Also adjust the openshift/keytab role
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
This commit is contained in:
Aurélien Bompard
parent
90715412f2
commit
1b35c7cb27
4 changed files with 15 additions and 5 deletions
|
|
@ -16,6 +16,7 @@
|
|||
- "org.fedoraproject.*.buildsys.tag"
|
||||
- "org.fedoraproject.*.resultsdb.result.new"
|
||||
- "org.fedoraproject.*.waiverdb.waiver.new"
|
||||
- ocp4: true
|
||||
|
||||
pre_tasks:
|
||||
- include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README
|
||||
|
|
@ -77,25 +78,21 @@
|
|||
secret_name: bodhi-keytab
|
||||
service: bodhi
|
||||
host: "bodhi{{ env_suffix }}.fedoraproject.org"
|
||||
ocp4: true
|
||||
- role: openshift/secret-file
|
||||
app: bodhi
|
||||
secret_name: bodhi-fedora-messaging-ca
|
||||
key: cacert.pem
|
||||
privatefile: "rabbitmq/{{env}}/pki/ca.crt"
|
||||
ocp4: true
|
||||
- role: openshift/secret-file
|
||||
app: bodhi
|
||||
secret_name: bodhi-fedora-messaging-crt
|
||||
key: bodhi-cert.pem
|
||||
privatefile: "rabbitmq/{{env}}/pki/issued/bodhi{{env_suffix}}.crt"
|
||||
ocp4: true
|
||||
- role: openshift/secret-file
|
||||
app: bodhi
|
||||
secret_name: bodhi-fedora-messaging-key
|
||||
key: bodhi-key.pem
|
||||
privatefile: "rabbitmq/{{env}}/pki/private/bodhi{{env_suffix}}.key"
|
||||
ocp4: true
|
||||
- role: openshift/object
|
||||
app: bodhi
|
||||
template: imagestreams-tagged.yml
|
||||
|
|
|
|||
1
roles/openshift/keytab/defaults/main.yml
Normal file
1
roles/openshift/keytab/defaults/main.yml
Normal file
|
|
@ -0,0 +1 @@
|
|||
ocp4: false
|
||||
|
|
@ -7,4 +7,11 @@
|
|||
- name: Call `oc secrets new` on the copied file
|
||||
shell: oc -n {{app}} secrets new {{secret_name}} {{key}}=/etc/openshift_apps/{{app}}/{{key}}.kt
|
||||
register: create_out
|
||||
when: not ocp4
|
||||
failed_when: "create_out.rc != 0 and 'AlreadyExists' not in create_out.stderr"
|
||||
|
||||
- name: Call `oc create secret generic` on the copied file
|
||||
shell: oc -n {{app}} create secret generic {{secret_name}} --from-file={{key}}=/etc/openshift_apps/{{app}}/{{key}}.kt
|
||||
register: create_out
|
||||
when: ocp4
|
||||
failed_when: "create_out.rc != 0 and 'AlreadyExists' not in create_out.stderr"
|
||||
|
|
|
|||
|
|
@ -13,7 +13,12 @@
|
|||
failed_when: "('NotFound' not in delete_out.stderr) and (delete_out.rc != 0)"
|
||||
when: secret_privatecert.changed or secret_privatekey.changed
|
||||
|
||||
- name: Call `oc secrets new` on the copied file
|
||||
- name: Call `oc create secret tls` on the copied file
|
||||
shell: oc -n {{app}} create secret tls {{secret_name}} --cert=/etc/openshift_apps/{{app}}/{{key}}.crt --key=/etc/openshift_apps/{{app}}/{{key}}.key
|
||||
register: create_out
|
||||
when: secret_privatecert.changed or secret_privatekey.changed
|
||||
|
||||
- name: Call `oc create secret tls` on the copied file
|
||||
shell: oc -n {{app}} create secret tls {{secret_name}} --cert=/etc/openshift_apps/{{app}}/{{key}}.crt --key=/etc/openshift_apps/{{app}}/{{key}}.key
|
||||
register: create_out
|
||||
when: secret_privatecert.changed or secret_privatekey.changed
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue