Update osbs-namespace to latest upstream.

This is an update of the ansible-role-osbs-namespace role to the latest upstream available + PR16 not yet merged. https://github.com/projectatomic/ansible-role-osbs-namespace Signed-off-by: Clement Verna <cverna@tutanota.com>
2018-02-19 14:55:32 +01:00 · 2018-02-19 14:55:32 +01:00 · fb240ea470
commit fb240ea470
parent 65ef0a7240
22 changed files with 414 additions and 84 deletions
--- a/roles/osbs-namespace/README.md
+++ b/roles/osbs-namespace/README.md
@ -35,12 +35,12 @@ Role Variables
    # in orchestrator workspace
    osbs_worker_clusters:
      x86_64:
-        - name: prod-x86_64-on-prem
+        - name: prod-first-x86_64
          max_concurrent_builds: 6
-          openshift_url: https://my-x86_64-on-premise-cluster.redhat.com:8443
-        - name: prod-x86_64-osd
+          openshift_url: https://my-first-x86_64-cluster.fedoraproject.org:8443
+        - name: prod-second-x86_64
          max_concurrent_builds: 16
-          openshift_url: https://my-x86_64-osd-cluster.redhat.com:8443
+          openshift_url: https://my-second-x86_64-cluster.fedoraproject.org
          # optional params, and their defaults:
          enabled: true # yaml boolean
          namespace: worker
@ -48,9 +48,9 @@ Role Variables
          verify_ssl: 'true' # yaml string

      ppc64le:
-        - name: prod-ppc64le-on-prem
+        - name: prod-ppc64le
          max_concurrent_builds: 6
-          openshift_url: https://my-ppc64le-on-premise-cluster.redhat.com:8443
+          openshift_url: https://my-ppc64le-cluster.fedoraproject.org:8443

    # Service accounts to be created - these accounts will also be bound to
    # edit clusterrole and osbs-custom-build role in specified namespace
@ -86,8 +86,8 @@ Role Variables

    # Koji integration
    osbs_koji_secret_name: kojisecret
-    osbs_koji_hub: https://koji-hub.redhat.com  # Empty default value
-    osbs_koji_root: https://koji-root.redhat.com  # Empty default value
+    osbs_koji_hub: https://koji.fedoraproject.org  # Empty default value
+    osbs_koji_root: https://koji.fedoraproject.org/kojihub  # Empty default value

    # Pulp integration
    osbs_pulp_secret_name: pulpsecret
@ -98,11 +98,18 @@ Role Variables
    osbs_registry_api_version:
    - v1
    - v2
-    osbs_registry_uri: https://distribution-registry.redhat.com/v2  # Empty default value
+    osbs_registry_uri: https://distribution.registry.fedoraproject.org/v2  # Empty default value

    # Dist-git integration
-    osbs_sources_command: rhpkg sources
-    osbs_source_registry_uri: https://source-registry.redhat.com  # Empty default value
+    osbs_sources_command: fedpkg sources
+    osbs_source_registry_uri: https://source.registry.fedoraproject.org  # Empty default value
+
+    # Pruning
+    osbs_prune: false
+    osbs_prune_schedule: '0 0 */8 * *'
+    osbs_prune_secret: ''
+    osbs_prune_image: ''
+    osbs_prune_commands: ["/prune.sh"]

 For a full list, see defaults/main.yml

--- a/roles/osbs-namespace/defaults/main.yml
+++ b/roles/osbs-namespace/defaults/main.yml
@ -24,7 +24,7 @@ osbs_worker_clusters: {}

 osbs_koji_secret_name: kojisecret
 osbs_distribution_scope: public
-osbs_authoritative_registry: registry.access.redhat.com
+osbs_authoritative_registry: registry.fedoraproject.org
 osbs_koji_hub: ''
 osbs_koji_root: ''
 osbs_pulp_registry_name: ''
@ -36,6 +36,21 @@ osbs_registry_secret_name: v2-registry-dockercfg
 osbs_registry_uri: ''
 osbs_source_registry_uri: ''
 osbs_build_json_dir: /usr/share/osbs
-osbs_sources_command: rhpkg sources
-osbs_vendor: Red Hat, Inc.
+osbs_sources_command: fedpkg sources
+osbs_vendor: Fedora Project
 osbs_nodeselector: ''
+osbs_buildroot_repository: ''
+osbs_buildroot_imagestream: ''
+osbs_insecure_repository: true
+osbs_buildroot_imagestream_live_tag: ''
+
+osbs_prune: false
+osbs_prune_schedule: '0 0 */8 * *'
+osbs_prune_service_account: ''
+osbs_prune_image: ''
+osbs_prune_commands: ["/prune.sh"]
+osbs_serviceaccount_pruner: ''
+
+osbs_odcs_enabled: false
+osbs_odcs_signing_intents: {}
+osbs_odcs_default_signing_intent: null
--- a/roles/osbs-namespace/meta/main.yml
+++ b/roles/osbs-namespace/meta/main.yml
@ -1,7 +1,7 @@
 # Standards: 1.8
 galaxy_info:
  author: Luiz Carvalho
-  description: setup OpenShift namespace for OSBS usage
+  description: Setup OpenShift namespace for OSBS usage
  company: Red Hat, Inc.
  license: BSD
  min_ansible_version: 2.1
--- a/roles/osbs-namespace/operations/README.md
+++ b/roles/osbs-namespace/operations/README.md
@ -0,0 +1,73 @@
+ansible-role-osbs-namespace/operations
+======================================
+
+Collection of common maintenance operations for an OpenShift cluster.
+By default, all tasks in this sub-roles are disabled. Use the control
+booleans to enable the desired operations:
+
+Requirements
+------------
+
+A running instance of OpenShift.
+
+Role Variables
+--------------
+
+
+    # Update docker daemon on each OpenShift node.
+    # It's highly recommended to use `serial: 1` in your playbook.
+    osbs_upgrade_docker: false
+    # Docker version to update to.
+    osbs_docker_version: <default not set>
+
+    # Update OpenShift node labels.
+    osbs_update_node_labels: false
+    # A list of labels to be applied to each OpenShift node.
+    osbs_node_labels: []
+    # A list of all predefined node selector labels
+    osbs_managed_node_labels:
+        - "auto_build=true"
+
+    # Disable a node to make it safe to perform
+    # operations such as restarting docker daemon
+    # or any other risky maintenance
+    osbs_disable_node: true
+    # Then to re-enable node:
+    osbs_enable_node: true
+
+See `operations/defaults/main.yml` for a comprehensive list of all
+available variables.
+
+Dependencies
+------------
+
+None.
+
+Example Playbook
+----------------
+
+    - name: update docker
+      hosts: nodes
+      roles:
+         - role: ansible-role-osbs-namespace/operations
+           osbs_upgrade_docker: true
+           osbs_docker_version: docker-1.12.6-61.git85d7426.el7
+
+    - name: node maintenance
+      hosts: nodes
+      roles:
+          - role: ansible-role-osbs-namespace/operations
+            osbs_disable_node: true
+          - role: my-maintenance-role
+          - role: ansible-role-osbs-namespace/operations
+            osbs_enable_node: true
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+Luiz Carvalho <lui@redhat.com>
--- a/roles/osbs-namespace/operations/defaults/main.yml
+++ b/roles/osbs-namespace/operations/defaults/main.yml
@ -0,0 +1,24 @@
+---
+osbs_kubeconfig_path: /etc/origin/master/admin.kubeconfig
+osbs_environment:
+  KUBECONFIG: "{{ osbs_kubeconfig_path }}"
+
+osbs_disable_node: false
+osbs_enable_node: false
+osbs_upgrade_docker: false
+osbs_update_node_labels: false
+osbs_node_labels: []
+osbs_managed_node_labels:
+- "auto_build=true"
+
+# Retry for about 2 hours
+osbs_wait_active_pods_retries: 240
+osbs_wait_active_pods_delay: 30 # seconds
+
+# Wait for about 5 minutes
+osbs_wait_node_ready_retries: 30
+osbs_wait_node_ready_delay: 10
+
+osbs_buildroot_imagestream_live_tag: ''
+osbs_buildroot_imagestream: ''
+osbs_buildroot_imagestream_post_build_tag: ''
--- a/roles/osbs-namespace/operations/meta/main.yml
+++ b/roles/osbs-namespace/operations/meta/main.yml
@ -0,0 +1,12 @@
+# Standards: 1.8
+galaxy_info:
+  author: Luiz Carvalho
+  description: Collection of common maintenance operations for OpenShift
+  company: Red Hat, Inc.
+  license: BSD
+  min_ansible_version: 2.1
+  platforms:
+    name: EL
+    versions:
+    - 7
+dependencies: []
--- a/roles/osbs-namespace/operations/tasks/disable-node.yml
+++ b/roles/osbs-namespace/operations/tasks/disable-node.yml
@ -0,0 +1,25 @@
+---
+- name: Mark node as unschedulable
+  command: >
+    oadm manage-node {{ inventory_hostname }} --schedulable=false
+
+- name: Evacuate infra pods
+  command: >
+    oadm manage-node {{ inventory_hostname }} --evacuate
+    --pod-selector={{ item }}
+  with_items:
+  - "deploymentconfig=router"
+  - "deploymentconfig=registry-console"
+  - "deploymentconfig=docker-registry"
+
+- name: Wait until no more pods are running in node
+  register: active_pods_result
+  shell: >
+    oadm manage-node {{ inventory_hostname }} --list-pods |
+    grep -v 'READY' | awk '{print $2}' | grep -v '0/'
+  until: active_pods_result.rc == 1
+  failed_when: active_pods_result.rc > 1
+  changed_when: false # read-only command
+  environment: "{{ osbs_environment }}"
+  retries: "{{ osbs_wait_active_pods_retries }}"
+  delay: "{{ osbs_wait_active_pods_delay }}"
--- a/roles/osbs-namespace/operations/tasks/enable-node.yml
+++ b/roles/osbs-namespace/operations/tasks/enable-node.yml
@ -0,0 +1,15 @@
+---
+- name: Mark node as schedulable
+  command: >
+    oadm manage-node {{ inventory_hostname }} --schedulable=true
+
+- name: Wait for node to be Ready
+  register: node_status
+  shell: >
+    oc get node {{ inventory_hostname }} --no-headers=true |
+    awk '{print $2}'
+  until: "'Ready' in node_status.stdout_lines"
+  changed_when: false # read-only command
+  environment: "{{ osbs_environment }}"
+  retries: "{{ osbs_wait_node_ready_retries }}"
+  delay: "{{ osbs_wait_node_ready_delay }}"
--- a/roles/osbs-namespace/operations/tasks/main.yml
+++ b/roles/osbs-namespace/operations/tasks/main.yml
@ -0,0 +1,15 @@
+---
+- include: disable-node.yml
+  when: osbs_disable_node
+
+- include: upgrade-docker.yml
+  when: osbs_upgrade_docker
+
+- include: update-node-selector-labels.yml
+  when: osbs_update_node_labels
+
+- include: tag-buildroot.yml
+  when: osbs_buildroot_imagestream_live_tag != ''
+
+- include: enable-node.yml
+  when: osbs_enable_node
--- a/roles/osbs-namespace/operations/tasks/tag-buildroot.yml
+++ b/roles/osbs-namespace/operations/tasks/tag-buildroot.yml
@ -0,0 +1,9 @@
+---
+# Tag the desired build image with the post build tag (“staged” for stage, “released” for prod)
+- name: tag buildroot imagestream
+  command: >
+    oc tag {{ osbs_buildroot_imagestream }}:{{ osbs_buildroot_imagestream_live_tag }} {{ osbs_buildroot_imagestream }}:{{ osbs_buildroot_imagestream_post_build_tag }}
+  environment: "{{ osbs_environment }}"
+  when: osbs_buildroot_imagestream != '' and osbs_buildroot_imagestream_live_tag != '' and osbs_buildroot_imagestream_post_build_tag != ''
+  tags:
+  - oc
--- a/roles/osbs-namespace/operations/tasks/update-node-selector-labels.yml
+++ b/roles/osbs-namespace/operations/tasks/update-node-selector-labels.yml
@ -0,0 +1,23 @@
+---
+# delete all predefined node selector labels which are not needed anymore
+- name: Remove managed node labels
+  command: >
+    oc label node {{ inventory_hostname }} {{ item | regex_replace('=.+') }}-
+  with_items: "{{ osbs_managed_node_labels | difference(osbs_node_labels) }}"
+  register: delete_label
+  changed_when: ('not found' not in delete_label.stderr)
+  environment: "{{ osbs_environment }}"
+  tags:
+  - oc
+
+# set specified node selector labels
+- name: Apply node labels
+  command: >
+    oc label node {{ inventory_hostname }} {{ item }}
+  with_items: "{{ osbs_node_labels | intersect(osbs_managed_node_labels) }}"
+  register: add_label
+  changed_when: ('labeled' in add_label.stdout)
+  failed_when: (('labeled' not in add_label.stdout) and ('already has a value' not in add_label.stderr))
+  environment: "{{ osbs_environment }}"
+  tags:
+  - oc
--- a/roles/osbs-namespace/operations/tasks/upgrade-docker.yml
+++ b/roles/osbs-namespace/operations/tasks/upgrade-docker.yml
@ -0,0 +1,15 @@
+---
+- include: disable-node.yml
+
+- name: Update docker package
+  yum:
+    name: "{{ osbs_docker_version }}"
+    update_cache: true
+    state: present
+
+- name: Restart docker service
+  systemd:
+    state: restarted
+    name: docker
+
+- include: enable-node.yml
--- a/roles/osbs-namespace/tasks/main.yml
+++ b/roles/osbs-namespace/tasks/main.yml
@ -1,4 +1,13 @@
 ---
+# Query namespace
+- name: query osbs namespace
+  command: oc get project {{ osbs_namespace }}
+  register: namespace_result
+  failed_when: namespace_result.rc != 0 and ('not found' not in namespace_result.stderr)
+  changed_when: false
+  tags:
+  - oc
+
 # Create namespace
 - name: create osbs namespace
  command: oc new-project {{ osbs_namespace }}
@ -6,6 +15,7 @@
  failed_when: new_project.rc != 0 and ('already exists' not in new_project.stderr)
  changed_when: new_project.rc == 0
  environment: "{{ osbs_environment }}"
+  when: "'not found' in namespace_result.stderr"
  tags:
  - oc

