websites: use f34 for build & nss_wrapper for git+ssh

2021-12-07 00:38:41 +01:00 · 2021-12-07 00:38:41 +01:00 · fb3363e9a6
commit fb3363e9a6
parent 9fddbf3f3a
5 changed files with 41 additions and 16 deletions
--- a/roles/openshift-apps/websites/templates/buildconfig.yml
+++ b/roles/openshift-apps/websites/templates/buildconfig.yml
@ -7,9 +7,10 @@ metadata:
 spec:
  source:
    dockerfile: |-
-      FROM fedora:latest
+      FROM fedora:34
      RUN dnf -y install \
        git \
+        nss_wrapper \
        python-unversioned-command \
        python3-flask \
        python3-frozen-flask \
--- a/roles/openshift-apps/websites/templates/cm-updatepot.yml
+++ b/roles/openshift-apps/websites/templates/cm-updatepot.yml
@ -0,0 +1,9 @@
+{% macro load_file(filename) %}{% include filename %}{%- endmacro -%}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: updatepot-scripts
+data:
+  updatepot.sh: |-
+    {{ load_file('updatepot.sh') | indent() }}
--- a/roles/openshift-apps/websites/templates/cron-updatepot.yml
+++ b/roles/openshift-apps/websites/templates/cron-updatepot.yml
@ -20,20 +20,9 @@ spec:
          containers:
          - name: pushpot
            image: docker-registry.default.svc:5000/websites/builder:latest
-            command: ["/bin/bash", "-c"]
-            args: 
-            - |
-              cd /tmp
-              git clone https://pagure.io/fedora-web/websites.git
-              cd websites
-              
-              for i in getfedora.org; do
-                pushd sites/$i/scripts
-                ./translations-source.sh
-                [ -f $i.pot ] && ./push-pot.sh
-                popd
-              done
-            env: []
+            command: 
+            - /bin/bash
+            - /scripts/updatepot.sh
            volumeMounts: 
            - mountPath: /.gitconfig
              name: gitconfig
@ -42,6 +31,8 @@ spec:
            - name: sshconfig
              mountPath: /.ssh
              readOnly: true
+            - name: scripts
+              mountPath: /scripts
          restartPolicy: Never
          startingDeadlineSeconds: 600
          volumes: 
@ -51,3 +42,6 @@ spec:
          - name: gitconfig
            configMap:
              name: gitconfig
+          - name: scripts
+            configMap:
+              name: updatepot-scripts
--- a/roles/openshift-apps/websites/templates/sshconfig.yml
+++ b/roles/openshift-apps/websites/templates/sshconfig.yml
@ -6,7 +6,7 @@ metadata:
  labels:
    app: websites
 stringData:
-  id_rsa_web_trans: |-
+  id_rsa_web_trans: |
    {{ lookup('file', ssh_key_path) | indent(4) }}
  config: |-
    Host pagure.io
--- a/roles/openshift-apps/websites/templates/updatepot.sh
+++ b/roles/openshift-apps/websites/templates/updatepot.sh
@ -0,0 +1,21 @@
+#!/bin/bash
+
+# Add OCP user to passwd
+USER_ID=$(id -u)
+grep -Ev ":x:${USER_ID}:" /etc/passwd > /tmp/passwd
+echo "ocpuser:x:${USER_ID}:0:ocp user:/:/sbin/nologin" >> /tmp/passwd
+export LD_PRELOAD=/usr/lib64/libnss_wrapper.so
+export NSS_WRAPPER_PASSWD=/tmp/passwd
+export NSS_WRAPPER_GROUP=/etc/group
+
+
+cd /tmp
+git clone https://pagure.io/fedora-web/websites.git
+cd websites
+
+for i in getfedora.org; do
+  pushd sites/$i/scripts
+  ./translations-source.sh
+  [ -f $i.pot ] && ./push-pot.sh
+  popd
+done