From cf82a481be668695d5909a4e76ebab234e16d3a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= Date: Thu, 28 Nov 2024 17:51:53 +0100 Subject: [PATCH] Prefix openshift/keytab MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Aurélien Bompard --- playbooks/openshift-apps/badges.yml | 8 ++++---- playbooks/openshift-apps/bodhi.yml | 10 +++++----- playbooks/openshift-apps/bugzilla2fedmsg.yml | 8 ++++---- .../openshift-apps/coreos-koji-tagger.yml | 10 +++++----- playbooks/openshift-apps/elections.yml | 10 +++++----- playbooks/openshift-apps/fasjson.yml | 10 +++++----- playbooks/openshift-apps/fmn.yml | 8 ++++---- playbooks/openshift-apps/koschei.yml | 9 +++++---- playbooks/openshift-apps/maubot.yml | 10 +++++----- playbooks/openshift-apps/monitor_gating.yml | 8 ++++---- playbooks/openshift-apps/openscanhub.yml | 20 +++++++++---------- playbooks/openshift-apps/planet.yml | 10 +++++----- playbooks/openshift-apps/poddlers.yml | 8 ++++---- playbooks/openshift-apps/the-new-hotness.yml | 20 +++++++++---------- playbooks/openshift-apps/toddlers.yml | 8 ++++---- playbooks/openshift-apps/webhook2fedmsg.yml | 8 ++++---- roles/openshift/keytab/tasks/main.yml | 6 +++--- 17 files changed, 86 insertions(+), 85 deletions(-) diff --git a/playbooks/openshift-apps/badges.yml b/playbooks/openshift-apps/badges.yml index 989abc381f..d928039a8f 100644 --- a/playbooks/openshift-apps/badges.yml +++ b/playbooks/openshift-apps/badges.yml @@ -173,10 +173,10 @@ - role: openshift/ipa-client app: badges - role: openshift/keytab - app: badges - key: fedbadges.keytab - secret_name: fedbadges-keytab - service: fedbadges + keytab_app: badges + keytab_key: fedbadges.keytab + keytab_secret_name: fedbadges-keytab + keytab_service: fedbadges # Deployment config - role: openshift/object diff --git a/playbooks/openshift-apps/bodhi.yml b/playbooks/openshift-apps/bodhi.yml index a91afd8c91..74692a12c4 100644 --- a/playbooks/openshift-apps/bodhi.yml +++ b/playbooks/openshift-apps/bodhi.yml @@ -74,11 +74,11 @@ object_file: pvc.yml object_objectname: pvc.yml - role: openshift/keytab - app: bodhi - key: koji-keytab - secret_name: bodhi-keytab - service: bodhi - host: "bodhi{{ env_suffix }}.fedoraproject.org" + keytab_app: bodhi + keytab_key: koji-keytab + keytab_secret_name: bodhi-keytab + keytab_service: bodhi + keytab_host: "bodhi{{ env_suffix }}.fedoraproject.org" - role: openshift/secret-file app: bodhi secret_name: bodhi-fedora-messaging-ca diff --git a/playbooks/openshift-apps/bugzilla2fedmsg.yml b/playbooks/openshift-apps/bugzilla2fedmsg.yml index 44b9320e69..c5b25d142d 100644 --- a/playbooks/openshift-apps/bugzilla2fedmsg.yml +++ b/playbooks/openshift-apps/bugzilla2fedmsg.yml @@ -60,10 +60,10 @@ - role: openshift/ipa-client app: bugzilla2fedmsg - role: openshift/keytab - app: bugzilla2fedmsg - key: service.keytab - secret_name: keytab - service: bugzilla2fedmsg + keytab_app: bugzilla2fedmsg + keytab_key: service.keytab + keytab_secret_name: keytab + keytab_service: bugzilla2fedmsg - role: openshift/imagestream app: bugzilla2fedmsg diff --git a/playbooks/openshift-apps/coreos-koji-tagger.yml b/playbooks/openshift-apps/coreos-koji-tagger.yml index 5121cf07e7..8d339f9132 100644 --- a/playbooks/openshift-apps/coreos-koji-tagger.yml +++ b/playbooks/openshift-apps/coreos-koji-tagger.yml @@ -27,11 +27,11 @@ # Create a keytab. The default username will be like: # coreos-koji-tagger/coreos-koji-tagger.fedoraproject.org@FEDORAPROJECT.ORG - role: openshift/keytab - app: coreos-koji-tagger - key: koji-keytab - secret_name: coreos-koji-tagger-keytab - service: coreos-koji-tagger - host: "coreos-koji-tagger{{ env_suffix }}.fedoraproject.org" + keytab_app: coreos-koji-tagger + keytab_key: koji-keytab + keytab_secret_name: coreos-koji-tagger-keytab + keytab_service: coreos-koji-tagger + keytab_host: "coreos-koji-tagger{{ env_suffix }}.fedoraproject.org" # Copy in a kerberos config that is unique to fedora infra - role: openshift/object diff --git a/playbooks/openshift-apps/elections.yml b/playbooks/openshift-apps/elections.yml index eb9d76d3a0..a4afe5dab0 100644 --- a/playbooks/openshift-apps/elections.yml +++ b/playbooks/openshift-apps/elections.yml @@ -45,11 +45,11 @@ - appowners - role: openshift/keytab - app: elections - key: service.keytab - secret_name: elections-keytab - service: HTTP - host: "elections{{ env_suffix }}.fedoraproject.org" + keytab_app: elections + keytab_key: service.keytab + keytab_secret_name: elections-keytab + keytab_service: HTTP + keytab_host: "elections{{ env_suffix }}.fedoraproject.org" - role: openshift/ipa-client app: elections diff --git a/playbooks/openshift-apps/fasjson.yml b/playbooks/openshift-apps/fasjson.yml index b183b662cc..9b5ae1f3a1 100644 --- a/playbooks/openshift-apps/fasjson.yml +++ b/playbooks/openshift-apps/fasjson.yml @@ -56,11 +56,11 @@ # Keytabs - role: openshift/keytab - app: fasjson - key: http - secret_name: fasjson-keytab-http - service: HTTP - host: "fasjson{{ env_suffix }}.fedoraproject.org" + keytab_app: fasjson + keytab_key: http + keytab_secret_name: fasjson-keytab-http + keytab_service: HTTP + keytab_host: "fasjson{{ env_suffix }}.fedoraproject.org" # Session secret key - role: openshift/secret-file diff --git a/playbooks/openshift-apps/fmn.yml b/playbooks/openshift-apps/fmn.yml index 1bfe0113f8..ae71536986 100644 --- a/playbooks/openshift-apps/fmn.yml +++ b/playbooks/openshift-apps/fmn.yml @@ -209,10 +209,10 @@ - role: openshift/ipa-client app: fmn - role: openshift/keytab - app: fmn - key: service.keytab - secret_name: keytab - service: fmn + keytab_app: fmn + keytab_key: service.keytab + keytab_secret_name: keytab + keytab_service: fmn # Cron jobs - role: openshift/object diff --git a/playbooks/openshift-apps/koschei.yml b/playbooks/openshift-apps/koschei.yml index afc1bc9dcf..40a4817616 100644 --- a/playbooks/openshift-apps/koschei.yml +++ b/playbooks/openshift-apps/koschei.yml @@ -22,10 +22,11 @@ - openshift/project - role: openshift/keytab - secret_name: keytab - key: krb5.keytab - service: koschei - host: "koschei-backend01{{ env_suffix }}.iad2.fedoraproject.org" + keytab_app: "{{ app }}" + keytab_secret_name: keytab + keytab_key: krb5.keytab + keytab_service: koschei + keytab_host: "koschei-backend01{{ env_suffix }}.iad2.fedoraproject.org" - role: openshift/route route_routename: frontend diff --git a/playbooks/openshift-apps/maubot.yml b/playbooks/openshift-apps/maubot.yml index d1d880c7c9..9b27971b85 100644 --- a/playbooks/openshift-apps/maubot.yml +++ b/playbooks/openshift-apps/maubot.yml @@ -43,11 +43,11 @@ - kevin - role: openshift/keytab - app: maubot - key: service.keytab - secret_name: maubot-keytab - service: HTTP - host: "maubot.apps.ocp{{env_suffix}}.fedoraproject.org" + keytab_app: maubot + keytab_key: service.keytab + keytab_secret_name: maubot-keytab + keytab_service: HTTP + keytab_host: "maubot.apps.ocp{{env_suffix}}.fedoraproject.org" - role: openshift/ipa-client app: maubot diff --git a/playbooks/openshift-apps/monitor_gating.yml b/playbooks/openshift-apps/monitor_gating.yml index a6389bcc72..a4d11c2b67 100644 --- a/playbooks/openshift-apps/monitor_gating.yml +++ b/playbooks/openshift-apps/monitor_gating.yml @@ -25,10 +25,10 @@ user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.monitor-gating\..* - role: openshift/keytab - app: monitor-gating - key: monitor-gating-keytab - secret_name: monitor-gating-keytab - service: packagerbot + keytab_app: monitor-gating + keytab_key: monitor-gating-keytab + keytab_secret_name: monitor-gating-keytab + keytab_service: packagerbot - role: openshift/secret-file app: monitor-gating diff --git a/playbooks/openshift-apps/openscanhub.yml b/playbooks/openshift-apps/openscanhub.yml index 37d4d21e5e..f99d18d5e2 100644 --- a/playbooks/openshift-apps/openscanhub.yml +++ b/playbooks/openshift-apps/openscanhub.yml @@ -55,18 +55,18 @@ object_template: osh-hub-httpd-configmap.yml object_objectname: osh-hub-httpd-configmap - role: openshift/keytab - app: openscanhub - key: service.keytab - secret_name: openscanhub-keytab - service: HTTP - host: "openscanhub.stg.fedoraproject.org" + keytab_app: openscanhub + keytab_key: service.keytab + keytab_secret_name: openscanhub-keytab + keytab_service: HTTP + keytab_host: "openscanhub.stg.fedoraproject.org" when: env == "staging" - role: openshift/keytab - app: openscanhub - key: service.keytab - secret_name: openscanhub-keytab - service: HTTP - host: "openscanhub.fedoraproject.org" + keytab_app: openscanhub + keytab_key: service.keytab + keytab_secret_name: openscanhub-keytab + keytab_service: HTTP + keytab_host: "openscanhub.fedoraproject.org" when: env == "production" - role: openshift/object object_app: openscanhub diff --git a/playbooks/openshift-apps/planet.yml b/playbooks/openshift-apps/planet.yml index 758329e6d8..857c00474e 100644 --- a/playbooks/openshift-apps/planet.yml +++ b/playbooks/openshift-apps/planet.yml @@ -21,11 +21,11 @@ # Keytabs - role: openshift/keytab - app: planet - key: http - secret_name: planet-keytab-http - service: HTTP - host: "planet.apps.ocp{{env_suffix}}.fedoraproject.org" + keytab_app: planet + keytab_key: http + keytab_secret_name: planet-keytab-http + keytab_service: HTTP + keytab_host: "planet.apps.ocp{{env_suffix}}.fedoraproject.org" - role: openshift/imagestream app: planet diff --git a/playbooks/openshift-apps/poddlers.yml b/playbooks/openshift-apps/poddlers.yml index ae3c6a5f73..dec9fb67cb 100644 --- a/playbooks/openshift-apps/poddlers.yml +++ b/playbooks/openshift-apps/poddlers.yml @@ -47,10 +47,10 @@ - appowners - role: openshift/keytab - app: poddlers - key: service.keytab - secret_name: keytab - service: toddlers + keytab_app: poddlers + keytab_key: service.keytab + keytab_secret_name: keytab + keytab_service: toddlers - role: openshift/ipa-client app: poddlers diff --git a/playbooks/openshift-apps/the-new-hotness.yml b/playbooks/openshift-apps/the-new-hotness.yml index 92bf11ca00..bf51787b6f 100644 --- a/playbooks/openshift-apps/the-new-hotness.yml +++ b/playbooks/openshift-apps/the-new-hotness.yml @@ -30,19 +30,19 @@ - zlopez - role: openshift/keytab - app: the-new-hotness - key: koji-keytab - secret_name: the-new-hotness-keytab - service: the-new-hotness - host: "release-monitoring.org" + keytab_app: the-new-hotness + keytab_key: koji-keytab + keytab_secret_name: the-new-hotness-keytab + keytab_service: the-new-hotness + keytab_host: "release-monitoring.org" when: env == "production" - role: openshift/keytab - app: the-new-hotness - key: koji-keytab - secret_name: the-new-hotness-keytab - service: the-new-hotness - host: "stg.release-monitoring.org" + keytab_app: the-new-hotness + keytab_key: koji-keytab + keytab_secret_name: the-new-hotness-keytab + keytab_service: the-new-hotness + keytab_host: "stg.release-monitoring.org" when: env == "staging" - role: openshift/secret-file diff --git a/playbooks/openshift-apps/toddlers.yml b/playbooks/openshift-apps/toddlers.yml index 8b5a3c6d6b..e2458ebf66 100644 --- a/playbooks/openshift-apps/toddlers.yml +++ b/playbooks/openshift-apps/toddlers.yml @@ -61,10 +61,10 @@ sent_topics: ^org\.fedoraproject\.{{ env_short }}\.toddlers\..* - role: openshift/keytab - app: toddlers - key: service.keytab - secret_name: toddlers-keytab - service: toddlers + keytab_app: toddlers + keytab_key: service.keytab + keytab_secret_name: toddlers-keytab + keytab_service: toddlers - role: openshift/ipa-client app: toddlers diff --git a/playbooks/openshift-apps/webhook2fedmsg.yml b/playbooks/openshift-apps/webhook2fedmsg.yml index 8b4f0196b9..86861250c1 100644 --- a/playbooks/openshift-apps/webhook2fedmsg.yml +++ b/playbooks/openshift-apps/webhook2fedmsg.yml @@ -102,10 +102,10 @@ - role: openshift/ipa-client app: webhook2fedmsg - role: openshift/keytab - app: webhook2fedmsg - key: service.keytab - secret_name: keytab - service: webhook2fedmsg + keytab_app: webhook2fedmsg + keytab_key: service.keytab + keytab_secret_name: keytab + keytab_service: webhook2fedmsg # Deployment config - role: openshift/object diff --git a/roles/openshift/keytab/tasks/main.yml b/roles/openshift/keytab/tasks/main.yml index 7410583a51..9764f7187a 100644 --- a/roles/openshift/keytab/tasks/main.yml +++ b/roles/openshift/keytab/tasks/main.yml @@ -3,16 +3,16 @@ include_role: name: keytab/service vars: - kt_location: "/etc/openshift_apps/{{app}}/{{key}}.kt" + kt_location: "/etc/openshift_apps/{{keytab_app}}/{{keytab_key}}.kt" - name: Call `oc secrets new` on the copied file - shell: oc -n {{app}} secrets new {{secret_name}} {{key}}=/etc/openshift_apps/{{app}}/{{key}}.kt + shell: oc -n {{keytab_app}} secrets new {{keytab_secret_name}} {{keytab_key}}=/etc/openshift_apps/{{keytab_app}}/{{keytab_key}}.kt register: create_out when: not ocp4 failed_when: "create_out.rc != 0 and 'AlreadyExists' not in create_out.stderr" - name: Call `oc create secret generic` on the copied file - shell: oc -n {{app}} create secret generic {{secret_name}} --from-file={{key}}=/etc/openshift_apps/{{app}}/{{key}}.kt + shell: oc -n {{keytab_app}} create secret generic {{keytab_secret_name}} --from-file={{keytab_key}}=/etc/openshift_apps/{{keytab_app}}/{{keytab_key}}.kt register: create_out when: ocp4 and not keytab_status.stat.exists failed_when: "create_out.rc != 0 and 'AlreadyExists' not in create_out.stderr"