Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
ansible/roles/fedora_nightlies/tasks/main.yml
Adam Williamson 504b8217d3 openqa etc.: use pip for local installs, not setuptools 
On Fedora 39, we ran into an issue with setuptools that isn't
immediately resolvable:
https://github.com/pypa/setuptools/issues/3797#issuecomment-1783613895
using pip like this seems to avoid it.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
2023-10-27 17:23:53 -07:00

153 lines
6 KiB
YAML
Raw Blame History

# This role runs a fedora-messaging consumer to run fedora_nightlies,
# a static site generator that produces a page with links to the
# latest and last-known-good nightly compose images for Branched and
# Rawhide.
#
# Required vars
# - fedora_nightlies_amqp_queue
## string - Message queue name for the consumer. To use the
## fedora-messaging scheduler with public authentication
## on the Fedora production AMQP broker (which is what
## you'd typically want), you only need to set this.
## This should be a unique and private string; the
## official recommendation is to use a random UUID
## generated by uuidgen.
#
# Required vars with defaults
# - fedora_nightlies_amqp_passive
## bool - If true, passive_declares will be set true in all the
## fedora-messaging consumer configuration files. This
## is needed for private authentication on the Fedora
## brokers.
## default - False
# - fedora_nightlies_amqp_url
## string - AMQP broker URL for fedora-messaging event creator.
## The role default for this is the Fedora production
## broker with the shared 'fedora' username.
# - fedora_nightlies_amqp_cacert
## string - CA certificate file to use for authenticating with
## AMQP broker for fedora-messaging event creator.
## The role default for this is the CA cert file for the
## Fedora production broker.
# - fedora_nightlies_amqp_cert
## string - Certificate file to use for authenticating with AMQP
## broker for fedora-messaging event creator. The role
## default for this is the certificate file for the
## public 'fedora' account on the Fedora production
## broker.
# - fedora_nightlies_amqp_key
## string - Private key file to use for authenticating with AMQP
## broker for fedora-messaging event creator. The role
## default for this is the key file for the public
## 'fedora' account on the Fedora production broker.
# - fedora_nightlies_amqp_routing_keys
## list - List of routing key names for the fedora-messaging
## creator to subscribe to. The role default for this
## is the appropriate keys for the Fedora production
## broker.
# - fedora_nightlies_amqp_mailfrom
## string - From email address for error report emails. Defaults
## to "root@{{ external_hostname }}". Only relevant if
## fedora_nightlies_amqp_mailto is set.
# - fedora_nightlies_amqp_smtp
## string - Hostname of SMTP server to use for sending error
## emails. Defaults to 'localhost'. Only relevant if
## fedora_nightlies_amqp_mailto is set.
# - fedora_nightlies_disabled
## bool - If true, don't enable the consumer service. This is
## mainly just for temporary use if something's broken.
## default - False
#
# Optional vars
# - fedora_nightlies_amqp_mailto
## list - List of email addresses to email errors to. If set,
## the email log handler will be configured.
# - deployment_type
## string - Fedora Infrastructure thing; for this role, applies an
## infra-specific tweak to httpd config. Don't set it outside
## Fedora infra.
# - fedora_nightlies_amqp_data_file
## string - Full path of JSON file to generate/read. If not set,
## fedora_nightlies default will be used
# - fedora_nightlies_amqp_html_file
## string - Full path of HTML file to generate. If not set,
## fedora_nightlies default will be used
- name: Install required packages
package:
# 'relval' itself is needed as we call it directly for size
# checking
name: ['python3-fedfind', 'fedora-messaging', 'python3-pip', 'python3-pip', 'python3-openqa_client']
state: present
tags:
- packages
- name: Check out fedora_nightlies
git:
repo: https://pagure.io/fedora_nightlies.git
dest: /root/fedora_nightlies
register: gitfn
- name: Check if fedora_nightlies is installed for current Python
command: "pip show fedora_nightlies"
register: instfn
changed_when: "1 != 1"
failed_when: "1 != 1"
check_mode: no
- name: Install fedora_nightlies
command: "python3 -m pip install /root/fedora_nightlies"
when: "gitfn is changed or instfn.rc != 0"
notify:
- restart fedora_nightlies
- name: Create /etc/pki/fedora-messaging
file:
dest: /etc/pki/fedora-messaging
mode: 0775
owner: root
group: root
state: directory
when: "deployment_type is defined"
tags:
- config
# We always use the openQA production cert and key here for now; we
# don't really need a separate identity for fedora_nightlies.
- name: Deploy the Fedora infra fedora-messaging cert (openQA production)
copy:
src: "{{ private }}/files/rabbitmq/production/pki/issued/openqa.crt"
dest: /etc/pki/fedora-messaging/openqa-cert.pem
mode: 0644
owner: root
group: root
when: "deployment_type is defined"
tags:
- config
# This is kinda icky, as there's no intrinsic reason the group geekotest
# should exist so far as this role is concerned. But as we run this role
# on the same box as openQA, in fact we need to keep the ownership in
# line. This needs making cleaner somehow.
- name: Deploy the Fedora infra fedora-messaging key
copy:
src: "{{ private }}/files/rabbitmq/production/pki/private/openqa.key"
dest: /etc/pki/fedora-messaging/openqa-key.pem
mode: 0640
owner: root
group: geekotest
when: "deployment_type is defined"
tags:
- config
- name: Configure fedora-messaging fedora_nightlies
template: src=fedora_nightlies.toml.j2 dest=/etc/fedora-messaging/fedora_nightlies.toml owner=root group=root mode=0640
notify:
- restart fedora_nightlies
tags:
- config
- name: Enable and start fedora-messaging fedora_nightlies
service: name=fm-consumer@fedora_nightlies enabled=yes state=started
when: not fedora_nightlies_disabled|bool
Reference in a new issue View git blame Copy permalink