Add prelim, unfinished yet cut at koji hub role for aarch64 hub.

2013-09-12 17:01:07 +00:00 · 2013-09-12 17:01:07 +00:00 · 92b4a3ff7c
commit 92b4a3ff7c
parent 0fba97c3b0
6 changed files with 176 additions and 24 deletions
--- a/inventory/host_vars/aarch64-hub01.qa.fedoraproject.org
+++ b/inventory/host_vars/aarch64-hub01.qa.fedoraproject.org
@ -8,3 +8,4 @@ volgroup: /dev/VirtGuests
 eth0_ip: 10.5.124.149
 vmhost: virthost-comm02.qa.fedoraproject.org
 datacenter: phx2
 host_group: aarch64
--- a/playbooks/groups/buildhw.yml
+++ b/playbooks/groups/buildhw.yml
@ -41,6 +41,7 @@
  - /srv/web/infra/ansible/roles/base
  tasks:
  - include: $tasks/hosts.yml
  - include: $tasks/koji/builder_kernel_config.yml
  handlers:
--- a/playbooks/groups/koji-hub.yml
+++ b/playbooks/groups/koji-hub.yml
@ -36,6 +36,7 @@
  - /srv/web/infra/ansible/roles/denyhosts
  - /srv/web/infra/ansible/roles/nagios_client
  - /srv/web/infra/ansible/roles/fas_client
  - /srv/web/infra/ansible/roles/koji_hub
  tasks:
  - include: $tasks/hosts.yml
@ -44,7 +45,6 @@
  - include: $tasks/motd.yml
  - include: $tasks/sudo.yml
  - include: $tasks/collectd/client.yml
  - include: $tasks/koji/koji_hub.yml
  handlers:
  - include: $handlers/restart_services.yml
--- a/roles/koji_hub/files/openssl.cnf.aarch64
+++ b/roles/koji_hub/files/openssl.cnf.aarch64
@ -0,0 +1,74 @@
 HOME                    = .
 RANDFILE                = .rand
 [ca] 
 default_ca              = ca_default
 [ca_default] 
 dir                     = .
 certs                   = $dir/certs
 crl_dir                 = $dir/crl
 database                = $dir/index.txt
 new_certs_dir           = $dir/newcerts
 certificate             = $dir/%s_ca_cert.pem
 private_key             = $dir/private/%s_ca_key.pem
 serial                  = $dir/serial
 crl                     = $dir/crl.pem
 x509_extensions         = usr_cert
 name_opt                = ca_default
 cert_opt                = ca_default
 default_days            = 3650
 default_crl_days        = 30
 default_md              = md5
 preserve                = no
 policy                  = policy_match
 [policy_match] 
 countryName             = match
 stateOrProvinceName     = match
 organizationName        = match
 organizationalUnitName  = optional
 commonName              = supplied
 emailAddress            = optional
 [req] 
 default_bits            = 1024
 default_keyfile         = privkey.pem
 distinguished_name      = req_distinguished_name
 attributes              = req_attributes
 x509_extensions         = v3_ca # The extentions to add to the self signed cert
 string_mask             = MASK:0x2002
 [req_distinguished_name] 
 countryName                     = Country Name (2 letter code)
 countryName_default             = US
 countryName_min                 = 2
 countryName_max                 = 2
 stateOrProvinceName             = State or Province Name (full name)
 stateOrProvinceName_default     = Vienna
 localityName                    = Locality Name (eg, city)
 localityName_default            = Vienna
 0.organizationName              = Organization Name (eg, company)
 0.organizationName_default      = My company
 organizationalUnitName          = Organizational Unit Name (eg, section)
 commonName                      = Common Name (eg, your name or your server\'s hostname)
 commonName_max                  = 64
 emailAddress                    = Email Address
 emailAddress_max                = 64
 [req_attributes] 
 challengePassword               = A challenge password
 challengePassword_min           = 4
 challengePassword_max           = 20
 unstructuredName                = An optional company name
 [usr_cert] 
 basicConstraints                = CA:FALSE
 nsComment                       = "OpenSSL Generated Certificate"
 subjectKeyIdentifier            = hash
 authorityKeyIdentifier          = keyid,issuer:always
 [v3_ca] 
 subjectKeyIdentifier            = hash
 authorityKeyIdentifier          = keyid:always,issuer:always
 basicConstraints                = CA:true
--- a/roles/koji_hub/tasks/main.yml
+++ b/roles/koji_hub/tasks/main.yml
@ -0,0 +1,99 @@
 ---
 #
 # Setup koji hub server. 
 #
 - name: install koji hub server packages
  yum: name=$item state=installed
  with_items:
  - koji-hub
  - koji-web
  - koji-utils
  - mod_ssl
  - mod_wsgi
  - git
  - gnupg2
  tags:
  - packages
 - name: make koji pki directory
  file: state=directory path=/etc/pki/koji/ owner=root group=root
 - name: make koji pki subdirectories
  file: state=directory path=/etc/pki/koji/{{ item }} owner=root group=root
  with_items:
  - certs
  - private
  - confs
 - name: setup ssl config for koji
  copy: src={{ item }} dest=/etc/pki/koji/openssl.cnf mode=600
  first_available_file:
    - openssl.cnf.{{ ansible_fqdn }}
    - openssl.cnf.{{ host_group }}
    - openssl.cnf.{{ dist_tag }}
  tags:
  - config
 - name: create index.txt
  file: name=/etc/pki/koji/index.txt
  tags:
  - config
 - name: init serial file
  shell: "echo 01 > /etc/pki/koji/serial.txt" creates=/etc/pki/koji/serial.txt
  tags:
  - config
 - name: init koji ca key file
  shell: "openssl genrsa -out /etc/pki/koji/private/koji_ca_cert.key 2048" creates=/etc/pki/koji/private/koji_ca_cert.key
  tags:
  - config
 - name: init koji ca cert file
  shell: "openssl req -config /etc/pki/koji/ssl.cnf -new -x509 -subj "/C=US/ST=Arizona/L=Phoenix/O=IT/CN=aarch64.koji.fedoraproject.org" -days 3650 -key /etc/pki/koji/private/koji_ca_cert.key -out /etc/pki/koji/koji_ca_cert.crt -extensions v3_ca" creates=/etc/pki/koji/koji_ca_cert.crt
  tags:
  - config
 # setup certs needed here for kojiweb/hub
 # Database setup
 - name: setup the database
  hosts: db-aarch64.qa.fedoraproject.org
  gather_facts: no
  sudo: yes
  sudo_user: postgres
  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - ${private}/vars.yml
   - ${vars}/${ansible_distribution}.yml
  tasks:
   - name: databases creation
     postgresql_db: name=koji owner=koji encoding=UTF-8
   - name: koji db user
     postgresql_user: name=koji password=$kojidatabasepassword
     tags:
     - db
   - name: load initial schema 
     shell: "psql koji koji < /usr/share/doc/koji*/docs/schema.sql" creates=/var/lib/pgql/koji-schema
     tags:
     - db
 # Todo here
 # httpd ssl.conf changes
 # koji hub.conf template
 # create skeleton /mnt/koji dirs
 # selinux config: 
 #   httpd_can_network_connect_db=1 allow_httpd_anon_write=1
 #   chcon -R -t public_content_rw_t /mnt/koji/*
 - name: Set httpd to run on boot
  service: name=httpd enabled=yes
  ignore_errors: true
  notify:
  - restart httpd
  tags:
  - service
--- a/tasks/koji/koji_hub.yml
+++ b/tasks/koji/koji_hub.yml
@ -1,23 +0,0 @@
 ---
 #
 # Setup koji hub server. 
 #
 - name: install koji hub server packages
  yum: name=$item state=installed
  with_items:
  - koji-hub
  - koji-web
  - koji-utils
  - mod_ssl
  - git
  - gnupg2
  tags:
  - packages
 - name: Set httpd to run on boot
  service: name=httpd enabled=yes
  ignore_errors: true
  notify:
  - restart httpd
  tags:
  - service