Ryan Lerch
62952df107
Replaces many references to file: with ansible.builtin.file Signed-off-by: Ryan Lerch <rlerch@redhat.com>
405 lines
11 KiB
YAML
405 lines
11 KiB
YAML
---
|
|
- name: Mount fs
|
|
import_tasks: "mount_fs.yml"
|
|
|
|
- name: Setup networking
|
|
import_tasks: "network.yml"
|
|
when: datacenter != 'aws'
|
|
|
|
- name: Create obsrun group for `sign' command
|
|
group: name=obsrun
|
|
|
|
# pre-create copr user and group with predefined uid and gid
|
|
- group: name=copr gid=986
|
|
- user: name=copr group=copr uid=989 groups=obsrun
|
|
|
|
- name: Install copr-backend and copr-selinux
|
|
dnf:
|
|
state: present
|
|
name: copr-backend
|
|
|
|
- name: Add additional packages for copr-backend
|
|
dnf:
|
|
state: present
|
|
name:
|
|
- python3-boto # for aws ansible plugin
|
|
- python3-copr-messaging
|
|
- python3-glanceclient
|
|
- python3-neutronclient
|
|
- python3-keystoneclient
|
|
- python3-dateutil
|
|
- php-cli
|
|
- nfs-utils
|
|
- nagios-plugins-http
|
|
tags:
|
|
- packages
|
|
|
|
# - name: Patch for prunerepo, issue 1090
|
|
# patch: src=patches/prunerepo-dataloss.patch
|
|
# dest=/usr/bin/prunerepo
|
|
# tags: patches
|
|
|
|
- name: Install openstackclient for image preparation
|
|
dnf: state=present name=python3-openstackclient
|
|
when: devel|bool
|
|
|
|
- name: Make copr dirs
|
|
ansible.builtin.file: state=directory path={{ item }}
|
|
with_items:
|
|
- /var/lib/copr/jobs
|
|
- /var/lib/copr/public_html/results
|
|
|
|
- name: Setup dirs there
|
|
ansible.builtin.file: state=directory path="/home/copr/{{ item }}" owner=copr group=copr mode=0700
|
|
with_items:
|
|
- cloud
|
|
- .ssh
|
|
|
|
- name: Setup privkey for copr user
|
|
copy: src="{{ private }}/files/copr/buildsys.priv" dest=/home/copr/.ssh/id_rsa owner=copr group=copr mode=600
|
|
|
|
- name: Setup copr user ssh config file
|
|
template:
|
|
src: "ssh_config.j2"
|
|
dest: /home/copr/.ssh/config
|
|
owner: copr
|
|
group: copr
|
|
mode: "0600"
|
|
tags:
|
|
- backend_to_hv_ssh_config
|
|
- provision_config
|
|
|
|
- name: Check known_hosts file
|
|
command: stat /home/copr/.ssh/known_hosts
|
|
register: hostsstat
|
|
check_mode: no
|
|
changed_when: "1 != 1"
|
|
ignore_errors: yes
|
|
|
|
- name: Create empty known_hosts
|
|
ansible.builtin.file: state=touch dest=/home/copr/.ssh/known_hosts owner=copr group=copr mode=600
|
|
when: hostsstat.rc == 1
|
|
|
|
- name: Replace bashrc for copr user
|
|
copy: src="copr_bashrc" dest=/home/copr/.bashrc owner=copr group=copr mode=600
|
|
|
|
- name: Auth_key so we can login to localhost as the copr user from the copr user
|
|
authorized_key: user=copr key="{{ item }}"
|
|
no_log: true
|
|
with_file:
|
|
- "provision/files/buildsys.pub"
|
|
|
|
- name: Copy .boto file
|
|
copy: src="boto" dest=/home/copr/.boto owner=copr group=copr
|
|
|
|
# setup webserver
|
|
- name: Install lighttpd.conf
|
|
template: src="lighttpd/lighttpd.conf" dest=/etc/lighttpd/lighttpd.conf owner=root group=root mode=0644
|
|
notify:
|
|
- restart lighttpd
|
|
tags:
|
|
- config
