202 lines
5.4 KiB
YAML
202 lines
5.4 KiB
YAML
---
|
|
- name: OpenStack package repository for RHEL8, noarch only
|
|
copy:
|
|
content: |
|
|
[openstack-for-rhel8]
|
|
name = RHEL OpenStack RPMs
|
|
baseurl = https://infrastructure.fedoraproject.org/repo/rhel/rhel8/other/rhel-8-x86_64-openstack-16-rpms/
|
|
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
|
|
enabled=1
|
|
gpgcheck=1
|
|
exclude=*x86_64*
|
|
dest: /etc/yum.repos.d/openstack.repo
|
|
tags:
|
|
- config
|
|
- openstack
|
|
|
|
# - name: enable swap in fstab
|
|
# mount: name=none src=LABEL=swap
|
|
# fstype=swap opts=sw passno=0 dump=0
|
|
# state=present
|
|
# register: fstab_swap_entry
|
|
# tags: swap
|
|
|
|
# - name: mount the swap
|
|
# shell: swapon -a
|
|
# when: fstab_swap_entry.changed
|
|
# tags: swap
|
|
|
|
- name: install the default profile script
|
|
copy: src=profile.sh dest=/etc/profile.d/copr-hypervisor.sh
|
|
tags: profile_scripts
|
|
|
|
- name: install libvirt packages
|
|
package: name={{ item }} state=present
|
|
with_items:
|
|
- qemu-kvm
|
|
- libguestfs-tools-c
|
|
- libvirt
|
|
- libvirt-daemon
|
|
- podman
|
|
- virt-install
|
|
- python3-glanceclient
|
|
tags:
|
|
- openstack
|
|
- packages
|
|
- libvirtd
|
|
|
|
- name: install libvirtd.conf
|
|
copy: src="{{ files }}/virthost/libvirtd.conf" dest=/etc/libvirt/libvirtd.conf
|
|
notify:
|
|
- restart libvirtd
|
|
tags:
|
|
- libvirtd
|
|
- config
|
|
|
|
- set_fact: image_pool_dir=/libvirt-images image_pool_name=images
|
|
tags: libvirtd
|
|
|
|
- name: create libvirt image directory
|
|
file: path={{ image_pool_dir }}
|
|
owner=qemu group=qemu mode=ug=rwx,g+s
|
|
state=directory
|
|
tags: libvirtd
|
|
|
|
- name: mount libvirt image partition
|
|
mount: name={{ image_pool_dir }} src='LABEL=vmvolumes'
|
|
fstype=ext4 state=mounted
|
|
tags: libvirtd
|
|
|
|
- name: correct selinux
|
|
sefcontext:
|
|
target: "{{ image_pool_dir }}(/.*)?"
|
|
setype: virt_image_t
|
|
state: present
|
|
register: semanage_run
|
|
tags: libvirtd
|
|
|
|
- name: restorecon
|
|
shell: restorecon -irv "{{ image_pool_dir }}"
|
|
when: semanage_run.changed
|
|
tags: libvirtd
|
|
|
|
- name: check host-bridge in libvirt
|
|
shell: virsh net-info host-bridge
|
|
register: libvirt_bridge_exists
|
|
failed_when: false
|
|
changed_when: libvirt_bridge_exists.rc != 0
|
|
tags: libvirtd
|
|
|
|
- name: copy host-bridge config file to host
|
|
copy: src=libvirt-net-bridge.xml
|
|
dest=/root/.tmp-ansible-file.xml
|
|
when: libvirt_bridge_exists.changed
|
|
tags: libvirtd
|
|
|
|
- name: define host-bridge in libvirt
|
|
shell: |
|
|
virsh net-define /root/.tmp-ansible-file.xml
|
|
virsh net-start host-bridge
|
|
virsh net-autostart host-bridge
|
|
when: libvirt_bridge_exists.changed
|
|
notify: restart libvirtd
|
|
tags: libvirtd
|
|
|
|
- name: check if image pool exists
|
|
shell: virsh pool-info "{{ image_pool_name }}"
|
|
register: libvirt_pool_exists
