Add Koschei stg/prod hosts

- koschei-specific setup tasks are moved to a new koschei role - cloud dev instance is made to use koschei role - stg and prod instances are added to inventory - koschei host group is introduced
2015-04-21 07:51:28 +02:00 · 2015-04-21 07:51:28 +02:00 · a974762d13
commit a974762d13
parent a16f9992be
11 changed files with 228 additions and 106 deletions
--- a/files/koschei/koschei.repo
+++ b/files/koschei/koschei.repo
@ -1,13 +0,0 @@
-[koschei-mizdebsk]
-name=Koschei repo
-baseurl=https://mizdebsk.fedorapeople.org/koschei/repo/
-enabled=1
-gpgcheck=0
-metadata_expire=60
-
-[koschei-msimacek]
-name=Koschei repo
-baseurl=https://msimacek.fedorapeople.org/koschei/repo/
-enabled=1
-gpgcheck=0
-metadata_expire=60
--- a/handlers/restart_services.yml
+++ b/handlers/restart_services.yml
@ -47,6 +47,18 @@
 - name: restart kojid
  action: service name=kojid state=restarted

+- name: restart koschei-polling
+  action: service name=koschei-polling state=restarted
+
+- name: restart koschei-resolver
+  action: service name=koschei-resolver state=restarted
+
+- name: restart koschei-scheduler
+  action: service name=koschei-scheduler state=restarted
+
+- name: restart koschei-watcher
+  action: service name=koschei-watcher state=restarted
+
 - name: restart libvirtd
  action: service name=libvirtd state=restarted

--- a/inventory/group_vars/kojipkgs
+++ b/inventory/group_vars/kojipkgs
@ -29,6 +29,7 @@ csi_relationship: |

    - Things that rely on this host:
      - all koji builders/buildsystem
+      - koschei
      - external users downloading packages from koji. 

 # Need a eth0/eth1 install here. 
--- a/inventory/group_vars/koschei
+++ b/inventory/group_vars/koschei
@ -0,0 +1,40 @@
+---
+# Define resources for this group of hosts here.
+lvm_size: 20000
+mem_size: 4096
+num_cpus: 4
+
+# for systems that do not match the above - specify the same parameter in
+# the host_vars/$hostname file
+
+tcp_ports: [ 80, 443 ]
+
+custom_rules: [
+    # Need for rsync from log01 for logs.
+    '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
+ ]
+
+fas_client_groups: sysadmin-koschei,fi-apprentice
+
+freezes: false
+
+# These are consumed by a task in roles/fedmsg/base/main.yml
+fedmsg_certs:
+- service: shell
+  owner: root
+  group: root
+- service: koschei
+  owner: root
+  group: koschei
+
+# For the MOTD
+csi_security_category: Low
+csi_primary_contact: Fedora admins - admin@fedoraproject.org
+csi_purpose: Koschei continuous integration system
+csi_relationship: |
+    This machine depends on:
+    - PostgreSQL DB server
+    - Koji hub and kojipkgs
+    - fedmsg hub and relay
+    - bastion (for mail relay)
--- a/inventory/host_vars/koschei01.stg.phx2.fedoraproject.org
+++ b/inventory/host_vars/koschei01.stg.phx2.fedoraproject.org
@ -0,0 +1,21 @@
+---
+nm: 255.255.255.0
+gw: ???
+dns: ???
+
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
+ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
+
+volgroup: ???
+eth0_ip: ???
+vmhost: ???
+datacenter: phx2
+
+# stg needs less resources than prod
+mem_size: 2048
+num_cpus: 2
+
+koschei_pgsql_hostname: db01.stg.phx2.fedoraproject.org
+koschei_koji_hub: koji01.stg.phx2.fedoraproject.org
+koschei_kojipkgs: koji01.stg.phx2.fedoraproject.org
+koschei_koji_tag: f23
--- a/inventory/inventory
+++ b/inventory/inventory
@ -292,6 +292,12 @@ koji01.stg.phx2.fedoraproject.org
 [kojipkgs]
 kojipkgs01.phx2.fedoraproject.org

