[copr] prepearing backup for copr-keygen

2014-11-07 17:19:29 +01:00 · 2014-11-07 17:19:29 +01:00 · 769f392493
commit 769f392493
parent 8916a3779a
6 changed files with 40 additions and 2 deletions
--- a/inventory/inventory
+++ b/inventory/inventory
@ -717,6 +717,13 @@ copr-fe-dev.cloud.fedoraproject.org
 [copr-back-stg]
 copr-be-dev.cloud.fedoraproject.org

+[copr-keygen-stg]
+209.132.184.124
+
+# temporary
+[copr-keygen]
+209.132.184.124
+
 [copr-front]
 copr-fe.cloud.fedoraproject.org

@ -726,7 +733,9 @@ copr-be.cloud.fedoraproject.org
 [copr:children]
 copr-front
 copr-back
+copr-keygen

 [copr-stg:children]
 copr-front-stg
 copr-back-stg
+copr-keygen-stg
--- a/playbooks/groups/copr-keygen.yml
+++ b/playbooks/groups/copr-keygen.yml
@ -13,7 +13,7 @@
  - include: "{{ tasks }}/growroot_cloud.yml"

 - name: cloud basic setup
-  hosts: copr-back-stg
+  hosts: copr-keygen-stg
  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "{{ private }}/vars.yml"
--- a/roles/copr/base/files/hosts
+++ b/roles/copr/base/files/hosts
@ -6,5 +6,5 @@
 172.16.5.5 copr-be-dev.cloud.fedoraproject.org
 172.16.5.15 copr-fe-dev.cloud.fedoraproject.org

-# for ansible, some dark magic why do we need this
+# for ansible, some dark magic why do we need this ?
 10.5.126.23     puppet.fedoraproject.org        puppet puppet01 puppet01.phx2.fedoraproject.org
--- a/roles/copr/keygen/files/backup_keyring.sh
+++ b/roles/copr/keygen/files/backup_keyring.sh
@ -0,0 +1,9 @@
+#!/bin/sh
+
+# used as root
+# root gpg keychain should have PUBLIC key with `user email` infra@fedorporject.org
+
+PATH_TO_KEYRING_DIR="/var/lib/copr-keygen"
+OUTPUT_FILE="/backup/copr_keygen_keyring.tar.gz.gpg"
+
+tar -cvzf - $1 | gpg2 --output $2 --encrypt --recipient infra@fedorporject.org
--- a/roles/copr/keygen/tasks/main.yml
+++ b/roles/copr/keygen/tasks/main.yml
@ -1,4 +1,8 @@
 ---
+- name: install keygen specific packages
+  yum: name="{{ item }}" state=present
+  with_items:
+  - gnupg2

 - name: install obs-signd
  yum: name="obs-signd" enablerepo="updates-testing" state=present
@ -32,3 +36,7 @@
  - httpd
  - haveged
  - signd
+
+- name: setup backup
+  # when: not devel
+  include: "setup_backup.yml"
--- a/roles/copr/keygen/tasks/setup_backup.yml
+++ b/roles/copr/keygen/tasks/setup_backup.yml
@ -0,0 +1,12 @@
+- name: ensure /backup dir
+  file: path=/backup state=directory
+
+- name: copy pubkey for backup encryption
+  copy: src="{{ private }}/copr/keygen/backup_key.asc" dest="/root/backup_key.asc"
+
+- name: import pubkey for backup encryption
+  shell: "gpg2 --import /root/backup_key.asc || true"
+
+- name: copy backup script
+  copy: src="backup_keyring.sh" dest="/etc/cron.daily/backup_keyring.sh" owner=root group=root mode=755
+