|
|
failed_when: false
|
|
changed_when: libvirt_pool_exists.rc != 0
|
|
tags: libvirtd
|
|
|
|
- name: copy image pool config file to host
|
|
template: src=libvirt-pool-images.xml
|
|
dest=/root/.tmp-ansible-file.xml
|
|
when: libvirt_pool_exists.changed
|
|
tags: libvirtd
|
|
|
|
- name: define image pool in libvirt
|
|
shell: |
|
|
virsh pool-define /root/.tmp-ansible-file.xml
|
|
virsh pool-start "{{ image_pool_name }}"
|
|
virsh pool-autostart "{{ image_pool_name }}"
|
|
when: libvirt_pool_exists.changed
|
|
notify: restart libvirtd
|
|
tags: libvirtd
|
|
|
|
- name: allow copr user controlling libvirt
|
|
ini_file:
|
|
path: /usr/lib/systemd/system/libvirtd.socket
|
|
section: Socket
|
|
option: SocketGroup
|
|
value: libvirt
|
|
backup: yes
|
|
notify:
|
|
- reload systemd
|
|
- restart libvirtd.socket
|
|
tags: libvirtd
|
|
|
|
- name: create the copr user
|
|
user: name=copr uid=11666 group=libvirt groups=qemu password_lock=true
|
|
|
|
- name: assure that copr-be can ssh there as copr@...
|
|
authorized_key: user=copr key="{{ item }}"
|
|
with_file:
|
|
- buildsys.pub
|
|
|
|
- name: add @copr keys for sysadmin-main and other allowed users
|
|
authorized_key: user=copr key="{{ item }}"
|
|
with_lines:
|
|
- "{{ auth_keys_from_fas }} @sysadmin-copr"
|
|
tags:
|
|
- copr_admins
|
|
- config
|
|
- sshkeys
|
|
|
|
# todo: generate it's own key
|
|
- name: make sure hostA can ssh to hostB
|
|
copy:
|
|
src: "{{ private }}/files/copr/buildsys.priv"
|
|
dest: /home/copr/.ssh/id_rsa
|
|
owner: copr
|
|
mode: "0600"
|
|
|
|
- name: provide pub key, too, so we can install them to generated builder images
|
|
copy: src=buildsys.pub dest=/home/copr/.ssh/id_rsa.pub
|
|
owner=copr mode=0600
|
|
|
|
- name: Enable praiskup-helpers repo
|
|
community.general.copr:
|
|
state: enabled
|
|
name: praiskup/helpers
|
|
# TODO: fix error in the Copr Ansible module:
|
|
# Chroot rhel-8.5-ppc64le does not exist in praiskup/helpers
|
|
chroot: "{{ 'epel-8-x86_64' if ansible_distribution != 'Fedora' else 'fedora-38-x86_64' }}"
|
|
tags:
|
|
- update_helpers
|
|
- packages
|
|
|
|
- name: install the latest helper package
|
|
package: name=praiskup-helpers state=latest
|
|
tags:
|
|
- update_helpers
|
|
- packages
|
|
|
|
- name: install configuration for /bin/copr-image
|
|
copy:
|
|
dest: /etc/eimg/eimg.sh
|
|
content: |
|
|
EIMG_COPR_PLAYBOOK_DIR=/home/copr/provision
|
|
EIMG_COPR_PLAYBOOK=local-image-update.yml
|
|
EIMG_FINAL_SYSPREP_ARGS=(--ssh-inject "root:file:$HOME/.ssh/id_rsa.pub"
|
|
--run-command "chcon -v -R -h system_u:object_r:ssh_home_t:s0 /root/.ssh" )
|
|
EIMG_ANSIBLE_IN_CONTAINER=:
|
|
tags:
|
|
provision_config
|
|
|
|
- name: setup provision directory
|
|
include_tasks: "{{ roles_path }}/copr/backend/tasks/setup_provisioning_environment.yml"
|
|
vars:
|
|
provision_directory: /home/copr/provision
|
|
provision_user: copr
|
|
tags: always
|