ansible/roles/copr/backend/tasks/main.yml

---
- name: mount fs
  include: "mount_fs.yml"

- name: setup networking
  include: "network.yml"

# BZ 1241507
- name: install copr-backend
  shell: yum-deprecated install -y copr-backend || yum install -y copr-backend
- name: install copr-selinux
  shell: yum-deprecated install -y copr-selinux || yum install -y copr-selinux

- name: add packages for copr backend
  dnf: state=present name={{ item }}
  with_items:
  #- copr-backend
  - python-novaclient
  - python-glanceclient
  - python-neutronclient
  - python-keystoneclient
  - obs-signd  # TODO: remove, since it will be installed as dependency by copr-backend
  - redis  # we need this to start the service in next step
  - python-futures  # remove when new version of copr-backend will be released
  - logstash

- name: make copr dirs
  file: state=directory path={{ item }}
  with_items:
  - /var/lib/copr/jobs
  - /var/lib/copr/public_html/results

- name: setup dirs there
  file: state=directory path="/home/copr/{{ item }}" owner=copr group=copr mode=0700
  with_items:
  - cloud
  - .ssh

- name: add copr-buildsys keys to copr user path
  copy: src="{{ item }}" dest=/home/copr/cloud/ owner=copr group=copr mode=0600
  with_fileglob:
   - "{{ private }}/files/openstack/copr-copr/*"

- name: setup privkey for copr user
  copy: src="{{ private }}/files/copr/buildsys.priv" dest=/home/copr/.ssh/id_rsa owner=copr group=copr mode=600

- name: setup copr user ssh config file
  copy: src="ssh_config" dest=/home/copr/.ssh/config  owner=copr group=copr mode=600

- name: check known_hosts file
  command: stat /home/copr/.ssh/known_hosts
  register: hostsstat
  always_run: yes
  changed_when: "1 != 1"
  ignore_errors: yes

- name: create empty known_hosts
  file: state=touch dest=/home/copr/.ssh/known_hosts owner=copr group=copr mode=600
  when: hostsstat.rc == 1

- name: replace bashrc for copr user
  copy: src="copr_bashrc" dest=/home/copr/.bashrc owner=copr group=copr mode=600

- name: auth_key so we can login to localhost as the copr user from the copr user
  authorized_key: user=copr key="{{ item }}"
  no_log: True
  with_file:
  - "provision/files/buildsys.pub"

- name: copy keystonerc
  template: src="keystonerc" dest=/root/ owner=root group=root mode=600
  when: not devel

- name: copy .boto file
  copy: src="boto" dest=/home/copr/.boto owner=copr group=copr

# setup webserver
- name: add config for copr-repo path
  copy: src="{{ _lighttpd_conf_src }}" dest=/etc/lighttpd/lighttpd.conf owner=root group=root mode=0644
  notify:
  - restart lighttpd

- name: install certificates for production
  when: not devel
  include: "install_certs.yml"

- name: allow lighttpd set fds limit
  seboolean: name=httpd_setrlimit state=yes persistent=yes

- name: create directory for compress module of lighttpd
  file: path=/var/cache/lighttpd/compress owner=lighttpd group=lighttpd mode=0644 state=directory

# mime default to text/plain and enable dirlisting for indexes
- name: update lighttpd configs
  copy: src="lighttpd/{{ item }}" dest="/etc/lighttpd/conf.d/{{ item }}" owner=root group=root mode=0644
  with_items:
  - dirlisting.conf
  - mime.conf
  notify:
  - restart lighttpd

- name: start webserver
  service: state=running enabled=yes name=lighttpd

# setup dirs for the ansible execution off of provisioning
#- name: dirs from provision
#  file: state=directory path="/home/copr/provision/{{ item }}" owner=copr group=copr
#  with_items:
#  - action_plugins
#  - library
#  tags:
#  - provision_config

- name: put ansible.cfg for all this into /etc/ansible/ on the system
  copy: src="provision/ansible.cfg" dest=/etc/ansible/ansible.cfg
  tags:
  - provision_config

- name: put provisioning files
  synchronize: src="provision/" dest="/home/copr/provision/"
  tags:
  - provision_config

- name: put some files into the provision subdir
  template: src="provision/nova_cloud_vars.yml" dest="/home/copr/provision/nova_cloud_vars.yml" owner=copr group=copr
  tags:
  - provision_config

- name: put fedpkg-copr.conf into the provision files
  template: src="provision/fedpkg-copr.conf" dest="/home/copr/provision/files/fedpkg-copr.conf" owner=copr group=copr

- name: testing fixture
  copy: dest="/home/copr/cloud/ec2rc.variable" content=""
  when: devel

