ansible/roles/copr/backend/tasks/main.yml

---
- name: mount fs
  import_tasks: "mount_fs.yml"

- name: setup networking
  import_tasks: "network.yml"

- name: create obsrun group for `sign' command
  group: name=obsrun

# pre-create copr user and group with predefined uid and gid
- group: name=copr gid=986
- user: name=copr group=copr uid=989 groups=obsrun

- name: install copr-backend and copr-selinux
  dnf:
    state: present
    name: copr-backend

- name: add additional packages for copr-backend
  dnf:
    state: present
    name:
      - python3-glanceclient
      - python3-neutronclient
      - python3-keystoneclient
      - php-cli
      - cronolog

# disable this in favor of excluding it in /etc/dnf/dnf.conf. 
# https://github.com/ansible/ansible/issues/33187
#- name: install python2-novaclient version that actually works with the current OpenStack deployment
#  dnf: state=present name=https://kojipkgs.fedoraproject.org/packages/python-novaclient/3.3.1/3.fc25/noarch/python3-novaclient-3.3.1-3.fc25.noarch.rpm

- name: make copr dirs
  file: state=directory path={{ item }}
  with_items:
  - /var/lib/copr/jobs
  - /var/lib/copr/public_html/results

- name: setup dirs there
  file: state=directory path="/home/copr/{{ item }}" owner=copr group=copr mode=0700
  with_items:
  - cloud
  - .ssh

- name: add copr-buildsys keys to copr user path
  copy: src="{{ item }}" dest=/home/copr/cloud/ owner=copr group=copr mode=0600
  with_fileglob:
   - "{{ private }}/files/openstack/copr-copr/*"

- name: setup privkey for copr user
  copy: src="{{ private }}/files/copr/buildsys.priv" dest=/home/copr/.ssh/id_rsa owner=copr group=copr mode=600

- name: setup copr user ssh config file
  copy: src="ssh_config" dest=/home/copr/.ssh/config  owner=copr group=copr mode=600

- name: check known_hosts file
  command: stat /home/copr/.ssh/known_hosts
  register: hostsstat
  check_mode: no
  changed_when: "1 != 1"
  ignore_errors: yes

- name: create empty known_hosts
  file: state=touch dest=/home/copr/.ssh/known_hosts owner=copr group=copr mode=600
  when: hostsstat.rc == 1

- name: replace bashrc for copr user
  copy: src="copr_bashrc" dest=/home/copr/.bashrc owner=copr group=copr mode=600

- name: auth_key so we can login to localhost as the copr user from the copr user
  authorized_key: user=copr key="{{ item }}"
  no_log: True
  with_file:
  - "provision/files/buildsys.pub"

- name: copy keystonerc
  template: src="keystonerc" dest=/root/ owner=root group=root mode=600
  when: not devel

- name: copy .boto file
  copy: src="boto" dest=/home/copr/.boto owner=copr group=copr

# setup webserver
- name: add access_log.conf for lighttpd
  copy: src="lighttpd/access_log.conf" dest=/etc/lighttpd/conf.d/access_log.conf owner=root group=root mode=0644
  notify:
  - restart lighttpd

- name: add config for copr-repo path
  copy: src="{{ _lighttpd_conf_src }}" dest=/etc/lighttpd/lighttpd.conf owner=root group=root mode=0644
  notify:
  - restart lighttpd

- name: install certificates for production
  when: not devel
  import_tasks: "install_certs.yml"

- name: letsencrypt cert
  import_tasks: "letsencrypt.yml"
  when: devel
  tags:
  - config

- name: allow lighttpd set fds limit
  seboolean: name=httpd_setrlimit state=yes persistent=yes

- name: create directory for compress module of lighttpd
  file: path=/var/cache/lighttpd/compress owner=lighttpd group=lighttpd mode=0644 state=directory

# mime default to text/plain and enable dirlisting for indexes
- name: update lighttpd configs
  copy: src="lighttpd/{{ item }}" dest="/etc/lighttpd/conf.d/{{ item }}" owner=root group=root mode=0644
  with_items:
  - dirlisting.conf
  - mime.conf
  notify:
  - restart lighttpd

- name: provisional copr-backend cron.weekly job
  copy: src="cron.weekly/copr-backend" dest="/etc/cron.weekly/copr-backend" owner=root group=root mode=0644

- name: install custom lighttpd template for directory listings
  template: src="lighttpd/dir-generator.php.j2" dest="/var/lib/copr/public_html/dir-generator.php" owner=copr group=copr mode=0755

- name: install custom logrotate config for lighttpd
  template: src="logrotate/lighttpd.j2" dest=/etc/logrotate.d/lighttpd owner=root group=root mode=644

- name: start webserver
  service: state=started enabled=yes name=lighttpd

# setup dirs for the ansible execution off of provisioning
#- name: dirs from provision
#  file: state=directory path="/home/copr/provision/{{ item }}" owner=copr group=copr
#  with_items:
#  - action_plugins
#  - library
#  tags:
#  - provision_config

- name: resalloc
  import_tasks: resalloc.yml
  tags:
  - resalloc

- name: put ansible.cfg for all this into /etc/ansible/ on the system
  copy: src="provision/ansible.cfg" dest=/etc/ansible/ansible.cfg
  tags:
  - provision_config

- name: put provisioning files
  synchronize: src="provision/" dest="/home/copr/provision/"
  tags:
  - provision_config

- name: put some files into the provision subdir
  template:
    src: "provision/{{ item }}"
    dest: "/home/copr/provision/{{ item }}"
  with_items:
  - vars.yml
  - nova_cloud_vars.yml
  tags:
  - provision_config

- name: put copr-rpmbuild configuration file into the provision subdir
  template: src="provision/copr-rpmbuild/main.ini.j2" dest="/home/copr/provision/files/main.ini" owner=copr group=copr
  tags:
  - provision_config

- name: put rpkg configuration file into the provision subdir
  template: src="provision/rpkg.conf.j2" dest="/home/copr/provision/files/rpkg.conf" owner=copr group=copr
  tags:
  - provision_config

- name: testing fixture
  copy: dest="/home/copr/cloud/ec2rc.variable" content=""
  when: devel

- name: copy copr-be.conf
  template: src="copr-be.conf.j2" dest=/etc/copr/copr-be.conf  owner=root group=copr mode=640
  notify:
  - restart copr-backend
  tags:
  - config

- name: copy sign.conf
  template: src=sign.conf dest=/etc/sign.conf  owner=root group=copr mode=640
  tags:
  - config

- name: get owner for results dir
  stat: path=/var/lib/copr/public_html
  check_mode: no
  register: copr_results_dir_st

- name: change owner for results dir if it isn't copr
  shell: "chown -R copr:copr /var/lib/copr/public_html"
  when: '"copr" not in copr_results_dir_st.stat.pw_name'

- command: "ls -dZ /var/lib/copr/public_html/"
  register: public_html_ls
  check_mode: no
  changed_when: False

- name: update selinux context for results if root folder does not have proper type
  command: "restorecon -vvRF /var/lib/copr/public_html/"
  when: "public_html_ls is defined and 'copr_data_t' not in  public_html_ls.stdout"

- name: install cert to access fed-cloud09
  # TODO: remove this when fed-cloud09 receives external cert
  import_tasks: install_cloud_cert.yml

- name: enable and run copr-backend services
  service: name="{{ item }}" enabled=yes state=started
  with_items:
  - redis       # TODO: .service in copr-backend should depend on redis
  - copr-backend

- copy: src="cleanup_vm_nova.py" dest=/home/copr/ mode=755

- copy: src="cleanup_vms.sh" dest=/etc/cron.hourly/copr_cleanup_vms.sh mode=755
  when: not devel

- name: setup monitoring
  import_tasks: "monitoring.yml"

# Three tasks for handling our custom selinux module
- name: ensure a directory exists for our custom selinux module
  file: dest=/usr/local/share/copr state=directory

- name: copy over our custom selinux module
  copy: src=selinux/copr_rules.pp dest=/usr/local/share/copr/copr_rules.pp
  register: selinux_module

- name: install our custom selinux module
  command: semodule -i /usr/local/share/copr/copr_rules.pp
  when: selinux_module is changed

- name: disable swap mount in fstab
  mount:
   path: none
   src: /dev/vdb
   fstype: swap
   state: absent

- name: disable swap so that OOM killer can do his job
  command: "{{ item }}"
  with_items:
  - swapoff -a
[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00			`---`
[copr] try to attach volume to copr-be-dev 2015-04-08 20:22:53 +02:00			`- name: mount fs`
switch all the include tasks to import tasks 2017-10-17 17:37:03 +00:00			`import_tasks: "mount_fs.yml"`
[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00
configure second NIC on copr-be* 2015-04-01 13:32:45 +00:00			`- name: setup networking`
switch all the include tasks to import tasks 2017-10-17 17:37:03 +00:00			`import_tasks: "network.yml"`
configure second NIC on copr-be* 2015-04-01 13:32:45 +00:00
copr-be: make sure that obsrun group is available 2019-07-11 16:15:32 +02:00			- name: create obsrun group for `sign' command
			`group: name=obsrun`

copr-backend: pre-create copr user and group with predefined uid, gid 2017-01-21 17:48:06 +01:00			`# pre-create copr user and group with predefined uid and gid`
			`- group: name=copr gid=986`
Allow 'copr' user to run 'sign' command See https://pagure.io/copr/copr/issue/636 By default only root can run the `sign` command. This check is applied within obs-signd code. We need to allow regular user in the config, see `man sign.conf`. Also /usr/bin/sign is owned by root:obsrun with -rwsr-x--- hence we need to add a user to the obsrun group. 2019-04-04 13:50:23 +02:00			`- user: name=copr group=copr uid=989 groups=obsrun`
copr-backend: pre-create copr user and group with predefined uid, gid 2017-01-21 17:48:06 +01:00
copr-backend: ensure copr-backend and copr-selinux packages are of the latest versions 2017-01-19 14:39:48 +01:00			`- name: install copr-backend and copr-selinux`
copr: squash_actions is deprecated 2019-04-02 10:27:12 +02:00			`dnf:`
Create manual playbooks for upgrading Copr instances There is a problem with our current playbooks, that they can be executed automatically without us knowing about it. That is an issue particularly during release process because we can prepare new packages into infra-tags repo or bodhi and a nightly reprovision can upgrade to them outside of an outage window or any of us being prepared for it. Therefore `groups/copr-.yml` playbooks should not* upgrade any packages, but only ensure, that those packages are installed. For upgrade, there should be separate `manual/copr/copr-*-upgrade.yml` playbooks. Because they are located under `manual` directory, it is secured, that they can't be run automatically. 2019-04-23 12:05:49 +02:00			`state: present`
copr: squash_actions is deprecated 2019-04-02 10:27:12 +02:00			`name: copr-backend`
copr-backend: ensure copr-backend and copr-selinux packages are of the latest versions 2017-01-19 14:39:48 +01:00
			`- name: add additional packages for copr-backend`
copr: squash_actions is deprecated 2019-04-02 10:27:12 +02:00			`dnf:`
			`state: present`
			`name:`
No more python2 for copr-be 2019-07-11 16:27:56 +02:00			`- python3-glanceclient`
			`- python3-neutronclient`
			`- python3-keystoneclient`
copr: squash_actions is deprecated 2019-04-02 10:27:12 +02:00			`- php-cli`
			`- cronolog`
copr-backend: fix SELinux fcontext for logstash while we still use this package 2017-02-25 20:18:48 +01:00
comment task that prevents copr-be playbook from finishing 2018-05-23 19:35:52 +00:00			`# disable this in favor of excluding it in /etc/dnf/dnf.conf.`
			`# https://github.com/ansible/ansible/issues/33187`
			`#- name: install python2-novaclient version that actually works with the current OpenStack deployment`
copr: we are using python3 now 2019-02-08 12:18:00 +01:00			`# dnf: state=present name=https://kojipkgs.fedoraproject.org/packages/python-novaclient/3.3.1/3.fc25/noarch/python3-novaclient-3.3.1-3.fc25.noarch.rpm`
copr-backend-stg: install python-novaclient-3.3.1-3.fc25 2018-01-15 22:17:09 +01:00
[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00			`- name: make copr dirs`
			`file: state=directory path={{ item }}`
			`with_items:`
			`- /var/lib/copr/jobs`
			`- /var/lib/copr/public_html/results`

			`- name: setup dirs there`
			`file: state=directory path="/home/copr/{{ item }}" owner=copr group=copr mode=0700`
			`with_items:`
			`- cloud`
			`- .ssh`

			`- name: add copr-buildsys keys to copr user path`
			`copy: src="{{ item }}" dest=/home/copr/cloud/ owner=copr group=copr mode=0600`
			`with_fileglob:`
			`- "{{ private }}/files/openstack/copr-copr/*"`

