173 lines
5.2 KiB
YAML
173 lines
5.2 KiB
YAML
---
|
|
- name: mount fs for production
|
|
include: "mount_fs.yml"
|
|
when: not devel
|
|
|
|
- name: setup networking
|
|
include: "network.yml"
|
|
|
|
- name: add packages for copr backend
|
|
yum: state=present name={{ item }} enablerepo="updates-testing"
|
|
with_items:
|
|
- copr-backend
|
|
- python-novaclient
|
|
- obs-signd # TODO: remove, since it will be installed as dependency by copr-backend
|
|
- redis # we need this to start the service in next step
|
|
|
|
- name: make copr dirs
|
|
file: state=directory path={{ item }}
|
|
with_items:
|
|
- /var/lib/copr/jobs
|
|
- /var/lib/copr/public_html/results
|
|
|
|
- name: Umask results
|
|
command: /usr/bin/umask 0000 chdir=/var/lib/copr/public_html/results
|
|
|
|
- name: setup dirs there
|
|
file: state=directory path="/home/copr/{{ item }}" owner=copr group=copr mode=0700
|
|
with_items:
|
|
- cloud
|
|
- .ssh
|
|
|
|
- name: add copr-buildsys keys to copr user path
|
|
copy: src="{{ item }}" dest=/home/copr/cloud/ owner=copr group=copr mode=0600
|
|
with_fileglob:
|
|
- "{{ private }}/files/openstack/copr-copr/*"
|
|
|
|
- name: setup privkey for copr user
|
|
copy: src="{{ private }}/files/copr/buildsys.priv" dest=/home/copr/.ssh/id_rsa owner=copr group=copr mode=600
|
|
|
|
- name: setup copr user ssh config file
|
|
copy: src="ssh_config" dest=/home/copr/.ssh/config owner=copr group=copr mode=600
|
|
|
|
- name: check known_hosts file
|
|
command: stat /home/copr/.ssh/known_hosts
|
|
register: hostsstat
|
|
always_run: yes
|
|
changed_when: "1 != 1"
|
|
ignore_errors: yes
|
|
|
|
- name: create empty known_hosts
|
|
file: state=touch dest=/home/copr/.ssh/known_hosts owner=copr group=copr mode=600
|
|
when: hostsstat.rc == 1
|
|
|
|
- name: replace bashrc for copr user
|
|
copy: src="copr_bashrc" dest=/home/copr/.bashrc owner=copr group=copr mode=600
|
|
|
|
- name: auth_key so we can login to localhost as the copr user from the copr user
|
|
authorized_key: user=copr key="{{ item }}"
|
|
no_log: True
|
|
with_file:
|
|
- "provision/files/buildsys.pub"
|
|
|
|
- name: copy keystonerc
|
|
template: src="keystonerc" dest=/root/ owner=root group=root mode=600
|
|
when: not devel
|
|
|
|
- name: copy .boto file
|
|
copy: src="boto" dest=/home/copr/.boto owner=copr group=copr
|
|
|
|
# setup webserver
|
|
- name: add config for copr-repo path
|
|
copy: src="{{ _lighttpd_conf_src }}" dest=/etc/lighttpd/lighttpd.conf owner=root group=root mode=0644
|
|
notify:
|
|
- restart lighttpd
|
|
|
|
- name: install certificates for production
|
|
when: not devel
|
|
include: "install_certs.yml"
|
|
|
|
# mime default to text/plain and enable dirlisting for indexes
|
|
- name: update lighttpd configs
|
|
copy: src="lighttpd/{{ item }}" dest="/etc/lighttpd/conf.d/{{ item }}" owner=root group=root mode=0644
|
|
with_items:
|
|
- dirlisting.conf
|
|
- mime.conf
|
|
notify:
|
|
- restart lighttpd
|
|
|
|
- name: start webserver
|
|
service: state=running enabled=yes name=lighttpd
|
|
|
|
# setup dirs for the ansible execution off of provisioning
|
|
- name: dirs from provision
|
|
file: state=directory path="/home/copr/provision/{{ item }}" owner=copr group=copr
|
|
with_items:
|
|
- action_plugins
|
|
- library
|
|
tags:
|
|
- provision_config
|
|
|
|
- name: put ansible.cfg for all this into /etc/ansible/ on the system
|
|
copy: src="provision/ansible.cfg" dest=/etc/ansible/ansible.cfg
|
|
tags:
|
|
- provision_config
|
|
|
|
- name: put some files into the provision subdir
|
|
template: src="provision/{{ item }}" dest="/home/copr/provision/{{ item }}"
|
|
with_items:
|
|
- inventory
|
|
- builderpb.yml
|
|
- terminatepb.yml
|
|
tags:
|
|
- provision_config
|
|
|
|
- name: put provisioning files
|
|
synchronize: src="provision/files/" dest="/home/copr/provision/files/"
|
|
tags:
|
|
- provision_config
|
|
|
|
- name: testing fixture
|
|
file: path="/home/copr/cloud/ec2rc.variable" state="touch"
|
|
when: devel
|
|
|
|
- name: copy copr-be.conf
|
|
template: src="{{ _copr_be_conf }}" dest=/etc/copr/copr-be.conf owner=root group=copr mode=640
|
|
notify:
|
|
- restart copr-backend
|
|
tags:
|
|
- config
|
|
|
|
- name: copy sign.conf
|
|
template: src=sign.conf dest=/etc/sign.conf owner=root group=copr mode=640
|
|
tags:
|
|
- config
|
|
|
|
- name: copy logstash config
|
|
template: src=logstash.d/copr_backend.conf dest=/etc/logstash.d/copr_backend.conf
|
|
notify:
|
|
- restart logstash
|
|
|
|
- name: enable and run copr-backend services
|
|
service: name="{{ item }}" enabled=yes state=running
|
|
with_items:
|
|
- redis # TODO: .service in copr-backend should depend on redis
|
|
- logstash
|
|
- copr-backend
|
|
|
|
- name: copy delete-forgotten-instances.pl
|
|
copy: src="delete-forgotten-instances.pl" dest=/home/copr/delete-forgotten-instances.pl mode=755
|
|
|
|
- name: copy delete-forgotten-instances.cron
|
|
copy: src="delete-forgotten-instances.cron" dest=/etc/cron.daily/delete-forgotten-instances owner=root group=root mode=755
|
|
when: not devel
|
|
|
|
- name: install script to kill VMs in error state
|
|
copy: src="instant-instance-killer.sh" dest="/root/"
|
|
|
|
- cron: name="kill VMs in error state" minute="*/15" job="/root/instant-instance-killer.sh"
|
|
when: not devel
|
|
|
|
- name: setup monitoring
|
|
include: "monitoring.yml"
|
|
|
|
- name: get owner for results dir
|
|
stat: path=/var/lib/copr/public_html
|
|
register: copr_results_dir_st
|
|
|
|
- name: change owner for results dir if it isn't copr
|
|
shell: "chown -R copr:copr /var/lib/copr/public_html"
|
|
when: copr_results_dir_st.stat.pw_name != "copr"
|
|
|
|
- name: set acl for logstash to access httpd logs
|
|
acl: name=/var/log/lighttpd entity=logstash etype=user permissions=rx state=present
|