- name: copy copr-be.conf
  template: src="copr-be.conf.j2" dest=/etc/copr/copr-be.conf  owner=root group=copr mode=640
  notify:
  - restart copr-backend
  tags:
  - config

- name: copy sign.conf
  template: src=sign.conf dest=/etc/sign.conf  owner=root group=copr mode=640
  tags:
  - config

- name: copy logstash config
  template: src=logstash.d/copr_backend.conf dest=/etc/logstash.d/copr_backend.conf owner=root group=copr
  notify:
  - restart logstash

- name: get owner for results dir
  stat: path=/var/lib/copr/public_html
  register: copr_results_dir_st

- name: change owner for results dir if it isn't copr
  shell: "chown -R copr:copr /var/lib/copr/public_html"
  when: copr_results_dir_st.stat.pw_name != "copr"

- command: "ls -dZ /var/lib/copr/public_html/"
  register: public_html_ls

- name: update selinux context for results if root folder does not have proper type
  command: "restorecon -vvRF /var/lib/copr/public_html/"
  when: public_html_ls is defined and 'copr_data_t' not in  public_html_ls.stdout

- name: install cert to access fed-cloud09
  # TODO: remove this when fed-cloud09 receives external cert
  include: install_cloud_cert.yml

- name: set acl for logstash to access httpd logs
  acl: name=/var/log/lighttpd entity=logstash etype=user permissions=rx state=present

- name: enable and run copr-backend services
  service: name="{{ item }}" enabled=yes state=running
  with_items:
  - redis       # TODO: .service in copr-backend should depend on redis
  - logstash
  - copr-backend

- copy: src="cleanup_vm_nova.py" dest=/home/copr/ mode=755
- copy: src="cleanup_vms.sh" dest=/etc/cron.hourly/copr_cleanup_vms.sh mode=755
- copy: src="cron/restart_logstash.sh" dest=/etc/cron.hourly/restart_logstash.sh mode=755

#- name: copy delete-forgotten-instances.pl
#  copy: src="delete-forgotten-instances.pl" dest=/home/copr/delete-forgotten-instances.pl mode=755

#- name: copy delete-forgotten-instances.cron
#  copy: src="delete-forgotten-instances.cron" dest=/etc/cron.daily/delete-forgotten-instances owner=root group=root mode=755
#  when: not devel

#- name: install script to kill VMs in error state
#  copy: src="instant-instance-killer.sh" dest="/root/"

#- cron: name="kill VMs in error state" minute="*/15"  job="/root/instant-instance-killer.sh"
#  when: not devel

- name: setup monitoring
  include: "monitoring.yml"
[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00			`---`
[copr] try to attach volume to copr-be-dev 2015-04-08 20:22:53 +02:00			`- name: mount fs`
[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00			`include: "mount_fs.yml"`

configure second NIC on copr-be* 2015-04-01 13:32:45 +00:00			`- name: setup networking`
			`include: "network.yml"`

copr: use yum-deprecated as workaround of BZ1241507 2015-11-30 19:44:29 +01:00			`# BZ 1241507`
			`- name: install copr-backend`
			`shell: yum-deprecated install -y copr-backend \|\| yum install -y copr-backend`
install copr-selinux 2016-02-11 09:27:20 +01:00			`- name: install copr-selinux`
			`shell: yum-deprecated install -y copr-selinux \|\| yum install -y copr-selinux`
copr: use yum-deprecated as workaround of BZ1241507 2015-11-30 19:44:29 +01:00
[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00			`- name: add packages for copr backend`
use dnf instead of yum 2016-02-11 09:19:03 +01:00			`dnf: state=present name={{ item }}`
[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00			`with_items:`
copr: use yum-deprecated as workaround of BZ1241507 2015-11-30 19:44:29 +01:00			`#- copr-backend`
[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00			`- python-novaclient`
[copr] preparing for the new cloud ... 2015-04-01 16:06:44 +02:00			`- python-glanceclient`
			`- python-neutronclient`
			`- python-keystoneclient`
[copr] temporary install lib for the new cleanup script 2015-04-14 12:48:23 +02:00			`- obs-signd # TODO: remove, since it will be installed as dependency by copr-backend`
			`- redis # we need this to start the service in next step`
			`- python-futures # remove when new version of copr-backend will be released`
install logstash on copr-be 2016-02-11 09:09:35 +01:00			`- logstash`
[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00
			`- name: make copr dirs`
			`file: state=directory path={{ item }}`
			`with_items:`
			`- /var/lib/copr/jobs`
			`- /var/lib/copr/public_html/results`