+[koschei]
+#koschei01.phx2.fedoraproject.org
+
+[koschei-stg]
+koschei01.stg.phx2.fedoraproject.org
+
 [infracore]
 lockbox01.phx2.fedoraproject.org
 log01.phx2.fedoraproject.org
--- a/master.yml
+++ b/master.yml
@ -51,6 +51,7 @@
 - include: /srv/web/infra/ansible/playbooks/groups/keyserver.yml
 - include: /srv/web/infra/ansible/playbooks/groups/koji-hub.yml
 - include: /srv/web/infra/ansible/playbooks/groups/kojipkgs.yml
+- include: /srv/web/infra/ansible/playbooks/groups/koschei.yml
 - include: /srv/web/infra/ansible/playbooks/groups/lockbox.yml
 - include: /srv/web/infra/ansible/playbooks/groups/mailman.yml
 - include: /srv/web/infra/ansible/playbooks/groups/mirrorlist2.yml
--- a/playbooks/groups/koschei.yml
+++ b/playbooks/groups/koschei.yml
@ -0,0 +1,50 @@
+- name: make koschei
+  hosts: koschei:koschei-stg
+  user: root
+  gather_facts: False
+
+  vars_files:
+   - /srv/web/infra/ansible/vars/global.yml
+   - "/srv/private/ansible/vars.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  tasks:
+  - include: "{{ tasks }}/virt_instance_create.yml"
+
+  handlers:
+  - include: "{{ handlers }}/restart_services.yml"
+
+- name: install koschei
+  hosts: koschei:koschei-stg
+  user: root
+  gather_facts: True
+
+  vars_files:
+   - /srv/web/infra/ansible/vars/global.yml
+   - "/srv/private/ansible/vars.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  pre_tasks:
+  - include: "{{ tasks }}/apache.yml"
+
+  roles:
+  - base
+  - rkhunter
+  - nagios_client
+  - hosts
+  - fas_client
+  - builder_repo
+  - collectd/base
+  - koschei
+  - fedmsg/base
+  - sudo
+
+  tasks:
+  - include: "{{ tasks }}/yumrepos.yml"
+  - include: "{{ tasks }}/2fa_client.yml"
+  - include: "{{ tasks }}/motd.yml"
+  - include: "{{ tasks }}/apache.yml"
+  - include: "{{ tasks }}/mod_wsgi.yml"
+
+  handlers:
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/hosts/koschei.cloud.fedoraproject.org.yml
+++ b/playbooks/hosts/koschei.cloud.fedoraproject.org.yml
@ -22,94 +22,17 @@
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

-  vars:
-    packages:
-    - koschei
-    services:
-    - koschei-polling
-    - koschei-resolver
-    - koschei-scheduler
-    - koschei-watcher
-    # httpd is here temporarly only, it will be removed once koschei
-    # implements "base" role
-    - httpd
-    # flag controlling whether koji PEM private key and certificate
-    # should be deployed by playbook
-    cert: false
+  roles:
+  - koschei

  tasks:
-
  - include: "{{ tasks }}/growroot_cloud.yml"
  - include: "{{ tasks }}/cloud_setup_basic.yml"
  - include: "{{ tasks }}/postfix_basic.yml"

-  # Temporary yum repo hosted on fedorapeople, it will be replaced by
-  # Fedora infra repo once Koschei completes RFR.  Copr can't be used
-  # because of limitations of Fedora cloud routing -- machines in
-  # different networks can't access each other, even through public IP
-  - name: add koschei yum repo
-    action: copy src="{{ files }}/koschei/koschei.repo" dest="/etc/yum.repos.d/koschei.repo"
-
-  - name: yum update koschei package
-    yum: name={{item}} state=latest
-    with_items: "{{packages}}"
-    register: yumupdate
-    # TODO: restart httpd
-    tags:
-    - packages
-
-  - name: stop koschei
-    action: service name={{item}} state=stopped
-    with_items: "{{services}}"
-    when: yumupdate.changed
-
-  - name: install /etc/koschei/config.cfg file
-    template: src="{{ files }}/koschei/config.cfg.j2" dest="/etc/koschei/config.cfg"
-    notify:
-    - restart koschei
-    # TODO: restart httpd
-    tags:
-    - config
-
-  - name: install koschei.pem koji key and cert
-    copy: >
-      src="{{ private }}/files/koschei/koschei.pem"
-      dest="/etc/koschei/koschei.pem"
-      owner=koschei
-      group=koschei
-      mode=0400
-    when: cert
-    tags:
-    - config
-
-  - name: install koji ca cert
-    copy: >
-      src="{{ puppet_private }}/fedora-ca.cert"
-      dest="/etc/koschei/fedora-ca.cert"
-      owner=root
-      group=root
-      mode=0644
-    tags:
-    - config
-
-  - name: run koschei migration
-    command: alembic -c /usr/share/koschei/alembic.ini upgrade head
-    sudo_user: koschei
-    when: yumupdate.changed
-
-  - name: enable koschei to start
-    action: service name={{item}} state=running enabled=true
-    with_items: "{{services}}"
-    tags:
-    - service
-
  handlers:
  - include: "{{ handlers }}/restart_services.yml"

