ansible/playbooks/groups/buildvm.yml

# create a new koji builder
# NOTE: should be used with --limit most of the time
# NOTE: make sure there is room/space for this builder on the buildvmhost
# NOTE: most of these vars_path come from group_vars/buildvm or from hostvars

- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=buildvm:buildvm-stg:buildvm-aarch64:buildvm-ppc64:buildvm-ppc64le:buildppcle:buildppc:buildvm-s390"

- name: make koji builder(s)
  hosts: buildvm:buildvm-stg:buildvm-aarch64:buildvm-ppc64:buildvm-ppc64le:buildppcle:buildppc:buildvm-s390
  user: root
  gather_facts: True

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  pre_tasks:
  - include: "{{ tasks }}/yumrepos.yml"
  - include: "{{ tasks }}/osbs_certs.yml"
  - include: "{{ tasks }}/osbs_repos.yml"

  roles:
  - base
  - hosts
  - apache
  - { role: nfs/client, mnt_dir: '/mnt/fedora_koji',  nfs_src_dir: "{{ koji_hub_nfs }}" }
  - { role: fas_client, when: not inventory_hostname.startswith('bkernel') }
  - { role: sudo, when: not inventory_hostname.startswith('bkernel') }
  - koji_builder
  - role: keytab/service
    kt_location: /etc/kojid/kojid.keytab
    service: compile
    when: env == "staging" or krb_builder
  - {
      role: osbs-client,
        when: env == 'staging' and ansible_architecture == 'x86_64',
        general: {
          verbose: 0,
          build_json_dir: '/usr/share/osbs/',
          openshift_required_version: 1.1.0,
        },
        default: {
          username: "{{ osbs_koji_stg_username }}",
          password: "{{ osbs_koji_stg_password }}",
          use_kerberos: True,
          kerberos_keytab: "/etc/krb5.osbs_{{osbs_url}}",
          kerberos_principal: "osbs/{{osbs_url}}@{{ipa_realm}}",
          openshift_url: 'https://{{ osbs_url }}/',
          registry_uri: 'https://{{ docker_registry }}/v2',
          source_registry_uri: 'https://{{ source_registry }}/v2',
          build_host: '{{ osbs_url }}',
          koji_root: 'http://{{ koji_root }}',
          koji_hub: 'https://koji.stg.fedoraproject.org/kojihub',
          sources_command: 'fedpkg sources',
          build_type: 'prod',
          authoritative_registry: 'registry.example.com',
          vendor: 'Fedora Project',
          verify_ssl: true,
          use_auth: true,
          builder_use_auth: true,
          distribution_scope: 'private',
          registry_api_versions: 'v2',
          builder_openshift_url: 'https://{{osbs_url}}'
        }
    }
  - {
      role: osbs-client,
        when: env == 'production' and ansible_architecture == 'x86_64',
        general: {
          verbose: 0,
          build_json_dir: '/usr/share/osbs/',
          openshift_required_version: 1.1.0,
        },
        default: {
          username: "{{ osbs_koji_prod_username }}",
          password: "{{ osbs_koji_prod_password }}",
          koji_certs_secret: "koji",
          openshift_url: 'https://{{ osbs_url }}/',
          registry_uri: 'https://{{ docker_registry }}/v2',
          source_registry_uri: 'https://{{ source_registry }}/v2',
          build_host: '{{ osbs_url }}',
          koji_root: 'http://{{ koji_root }}',
          koji_hub: 'https://koji.fedoraproject.org/kojihub',
          sources_command: 'fedpkg sources',
          build_type: 'prod',
          authoritative_registry: 'registry.example.com',
          vendor: 'Fedora Project',
          verify_ssl: true,
          use_auth: true,
          builder_use_auth: true,
          distribution_scope: 'private',
          registry_api_versions: 'v2',
          builder_openshift_url: 'https://172.17.0.1:8443/'
        }
    }

  tasks:
  - include: "{{ tasks }}/2fa_client.yml"
    when: not inventory_hostname.startswith('bkernel')
  - include: "{{ tasks }}/motd.yml"
    when: not inventory_hostname.startswith('bkernel')