			`- name: setup dirs there`
			`file: state=directory path="/home/copr/{{ item }}" owner=copr group=copr mode=0700`
			`with_items:`
			`- cloud`
			`- .ssh`

			`- name: add copr-buildsys keys to copr user path`
			`copy: src="{{ item }}" dest=/home/copr/cloud/ owner=copr group=copr mode=0600`
			`with_fileglob:`
			`- "{{ private }}/files/openstack/copr-copr/*"`

			`- name: setup privkey for copr user`
			`copy: src="{{ private }}/files/copr/buildsys.priv" dest=/home/copr/.ssh/id_rsa owner=copr group=copr mode=600`

			`- name: setup copr user ssh config file`
			`copy: src="ssh_config" dest=/home/copr/.ssh/config owner=copr group=copr mode=600`

Make this touch idempotent 2015-02-23 16:47:35 +00:00			`- name: check known_hosts file`
			`command: stat /home/copr/.ssh/known_hosts`
			`register: hostsstat`
			`always_run: yes`
			`changed_when: "1 != 1"`
[copr] copr/backend fix `check known_hosts file` task 2015-03-18 14:04:33 +01:00			`ignore_errors: yes`
Make this touch idempotent 2015-02-23 16:47:35 +00:00
[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00			`- name: create empty known_hosts`
			`file: state=touch dest=/home/copr/.ssh/known_hosts owner=copr group=copr mode=600`
Make this touch idempotent 2015-02-23 16:47:35 +00:00			`when: hostsstat.rc == 1`
[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00
			`- name: replace bashrc for copr user`
			`copy: src="copr_bashrc" dest=/home/copr/.bashrc owner=copr group=copr mode=600`

			`- name: auth_key so we can login to localhost as the copr user from the copr user`
			`authorized_key: user=copr key="{{ item }}"`
			`no_log: True`
			`with_file:`
			`- "provision/files/buildsys.pub"`

			`- name: copy keystonerc`
			`template: src="keystonerc" dest=/root/ owner=root group=root mode=600`
			`when: not devel`

			`- name: copy .boto file`
			`copy: src="boto" dest=/home/copr/.boto owner=copr group=copr`

			`# setup webserver`
			`- name: add config for copr-repo path`
			`copy: src="{{ _lighttpd_conf_src }}" dest=/etc/lighttpd/lighttpd.conf owner=root group=root mode=0644`
			`notify:`
			`- restart lighttpd`

			`- name: install certificates for production`
			`when: not devel`
			`include: "install_certs.yml"`

make lighttpd happy so it can start 2015-05-19 15:28:33 +02:00			`- name: allow lighttpd set fds limit`
			`seboolean: name=httpd_setrlimit state=yes persistent=yes`

			`- name: create directory for compress module of lighttpd`
			`file: path=/var/cache/lighttpd/compress owner=lighttpd group=lighttpd mode=0644 state=directory`

[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00			`# mime default to text/plain and enable dirlisting for indexes`
			`- name: update lighttpd configs`
			`copy: src="lighttpd/{{ item }}" dest="/etc/lighttpd/conf.d/{{ item }}" owner=root group=root mode=0644`
			`with_items:`
			`- dirlisting.conf`
			`- mime.conf`
			`notify:`
			`- restart lighttpd`

			`- name: start webserver`
			`service: state=running enabled=yes name=lighttpd`

			`# setup dirs for the ansible execution off of provisioning`
[copr] moving to the new cloud ... 2015-04-02 12:59:59 +02:00			`#- name: dirs from provision`
			`# file: state=directory path="/home/copr/provision/{{ item }}" owner=copr group=copr`
			`# with_items:`
			`# - action_plugins`
			`# - library`
			`# tags:`
			`# - provision_config`
[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00
			`- name: put ansible.cfg for all this into /etc/ansible/ on the system`
			`copy: src="provision/ansible.cfg" dest=/etc/ansible/ansible.cfg`
			`tags:`
			`- provision_config`

[copr] fixing path to provision files 2015-04-03 16:19:32 +02:00			`- name: put provisioning files`
copr: synchronize whole /provision/ dir 2016-05-16 14:19:13 +02:00			`synchronize: src="provision/" dest="/home/copr/provision/"`
[copr] fixing path to provision files 2015-04-03 16:19:32 +02:00			`tags:`
			`- provision_config`

[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00			`- name: put some files into the provision subdir`
[copr] provision files should have copr user 2015-04-03 18:01:14 +02:00			`template: src="provision/nova_cloud_vars.yml" dest="/home/copr/provision/nova_cloud_vars.yml" owner=copr group=copr`
[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00			`tags:`
			`- provision_config`

