diff --git a/files/jenkins/master/config.xml b/files/jenkins/master/config.xml
index 9077d446e8..113dc91dd2 100644
--- a/files/jenkins/master/config.xml
+++ b/files/jenkins/master/config.xml
@@ -56,7 +56,7 @@ class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
- 209.132.184.165
+ 172.16.5.10
22
jenkins_slave
/var/tmp/jenkins_master_id_rsa
diff --git a/playbooks/groups/kojibuilder.yml b/playbooks/groups/kojibuilder.yml
index bd5bee85f2..4b90767fa1 100644
--- a/playbooks/groups/kojibuilder.yml
+++ b/playbooks/groups/kojibuilder.yml
@@ -1,17 +1,26 @@
- hosts:
- buildvm-*
- buildhw-*
- - bkernel-*
+ - bkernel*
+ - arm*
user: root
+
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- - $private/vars.yml
- - $vars/${ansible_distribution}.yml
- vars:
- - host_group: kojibuilder
+ - ${private}/vars.yml
+ tags:
+ - builder_setup
tasks:
- - include: $tasks/base.yml rootpw=$buildvm_rootpw tags=rootpw
+ - name: enforce certain packages previously assumed from kickstarts
+ action: yum name=$item state=installed
+ with_items:
+ - postfix
+ - joe
+ - perl
+
+ - name: set root passwd
+ action: user name=root password=$builder_rootpw state=present
- name: add mock user as 425
action: user name=mock uid=425 state=present home=/var/lib/mock createhome=yes system=yes
- name: make mock homedir perms
@@ -34,14 +43,32 @@
action: file state=directory path=/home/mockbuilder/.ssh mode=700 owner=mockbuilder group=mockbuilder
- name: mockbuilder ssh key
action: copy src=$configs/ftbfs_auth_keys dest=/home/mockbuilder/.ssh/authorized_keys mode=644 owner=mockbuilder group=mockbuilder
+ - name: iptables
+ action: copy src=$configs/iptables dest=/etc/sysconfig/iptables mode=600
+ notify:
+ - restart iptables
+ - name: sshd_config
+ action: copy src=$configs/sshd_config dest=/etc/ssh/sshd_config mode=600
+ notify:
+ - restart sshd
+ tags:
+ - sshd_config
+ - name: /etc/resolv.conf
+ action: copy src=$configs/resolv.conf dest=/etc/resolv.conf
+
- name: add to hosts
action: fileline file=/etc/hosts present="$item"
with_items:
- '10.5.125.63 koji.fedoraproject.org'
- '10.5.125.36 kojipkgs.fedoraproject.org'
- '10.5.126.23 infrastructure.fedoraproject.org'
+ - '10.5.124.138 arm.koji.fedoraproject.org'
- '10.5.125.44 pkgs.fedoraproject.org pkgs'
- '66.35.62.166 mirrors.fedoraproject.org'
+ - name: rsyslog.conf
+ action: copy src=$configs/rsyslog.conf dest=/etc/rsyslog.conf mode=644
+ - name: /etc/postfix/main.cf
+ action: copy src=$configs/postfix/main.cf dest=/etc/postfix/main.cf
- name: make a bunch of dirs
action: file state=directory path=$item
with_items:
@@ -52,14 +79,15 @@
- /var/spool/rsyslog
- name: add builder infra yum repo
action: copy src=$configs/builder-infrastructure.repo dest=/etc/yum.repos.d/builder-infrastructure.repo
+
- name: remove include= from yum.conf for now
action: command /usr/bin/perl -pi -e "s/include=.*//g;" /etc/yum.conf
+
- name: clean up packages we do not need
action: yum state=removed pkg=$item
with_items:
- - \*firmware\*
- audit
- - cronie\*
+ - 'cronie\*'
- name: add pkgs
action: yum state=installed pkg=$item
with_items:
@@ -68,28 +96,42 @@
