infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions
ansible/roles/mbs/common/tasks/main.yml
Brendan Reilly 1ca4406918 Prepare script for MBS prod update
2021-05-05 12:59:09 -04:00

268 lines
6.3 KiB
YAML
Raw Blame History

---
# Common configuration for the Module Build Service (MBS) pieces
- name: install needed packages
package:
state: present
name:
- module-build-service
- python-psycopg2
- libsemanage-python
- python-memcached
- python2-distro
notify:
- restart apache
- restart fedmsg-hub
# - restart mbs poller
# - restart mbs workers
tags:
- mbs
- mbs/common
- name: kill development configs
file: path=/etc/fedmsg.d/{{ item }} state=absent
with_items:
- module_build_service.py
- mbs-logging.py
notify:
- restart apache
- restart fedmsg-hub
tags:
- mbs
- mbs/common
- name: copy app configuration
template: >
src=config.py dest=/etc/module-build-service/config.py
owner=root group=fedmsg mode=0640
notify:
- restart apache
- restart fedmsg-hub
# - restart mbs poller
# - restart mbs workers
tags:
- mbs
- mbs/common
- name: copy koji configuration
template: >
src=koji.conf dest=/etc/module-build-service/koji.conf
owner=root group=fedmsg mode=0644
notify:
- restart fedmsg-hub
tags:
- mbs
- mbs/common
- name: copy fedmsg configuration
template: >
src=mbs-fedmsg.py dest=/etc/fedmsg.d/mbs-fedmsg.py
owner=root group=fedmsg mode=0644
notify:
- restart apache
- restart fedmsg-hub
tags:
- mbs
- mbs/common
- name: copy client secrets
template: >
src=client_secrets.json.{{env}} dest=/etc/module-build-service/client_secrets.json
owner=root group=fedmsg mode=0640
when: inventory_hostname.startswith('mbs-frontend')
notify:
- restart apache
tags:
- mbs
- mbs/common
- name: create /var/cache/fedmsg/ directory for krb ccache
file:
path: /var/cache/fedmsg/
state: directory
owner: fedmsg
group: fedmsg
mode: 0750
tags:
- mbs
- mbs/common
- name: create /etc/pdc.d directory
file:
path: /etc/pdc.d
state: directory
owner: root
group: root
mode: 0775
- name: copy pdc client config file
copy: >
src=fedora.json.{{env}} dest=/etc/pdc.d/fedora.json
owner=root group=root mode=0644
notify:
- restart apache
- restart fedmsg-hub
tags:
- mbs
- mbs/common
- name: Configure MBS virtual host in RabbitMQ
block:
- name: copy the MBS rabbitmq private queue crt
copy:
src: "{{private}}/files/rabbitmq/{{env}}/pki/issued/mbs-private-queue{{env_suffix}}.crt"
dest: /etc/module-build-service/mbs-private-queue{{env_suffix}}.crt
owner: root
group: fedmsg
mode: 0640
tags:
- mbs
- mbs/common
- name: copy the MBS rabbitmq private queue key
copy:
src: "{{private}}/files/rabbitmq/{{env}}/pki/private/mbs-private-queue{{env_suffix}}.key"
dest: /etc/module-build-service/mbs-private-queue{{env_suffix}}.key
owner: root
group: fedmsg
mode: 0640
tags:
- mbs
- mbs/common
- name: copy the MBS rabbitmq CA cert
copy:
src: "{{private}}/files/rabbitmq/{{env}}/pki/ca.crt"
dest: /etc/module-build-service/ca.crt
owner: root
group: fedmsg
mode: 0640
tags:
- mbs
- mbs/common
- name: Configure the MBS virtual host
run_once: true
delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
rabbitmq_vhost:
name: /mbs
state: present
tags:
- rabbitmq_cluster
- config
- mbs
- mbs/common
- name: Configure the HA policy for the MBS queues
run_once: true
delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
rabbitmq_policy:
name: HA
apply_to: queues
pattern: .*
tags:
ha-mode: all
ha-sync-mode: automatic # Auto sync queues to new cluster members
ha-sync-batch-size: 10000 # Larger is faster, but must finish in 1 net_ticktime
vhost: /mbs
tags:
- rabbitmq_cluster
- config
- mbs
- mbs/common
- name: Grant the mbs user access to the MBS vhost
run_once: true
delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
rabbitmq_user:
user: "mbs{{ env_suffix }}"
vhost: /mbs
configure_priv: .*
read_priv: .*
write_priv: .*
tags:
- rabbitmq_cluster
- config
- mbs
- mbs/common
when: not mbs_frontend
- name: Configure the MBS workers and poller
block:
- name: Add the systemd service files
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: "0644"
with_items:
- src: mbs-worker@.service.j2
dest: /etc/systemd/system/mbs-worker@.service
- src: mbs-poller.service.j2
dest: /etc/systemd/system/mbs-poller.service
notify:
- restart mbs poller
- restart mbs workers
tags:
- mbs
- mbs/common
- name: Enable the MBS workers
systemd:
name: "mbs-worker@{{ item }}"
daemon_reload: yes
enabled: yes
state: started
with_sequence: start=0 end={{ mbs_num_workers - 1 }}
tags:
- mbs
- mbs/common
- name: Populate the service facts to detect if there are MBS workers to disable
service_facts: {}
tags:
- mbs
- mbs/common
- name: Disable any extra MBS workers
systemd:
name: "mbs-worker@{{ worker_num }}"
enabled: no
state: stopped
with_items: "{{ ansible_facts.services | select('match', 'mbs-worker@\\d+.service') | list }}"
vars:
worker_num: "{{ item | regex_search('\\d+') }}"
when: (worker_num | int) >= mbs_num_workers
tags:
- mbs
- mbs/common
when: not mbs_frontend
- name: create /etc/module-build-service/default-modules directory
file:
path: /etc/module-build-service/default-modules
state: directory
owner: root
group: root
mode: 0775
tags:
- mbs
- mbs/common
- name: copy default modules to /etc/module-build-service/default-modules
copy: src={{ item }} dest=/etc/module-build-service/default-modules
with_fileglob:
- default-modules.{{ env }}/*.yaml
tags:
- mbs
- mbs/common
- name: import default-modules
command: /usr/bin/mbs-manager import_module /etc/module-build-service/default-modules/{{ item | basename }}
with_fileglob:
- default-modules.{{ env }}/*.yaml
when: mbs_import_default_modules | default(True)
tags:
- mbs
- mbs/common
View git blame Copy permalink