[copr][backend] custom configs for fedpkg-copr 2015-07-28 17:27:32 +02:00			`- name: put fedpkg-copr.conf into the provision files`
			`template: src="provision/fedpkg-copr.conf" dest="/home/copr/provision/files/fedpkg-copr.conf" owner=copr group=copr`

[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00			`- name: testing fixture`
Make this idempotent 2015-06-16 11:17:26 +00:00			`copy: dest="/home/copr/cloud/ec2rc.variable" content=""`
[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00			`when: devel`

			`- name: copy copr-be.conf`
[copr] moving to the new cloud; joined copr-be.conf src template 2015-04-02 15:19:52 +02:00			`template: src="copr-be.conf.j2" dest=/etc/copr/copr-be.conf owner=root group=copr mode=640`
[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00			`notify:`
			`- restart copr-backend`
			`tags:`
			`- config`

[copr] backend: add custom selinux policy for nrpe checks 2015-02-03 01:53:50 +01:00			`- name: copy sign.conf`
[backend] install correct /etc/sign.conf 2014-12-12 17:28:35 +01:00			`template: src=sign.conf dest=/etc/sign.conf owner=root group=copr mode=640`
			`tags:`
			`- config`

[copr] install logstash config and ensure running logstash service 2015-03-31 17:15:09 +02:00			`- name: copy logstash config`
[copr] provision files should have copr user 2015-04-03 18:01:14 +02:00			`template: src=logstash.d/copr_backend.conf dest=/etc/logstash.d/copr_backend.conf owner=root group=copr`
[copr] install logstash config and ensure running logstash service 2015-03-31 17:15:09 +02:00			`notify:`
			`- restart logstash`

move this before we start copr-backend service 2015-05-19 11:50:03 +02:00			`- name: get owner for results dir`
			`stat: path=/var/lib/copr/public_html`
			`register: copr_results_dir_st`

			`- name: change owner for results dir if it isn't copr`
			`shell: "chown -R copr:copr /var/lib/copr/public_html"`
			`when: copr_results_dir_st.stat.pw_name != "copr"`

			`- command: "ls -dZ /var/lib/copr/public_html/"`
			`register: public_html_ls`

			`- name: update selinux context for results if root folder does not have proper type`
			`command: "restorecon -vvRF /var/lib/copr/public_html/"`
			`when: public_html_ls is defined and 'copr_data_t' not in public_html_ls.stdout`

			`- name: install cert to access fed-cloud09`
			`# TODO: remove this when fed-cloud09 receives external cert`
			`include: install_cloud_cert.yml`

			`- name: set acl for logstash to access httpd logs`
			`acl: name=/var/log/lighttpd entity=logstash etype=user permissions=rx state=present`

[copr] install logstash config and ensure running logstash service 2015-03-31 17:15:09 +02:00			`- name: enable and run copr-backend services`
			`service: name="{{ item }}" enabled=yes state=running`
			`with_items:`
			`- redis # TODO: .service in copr-backend should depend on redis`
			`- logstash`
			`- copr-backend`
[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00
[copr] new script to clean up builder VMs 2015-04-13 19:58:59 +02:00			`- copy: src="cleanup_vm_nova.py" dest=/home/copr/ mode=755`
			`- copy: src="cleanup_vms.sh" dest=/etc/cron.hourly/copr_cleanup_vms.sh mode=755`
[copr] restart logstash each hour 2015-08-17 14:55:26 +02:00			`- copy: src="cron/restart_logstash.sh" dest=/etc/cron.hourly/restart_logstash.sh mode=755`
[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00
[copr] new script to clean up builder VMs 2015-04-13 19:58:59 +02:00			`#- name: copy delete-forgotten-instances.pl`
			`# copy: src="delete-forgotten-instances.pl" dest=/home/copr/delete-forgotten-instances.pl mode=755`
[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00
[copr] new script to clean up builder VMs 2015-04-13 19:58:59 +02:00			`#- name: copy delete-forgotten-instances.cron`
			`# copy: src="delete-forgotten-instances.cron" dest=/etc/cron.daily/delete-forgotten-instances owner=root group=root mode=755`
			`# when: not devel`
[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00
[copr] new script to clean up builder VMs 2015-04-13 19:58:59 +02:00			`#- name: install script to kill VMs in error state`
			`# copy: src="instant-instance-killer.sh" dest="/root/"`

			`#- cron: name="kill VMs in error state" minute="*/15" job="/root/instant-instance-killer.sh"`
			`# when: not devel`
[copr] adding nagios check to backend, try 1 2015-01-23 21:01:17 +01:00
[copr] backend: add custom selinux policy for nrpe checks 2015-02-03 01:53:50 +01:00			`- name: setup monitoring`
			`include: "monitoring.yml"`