243 lines
7.4 KiB
YAML
243 lines
7.4 KiB
YAML
# create a new releng system
|
|
# NOTE: should be used with --limit most of the time
|
|
# NOTE: make sure there is room/space for this instance on the buildvmhost
|
|
# NOTE: most of these vars_path come from group_vars/releng or from hostvars
|
|
|
|
---
|
|
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
|
|
vars:
|
|
myhosts: "releng_compose:releng_compose_stg:releng_compose_eln"
|
|
|
|
- name: Setup releng compose hosts
|
|
hosts: releng_compose:releng_compose_stg:releng_compose_eln
|
|
user: root
|
|
gather_facts: true
|
|
tags:
|
|
- releng-compose
|
|
|
|
vars_files:
|
|
- /srv/web/infra/ansible/vars/global.yml
|
|
- "/srv/private/ansible/vars.yml"
|
|
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
|
|
|
pre_tasks:
|
|
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
|
|
|
|
roles:
|
|
- base
|
|
- hosts
|
|
- ipa/client
|
|
- rkhunter
|
|
- nagios_client
|
|
- zabbix/zabbix_agent
|
|
- zabbix/zabbix_templates
|
|
- collectd/base
|
|
- sudo
|
|
- role: keytab/service
|
|
service: compose
|
|
host: "compose-x86-01.stg.iad2.fedoraproject.org"
|
|
when: env == "staging"
|
|
- role: keytab/service
|
|
service: compose
|
|
host: "koji{{env_suffix}}.fedoraproject.org"
|
|
owner_group: releng-team
|
|
- role: keytab/service
|
|
service: mash
|
|
host: "koji{{env_suffix}}.fedoraproject.org"
|
|
- role: releng
|
|
tags:
|
|
- releng
|
|
|
|
# production composer nfs mounts
|
|
|
|
- role: nfs/client
|
|
mnt_dir: '/mnt/fedora_koji'
|
|
nfs_src_dir: "{{ koji_hub_nfs }}"
|
|
when: "'releng_compose' or 'releng_compose_eln' in group_names"
|
|
- role: nfs/client
|
|
mnt_dir: '/mnt/koji/ostree'
|
|
nfs_src_dir: 'fedora_ostree_content/ostree'
|
|
when: "'releng_compose' in group_names"
|
|
- role: nfs/client
|
|
mnt_dir: '/mnt/koji/compose/ostree'
|
|
nfs_src_dir: 'fedora_ostree_content/compose/ostree'
|
|
when: "'releng_compose' in group_names"
|
|
- role: nfs/client
|
|
mnt_dir: '/mnt/koji/ostree'
|
|
nfs_src_dir: 'fedora_ostree_content/ostree'
|
|
when: "'releng_compose' in group_names"
|
|
- role: nfs/client
|
|
mnt_dir: '/mnt/koji/compose/ostree'
|
|
nfs_src_dir: 'fedora_ostree_content/compose/ostree'
|
|
when: "'releng_compose' in group_names"
|
|
- role: nfs/client
|
|
mnt_dir: '/pub'
|
|
nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub'
|
|
when: "'releng_compose' or 'releng_compose_eln' in group_names"
|
|
|
|
# staging composer nfs mounts
|
|
|
|
- role: nfs/client
|
|
mnt_dir: '/mnt/fedora_koji_prod'
|
|
nfs_src_dir: "{{ koji_hub_nfs }}"
|
|
mount_stg: true
|
|
nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3"
|
|
when: "'releng_compose_stg' in group_names"
|
|
- role: nfs/client
|
|
mnt_dir: '/mnt/fedora_koji_prod/koji/ostree'
|
|
nfs_src_dir: 'fedora_ostree_content/ostree'
|
|
mount_stg: true
|
|
nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3"
|
|
when: "'releng_compose_stg' in group_names"
|
|
- role: nfs/client
|
|
mnt_dir: '/mnt/fedora_koji_prod/koji/compose/ostree'
|
|
nfs_src_dir: 'fedora_ostree_content/compose/ostree'
|
|
mount_stg: true
|
|
nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3"
|
|
when: "'releng_compose_stg' in group_names"
|
|
|
|
- role: nfs/client
|
|
mnt_dir: '/srv/fedora_ftp_archive'
|
|
nfs_src_dir: 'fedora_ftp_archive'
|
|
when: inventory_hostname.startswith('compose-rawhide')
