == "production"
 
   - role: openshift/keytab
-    app: the-new-hotness
-    key: koji-keytab
-    secret_name: the-new-hotness-keytab
-    service: the-new-hotness
-    host: "stg.release-monitoring.org"
+    keytab_app: the-new-hotness
+    keytab_key: koji-keytab
+    keytab_secret_name: the-new-hotness-keytab
+    keytab_service: the-new-hotness
+    keytab_host: "stg.release-monitoring.org"
     when: env == "staging"
 
   - role: openshift/secret-file

playbooks/openshift-apps/toddlers.yml

@@ -61,10 +61,10 @@
     sent_topics: ^org\.fedoraproject\.{{ env_short }}\.toddlers\..*
 
   - role: openshift/keytab
-    app: toddlers
-    key: service.keytab
-    secret_name: toddlers-keytab
-    service: toddlers
+    keytab_app: toddlers
+    keytab_key: service.keytab
+    keytab_secret_name: toddlers-keytab
+    keytab_service: toddlers
 
   - role: openshift/ipa-client
     app: toddlers

playbooks/openshift-apps/webhook2fedmsg.yml

@@ -102,10 +102,10 @@
     - role: openshift/ipa-client
       app: webhook2fedmsg
     - role: openshift/keytab
-      app: webhook2fedmsg
-      key: service.keytab
-      secret_name: keytab
-      service: webhook2fedmsg
+      keytab_app: webhook2fedmsg
+      keytab_key: service.keytab
+      keytab_secret_name: keytab
+      keytab_service: webhook2fedmsg
 
     # Deployment config
     - role: openshift/object

roles/openshift/keytab/tasks/main.yml

@@ -3,16 +3,16 @@
   include_role:
     name: keytab/service
   vars:
-    kt_location: "/etc/openshift_apps/{{app}}/{{key}}.kt"
+    kt_location: "/etc/openshift_apps/{{keytab_app}}/{{keytab_key}}.kt"
 
 - name: Call `oc secrets new` on the copied file
-  shell: oc -n {{app}} secrets new {{secret_name}} {{key}}=/etc/openshift_apps/{{app}}/{{key}}.kt
+  shell: oc -n {{keytab_app}} secrets new {{keytab_secret_name}} {{keytab_key}}=/etc/openshift_apps/{{keytab_app}}/{{keytab_key}}.kt
   register: create_out
   when: not ocp4
   failed_when: "create_out.rc != 0 and 'AlreadyExists' not in create_out.stderr"
 
 - name: Call `oc create secret generic` on the copied file
-  shell: oc -n {{app}} create secret generic {{secret_name}} --from-file={{key}}=/etc/openshift_apps/{{app}}/{{key}}.kt
+  shell: oc -n {{keytab_app}} create secret generic {{keytab_secret_name}} --from-file={{keytab_key}}=/etc/openshift_apps/{{keytab_app}}/{{keytab_key}}.kt
   register: create_out
   when: ocp4 and not keytab_status.stat.exists
   failed_when: "create_out.rc != 0 and 'AlreadyExists' not in create_out.stderr"