diff --git a/inventory/builders b/inventory/builders index 6959c1328f..b40f301716 100644 --- a/inventory/builders +++ b/inventory/builders @@ -260,3 +260,4 @@ buildppcle buildarm buildaarch64 buildppc64 +buildvm-s390 diff --git a/inventory/group_vars/buildppc b/inventory/group_vars/buildppc index 76c7e4cc4e..ec549581fa 100644 --- a/inventory/group_vars/buildppc +++ b/inventory/group_vars/buildppc @@ -3,6 +3,7 @@ volgroup: /dev/vg_guests lvm_size: 150000 mem_size: 10240 +max_mem_size: "{{ mem_size }}" num_cpus: 4 ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-23-ppc64 ks_repo: http://10.5.126.23/pub/fedora-secondary/releases/23/Server/ppc64/os/ diff --git a/inventory/group_vars/buildppcle b/inventory/group_vars/buildppcle index 9bafafe7a7..0ea9bbe53c 100644 --- a/inventory/group_vars/buildppcle +++ b/inventory/group_vars/buildppcle @@ -3,6 +3,7 @@ volgroup: /dev/vg_guests lvm_size: 150000 mem_size: 10240 +max_mem_size: "{{ mem_size }}" num_cpus: 4 ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-23-ppc64le ks_repo: http://10.5.126.23/pub/fedora-secondary/releases/23/Server/ppc64le/os/ diff --git a/inventory/group_vars/buildvm-ppc64 b/inventory/group_vars/buildvm-ppc64 index 2776abb290..cab1c24ead 100644 --- a/inventory/group_vars/buildvm-ppc64 +++ b/inventory/group_vars/buildvm-ppc64 @@ -3,6 +3,7 @@ volgroup: /dev/vg_guests lvm_size: 150000 mem_size: 10240 +max_mem_size: "{{ mem_size }}" num_cpus: 4 ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-23-ppc64 ks_repo: http://10.5.126.23/pub/fedora-secondary/releases/23/Server/ppc64/os/ diff --git a/inventory/group_vars/buildvm-ppc64le b/inventory/group_vars/buildvm-ppc64le index 1ef3610550..283d7cce4c 100644 --- a/inventory/group_vars/buildvm-ppc64le +++ b/inventory/group_vars/buildvm-ppc64le @@ -3,6 +3,7 @@ volgroup: /dev/vg_guests lvm_size: 150000 mem_size: 10240 +max_mem_size: "{{ mem_size }}" num_cpus: 4 ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-23-ppc64le ks_repo: http://10.5.126.23/pub/fedora-secondary/releases/23/Server/ppc64le/os/ diff --git a/inventory/group_vars/docker-registry b/inventory/group_vars/docker-registry index 97faec6be1..b1abe1225f 100644 --- a/inventory/group_vars/docker-registry +++ b/inventory/group_vars/docker-registry @@ -3,3 +3,5 @@ ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ fas_client_groups: sysadmin-releng + +tcp_ports: [443] diff --git a/inventory/group_vars/docker-registry-stg b/inventory/group_vars/docker-registry-stg index 97faec6be1..8a7cfeb66b 100644 --- a/inventory/group_vars/docker-registry-stg +++ b/inventory/group_vars/docker-registry-stg @@ -3,3 +3,7 @@ ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ fas_client_groups: sysadmin-releng + +sudoers: "{{ private }}/files/sudo/00releng-sudoers" + +tcp_ports: [443] diff --git a/inventory/group_vars/pagure b/inventory/group_vars/pagure index 410fb38331..69de302407 100644 --- a/inventory/group_vars/pagure +++ b/inventory/group_vars/pagure @@ -39,6 +39,7 @@ fedmsg_certs: - pagure.issue.tag.removed - pagure.project.edit - pagure.project.forked + - pagure.project.group.added - pagure.project.new - pagure.project.tag.edited - pagure.project.tag.removed diff --git a/inventory/group_vars/releng-compose b/inventory/group_vars/releng-compose index de27e5a190..e2bb66a258 100644 --- a/inventory/group_vars/releng-compose +++ b/inventory/group_vars/releng-compose @@ -39,27 +39,12 @@ fedmsg_certs: owner: root group: masher can_send: - - compose.branched.complete - - compose.branched.mash.complete - - compose.branched.mash.start - - compose.branched.image.complete - - compose.branched.image.start - - compose.branched.pungify.complete - - compose.branched.pungify.start - - compose.branched.rsync.complete - - compose.branched.rsync.start - - compose.branched.start - - compose.epelbeta.complete - - compose.rawhide.complete - - compose.rawhide.mash.complete - - compose.rawhide.mash.start - - compose.rawhide.image.complete - - compose.rawhide.image.start - - compose.rawhide.pungify.complete - - compose.rawhide.pungify.start - - compose.rawhide.rsync.complete - - compose.rawhide.rsync.start - - compose.rawhide.start + - pungi.compose.phase.start + - pungi.compose.phase.stop + - pungi.compose.status.change + - pungi.compose.createiso.targets + - pungi.compose.createiso.imagefail + - pungi.compose.createiso.imagedone # Then there are *all these* make-updates things from releng+cloudsig - compose.23.make-updates.start - compose.23.make-updates.done diff --git a/inventory/group_vars/releng-secondary b/inventory/group_vars/releng-secondary index ec8654e51d..1ab23edd70 100644 --- a/inventory/group_vars/releng-secondary +++ b/inventory/group_vars/releng-secondary @@ -2,6 +2,7 @@ # common items for the releng-* boxes lvm_size: 100000 mem_size: 8196 +max_mem_size: "{{ mem_size }}" num_cpus: 16 nm: 255.255.255.0 dns: 10.5.126.21 diff --git a/inventory/host_vars/bodhi-backend01.phx2.fedoraproject.org b/inventory/host_vars/bodhi-backend01.phx2.fedoraproject.org index 97d0739dc2..1efe932444 100644 --- a/inventory/host_vars/bodhi-backend01.phx2.fedoraproject.org +++ b/inventory/host_vars/bodhi-backend01.phx2.fedoraproject.org @@ -38,6 +38,8 @@ fedmsg_certs: - bodhi.update.eject - bodhi.update.complete.testing - bodhi.update.complete.stable + - bodhi.update.request.stable + - bodhi.update.karma.threshold.reach - bodhi.buildroot_override.untag - service: ftpsync owner: root diff --git a/inventory/host_vars/buildvm-s390-01.s390.fedoraproject.org b/inventory/host_vars/buildvm-s390-01.s390.fedoraproject.org index 411b995997..818b75f43b 100644 --- a/inventory/host_vars/buildvm-s390-01.s390.fedoraproject.org +++ b/inventory/host_vars/buildvm-s390-01.s390.fedoraproject.org @@ -10,6 +10,7 @@ main_bridge: br1 volgroup: /dev/vg_guests lvm_size: 150000 mem_size: 10240 +max_mem_size: "{{ mem_size }}" num_cpus: 4 ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-23 ks_repo: http://10.5.126.23/pub/fedora/linux/releases/23/Server/x86_64/os/ diff --git a/inventory/inventory b/inventory/inventory index ecdfbec06e..494a579b08 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -599,6 +599,10 @@ bugzilla2fedmsg01.stg.phx2.fedoraproject.org buildvm-01.stg.phx2.fedoraproject.org busgateway01.stg.phx2.fedoraproject.org composer.stg.phx2.fedoraproject.org +copr-be-dev.cloud.fedoraproject.org +copr-dist-git-dev.fedorainfracloud.org +copr-fe-dev.cloud.fedoraproject.org +copr-keygen-dev.cloud.fedoraproject.org darkserver-web01.stg.phx2.fedoraproject.org darkserver-web02.stg.phx2.fedoraproject.org darkserver-backend01.stg.phx2.fedoraproject.org diff --git a/playbooks/groups/buildvm.yml b/playbooks/groups/buildvm.yml index c1bda784ba..694b3d7237 100644 --- a/playbooks/groups/buildvm.yml +++ b/playbooks/groups/buildvm.yml @@ -3,10 +3,10 @@ # NOTE: make sure there is room/space for this builder on the buildvmhost # NOTE: most of these vars_path come from group_vars/buildvm or from hostvars -- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=buildvm:buildvm-stg:buildvm-ppc64:buildvm-ppc64le:buildppcle:buildppc" +- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=buildvm:buildvm-stg:buildvm-ppc64:buildvm-ppc64le:buildppcle:buildppc:buildvm-s390" - name: make koji builder(s) - hosts: buildvm:buildvm-stg:buildvm-ppc64:buildvm-ppc64le:buildppcle:buildppc + hosts: buildvm:buildvm-stg:buildvm-ppc64:buildvm-ppc64le:buildppcle:buildppc:buildvm-s390 user: root gather_facts: True @@ -24,16 +24,19 @@ - hosts - apache - { role: nfs/client, - when: ( ansible_architecture == 'x86_64' or ansible_architecture == 'ppc64le' or ansible_architecture == 'ppc64' ) and not inventory_hostname.startswith('buildvm-ppc64'), + when: ( "'buildvm' in group_names" or "'buildppcle' in group_names" or "'buildppc' in group_names" ), mnt_dir: '/mnt/fedora_koji', nfs_src_dir: 'fedora_koji' } - { role: nfs/client, - when: inventory_hostname.startswith('aarch64') , + when: "'buildaarch64' in group_names" , mnt_dir: '/mnt/fedora_koji', nfs_src_dir: 'fedora_arm/data' } - { role: nfs/client, - when: inventory_hostname.startswith('buildvm-ppc64') , + when: ( "'buildvm-ppc64' in group_names" or "'buildvm-ppc64le' in group_names") , mnt_dir: '/mnt/fedora_koji', nfs_src_dir: 'fedora_ppc/data' } - { role: nfs/client, - when: datacenter == 'staging', mnt_dir: '/mnt/fedora_koji', nfs_src_dir: 'fedora_koji' } + when: "'buildvm-s390' in group_names" , + mnt_dir: '/mnt/fedora_koji', nfs_src_dir: 'fedora_s390/data' } + - { role: nfs/client, + when: "'buildvm-stg' in group_names", mnt_dir: '/mnt/fedora_koji', nfs_src_dir: 'fedora_koji' } - { role: fas_client, when: not inventory_hostname.startswith('bkernel') } - { role: sudo, when: not inventory_hostname.startswith('bkernel') } - koji_builder diff --git a/playbooks/groups/docker-registry.yml b/playbooks/groups/docker-registry.yml index e1b87c00e8..c5e11a2436 100644 --- a/playbooks/groups/docker-registry.yml +++ b/playbooks/groups/docker-registry.yml @@ -41,6 +41,7 @@ # on localhost and all external connections will be through httpd which # will be SSL enalbed. roles: + # STAGING - { role: docker-distribution, conf_path: "/etc/docker-distribution/registry/config.yml", @@ -65,6 +66,28 @@ }, when: env == "staging" } + - { + role: docker-distribution-proxy, + servername: registry.stg.fedorproject.org, + ssl: { + destdir: "/etc/pki/docker-distribution/", + certfile_src: "{{private}}/files/docker-registry/staging/docker-registry-internal.pem", + certfile_dest: "docker-registry-internal.pem", + keyfile_src: "{{private}}/files/docker-registry/staging/docker-registry-internal.key", + keyfile_dest: "docker-registry-internal.key", + }, + auth: { + type: basic, + basic: { + destdir: "/etc/httpd/", + userfile_src: "{{private}}/files/httpd/osbs.htpasswd", + userfile_dest: "osbs.htpasswd", + } + }, + when: env == "staging" + } + + # PROD - { role: docker-distribution, conf_path: "/etc/docker-distribution/registry/config.yml", @@ -89,4 +112,25 @@ }, when: env == "production" } + - { + role: docker-distribution-proxy, + servername: registry.fedorproject.org, + ssl: { + destdir: "/etc/pki/docker-distribution/", + certfile_src: "{{private}}/files/docker-registry/docker-registry-internal.pem", + certfile_dest: "docker-registry-internal.pem", + keyfile_src: "{{private}}/files/docker-registry/docker-registry-internal.key", + keyfile_dest: "docker-registry-internal.key", + }, + auth: { + type: basic, + basic: { + destdir: "/etc/httpd/", + userfile_src: "{{private}}/files/httpd/osbs.htpasswd", + userfile_dest: "osbs.htpasswd", + } + }, + when: env == "production" + } + diff --git a/playbooks/groups/releng-compose.yml b/playbooks/groups/releng-compose.yml index 13925212c1..2cf50226cc 100644 --- a/playbooks/groups/releng-compose.yml +++ b/playbooks/groups/releng-compose.yml @@ -3,7 +3,7 @@ # NOTE: make sure there is room/space for this instance on the buildvmhost # NOTE: most of these vars_path come from group_vars/releng or from hostvars -- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=releng-compose:releng-stg:compose-ppc64-01.ppc.fedoraproject.org:compose-ppc64le-01.ppc.fedoraproject.org" +- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=releng-compose:releng-stg:compose-ppc64-01.ppc.fedoraproject.org:compose-ppc64le-01.ppc.fedoraproject.org:compose-s390-01.s390.fedoraproject.org" - name: Setup releng compose hosts hosts: releng-compose:releng-secondary:releng-stg diff --git a/roles/apps-fp-o/files/apps.yaml b/roles/apps-fp-o/files/apps.yaml index 5e82ba162b..0ba9659bcc 100644 --- a/roles/apps-fp-o/files/apps.yaml +++ b/roles/apps-fp-o/files/apps.yaml @@ -564,10 +564,8 @@ children: source_url: https://github.com/fedora-infra/github2fedmsg bugs_url: https://github.com/fedora-infra/github2fedmsg/issues docs_url: https://github.com/fedora-infra/github2fedmsg/blob/develop/README.rst#github2fedmsg - # TODO - write sop for github2fedmsg - # https://fedorahosted.org/fedora-infrastructure/ticket/5158 - #sops: - # - https://infrastructure.fedoraproject.org/infra/docs/github2fedmsg.rst + sops: + - https://infrastructure.fedoraproject.org/infra/docs/github2fedmsg.rst status_mappings: ['fedmsg'] description: > github2fedmsg is a web service that bridges upstream @@ -744,10 +742,8 @@ children: bugs_url: https://github.com/product-definition-center/product-definition-center/issues # Also, https://fedoraproject.org/wiki/Changes/PDC docs_url: https://github.com/product-definition-center/product-definition-center/issues/303 - # TODO - write SOP for PDC - # https://fedorahosted.org/fedora-infrastructure/ticket/5163 - #sops: - # - https://infrastructure.fedoraproject.org/infra/docs/pdc.rst + sops: + - https://infrastructure.fedoraproject.org/infra/docs/pdc.rst description: > The Product Definition Center (PDC) is a new app we're working on which will track 1) all of the artifacts that release diff --git a/roles/base/templates/iptables/iptables.kojibuilder b/roles/base/templates/iptables/iptables.kojibuilder index ee2d5a3724..e94af36f1c 100644 --- a/roles/base/templates/iptables/iptables.kojibuilder +++ b/roles/base/templates/iptables/iptables.kojibuilder @@ -43,6 +43,10 @@ -A OUTPUT -p tcp -m tcp -d 10.5.124.182 --dport 80 -j ACCEPT -A OUTPUT -p tcp -m tcp -d 10.5.124.182 --dport 443 -j ACCEPT +#s390.koji.fp.o +-A OUTPUT -p tcp -m tcp -d 10.5.124.191 --dport 80 -j ACCEPT +-A OUTPUT -p tcp -m tcp -d 10.5.124.191 --dport 443 -j ACCEPT + # compose-x86-02.fp.o -A OUTPUT -p tcp -m tcp -d 10.5.125.42 --dport 80 -j ACCEPT -A OUTPUT -p tcp -m tcp -d 10.5.125.42 --dport 443 -j ACCEPT diff --git a/roles/distgit/tasks/main.yml b/roles/distgit/tasks/main.yml index 390db7d813..064b4ca264 100644 --- a/roles/distgit/tasks/main.yml +++ b/roles/distgit/tasks/main.yml @@ -61,6 +61,17 @@ - name: create the distgit root directory (/srv/git/repositories) file: dest=/srv/git/repositories state=directory mode=2775 group=packager +# These should all map to pkgdb namespaces +- name: create our namespace directories inside there.. + file: dest=/srv/git/repositories/{{item}} state=directory mode=2775 group=packager + with_items: + - rpms + - docker + - modules + # Except for this one. This namespace is artificially created in the + # dist-git pkgdb sync scripts. + - rpms-checks + - name: install the distgit scripts copy: src={{item}} dest=/usr/local/bin/{{item}} owner=root group=root mode=0755 with_items: diff --git a/roles/distgit/templates/genacls.pkgdb b/roles/distgit/templates/genacls.pkgdb index a90c4a3e40..b4b52f238f 100644 --- a/roles/distgit/templates/genacls.pkgdb +++ b/roles/distgit/templates/genacls.pkgdb @@ -5,6 +5,7 @@ # Takes no arguments! # +import copy import grp import sys @@ -69,6 +70,12 @@ if __name__ == '__main__': #print ' RW private- = @all' # dont' enable the above until we prevent building for real from private- + # XXX - Insert an artificial namespace into the set of namespaces returned + # by pkgdb. We want to create a mirror of rpms/PKG in rpms-checks/PKG + # This hack occurs in two places. Here, and in the branch-creation script. + # https://github.com/fedora-infra/pkgdb2/issues/329#issuecomment-207050233 + data['rpms-checks'] = copy.copy(data['rpms']) + # Get a list of all the packages for key in data: if key == 'title': diff --git a/roles/distgit/templates/pkgdb_sync_git_branches.py b/roles/distgit/templates/pkgdb_sync_git_branches.py index 1cbe94d3a5..38fd6b12da 100644 --- a/roles/distgit/templates/pkgdb_sync_git_branches.py +++ b/roles/distgit/templates/pkgdb_sync_git_branches.py @@ -38,6 +38,7 @@ Here are the different steps of this script: """ +import copy import itertools import multiprocessing.pool import os @@ -249,6 +250,12 @@ def main(): pkgdb_info = pkgdb_pkg_branch() + # XXX - Insert an artificial namespace into the set of namespaces returned + # by pkgdb. We want to create a mirror of rpms/PKG in rpms-checks/PKG + # This hack occurs in two places. Here, and in genacls.pkgdb. + # https://github.com/fedora-infra/pkgdb2/issues/329#issuecomment-207050233 + pkgdb_info['rpms-checks'] = copy.copy(pkgdb_info['rpms']) + for ns in pkgdb_info: namespace = ns if ns == 'packageAcls': diff --git a/roles/docker-distribution-proxy/defaults/main.yml b/roles/docker-distribution-proxy/defaults/main.yml new file mode 100644 index 0000000000..d983dc1bde --- /dev/null +++ b/roles/docker-distribution-proxy/defaults/main.yml @@ -0,0 +1,19 @@ +--- +# defaults file for docker-distribution-proxy +# +servername: "registry.example.com" +ssl: + destdir: "/etc/pki/docker-registry/" + certfile_src: "ssl.cert" + certfile_dest: "ssl.cert" + keyfile_src: "ssl.key" + keyfile_dest: "ssl.key" + +auth: + type: basic + basic: + dest_dir: + userfile_src: /etc/httpd/users.htpasswd + userfile_dest: /etc/httpd/users.htpasswd + + diff --git a/roles/docker-distribution-proxy/handlers/main.yml b/roles/docker-distribution-proxy/handlers/main.yml new file mode 100644 index 0000000000..ae13839e53 --- /dev/null +++ b/roles/docker-distribution-proxy/handlers/main.yml @@ -0,0 +1,7 @@ +--- +# handlers file for docker-distribution-proxy + +- name: reload httpd + service: + name: httpd + state: reloaded diff --git a/roles/docker-distribution-proxy/tasks/main.yml b/roles/docker-distribution-proxy/tasks/main.yml