From 96de11a1bf56ddce3bea94cee247b29ff999efb8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kadl=C4=8D=C3=ADk?= <frostyx@email.cz>
Date: Tue, 23 Apr 2019 12:05:49 +0200
Subject: [PATCH] Create manual playbooks for upgrading Copr instances

There is a problem with our current playbooks, that they can be
executed automatically without us knowing about it. That is an issue
particularly during release process because we can prepare new
packages into infra-tags repo or bodhi and a nightly reprovision
can upgrade to them outside of an outage window or any of us being
prepared for it.

Therefore `groups/copr-*.yml` playbooks *should not* upgrade any
packages, but only ensure, that those packages are installed. For
upgrade, there should be separate `manual/copr/copr-*-upgrade.yml`
playbooks. Because they are located under `manual` directory, it
is secured, that they can't be run automatically.
---
 .../copr/copr-backend-upgrade.yml}            | 15 +++++-----
 .../manual/copr/copr-dist-git-upgrade.yml     | 23 +++++++++++++++
 .../manual/copr/copr-frontend-upgrade.yml     | 28 +++++++++++++++++++
 playbooks/manual/copr/copr-keygen-upgrade.yml | 23 +++++++++++++++
 roles/copr/backend/tasks/main.yml             |  2 +-
 roles/copr/dist_git/tasks/main.yml            |  2 +-
 roles/copr/frontend-cloud/tasks/main.yml      |  2 +-
 roles/copr/keygen/tasks/main.yml              |  2 +-
 8 files changed, 86 insertions(+), 11 deletions(-)
 rename playbooks/{groups/copr-frontend-upgrade.yml => manual/copr/copr-backend-upgrade.yml} (58%)
 create mode 100644 playbooks/manual/copr/copr-dist-git-upgrade.yml
 create mode 100644 playbooks/manual/copr/copr-frontend-upgrade.yml
 create mode 100644 playbooks/manual/copr/copr-keygen-upgrade.yml

diff --git a/playbooks/groups/copr-frontend-upgrade.yml b/playbooks/manual/copr/copr-backend-upgrade.yml
similarity index 58%
rename from playbooks/groups/copr-frontend-upgrade.yml
rename to playbooks/manual/copr/copr-backend-upgrade.yml
index ab6ecefc63..cd7b332f78 100644
--- a/playbooks/groups/copr-frontend-upgrade.yml
+++ b/playbooks/manual/copr/copr-backend-upgrade.yml
@@ -1,6 +1,6 @@
 ---
-- name: upgrade copr frontend
-  hosts: copr-front-stg
+- name: upgrade copr backend
+  hosts: copr-back-dev:copr-back-stg:copr-back
   user: root
   gather_facts: True
 
@@ -9,12 +9,13 @@
    - "/srv/private/ansible/vars.yml"
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
-  roles:
-  - copr/frontend
-
   tasks:
-  - name: Upgrade copr-frontend package
-    dnf: state=latest pkg=copr-frontend
+  - name: Upgrade copr-backend packages
+    dnf:
+      state: latest
+      name:
+      - copr-backend
+      - copr-selinux
 
