From 2e8857c681ed8a33342eb088b4b14ec0fbb31a63 Mon Sep 17 00:00:00 2001 From: Francois Andrieu Date: Nov 12 2020 21:29:57 +0000 Subject: [PATCH 1/2] docstranslation: git ssh key moved to /srv/private on batcave --- diff --git a/playbooks/openshift-apps/docstranslation.yml b/playbooks/openshift-apps/docstranslation.yml index 04777eb..c690436 100644 --- a/playbooks/openshift-apps/docstranslation.yml +++ b/playbooks/openshift-apps/docstranslation.yml @@ -4,6 +4,7 @@ gather_facts: False vars: app: docstranslation + ssh_key_path: "{{ private }}/files/id_rsa_docstrans_{{ env_short }}" vars_files: - /srv/web/infra/ansible/vars/global.yml - "/srv/private/ansible/vars.yml" @@ -23,18 +24,14 @@ tags: - apply-appowners - - name: Generate ssh keypair, if none exist + - name: Generate new ssh keypair, if none exist openssh_keypair: - path: "/etc/openshift_apps/{{ app }}/id_rsa_docs_trans" + path: "{{ ssh_key_path }}" mode: "600" type: rsa size: 4096 register: r_ssh_key - - - name: Retrieve ssh priv key - slurp: - path: r_ssh_key.filename - register: r_docs_priv_key + delegate_to: localhost - name: Define imagestream include_role: @@ -47,7 +44,7 @@ name: openshift/object vars: objectname: buildconfig.yml - file: buildconfig.yml + template: buildconfig.yml - name: Start build include_role: @@ -68,7 +65,7 @@ include_role: name: openshift/object vars: - file: cron.yml + template: cron.yml objectname: cron.yml tags: - deploy-cronjob @@ -88,6 +85,6 @@ - delete post_tasks: - - name: Display git ssh key for adding in pagure + - name: "Display git ssh key for adding in pagure" debug: - msg: "{{ r_ssh_key.public_key }}" + msg: "{{ env }}: {{ r_ssh_key.public_key }}" diff --git a/roles/openshift-apps/docstranslation/files/buildconfig.yml b/roles/openshift-apps/docstranslation/files/buildconfig.yml deleted file mode 100644 index 1d9bca3..0000000 --- a/roles/openshift-apps/docstranslation/files/buildconfig.yml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: BuildConfig -metadata: - labels: - build: docstranslation-build - name: docstranslation-build -spec: - successfulBuildsHistoryLimit: 2 - failedBuildsHistoryLimit: 1 - runPolicy: Serial - source: - git: - uri: "https://pagure.io/fedora-docs/translations-scripts.git" - ref: master - strategy: - type: Docker - output: - to: - kind: ImageStreamTag - name: builder:latest - diff --git a/roles/openshift-apps/docstranslation/files/cron.yml b/roles/openshift-apps/docstranslation/files/cron.yml deleted file mode 100644 index b560439..0000000 --- a/roles/openshift-apps/docstranslation/files/cron.yml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: batch/v1beta1 -kind: CronJob -metadata: - name: cron -spec: - concurrencyPolicy: Forbid - schedule: "0 21 * * *" - jobTemplate: - spec: - template: - metadata: - labels: - parent: "cronjobtranslate" - spec: - containers: - - name: translate - image: docker-registry.default.svc:5000/docstranslation/builder:latest - command: - - /workspace/build.py - - "--clone_sources" - - "true" - - "--commit_l10n" - - "true" - - "--commit_tsources" - - "true" - - "--clone-po4a" - env: [] - volumeMounts: - - name: ssh-config-volume - mountPath: /workspace/.ssh - readOnly: true - restartPolicy: Never - startingDeadlineSeconds: 600 - volumes: - - name: ssh-config-volume - secret: - secretName: ssh-config diff --git a/roles/openshift-apps/docstranslation/templates/buildconfig.yml b/roles/openshift-apps/docstranslation/templates/buildconfig.yml new file mode 100644 index 0000000..2e7aecc --- /dev/null +++ b/roles/openshift-apps/docstranslation/templates/buildconfig.yml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: BuildConfig +metadata: + labels: + build: docstranslation-build + name: docstranslation-build +spec: + successfulBuildsHistoryLimit: 2 + failedBuildsHistoryLimit: 1 + runPolicy: Serial + source: + git: + uri: "https://pagure.io/fedora-docs/translations-scripts.git" +{% if env == 'staging' %} + ref: staging +{% else %} + ref: master +{% endif %} + strategy: + type: Docker + output: + to: + kind: ImageStreamTag + name: builder:latest + diff --git a/roles/openshift-apps/docstranslation/templates/cron.yml b/roles/openshift-apps/docstranslation/templates/cron.yml new file mode 100644 index 0000000..62bc541 --- /dev/null +++ b/roles/openshift-apps/docstranslation/templates/cron.yml @@ -0,0 +1,39 @@ +apiVersion: batch/v1beta1 +kind: CronJob +metadata: + name: cron +spec: + concurrencyPolicy: Forbid + schedule: "0 21 * * *" + jobTemplate: + spec: + template: + metadata: + labels: + parent: "cronjobtranslate" + spec: + containers: + - name: translate + image: docker-registry.default.svc:5000/docstranslation/builder:latest + command: + - /workspace/build.py + - "--clone_sources" + - "true" +{# Both environment get commit disabled for safety reasons for now + TODO: Set these to true on production when old app is removed from sundries #} + - "--commit_l10n" + - "{% if env == 'staging' %}false{% else %}false{% endif %}" + - "--commit_tsources" + - "{% if env == 'staging' %}false{% else %}false{% endif %}" + - "--clone-po4a" + env: [] + volumeMounts: + - name: ssh-config-volume + mountPath: /workspace/.ssh + readOnly: true + restartPolicy: Never + startingDeadlineSeconds: 600 + volumes: + - name: ssh-config-volume + secret: + secretName: ssh-config diff --git a/roles/openshift-apps/docstranslation/templates/secrets.yml b/roles/openshift-apps/docstranslation/templates/secrets.yml index 48a8cc8..6b5a399 100644 --- a/roles/openshift-apps/docstranslation/templates/secrets.yml +++ b/roles/openshift-apps/docstranslation/templates/secrets.yml @@ -7,9 +7,9 @@ metadata: app: docstranslation stringData: id_rsa_docs_trans: |- - {{ r_docs_priv_key.content | b64decode | indent(4) }} + {{ lookup('file', ssh_key_path) | indent(4) }} config: |- - Host pagure.io - User git - IdentityFile /workspace/.ssh/id_rsa_docs_trans - StrictHostKeyChecking no + Host pagure.io + User git + IdentityFile /workspace/.ssh/id_rsa_docs_trans + StrictHostKeyChecking no From d6678d05fcfefdcd9095c22df05c5748877a256b Mon Sep 17 00:00:00 2001 From: Francois Andrieu Date: Nov 12 2020 21:29:57 +0000 Subject: [PATCH 2/2] docstranslation: drop ssh key generation --- diff --git a/playbooks/openshift-apps/docstranslation.yml b/playbooks/openshift-apps/docstranslation.yml index c690436..f5ac5ae 100644 --- a/playbooks/openshift-apps/docstranslation.yml +++ b/playbooks/openshift-apps/docstranslation.yml @@ -4,7 +4,7 @@ gather_facts: False vars: app: docstranslation - ssh_key_path: "{{ private }}/files/id_rsa_docstrans_{{ env_short }}" + ssh_key_path: "{{ private }}/files/docstranslation/id_rsa_docstrans_{{ env_short }}" vars_files: - /srv/web/infra/ansible/vars/global.yml - "/srv/private/ansible/vars.yml" @@ -24,15 +24,6 @@ tags: - apply-appowners - - name: Generate new ssh keypair, if none exist - openssh_keypair: - path: "{{ ssh_key_path }}" - mode: "600" - type: rsa - size: 4096 - register: r_ssh_key - delegate_to: localhost - - name: Define imagestream include_role: name: openshift/imagestream @@ -83,8 +74,3 @@ tags: - never - delete - - post_tasks: - - name: "Display git ssh key for adding in pagure" - debug: - msg: "{{ env }}: {{ r_ssh_key.public_key }}"