217 lines
7 KiB
YAML
217 lines
7 KiB
YAML
---
|
|
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
|
|
vars:
|
|
myhosts: "openqa:openqa_lab"
|
|
|
|
- name: setup base openQA host
|
|
hosts: openqa:openqa_lab
|
|
user: root
|
|
gather_facts: true
|
|
|
|
vars_files:
|
|
- /srv/web/infra/ansible/vars/global.yml
|
|
- "/srv/private/ansible/vars.yml"
|
|
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
|
|
|
pre_tasks:
|
|
- include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README
|
|
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
|
|
|
|
roles:
|
|
- { role: base, tags: ['base'] }
|
|
- { role: rkhunter, tags: ['rkhunter'] }
|
|
- { role: nagios_client, tags: ['nagios_client'] }
|
|
- { role: hosts, tags: ['hosts']}
|
|
- ipa/client
|
|
- { role: collectd/base, tags: ['collectd_base'] }
|
|
- { role: sudo, tags: ['sudo'] }
|
|
- apache
|
|
|
|
tasks:
|
|
- import_tasks: "{{ tasks_path }}/motd.yml"
|
|
|
|
handlers:
|
|
- import_tasks: "{{ handlers_path }}/restart_services.yml"
|
|
|
|
- name: configure fedora-messaging queues on openQA servers
|
|
hosts: openqa:openqa_lab
|
|
user: root
|
|
gather_facts: true
|
|
|
|
vars_files:
|
|
- /srv/web/infra/ansible/vars/global.yml
|
|
- "/srv/private/ansible/vars.yml"
|
|
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
|
|
|
roles:
|
|
# we must always make sure the prod user exists, as stg uses the
|
|
# prod account to listen to things on prod. **NOTE**: this is lazy
|
|
# and bad practice, but we've evaluated it and it doesn't really
|
|
# cause any significant security risk, it just means someone with
|
|
# root on openqa.stg could access the rabbitmq creds for the prod
|
|
# user and impersonate prod openqa on the message bus, which is
|
|
# not a huge deal. fixing it would be kinda tedious.
|
|
- role: rabbit/user
|
|
username: "{{ openqa_amqp_prod_username }}"
|
|
publish_only: false
|
|
sent_topics: ^org\.fedoraproject\.prod\.(openqa|ci)\..*
|
|
vars:
|
|
env: "production"
|
|
env_suffix: ""
|
|
tags: ['rabbit']
|
|
|
|
- role: rabbit/user
|
|
username: "{{ openqa_amqp_stg_username }}"
|
|
publish_only: false
|
|
sent_topics: ^org\.fedoraproject\.stg\.(openqa|ci)\..*
|
|
vars:
|
|
env: "staging"
|
|
env_suffix: ".stg"
|
|
tags: ['rabbit']
|
|
when: "deployment_type == 'stg'"
|
|
|
|
- role: rabbit/queue
|
|
queue_name: "{{ openqa_amqp_scheduler_queue }}"
|
|
routing_keys: "{{ openqa_amqp_scheduler_routing_keys }}"
|
|
vars:
|
|
# yes, even the staging scheduler listens to production, it
|
|
# has to or else it wouldn't schedule any jobs
|
|
env: "production"
|
|
env_suffix: ""
|
|
tags: ['rabbit']
|
|
|
|
- role: rabbit/queue
|
|
queue_name: "{{ openqa_amqp_resultsdb_reporter_queue }}"
|
|
routing_keys: "{{ openqa_amqp_resultsdb_reporter_routing_keys }}"
|
|
vars:
|
|
# this role does listen on stg, as it listens out for jobs
|
|
# from openqa stg
|
|
env: "{{ openqa_env }}"
|
|
env_suffix: "{{ openqa_env_suffix }}"
|
|
tags: ['rabbit']
|
|
|
|
- role: rabbit/queue
|
|
queue_name: "{{ openqa_amqp_wiki_reporter_queue }}"
|
|
routing_keys: "{{ openqa_amqp_wiki_reporter_routing_keys }}"
|
|
vars:
|
|
# this role does listen on stg, as it listens out for jobs
|
|
# from openqa stg
|
|
env: "{{ openqa_env }}"
|
|
env_suffix: "{{ openqa_env_suffix }}"
|
|
tags: ['rabbit']
|
|
|
|
# relvalconsumer queue
|
|
- role: rabbit/queue
|
|
queue_name: "{{ relvalconsumer_amqp_queue }}"
|
|
vars:
|
|
# yes, even the staging relvalconsumer listens to production,
|
|
# it has to because composes don't happen in stg
|
|
env: "production"
|
|
env_suffix: ""
|
|
tags: ['rabbit']
|
|
when: "relvalconsumer_amqp_queue is defined"