-  - name: restart koschei
-    action: service name={{item}} state=restarted
-    with_items: "{{services}}"
-
 - name: setup fedmsg
  hosts: koschei.cloud.fedoraproject.org
  user: root
--- a/roles/koschei/tasks/main.yml
+++ b/roles/koschei/tasks/main.yml
@ -0,0 +1,62 @@
+- name: install packages
+  yum: name={{ item }} state=installed
+  with_items:
+  - koschei
+  tags:
+  - koschei
+  - packages
+
+- name: install config.cfg
+  template: >
+    src="config.cfg.j2"
+    dest="/etc/koschei/config.cfg"
+  notify:
+  - restart koschei-polling
+  - restart koschei-resolver
+  - restart koschei-scheduler
+  - restart koschei-watcher
+  - restart httpd
+  tags:
+  - koschei
+  - config
+
+- name: install koji key and cert
+  copy: >
+    src="{{ private }}/files/koschei/koschei.pem"
+    dest="/etc/koschei/koschei.pem"
+    owner=koschei
+    group=koschei
+    mode=0400
+  notify:
+  - restart koschei-scheduler
+  tags:
+  - koschei
+  - config
+
+- name: install koji ca cert
+  copy: >
+    src="{{ puppet_private }}/fedora-ca.cert"
+    dest="/etc/koschei/fedora-ca.cert"
+    owner=root
+    group=root
+    mode=0644
+  notify:
+  - restart koschei-polling
+  - restart koschei-resolver
+  - restart koschei-scheduler
+  - restart koschei-watcher
+  - restart httpd
+  tags:
+  - koschei
+  - config
+
+- name: enable services to start on boot
+  action: service name={{ item }} state=running enabled=true
+  with_items:
+  - koschei-polling
+  - koschei-resolver
+  - koschei-scheduler
+  - koschei-watcher
+  tags:
+  - koschei
+  - service
--- a/roles/koschei/templates/config.cfg.j2
+++ b/roles/koschei/templates/config.cfg.j2
@ -4,14 +4,45 @@
 # default one.
 config = {
    "database_config": {
-        "username": "koschei",
+        "hostname": "{{ koschei_pgsql_hostname }}",
+        "username": "koscheiuser",
        "password": "{{ koschei_pgsql_password }}",
        "database": "koschei"
    },
    "koji_config": {
+        "server": "http://{{ koschei_koji_hub }}/kojihub",
+        "topurl": "http://{{ koschei_kojipkgs }}",
+        "weburl": "http://{{ koschei_koji_hub }}/koji",
        "cert": "/etc/koschei/koschei.pem",
        "ca": "/etc/koschei/fedora-ca.cert",
        "server_ca": "/etc/koschei/fedora-ca.cert",
+        "source_tag": "{{ koschei_koji_tag }}",
+        "target_tag": "{{ koschei_koji_tag }}",
+        "build_tag": "{{ koschei_koji_tag }}-build",
+        "max_builds": 30,
+        "build_arches": ['i386', 'x86_64', 'armhfp'],
+        "build_opts": {
+        },
+        "load_threshold": 0.5,
+        "task_priority": 30,
+    },
+    "dependency": {
+        "build_group": "build",
+        "for_arch": "x86_64",
+        "repo_cache_items": 10,
+        "keep_build_deps_for": 5,
+        "repos": {
+            "x86_64": "http://{{ koschei_kojipkgs }}/repos/{{ koschei_koji_tag }}-build/{repo_id}/x86_64",
+            "i386": "http://{{ koschei_kojipkgs }}/repos/{{ koschei_koji_tag }}-build/{repo_id}/i386",
+        },
+    },
+    "services": {
+        "watcher": {
+            "watchdog_interval": 600, # in seconds
+        },
+        "polling": {
+            "interval": 20 * 60,
+        },
    },
    "flask": {
        "SECRET_KEY": "{{ koschei_flask_secret_key }}",
@ -29,7 +60,7 @@ config = {
                "level": "WARN",
                "mailhost": "localhost",
                "fromaddr": "koschei@fedoraproject.org",
-                "toaddrs": ['msimacek@redhat.com', 'mizdebsk@redhat.com'],
+                "toaddrs": ['sysadmin-koschei-members@fedoraproject.org'],
                "subject": "Koschei warning",
            },
        },
@ -38,18 +69,6 @@ config = {
        "enabled": True,
        "modname": "koschei",
    },
-#    "services": {
-#        "polling": {
-#            "interval": 60,
-#        },
-#    },
-    "dependency": {
-        "repo_chache_items": 5,
-        "keep_build_deps_for": 2
-    },
-    "koji_config": {
-        "max_builds": 30
-    },
 }

 # Local Variables: