| |
@@ -0,0 +1,77 @@
|
| |
+ - name: make the app be real
|
| |
+ hosts: os_control_stg
|
| |
+ user: root
|
| |
+ gather_facts: False
|
| |
+
|
| |
+ vars_files:
|
| |
+ - /srv/web/infra/ansible/vars/global.yml
|
| |
+ - "/srv/private/ansible/vars.yml"
|
| |
+ - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
| |
+
|
| |
+ roles:
|
| |
+ - role: rabbit/queue
|
| |
+ username: "cloud-image-uploader"
|
| |
+ queue_name: "cloud-image-uploader"
|
| |
+ routing_keys:
|
| |
+ - "org.fedoraproject.{{ env }}.buildsys.build.state.change"
|
| |
+ thresholds:
|
| |
+ warning: 10
|
| |
+ critical: 50
|
| |
+
|
| |
+ - role: openshift/project
|
| |
+ app: cloud-image-uploader
|
| |
+ description: AMQP consumer that uploads Cloud images to cloud providers
|
| |
+ appowners:
|
| |
+ - jcline
|
| |
+
|
| |
+ - role: openshift/object
|
| |
+ app: cloud-image-uploader
|
| |
+ file: imagestream.yml
|
| |
+ objectname: imagestream.yml
|
| |
+
|
| |
+ - role: openshift/object
|
| |
+ app: cloud-image-uploader
|
| |
+ template: buildconfig.yml
|
| |
+ objectname: buildconfig.yml
|
| |
+
|
| |
+ - role: openshift/object
|
| |
+ app: cloud-image-uploader
|
| |
+ template: configmap.yml
|
| |
+ objectname: configmap.yml
|
| |
+
|
| |
+ - role: openshift/secret-file
|
| |
+ app: cloud-image-uploader
|
| |
+ secret_name: cloud-image-uploader-fedora-messaging-key
|
| |
+ key: cloud-image-uploader.key
|
| |
+ privatefile: "rabbitmq/{{env}}/pki/private/cloud-image-uploader{{env_suffix}}.key"
|
| |
+
|
| |
+ - role: openshift/secret-file
|
| |
+ app: cloud-image-uploader
|
| |
+ secret_name: cloud-image-uploader-fedora-messaging-crt
|
| |
+ key: cloud-image-uploader.crt
|
| |
+ privatefile: "rabbitmq/{{env}}/pki/issued/cloud-image-uploader{{env_suffix}}.crt"
|
| |
+
|
| |
+ - role: openshift/secret-file
|
| |
+ app: cloud-image-uploader
|
| |
+ secret_name: cloud-image-uploader-fedora-messaging-ca
|
| |
+ key: cloud-image-uploader.ca
|
| |
+ privatefile: "rabbitmq/{{env}}/pki/ca.crt"
|
| |
+
|
| |
+ - role: openshift/object
|
| |
+ app: cloud-image-uploader
|
| |
+ template: secret.yml
|
| |
+ objectname: secret.yml
|
| |
+
|
| |
+ - role: openshift/start-build
|
| |
+ app: cloud-image-uploader
|
| |
+ buildname: cloud-image-uploader-build
|
| |
+ objectname: cloud-image-uploader-build
|
| |
+
|
| |
+ - role: openshift/object
|
| |
+ app: cloud-image-uploader
|
| |
+ file: deployment.yml
|
| |
+ objectname: deployment.yml
|
| |
+
|
| |
+ - role: openshift/rollout
|
| |
+ app: cloud-image-uploader
|
| |
+ dcname: cloud-image-uploader
|
| |
This app is an AQMP client that uploads VM images to public clouds. It
currently supports Azure images.
Ref: https://pagure.io/fedora-infrastructure/issue/11860
This assumes that a client cert has been set up for the fedora-messaging consumer, as well as the presence of the following ansible secrets:
stg_azure_secret
stg_azure_client_id
stg_azure_tenant_id
prod_azure_secret
prod_azure_client_id
prod_azure_tenant_id
azure_subscription_id
I need to do a little research to figure out the minimal permission set required before I can generate the Azure secrets, but I figured I'd go ahead and open this up.