|
|
|
|
# relvalamiconsumer queue
|
|
- role: rabbit/queue
|
|
queue_name: "{{ relvalamiconsumer_amqp_queue }}"
|
|
routing_keys: "{{ relvalamiconsumer_amqp_routing_keys }}"
|
|
vars:
|
|
# yes, even the staging updater listens to production, it
|
|
# has to as we never publish fedimg.image.publish on stg
|
|
env: "production"
|
|
env_suffix: ""
|
|
tags: ['rabbit']
|
|
when: "relvalamiconsumer_amqp_queue is defined"
|
|
|
|
# check-compose queue
|
|
- role: rabbit/queue
|
|
queue_name: "{{ checkcompose_amqp_queue }}"
|
|
routing_keys: "{{ checkcompose_amqp_routing_keys }}"
|
|
vars:
|
|
# this role does listen on stg, as it listens out for jobs
|
|
# from openqa stg
|
|
env: "{{ checkcompose_env }}"
|
|
env_suffix: "{{ checkcompose_env_suffix }}"
|
|
tags: ['rabbit']
|
|
when: "checkcompose_amqp_queue is defined"
|
|
|
|
# fedora_nightlies queue
|
|
- role: rabbit/queue
|
|
queue_name: "{{ fedora_nightlies_amqp_queue }}"
|
|
routing_keys: "{{ fedora_nightlies_amqp_routing_keys }}"
|
|
vars:
|
|
# this role listens on prod as it listens for composes
|
|
env: "production"
|
|
env_suffix: ""
|
|
tags: ['rabbit']
|
|
when: "fedora_nightlies_amqp_queue is defined"
|
|
|
|
- name: set up openQA server data NFS mounts (staging)
|
|
hosts: openqa_lab
|
|
|
|
vars_files:
|
|
- /srv/web/infra/ansible/vars/global.yml
|
|
- "/srv/private/ansible/vars.yml"
|
|
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
|
|
|
roles:
|
|
- role: nfs/client
|
|
mnt_dir: '/var/lib/openqa/testresults'
|
|
nfs_src_dir: 'fedora_openqa_lab/testresults'
|
|
nfs_mount_opts: 'rw,bg,nfsvers=3'
|
|
tags: ['nfs_client']
|
|
- role: nfs/client
|
|
mnt_dir: '/var/lib/openqa/images'
|
|
nfs_src_dir: 'fedora_openqa_lab/images'
|
|
nfs_mount_opts: 'rw,bg,nfsvers=3'
|
|
tags: ['nfs_client']
|
|
|
|
handlers:
|
|
- import_tasks: "{{ handlers_path }}/restart_services.yml"
|
|
|
|
- name: set up openQA server data NFS mounts (prod)
|
|
hosts: openqa
|
|
|
|
vars_files:
|
|
- /srv/web/infra/ansible/vars/global.yml
|
|
- "/srv/private/ansible/vars.yml"
|
|
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
|
|
|
roles:
|
|
- role: nfs/client
|
|
mnt_dir: '/var/lib/openqa/testresults'
|
|
nfs_src_dir: 'fedora_openqa/testresults'
|
|
nfs_mount_opts: 'rw,bg,nfsvers=3'
|
|
tags: ['nfs_client']
|
|
- role: nfs/client
|
|
mnt_dir: '/var/lib/openqa/images'
|
|
nfs_src_dir: 'fedora_openqa/images'
|
|
nfs_mount_opts: 'rw,bg,nfsvers=3'
|
|
tags: ['nfs_client']
|
|
|
|
handlers:
|
|
- import_tasks: "{{ handlers_path }}/restart_services.yml"
|
|
|
|
- name: configure openQA
|
|
hosts: openqa:openqa_lab
|
|
user: root
|
|
gather_facts: true
|
|
|
|
vars_files:
|
|
- /srv/web/infra/ansible/vars/global.yml
|
|
- "/srv/private/ansible/vars.yml"
|
|
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
|
|
|
# relvalconsumer isn't particularly related to openQA in any way, we
|
|
# just put that role on these boxes. There's nowhere more obviously
|
|
# correct for it, really. Ditto fedora_nightlies and testcase_stats
|
|
roles:
|
|
- { role: openqa/server, tags: ['openqa_server'] }
|
|
- { role: openqa/dispatcher, tags: ['openqa_dispatcher'] }
|
|
- { role: check-compose, tags: ['check-compose'], when: "checkcompose_amqp_queue is defined" }
|
|
- { role: relvalconsumer, tags: ['relvalconsumer'], when: "relvalconsumer_amqp_queue is defined" }
|
|
- { role: fedora_nightlies, tags: ['fedora_nightlies'], when: "fedora_nightlies_amqp_queue is defined" }
|
|
- { role: testcase_stats, tags: ['testcase_stats'], when: "testcase_stats_output_dir is defined" }
|
|
|
|
handlers:
|
|
- import_tasks: "{{ handlers_path }}/restart_services.yml"
|