@ -32,46 +42,6 @@
  tags:
  - oc

-# Setup policy binding
- name: query policybinding
-  command: oc get policybinding {{ osbs_namespace }}:default --namespace {{ osbs_namespace }}
-  environment: "{{ osbs_environment }}"
-  register: policybinding_query
-  failed_when: policybinding_query.rc != 0 and ('not found' not in policybinding_query.stderr)
-  changed_when: false
-  when: osbs_is_admin
-  tags:
-  - oc
-
- name: create a policybinding
-  command: oc create policybinding {{ osbs_namespace }} --namespace {{ osbs_namespace }}
-  environment: "{{ osbs_environment }}"
-  when: "osbs_is_admin and 'not found' in policybinding_query.stderr"
-  tags:
-  - oc
-
-# Setup role
- name: copy role
-  template:
-    src: role-osbs-custom-build.yml.j2
-    dest: "{{ osbs_openshift_home }}/{{ inventory_hostname }}-{{ osbs_namespace }}-role-osbs-custom-build.yml"
-  environment: "{{ osbs_environment }}"
-  register: yaml_role
-  when: osbs_is_admin
-  tags:
-  - oc
-
- name: import role
-  command: >
-    oc replace
-    --namespace={{ osbs_namespace }}
-    --force=true
-    --filename={{ osbs_openshift_home }}/{{ inventory_hostname }}-{{ osbs_namespace }}-role-osbs-custom-build.yml
-  environment: "{{ osbs_environment }}"
-  when: yaml_role.changed
-  tags:
-  - oc
-
 # Setup role bindings
 - name: copy role bindings
  template:
@ -98,16 +68,12 @@
    groups: "{{ osbs_admin_groups }}"

  - name: osbs-custom-build-readwrite
-    role: osbs-custom-build
-    yaml_version: v1
-    role_namespace: "{{ osbs_namespace }}"
+    role: system:build-strategy-custom
    users: "{{ osbs_readwrite_users }}"
    groups: "{{ osbs_readwrite_groups }}"

  - name: osbs-custom-build-admin
-    role: osbs-custom-build
-    yaml_version: v1
-    role_namespace: "{{ osbs_namespace }}"
+    role: system:build-strategy-custom
    users: "{{ osbs_admin_users }}"
    groups: "{{ osbs_admin_groups }}"

@ -116,8 +82,7 @@
    serviceaccounts: "{{ osbs_service_accounts }}"

