ansible/roles/copr/hypervisor/tasks/main.yml
Jiri Kyjovsky 2dc4a6b5c0 copr/hv: delete logs older than 30 days
We have old RHEL 8 on hypervisors where is old version of virtlogd, not
having the max_age log rotation feature, thus doing this manually.
2025-05-05 11:27:53 +02:00

212 lines
5.9 KiB
YAML

---
- name: OpenStack package repository for RHEL8, noarch only
ansible.builtin.copy:
content: |
[openstack-for-rhel8]
name = RHEL OpenStack RPMs
baseurl = https://infrastructure.fedoraproject.org/repo/rhel/rhel8/other/rhel-8-x86_64-openstack-16-rpms/
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
enabled=1
gpgcheck=1
exclude=*x86_64*
dest: /etc/yum.repos.d/openstack.repo
tags:
- config
- openstack
# - name: Enable swap in fstab
# mount: name=none src=LABEL=swap
# fstype=swap opts=sw passno=0 dump=0
# state=present
# register: fstab_swap_entry
# tags: swap
# - name: Mount the swap
# ansible.builtin.shell: swapon -a
# when: fstab_swap_entry.changed
# tags: swap
- name: Install the default profile script
ansible.builtin.copy: src=profile.sh dest=/etc/profile.d/copr-hypervisor.sh
tags: profile_scripts
- name: Install libvirt packages
ansible.builtin.package: name={{ item }} state=present
with_items:
- qemu-kvm
- libguestfs-tools-c
- libvirt
- libvirt-daemon
- podman
- virt-install
- python3-glanceclient
tags:
- openstack
- packages
- libvirtd
- name: Install libvirtd.conf
ansible.builtin.copy: src="{{ files }}/virthost/libvirtd.conf" dest=/etc/libvirt/libvirtd.conf
notify:
- Restart libvirtd
tags:
- libvirtd
- config
- set_fact: image_pool_dir=/libvirt-images image_pool_name=images
tags: libvirtd
- name: Create libvirt image directory
ansible.builtin.file: path={{ image_pool_dir }}
owner=qemu group=qemu mode=ug=rwx,g+s
state=directory
tags: libvirtd
- name: Mount libvirt image partition
mount: name={{ image_pool_dir }} src='LABEL=vmvolumes'
fstype=ext4 state=mounted
tags: libvirtd
- name: Correct selinux
sefcontext:
target: "{{ image_pool_dir }}(/.*)?"
setype: virt_image_t
state: present
register: semanage_run
tags: libvirtd
- name: Restorecon
ansible.builtin.shell: restorecon -irv "{{ image_pool_dir }}"
when: semanage_run.changed
tags: libvirtd
- name: Check host-bridge in libvirt
ansible.builtin.shell: virsh net-info host-bridge
register: libvirt_bridge_exists
failed_when: false
changed_when: libvirt_bridge_exists.rc != 0
tags: libvirtd
- name: Copy host-bridge config file to host
ansible.builtin.copy: src=libvirt-net-bridge.xml
dest=/root/.tmp-ansible-file.xml
when: libvirt_bridge_exists.changed
tags: libvirtd
- name: Define host-bridge in libvirt
ansible.builtin.shell: |
virsh net-define /root/.tmp-ansible-file.xml
virsh net-start host-bridge
virsh net-autostart host-bridge
when: libvirt_bridge_exists.changed
notify: Restart libvirtd
tags: libvirtd
- name: Check if image pool exists
ansible.builtin.shell: virsh pool-info "{{ image_pool_name }}"
register: libvirt_pool_exists
failed_when: false
changed_when: libvirt_pool_exists.rc != 0
tags: libvirtd
- name: Copy image pool config file to host
ansible.builtin.template: src=libvirt-pool-images.xml
dest=/root/.tmp-ansible-file.xml
when: libvirt_pool_exists.changed
tags: libvirtd
- name: Define image pool in libvirt
ansible.builtin.shell: |
virsh pool-define /root/.tmp-ansible-file.xml
virsh pool-start "{{ image_pool_name }}"
virsh pool-autostart "{{ image_pool_name }}"
when: libvirt_pool_exists.changed
notify: Restart libvirtd
tags: libvirtd
- name: Allow copr user controlling libvirt
ini_file:
path: /usr/lib/systemd/system/libvirtd.socket
section: Socket
option: SocketGroup
value: libvirt
backup: yes
notify:
- Reload systemd
- Restart libvirtd.socket
tags: libvirtd
- name: Create the copr user
user: name=copr uid=11666 group=libvirt groups=qemu password_lock=true
- name: Assure that copr-be can ssh there as copr@...
authorized_key: user=copr key="{{ item }}"
with_file:
- buildsys.pub
- name: Add @copr keys for sysadmin-main and other allowed users
authorized_key: user=copr key="{{ item }}"
with_lines:
- "{{ auth_keys_from_fas }} @sysadmin-copr"
tags:
- copr_admins
- config
- sshkeys
# todo: generate it's own key
- name: Make sure hostA can ssh to hostB
ansible.builtin.copy:
src: "{{ private }}/files/copr/buildsys.priv"
dest: /home/copr/.ssh/id_rsa
owner: copr
mode: "0600"
- name: Provide pub key, too, so we can install them to generated builder images
ansible.builtin.copy: src=buildsys.pub dest=/home/copr/.ssh/id_rsa.pub
owner=copr mode=0600
- name: Enable praiskup-helpers repo
community.general.copr:
state: enabled
name: praiskup/helpers
# TODO: fix error in the Copr Ansible module:
# Chroot rhel-8.5-ppc64le does not exist in praiskup/helpers
chroot: "{{ 'epel-8-x86_64' if ansible_distribution != 'Fedora' else 'fedora-38-x86_64' }}"
tags:
- update_helpers
- packages
- name: Install the latest helper package
ansible.builtin.package: name=praiskup-helpers state=latest
tags:
- update_helpers
- packages
- name: Install configuration for /bin/copr-image
ansible.builtin.copy:
dest: /etc/eimg/eimg.sh
content: |
EIMG_COPR_PLAYBOOK_DIR=/home/copr/provision
EIMG_COPR_PLAYBOOK=local-image-update.yml
EIMG_FINAL_SYSPREP_ARGS=(--ssh-inject "root:file:$HOME/.ssh/id_rsa.pub"
--run-command "chcon -v -R -h system_u:object_r:ssh_home_t:s0 /root/.ssh" )
EIMG_ANSIBLE_IN_CONTAINER=:
tags:
provision_config
- name: Setup provision directory
include_tasks: "{{ roles_path }}/copr/backend/tasks/setup_provisioning_environment.yml"
vars:
provision_directory: /home/copr/provision
provision_user: copr
tags: always
- name: Ensure weekly cleanup of virtlogd/qemu logs older than 30 days
ansible.builtin.cron:
name: "Cleanup old virtlogd-qemu logs"
minute: 0
hour: 3
weekday: 1
user: root
job: |
find /var/log/libvirt/qemu -maxdepth 1 -type f -name '*.log' -mtime +30 -delete