   handlers:
   - import_tasks: "{{ handlers_path }}/restart_services.yml"
diff --git a/playbooks/manual/copr/copr-dist-git-upgrade.yml b/playbooks/manual/copr/copr-dist-git-upgrade.yml
new file mode 100644
index 0000000000..4f20174b07
--- /dev/null
+++ b/playbooks/manual/copr/copr-dist-git-upgrade.yml
@@ -0,0 +1,23 @@
+---
+- name: upgrade copr distgit
+  hosts: copr-dist-git-dev:copr-dist-git-stg:copr-dist-git
+  user: root
+  gather_facts: True
+
+  vars_files:
+   - /srv/web/infra/ansible/vars/global.yml
+   - "/srv/private/ansible/vars.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  tasks:
+  - name: Upgrade copr-distgit packages
+    dnf:
+      state: latest
+      name:
+      - dist-git
+      - dist-git-selinux
+      - copr-dist-git
+      - copr-selinux
+
+  handlers:
+  - import_tasks: "{{ handlers_path }}/restart_services.yml"
diff --git a/playbooks/manual/copr/copr-frontend-upgrade.yml b/playbooks/manual/copr/copr-frontend-upgrade.yml
new file mode 100644
index 0000000000..bedb98167a
--- /dev/null
+++ b/playbooks/manual/copr/copr-frontend-upgrade.yml
@@ -0,0 +1,28 @@
+---
+- name: upgrade copr frontend
+  hosts: copr-front-dev:copr-front
+  user: root
+  gather_facts: True
+
+  vars_files:
+   - /srv/web/infra/ansible/vars/global.yml
+   - "/srv/private/ansible/vars.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  tasks:
+  - name: Upgrade copr-frontend packages
+    dnf:
+      state: latest
+      name:
+      - copr-frontend
+      - copr-selinux
+
+  - name: upgrade db to head
+    command: alembic-3 upgrade head
+    become: yes
+    become_user: copr-fe
+    args:
+      chdir: /usr/share/copr/coprs_frontend/
+
+  handlers:
+  - import_tasks: "{{ handlers_path }}/restart_services.yml"
diff --git a/playbooks/manual/copr/copr-keygen-upgrade.yml b/playbooks/manual/copr/copr-keygen-upgrade.yml
new file mode 100644
index 0000000000..1c8d70bbb2
--- /dev/null
+++ b/playbooks/manual/copr/copr-keygen-upgrade.yml
@@ -0,0 +1,23 @@
+---
+- name: upgrade copr keygen
+  hosts: copr-keygen-dev:copr-keygen-stg:copr-keygen
+  user: root
+  gather_facts: True
+
+  vars_files:
+   - /srv/web/infra/ansible/vars/global.yml
+   - "/srv/private/ansible/vars.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  tasks:
+  - name: Upgrade copr-keygen packages
+    dnf:
+      state: latest
+      name:
+      - copr-keygen
+      - copr-selinux
+    notify:
+    - restart haveged
+
+  handlers:
+  - import_tasks: "{{ handlers_path }}/restart_services.yml"
diff --git a/roles/copr/backend/tasks/main.yml b/roles/copr/backend/tasks/main.yml
index 3b3c497087..4e1c187b2b 100644
--- a/roles/copr/backend/tasks/main.yml
+++ b/roles/copr/backend/tasks/main.yml
@@ -11,7 +11,7 @@
 
 - name: install copr-backend and copr-selinux
   dnf:
-    state: latest
+    state: present
     name: copr-backend
 
 - name: add additional packages for copr-backend
diff --git a/roles/copr/dist_git/tasks/main.yml b/roles/copr/dist_git/tasks/main.yml
index 1c8e37a7a7..b9139070f8 100644
--- a/roles/copr/dist_git/tasks/main.yml
+++ b/roles/copr/dist_git/tasks/main.yml
@@ -21,7 +21,7 @@
 
 - name: install latest dist-git and copr-dist-git
   dnf:
-    state: latest
+    state: present
     name:
       - dist-git
       - dist-git-selinux
diff --git a/roles/copr/frontend-cloud/tasks/main.yml b/roles/copr/frontend-cloud/tasks/main.yml
index ab80697557..467cc0da3d 100644
--- a/roles/copr/frontend-cloud/tasks/main.yml
+++ b/roles/copr/frontend-cloud/tasks/main.yml
@@ -16,7 +16,7 @@
 
 - name: install copr-frontend and copr-selinux
   dnf:
-    state: latest
+    state: present
     name:
       - copr-frontend
       - copr-selinux
diff --git a/roles/copr/keygen/tasks/main.yml b/roles/copr/keygen/tasks/main.yml
index f734a00621..fb7ec28cbb 100644
--- a/roles/copr/keygen/tasks/main.yml
+++ b/roles/copr/keygen/tasks/main.yml
@@ -11,7 +11,7 @@
 #when: devel
 
 - name: install copr-keygen
-  dnf: state=latest name=copr-keygen
+  dnf: state=present name=copr-keygen
   notify:
   - restart haveged