|
|
- lighttpd_config
|
|
|
|
- name: Add gzip content-encoding header by lua script
|
|
template: src="lighttpd/content-encoding-gzip-if-exists.lua" dest=/etc/lighttpd/content-encoding-gzip-if-exists.lua owner=root group=root mode=0644
|
|
notify:
|
|
- restart lighttpd
|
|
tags:
|
|
- config
|
|
|
|
- name: Letsencrypt cert
|
|
include_role: name=copr/certbot
|
|
tags:
|
|
- config
|
|
- certbot
|
|
|
|
- name: Allow lighttpd set fds limit
|
|
seboolean: name=httpd_setrlimit state=yes persistent=yes
|
|
|
|
- name: Create directory for compress module of lighttpd
|
|
ansible.builtin.file: path=/var/cache/lighttpd/compress owner=lighttpd group=lighttpd mode=0644 state=directory
|
|
|
|
# mime default to text/plain and enable dirlisting for indexes
|
|
- name: Update lighttpd configs
|
|
copy: src="lighttpd/{{ item }}" dest="/etc/lighttpd/conf.d/{{ item }}" owner=root group=root mode=0644
|
|
with_items:
|
|
- dirlisting.conf
|
|
- mime.conf
|
|
notify:
|
|
- restart lighttpd
|
|
tags:
|
|
- config
|
|
|
|
- name: Install custom lighttpd template for directory listings
|
|
template: src="lighttpd/dir-generator.php.j2" dest="/var/lib/copr/public_html/dir-generator.php" owner=copr group=copr mode=0755
|
|
|
|
- name: Install resalloc CGI script
|
|
copy:
|
|
src: cgi-resalloc
|
|
dest: /var/www/
|
|
setype: httpd_sys_script_exec_t
|
|
mode: "0755"
|
|
|
|
- name: Install the helper scripts for lighttpd log rotation
|
|
copy:
|
|
src: "{{ item }}"
|
|
dest: /usr/local/bin/{{ item }}
|
|
mode: "0755"
|
|
owner: root
|
|
group: root
|
|
with_items:
|
|
- copr-lighty-logger
|
|
- copr-lighty-reopen-logs
|
|
register: logrotate_scripts
|
|
tags: logrotate
|
|
|
|
- name: Fix selinux context on helper scripts
|
|
command: restorecon -irv /usr/local/bin/copr-lighty*
|
|
when: logrotate_scripts.changed
|
|
tags: logrotate
|
|
|
|
- name: Install custom logrotate config for lighttpd
|
|
template: src="logrotate/lighttpd.j2" dest=/etc/logrotate.d/lighttpd owner=root group=root mode=644
|
|
tags: logrotate
|
|
|
|
- name: Start webserver
|
|
service: state=started enabled=yes name=lighttpd
|
|
|
|
# setup dirs for the ansible execution off of provisioning
|
|
# - name: Dirs from provision
|
|
# ansible.builtin.file: state=directory path="/home/copr/provision/{{ item }}" owner=copr group=copr
|
|
# with_items:
|
|
# - action_plugins
|
|
# - library
|
|
# tags:
|
|
# - provision_config
|
|
#
|
|
- name: Calculate the maximum resalloc workers per architecture
|
|
set_fact: "max_{{ item }}_workers={{ builders | community.general.json_query('*.'+item+'[0]') | sum() }}"
|
|
with_items:
|
|
- aarch64
|
|
- ppc64le
|
|
- x86_64
|
|
- s390x
|
|
tags:
|
|
- provision_config
|
|
|
|
- name: Calculate max number of workers
|
|
set_fact: "max_workers={{ max_x86_64_workers|int + max_aarch64_workers|int + max_ppc64le_workers|int + max_s390x_workers|int }}"
|
|
tags:
|
|
- provision_config
|
|
|
|
- name: Print max arch workers
|
|
debug: "var=max_{{ item }}_workers"
|
|
with_items:
|
|
- x86_64
|
|
- aarch64
|
|
- s390x
|
|
- ppc64le
|
|
tags:
|
|
- provision_config
|
|
|
|
- name: Resalloc
|
|
import_tasks: resalloc.yml
|
|
tags:
|
|
- resalloc
|
|
|
|
- name: Put ansible.cfg for all this into /etc/ansible/ on the system
|
|
copy: src="provision/ansible.cfg" dest=/etc/ansible/ansible.cfg
|
|
tags:
|
|
- provision_config
|
|
|
|
- name: Install .ansible.cfg for copr user
|
|
copy: src=ansible.cfg dest=/home/copr/.ansible.cfg
|
|
owner=copr group=copr mode=600
|
|
tags:
|
|
- provision_config
|
|
|
|
- name: Setup provision directory
|
|
include_tasks: setup_provisioning_environment.yml
|
|
vars:
|
|
cloud_vars: true
|
|
provision_directory: /home/copr/provision
|
|
provision_user: copr
|
|
tags:
|
|
- always
|
|
|
|
- name: Copy image preparation scripts
|
|
copy: src="{{ item }}" dest=/usr/local/bin/
|
|
owner=root mode=755
|
|
with_fileglob:
|
|
- copr-builder-image-*.sh
|
|
when: devel|bool
|
|
tags:
|
|
- provision_config
|
|
|
|
- name: Testing fixture
|
|
copy: dest="/home/copr/cloud/ec2rc.variable" content=""
|
|
when: devel|bool
|
|
|
|
- name: Copy copr-be.conf
|
|
template: src="copr-be.conf.j2" dest=/etc/copr/copr-be.conf owner=root group=copr mode=640
|
|
notify:
|
|
- restart copr-backend
|
|
tags:
|
|
- config
|
|
- copr_infrastructure_password
|
|
- provision_config
|
|
|
|
- name: Create messaging config directory
|
|
ansible.builtin.file: dest=/etc/copr/msgbuses state=directory owner=copr group=copr mode=0700
|
|
when: copr_messaging
|
|
tags:
|
|
- config
|
|
|
|
- name: Install messaging config
|
|
template: src="fedora-messaging.conf.j2"
|
|
dest=/etc/copr/msgbuses/fedora-messaging.conf
|
|
owner=copr group=copr mode=0600
|
|
when: copr_messaging
|
|
notify:
|
|
- restart copr-backend
|
|
tags:
|
|
- config
|
|
|
|
- name: Copy sign.conf
|
|
template: src=sign.conf dest=/etc/sign.conf owner=root group=copr mode=640
|
|
tags:
|
|
- config
|
|
|
|
- name: Get owner for results dir
|
|
stat: path=/var/lib/copr/public_html
|
|
check_mode: no
|
|
register: copr_results_dir_st
|
|
|
|
- name: Change owner for results dir if it isn't copr
|
|
shell: "chown -R copr:copr /var/lib/copr/public_html"
|
|
when: '"copr" not in copr_results_dir_st.stat.pw_name'
|
|
|
|
- command: "ls -dZ /var/lib/copr/public_html/"
|
|
register: public_html_ls
|
|
check_mode: no
|
|
changed_when: false
|
|
|
|
- name: Update selinux context for results if root folder does not have proper type
|
|
command: "restorecon -vvRF /var/lib/copr/public_html/"
|
|
when: "public_html_ls is defined and 'copr_data_t' not in public_html_ls.stdout"
|
|
|
|
# - name: Install cert to access fed-cloud09
|
|
# # TODO: remove this when fed-cloud09 receives external cert
|
|
# import_tasks: install_cloud_cert.yml
|
|
|
|
- name: Enable and run copr-backend services
|
|
service: name="{{ item }}" enabled=yes state=started
|
|
when: not services_disabled|bool
|
|
with_items:
|
|
- redis # TODO: .service in copr-backend should depend on redis
|
|
- "{{ copr_backend_target }}"
|
|
|
|
- name: Access.redhat.com offline token file
|
|