new file mode 100644 index 0000000000..2bc0a915af --- /dev/null +++ b/roles/docker-distribution-proxy/tasks/main.yml @@ -0,0 +1,47 @@ +--- +# tasks file for docker-distribution-proxy +# +- name: Make sure httpd is installed + action: "{{ ansible_pkg_mgr }} name=httpd state=installed" + +- name: Make sure mod_ssl is installed + action: "{{ ansible_pkg_mgr }} name=mod_ssl state=installed" + +- name: ensure pki destination directory exists + file: + path: "{{ ssl.destdir }}" + state: directory + +- name: install ssl certfile + copy: + src: "{{ ssl.certfile_src }}" + dest: "{{ ssl.destdir }}/{{ ssl.certfile_dest }}" + +- name: install ssl keyfile + copy: + src: "{{ ssl.keyfile_src }}" + dest: "{{ ssl.destdir }}/{{ ssl.keyfile_dest }}" + +- name: ensure htpasswd basic auth dest dir exists + file: + path: "{{ auth.basic.destdir }}" + state: directory + when: auth.type == "basic" + +- name: place htpasswd file + copy: + src: "{{ auth.basic.userfile_src }}" + dest: "{{ auth.basic.destdir }}/{{ auth.basic.userfile_dest }}" + when: auth.type == "basic" + +- name: Configure the vhost + template: + src: "docker-registry-vhost.conf.j2" + dest: "/etc/httpd/conf.d/docker-registry-vhost.conf" + notify: reload httpd + +- name: start and enable httpd + service: + name: httpd + state: started + enabled: yes diff --git a/roles/docker-distribution-proxy/templates/docker-registry-vhost.conf.j2 b/roles/docker-distribution-proxy/templates/docker-registry-vhost.conf.j2 new file mode 100644 index 0000000000..0814b67d44 --- /dev/null +++ b/roles/docker-distribution-proxy/templates/docker-registry-vhost.conf.j2 @@ -0,0 +1,63 @@ + + + ServerName {{ servername }} + + SSLEngine on + SSLCertificateFile {{ ssl.destdir}}/{{ ssl.certfile_dest }} + SSLCertificateKeyFile {{ ssl.destdir}}/{{ ssl.keyfile_dest }} + + ## SSL settings recommandation from: https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html + # Anti CRIME + SSLCompression off + + # POODLE and other stuff + SSLProtocol all -SSLv2 -SSLv3 -TLSv1 + + # Secure cypher suites + SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH + SSLHonorCipherOrder on + + Header always set "Docker-Distribution-Api-Version" "registry/2.0" + Header onsuccess set "Docker-Distribution-Api-Version" "registry/2.0" + RequestHeader set X-Forwarded-Proto "https" + + ProxyRequests off + ProxyPreserveHost on + + # no proxy for /error/ (Apache HTTPd errors messages) + ProxyPass /error/ ! + + ProxyPass /v2 http://localhost:5000/v2 + ProxyPassReverse /v2 http://localhost:5000/v2 + + ProxyPass /_ping http://localhost:5000/_ping + ProxyPassReverse /_ping http://localhost:5000/_ping + + # Allow ping to run unauthenticated. + + Satisfy any + Allow from all + + + + Order deny,allow + Allow from all +{% if auth.type == "basic" %} + AuthName "Registry Authentication" + AuthType basic + AuthUserFile {{ auth.basic.userfile_dest }} +{% endif %} + + ## Read access to authentified users + # + # Require valid-user + # + + # Write access restricted + + Require valid-user + + + + + \ No newline at end of file diff --git a/roles/koji_builder/tasks/main.yml b/roles/koji_builder/tasks/main.yml index 7eabfeb7b6..b5070399c1 100644 --- a/roles/koji_builder/tasks/main.yml +++ b/roles/koji_builder/tasks/main.yml @@ -195,13 +195,13 @@ - name: make a mnt/koji link file: state=link src=/mnt/fedora_koji/koji dest=/mnt/koji - when: inventory_hostname.startswith(('build','arm04-builder00','arm04-builder01','arm02-builder21','arm02-builder23')) and not inventory_hostname.startswith('buildvm-ppc64') + when: inventory_hostname.startswith(('build','arm04-builder00','arm04-builder01','arm02-builder21','arm02-builder23')) and not inventory_hostname.startswith(('buildvm-ppc64','buildvm-s390')) tags: - koji_builder - name: make a mnt/koji link file: state=link src=/mnt/fedora_koji dest=/mnt/koji - when: inventory_hostname.startswith(('aarch64','ppc8','buildvm-ppc64')) + when: inventory_hostname.startswith(('aarch64','ppc8','buildvm-ppc64','buildvm-s390')) tags: - koji_builder diff --git a/roles/openqa/server/tasks/main.yml b/roles/openqa/server/tasks/main.yml index 720473630b..9148dfb8ef 100644 --- a/roles/openqa/server/tasks/main.yml +++ b/roles/openqa/server/tasks/main.yml @@ -224,11 +224,16 @@ # a correct 'changed' for this step is too difficult. Instead we have # the prior and following steps; when the templates actually changed, # the *following* step will register as changed. -- name: Load tests +- name: Load patched tests shell: "/tmp/templates --clean" - when: "gittests|changed" + when: "gittests|changed and deployment_type is defined" changed_when: "1 != 1" +- name: Load tests + shell: "/var/lib/openqa/share/tests/fedora/templates --clean" + when: "gittests|changed and deployment_type is not defined" + changed_when: "1 != 1 + - name: Check if the tests changed in previous step shell: "/usr/share/openqa/script/dump_templates --json > /tmp/tmpl-new.json && json_diff /tmp/tmpl-old.json /tmp/tmpl-new.json" when: "gittests|changed" diff --git a/roles/virthost/files/rhel7-rhev-ppc64le.repo b/roles/virthost/files/rhel7-rhev-ppc64le.repo new file mode 100644 index 0000000000..43f3f70580 --- /dev/null +++ b/roles/virthost/files/rhel7-rhev-ppc64le.repo @@ -0,0 +1,5 @@ +[rhel7-os] +name = rhel7 os $basearch +baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-for-rhev-power-agents-rpms/ +includepkgs=qemu* +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release diff --git a/roles/virthost/tasks/main.yml b/roles/virthost/tasks/main.yml index ae81a13697..6463de5a86 100644 --- a/roles/virthost/tasks/main.yml +++ b/roles/virthost/tasks/main.yml @@ -21,7 +21,14 @@ - rhel7-os-repo when: ansible_distribution == 'RedHat' and ansible_distribution_major_version|int == 7 and ansible_architecture == 'x86_64' -- name: install libvirt packages on rhel7 virthosts (x86_64) +- name: install RHEV for el7 repo file + copy: src=rhel7-rhev-ppc64le.repo dest=/etc/yum.repos.d/rhel7-rhev-ppc64le.repo + tags: + - repos + - rhel7-rhev-ppc64le + when: ansible_distribution == 'RedHat' and ansible_distribution_major_version|int == 7 and ansible_architecture == 'ppc64le' + +- name: install libvirt packages on rhel7 virthosts yum: pkg={{ item }} state=present with_items: - qemu-kvm-rhev @@ -31,17 +38,7 @@ - virt-install tags: - packages - when: ansible_distribution == 'RedHat' and ansible_distribution_major_version|int == 7 and ansible_architecture == 'x86_64' - -- name: install libvirt packages on rhel7 virthosts (not x86_64) - yum: pkg={{ item }} state=present - with_items: - - qemu-kvm - - libvirt - - virt-install - tags: - - packages - when: ansible_distribution == 'RedHat' and ansible_distribution_major_version|int == 7 and ansible_architecture == 'ppc64' + when: ansible_distribution == 'RedHat' and ansible_distribution_major_version|int == 7 # install libvirtd.conf #