diff --git a/inventory/group_vars/copr_back_aws b/inventory/group_vars/copr_back_aws index 2b7fca9c12..ac9a9936a0 100644 --- a/inventory/group_vars/copr_back_aws +++ b/inventory/group_vars/copr_back_aws @@ -1,4 +1,6 @@ --- +copr_machine_type: backend + # what is the main backend service name copr_backend_target: copr-backend.target diff --git a/inventory/group_vars/copr_back_dev_aws b/inventory/group_vars/copr_back_dev_aws index 65f47f989a..faeb8762c0 100644 --- a/inventory/group_vars/copr_back_dev_aws +++ b/inventory/group_vars/copr_back_dev_aws @@ -1,4 +1,6 @@ --- +copr_machine_type: backend + _copr_be_conf: copr-be.conf-dev # what is the main backend service name copr_backend_target: copr-backend.target diff --git a/inventory/group_vars/copr_dist_git_aws b/inventory/group_vars/copr_dist_git_aws index 681953a395..0a90ee2dba 100644 --- a/inventory/group_vars/copr_dist_git_aws +++ b/inventory/group_vars/copr_dist_git_aws @@ -1,4 +1,6 @@ --- +copr_machine_type: distgit + freezes: false # consumed by roles/copr/certbot letsencrypt: diff --git a/inventory/group_vars/copr_dist_git_dev_aws b/inventory/group_vars/copr_dist_git_dev_aws index 31950ca791..ffc4e5437c 100644 --- a/inventory/group_vars/copr_dist_git_dev_aws +++ b/inventory/group_vars/copr_dist_git_dev_aws @@ -1,4 +1,6 @@ --- +copr_machine_type: distgit + devel: true freezes: false # consumed by roles/copr/certbot diff --git a/inventory/group_vars/copr_front_aws b/inventory/group_vars/copr_front_aws index 666cab3fee..e88e13257c 100644 --- a/inventory/group_vars/copr_front_aws +++ b/inventory/group_vars/copr_front_aws @@ -1,4 +1,6 @@ --- +copr_machine_type: frontend + copr_fe_homedir: /usr/share/copr/coprs_frontend copr_frontend_public_hostname: "copr.fedorainfracloud.org" copr_kerberos_auth_enabled: true diff --git a/inventory/group_vars/copr_front_dev_aws b/inventory/group_vars/copr_front_dev_aws index 6013820afd..56319bf9f2 100644 --- a/inventory/group_vars/copr_front_dev_aws +++ b/inventory/group_vars/copr_front_dev_aws @@ -1,4 +1,6 @@ --- +copr_machine_type: frontend + allowlist_emails: - msuchy@redhat.com - praiskup@redhat.com diff --git a/inventory/group_vars/copr_keygen_aws b/inventory/group_vars/copr_keygen_aws index fabd75ba91..811ea3c439 100644 --- a/inventory/group_vars/copr_keygen_aws +++ b/inventory/group_vars/copr_keygen_aws @@ -1,4 +1,6 @@ --- +copr_machine_type: keygen + copr_hostbase: copr-keygen # http + signd dest ports custom_rules: diff --git a/inventory/group_vars/copr_keygen_dev_aws b/inventory/group_vars/copr_keygen_dev_aws index 2e5eb423c5..d6b953f3bc 100644 --- a/inventory/group_vars/copr_keygen_dev_aws +++ b/inventory/group_vars/copr_keygen_dev_aws @@ -1,4 +1,6 @@ --- +copr_machine_type: keygen + copr_hostbase: copr-keygen-dev # http + signd dest ports custom_rules: diff --git a/inventory/group_vars/copr_pulp_aws b/inventory/group_vars/copr_pulp_aws index c43c55a9ef..c5fdf92af8 100644 --- a/inventory/group_vars/copr_pulp_aws +++ b/inventory/group_vars/copr_pulp_aws @@ -1,3 +1,5 @@ --- +copr_machine_type: pulp + services_disabled: false aws_ipv6_addr: "" diff --git a/inventory/group_vars/copr_pulp_dev_aws b/inventory/group_vars/copr_pulp_dev_aws index 33bf0e803d..20c5e4dcc5 100644 --- a/inventory/group_vars/copr_pulp_dev_aws +++ b/inventory/group_vars/copr_pulp_dev_aws @@ -1,3 +1,5 @@ --- +copr_machine_type: pulp + services_disabled: true aws_ipv6_addr: "2600:1f18:8ee:ae00:c607:4520:249f:6cc8" diff --git a/playbooks/groups/copr-backend.yml b/playbooks/groups/copr-backend.yml index ce8a3f35b6..4c9eaf41e9 100644 --- a/playbooks/groups/copr-backend.yml +++ b/playbooks/groups/copr-backend.yml @@ -55,12 +55,13 @@ # Roles are run first, before tasks, regardless of where you place them here. roles: - - base - - nagios_client - - copr/backend - - role: messaging/base - when: copr_messaging - - role: rsnapshot-push - when: env == "production" - - role: log-detective-backup - when: env == "production" + - copr/pre + - base + - nagios_client + - copr/backend + - role: messaging/base + when: copr_messaging + - role: rsnapshot-push + when: env == "production" + - role: log-detective-backup + when: env == "production" diff --git a/playbooks/groups/copr-dist-git.yml b/playbooks/groups/copr-dist-git.yml index 8c1c3cd8a7..f97ab9aa7f 100644 --- a/playbooks/groups/copr-dist-git.yml +++ b/playbooks/groups/copr-dist-git.yml @@ -50,9 +50,10 @@ - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - - base - - nagios_client - - copr/dist_git + - copr/pre + - base + - nagios_client + - copr/dist_git handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/copr-frontend.yml b/playbooks/groups/copr-frontend.yml index d54cf3b34d..be0afe8cdd 100644 --- a/playbooks/groups/copr-frontend.yml +++ b/playbooks/groups/copr-frontend.yml @@ -50,6 +50,7 @@ - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - - base - - nagios_client - - copr/frontend + - copr/pre + - base + - nagios_client + - copr/frontend diff --git a/playbooks/groups/copr-pulp.yml b/playbooks/groups/copr-pulp.yml index 057dd4616d..3784354a69 100644 --- a/playbooks/groups/copr-pulp.yml +++ b/playbooks/groups/copr-pulp.yml @@ -84,9 +84,10 @@ - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml roles: - - base - - nagios_client - - copr/pulp + - copr/pre + - base + - nagios_client + - copr/pulp - name: Use pulp_installer collection diff --git a/roles/copr/pre/tasks/main.yml b/roles/copr/pre/tasks/main.yml index 130f2a1e4b..28d7ca0cb6 100644 --- a/roles/copr/pre/tasks/main.yml +++ b/roles/copr/pre/tasks/main.yml @@ -1,4 +1,11 @@ --- +- name: setup the root password + ansible.builtin.user: + name: root + password: "{{ copr_root_passwords[deployment_type][copr_machine_type] }}" + tags: + - root_password + - name: create copr-signer group group: name="copr-signer" state=present gid=989 when: "'copr_keygen_aws' in group_names or 'copr_keygen_dev_aws' in group_names"