Merge branch 'master' of /git/ansible

2016-02-29 23:01:29 +00:00 · 2016-02-29 23:01:29 +00:00 · cd8ab3af7d
commit cd8ab3af7d
parent 48ba12d031 c1c3931fbe
22 changed files with 193 additions and 39 deletions
--- a/inventory/group_vars/buildarm
+++ b/inventory/group_vars/buildarm
@ -18,3 +18,9 @@ csi_relationship: |
  * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios
  * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver.
  * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new
+
+# These variables are for koji-containerbuild/osbs
+osbs_fqdn: "osbs.fedorainfracloud.org"
+docker_registry: "registry.fedoraproject.org"
+koji_root: "koji.fedoraproject.org/koji"
+koji_hub: "koji.fedoraproject.org/kojihub"
--- a/inventory/group_vars/buildhw
+++ b/inventory/group_vars/buildhw
@ -19,3 +19,9 @@ csi_relationship: |
  * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios
  * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver.
  * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new
+
+# These variables are for koji-containerbuild/osbs
+osbs_fqdn: "osbs.fedorainfracloud.org"
+docker_registry: "registry.fedoraproject.org"
+koji_root: "koji.fedoraproject.org/koji"
+koji_hub: "koji.fedoraproject.org/kojihub"
--- a/inventory/group_vars/buildvm
+++ b/inventory/group_vars/buildvm
@ -30,3 +30,9 @@ csi_relationship: |
  * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios
  * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver.
  * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new
+
+# These variables are for koji-containerbuild/osbs
+osbs_fqdn: "osbs.fedorainfracloud.org"
+docker_registry: "registry.fedoraproject.org"
+koji_root: "koji.fedoraproject.org/koji"
+koji_hub: "koji.fedoraproject.org/kojihub"
--- a/inventory/group_vars/buildvm-stg
+++ b/inventory/group_vars/buildvm-stg
@ -33,3 +33,9 @@ csi_relationship: |
  * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios
  * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver.
  * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new
+
+# These variables are for koji-containerbuild/osbs
+osbs_fqdn: "osbs-dev.fedorainfracloud.org"
+docker_registry: "osbs-dev.fedorainfracloud.org"
+koji_root: "koji.stg.fedoraproject.org/koji"
+koji_hub: "koji.stg.fedoraproject.org/kojihub"
--- a/inventory/group_vars/koji
+++ b/inventory/group_vars/koji
@ -1,5 +1,5 @@
 ---
-# Define resources for this group of hosts here. 
+# Define resources for this group of hosts here.
 lvm_size: 30000
 mem_size: 16384
 num_cpus: 16
@ -43,3 +43,8 @@ fedmsg_certs:

 nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3"
 virt_install_command: "{{ virt_install_command_two_nic }}"
+
+osbs_fqdn: "osbs.fedorainfracloud.org"
+docker_registry: "registry.fedoraproject.org"
+koji_root: "koji.fedoraproject.org/koji"
+koji_hub: "koji.fedoraproject.org/kojihub"
--- a/inventory/group_vars/koji-stg
+++ b/inventory/group_vars/koji-stg
@ -1,5 +1,5 @@
 ---
-# Define resources for this group of hosts here. 
+# Define resources for this group of hosts here.
 lvm_size: 250000
 mem_size: 8192
 num_cpus: 8
@ -41,3 +41,16 @@ sudoers: "{{ private }}/files/sudo/releng-sudoers"
 koji_server_url: "http://koji.stg.fedoraproject.org/kojihub"
 koji_weburl: "http://koji.stg.fedoraproject.org/koji"
 koji_topurl: "http://kojipkgs.fedoraproject.org/"
+
+osbs_fqdn: "osbs-dev.fedorainfracloud.org"
+docker_registry: "osbs-dev.fedorainfracloud.org"
+koji_root: "koji.stg.fedoraproject.org/koji"
+koji_hub: "koji.stg.fedoraproject.org/kojihub"
+
+
+# Add custom iptable rule to allow stage koji to talk to
+# osbs-dev.fedorainfracloud.org (will move to stage osbs later, this is for the
+# sake of testing).
+custom_rules: [
+    '-A OUTPUT -p tcp -m tcp -d 209.132.184.60 --dport 8443 -j ACCEPT'
+]
--- a/inventory/inventory
+++ b/inventory/inventory
@ -622,6 +622,7 @@ pdc-web01.stg.phx2.fedoraproject.org
 pkgdb01.stg.phx2.fedoraproject.org
 pkgs01.stg.phx2.fedoraproject.org
 proxy01.stg.phx2.fedoraproject.org
+qa-stg01.qa.fedoraproject.org:222
 resultsdb-stg01.qa.fedoraproject.org
 statscache-web01.stg.phx2.fedoraproject.org
 statscache-web02.stg.phx2.fedoraproject.org
--- a/playbooks/groups/buildhw.yml
+++ b/playbooks/groups/buildhw.yml
@ -7,7 +7,7 @@
  remote_user: root
  gather_facts: True

-  vars_files: 
+  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
@ -29,6 +29,34 @@
  - hosts
  - { role: fas_client, when: not inventory_hostname.startswith('bkernel') }
  - { role: sudo, when: not inventory_hostname.startswith('bkernel') }
+  - {
+      role: osbs-client,
+        when: env == 'staging',
+        general: {
+          verbose: 0,
+          build_json_dir: '/usr/share/osbs/',
+          openshift_required_version: 1.1.0,
+        },
+        default: {
+          openshift_url: 'https://{{ osbs_fqdn }}:8443/',
+          registry_uri: 'https://{{ docker_registry }}:5000/v2',
+          source_registry_uri: 'https://{{ docker_registry }}:5000/v2',
+          build_host: '{{ osbs_fqdn }}',
+          koji_root: 'http://{{ koji_root }}',
+          koji_hub: 'http://{{ koji_hub }}',
+          sources_command: 'fedpkg sources',
+          build_type: 'prod',
+          authoritative_registry: 'registry.example.com',
+          vendor: 'Fedora Project',
+          verify_ssl: false,
+          use_auth: false,
+          builder_use_auth: true,
+          distribution_scope: 'private',
+          registry_api_versions: 'v2',
+          builder_openshift_url: 'https://172.17.0.1:8443/'
+        }
+    }
+

  tasks:
  - include: "{{ tasks }}/2fa_client.yml"
--- a/playbooks/groups/buildvm.yml
+++ b/playbooks/groups/buildvm.yml
@ -1,4 +1,4 @@
-# create a new koji builder 
+# create a new koji builder
 # NOTE: should be used with --limit most of the time
 # NOTE: make sure there is room/space for this builder on the buildvmhost
 # NOTE: most of these vars_path come from group_vars/buildvm or from hostvars
@ -10,7 +10,7 @@
  user: root
  gather_facts: True

-  vars_files: 
+  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
@ -22,20 +22,47 @@
  - base
  - hosts
  - apache
-  - { role: nfs/client, 
-      when: ( ansible_architecture == 'x86_64' or ansible_architecture == 'ppc64le' or ansible_architecture == 'ppc64' ) and not inventory_hostname.startswith('buildvm-ppc64'), 
+  - { role: nfs/client,
+      when: ( ansible_architecture == 'x86_64' or ansible_architecture == 'ppc64le' or ansible_architecture == 'ppc64' ) and not inventory_hostname.startswith('buildvm-ppc64'),
      mnt_dir: '/mnt/fedora_koji',  nfs_src_dir: 'fedora_koji' }
-  - { role: nfs/client, 
-      when: inventory_hostname.startswith('aarch64') , 
+  - { role: nfs/client,
+      when: inventory_hostname.startswith('aarch64') ,
      mnt_dir: '/mnt/fedora_koji',  nfs_src_dir: 'fedora_arm/data' }
-  - { role: nfs/client, 
-      when: inventory_hostname.startswith('buildvm-ppc64') , 
+  - { role: nfs/client,
+      when: inventory_hostname.startswith('buildvm-ppc64') ,
      mnt_dir: '/mnt/fedora_koji',  nfs_src_dir: 'fedora_ppc/data' }
-  - { role: nfs/client, 
+  - { role: nfs/client,
      when: datacenter == 'staging', mnt_dir: '/mnt/fedora_koji',  nfs_src_dir: 'fedora_koji' }
  - { role: fas_client, when: not inventory_hostname.startswith('bkernel') }
  - { role: sudo, when: not inventory_hostname.startswith('bkernel') }
  - koji_builder
+  - {
+      role: osbs-client,
+        when: env == 'staging',
+        general: {
+          verbose: 0,
+          build_json_dir: '/usr/share/osbs/',
+          openshift_required_version: 1.1.0,
+        },
+        default: {
+          openshift_url: 'https://{{ osbs_fqdn }}:8443/',
+          registry_uri: 'https://{{ docker_registry }}:5000/v2',
+          source_registry_uri: 'https://{{ docker_registry }}:5000/v2',
+          build_host: '{{ osbs_fqdn }}',
+          koji_root: 'http://{{ koji_root }}',
+          koji_hub: 'http://{{ koji_hub }}',
+          sources_command: 'fedpkg sources',
+          build_type: 'prod',
+          authoritative_registry: 'registry.example.com',
+          vendor: 'Fedora Project',
+          verify_ssl: false,
+          use_auth: false,
+          builder_use_auth: true,
+          distribution_scope: 'private',
+          registry_api_versions: 'v2',
+          builder_openshift_url: 'https://172.17.0.1:8443/'
+        }
+    }

  tasks:
  - include: "{{ tasks }}/2fa_client.yml"
--- a/playbooks/groups/koji-hub.yml
+++ b/playbooks/groups/koji-hub.yml
@ -4,14 +4,14 @@

 - include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=koji-stg:koji01.phx2.fedoraproject.org:koji02.phx2.fedoraproject.org:s390-koji01.qa.fedoraproject.org:arm-koji01.qa.fedoraproject.org"

-# Once the instance exists, configure it. 
+# Once the instance exists, configure it.

 - name: make koji_hub server system
  hosts: koji-stg:koji01.phx2.fedoraproject.org:koji02.phx2.fedoraproject.org:s390-koji01.qa.fedoraproject.org:arm-koji01.qa.fedoraproject.org
  user: root
  gather_facts: True

-  vars_files: 
+  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
@ -29,6 +29,34 @@
  - koji_hub
  - { role: rsyncd, when: not inventory_hostname.startswith('koji') }
  - { role: koji_builder, when: env == "staging" or inventory_hostname.startswith('s390') or inventory_hostname.startswith('arm') }
+  - {
+      role: osbs-client,
+        when: env == 'staging',
+        general: {
+          verbose: 0,
+          build_json_dir: '/usr/share/osbs/',
+          openshift_required_version: 1.1.0,
+        },
+        default: {
+          openshift_url: 'https://{{ osbs_fqdn }}:8443/',
+          registry_uri: 'https://{{ docker_registry }}:5000/v2',
+          source_registry_uri: 'https://{{ docker_registry }}:5000/v2',
+          build_host: '{{ osbs_fqdn }}',
+          koji_root: 'http://{{ koji_root }}',
+          koji_hub: 'http://{{ koji_hub }}',
+          sources_command: 'fedpkg sources',
+          build_type: 'prod',
+          authoritative_registry: 'registry.example.com',
+          vendor: 'Fedora Project',
+          verify_ssl: false,
+          use_auth: false,
+          builder_use_auth: true,
+          distribution_scope: 'private',
+          registry_api_versions: 'v2',
+          builder_openshift_url: 'https://172.17.0.1:8443/'
+        }
+    }
+
  - { role: nfs/server, when: env == "staging" }
  - { role: keepalived, when: env == "production" and inventory_hostname.startswith('koji') }
  - role: nfs/client
--- a/roles/copr/backend/files/provision/builderpb_ppc64le.yml
+++ b/roles/copr/backend/files/provision/builderpb_ppc64le.yml
@ -39,6 +39,12 @@
  tasks:
  - include: "provision_builder_tasks.yml"

+  - get_url: url=https://kojipkgs.fedoraproject.org//packages/mock/1.2.15/1.fc22/noarch/mock-1.2.15-1.fc22.noarch.rpm dest=/tmp/
+    when: ansible_distribution == 'Fedora' and ansible_distribution_major_version|int == 22
+
+  - yum: state=present name=/tmp/mock-1.2.15-1.fc22.noarch.rpm
+    when: ansible_distribution == 'Fedora' and ansible_distribution_major_version|int == 22
+
  - name: disable offloading
    command: ethtool -K enp0s1 tso off gro off gso off

--- a/roles/copr/backend/files/provision/provision_builder_tasks.yml
+++ b/roles/copr/backend/files/provision/provision_builder_tasks.yml
@ -39,6 +39,7 @@
    - rpm
    - glib2
    - ca-certificates
+    - mock

 - copy: src=files/fedpkg-copr.conf dest=/etc/rpkg/fedpkg-copr.conf

--- a/roles/copr/dist_git/files/dist-git.conf
+++ b/roles/copr/dist_git/files/dist-git.conf
@ -17,7 +17,7 @@ admin_groups=cvsadmin

 # comma separated list of active branches to create ACLs for
 # example:
-active_branches=el5,el6,el7,epel7,f21,f22,f23,master
+active_branches=el5,el6,el7,epel7,f22,f23,f24,master

 # a "regex"ish list of the reserved branches
 # example:
--- a/roles/copr/dist_git/tasks/main.yml
+++ b/roles/copr/dist_git/tasks/main.yml
@ -55,6 +55,9 @@

 - name: install config for copr-dist-git
  template: src=copr-dist-git.conf.j2 dest=/etc/copr/copr-dist-git.conf mode=0644
+  tags:
+  - config
+

 - name: set git variables for copr-service user
  copy: src=".gitconfig" dest="/home/copr-service/.gitconfig"
@ -73,6 +76,8 @@
  - reload httpd

 - copy: src="dist-git.conf" dest="/etc/dist-git/dist-git.conf" mode=0644
+  tags:
+  - config

 - copy: src="ssh_config" dest="/home/copr-service/.ssh/config" owner=copr-service group=copr-service mode=0600

--- a/roles/fedora-web/build/files/syncStatic.stg.sh
+++ b/roles/fedora-web/build/files/syncStatic.stg.sh
@ -24,11 +24,11 @@ function build {
    return $rc;
 }

-if [ ! -d  /srv/web/fedora-web/.git ]
+if [ ! -d  /srv/web/fedora-websites/.git ]
 then
    /usr/bin/git clone -q \
-        git://git.fedorahosted.org/fedora-web.git \
-        /srv/web/fedora-web
+        https://pagure.io/fedora-websites.git \
+        /srv/web/fedora-websites
 fi

 # Freeze the website to prepare beta changes.  On release day, comment the git
@ -41,11 +41,11 @@ fi
 #
 # Good luck!

-cd /srv/web/fedora-web
+cd /srv/web/fedora-websites

 /usr/bin/git clean -q -fdx || exit 1
 /usr/bin/git reset -q --hard || exit 1
-/usr/bin/git checkout -q flock2016 || exit 1
+/usr/bin/git checkout -q f24-alpha || exit 1

 /usr/bin/git pull -q --ff-only || exit 1
 build spins.fedoraproject.org
--- a/roles/hotness/tasks/main.yml
+++ b/roles/hotness/tasks/main.yml
@ -1,5 +1,13 @@
 ---
 # Configuration for the the-new-hotness consumer
+#
+- name: install rebase helper from epel-testing
+  yum: pkg={{ item }} state=present enablerepo=epel-testing
+  with_items:
+  - rebase-helper
+  tags:
+  - packages
+  - hotness

 - name: install needed packages
  yum: pkg={{ item }} state=present
--- a/roles/koji_builder/tasks/main.yml
+++ b/roles/koji_builder/tasks/main.yml
@ -1,5 +1,5 @@
 #
-# This is a base koji_builder role. 
+# This is a base koji_builder role.
 #
 - name: set root passwd
  user: name=root password={{ builder_rootpw }} state=present
@ -27,7 +27,7 @@
  - koji_builder

 - name: add kojibuilder
-  user: name=kojibuilder groups=mock 
+  user: name=kojibuilder groups=mock
  tags:
  - koji_builder

@ -72,6 +72,7 @@
  with_items:
    - yum-utils
    - koji-builder
+    - koji-containerbuild-builder
    - strace
    - mock
    - kernel-firmware
@ -101,6 +102,7 @@
  with_items:
    - yum-utils
    - koji-builder
+    - koji-containerbuild-builder
    - strace
    - mock
    - kernel-firmware
@ -187,7 +189,7 @@
  - koji_builder

 - name: copy over builder cert to /etc/kojid/kojibuilder.pem
-  copy: src="{{ private }}/files/koji/buildercerts/{{ inventory_hostname }}.pem" dest=/etc/kojid/kojibuilder.pem mode=600   
+  copy: src="{{ private }}/files/koji/buildercerts/{{ inventory_hostname }}.pem" dest=/etc/kojid/kojibuilder.pem mode=600
  tags:
  - koji_builder

@ -277,20 +279,20 @@
  - koji_builder

 - name: set kernel params for more loops
-  command: /sbin/grubby --update-kernel=ALL --args=max_loop=64 
+  command: /sbin/grubby --update-kernel=ALL --args=max_loop=64
  when: max_loop is defined and max_loop.stdout.find("max_loop=64") == -1
  tags:
  - koji_builder

 #
 # x86_64 builders run pungify, that needs hfs module in order to make
-# The efi/mac images. This module is only needed on rhel. 
+# The efi/mac images. This module is only needed on rhel.
 #

 - name: special pkgs for the x86_64 builders
  yum: state=present pkg={{ item }}
  with_items:
-  - kmod-hfsplus    
+  - kmod-hfsplus
  when: is_rhel is defined and ansible_architecture == 'x86_64' and ansible_distribution_major_version|int == '6'
  tags:
  - koji_builder
--- a/roles/koji_builder/templates/kojid.conf
+++ b/roles/koji_builder/templates/kojid.conf
@ -72,9 +72,14 @@ serverca = /etc/kojid/cacert.pem

 {% if 'runroot' in group_names %}
 ; Config for it lives in /etc/kojid/runroot.conf
-plugins = runroot
+plugins = runroot builder_container

 ; We use the hub's plugin path since that's where
 ; the package installs the builder plugin.
 pluginpath = /usr/lib/koji-hub-plugins
+
+{% else %}
+
+plugins = builder_container
+
 {% endif %}
--- a/roles/koji_hub/tasks/main.yml
+++ b/roles/koji_hub/tasks/main.yml
@ -1,6 +1,6 @@
 ---
 #
-# Setup koji hub server. 
+# Setup koji hub server.
 #
 - name: install koji hub server packages
  yum: name={{ item }} state=present
@ -10,6 +10,7 @@
  - koji-web
  - koji-utils
  - koji-theme-fedora
+  - koji-containerbuild-hub
  - mod_ssl
  - mod_wsgi
  - git
@ -188,7 +189,7 @@

