From 20c4d80ed32f39df551d130a9c4964be49277ab2 Mon Sep 17 00:00:00 2001 From: Seth Vidal Date: Fri, 3 May 2013 17:33:50 +0000 Subject: [PATCH] - move to task-based includes for builder tasks --- playbooks/koji/config_builder.yml | 197 ----------------------------- playbooks/koji/make_builder.yml | 13 +- tasks/koji/base_builder.yml | 145 +++++++++++++++++++++ tasks/{ => koji}/bkernel-setup.yml | 0 4 files changed, 154 insertions(+), 201 deletions(-) delete mode 100644 playbooks/koji/config_builder.yml create mode 100644 tasks/koji/base_builder.yml rename tasks/{ => koji}/bkernel-setup.yml (100%) diff --git a/playbooks/koji/config_builder.yml b/playbooks/koji/config_builder.yml deleted file mode 100644 index aea96b6079..0000000000 --- a/playbooks/koji/config_builder.yml +++ /dev/null @@ -1,197 +0,0 @@ -- hosts: - - builders - user: root - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - ${private}/vars.yml - - ${vars}/${ansible_distribution}.yml - - - tasks: - - name: enforce certain packages previously assumed from kickstarts - action: yum name=$item state=installed - with_items: - - postfix - - joe - - perl - - - name: set root passwd - action: user name=root password=$builder_rootpw state=present - - - name: add mock user as 425 - action: user name=mock uid=425 state=present home=/var/lib/mock createhome=yes system=yes - - - name: make mock homedir perms - action: file state=directory path=/var/lib/mock mode=2775 owner=root group=mock - - - name: add mock ssh dir - action: file state=directory path=/var/lib/mock/.ssh mode=700 owner=mock group=mock - - - name: add mock ssh keys - action: copy src=$files/kojibuilder/mock_auth_keys dest=/var/lib/mock/.ssh/authorized_keys mode=640 owner=mock group=mock - - - name: add kojibuilder - action: user name=kojibuilder groups=mock - - - name: add mockbuilder - action: user name=mockbuilder groups=mock - - - name: mockbuilder .ssh dir - action: file state=directory path=/home/mockbuilder/.ssh mode=700 owner=mockbuilder group=mockbuilder - - - name: mockbuilder ssh key - action: copy src=$files/kojibuilder/ftbfs_auth_keys dest=/home/mockbuilder/.ssh/authorized_keys mode=644 owner=mockbuilder group=mockbuilder - - - name: iptables - action: copy src=$files/iptables/kojibuilder dest=/etc/sysconfig/iptables mode=600 - notify: - - restart iptables - - - name: sshd_config - action: copy src=$files/ssh/sshd_config.kojibuilder dest=/etc/ssh/sshd_config mode=600 - notify: - - restart sshd - - - name: /etc/resolv.conf - action: copy src=$files/resolv.conf/kojibuilder dest=/etc/resolv.conf - - - name: add to hosts - action: copy src=$files/hosts/kojibuilder-hosts dest=/etc/hosts - - - name: rsyslog.conf - action: copy src=$files/rsyslog/rsyslog.conf.kojibuilder dest=/etc/rsyslog.conf mode=644 - notify: - - restart rsyslog - - - name: /etc/postfix/main.cf - action: copy src=$files/postfix/main.cf.kojibuilder dest=/etc/postfix/main.cf - notify: - - restart postfix - - - name: make a bunch of dirs - action: file state=directory path=$item - with_items: - - /pub - - /mnt/koji - - /pub/fedora - - /pub/epel - - /var/spool/rsyslog - - - name: add builder infra yum repo - action: copy src=$files/kojibuilder/builder-infrastructure.repo dest=/etc/yum.repos.d/builder-infrastructure.repo - - - name: clean up packages we do not need - action: yum state=removed pkg=$item - with_items: - - audit - - 'cronie\*' - - - name: add pkgs - action: yum state=installed pkg=$item - with_items: - - yum-utils - - koji-builder - - strace - - mock - - nfs-utils - - kernel-firmware - - ntp - - ntpdate - - - name: /etc/kojid/kojid.conf - action: copy src=$files/kojibuilder/kojid.conf dest=/etc/kojid/kojid.conf - only_if: "not '${ansible_fqdn}'.startswith(('arm01','arm03','arm04'))" - notify: - - restart kojid - - - - name: arm /etc/kojid/kojid.conf - action: copy src=$files/kojibuilder/arm-kojid.conf dest=/etc/kojid/kojid.conf - only_if: "'${ansible_fqdn}'.startswith(('arm01','arm03','arm04'))" - notify: - - restart kojid - - - name: /etc/koji/koji.conf - action: copy src=$files/kojibuilder/koji.conf dest=/etc/koji.conf - only_if: "not '${ansible_fqdn}'.startswith(('arm01','arm03','arm04'))" - - - name: /etc/koji/koji.conf - action: copy src=$files/kojibuilder/arm-koji.conf dest=/etc/koji.conf - only_if: "'${ansible_fqdn}'.startswith(('arm01','arm03','arm04'))" - - - name: copy over koji ca cert - action: copy src=$private/files/koji/buildercerts/fedora-ca.cert dest=/etc/kojid/cacert.pem - - - name: copy over /etc/security/limits.conf - action: copy src=$files/kojibuilder/limits.conf dest=/etc/security/limits.conf - - - name: copy over builder cert to /etc/kojid/kojibuilder.pem - action: copy src=$private/files/koji/buildercerts/${ansible_fqdn}.pem dest=/etc/kojid/kojibuilder.pem mode=600 - - - name: chkconfig kojid on - action: service name=kojid enabled=on - - - name: copy over authorized keys for root - action: copy src=$files/kojibuilder/root_auth_keys dest=/root/.ssh/authorized_keys mode=644 - - - name: nfs mount points - action: mount name=/mnt/koji src=nfs01.phx2.fedoraproject.org:/ fstype=nfs4 opts=ro,hard,bg,intr,noatime,nodev,nosuid passno=0 dump=0 state=present - only_if: "not '${ansible_fqdn}'.startswith('bkernel')" - - # mock configs for pungify job - - name: put extra special mock configs in - action: copy src=$files/kojibuilder/builders/$item dest=/etc/mock/$item mode=644 - with_items: - - fedora-devel-pungi-i386.cfg - - fedora-devel-pungi-x86_64.cfg - - - name: ntp steptickers - action: copy src=$files/common/step-tickers dest=/etc/ntp/step-tickers - - - name: ntp.conf - action: copy src=$files/common/ntp.conf dest=/etc/ntp.conf - - - name: enable ntpd - action: service name=ntpd enabled=true state=started - - - handlers: - - include: $handlers/restart_services.yml - - - name: restart kojid - action: service name=kojid state=restarted - -- hosts: - - bkernel* - - buildvm-* - - buildhw* - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - ${private}/vars.yml - - ${vars}/${ansible_distribution}.yml - - - tasks: - - name: set kernel params for loopback partitioning - action: command /sbin/grubby --update-kernel=ALL --args=loop.max_part=256 - - - name: set kernel params for more loops - action: command /sbin/grubby --update-kernel=ALL --args=max_loop=64 - - - name: special pkgs for the x86_64 builders - action: yum state=installed pkg=$item - with_items: - - kmod-hfsplus - -- hosts: - - bkernel* - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - ${private}/vars.yml - - ${vars}/${ansible_distribution}.yml - - tasks: - - include: $tasks/bkernel-setup.yml diff --git a/playbooks/koji/make_builder.yml b/playbooks/koji/make_builder.yml index c05d061090..632c855aa1 100644 --- a/playbooks/koji/make_builder.yml +++ b/playbooks/koji/make_builder.yml @@ -15,11 +15,16 @@ tasks: - include: $tasks/virt_instance_create.yml - - name: ping the host - action: ping + - include: $tasks/koji/config_builder.yml + - include: $tasks/koji/builder_kernel_config.yml + + + handlers: + - include: $handlers/restart_services.yml + + - name: restart kojid + action: service name=kojid state=restarted - # include postinstall playbook -#- include: /srv/web/infra/ansible/playbooks/koji/config_builder.yml diff --git a/tasks/koji/base_builder.yml b/tasks/koji/base_builder.yml new file mode 100644 index 0000000000..6755908c90 --- /dev/null +++ b/tasks/koji/base_builder.yml @@ -0,0 +1,145 @@ +- name: enforce certain packages previously assumed from kickstarts + action: yum name=$item state=installed + with_items: + - postfix + - joe + - perl + +- name: set root passwd + action: user name=root password=$builder_rootpw state=present + +- name: add mock user as 425 + action: user name=mock uid=425 state=present home=/var/lib/mock createhome=yes system=yes + +- name: make mock homedir perms + action: file state=directory path=/var/lib/mock mode=2775 owner=root group=mock + +- name: add mock ssh dir + action: file state=directory path=/var/lib/mock/.ssh mode=700 owner=mock group=mock + +- name: add mock ssh keys + action: copy src=$files/kojibuilder/mock_auth_keys dest=/var/lib/mock/.ssh/authorized_keys mode=640 owner=mock group=mock + +- name: add kojibuilder + action: user name=kojibuilder groups=mock + +- name: add mockbuilder + action: user name=mockbuilder groups=mock + +- name: mockbuilder .ssh dir + action: file state=directory path=/home/mockbuilder/.ssh mode=700 owner=mockbuilder group=mockbuilder + +- name: mockbuilder ssh key + action: copy src=$files/kojibuilder/ftbfs_auth_keys dest=/home/mockbuilder/.ssh/authorized_keys mode=644 owner=mockbuilder group=mockbuilder + +- name: iptables + action: copy src=$files/iptables/kojibuilder dest=/etc/sysconfig/iptables mode=600 + notify: + - restart iptables + +- name: sshd_config + action: copy src=$files/ssh/sshd_config.kojibuilder dest=/etc/ssh/sshd_config mode=600 + notify: + - restart sshd + +- name: /etc/resolv.conf + action: copy src=$files/resolv.conf/kojibuilder dest=/etc/resolv.conf + +- name: add to hosts + action: copy src=$files/hosts/kojibuilder-hosts dest=/etc/hosts + +- name: rsyslog.conf + action: copy src=$files/rsyslog/rsyslog.conf.kojibuilder dest=/etc/rsyslog.conf mode=644 + notify: + - restart rsyslog + +- name: /etc/postfix/main.cf + action: copy src=$files/postfix/main.cf.kojibuilder dest=/etc/postfix/main.cf + notify: + - restart postfix + +- name: make a bunch of dirs + action: file state=directory path=$item + with_items: + - /pub + - /mnt/koji + - /pub/fedora + - /pub/epel + - /var/spool/rsyslog + +- name: add builder infra yum repo + action: copy src=$files/kojibuilder/builder-infrastructure.repo dest=/etc/yum.repos.d/builder-infrastructure.repo + +- name: clean up packages we do not need + action: yum state=removed pkg=$item + with_items: + - audit + - 'cronie\*' + +- name: add pkgs + action: yum state=installed pkg=$item + with_items: + - yum-utils + - koji-builder + - strace + - mock + - nfs-utils + - kernel-firmware + - ntp + - ntpdate + +- name: /etc/kojid/kojid.conf + action: copy src=$files/kojibuilder/kojid.conf dest=/etc/kojid/kojid.conf + only_if: "not '${ansible_fqdn}'.startswith(('arm01','arm03','arm04'))" + notify: + - restart kojid + + +- name: arm /etc/kojid/kojid.conf + action: copy src=$files/kojibuilder/arm-kojid.conf dest=/etc/kojid/kojid.conf + only_if: "'${ansible_fqdn}'.startswith(('arm01','arm03','arm04'))" + notify: + - restart kojid + +- name: /etc/koji/koji.conf + action: copy src=$files/kojibuilder/koji.conf dest=/etc/koji.conf + only_if: "not '${ansible_fqdn}'.startswith(('arm01','arm03','arm04'))" + +- name: /etc/koji/koji.conf + action: copy src=$files/kojibuilder/arm-koji.conf dest=/etc/koji.conf + only_if: "'${ansible_fqdn}'.startswith(('arm01','arm03','arm04'))" + +- name: copy over koji ca cert + action: copy src=$private/files/koji/buildercerts/fedora-ca.cert dest=/etc/kojid/cacert.pem + +- name: copy over /etc/security/limits.conf + action: copy src=$files/kojibuilder/limits.conf dest=/etc/security/limits.conf + +- name: copy over builder cert to /etc/kojid/kojibuilder.pem + action: copy src=$private/files/koji/buildercerts/${ansible_fqdn}.pem dest=/etc/kojid/kojibuilder.pem mode=600 + +- name: chkconfig kojid on + action: service name=kojid enabled=on + +- name: copy over authorized keys for root + action: copy src=$files/kojibuilder/root_auth_keys dest=/root/.ssh/authorized_keys mode=644 + +- name: nfs mount points + action: mount name=/mnt/koji src=nfs01.phx2.fedoraproject.org:/ fstype=nfs4 opts=ro,hard,bg,intr,noatime,nodev,nosuid passno=0 dump=0 state=present + only_if: "not '${ansible_fqdn}'.startswith('bkernel')" + +# mock configs for pungify job +- name: put extra special mock configs in + action: copy src=$files/kojibuilder/builders/$item dest=/etc/mock/$item mode=644 + with_items: + - fedora-devel-pungi-i386.cfg + - fedora-devel-pungi-x86_64.cfg + +- name: ntp steptickers + action: copy src=$files/common/step-tickers dest=/etc/ntp/step-tickers + +- name: ntp.conf + action: copy src=$files/common/ntp.conf dest=/etc/ntp.conf + +- name: enable ntpd + action: service name=ntpd enabled=true state=started diff --git a/tasks/bkernel-setup.yml b/tasks/koji/bkernel-setup.yml similarity index 100% rename from tasks/bkernel-setup.yml rename to tasks/koji/bkernel-setup.yml