Ryan Lerch
62952df107
Replaces many references to file: with ansible.builtin.file Signed-off-by: Ryan Lerch <rlerch@redhat.com>
445 lines
11 KiB
YAML
445 lines
11 KiB
YAML
---
|
|
# tasklist for setting up bodhi/composer (requires bodhi/base)
|
|
# This is the base set of files needed for bodhi/composer
|
|
|
|
# The ftpsync group and user are needed to sync the files to the master mirror
|
|
- name: Add ftpsync group
|
|
group: name=ftpsync gid=263 system=yes state=present
|
|
tags:
|
|
- bodhi
|
|
- name: Add ftpsync user
|
|
user: name=ftpsync uid=263 group=ftpsync createhome=yes system=yes state=present
|
|
tags:
|
|
- bodhi
|
|
|
|
- name: Install needed packages
|
|
package:
|
|
name:
|
|
- bodhi-composer
|
|
- python3-pyramid_sawing
|
|
- sigul
|
|
- fedora-messaging
|
|
# This next one is not strictly needed since bodhi-composer depends on bodhi-server which
|
|
# depends on python3-celery, but since we're depoying a service file calling celery in this
|
|
# role I think it makes sense to require it here instead of assuming a dependency chain.
|
|
- python3-celery
|
|
# This is used to generate zchunk data more efficiently
|
|
- fedora-repo-zdicts
|
|
# The new-updates-sync script uses this
|
|
- ostree
|
|
- pungi-utils
|
|
# Needed for runroot
|
|
- python3-koji-cli-plugins
|
|
# needed to make comps
|
|
- make
|
|
# needed for updates sync
|
|
- rsync
|
|
# For staging the release candidate composes
|
|
- compose-utils
|
|
# for comps
|
|
- python3-xmltodict
|
|
state: present
|
|
tags:
|
|
- packages
|
|
- bodhi
|
|
|
|
- name: Update bodhi composer
|
|
when: env == 'staging'
|
|
package:
|
|
name:
|
|
- bodhi-composer
|
|
state: latest
|
|
tags:
|
|
- packages
|
|
- bodhi
|
|
|
|
|
|
- name: Add apache user to the masher group so it can talk to the monitoring socket
|
|
user: name=apache groups=ftpsync append=yes
|
|
tags:
|
|
- bodhi
|
|
|
|
- name: Put pungi configurations in place
|
|
template: src="{{item}}" dest=/etc/bodhi/{{item}}
|
|
with_items:
|
|
- pungi.module.conf.j2
|
|
- pungi.rpm.conf.j2
|
|
- variants.module.xml.j2
|
|
- variants.rpm.xml.j2
|
|
tags:
|
|
- bodhi
|
|
- bodhi/pungi
|
|
- config
|
|
|
|
- name: Put pungi multilib configuration in place
|
|
copy:
|
|
src: pungi_multilib.conf
|
|
dest: /etc/bodhi/pungi_multilib.conf
|
|
tags:
|
|
- bodhi
|
|
- bodhi/pungi
|
|
- config
|
|
|
|
- name: Put pungi general configuration in place
|
|
copy:
|
|
src: pungi_general.conf
|
|
dest: /etc/bodhi/pungi_general.conf
|
|
tags:
|
|
- bodhi
|
|
- bodhi/pungi
|
|
- config
|
|
|
|
- name: Put createrepo_c configuration in place
|
|
copy:
|
|
src: createrepo_c.ini
|
|
dest: /etc/bodhi/createrepo_c.ini
|
|
tags:
|
|
- bodhi
|
|
- bodhi/pungi
|
|
- config
|
|
|
|
#
|
|
# koji ssl cert for owner sync jobs below
|
|
#
|
|
#
|
|
# cron job that syncs packages to koji
|
|
#
|
|
- name: Put owner-sync-pagure in place
|
|
template: src=owner-sync-pagure.j2 dest=/usr/local/bin/owner-sync-pagure mode="0755"
|
|
tags:
|
|
- config
|
|
- bodhi
|
|
- cron
|
|
|
|
- name: Sync packages from pagure-on-dist-git to koji (all branches)
|
|
# XXX If you modify this taglist. Please also modify the other copy in
|
|
# bodhi2/backend/files/koji_sync_listener.py
|
|
# This cronjob runs only once a day. The listener script runs reactively.
|
|
cron: name="owner-sync" minute="15" hour="4" user="root"
|
|
job="/usr/local/bin/lock-wrapper owner-sync '/usr/local/bin/owner-sync-pagure f42 f41 f40 f39 f39-flatpak epel10.0 epel9 epel9-next epel8'"
|
|
cron_file=update-koji-owner
|
|
user=apache
|
|
when: env == "production"
|
|
tags:
|
|
- bodhi
|
|
- cron
|
|
|
|
- name: Determine Python version
|
|
command:
|
|
argv:
|
|
- python3
|
|
- -c
|
|
- "from sys import version_info as vi; print(f'{vi[0]}.{vi[1]}')"
|
|
register: _python3_version_result
|
|
changed_when: false
|
|
|
|
- name: Set Python version fact
|
|
set_fact:
|
|
py3ver: "{{ _python3_version_result.stdout | trim }}"
|
|
|
|
- name: Put the koji sync listener script in place
|
|
copy:
|
|
src: koji_sync_listener.py
|
|
dest: /usr/lib/python{{ py3ver }}/site-packages/koji_sync_listener.py
|
|
mode: "0644"
|
|
when: env == "production"
|
|
tags:
|
|
- bodhi
|
|
- koji-sync
|
|
|
|
- name: Put the koji sync listener config file in place
|
|
template:
|
|
src: koji_sync_listener.toml
|
|
dest: /etc/fedora-messaging/koji_sync_listener.toml
|
|
when: env == "production"
|
|
notify:
|
|
- reload systemd
|
|
- restart fm-consumer@koji_sync_listener
|
|
tags:
|
|
- bodhi
|
|
- koji-sync
|
|
|
|
- name: Start the fm-consumer@koji_sync_listener service
|
|
service: name=fm-consumer@koji_sync_listener enabled=yes state=started
|
|
when: env == "production"
|
|
tags:
|
|
- bodhi
|
|
- koji-sync
|
|
#
|
|
# cron job that syncs updates to master mirror
|
|
#
|
|
|
|
- name: Put new-updates-sync in place
|
|
copy: src=new-updates-sync dest=/usr/local/bin/new-updates-sync mode="0755"
|
|
when: env == "production"
|
|
tags:
|
|
- config
|
|
- bodhi
|
|
- cron
|
|
|
|
- name: Put bodhi-automated-pushes.py in place
|
|
copy: src=bodhi-automated-pushes.py dest=/usr/local/bin/bodhi-automated-pushes.py mode="0755"
|
|
when: env == "production"
|
|
tags:
|
|
- config
|
|
- bodhi
|
|
- cron
|
|
|
|
# These next two are used by quick-fedora-mirror
|
|
- name: Put update-fullfiletimelist in place
|
|
copy: src="{{ files }}/scripts/update-fullfiletimelist" dest=/usr/local/bin/update-fullfiletimelist mode="0755"
|
|
when: env == "production"
|
|
tags:
|
|
- config
|
|
- bodhi
|
|
- cron
|
|
- name: Add create-filelist script from quick-fedora-mirror
|
|
copy: src="{{ files }}/scripts/create-filelist" dest=/usr/local/bin/create-filelist mode="0755"
|
|
when: env == "production"
|
|
tags:
|
|
- config
|
|
- bodhi
|
|
- cron
|
|
|
|
- name: Set the updates sync cron job
|
|
copy: src=new-updates-sync.cron dest=/etc/cron.d/updates-sync
|
|
when: env == "production"
|
|
tags:
|
|
- config
|
|
- bodhi
|
|
- cron
|
|
|
|
- name: Set the bodhi-automated-pushes cron job
|
|
copy: src=bodhi-automated-pushes.cron dest=/etc/cron.d/bodhi-automated-pushes
|
|
when: env == "production"
|
|
tags:
|
|
- config
|
|
- bodhi
|
|
- cron
|
|
|
|
# This generates https://dl.fedoraproject.org/pub/DIRECTORY_SIZES.txt
|
|
- name: Directory sizes update cron job.
|
|
cron: name="directory-sizes-update" minute="30" hour="19" user="ftpsync"
|
|
job="/usr/bin/find /pub/alt/ /pub/archive/ /pub/fedora-secondary/ /pub/fedora/ /pub/epel/ -type d ! -path '/pub/alt/screenshots/f21/source' | grep -v snapshot | /usr/bin/xargs -n 1 /usr/bin/du --exclude=.snapshot -sh > /tmp/DIRECTORY_SIZES.txt 2> /dev/null; cp /tmp/DIRECTORY_SIZES.txt /pub/"
|
|
cron_file=directory-sizes-update
|
|
when: env == "production"
|
|
tags:
|
|
- config
|
|
- bodhi
|
|
- cron
|
|
|
|
# Bodhi cron jobs, disabled on staging because we replaced them with celery-beat
|
|
|
|
- name: Bodhi-approve-testing cron job.
|
|
cron:
|
|
name: bodhi-approve-testing
|
|
minute: "*/3"
|
|
user: apache
|
|
job: "/usr/bin/bodhi-approve-testing /etc/bodhi/production.ini > /dev/null"
|
|
cron_file: bodhi-approve-testing-job
|
|
state: absent
|
|
tags:
|
|
- config
|
|
- bodhi
|
|
- cron
|
|
|
|
- name: Bodhi-check-policies cron job.
|
|
cron:
|
|
name: bodhi-check-policies
|
|
hour: "*/1"
|
|
minute: "0"
|
|
user: apache
|
|
job: "/usr/bin/bodhi-check-policies >& /dev/null"
|
|
cron_file: bodhi-check-policies-job
|
|
state: absent
|
|
tags:
|
|
- config
|
|
- bodhi
|
|
- cron
|
|
|
|
- name: Bodhi-clean-old-composes cron job.
|
|
cron:
|
|
name: bodhi-clean-old-composes
|
|
hour: "03"
|
|
minute: "03"
|
|
user: root
|
|
job: "/usr/bin/bodhi-clean-old-composes 2>&1 | logger -t bodhi-clean-old-composes"
|
|
cron_file: bodhi-clean-old-composes
|
|
state: absent
|
|
tags:
|
|
- config
|
|
- bodhi
|
|
- cron
|
|
|
|
- name: Bodhi-expire-overrides cron job.
|
|
cron:
|
|
name: bodhi-expire-overrides
|
|
hour: "*"
|
|
minute: "0"
|
|
user: apache
|
|
job: "/usr/bin/bodhi-expire-overrides /etc/bodhi/production.ini 2>&1 | logger -t bodhi-expire-overrides"
|
|
cron_file: bodhi-expire-overrides-job
|
|
state: absent
|
|
tags:
|
|
- config
|
|
- bodhi
|
|
- cron
|
|
|
|
- name: Install logging.yaml
|
|
template: >
|
|
src="{{ roles_path }}/bodhi2/base/templates/logging.yaml.j2"
|
|
dest="/etc/bodhi/logging.yaml"
|
|
owner=apache
|
|
group=apache
|
|
mode="0600"
|
|
tags:
|
|
- config
|
|
- bodhi
|
|
|
|
- name: Install production.ini
|
|
template:
|
|
src: "{{ roles_path }}/bodhi2/base/templates/production.ini.j2"
|
|
dest: /etc/bodhi/production.ini
|
|
owner: apache
|
|
group: apache
|
|
mode: "0600"
|
|
tags:
|
|
- config
|
|
- bodhi
|
|
|
|
- name: Install celeryconfig.py
|
|
template:
|
|
src: "{{ roles_path }}/bodhi2/base/templates/celeryconfig.py.j2"
|
|
dest: /etc/bodhi/celeryconfig.py
|
|
owner: apache
|
|
group: apache
|
|
mode: "0600"
|
|
tags:
|
|
- config
|
|
- bodhi
|
|
|
|
- name: Install fedora-messaging config
|
|
template:
|
|
src: "{{ roles_path }}/bodhi2/base/templates/fedora-messaging.toml.j2"
|
|
dest: /etc/fedora-messaging/config.toml
|
|
owner: apache
|
|
group: apache
|
|
mode: "0600"
|
|
tags:
|
|
- config
|
|
- bodhi
|
|
|
|
- name: Create /etc/pki/fedora-messaging
|
|
ansible.builtin.file:
|
|
dest: /etc/pki/fedora-messaging
|
|
mode: "0775"
|
|
owner: root
|
|
group: root
|
|
state: directory
|
|
tags:
|
|
- bodhi
|
|
|
|
- name: Deploy the fedora-messaging CA
|
|
copy:
|
|
src: "{{ private }}/files/rabbitmq/{{env}}/pki/ca.crt"
|
|
dest: /etc/pki/fedora-messaging/cacert.pem
|
|
mode: "0644"
|
|
owner: apache
|
|
group: apache
|
|
tags:
|
|
- bodhi
|
|
|
|
- name: Deploy the fedora-messaging cert
|
|
copy:
|
|
src: "{{ private }}/files/rabbitmq/{{env}}/pki/issued/bodhi{{env_suffix}}.crt"
|
|
dest: /etc/pki/fedora-messaging/bodhi-cert.pem
|
|
mode: "0644"
|
|
owner: apache
|
|
group: apache
|
|
tags:
|
|
- bodhi
|
|
|
|
- name: Deploy the fedora-messaging key
|
|
copy:
|
|
src: "{{ private }}/files/rabbitmq/{{env}}/pki/private/bodhi{{env_suffix}}.key"
|
|
dest: /etc/pki/fedora-messaging/bodhi-key.pem
|
|
mode: "0600"
|
|
owner: apache
|
|
group: apache
|
|
tags:
|
|
- bodhi
|
|
|
|
- name: Let the ftpsync user also read the fedora-messaging config
|
|
acl: path=/etc/fedora-messaging/config.toml entity=ftpsync etype=user permissions=r-x state=present
|
|
tags:
|
|
- config
|
|
- bodhi
|
|
|
|
- name: Let the ftpsync user also read the fedora-messaging key
|
|
command: /usr/bin/setfacl -m user:ftpsync:rx /etc/pki/fedora-messaging/bodhi-key.pem
|
|
tags:
|
|
- config
|
|
- bodhi
|
|
|
|
- name: Make a mnt/koji link
|
|
ansible.builtin.file: state=link src=/mnt/fedora_koji/koji dest=/mnt/koji force=yes
|
|
tags:
|
|
- bodhi
|
|
|
|
- name: Create /etc/systemd/system/fm-consumer@.service.d
|
|
ansible.builtin.file:
|
|
state: directory
|
|
path: /etc/systemd/system/fm-consumer@.service.d
|
|
owner: root
|
|
group: root
|
|
mode: "0755"
|
|
tags:
|
|
- bodhi
|
|
- config
|
|
|
|
- name: Configure fm-consumer@.service to run as apache
|
|
copy:
|
|
src: fm-consumer@.service
|
|
dest: /etc/systemd/system/fm-consumer@.service.d/local.conf
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
notify:
|
|
- reload systemd
|
|
tags:
|
|
- bodhi
|
|
- config
|
|
|
|
- name: Setup the Celery service
|
|
copy:
|
|
src: bodhi-celery.service
|
|
dest: /etc/systemd/system/bodhi-celery.service
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
notify:
|
|
- reload systemd
|
|
tags:
|
|
- bodhi
|
|
- config
|
|
|
|
- name: Ensure apache is disabled on the backend
|
|
service: name=httpd enabled=no state=stopped
|
|
tags:
|
|
- bodhi
|
|
|
|
- name: Ensure fedora-messaging and celery are enabled and started on the backend
|
|
service:
|
|
name: "{{ item }}"
|
|
enabled: yes
|
|
state: started
|
|
with_items:
|
|
- fm-consumer@config
|
|
- bodhi-celery
|
|
tags:
|
|
- bodhi
|
|
|
|
- name: Set up koji profile
|
|
template: src=kojiprofile.conf dest=/etc/koji.conf.d/bodhi.conf
|
|
tags:
|
|
- bodhi
|