Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ansible: Define "image-download" job secret #594

Merged
merged 1 commit into from
Mar 11, 2024
Merged

ansible: Define "image-download" job secret #594

merged 1 commit into from
Mar 11, 2024

Conversation

martinpitt
Copy link
Member

@martinpitt martinpitt commented Mar 11, 2024
edited
Loading

Tests will need that to download private (RHEL) images from the stores.

For now this is the same directory as the upload secret, but at some point we should split them.

This goes along with cockpit-project/bots#6062

I added the secret splitting to the pilot board as enhancement, so that we don't forget.

I did not roll this out yet, will do after review.

@martinpitt
ansible: Define "image-download" job secret
2ec72ff 
Tests will need that to download private (RHEL) images from the stores.

For now this is the same directory as the upload secret, but at some
point we should split them.
martinpitt added a commit to cockpit-project/bots that referenced this pull request Mar 11, 2024
@martinpitt
tests-scan: Add "image-download" secret
a07a0bb 
So that job containers can download private images (RHEL). This secret
gets defined in cockpit-project/cockpituous#594
@martinpitt martinpitt mentioned this pull request Mar 11, 2024
Merged
jelly
jelly approved these changes Mar 11, 2024
View reviewed changes
ansible/roles/tasks-systemd/tasks/main.yml
image-upload=[
'--volume=/var/lib/cockpit-secrets/tasks/s3-keys/:/run/secrets/s3-keys:ro',
'--env=COCKPIT_S3_KEY_DIR=/run/secrets/s3-keys',
]
image-download=[
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

At first I was a bit confused, as alternative we could have s3-bucket-token. But this might be a bit too much of a bikeshed :)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The point is that we eventually want to have different tokens for reading (enough for tests) and writing (for image refreshes). So we should name them by purpose. Also, S3 is an implementation detail at this point.

@martinpitt martinpitt merged commit 1b56efe into main Mar 11, 2024
3 checks passed
@martinpitt martinpitt deleted the image-download-secret branch March 11, 2024 09:16
martinpitt added a commit to cockpit-project/bots that referenced this pull request Mar 11, 2024
@martinpitt
tests-scan: Add "image-download" secret
c2e7516 
So that job containers can download private images (RHEL). This secret
gets defined in cockpit-project/cockpituous#594
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jelly jelly jelly approved these changes

@allisonkarlitskaya allisonkarlitskaya Awaiting requested review from allisonkarlitskaya

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@martinpitt @jelly