Update Koschei playbook

See https://fedorahosted.org/fedora-infrastructure/ticket/4690

This commit introduces the followith enhancements:
- add koschei tag
- yum-install koschei package
- add extra fedorapeople repo
- enable and start Koschei services
- install Koschei config file
- restart services on config update
- install Koji certificates
- avoid explicitly cleaning yum metadata
- add alembic DB migration

files/koschei/config.cfg.j2

@@ -0,0 +1,58 @@
+# This is a config file for Koschei that can override values in default
+# configuration in /usr/share/koschei/config.cfg. It is a python file expecting
+# assignment to config dictionary which will be recursively merged with the
+# default one.
+config = {
+    "database_config": {
+        "username": "koschei",
+        "password": "{{ koschei_pgsql_password }}",
+        "database": "koschei"
+    },
+    "koji_config": {
+        "cert": "/etc/koschei/koschei.pem",
+        "ca": "/etc/koschei/fedora-ca.cert",
+        "server_ca": "/etc/koschei/fedora-ca.cert",
+    },
+    "flask": {
+        "SECRET_KEY": "{{ koschei_flask_secret_key }}",
+    },
+    "logging": {
+        "loggers": {
+            "": {
+                "level": "DEBUG",
+                "handlers": ["stderr", "email"],
+            },
+        },
+        "handlers": {
+            "email": {
+                "class": "logging.handlers.SMTPHandler",
+                "level": "WARN",
+                "mailhost": "localhost",
+                "fromaddr": "koschei@fedoraproject.org",
+                "toaddrs": ['msimacek@redhat.com', 'mizdebsk@redhat.com'],
+                "subject": "Koschei warning",
+            },
+        },
+    },
+    "fedmsg-publisher": {
+        "enabled": True,
+        "modname": "koschei",
+    },
+#    "services": {
+#        "polling": {
+#            "interval": 60,
+#        },
+#    },
+    "dependency": {
+        "repo_chache_items": 5,
+        "keep_build_deps_for": 2
+    },
+    "koji_config": {
+        "max_builds": 30
+    },
+}
+
+# Local Variables:
+# mode: Python
+# End:
+# vi: ft=python

files/koschei/koschei.repo

@@ -0,0 +1,13 @@
+[koschei-mizdebsk]
+name=Koschei repo
+baseurl=https://mizdebsk.fedorapeople.org/koschei/repo/
+enabled=1
+gpgcheck=0
+metadata_expire=60
+
+[koschei-msimacek]
+name=Koschei repo
+baseurl=https://msimacek.fedorapeople.org/koschei/repo/
+enabled=1
+gpgcheck=0
+metadata_expire=60

playbooks/hosts/koschei.cloud.fedoraproject.org.yml

@@ -15,21 +15,101 @@
   gather_facts: True
   user: fedora
   sudo: yes
+  tags: koschei
 
   vars_files:
    - /srv/web/infra/ansible/vars/global.yml
    - "/srv/private/ansible/vars.yml"
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
+  vars:
+    packages:
+    - koschei
+    services:
+    - koschei-polling
+    - koschei-resolver
+    - koschei-scheduler
+    - koschei-watcher
+    # httpd is here temporarly only, it will be removed once koschei
+    # implements "base" role
+    - httpd
+    # flag controlling whether koji PEM private key and certificate
+    # should be deployed by playbook
+    cert: false
+
   tasks:
 
   - include: "{{ tasks }}/growroot_cloud.yml"
   - include: "{{ tasks }}/cloud_setup_basic.yml"
   - include: "{{ tasks }}/postfix_basic.yml"
 
+  # Temporary yum repo hosted on fedorapeople, it will be replaced by
+  # Fedora infra repo once Koschei completes RFR.  Copr can't be used
+  # because of limitations of Fedora cloud routing -- machines in
+  # different networks can't access each other, even through public IP
+  - name: add koschei yum repo
+    action: copy src="{{ files }}/koschei/koschei.repo" dest="/etc/yum.repos.d/koschei.repo"
+
+  - name: yum update koschei package
+    yum: name={{item}} state=latest
+    with_items: "{{packages}}"
+    register: yumupdate
+    # TODO: restart httpd
+    tags:
+    - packages
+
+  - name: stop koschei
+    action: service name={{item}} state=stopped
+    with_items: "{{services}}"
+    when: yumupdate.changed
+
+  - name: install /etc/koschei/config.cfg file
+    template: src="{{ files }}/koschei/config.cfg.j2" dest="/etc/koschei/config.cfg"
+    notify:
+    - restart koschei
+    # TODO: restart httpd
+    tags:
+    - config
+
+  - name: install koschei.pem koji key and cert
+    copy: >
+      src="{{ private }}/files/koschei/koschei.pem"
+      dest="/etc/koschei/koschei.pem"
+      owner=koschei
+      group=koschei
+      mode=0400
+    when: cert
+    tags:
+    - config
+
+  - name: install koji ca cert
+    copy: >
+      src="{{ puppet_private }}/fedora-ca.cert"
+      dest="/etc/koschei/fedora-ca.cert"
+      owner=root
+      group=root
+      mode=0644
+    tags:
+    - config
+
+  - name: run koschei migration
+    command: alembic -c /usr/share/koschei/alembic.ini upgrade head
+    sudo_user: koschei
+    when: yumupdate.changed
+
+  - name: enable koschei to start
+    action: service name={{item}} state=running enabled=true
+    with_items: "{{services}}"
+    tags:
+    - service
+
   handlers:
   - include: "{{ handlers }}/restart_services.yml"
 
+  - name: restart koschei
+    action: service name={{item}} state=restarted
+    with_items: "{{services}}"
+
 - name: setup fedmsg
   hosts: koschei.cloud.fedoraproject.org
   user: root