Also adjust the openshift/keytab role
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
This commit is contained in:
Aurélien Bompard
parent
90715412f2
commit
1b35c7cb27
4 changed files with 15 additions and 5 deletions
|
|
@ -16,6 +16,7 @@
|
||||||
- "org.fedoraproject.*.buildsys.tag"
|
- "org.fedoraproject.*.buildsys.tag"
|
||||||
- "org.fedoraproject.*.resultsdb.result.new"
|
- "org.fedoraproject.*.resultsdb.result.new"
|
||||||
- "org.fedoraproject.*.waiverdb.waiver.new"
|
- "org.fedoraproject.*.waiverdb.waiver.new"
|
||||||
|
- ocp4: true
|
||||||
|
|
||||||
pre_tasks:
|
pre_tasks:
|
||||||
- include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README
|
- include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README
|
||||||
|
|
@ -77,25 +78,21 @@
|
||||||
secret_name: bodhi-keytab
|
secret_name: bodhi-keytab
|
||||||
service: bodhi
|
service: bodhi
|
||||||
host: "bodhi{{ env_suffix }}.fedoraproject.org"
|
host: "bodhi{{ env_suffix }}.fedoraproject.org"
|
||||||
ocp4: true
|
|
||||||
- role: openshift/secret-file
|
- role: openshift/secret-file
|
||||||
app: bodhi
|
app: bodhi
|
||||||
secret_name: bodhi-fedora-messaging-ca
|
secret_name: bodhi-fedora-messaging-ca
|
||||||
key: cacert.pem
|
key: cacert.pem
|
||||||
privatefile: "rabbitmq/{{env}}/pki/ca.crt"
|
privatefile: "rabbitmq/{{env}}/pki/ca.crt"
|
||||||
ocp4: true
|
|
||||||
- role: openshift/secret-file
|
- role: openshift/secret-file
|
||||||
app: bodhi
|
app: bodhi
|
||||||
secret_name: bodhi-fedora-messaging-crt
|
secret_name: bodhi-fedora-messaging-crt
|
||||||
key: bodhi-cert.pem
|
key: bodhi-cert.pem
|
||||||
privatefile: "rabbitmq/{{env}}/pki/issued/bodhi{{env_suffix}}.crt"
|
privatefile: "rabbitmq/{{env}}/pki/issued/bodhi{{env_suffix}}.crt"
|
||||||
ocp4: true
|
|
||||||
- role: openshift/secret-file
|
- role: openshift/secret-file
|
||||||
app: bodhi
|
app: bodhi
|
||||||
secret_name: bodhi-fedora-messaging-key
|
secret_name: bodhi-fedora-messaging-key
|
||||||
key: bodhi-key.pem
|
key: bodhi-key.pem
|
||||||
privatefile: "rabbitmq/{{env}}/pki/private/bodhi{{env_suffix}}.key"
|
privatefile: "rabbitmq/{{env}}/pki/private/bodhi{{env_suffix}}.key"
|
||||||
ocp4: true
|
|
||||||
- role: openshift/object
|
- role: openshift/object
|
||||||
app: bodhi
|
app: bodhi
|
||||||
template: imagestreams-tagged.yml
|
template: imagestreams-tagged.yml
|
||||||
|
|
|
||||||
1
roles/openshift/keytab/defaults/main.yml
Normal file
1
roles/openshift/keytab/defaults/main.yml
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
ocp4: false
|
||||||
|
|
@ -7,4 +7,11 @@
|
||||||
- name: Call `oc secrets new` on the copied file
|
- name: Call `oc secrets new` on the copied file
|
||||||
shell: oc -n {{app}} secrets new {{secret_name}} {{key}}=/etc/openshift_apps/{{app}}/{{key}}.kt
|
shell: oc -n {{app}} secrets new {{secret_name}} {{key}}=/etc/openshift_apps/{{app}}/{{key}}.kt
|
||||||
register: create_out
|
register: create_out
|
||||||
|
when: not ocp4
|
||||||
|
failed_when: "create_out.rc != 0 and 'AlreadyExists' not in create_out.stderr"
|
||||||
|
|
||||||
|
- name: Call `oc create secret generic` on the copied file
|
||||||
|
shell: oc -n {{app}} create secret generic {{secret_name}} --from-file={{key}}=/etc/openshift_apps/{{app}}/{{key}}.kt
|
||||||
|
register: create_out
|
||||||
|
when: ocp4
|
||||||
failed_when: "create_out.rc != 0 and 'AlreadyExists' not in create_out.stderr"
|
failed_when: "create_out.rc != 0 and 'AlreadyExists' not in create_out.stderr"
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,12 @@
|
||||||
failed_when: "('NotFound' not in delete_out.stderr) and (delete_out.rc != 0)"
|
failed_when: "('NotFound' not in delete_out.stderr) and (delete_out.rc != 0)"
|
||||||
when: secret_privatecert.changed or secret_privatekey.changed
|
when: secret_privatecert.changed or secret_privatekey.changed
|
||||||
|
|
||||||
- name: Call `oc secrets new` on the copied file
|
- name: Call `oc create secret tls` on the copied file
|
||||||
|
shell: oc -n {{app}} create secret tls {{secret_name}} --cert=/etc/openshift_apps/{{app}}/{{key}}.crt --key=/etc/openshift_apps/{{app}}/{{key}}.key
|
||||||
|
register: create_out
|
||||||
|
when: secret_privatecert.changed or secret_privatekey.changed
|
||||||
|
|
||||||
|
- name: Call `oc create secret tls` on the copied file
|
||||||
shell: oc -n {{app}} create secret tls {{secret_name}} --cert=/etc/openshift_apps/{{app}}/{{key}}.crt --key=/etc/openshift_apps/{{app}}/{{key}}.key
|
shell: oc -n {{app}} create secret tls {{secret_name}} --cert=/etc/openshift_apps/{{app}}/{{key}}.crt --key=/etc/openshift_apps/{{app}}/{{key}}.key
|
||||||
register: create_out
|
register: create_out
|
||||||
when: secret_privatecert.changed or secret_privatekey.changed
|
when: secret_privatecert.changed or secret_privatekey.changed
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue