--- # tasklist for setting up bodhi/masher (requires bodhi/base) # This is the base set of files needed for bodhi/masher - name: add ftpsync group group: name=ftpsync gid=263 system=yes state=present tags: - bodhi - name: add ftpsync user user: name=ftpsync uid=263 group=ftpsync createhome=yes system=yes state=present tags: - bodhi - name: add the ftpsync update-fullfilelist script copy: src=update-fullfilelist dest=/usr/local/bin/update-fullfilelist owner=ftpsync group=ftpsync mode=555 tags: - bodhi - name: install needed packages yum: pkg={{ item }} state=present with_items: - mock - mash - fedmsg-hub - fedmsg-relay - fedmsg-atomic-composer - python-mock - sigul tags: - packages - bodhi - name: add masher group group: name=masher gid=751 system=yes state=present tags: - bodhi # masher user 751 - name: add masher user as 751 - and group user: name=masher uid=751 group=masher home=/home/masher groups=mock,ftpsync,bodhi tags: - bodhi - name: change owner and group attributes of bodhi.pem file file: > path="/etc/pki/bodhi/bodhi.pem" owner=masher group=masher when: inventory_hostname.startswith('bodhi-backend') tags: - bodhi - config - name: change owner and group attributes of /var/log/bodhi directory file: path=/var/log/bodhi owner=masher group=masher when: inventory_hostname.startswith('bodhi-backend') tags: - bodhi - config - name: setup /etc/bodhi/mash.conf file... template: > src=mash.conf dest=/etc/bodhi/mash.conf owner=masher group=masher mode=0640 tags: - config - bodhi - name: change type part of SELinux file context file: > dest=/var/tmp/bodhi/comps/ setype=httpd_sys_script_rw_t state=directory recurse=yes tags: - config - bodhi #- name: change owner attribute of /var/tmp/bodhi-bz.cookie file # file: > # path=/var/tmp/bodhi-bz.cookie # owner=masher # tags: # - config # - bodhi - name: install /etc/bodhi/*.mash files copy: > src="{{ item }}" dest="/etc/bodhi/{{ item }}" owner=masher mode=0640 with_items: - f21-updates.mash - f21-updates-testing.mash - f22-updates.mash - f22-updates-testing.mash - f23-updates.mash - f23-updates-testing.mash - el6-epel.mash - el6-epel-testing.mash - epel7.mash - epel7-testing.mash tags: - config - bodhi # tasks for setting up epelmasher - name: install needed packages yum: pkg={{ item }} state=present with_items: - repoview tags: - packages - bodhi # # cron job that syncs packages to koji # #- name: put owner-sync-pkgdb in place # template: src=owner-sync-pkgdb.j2 dest=/usr/local/bin/owner-sync-pkgdb mode=0755 # tags: # - config # - bodhi - name: sync packages from pkgdb2 to koji (el5) cron: name="owner-sync-el5" minute="7,17,27,37,47,57" user="root" job="/usr/local/bin/owner-sync-pkgdb dist-5E-epel" cron_file=update-koji-owner-EL-5 state=absent when: inventory_hostname.startswith('bodhi-backend01') and env == "production" tags: - bodhi - name: sync packages from pkgdb2 to koji (el6) cron: name="owner-sync-el5" minute="7,17,27,37,47,57" user="root" job="/usr/local/bin/owner-sync-pkgdb dist-6E-epel" cron_file=update-koji-owner-EL-6 state=absent when: inventory_hostname.startswith('bodhi-backend01') and env == "production" tags: - bodhi - name: sync packages from pkgdb2 to koji (epel7) cron: name="owner-sync-el5" minute="7,17,27,37,47,57" user="root" job="/usr/local/bin/owner-sync-pkgdb epel7" cron_file=update-koji-owner-epel7 state=absent when: inventory_hostname.startswith('bodhi-backend01') and env == "production" tags: - bodhi - name: sync packages from pkgdb2 to koji (f20) cron: name="owner-sync-el5" minute="7,17,27,37,47,57" user="root" job="/usr/local/bin/owner-sync-pkgdb f20" cron_file=update-koji-owner-f20 state=absent when: inventory_hostname.startswith('bodhi-backend01') tags: - bodhi # # cron job that syncs updates to master mirror # - name: put fedora-updates-push in place copy: src=fedora-updates-push dest=/usr/local/bin/fedora-updates-push mode=0755 when: inventory_hostname.startswith('bodhi-backend01') and