Name: ansible-role-osbs-namespace
Owner: Project Atomic
Description: null
Created: 2017-10-02 11:34:03.0
Updated: 2018-05-02 13:45:39.0
Pushed: 2018-05-02 13:47:11.0
Homepage: null
Size: 60
Language: Python
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
Setup an OpenShift namespace as required by OSBS:
osbs_namespace
)osbs_service_accounts
)If user is cluster admin (osbs_is_admin
), the following is also performed:
For orchestrator namespaces (osbs_orchestrator
):
osbs_generated_config_path
use osbs-secret to import itosbs_generated_config_path
use osbs-secret to import itA running instance of OpenShift.
# Namespace name to be used
osbs_namespace: 'my-namespace'
# Is user running playbook as cluster admin?
osbs_is_admin: true
# Will the namespace be used for orchestrator builds?
osbs_orchestrator: true
# Worker clusters to be used for generating reactor and client config secrets
# in orchestrator workspace
osbs_worker_clusters:
x86_64:
- name: prod-first-x86_64
max_concurrent_builds: 6
openshift_url: https://my-first-x86_64-cluster.fedoraproject.org:8443
- name: prod-second-x86_64
max_concurrent_builds: 16
openshift_url: https://my-second-x86_64-cluster.fedoraproject.org
# optional params, and their defaults:
enabled: true # yaml boolean
namespace: worker
use_auth: 'true' # yaml string
verify_ssl: 'true' # yaml string
ppc64le:
- name: prod-ppc64le
max_concurrent_builds: 6
openshift_url: https://my-ppc64le-cluster.fedoraproject.org:8443
# Reactor config maps to be created in orchestrator namespace
osbs_reactor_config_maps:
- name: reactor-config-map
# See config.json schema in atomic-reactor project for details:
# https://github.com/projectatomic/atomic-reactor/blob/master/atomic_reactor/schemas/config.json
data:
clusters:
x86_64:
- enabled: true
max_concurrent_builds: 10
name: x86_64-on-premise
version: 1
# Service accounts to be created - these accounts will also be bound to
# edit clusterrole and osbs-custom-build role in specified namespace
osbs_service_accounts:
- bot
- ci
# Users and groups to be assigned view clusterrole in specified namespace
osbs_readonly_groups:
- group1
- group2
osbs_readonly_users:
- user1
- user2
# Users and groups to be assigned edit clusterrole and osbs-custom-build
# role in specified namespace
osbs_readwrite_groups:
- group1
- group2
osbs_readwrite_users:
- user1
- user2
# Users and groups to be assigned admin clusterrole and osbs-custom-build
# role in specified namespace
osbs_admin_groups:
- group1
- group2
osbs_admin_users:
- user1
- user2
# Users and groups to be assigned cluster-reader clusterrole cluster wide
osbs_cluster_reader_groups:
- group1
- group2
osbs_cluster_reader_users:
- user1
- user2
# Koji integration
osbs_koji_secret_name: kojisecret
osbs_koji_hub: https://koji.fedoraproject.org # Empty default value
osbs_koji_root: https://koji.fedoraproject.org/kojihub # Empty default value
# Pulp integration
osbs_pulp_secret_name: pulpsecret
osbs_pulp_registry_name: brew-qa # Empty default value
# Distribution registry integration
osbs_registry_secret_name: v2-registry-dockercfg
osbs_registry_api_version:
- v1
- v2
osbs_registry_uri: https://distribution.registry.fedoraproject.org/v2 # Empty default value
# Dist-git integration
osbs_sources_command: fedpkg sources
osbs_source_registry_uri: https://source.registry.fedoraproject.org # Empty default value
# Pruning
osbs_prune: false
osbs_prune_schedule: '0 0 */8 * *'
osbs_prune_secret: ''
osbs_prune_image: ''
osbs_prune_commands: ["/prune.sh"]
For a full list, see defaults/main.yml
None.
- name: setup worker namespace
hosts: master
roles:
- role: osbs-namespace
osbs_namespace: worker
- name: setup orchestrator namespace
hosts: master
roles:
- role: osbs-namespace
osbs_namespace: orchestrator
osbs_orchestrator: true
BSD
Luiz Carvalho lui@redhat.com