			`- name: setup privkey for copr user`
			`copy: src="{{ private }}/files/copr/buildsys.priv" dest=/home/copr/.ssh/id_rsa owner=copr group=copr mode=600`

			`- name: setup copr user ssh config file`
			`copy: src="ssh_config" dest=/home/copr/.ssh/config owner=copr group=copr mode=600`

Make this touch idempotent 2015-02-23 16:47:35 +00:00			`- name: check known_hosts file`
			`command: stat /home/copr/.ssh/known_hosts`
			`register: hostsstat`
In ansible 2.2 always_run is depreciated. Switch to check_mode. 2016-11-01 16:29:49 +00:00			`check_mode: no`
Make this touch idempotent 2015-02-23 16:47:35 +00:00			`changed_when: "1 != 1"`
[copr] copr/backend fix `check known_hosts file` task 2015-03-18 14:04:33 +01:00			`ignore_errors: yes`
Make this touch idempotent 2015-02-23 16:47:35 +00:00
[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00			`- name: create empty known_hosts`
			`file: state=touch dest=/home/copr/.ssh/known_hosts owner=copr group=copr mode=600`
Make this touch idempotent 2015-02-23 16:47:35 +00:00			`when: hostsstat.rc == 1`
[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00
			`- name: replace bashrc for copr user`
			`copy: src="copr_bashrc" dest=/home/copr/.bashrc owner=copr group=copr mode=600`

			`- name: auth_key so we can login to localhost as the copr user from the copr user`
			`authorized_key: user=copr key="{{ item }}"`
			`no_log: True`
			`with_file:`
			`- "provision/files/buildsys.pub"`

			`- name: copy keystonerc`
			`template: src="keystonerc" dest=/root/ owner=root group=root mode=600`
			`when: not devel`

			`- name: copy .boto file`
			`copy: src="boto" dest=/home/copr/.boto owner=copr group=copr`

			`# setup webserver`
copr: enable multiprocessor on lighttpd This will utilize more cores for lighttpd, but because lighttpd does not synchronize writing to logs, we have to pipe it to cronolog. 2018-10-12 01:18:24 +02:00			`- name: add access_log.conf for lighttpd`
copr-backend: fix access_log.conf path 2018-10-25 22:18:47 +02:00			`copy: src="lighttpd/access_log.conf" dest=/etc/lighttpd/conf.d/access_log.conf owner=root group=root mode=0644`
copr: enable multiprocessor on lighttpd This will utilize more cores for lighttpd, but because lighttpd does not synchronize writing to logs, we have to pipe it to cronolog. 2018-10-12 01:18:24 +02:00			`notify:`
			`- restart lighttpd`

[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00			`- name: add config for copr-repo path`
			`copy: src="{{ _lighttpd_conf_src }}" dest=/etc/lighttpd/lighttpd.conf owner=root group=root mode=0644`
			`notify:`
			`- restart lighttpd`

			`- name: install certificates for production`
			`when: not devel`
switch all the include tasks to import tasks 2017-10-17 17:37:03 +00:00			`import_tasks: "install_certs.yml"`
[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00
Add https support for copr-be-dev 2018-11-13 00:30:00 +01:00			`- name: letsencrypt cert`
			`import_tasks: "letsencrypt.yml"`
			`when: devel`
			`tags:`
			`- config`

make lighttpd happy so it can start 2015-05-19 15:28:33 +02:00			`- name: allow lighttpd set fds limit`
			`seboolean: name=httpd_setrlimit state=yes persistent=yes`

			`- name: create directory for compress module of lighttpd`
			`file: path=/var/cache/lighttpd/compress owner=lighttpd group=lighttpd mode=0644 state=directory`

[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00			`# mime default to text/plain and enable dirlisting for indexes`
			`- name: update lighttpd configs`
			`copy: src="lighttpd/{{ item }}" dest="/etc/lighttpd/conf.d/{{ item }}" owner=root group=root mode=0644`
			`with_items:`
			`- dirlisting.conf`
			`- mime.conf`
			`notify:`
			`- restart lighttpd`

copr-backend: activate copr_prune_results but on weekly basis 2018-02-23 17:57:12 +01:00			`- name: provisional copr-backend cron.weekly job`
			`copy: src="cron.weekly/copr-backend" dest="/etc/cron.weekly/copr-backend" owner=root group=root mode=0644`
copr-backend: disable copr_prune_results to test if hitcounting works 2017-12-04 21:06:49 +01:00
copr-backend: install custom lighttpd template for directory listing 2017-09-21 01:39:37 +02:00			`- name: install custom lighttpd template for directory listings`
			`template: src="lighttpd/dir-generator.php.j2" dest="/var/lib/copr/public_html/dir-generator.php" owner=copr group=copr mode=0755`

copr-backend: update logrotate config for lighttpd 2017-12-18 13:02:40 +01:00			`- name: install custom logrotate config for lighttpd`
			`template: src="logrotate/lighttpd.j2" dest=/etc/logrotate.d/lighttpd owner=root group=root mode=644`

[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00			`- name: start webserver`
change state=running to start=started as the old one is going away in ansible 2.7 2017-04-13 01:37:21 +00:00			`service: state=started enabled=yes name=lighttpd`
[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00
			`# setup dirs for the ansible execution off of provisioning`
[copr] moving to the new cloud ... 2015-04-02 12:59:59 +02:00			`#- name: dirs from provision`
			`# file: state=directory path="/home/copr/provision/{{ item }}" owner=copr group=copr`
			`# with_items:`
			`# - action_plugins`
			`# - library`
			`# tags:`
			`# - provision_config`
[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00
copr: aarch64 spawning via resalloc-server For now enable this only on stg. Imported from: https://github.com/praiskup/fedora-copr-spinup-aarch64 2019-05-13 11:01:39 +02:00			`- name: resalloc`
			`import_tasks: resalloc.yml`
			`tags:`
			`- resalloc`

[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00			`- name: put ansible.cfg for all this into /etc/ansible/ on the system`
			`copy: src="provision/ansible.cfg" dest=/etc/ansible/ansible.cfg`
			`tags:`
			`- provision_config`

[copr] fixing path to provision files 2015-04-03 16:19:32 +02:00			`- name: put provisioning files`
copr: synchronize whole /provision/ dir 2016-05-16 14:19:13 +02:00			`synchronize: src="provision/" dest="/home/copr/provision/"`
[copr] fixing path to provision files 2015-04-03 16:19:32 +02:00			`tags:`
			`- provision_config`

[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00			`- name: put some files into the provision subdir`
copr: distribute devel/production to spawn/terminate playbooks 2019-05-13 15:44:57 +02:00			`template:`
			`src: "provision/{{ item }}"`
copr: backend provision c&p fix 2019-05-13 16:19:56 +02:00			`dest: "/home/copr/provision/{{ item }}"`
copr: distribute devel/production to spawn/terminate playbooks 2019-05-13 15:44:57 +02:00			`with_items:`
			`- vars.yml`
			`- nova_cloud_vars.yml`
[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00			`tags:`
			`- provision_config`

copr-backend: prep for release + clean-up 2017-06-08 14:56:52 +02:00			`- name: put copr-rpmbuild configuration file into the provision subdir`
			`template: src="provision/copr-rpmbuild/main.ini.j2" dest="/home/copr/provision/files/main.ini" owner=copr group=copr`
integrate OpenStack ppc64le builders into COPR 2016-08-01 03:29:13 +02:00			`tags:`
			`- provision_config`
copr-builder: add default rpkg conf 2018-04-26 14:50:45 +02:00
			`- name: put rpkg configuration file into the provision subdir`
			`template: src="provision/rpkg.conf.j2" dest="/home/copr/provision/files/rpkg.conf" owner=copr group=copr`
			`tags:`
			`- provision_config`
integrate OpenStack ppc64le builders into COPR 2016-08-01 03:29:13 +02:00
[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00			`- name: testing fixture`
Make this idempotent 2015-06-16 11:17:26 +00:00			`copy: dest="/home/copr/cloud/ec2rc.variable" content=""`
[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00			`when: devel`

			`- name: copy copr-be.conf`
[copr] moving to the new cloud; joined copr-be.conf src template 2015-04-02 15:19:52 +02:00			`template: src="copr-be.conf.j2" dest=/etc/copr/copr-be.conf owner=root group=copr mode=640`
[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00			`notify:`
			`- restart copr-backend`
			`tags:`
			`- config`

[copr] backend: add custom selinux policy for nrpe checks 2015-02-03 01:53:50 +01:00			`- name: copy sign.conf`
[backend] install correct /etc/sign.conf 2014-12-12 17:28:35 +01:00			`template: src=sign.conf dest=/etc/sign.conf owner=root group=copr mode=640`
			`tags:`
			`- config`

move this before we start copr-backend service 2015-05-19 11:50:03 +02:00			`- name: get owner for results dir`
			`stat: path=/var/lib/copr/public_html`
also need a check mode no here 2017-11-21 21:38:54 +00:00			`check_mode: no`
move this before we start copr-backend service 2015-05-19 11:50:03 +02:00			`register: copr_results_dir_st`

			`- name: change owner for results dir if it isn't copr`
			`shell: "chown -R copr:copr /var/lib/copr/public_html"`
and case was right before 2017-11-21 22:03:28 +00:00			`when: '"copr" not in copr_results_dir_st.stat.pw_name'`
move this before we start copr-backend service 2015-05-19 11:50:03 +02:00
			`- command: "ls -dZ /var/lib/copr/public_html/"`
			`register: public_html_ls`
try and fix this another way 2017-11-21 21:26:50 +00:00			`check_mode: no`
this is just gathering information it should not ever show changed 2017-11-22 00:40:49 +00:00			`changed_when: False`
move this before we start copr-backend service 2015-05-19 11:50:03 +02:00
			`- name: update selinux context for results if root folder does not have proper type`
			`command: "restorecon -vvRF /var/lib/copr/public_html/"`
this may need quotes for check mode 2017-11-21 21:21:25 +00:00			`when: "public_html_ls is defined and 'copr_data_t' not in public_html_ls.stdout"`
move this before we start copr-backend service 2015-05-19 11:50:03 +02:00
			`- name: install cert to access fed-cloud09`
			`# TODO: remove this when fed-cloud09 receives external cert`
switch all the include tasks to import tasks 2017-10-17 17:37:03 +00:00			`import_tasks: install_cloud_cert.yml`
move this before we start copr-backend service 2015-05-19 11:50:03 +02:00
[copr] install logstash config and ensure running logstash service 2015-03-31 17:15:09 +02:00			`- name: enable and run copr-backend services`
change state=running to start=started as the old one is going away in ansible 2.7 2017-04-13 01:37:21 +00:00			`service: name="{{ item }}" enabled=yes state=started`
[copr] install logstash config and ensure running logstash service 2015-03-31 17:15:09 +02:00			`with_items:`
			`- redis # TODO: .service in copr-backend should depend on redis`
			`- copr-backend`
[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00
[copr] new script to clean up builder VMs 2015-04-13 19:58:59 +02:00			`- copy: src="cleanup_vm_nova.py" dest=/home/copr/ mode=755`
[WIP] Copr playbooks refactoring using ansible roles, new role for copr-keygen 2014-10-10 12:35:14 +02:00
copr-backend: employ cleanup_vm_nova only on production machine 2017-04-07 09:21:18 +02:00			`- copy: src="cleanup_vms.sh" dest=/etc/cron.hourly/copr_cleanup_vms.sh mode=755`
			`when: not devel`

[copr] backend: add custom selinux policy for nrpe checks 2015-02-03 01:53:50 +01:00			`- name: setup monitoring`
switch all the include tasks to import tasks 2017-10-17 17:37:03 +00:00			`import_tasks: "monitoring.yml"`
copr-backend: custom SELinux rules for copr-backend extended/fixed 2018-03-02 09:54:22 +01:00
			`# Three tasks for handling our custom selinux module`
			`- name: ensure a directory exists for our custom selinux module`
			`file: dest=/usr/local/share/copr state=directory`

			`- name: copy over our custom selinux module`
			`copy: src=selinux/copr_rules.pp dest=/usr/local/share/copr/copr_rules.pp`
			`register: selinux_module`

			`- name: install our custom selinux module`
			`command: semodule -i /usr/local/share/copr/copr_rules.pp`
first cut at changing all the old \|changed to is changed per ansible deprecations 2018-05-07 23:51:48 +00:00			`when: selinux_module is changed`
copr-backend: disable swap 2018-12-27 15:28:07 +01:00
copr-backend: disable the swap through /etc/fstab 2019-01-09 11:21:24 +01:00			`- name: disable swap mount in fstab`
			`mount:`
			`path: none`
			`src: /dev/vdb`
			`fstype: swap`
			`state: absent`

copr-backend: disable swap 2018-12-27 15:28:07 +01:00			`- name: disable swap so that OOM killer can do his job`
			`command: "{{ item }}"`
			`with_items:`
			`- swapoff -a`