env == "production" tags: - config - bodhi - cron - name: put fedora-epel-push in place copy: src=fedora-epel-push dest=/usr/local/bin/fedora-epel-push mode=0755 when: inventory_hostname.startswith('bodhi-backend01') and env == "production" tags: - config - bodhi - cron - name: put update-fullfilelist in place copy: src=update-fullfilelist dest=/usr/local/bin/update-fullfilelist mode=0755 when: inventory_hostname.startswith('bodhi-backend01') and env == "production" tags: - config - bodhi - cron - name: Updates sync cron job. cron: name="updates-sync" minute="15,45" user="ftpsync" job="/usr/local/bin/lock-wrapper fedora-updates-push '/usr/local/bin/fedora-updates-push && /usr/local/bin/update-fullfilelist fedora" cron_file=updates-sync when: inventory_hostname.startswith('bodhi-backend01') and env == "production" tags: - config - bodhi - cron - name: epel Updates sync cron job. cron: name="epel-updates-sync" minute="15,45" user="ftpsync" job="/usr/local/bin/lock-wrapper fedora-epel-push '/usr/local/bin/fedora-epel-push && /usr/local/bin/update-fullfilelist epel" cron_file=updates-sync when: inventory_hostname.startswith('bodhi-backend01') and env == "production" tags: - config - bodhi - cron - name: directory sizes update cron job. cron: name="directory-sizes-update" minute="30" hour="19" user="ftpsync" job="/usr/bin/find /srv/pub/alt/ /srv/pub/archive/ /srv/pub/fedora-secondary/ /srv/pub/fedora/ /srv/pub/epel/ -type d ! -path '/srv/pub/fedora/.snapshot*' ! -path '/srv/pub/epel/.snapshot*' ! -path '/srv/pub/alt/.snapshot*' ! -path '/srv/pub/archive/.snapshot*' ! -path '/srv/pub/fedora-secondary/.snapshot*' ! -path '/srv/pub/alt/stage*' ! -path '/srv/pub/alt/tmp' ! -path '/srv/pub/alt/screenshots/f21/source' | grep -v snapshot | /usr/bin/xargs -n 1 /usr/bin/du --exclude=.snapshot --exclude=stage -sh > /tmp/DIRECTORY_SIZES.txt 2> /dev/null; cp /tmp/DIRECTORY_SIZES.txt /srv/pub/" cron_file=directory-sizes-update when: inventory_hostname.startswith('bodhi-backend01') and env == "production" tags: - config - bodhi - cron - name: have the masher own the bodhi config file: > path="/etc/bodhi/production.ini" owner=masher group=masher when: inventory_hostname.startswith('bodhi') tags: - config - bodhi - name: make a mnt/koji link file: state=link src=/mnt/fedora_koji/koji dest=/mnt/koji when: env != 'staging' tags: - bodhi - name: create the /usr/lib/systemd/system/fedmsg-hub.service.d drop-in directory file: path=/usr/lib/systemd/system/fedmsg-hub.service.d state=directory mode=0755 tags: - config - bodhi - name: install a femdsg-hub.service drop-in to run it as the masher copy: > src="fedmsg-hub.conf" dest="/usr/lib/systemd/system/fedmsg-hub.service.d/fedmsg-hub.conf" owner=root group=root mode=0644 notify: - reload systemd - restart fedmsg-hub tags: - bodhi - config - name: have the masher own /var/cache/mash file: > path="/var/cache/mash" owner=masher group=masher when: inventory_hostname.startswith('bodhi-backend') tags: - config - bodhi - name: have the masher own /var/cache/bodhi because of course.. file: > path="/var/cache/bodhi" owner=masher group=masher when: inventory_hostname.startswith('bodhi-backend') tags: - config - bodhi - name: ensure that nrpe has rights to monitor us (dir) file: > dest=/var/run/fedmsg mode=0775 owner=masher group=nrpe state=directory ignore_errors: true notify: - restart fedmsg-hub tags: - fedmsgmonitor - bodhi - name: ensure that nrpe has rights to monitor us (file) file: > dest=/var/run/fedmsg/monitoring-fedmsg-hub.socket mode=0775 owner=masher group=nrpe state=file ignore_errors: true tags: - fedmsgmonitor - bodhi - name: install our atomic composer config template: > src=atomic-config.py.j2 dest=/usr/lib/python2.7/site-packages/fedmsg_atomic_composer/config.py owner=masher mode=0644 tags: - config - bodhi - atomic - name: ensure apache is disabled on the backend service: name=httpd enabled=no state=stopped tags: - bodhi