|
|
#
|
|
# mount archive volumes on composer so we can run the archiving script there.
|
|
#
|
|
- role: nfs/client
|
|
mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive00'
|
|
nfs_src_dir: '/fedora_koji_archive00'
|
|
when: "'releng_compose' in group_names"
|
|
|
|
- role: nfs/client
|
|
mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive01'
|
|
nfs_src_dir: '/fedora_koji_archive01'
|
|
when: "'releng_compose' in group_names"
|
|
|
|
- role: nfs/client
|
|
mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive02'
|
|
nfs_src_dir: '/fedora_koji_archive02'
|
|
when: "'releng_compose' in group_names"
|
|
|
|
- role: nfs/client
|
|
mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive03'
|
|
nfs_src_dir: '/fedora_koji_archive03'
|
|
when: "'releng_compose' in group_names"
|
|
|
|
- role: nfs/client
|
|
mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive04'
|
|
nfs_src_dir: '/fedora_koji_archive04'
|
|
when: "'releng_compose' in group_names"
|
|
|
|
- role: nfs/client
|
|
mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive05'
|
|
nfs_src_dir: '/fedora_koji_archive05'
|
|
when: "'releng_compose' in group_names"
|
|
|
|
- role: nfs/client
|
|
mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive06'
|
|
nfs_src_dir: '/fedora_koji_archive06'
|
|
when: "'releng_compose' in group_names"
|
|
|
|
- role: rabbit/user
|
|
username: "pungi{{ env_suffix }}"
|
|
sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(pungi|compose|logger)\..*
|
|
|
|
- {
|
|
role: "push-container-registry",
|
|
cert_dest_dir: "/etc/docker/certs.d/registry.stg.fedoraproject.org",
|
|
cert_src: "{{private}}/files/docker-registry/staging/pki/issued/containerstable.crt",
|
|
key_src: "{{private}}/files/docker-registry/staging/pki/private/containerstable.key",
|
|
}
|
|
- {
|
|
role: "push-container-registry",
|
|
cert_dest_dir: "/etc/docker/certs.d/registry.fedoraproject.org",
|
|
cert_src: "{{private}}/files/docker-registry/{{env}}/pki/issued/containerstable.crt",
|
|
key_src: "{{private}}/files/docker-registry/{{env}}/pki/private/containerstable.key",
|
|
when: env == "production"
|
|
}
|
|
- {
|
|
role: login-registry,
|
|
candidate_registry: "candidate-registry.stg.fedoraproject.org",
|
|
candidate_registry_osbs_username: "{{candidate_registry_osbs_stg_username}}",
|
|
candidate_registry_osbs_password: "{{candidate_registry_osbs_stg_password}}",
|
|
when: env == "staging"
|
|
}
|
|
- {
|
|
role: login-registry,
|
|
candidate_registry: "candidate-registry.fedoraproject.org",
|
|
candidate_registry_osbs_username: "{{candidate_registry_osbs_prod_username}}",
|
|
candidate_registry_osbs_password: "{{candidate_registry_osbs_prod_password}}",
|
|
when: env == "production"
|
|
}
|
|
- {
|
|
role: login-registry,
|
|
candidate_registry: "quay.io",
|
|
candidate_registry_osbs_username: "{{quay_io_username}}",
|
|
candidate_registry_osbs_password: "{{quay_io_password}}",
|
|
when: env == "production"
|
|
}
|
|
|
|
|
|
tasks:
|
|
# this is how you include other task lists
|
|
- import_tasks: "{{ tasks_path }}/motd.yml"
|
|
|
|
- name: install skopeo and buildah for container management
|
|
package:
|
|
name:
|
|
- skopeo
|
|
- buildah
|
|
tags:
|
|
- containerrebuild
|
|
|
|
- name: install ansible for container automated rebuilds
|
|
package:
|
|
name:
|
|
- ansible
|
|
- python3-dockerfile-parse
|
|
tags:
|
|
- containerrebuild
|
|
|
|
- name: set releng user keytab
|
|
copy:
|
|
src: "{{private}}/files/keytabs/{{env}}/releng"
|
|
dest: /etc/krb5.releng.keytab
|
|
owner: root
|
|
group: "releng-team"
|
|
mode: "0640"
|
|
tags:
|
|
- containerrebuild
|
|
|
|
- name: copy releng ssh key for rebuild fedpkg/distgit pushes
|
|
copy:
|
|
src: "{{private}}/files/releng/sshkeys/container-rebuild-{{env}}"
|
|
dest: /etc/pki/releng
|
|
owner: root
|
|
group: "releng-team"
|
|
mode: "0600"
|
|
tags:
|
|
- containerrebuild
|
|
|
|
- name: place relengpush script for automatic rebuilds
|
|
copy:
|
|
src: "{{files}}/releng/relengpush"
|
|
dest: "/usr/local/bin/relengpush"
|
|
owner: root
|
|
group: "releng-team"
|
|
mode: "0750"
|
|
tags:
|
|
- containerrebuild
|
|
|
|
- name: place relengpush int script for automatic rebuilds
|
|
copy:
|
|
src: "{{files}}/releng/relengpush-int"
|
|
dest: "/usr/local/bin/relengpush-int"
|
|
owner: root
|
|
group: "releng-team"
|
|
mode: "0750"
|
|
tags:
|
|
- containerrebuild
|
|
|
|
|
|
handlers:
|
|
- import_tasks: "{{ handlers_path }}/restart_services.yml"
|