- strace
- mock
- nfs-utils
- - kmod-hfsplus
- kernel-firmware
+ - ntp
+ - ntpdate
tags:
- installed_packages
+
- name: update latest
action: command /usr/bin/yum -y update
- - name: downgrade rpm
- action: command /usr/bin/yum -y downgrade rpm\*
- name: /etc/kojid/kojid.conf
action: copy src=$configs/kojid.conf dest=/etc/kojid/kojid.conf
+ only_if: "not '${ansible_fqdn}'.startswith('arm')"
+ - name: arm /etc/kojid/kojid.conf
+ action: copy src=$configs/arm-kojid.conf dest=/etc/kojid/kojid.conf
+ only_if: "'${ansible_fqdn}'.startswith('arm')"
- name: /etc/koji/koji.conf
action: copy src=$configs/koji.conf dest=/etc/koji.conf
+ only_if: "not '${ansible_fqdn}'.startswith('arm')"
+ - name: /etc/koji/koji.conf
+ action: copy src=$configs/arm-koji.conf dest=/etc/koji.conf
+ only_if: "'${ansible_fqdn}'.startswith('arm')"
- name: copy over koji ca cert
action: copy src=../buildercerts/fedora-ca.cert dest=/etc/kojid/cacert.pem
- name: copy over /etc/security/limits.conf
action: copy src=$configs/limits.conf dest=/etc/security/limits.conf
- name: copy over builder cert to /etc/kojid/kojibuilder.pem
action: copy src=../buildercerts/${ansible_fqdn}.pem dest=/etc/kojid/kojibuilder.pem mode=600
+ ignore_errors: true
- name: chkconfig kojid on
action: service name=kojid enabled=on
+ - name: copy over authorized keys for root
+ action: copy src=$configs/root_auth_keys dest=/root/.ssh/authorized_keys mode=644
+ tags:
+ - root_ssh_key
- name: nfs mount points
action: mount name=/mnt/koji src=nfs01.phx2.fedoraproject.org:/ fstype=nfs4 opts=ro,hard,bg,intr,noatime,nodev,nosuid passno=0 dump=0 state=present
+ only_if: "not '${ansible_fqdn}'.startswith('bkernel')"
# mock configs for pungify job
- name: put extra special mock configs in
action: copy src=$configs/builders/$item dest=/etc/mock/$item mode=644
@@ -98,8 +140,60 @@
- fedora-devel-pungi-x86_64.cfg
tags:
- mock_config_files
-
+
+ - name: ntp steptickers
+ action: copy src=$configs/step-tickers dest=/etc/ntp/step-tickers
+ tags:
+ - ntp
+ - name: ntp.conf
+ action: copy src=$configs/ntp.conf dest=/etc/ntp.conf
+ tags:
+ - ntp
+
+ - name: enable ntpd
+ action: service name=ntpd enabled=true state=started
+ tags:
+ - ntp
handlers:
- - include: $handlers/restart_services.yml
+ - name: restart iptables
+ action: service name=iptables state=restarted
+ - name: restart sshd
+ action: service name=sshd state=restarted
+
+- hosts:
+ - bkernel*
+ - buildvm*
+ - buildhw*
+ user: root
+ vars:
+ configs: ../configs
+ tags:
+ - bkernel_setup
+ - builder_setup
+
+ tasks:
+ - name: set kernel params for loopback partitioning
+ action: command /sbin/grubby --update-kernel=ALL --args=loop.max_part=256
+ tags:
+ - kernel_params
+ - name: set kernel params for more loops
+ action: command /sbin/grubby --update-kernel=ALL --args=max_loop=64
+ tags:
+ - kernel_params
+ - name: special pkgs for the x86_64 builders
+ action: yum state=installed pkg=$item
+ with_items:
+ - kmod-hfsplus
+- hosts:
+ - bkernel*
+ user: root
+ vars:
+ configs: ../configs
+ tags:
+ - bkernel_setup
+ - builder_setup
+
+ tasks:
+ - include: ../tasks/bkernel-setup.yml