set_fact: "rhn_offline_token_file=/var/lib/resallocserver/.access.redhat.com-copr-team"
|
|
tags:
|
|
- clean_rh_subscriptions
|
|
|
|
- name: Install offline token for copr-team in RHSM
|
|
copy:
|
|
content: "{{ copr_red_hat_subscription_offline_token }}"
|
|
dest: "{{ rhn_offline_token_file }}"
|
|
mode: "0600"
|
|
owner: resalloc
|
|
group: resalloc
|
|
tags:
|
|
- clean_rh_subscriptions
|
|
|
|
- name: Install cleanup-unused-vms script
|
|
template:
|
|
src: "{{ item }}"
|
|
dest: /usr/local/bin/{{ item }}
|
|
mode: "0755"
|
|
loop:
|
|
- cleanup-unused-vms-from-redis
|
|
- cleanup-unused-redhat-subscriptions
|
|
tags:
|
|
- clean_rh_subscriptions
|
|
|
|
- name: Setup crontab for VMs
|
|
cron: name="cleanup nova VMs periodically"
|
|
job="/usr/bin/cleanup_vm_nova.py"
|
|
minute="*/20"
|
|
user=copr
|
|
state=absent
|
|
|
|
- name: Setup crontab for cleaning up redis
|
|
cron: name="prune redis VM db periodically"
|
|
job="/usr/local/bin/cleanup-unused-vms-from-redis &>> /var/log/copr-backend/cleanup-redis-vms.log"
|
|
minute="50"
|
|
user=copr
|
|
state=absent
|
|
|
|
- name: Crontab for cleaning resalloc VMs
|
|
cron: name="cleanup nova VMs periodically"
|
|
job="true /usr/local/bin/cleanup-vms-aws-resalloc &>> /var/log/resallocserver/cron-cleanup-vms-aws.log"
|
|
minute="*/10"
|
|
user=resalloc
|
|
state=absent
|
|
|
|
- name: Crontab for cleaning-up unused subscriptions
|
|
cron: name="cleanup unused Red Hat subscribed systems"
|
|
job="/usr/local/bin/cleanup-unused-redhat-subscriptions &>> /var/log/resallocserver/cron-cleanup-rh-subscriptions.log"
|
|
minute="*/30"
|
|
user=resalloc
|
|
tags:
|
|
- clean_rh_subscriptions
|
|
|
|
- name: Setup monitoring
|
|
import_tasks: "monitoring.yml"
|
|
|
|
# Three tasks for handling our custom selinux module
|
|
- name: Ensure a directory exists for our custom selinux module
|
|
ansible.builtin.file: dest=/usr/local/share/copr state=directory
|
|
|
|
- name: Copy over our custom selinux module
|
|
copy: src=selinux/copr_rules.pp dest=/usr/local/share/copr/copr_rules.pp
|
|
register: selinux_module
|
|
|
|
- name: Install our custom selinux module
|
|
command: semodule -i /usr/local/share/copr/copr_rules.pp
|
|
when: selinux_module is changed
|
|
|
|
- name: Setup AWS access
|
|
import_tasks: "aws.yml"
|
|
tags:
|
|
- config
|
|
- aws_config
|
|
|
|
- name: Setup Pulp
|
|
import_tasks: "pulp.yml"
|
|
tags:
|
|
- config
|
|
- pulp
|
|
|
|
- name: Copr-ping-account
|
|
import_tasks: copr-ping.yml
|
|
tags: copr_ping
|
|
|
|
- name: Add lighttpd user to the resalloc group
|
|
user:
|
|
name: lighttpd
|
|
groups: resalloc
|
|
append: yes
|
|
|
|
- name: Install daily custom copr-backend crontab
|
|
copy: src=cron.daily/copr-backend dest=/etc/cron.daily/
|
|
mode=0755
|
|
tags: [cron_tasks]
|
|
|
|
- name: Configure options in node exporter
|
|
lineinfile:
|
|
path: /etc/default/prometheus-node-exporter
|
|
regexp: '^ARGS='
|
|
line: 'ARGS=--collector.systemd'
|
|
backrefs: yes
|
|
notify: restart node_exporter
|
|
tags:
|
|
- prometheus_node_exporter
|