  - name: make sure kojid is running
    service: name=kojid state=running enabled=yes

  handlers:
  - include: "{{ handlers }}/restart_services.yml"
Round 2: add koji-containerbuild plugin 2016-02-18 13:57:27 -06:00			`# create a new koji builder`
initial commit of koji/make_builder playbook which replaces the new_builder builder script in a shockingly small amount of playbook code 2013-05-01 22:28:12 +00:00			`# NOTE: should be used with --limit most of the time`
			`# NOTE: make sure there is room/space for this builder on the buildvmhost`
vars is reserved, use vars_path for variable path 2014-01-06 17:49:22 +00:00			`# NOTE: most of these vars_path come from group_vars/buildvm or from hostvars`
initial commit of koji/make_builder playbook which replaces the new_builder builder script in a shockingly small amount of playbook code 2013-05-01 22:28:12 +00:00
add buildvm-aarch64 to include 2016-09-03 11:00:36 +00:00			`- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=buildvm:buildvm-stg:buildvm-aarch64:buildvm-ppc64:buildvm-ppc64le:buildppcle:buildppc:buildvm-s390"`
Fix up buildvm playbook to build first. 2013-08-27 16:37:42 +00:00
			`- name: make koji builder(s)`
AltArch: add initial buildvm-aarch64 configs 2016-09-01 09:29:50 +00:00			`hosts: buildvm:buildvm-stg:buildvm-aarch64:buildvm-ppc64:buildvm-ppc64le:buildppcle:buildppc:buildvm-s390`
Fix up buildvm playbook to build first. 2013-08-27 16:37:42 +00:00			`user: root`
			`gather_facts: True`

