Merge branch 'master' of /git/ansible

2016-04-08 19:14:38 +00:00 · 2016-04-08 19:14:38 +00:00 · 4b56e62869
commit 4b56e62869
parent 1cd8d08b55 e1b4ecc674
29 changed files with 272 additions and 52 deletions
--- a/inventory/builders
+++ b/inventory/builders
@ -260,3 +260,4 @@ buildppcle
 buildarm
 buildaarch64
 buildppc64
+buildvm-s390
--- a/inventory/group_vars/buildppc
+++ b/inventory/group_vars/buildppc
@ -3,6 +3,7 @@
 volgroup: /dev/vg_guests
 lvm_size: 150000
 mem_size: 10240
+max_mem_size: "{{ mem_size }}"
 num_cpus: 4
 ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-23-ppc64
 ks_repo: http://10.5.126.23/pub/fedora-secondary/releases/23/Server/ppc64/os/
--- a/inventory/group_vars/buildppcle
+++ b/inventory/group_vars/buildppcle
@ -3,6 +3,7 @@
 volgroup: /dev/vg_guests
 lvm_size: 150000
 mem_size: 10240
+max_mem_size: "{{ mem_size }}"
 num_cpus: 4
 ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-23-ppc64le
 ks_repo: http://10.5.126.23/pub/fedora-secondary/releases/23/Server/ppc64le/os/
--- a/inventory/group_vars/buildvm-ppc64
+++ b/inventory/group_vars/buildvm-ppc64
@ -3,6 +3,7 @@
 volgroup: /dev/vg_guests
 lvm_size: 150000
 mem_size: 10240
+max_mem_size: "{{ mem_size }}"
 num_cpus: 4
 ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-23-ppc64
 ks_repo: http://10.5.126.23/pub/fedora-secondary/releases/23/Server/ppc64/os/
--- a/inventory/group_vars/buildvm-ppc64le
+++ b/inventory/group_vars/buildvm-ppc64le
@ -3,6 +3,7 @@
 volgroup: /dev/vg_guests
 lvm_size: 150000
 mem_size: 10240
+max_mem_size: "{{ mem_size }}"
 num_cpus: 4
 ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-23-ppc64le
 ks_repo: http://10.5.126.23/pub/fedora-secondary/releases/23/Server/ppc64le/os/
--- a/inventory/group_vars/docker-registry
+++ b/inventory/group_vars/docker-registry
@ -3,3 +3,5 @@ ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
 ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/

 fas_client_groups: sysadmin-releng
+
+tcp_ports: [443]
--- a/inventory/group_vars/docker-registry-stg
+++ b/inventory/group_vars/docker-registry-stg
@ -3,3 +3,7 @@ ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
 ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/

