From d8176192b4347a9f97bf01d12bcd94df55be2a83 Mon Sep 17 00:00:00 2001 From: Mikolaj Izdebski Date: Fri, 20 Feb 2015 19:55:21 +0100 Subject: [PATCH] Update Koschei playbook See https://fedorahosted.org/fedora-infrastructure/ticket/4690 This commit introduces the followith enhancements: - add koschei tag - yum-install koschei package - add extra fedorapeople repo - enable and start Koschei services - install Koschei config file - restart services on config update - install Koji certificates - avoid explicitly cleaning yum metadata - add alembic DB migration --- files/koschei/config.cfg.j2 | 58 ++++++++++++++ files/koschei/koschei.repo | 13 +++ .../hosts/koschei.cloud.fedoraproject.org.yml | 80 +++++++++++++++++++ 3 files changed, 151 insertions(+) create mode 100644 files/koschei/config.cfg.j2 create mode 100644 files/koschei/koschei.repo diff --git a/files/koschei/config.cfg.j2 b/files/koschei/config.cfg.j2 new file mode 100644 index 0000000000..bd26a2a2c1 --- /dev/null +++ b/files/koschei/config.cfg.j2 @@ -0,0 +1,58 @@ +# This is a config file for Koschei that can override values in default +# configuration in /usr/share/koschei/config.cfg. It is a python file expecting +# assignment to config dictionary which will be recursively merged with the +# default one. +config = { + "database_config": { + "username": "koschei", + "password": "{{ koschei_pgsql_password }}", + "database": "koschei" + }, + "koji_config": { + "cert": "/etc/koschei/koschei.pem", + "ca": "/etc/koschei/fedora-ca.cert", + "server_ca": "/etc/koschei/fedora-ca.cert", + }, + "flask": { + "SECRET_KEY": "{{ koschei_flask_secret_key }}", + }, + "logging": { + "loggers": { + "": { + "level": "DEBUG", + "handlers": ["stderr", "email"], + }, + }, + "handlers": { + "email": { + "class": "logging.handlers.SMTPHandler", + "level": "WARN", + "mailhost": "localhost", + "fromaddr": "koschei@fedoraproject.org", + "toaddrs": ['msimacek@redhat.com', 'mizdebsk@redhat.com'], + "subject": "Koschei warning", + }, + }, + }, + "fedmsg-publisher": { + "enabled": True, + "modname": "koschei", + }, +# "services": { +# "polling": { +# "interval": 60, +# }, +# }, + "dependency": { + "repo_chache_items": 5, + "keep_build_deps_for": 2 + }, + "koji_config": { + "max_builds": 30 + }, +} + +# Local Variables: +# mode: Python +# End: +# vi: ft=python diff --git a/files/koschei/koschei.repo b/files/koschei/koschei.repo new file mode 100644 index 0000000000..265806e614 --- /dev/null +++ b/files/koschei/koschei.repo @@ -0,0 +1,13 @@ +[koschei-mizdebsk] +name=Koschei repo +baseurl=https://mizdebsk.fedorapeople.org/koschei/repo/ +enabled=1 +gpgcheck=0 +metadata_expire=60 + +[koschei-msimacek] +name=Koschei repo +baseurl=https://msimacek.fedorapeople.org/koschei/repo/ +enabled=1 +gpgcheck=0 +metadata_expire=60 diff --git a/playbooks/hosts/koschei.cloud.fedoraproject.org.yml b/playbooks/hosts/koschei.cloud.fedoraproject.org.yml index 4f681bda1e..200896779f 100644 --- a/playbooks/hosts/koschei.cloud.fedoraproject.org.yml +++ b/playbooks/hosts/koschei.cloud.fedoraproject.org.yml @@ -15,21 +15,101 @@ gather_facts: True user: fedora sudo: yes + tags: koschei vars_files: - /srv/web/infra/ansible/vars/global.yml - "/srv/private/ansible/vars.yml" - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + packages: + - koschei + services: + - koschei-polling + - koschei-resolver + - koschei-scheduler + - koschei-watcher + # httpd is here temporarly only, it will be removed once koschei + # implements "base" role + - httpd + # flag controlling whether koji PEM private key and certificate + # should be deployed by playbook + cert: false + tasks: - include: "{{ tasks }}/growroot_cloud.yml" - include: "{{ tasks }}/cloud_setup_basic.yml" - include: "{{ tasks }}/postfix_basic.yml" + # Temporary yum repo hosted on fedorapeople, it will be replaced by + # Fedora infra repo once Koschei completes RFR. Copr can't be used + # because of limitations of Fedora cloud routing -- machines in + # different networks can't access each other, even through public IP + - name: add koschei yum repo + action: copy src="{{ files }}/koschei/koschei.repo" dest="/etc/yum.repos.d/koschei.repo" + + - name: yum update koschei package + yum: name={{item}} state=latest + with_items: "{{packages}}" + register: yumupdate + # TODO: restart httpd + tags: + - packages + + - name: stop koschei + action: service name={{item}} state=stopped + with_items: "{{services}}" + when: yumupdate.changed + + - name: install /etc/koschei/config.cfg file + template: src="{{ files }}/koschei/config.cfg.j2" dest="/etc/koschei/config.cfg" + notify: + - restart koschei + # TODO: restart httpd + tags: + - config + + - name: install koschei.pem koji key and cert + copy: > + src="{{ private }}/files/koschei/koschei.pem" + dest="/etc/koschei/koschei.pem" + owner=koschei + group=koschei + mode=0400 + when: cert + tags: + - config + + - name: install koji ca cert + copy: > + src="{{ puppet_private }}/fedora-ca.cert" + dest="/etc/koschei/fedora-ca.cert" + owner=root + group=root + mode=0644 + tags: + - config + + - name: run koschei migration + command: alembic -c /usr/share/koschei/alembic.ini upgrade head + sudo_user: koschei + when: yumupdate.changed + + - name: enable koschei to start + action: service name={{item}} state=running enabled=true + with_items: "{{services}}" + tags: + - service + handlers: - include: "{{ handlers }}/restart_services.yml" + - name: restart koschei + action: service name={{item}} state=restarted + with_items: "{{services}}" + - name: setup fedmsg hosts: koschei.cloud.fedoraproject.org user: root