Round 2: add koji-containerbuild plugin 2016-02-18 13:57:27 -06:00			`vars_files:`
initial commit of koji/make_builder playbook which replaces the new_builder builder script in a shockingly small amount of playbook code 2013-05-01 22:28:12 +00:00			`- /srv/web/infra/ansible/vars/global.yml`
New ansible doesn't like expanding {{ private }} in the same list of vars files it's defined in. 2015-01-09 22:59:18 +00:00			`- "/srv/private/ansible/vars.yml"`
Hard code vars_path for now. 2014-01-06 18:22:18 +00:00			`- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml`
initial commit of koji/make_builder playbook which replaces the new_builder builder script in a shockingly small amount of playbook code 2013-05-01 22:28:12 +00:00
Move yumrepos setup to pre_tasks 2015-11-07 20:11:23 +00:00			`pre_tasks:`
			`- include: "{{ tasks }}/yumrepos.yml"`
add osbs ca to stage koji 2016-03-07 22:09:45 +00:00			`- include: "{{ tasks }}/osbs_certs.yml"`
refactor how osbs copr repos are handled for stage Signed-off-by: Adam Miller <admiller@redhat.com> 2016-04-14 16:03:02 +00:00			`- include: "{{ tasks }}/osbs_repos.yml"`
Move yumrepos setup to pre_tasks 2015-11-07 20:11:23 +00:00
include base role in builders 2013-08-27 05:22:42 +00:00			`roles:`
Now that we have roles_path, drop the long path on all the roles. 2014-01-23 17:12:40 +00:00			`- base`
Move hosts to a role and put it before fas_client so initial runs can find admin. 2014-06-23 00:49:31 +00:00			`- hosts`
Add apache here, it's needed now before koji_builder makes things owned by apache 2015-10-20 18:51:33 +00:00			`- apache`
buildvm buildhw: move the koji NFS mounts to a variable to simplify the playbook mount logic 2016-04-13 10:42:15 +00:00			`- { role: nfs/client, mnt_dir: '/mnt/fedora_koji', nfs_src_dir: "{{ koji_hub_nfs }}" }`
install fas on sudoers ina different way on all builders except the bkernel ones 2015-03-24 16:37:31 +00:00			`- { role: fas_client, when: not inventory_hostname.startswith('bkernel') }`
			`- { role: sudo, when: not inventory_hostname.startswith('bkernel') }`
builders: run keytab/service after kojid is installed because it needs /etc/kojid/ to be there 2016-11-03 19:03:17 +00:00			`- koji_builder`
No longer use dependencies Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> 2016-10-28 12:41:26 +00:00			`- role: keytab/service`
			`kt_location: /etc/kojid/kojid.keytab`
			`service: compile`
Allow specifying krb_builder to setup a builder as using krb Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> 2016-11-03 12:58:24 +00:00			`when: env == "staging" or krb_builder`
Round 2: add koji-containerbuild plugin 2016-02-18 13:57:27 -06:00			`- {`
			`role: osbs-client,`
only add osbs-client to x86_64 machines for now Signed-off-by: Adam Miller <admiller@redhat.com> 2016-07-12 22:36:02 +00:00			`when: env == 'staging' and ansible_architecture == 'x86_64',`
Round 2: add koji-containerbuild plugin 2016-02-18 13:57:27 -06:00			`general: {`
			`verbose: 0,`
			`build_json_dir: '/usr/share/osbs/',`
			`openshift_required_version: 1.1.0,`
			`},`
			`default: {`
enable osbs-client auth in stage koji builders/hub 2016-03-03 10:14:49 -06:00			`username: "{{ osbs_koji_stg_username }}",`
			`password: "{{ osbs_koji_stg_password }}",`
set osbs to use krb5 for koji auth instead of ssl certs Signed-off-by: Adam Miller <admiller@redhat.com> 2016-11-23 21:34:27 +00:00			`use_kerberos: True,`
			`kerberos_keytab: "/etc/krb5.osbs_{{osbs_url}}",`
			`kerberos_principal: "osbs/{{osbs_url}}@{{ipa_realm}}",`
			`openshift_url: 'https://{{ osbs_url }}/',`
Revert "testing registry uri in staging OSBS" This reverts commit ef6ad2cf1e4d9b45082b45ce2da6d500f8192019. 2016-11-14 18:17:28 +00:00			`registry_uri: 'https://{{ docker_registry }}/v2',`
			`source_registry_uri: 'https://{{ source_registry }}/v2',`
set osbs to use krb5 for koji auth instead of ssl certs Signed-off-by: Adam Miller <admiller@redhat.com> 2016-11-23 21:34:27 +00:00			`build_host: '{{ osbs_url }}',`
Round 2: add koji-containerbuild plugin 2016-02-18 13:57:27 -06:00			`koji_root: 'http://{{ koji_root }}',`
populate koji_hub value for osbs-client role in builders and hub Signed-off-by: Adam Miller <admiller@redhat.com> 2016-07-12 21:41:32 +00:00			`koji_hub: 'https://koji.stg.fedoraproject.org/kojihub',`
Round 2: add koji-containerbuild plugin 2016-02-18 13:57:27 -06:00			`sources_command: 'fedpkg sources',`
			`build_type: 'prod',`
			`authoritative_registry: 'registry.example.com',`
			`vendor: 'Fedora Project',`