  - name: osbs-custom-build-serviceaccounts
-    role: osbs-custom-build
-    role_namespace: "{{ osbs_namespace }}"
+    role: system:build-strategy-custom
    serviceaccounts: "{{ osbs_service_accounts }}"

  register: yaml_rolebindings
@ -133,7 +98,35 @@
    --filename={{ osbs_openshift_home }}/{{ inventory_hostname }}-{{ osbs_namespace }}-rolebinding-{{ item.item.name }}.yml
  environment: "{{ osbs_environment }}"
  with_items: "{{ yaml_rolebindings.results }}"
-  when: item.changed
+  when: yaml_rolebindings.changed and item.changed
+  tags:
+  - oc
+
+- name: copy pruner role binding
+  template:
+    src: "openshift-rolebinding.{{ item.yaml_version | default('v2') }}.yml.j2"
+    dest: "{{ osbs_openshift_home }}/{{ inventory_hostname }}-{{ osbs_namespace }}-rolebinding-{{ item.name }}.yml"
+  with_items:
+
+  - name: osbs-pruner-serviceaccounts
+    role: system:image-pruner
+    type: ClusterRoleBinding
+    serviceaccounts: ["{{ osbs_serviceaccount_pruner }}"]
+
+  register: yaml_rolebindings_pruner
+  when: osbs_is_admin and osbs_serviceaccount_pruner
+  tags:
+  - oc
+
+- name: import pruner role bindings
+  command: >
+    oc replace
+    --namespace={{ osbs_namespace }}
+    --force=true
+    --filename={{ osbs_openshift_home }}/{{ inventory_hostname }}-{{ osbs_namespace }}-rolebinding-{{ item.item.name }}.yml
+  environment: "{{ osbs_environment }}"
+  with_items: "{{ yaml_rolebindings_pruner.results }}"
+  when: yaml_rolebindings_pruner.changed and item.changed
  tags:
  - oc

@ -188,5 +181,25 @@
  tags:
  - oc

- import_tasks: orchestrator.yml
+- name: copy prune cronjob yaml
+  template:
+    src: openshift-prune-cronjob.yml.j2
+    dest: "{{ osbs_openshift_home }}/{{ inventory_hostname }}-{{ osbs_namespace }}-prune-cronjob.yml"
+  register: yaml_cronjob
+  when: osbs_prune
+  tags:
+  - oc
+
+- name: import prune cronjob yaml
+  command: >
+    oc replace
+    --namespace={{ osbs_namespace }}
+    --force=true
+    --filename={{ osbs_openshift_home }}/{{ inventory_hostname }}-{{ osbs_namespace }}-prune-cronjob.yml
+  environment: "{{ osbs_environment }}"
+  when: osbs_prune and yaml_cronjob.changed
+  tags:
+  - oc
+
+- include: orchestrator.yml
  when: osbs_orchestrator
--- a/roles/osbs-namespace/tasks/orchestrator.yml
+++ b/roles/osbs-namespace/tasks/orchestrator.yml
@ -16,3 +16,38 @@
  register: yaml_client_config_secret
  tags:
  - oc
+
+# Setup imagestream
+- name: copy imagestream
+  template:
+    src: osbs-buildroot-imagestream.yml.j2
+    dest: "{{ osbs_openshift_home }}/{{ inventory_hostname }}-{{ osbs_namespace }}-osbs-buildroot-imagestream.yml"
+  environment: "{{ osbs_environment }}"
+  when: osbs_buildroot_repository != '' and osbs_buildroot_imagestream != ''
+  register: yaml_imagestream
+  tags:
+  - oc
+
+- name: create imagestream
+  command: >
+    oc replace
+    --namespace={{ osbs_namespace }}
+    --force=true
+    --filename={{ osbs_openshift_home }}/{{ inventory_hostname }}-{{ osbs_namespace }}-osbs-buildroot-imagestream.yml
+  environment: "{{ osbs_environment }}"
+  when: yaml_imagestream.changed
+  tags:
+  - oc
+
+- name: update imagestream tag
+  command: >
+    oc import-image {{ osbs_buildroot_imagestream }}:{{ osbs_buildroot_imagestream_live_tag }}
+    --from {{ osbs_buildroot_repository }}:{{ osbs_buildroot_imagestream_live_tag }}
+    {{ " --insecure" if osbs_insecure_repository else ''}}
+  environment: "{{ osbs_environment }}"
+  when: osbs_buildroot_repository != '' and osbs_buildroot_imagestream != '' and osbs_buildroot_imagestream_live_tag != ''
+  register: imagestream_tag_updated
+  changed_when: ('The import completed successfully.' in imagestream_tag_updated.stdout)
+  failed_when: ('The import completed successfully.' not in imagestream_tag_updated.stdout)
+  tags:
+  - oc
--- a/roles/osbs-namespace/templates/client-config-secret.conf.j2
+++ b/roles/osbs-namespace/templates/client-config-secret.conf.j2
@ -9,7 +9,9 @@ openshift_url = {{ cluster.openshift_url }}
 token_file = /var/run/secrets/atomic-reactor/{{ cluster.name | replace('_', '-') }}-orchestrator/token
 use_auth = {{ cluster.use_auth | default('true') }}
 verify_ssl = {{ cluster.verify_ssl | default('true') }}
-low_priority_node_selector = {{ cluster.low_priority_node_selector | default('') }}
+{% if cluster.auto_build_node_selector | default('') %}
+auto_build_node_selector = {{ cluster.auto_build_node_selector }}
+{% endif %}

 authoritative_registry = {{ osbs_authoritative_registry }}
 distribution_scope = {{ osbs_distribution_scope }}
@ -51,3 +53,10 @@ sources_command = {{ osbs_sources_command }}
 vendor = {{ osbs_vendor }}
 {% endfor %}
 {% endfor %}
+
+[platform:x86_64]
+architecture = amd64
+enable_v1 = true
+
+[platform:aarch64]
+architecture = arm64
--- a/roles/osbs-namespace/templates/openshift-prune-cronjob.yml.j2
+++ b/roles/osbs-namespace/templates/openshift-prune-cronjob.yml.j2
@ -0,0 +1,18 @@
+apiVersion: batch/v2alpha1
+kind: CronJob
+metadata:
+  name: build-pruner
+spec:
+  schedule: "{{ osbs_prune_schedule }}"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          serviceAccountName: "{{ osbs_prune_serviceaccount }}"
+          containers:
+          - name: build-pruner
+            image: "{{ osbs_prune_image }}"
+
+            {% if osbs_prune_commands %}command: {{ osbs_prune_commands | to_yaml }}{% endif %}
+
+          restartPolicy: Never
--- a/roles/osbs-namespace/templates/openshift-rolebinding.v2.yml.j2
+++ b/roles/osbs-namespace/templates/openshift-rolebinding.v2.yml.j2
@ -1,5 +1,5 @@
 apiVersion: v1
-kind: RoleBinding
+kind: {{ item.type | default("RoleBinding") }}
 metadata:
  name: {{ item.name }}
  namespace: {{ osbs_namespace }}
--- a/roles/osbs-namespace/templates/osbs-buildroot-imagestream.yml.j2
+++ b/roles/osbs-namespace/templates/osbs-buildroot-imagestream.yml.j2
@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ImageStream
+metadata:
+  annotations:
+    openshift.io/image.insecureRepository: "{{ osbs_insecure_repository }}"
+  name: {{ osbs_buildroot_imagestream }}
+  namespace: {{ osbs_namespace }}
+spec:
+  dockerImageRepository: {{ osbs_buildroot_repository }}
--- a/roles/osbs-namespace/templates/reactor-config-secret.yml.j2
+++ b/roles/osbs-namespace/templates/reactor-config-secret.yml.j2
@ -11,3 +11,10 @@ clusters:

 {% endfor %}
 {% endfor %}
+
+{% if osbs_odcs_enabled %}
+odcs:
+    signing_intents:
+    {{ osbs_odcs_signing_intents | to_yaml | indent(4) }}
+    default_signing_intent: {{ osbs_odcs_default_signing_intent }}
+{% endif %}
--- a/roles/osbs-namespace/tests/files/expected-client-config-secret.conf
+++ b/roles/osbs-namespace/tests/files/expected-client-config-secret.conf
@ -3,13 +3,12 @@ build_json_dir = /usr/share/osbs

 [minimum]
 namespace = worker
-openshift_url = https://minimum-worker.test.redhat.com
+openshift_url = https://minimum-worker.test.fedoraproject.org
 token_file = /var/run/secrets/atomic-reactor/minimum-orchestrator/token
 use_auth = true
 verify_ssl = false
-artifacts_allowed_domains = 

-authoritative_registry = registry.access.redhat.com
+authoritative_registry = registry.fedoraproject.org
 distribution_scope = public

 # Koji integration
@ -22,17 +21,17 @@ pulp_secret = pulpsecret
 registry_api_versions = v1,v2
 registry_secret = v2-registry-dockercfg

-sources_command = rhpkg sources
-vendor = Red Hat, Inc.
+sources_command = fedpkg sources
+vendor = Fedora Project
 [all_values]
 namespace = spam
-openshift_url = https://all_values-worker.test.redhat.com
+openshift_url = https://all_values-worker.test.fedoraproject.org
 token_file = /var/run/secrets/atomic-reactor/all-values-orchestrator/token
 use_auth = false
 verify_ssl = false
-artifacts_allowed_domains = allowed.domain.com,also-allowed.domain.com
+auto_build_node_selector = auto_build=true

-authoritative_registry = registry.access.redhat.com
+authoritative_registry = registry.fedoraproject.org
 distribution_scope = public

 # Koji integration
@ -45,5 +44,12 @@ pulp_secret = pulpsecret
 registry_api_versions = v1,v2
 registry_secret = v2-registry-dockercfg

-sources_command = rhpkg sources
-vendor = Red Hat, Inc.
+sources_command = fedpkg sources
+vendor = Fedora Project
+
+[platform:x86_64]
+architecture = amd64
+enable_v1 = true
+
+[platform:aarch64]
+architecture = arm64
--- a/roles/osbs-namespace/tests/group_vars/masters.yml
+++ b/roles/osbs-namespace/tests/group_vars/masters.yml
@ -3,15 +3,16 @@ osbs_worker_clusters:
  x86_64:
  - name: 'minimum'
    max_concurrent_builds: 1
-    openshift_url: 'https://minimum-worker.test.redhat.com'
+    openshift_url: 'https://minimum-worker.test.fedoraproject.org'
    verify_ssl: 'false'

  - name: 'all_values'
    namespace: 'spam'
    max_concurrent_builds: 99
-    openshift_url: 'https://all_values-worker.test.redhat.com'
+    openshift_url: 'https://all_values-worker.test.fedoraproject.org'
    verify_ssl: 'false'
    use_auth: 'false'
    artifacts_allowed_domains:
    - allowed.domain.com
    - also-allowed.domain.com
+    auto_build_node_selector: 'auto_build=true'
--- a/roles/osbs-namespace/tests/test.yml
+++ b/roles/osbs-namespace/tests/test.yml
@ -17,8 +17,7 @@
  - name: bring up new cluster
    command: >
      oc cluster up
-      --version v3.4.1.10
-      --image registry.access.redhat.com/openshift3/ose
+      --version v3.6.0
    register: cmd_cluster_up
    changed_when: cmd_cluster_up.rc == 0

@ -170,14 +169,14 @@
    command: >
      oc -n test-non-admin get role osbs-custom-build
    register: cmd_role
-    failed_when: "'No resources found' not in cmd_role.stderr"
+    failed_when: ('No resources found' not in cmd_role.stderr) and ('NotFound' not in cmd_role.stderr)
    changed_when: false

  - name: custom rolebindings NOT created in non-admin namespace
    command: >
      oc -n test-non-admin get rolebinding {{ item }}
    register: cmd_rolebinding
-    failed_when: "'No resources found' not in cmd_rolebinding.stderr"
+    failed_when: ('No resources found' not in cmd_rolebinding.stderr) and ('NotFound' not in cmd_rolebinding.stderr)
    with_items:
    - osbs-admin
    - osbs-admin
@ -227,7 +226,7 @@
    command: >
      oc -n test-limitrange get limitrange cpureq
    register: cmd_limitrange
-    failed_when: "'No resources found' not in cmd_limitrange.stderr"
+    failed_when: ('No resources found' not in cmd_limitrange.stderr) and ('NotFound' not in cmd_limitrange.stderr)
    changed_when: false

 - name: setup policybinding dedicated-admin namespace