diff --git a/files/jenkins/master/config.xml b/files/jenkins/master/config.xml index 9077d446e8..113dc91dd2 100644 --- a/files/jenkins/master/config.xml +++ b/files/jenkins/master/config.xml @@ -56,7 +56,7 @@ class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/> - 209.132.184.165 + 172.16.5.10 22 jenkins_slave /var/tmp/jenkins_master_id_rsa diff --git a/playbooks/groups/kojibuilder.yml b/playbooks/groups/kojibuilder.yml index bd5bee85f2..4b90767fa1 100644 --- a/playbooks/groups/kojibuilder.yml +++ b/playbooks/groups/kojibuilder.yml @@ -1,17 +1,26 @@ - hosts: - buildvm-* - buildhw-* - - bkernel-* + - bkernel* + - arm* user: root + vars_files: - /srv/web/infra/ansible/vars/global.yml - - $private/vars.yml - - $vars/${ansible_distribution}.yml - vars: - - host_group: kojibuilder + - ${private}/vars.yml + tags: + - builder_setup tasks: - - include: $tasks/base.yml rootpw=$buildvm_rootpw tags=rootpw + - name: enforce certain packages previously assumed from kickstarts + action: yum name=$item state=installed + with_items: + - postfix + - joe + - perl + + - name: set root passwd + action: user name=root password=$builder_rootpw state=present - name: add mock user as 425 action: user name=mock uid=425 state=present home=/var/lib/mock createhome=yes system=yes - name: make mock homedir perms @@ -34,14 +43,32 @@ action: file state=directory path=/home/mockbuilder/.ssh mode=700 owner=mockbuilder group=mockbuilder - name: mockbuilder ssh key action: copy src=$configs/ftbfs_auth_keys dest=/home/mockbuilder/.ssh/authorized_keys mode=644 owner=mockbuilder group=mockbuilder + - name: iptables + action: copy src=$configs/iptables dest=/etc/sysconfig/iptables mode=600 + notify: + - restart iptables + - name: sshd_config + action: copy src=$configs/sshd_config dest=/etc/ssh/sshd_config mode=600 + notify: + - restart sshd + tags: + - sshd_config + - name: /etc/resolv.conf + action: copy src=$configs/resolv.conf dest=/etc/resolv.conf + - name: add to hosts action: fileline file=/etc/hosts present="$item" with_items: - '10.5.125.63 koji.fedoraproject.org' - '10.5.125.36 kojipkgs.fedoraproject.org' - '10.5.126.23 infrastructure.fedoraproject.org' + - '10.5.124.138 arm.koji.fedoraproject.org' - '10.5.125.44 pkgs.fedoraproject.org pkgs' - '66.35.62.166 mirrors.fedoraproject.org' + - name: rsyslog.conf + action: copy src=$configs/rsyslog.conf dest=/etc/rsyslog.conf mode=644 + - name: /etc/postfix/main.cf + action: copy src=$configs/postfix/main.cf dest=/etc/postfix/main.cf - name: make a bunch of dirs action: file state=directory path=$item with_items: @@ -52,14 +79,15 @@ - /var/spool/rsyslog - name: add builder infra yum repo action: copy src=$configs/builder-infrastructure.repo dest=/etc/yum.repos.d/builder-infrastructure.repo + - name: remove include= from yum.conf for now action: command /usr/bin/perl -pi -e "s/include=.*//g;" /etc/yum.conf + - name: clean up packages we do not need action: yum state=removed pkg=$item with_items: - - \*firmware\* - audit - - cronie\* + - 'cronie\*' - name: add pkgs action: yum state=installed pkg=$item with_items: @@ -68,28 +96,42 @@ - strace - mock - nfs-utils - - kmod-hfsplus - kernel-firmware + - ntp + - ntpdate tags: - installed_packages + - name: update latest action: command /usr/bin/yum -y update - - name: downgrade rpm - action: command /usr/bin/yum -y downgrade rpm\* - name: /etc/kojid/kojid.conf action: copy src=$configs/kojid.conf dest=/etc/kojid/kojid.conf + only_if: "not '${ansible_fqdn}'.startswith('arm')" + - name: arm /etc/kojid/kojid.conf + action: copy src=$configs/arm-kojid.conf dest=/etc/kojid/kojid.conf + only_if: "'${ansible_fqdn}'.startswith('arm')" - name: /etc/koji/koji.conf action: copy src=$configs/koji.conf dest=/etc/koji.conf + only_if: "not '${ansible_fqdn}'.startswith('arm')" + - name: /etc/koji/koji.conf + action: copy src=$configs/arm-koji.conf dest=/etc/koji.conf + only_if: "'${ansible_fqdn}'.startswith('arm')" - name: copy over koji ca cert action: copy src=../buildercerts/fedora-ca.cert dest=/etc/kojid/cacert.pem - name: copy over /etc/security/limits.conf action: copy src=$configs/limits.conf dest=/etc/security/limits.conf - name: copy over builder cert to /etc/kojid/kojibuilder.pem action: copy src=../buildercerts/${ansible_fqdn}.pem dest=/etc/kojid/kojibuilder.pem mode=600 + ignore_errors: true - name: chkconfig kojid on action: service name=kojid enabled=on + - name: copy over authorized keys for root + action: copy src=$configs/root_auth_keys dest=/root/.ssh/authorized_keys mode=644 + tags: + - root_ssh_key - name: nfs mount points action: mount name=/mnt/koji src=nfs01.phx2.fedoraproject.org:/ fstype=nfs4 opts=ro,hard,bg,intr,noatime,nodev,nosuid passno=0 dump=0 state=present + only_if: "not '${ansible_fqdn}'.startswith('bkernel')" # mock configs for pungify job - name: put extra special mock configs in action: copy src=$configs/builders/$item dest=/etc/mock/$item mode=644 @@ -98,8 +140,60 @@ - fedora-devel-pungi-x86_64.cfg tags: - mock_config_files - + + - name: ntp steptickers + action: copy src=$configs/step-tickers dest=/etc/ntp/step-tickers + tags: + - ntp + - name: ntp.conf + action: copy src=$configs/ntp.conf dest=/etc/ntp.conf + tags: + - ntp + + - name: enable ntpd + action: service name=ntpd enabled=true state=started + tags: + - ntp handlers: - - include: $handlers/restart_services.yml + - name: restart iptables + action: service name=iptables state=restarted + - name: restart sshd + action: service name=sshd state=restarted + +- hosts: + - bkernel* + - buildvm* + - buildhw* + user: root + vars: + configs: ../configs + tags: + - bkernel_setup + - builder_setup + + tasks: + - name: set kernel params for loopback partitioning + action: command /sbin/grubby --update-kernel=ALL --args=loop.max_part=256 + tags: + - kernel_params + - name: set kernel params for more loops + action: command /sbin/grubby --update-kernel=ALL --args=max_loop=64 + tags: + - kernel_params + - name: special pkgs for the x86_64 builders + action: yum state=installed pkg=$item + with_items: + - kmod-hfsplus +- hosts: + - bkernel* + user: root + vars: + configs: ../configs + tags: + - bkernel_setup + - builder_setup + + tasks: + - include: ../tasks/bkernel-setup.yml