only osbs-client on buildvm (just schedules with osbs) and koji-hub (status checking), ssl_verify everywhere, enable in prod Signed-off-by: Adam Miller <admiller@redhat.com> 2016-07-12 21:19:42 +00:00			`verify_ssl: true,`
			`use_auth: true,`
			`builder_use_auth: true,`
			`distribution_scope: 'private',`
			`registry_api_versions: 'v2',`
set osbs to use krb5 for koji auth instead of ssl certs Signed-off-by: Adam Miller <admiller@redhat.com> 2016-11-23 21:34:27 +00:00			`builder_openshift_url: 'https://{{osbs_url}}'`
only osbs-client on buildvm (just schedules with osbs) and koji-hub (status checking), ssl_verify everywhere, enable in prod Signed-off-by: Adam Miller <admiller@redhat.com> 2016-07-12 21:19:42 +00:00			`}`
			`}`
			`- {`
			`role: osbs-client,`
only add osbs-client to x86_64 machines for now Signed-off-by: Adam Miller <admiller@redhat.com> 2016-07-12 22:36:02 +00:00			`when: env == 'production' and ansible_architecture == 'x86_64',`
only osbs-client on buildvm (just schedules with osbs) and koji-hub (status checking), ssl_verify everywhere, enable in prod Signed-off-by: Adam Miller <admiller@redhat.com> 2016-07-12 21:19:42 +00:00			`general: {`
			`verbose: 0,`
			`build_json_dir: '/usr/share/osbs/',`
			`openshift_required_version: 1.1.0,`
			`},`
			`default: {`
			`username: "{{ osbs_koji_prod_username }}",`
			`password: "{{ osbs_koji_prod_password }}",`
			`koji_certs_secret: "koji",`
set osbs to use krb5 for koji auth instead of ssl certs Signed-off-by: Adam Miller <admiller@redhat.com> 2016-11-23 21:34:27 +00:00			`openshift_url: 'https://{{ osbs_url }}/',`
only osbs-client on buildvm (just schedules with osbs) and koji-hub (status checking), ssl_verify everywhere, enable in prod Signed-off-by: Adam Miller <admiller@redhat.com> 2016-07-12 21:19:42 +00:00			`registry_uri: 'https://{{ docker_registry }}/v2',`
osbs: add source_registry var, but don't enable candidate in prod yet Signed-off-by: Adam Miller <admiller@redhat.com> 2016-08-30 18:06:47 +00:00			`source_registry_uri: 'https://{{ source_registry }}/v2',`
set osbs to use krb5 for koji auth instead of ssl certs Signed-off-by: Adam Miller <admiller@redhat.com> 2016-11-23 21:34:27 +00:00			`build_host: '{{ osbs_url }}',`
only osbs-client on buildvm (just schedules with osbs) and koji-hub (status checking), ssl_verify everywhere, enable in prod Signed-off-by: Adam Miller <admiller@redhat.com> 2016-07-12 21:19:42 +00:00			`koji_root: 'http://{{ koji_root }}',`
populate koji_hub value for osbs-client role in builders and hub Signed-off-by: Adam Miller <admiller@redhat.com> 2016-07-12 21:41:32 +00:00			`koji_hub: 'https://koji.fedoraproject.org/kojihub',`
only osbs-client on buildvm (just schedules with osbs) and koji-hub (status checking), ssl_verify everywhere, enable in prod Signed-off-by: Adam Miller <admiller@redhat.com> 2016-07-12 21:19:42 +00:00			`sources_command: 'fedpkg sources',`
			`build_type: 'prod',`
			`authoritative_registry: 'registry.example.com',`
			`vendor: 'Fedora Project',`
			`verify_ssl: true,`
enable osbs-client auth in stage koji builders/hub 2016-03-03 10:14:49 -06:00			`use_auth: true,`
Round 2: add koji-containerbuild plugin 2016-02-18 13:57:27 -06:00			`builder_use_auth: true,`
			`distribution_scope: 'private',`
			`registry_api_versions: 'v2',`
			`builder_openshift_url: 'https://172.17.0.1:8443/'`
			`}`
			`}`
include base role in builders 2013-08-27 05:22:42 +00:00
initial commit of koji/make_builder playbook which replaces the new_builder builder script in a shockingly small amount of playbook code 2013-05-01 22:28:12 +00:00			`tasks:`
install fas on sudoers ina different way on all builders except the bkernel ones 2015-03-24 16:37:31 +00:00			`- include: "{{ tasks }}/2fa_client.yml"`
			`when: not inventory_hostname.startswith('bkernel')`
			`- include: "{{ tasks }}/motd.yml"`
			`when: not inventory_hostname.startswith('bkernel')`
- move to task-based includes for builder tasks 2013-05-03 17:33:50 +00:00
Change this to just running. 2014-01-25 19:42:21 +00:00			`- name: make sure kojid is running`
Make sure kojid is enabled and running on buildhw as well as buildvm 2015-11-20 01:58:06 +00:00			`service: name=kojid state=running enabled=yes`
Move kojid restart to after hosts file setup task 2014-01-25 19:39:56 +00:00
- move to task-based includes for builder tasks 2013-05-03 17:33:50 +00:00			`handlers:`
Fix old variable usage. Patch from janeznemanic. Thanks! 2014-01-01 19:15:11 +00:00			`- include: "{{ handlers }}/restart_services.yml"`