 fas_client_groups: sysadmin-releng
+
+sudoers: "{{ private }}/files/sudo/00releng-sudoers"
+
+tcp_ports: [443]
--- a/inventory/group_vars/pagure
+++ b/inventory/group_vars/pagure
@ -39,6 +39,7 @@ fedmsg_certs:
  - pagure.issue.tag.removed
  - pagure.project.edit
  - pagure.project.forked
+  - pagure.project.group.added
  - pagure.project.new
  - pagure.project.tag.edited
  - pagure.project.tag.removed
--- a/inventory/group_vars/releng-compose
+++ b/inventory/group_vars/releng-compose
@ -39,27 +39,12 @@ fedmsg_certs:
  owner: root
  group: masher
  can_send:
-  - compose.branched.complete
-  - compose.branched.mash.complete
-  - compose.branched.mash.start
-  - compose.branched.image.complete
-  - compose.branched.image.start
-  - compose.branched.pungify.complete
-  - compose.branched.pungify.start
-  - compose.branched.rsync.complete
-  - compose.branched.rsync.start
-  - compose.branched.start
-  - compose.epelbeta.complete
-  - compose.rawhide.complete
-  - compose.rawhide.mash.complete
-  - compose.rawhide.mash.start
-  - compose.rawhide.image.complete
-  - compose.rawhide.image.start
-  - compose.rawhide.pungify.complete
-  - compose.rawhide.pungify.start
-  - compose.rawhide.rsync.complete
-  - compose.rawhide.rsync.start
-  - compose.rawhide.start
+  - pungi.compose.phase.start
+  - pungi.compose.phase.stop
+  - pungi.compose.status.change
+  - pungi.compose.createiso.targets
+  - pungi.compose.createiso.imagefail
+  - pungi.compose.createiso.imagedone
  # Then there are *all these* make-updates things from releng+cloudsig
  - compose.23.make-updates.start
  - compose.23.make-updates.done
--- a/inventory/group_vars/releng-secondary
+++ b/inventory/group_vars/releng-secondary
@ -2,6 +2,7 @@
 # common items for the releng-* boxes
 lvm_size: 100000
 mem_size: 8196
+max_mem_size: "{{ mem_size }}"
 num_cpus: 16
 nm: 255.255.255.0
 dns: 10.5.126.21
--- a/inventory/host_vars/bodhi-backend01.phx2.fedoraproject.org
+++ b/inventory/host_vars/bodhi-backend01.phx2.fedoraproject.org
@ -38,6 +38,8 @@ fedmsg_certs:
  - bodhi.update.eject
  - bodhi.update.complete.testing
  - bodhi.update.complete.stable
+  - bodhi.update.request.stable
+  - bodhi.update.karma.threshold.reach
  - bodhi.buildroot_override.untag
 - service: ftpsync
  owner: root
--- a/inventory/host_vars/buildvm-s390-01.s390.fedoraproject.org
+++ b/inventory/host_vars/buildvm-s390-01.s390.fedoraproject.org
@ -10,6 +10,7 @@ main_bridge: br1
 volgroup: /dev/vg_guests
 lvm_size: 150000
 mem_size: 10240
+max_mem_size: "{{ mem_size }}"
 num_cpus: 4
 ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-23
 ks_repo: http://10.5.126.23/pub/fedora/linux/releases/23/Server/x86_64/os/
--- a/inventory/inventory
+++ b/inventory/inventory
@ -599,6 +599,10 @@ bugzilla2fedmsg01.stg.phx2.fedoraproject.org
 buildvm-01.stg.phx2.fedoraproject.org
 busgateway01.stg.phx2.fedoraproject.org
 composer.stg.phx2.fedoraproject.org
+copr-be-dev.cloud.fedoraproject.org
+copr-dist-git-dev.fedorainfracloud.org
+copr-fe-dev.cloud.fedoraproject.org
+copr-keygen-dev.cloud.fedoraproject.org
 darkserver-web01.stg.phx2.fedoraproject.org
 darkserver-web02.stg.phx2.fedoraproject.org
 darkserver-backend01.stg.phx2.fedoraproject.org
--- a/playbooks/groups/buildvm.yml
+++ b/playbooks/groups/buildvm.yml
@ -3,10 +3,10 @@
 # NOTE: make sure there is room/space for this builder on the buildvmhost
 # NOTE: most of these vars_path come from group_vars/buildvm or from hostvars

- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=buildvm:buildvm-stg:buildvm-ppc64:buildvm-ppc64le:buildppcle:buildppc"
+- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=buildvm:buildvm-stg:buildvm-ppc64:buildvm-ppc64le:buildppcle:buildppc:buildvm-s390"

 - name: make koji builder(s)
-  hosts: buildvm:buildvm-stg:buildvm-ppc64:buildvm-ppc64le:buildppcle:buildppc
+  hosts: buildvm:buildvm-stg:buildvm-ppc64:buildvm-ppc64le:buildppcle:buildppc:buildvm-s390
  user: root
  gather_facts: True

@ -24,16 +24,19 @@
  - hosts
  - apache
  - { role: nfs/client,
-      when: ( ansible_architecture == 'x86_64' or ansible_architecture == 'ppc64le' or ansible_architecture == 'ppc64' ) and not inventory_hostname.startswith('buildvm-ppc64'),
+      when: ( "'buildvm' in group_names" or "'buildppcle' in group_names" or "'buildppc' in group_names" ),
      mnt_dir: '/mnt/fedora_koji',  nfs_src_dir: 'fedora_koji' }
  - { role: nfs/client,
-      when: inventory_hostname.startswith('aarch64') ,
+      when: "'buildaarch64' in group_names" ,
      mnt_dir: '/mnt/fedora_koji',  nfs_src_dir: 'fedora_arm/data' }
  - { role: nfs/client,
-      when: inventory_hostname.startswith('buildvm-ppc64') ,
+      when: ( "'buildvm-ppc64' in group_names" or "'buildvm-ppc64le' in group_names") ,
      mnt_dir: '/mnt/fedora_koji',  nfs_src_dir: 'fedora_ppc/data' }
  - { role: nfs/client,
-      when: datacenter == 'staging', mnt_dir: '/mnt/fedora_koji',  nfs_src_dir: 'fedora_koji' }
+      when: "'buildvm-s390' in group_names" ,
+      mnt_dir: '/mnt/fedora_koji',  nfs_src_dir: 'fedora_s390/data' }
+  - { role: nfs/client,
+      when: "'buildvm-stg' in group_names", mnt_dir: '/mnt/fedora_koji',  nfs_src_dir: 'fedora_koji' }
  - { role: fas_client, when: not inventory_hostname.startswith('bkernel') }
  - { role: sudo, when: not inventory_hostname.startswith('bkernel') }
  - koji_builder
--- a/playbooks/groups/docker-registry.yml
+++ b/playbooks/groups/docker-registry.yml
@ -41,6 +41,7 @@
  #       on localhost and all external connections will be through httpd which
  #       will be SSL enalbed.
  roles:
+    # STAGING
    - {
      role: docker-distribution,
        conf_path: "/etc/docker-distribution/registry/config.yml",
@ -65,6 +66,28 @@
        },
        when: env == "staging"
      }
+    - {
+      role: docker-distribution-proxy,
+        servername: registry.stg.fedorproject.org,
+        ssl: {
+          destdir: "/etc/pki/docker-distribution/",
+          certfile_src: "{{private}}/files/docker-registry/staging/docker-registry-internal.pem",
+          certfile_dest: "docker-registry-internal.pem",
+          keyfile_src: "{{private}}/files/docker-registry/staging/docker-registry-internal.key",
+          keyfile_dest: "docker-registry-internal.key",
+        },
+        auth: {
+          type: basic,
+          basic: {
+            destdir: "/etc/httpd/",
+            userfile_src: "{{private}}/files/httpd/osbs.htpasswd",
+            userfile_dest: "osbs.htpasswd",
+          }
+        },
+        when: env == "staging"
+      }
+
+    # PROD
    - {
      role: docker-distribution,
        conf_path: "/etc/docker-distribution/registry/config.yml",
@ -89,4 +112,25 @@
        },
        when: env == "production"
      }
+    - {
+      role: docker-distribution-proxy,
+        servername: registry.fedorproject.org,
+        ssl: {
+          destdir: "/etc/pki/docker-distribution/",
+          certfile_src: "{{private}}/files/docker-registry/docker-registry-internal.pem",
+          certfile_dest: "docker-registry-internal.pem",
+          keyfile_src: "{{private}}/files/docker-registry/docker-registry-internal.key",
+          keyfile_dest: "docker-registry-internal.key",
+        },
+        auth: {
+          type: basic,
+          basic: {
+            destdir: "/etc/httpd/",
+            userfile_src: "{{private}}/files/httpd/osbs.htpasswd",
+            userfile_dest: "osbs.htpasswd",
+          }
+        },
+        when: env == "production"
+      }
+

--- a/playbooks/groups/releng-compose.yml
+++ b/playbooks/groups/releng-compose.yml
@ -3,7 +3,7 @@
 # NOTE: make sure there is room/space for this instance on the buildvmhost
 # NOTE: most of these vars_path come from group_vars/releng or from hostvars

- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=releng-compose:releng-stg:compose-ppc64-01.ppc.fedoraproject.org:compose-ppc64le-01.ppc.fedoraproject.org"
+- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=releng-compose:releng-stg:compose-ppc64-01.ppc.fedoraproject.org:compose-ppc64le-01.ppc.fedoraproject.org:compose-s390-01.s390.fedoraproject.org"

 - name: Setup releng compose hosts
  hosts: releng-compose:releng-secondary:releng-stg
--- a/roles/apps-fp-o/files/apps.yaml
+++ b/roles/apps-fp-o/files/apps.yaml
@ -564,10 +564,8 @@ children:
            source_url: https://github.com/fedora-infra/github2fedmsg
            bugs_url:   https://github.com/fedora-infra/github2fedmsg/issues
            docs_url:   https://github.com/fedora-infra/github2fedmsg/blob/develop/README.rst#github2fedmsg
-            # TODO - write sop for github2fedmsg
-            # https://fedorahosted.org/fedora-infrastructure/ticket/5158
-            #sops:
-            #    - https://infrastructure.fedoraproject.org/infra/docs/github2fedmsg.rst
+            sops:
+            - https://infrastructure.fedoraproject.org/infra/docs/github2fedmsg.rst
            status_mappings: ['fedmsg']
            description: >
                github2fedmsg is a web service that bridges upstream
@ -744,10 +742,8 @@ children:
            bugs_url:   https://github.com/product-definition-center/product-definition-center/issues
            # Also, https://fedoraproject.org/wiki/Changes/PDC
            docs_url:   https://github.com/product-definition-center/product-definition-center/issues/303
-            # TODO - write SOP for PDC
-            # https://fedorahosted.org/fedora-infrastructure/ticket/5163
-            #sops:
-            #    - https://infrastructure.fedoraproject.org/infra/docs/pdc.rst
+            sops:
+            - https://infrastructure.fedoraproject.org/infra/docs/pdc.rst
            description: >
                The Product Definition Center (PDC) is a new app we're working
                on which will track 1) all of the artifacts that release
--- a/roles/base/templates/iptables/iptables.kojibuilder
+++ b/roles/base/templates/iptables/iptables.kojibuilder
@ -43,6 +43,10 @@
 -A OUTPUT -p tcp -m tcp -d 10.5.124.182 --dport 80 -j ACCEPT
 -A OUTPUT -p tcp -m tcp -d 10.5.124.182 --dport 443 -j ACCEPT

+#s390.koji.fp.o
+-A OUTPUT -p tcp -m tcp -d 10.5.124.191 --dport 80 -j ACCEPT
+-A OUTPUT -p tcp -m tcp -d 10.5.124.191 --dport 443 -j ACCEPT
+
 # compose-x86-02.fp.o
 -A OUTPUT -p tcp -m tcp -d 10.5.125.42 --dport 80 -j ACCEPT
 -A OUTPUT -p tcp -m tcp -d 10.5.125.42 --dport 443 -j ACCEPT
--- a/roles/distgit/tasks/main.yml
+++ b/roles/distgit/tasks/main.yml
@ -61,6 +61,17 @@
 - name: create the distgit root directory (/srv/git/repositories)
  file: dest=/srv/git/repositories state=directory mode=2775 group=packager

+# These should all map to pkgdb namespaces
+- name: create our namespace directories inside there..
+  file: dest=/srv/git/repositories/{{item}} state=directory mode=2775 group=packager
+  with_items:
+  - rpms
+  - docker
+  - modules
+  # Except for this one.  This namespace is artificially created in the
+  # dist-git pkgdb sync scripts.
+  - rpms-checks
+
 - name: install the distgit scripts
  copy: src={{item}} dest=/usr/local/bin/{{item}} owner=root group=root mode=0755
  with_items:
--- a/roles/distgit/templates/genacls.pkgdb
+++ b/roles/distgit/templates/genacls.pkgdb
@ -5,6 +5,7 @@
 # Takes no arguments!
 #

+import copy
 import grp
 import sys

@ -69,6 +70,12 @@ if __name__ == '__main__':
    #print '    RW  private-     = @all'
    # dont' enable the above until we prevent building for real from private-

+    # XXX - Insert an artificial namespace into the set of namespaces returned
+    # by pkgdb.  We want to create a mirror of rpms/PKG in rpms-checks/PKG
+    # This hack occurs in two places.  Here, and in the branch-creation script.
+    # https://github.com/fedora-infra/pkgdb2/issues/329#issuecomment-207050233
+    data['rpms-checks'] = copy.copy(data['rpms'])
+
    # Get a list of all the packages
    for key in data:
        if key == 'title':
--- a/roles/distgit/templates/pkgdb_sync_git_branches.py
+++ b/roles/distgit/templates/pkgdb_sync_git_branches.py
@ -38,6 +38,7 @@ Here are the different steps of this script:

 """

+import copy
 import itertools
 import multiprocessing.pool
 import os
@ -249,6 +250,12 @@ def main():

    pkgdb_info = pkgdb_pkg_branch()

+    # XXX - Insert an artificial namespace into the set of namespaces returned
+    # by pkgdb.  We want to create a mirror of rpms/PKG in rpms-checks/PKG
+    # This hack occurs in two places.  Here, and in genacls.pkgdb.
+    # https://github.com/fedora-infra/pkgdb2/issues/329#issuecomment-207050233
+    pkgdb_info['rpms-checks'] = copy.copy(pkgdb_info['rpms'])
+
    for ns in pkgdb_info:
        namespace = ns
        if ns == 'packageAcls':
--- a/roles/docker-distribution-proxy/defaults/main.yml
+++ b/roles/docker-distribution-proxy/defaults/main.yml
@ -0,0 +1,19 @@
+---
+# defaults file for docker-distribution-proxy
+#
+servername: "registry.example.com"
+ssl:
+  destdir: "/etc/pki/docker-registry/"
+  certfile_src: "ssl.cert"
+  certfile_dest: "ssl.cert"
+  keyfile_src: "ssl.key"
+  keyfile_dest: "ssl.key"
+
+auth:
+  type: basic
+  basic:
+    dest_dir:
+    userfile_src: /etc/httpd/users.htpasswd
+    userfile_dest: /etc/httpd/users.htpasswd
+
+
--- a/roles/docker-distribution-proxy/handlers/main.yml
+++ b/roles/docker-distribution-proxy/handlers/main.yml
@ -0,0 +1,7 @@
+---
+# handlers file for docker-distribution-proxy
+
+- name: reload httpd
+  service:
+    name: httpd
+    state: reloaded
--- a/roles/docker-distribution-proxy/tasks/main.yml
+++ b/roles/docker-distribution-proxy/tasks/main.yml
@ -0,0 +1,47 @@
+---
+# tasks file for docker-distribution-proxy
+#
+- name: Make sure httpd is installed
+  action: "{{ ansible_pkg_mgr }} name=httpd state=installed"
+
+- name: Make sure mod_ssl is installed
+  action: "{{ ansible_pkg_mgr }} name=mod_ssl state=installed"
+
+- name: ensure pki destination directory exists
+  file:
+    path: "{{ ssl.destdir }}"
+    state: directory
+
+- name: install ssl certfile
+  copy:
+    src: "{{ ssl.certfile_src }}"
+    dest: "{{ ssl.destdir }}/{{ ssl.certfile_dest }}"
+
+- name: install ssl keyfile
+  copy:
+    src: "{{ ssl.keyfile_src }}"
+    dest: "{{ ssl.destdir }}/{{ ssl.keyfile_dest }}"
+
+- name: ensure htpasswd basic auth dest dir exists
+  file:
+    path: "{{ auth.basic.destdir }}"
+    state: directory
+  when: auth.type == "basic"
+
+- name: place htpasswd file
+  copy:
+    src: "{{ auth.basic.userfile_src }}"
+    dest: "{{ auth.basic.destdir }}/{{ auth.basic.userfile_dest }}"
+  when: auth.type == "basic"
+
+- name: Configure the vhost
+  template:
+    src: "docker-registry-vhost.conf.j2"
+    dest: "/etc/httpd/conf.d/docker-registry-vhost.conf"
+  notify: reload httpd
+
+- name: start and enable httpd
+  service:
+    name: httpd
+    state: started
+    enabled: yes
--- a/roles/docker-distribution-proxy/templates/docker-registry-vhost.conf.j2
+++ b/roles/docker-distribution-proxy/templates/docker-registry-vhost.conf.j2
@ -0,0 +1,63 @@
+<VirtualHost *:443>
+
+  ServerName {{ servername }}
+
+  SSLEngine on
+  SSLCertificateFile {{ ssl.destdir}}/{{ ssl.certfile_dest }}
+  SSLCertificateKeyFile {{ ssl.destdir}}/{{ ssl.keyfile_dest }}
+
+  ## SSL settings recommandation from: https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html
+  # Anti CRIME
+  SSLCompression off
+
+  # POODLE and other stuff
+  SSLProtocol all -SSLv2 -SSLv3 -TLSv1
+
+  # Secure cypher suites
+  SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
+  SSLHonorCipherOrder on
+
+  Header always set "Docker-Distribution-Api-Version" "registry/2.0"
+  Header onsuccess set "Docker-Distribution-Api-Version" "registry/2.0"
+  RequestHeader set X-Forwarded-Proto "https"
+
+  ProxyRequests     off
+  ProxyPreserveHost on
+
+  # no proxy for /error/ (Apache HTTPd errors messages)
+  ProxyPass /error/ !
+
+  ProxyPass        /v2 http://localhost:5000/v2
+  ProxyPassReverse /v2 http://localhost:5000/v2
+
+  ProxyPass        /_ping http://localhost:5000/_ping
+  ProxyPassReverse /_ping http://localhost:5000/_ping
+
+  # Allow ping to run unauthenticated.
+  <Location /_ping>
+    Satisfy any
+    Allow from all
+  </Location>
+
+  <Location /v2>
+    Order deny,allow
+    Allow from all
+{% if auth.type == "basic" %}
+    AuthName "Registry Authentication"
+    AuthType basic
+    AuthUserFile {{ auth.basic.userfile_dest }}
+{% endif %}
+
+    ## Read access to authentified users
+    #<Limit GET HEAD>
+    #  Require valid-user
+    #</Limit>
+
+    # Write access restricted
+    <Limit POST PUT DELETE PATCH>
+      Require valid-user
+    </Limit>
+
+  </Location>
+
+</VirtualHost>
--- a/roles/koji_builder/tasks/main.yml
+++ b/roles/koji_builder/tasks/main.yml
@ -195,13 +195,13 @@

 - name: make a mnt/koji link
  file: state=link src=/mnt/fedora_koji/koji dest=/mnt/koji
-  when: inventory_hostname.startswith(('build','arm04-builder00','arm04-builder01','arm02-builder21','arm02-builder23')) and not inventory_hostname.startswith('buildvm-ppc64')
+  when: inventory_hostname.startswith(('build','arm04-builder00','arm04-builder01','arm02-builder21','arm02-builder23')) and not inventory_hostname.startswith(('buildvm-ppc64','buildvm-s390'))
  tags:
  - koji_builder

 - name: make a mnt/koji link
  file: state=link src=/mnt/fedora_koji dest=/mnt/koji
-  when: inventory_hostname.startswith(('aarch64','ppc8','buildvm-ppc64'))
+  when: inventory_hostname.startswith(('aarch64','ppc8','buildvm-ppc64','buildvm-s390'))
  tags:
  - koji_builder

--- a/roles/openqa/server/tasks/main.yml
+++ b/roles/openqa/server/tasks/main.yml
@ -224,11 +224,16 @@
 # a correct 'changed' for this step is too difficult. Instead we have
 # the prior and following steps; when the templates actually changed,
 # the *following* step will register as changed.
- name: Load tests
+- name: Load patched tests
  shell: "/tmp/templates --clean"
-  when: "gittests|changed"
+  when: "gittests|changed and deployment_type is defined"
  changed_when: "1 != 1"

+- name: Load tests
+  shell: "/var/lib/openqa/share/tests/fedora/templates --clean"
+  when: "gittests|changed and deployment_type is not defined"
+  changed_when: "1 != 1
+
 - name: Check if the tests changed in previous step
  shell: "/usr/share/openqa/script/dump_templates --json > /tmp/tmpl-new.json && json_diff /tmp/tmpl-old.json /tmp/tmpl-new.json"
  when: "gittests|changed"
--- a/roles/virthost/files/rhel7-rhev-ppc64le.repo
+++ b/roles/virthost/files/rhel7-rhev-ppc64le.repo
@ -0,0 +1,5 @@
+[rhel7-os]
+name = rhel7 os $basearch
+baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-for-rhev-power-agents-rpms/
+includepkgs=qemu*
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
--- a/roles/virthost/tasks/main.yml
+++ b/roles/virthost/tasks/main.yml
@ -21,7 +21,14 @@
  - rhel7-os-repo
  when: ansible_distribution == 'RedHat' and ansible_distribution_major_version|int == 7 and ansible_architecture == 'x86_64'

- name: install libvirt packages on rhel7 virthosts (x86_64)
+- name: install RHEV for el7 repo file
+  copy: src=rhel7-rhev-ppc64le.repo dest=/etc/yum.repos.d/rhel7-rhev-ppc64le.repo
+  tags:
+  - repos
+  - rhel7-rhev-ppc64le
+  when: ansible_distribution == 'RedHat' and ansible_distribution_major_version|int == 7 and ansible_architecture == 'ppc64le'
+
+- name: install libvirt packages on rhel7 virthosts
  yum: pkg={{ item }} state=present
  with_items:
  - qemu-kvm-rhev
@ -31,17 +38,7 @@
  - virt-install
  tags:
  - packages
-  when: ansible_distribution == 'RedHat' and ansible_distribution_major_version|int == 7 and ansible_architecture == 'x86_64'
-
- name: install libvirt packages on rhel7 virthosts (not x86_64)
-  yum: pkg={{ item }} state=present
-  with_items:
-  - qemu-kvm
-  - libvirt
-  - virt-install
-  tags:
-  - packages
-  when: ansible_distribution == 'RedHat' and ansible_distribution_major_version|int == 7 and ansible_architecture == 'ppc64'
+  when: ansible_distribution == 'RedHat' and ansible_distribution_major_version|int == 7

 # install libvirtd.conf 
 #