6 files changed, 72 insertions, 9 deletions

diff --git a/ick-cluster.yml b/ick-cluster.yml
index e94d639..499cf6e 100644
--- a/ick-cluster.yml
+++ b/ick-cluster.yml
@@ -11,6 +11,10 @@
     - ick-artifact-store
     - ick-notifier
     - muck
+  tasks:
+    - shell: |
+        sed -i 's/self._verify = None/self._verify = False/' /usr/lib/python3/dist-packages/ick2/client.py
+        sed -i 's/self._verify = verify/self._verify = False/' /usr/lib/python3/dist-packages/ick2/client.py
   vars:
     sane_debian_system_version: 1
     sane_debian_system_codename: buster
diff --git a/ick-workers.yml b/ick-workers.yml
index 737cc9f..00a4153 100644
--- a/ick-workers.yml
+++ b/ick-workers.yml
@@ -6,6 +6,9 @@
     - comfortable
     - unix_users
     - ick-worker
+  tasks:
+    - shell: |
+        sed -i "s/'uapi_logs_id_get',/'uapi_logs_id_get','create','update','show','delete',/" /usr/bin/worker_manager
   vars:
     sane_debian_system_version: 1
     sane_debian_system_codename: buster
diff --git a/liw.yml b/liw.yml
index b96c187..7a82209 100644
--- a/liw.yml
+++ b/liw.yml
@@ -58,15 +58,8 @@ qvisqve_liw_salt: "{{ lookup('pipe', 'pass show ick2/liw_salt') }}"
 qvisqve_controller_secret: "{{ lookup('pipe', 'pass show ick2/controller_secret') }}"
 qvisqve_controller_hash: "{{ lookup('pipe', 'pass show ick2/controller_hash') }}"
 qvisqve_controller_salt: "{{ lookup('pipe', 'pass show ick2/controller_salt') }}"
-qvisqve_worker1_hash: "{{ lookup('pipe', 'pass show ick2/worker1_hash') }}"
-qvisqve_worker1_salt: "{{ lookup('pipe', 'pass show ick2/worker1_salt') }}"
-qvisqve_worker2_hash: "{{ lookup('pipe', 'pass show ick2/worker1_hash') }}"
-qvisqve_worker2_salt: "{{ lookup('pipe', 'pass show ick2/worker1_salt') }}"
-qvisqve_worker3_hash: "{{ lookup('pipe', 'pass show ick2/worker1_hash') }}"
-qvisqve_worker3_salt: "{{ lookup('pipe', 'pass show ick2/worker1_salt') }}"
-qvisqve_worker4_hash: "{{ lookup('pipe', 'pass show ick2/worker1_hash') }}"
-qvisqve_worker4_salt: "{{ lookup('pipe', 'pass show ick2/worker1_salt') }}"
-
+qvisqve_worker_hash: "{{ lookup('pipe', 'pass show ick2/worker1_hash') }}"
+qvisqve_worker_salt: "{{ lookup('pipe', 'pass show ick2/worker1_salt') }}"
 
 # I like to have an addition "dist" in the APT repository, liwdev, so
 # I can have ick build from a liw/dev branch, in addition to master,
diff --git a/roles/qvisqve/tasks/main.yml b/roles/qvisqve/tasks/main.yml
index 9ef636a..1634b69 100644
--- a/roles/qvisqve/tasks/main.yml
+++ b/roles/qvisqve/tasks/main.yml
@@ -70,6 +70,16 @@
     owner: _qvisqve
     group: _qvisqve
 
+- name: "install Ick worker clients"
+  template:
+    src: worker.j2
+    dest: "/var/lib/qvisqve/client/{{ item }}"
+    mode: 0600
+    owner: _qvisqve
+    group: _qvisqve
+  with_items:
+    - worker1
+
 - name: "enable and restart Qvisqve services"
   service:
     name: "{{ item }}"
diff --git a/roles/qvisqve/templates/worker.j2 b/roles/qvisqve/templates/worker.j2
new file mode 100644
index 0000000..6a0c050
--- /dev/null
+++ b/roles/qvisqve/templates/worker.j2
@@ -0,0 +1,26 @@
+# secret: /{{ worker_secret }}/
+allowed_scopes:
+- uapi_version_get
+- uapi_workers_post
+- uapi_work_get
+- uapi_work_post
+- uapi_blobs_id_put
+- uapi_blobs_id_get
+- uapi_notify_post
+- uapi_builds_id_get
+- uapi_logs_id_get
+- uapi_version_get
+- uapi_projects_get
+- create
+- update
+- show
+- delete
+hashed_secret:
+    N: 16384
+    hash: {{ qvisqve_worker_hash }}
+    key_len: 128
+    p: 1
+    r: 8
+    salt: {{ qvisqve_worker_salt }}
+    version: 1
+id: {{ item }}
diff --git a/toy.ick b/toy.ick
new file mode 100644
index 0000000..34500f6
--- /dev/null
+++ b/toy.ick
@@ -0,0 +1,27 @@
+projects:
+
+- project: systree
+  parameters:
+    debian_codename: buster
+    packages:
+      - apt-transport-https
+      - jq
+      - python3
+    artifact_name: systree
+  pipelines:
+    - ick/build_debian_systree
+
+- project: hello
+  parameters:
+    systree_name: systree
+    notify: []
+  pipelines: &deb_ci_pipelines
+    - hello
+
+pipelines:
+
+- pipeline: hello
+  actions:
+    - where: container
+      shell: |
+        echo hello, world