 - name: instaall fedora-ca.cert in various places
  copy: src={{ private }}/files/fedora-ca.cert dest={{ item }} owner=apache
-  with_items: 
+  with_items:
  - /etc/kojira/extras_cacert.pem
  - /etc/pki/tls/certs/extras_cacert.pem
  - /etc/pki/tls/certs/extras_upload_cacert.pem
--- a/roles/koji_hub/templates/hub.conf.j2
+++ b/roles/koji_hub/templates/hub.conf.j2
@ -1,8 +1,8 @@
-[hub]                                                                         
+[hub]

 ## Basic options ##
-DBName = koji      
-DBUser = koji      
+DBName = koji
+DBUser = koji
 {% if inventory_hostname.startswith('koji') %}
 DBHost = db-koji01
 DBPass = {{ kojiPassword }}
@ -13,7 +13,7 @@ DBPass = {{ s390kojiPassword }}
 DBHost = db-arm-koji01
 DBPass = {{ armkojiPassword }}
 {% endif %}
-KojiDir = /mnt/koji       
+KojiDir = /mnt/koji
 MemoryWarnThreshold = 10000
 MaxRequestLength = 83886080

@ -75,18 +75,18 @@ DisableNotifications = True

 #Plugins = koji-disable-builds-plugin
 #Plugins = darkserver-plugin
-Plugins = fedmsg-koji-plugin runroot_hub
+Plugins = fedmsg-koji-plugin runroot_hub hub_containerbuild

 {% if inventory_hostname.startswith('koji') %}
 [policy]


-tag = 
+tag =
    has_perm secure-boot && package kernel shim grub2 fedora-release fedora-repos pesign :: allow
    package kernel shim grub2 fedora-release fedora-repos pesign :: deny
    all :: allow

-channel = 
+channel =
    method createrepo :: use createrepo
    has req_channel :: req
    is_child_task :: parent
--- a/roles/releng/files/branched
+++ b/roles/releng/files/branched
@ -1,3 +1,3 @@
 # branched compose
-#MAILTO=releng-cron@lists.fedoraproject.org
-#15 7 * * * masher TMPDIR=`mktemp -d /tmp/branched.XXXXXX` && cd $TMPDIR && git clone -n https://pagure.io/releng.git && cd releng && git checkout -b stable rawhide-stable && LANG=en_US.UTF-8 ./scripts/buildbranched $(date "+\%Y\%m\%d") && sudo -u ftpsync /usr/local/bin/update-fullfilelist fedora
+MAILTO=releng-cron@lists.fedoraproject.org
+15 7 * * * root TMPDIR=`mktemp -d /tmp/branched.XXXXXX` && cd $TMPDIR && git clone https://pagure.io/pungi-fedora.git && cd pungi-fedora && git checkout f24 && LANG=en_US.UTF-8 ./nightly.sh && sudo -u ftpsync /usr/local/bin/update-fullfilelist fedora
--- a/roles/releng/files/rawhide
+++ b/roles/releng/files/rawhide
@ -1,3 +1,3 @@
 # rawhide compose
 MAILTO=releng-cron@lists.fedoraproject.org
-#15 5 * * * masher TMPDIR=`mktemp -d /tmp/rawhide.XXXXXX` && cd $TMPDIR && git clone -n https://pagure.io/releng.git && cd releng && git checkout -b stable rawhide-stable && LANG=en_US.UTF-8 ./scripts/buildrawhide $(date "+\%Y\%m\%d") && sudo -u ftpsync /usr/local/bin/update-fullfilelist fedora
+15 5 * * * root TMPDIR=`mktemp -d /tmp/rawhide.XXXXXX` && cd $TMPDIR && git clone https://pagure.io/pungi-fedora.git && cd pungi-fedora && LANG=en_US.UTF-8 ./nightly.sh && sudo -u ftpsync /usr/local/bin/update-fullfilelist fedora