229 lines
6.7 KiB
YAML
229 lines
6.7 KiB
YAML
---
|
|
- name: disable zram SWAP on builders, it is too small, issue 2077
|
|
package: name=zram-generator-defaults state=absent
|
|
when:
|
|
- prepare_base_image is defined
|
|
|
|
- name: drop extremely slow libvirt resolver
|
|
lineinfile:
|
|
dest: /etc/resolv.conf
|
|
regexp: 'nameserver 192.168.122.1'
|
|
state: 'absent'
|
|
when:
|
|
- prepare_base_image is not defined
|
|
- "'osuosl' in lookup('env', 'RESALLOC_NAME')"
|
|
|
|
- name: setup the hostname so we can easily identify the box
|
|
hostname: name="{{ lookup('env', 'RESALLOC_NAME') | default('unknown-builder') | replace('_', '-') }}"
|
|
when: prepare_base_image is not defined
|
|
|
|
- name: put infra repos into yum.repos.d
|
|
copy: src=files/dnf/infra-tags.repo dest=/etc/yum.repos.d
|
|
#when:
|
|
#- prepare_base_image is defined
|
|
|
|
- name: put infra stg repos into yum.repos.d if staging
|
|
copy: src=files/dnf/infra-tags-stg.repo dest=/etc/yum.repos.d
|
|
when:
|
|
- devel
|
|
- prepare_base_image is not defined
|
|
|
|
- name: disable updates-testing
|
|
file:
|
|
path: /etc/yum.repos.d/fedora-updates-testing.repo
|
|
state: absent
|
|
|
|
- name: update the system
|
|
dnf:
|
|
state: latest
|
|
name: "*"
|
|
exclude:
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2047266
|
|
# This is important for the AWS images only. Other images (like libvirt,
|
|
# IBM Cloud, etc.) are already updated.
|
|
- kernel-core
|
|
when: prepare_base_image is defined
|
|
register: system_updated
|
|
|
|
- name: disable updates-testing, could be restored after update
|
|
file:
|
|
path: /etc/yum.repos.d/fedora-updates-testing.repo
|
|
state: absent
|
|
when: system_updated.changed
|
|
|
|
#- name: enable copr repo in staging
|
|
# community.general.copr:
|
|
# state: enabled
|
|
# name: "{{ item }}"
|
|
# with_items:
|
|
# - "@copr/copr"
|
|
# when:
|
|
# - devel
|
|
# - prepare_base_image is not defined
|
|
|
|
- name: clean dnf cache before checking for updated packages
|
|
shell: dnf clean all
|
|
when:
|
|
- prepare_base_image is defined
|
|
|
|
- name: set lower metadata expire time to enforce download
|
|
ini_file: dest=/etc/dnf/dnf.conf section=main option=metadata_expire value=1h
|
|
when:
|
|
- prepare_base_image is defined
|
|
|
|
# https://fedoraproject.org/wiki/Changes/StrongCryptoSettings
|
|
- name: fallback to the legacy crypto policies
|
|
command: update-crypto-policies --set DEFAULT:FEDORA32
|
|
when:
|
|
- prepare_base_image is defined
|
|
|
|
# NetworkManager-wait-online takes too long on VMS on our hypervisors. And we
|
|
# don't seem to need hcn-init service triggering that.
|
|
- name: disable hcn-init service on ppc64le which implies NetworkManager-wait-online
|
|
service:
|
|
name: hcn-init.service
|
|
state: stopped
|
|
enabled: no
|
|
failed_when: false
|
|
when: prepare_base_image is defined
|
|
|
|
- name: install subscription-manager
|
|
package: name=subscription-manager state=present
|
|
when:
|
|
- prepare_base_image is defined
|
|
|
|
- name: install the subscription-manager script
|
|
copy:
|
|
src: copr-rh-subscribe.sh
|
|
dest: /usr/local/bin/copr-rh-subscribe.sh
|
|
mode: 0755
|
|
when:
|
|
- prepare_base_image is defined
|
|
|
|
- name: Activate Red Hat Subscription
|
|
shell:
|
|
cmd: >
|
|
/usr/local/bin/copr-rh-subscribe.sh
|
|
--pool-id 8a85f9a17c71102f017ce611251c770f
|
|
--user copr-team
|
|
--pass "{{ copr_red_hat_subscription_password }}"
|
|
--system "{{ lookup('env', 'RESALLOC_NAME') | default('unknown-builder') }}"
|
|
no_log: true
|
|
when: prepare_base_image is not defined
|
|
|
|
- name: stop and disable systemd-oomd, rhbz 2051154
|
|
service:
|
|
name: systemd-oomd
|
|
state: stopped
|
|
enabled: no
|
|
|
|
- name: allow allocating large memory chunks on builders, rhbz 2051154
|
|
sysctl:
|
|
name: vm.overcommit_memory
|
|
value: 2
|
|
state: present
|
|
|
|
- name: install copr-builder and other latest packages
|
|
dnf: state=latest pkg={{ packages }}
|
|
vars:
|
|
packages:
|
|
- copr-builder
|
|
|
|
- name: put updated mock configs into /etc/mock
|
|
copy: src=files/mock/ dest=/etc/copr-rpmbuild/mock-config-overrides
|
|
# conditional, per https://pagure.io/copr/copr/issue/1189 - as we don't want
|
|
# to bake broken mock configuration into the image.
|
|
when:
|
|
- prepare_base_image is not defined
|
|
|
|
- name: run /bin/copr-update-builder from copr-builder package
|
|
shell: /usr/bin/copr-update-builder
|
|
|
|
#- name: install the latest mock and mock-core-configs from updates-testing
|
|
# package: state=latest name={{ packages }}
|
|
# register: mock_updated
|
|
# vars:
|
|
# packages:
|
|
# - https://kojipkgs.fedoraproject.org/packages/mock/2.2/1.fc31/noarch/mock-2.2-1.fc31.noarch.rpm
|
|
# - https://kojipkgs.fedoraproject.org/packages/mock-core-configs/32.6/1.fc31/noarch/mock-core-configs-32.6-1.fc31.noarch.rpm
|
|
#
|
|
# - name: re-run copr-update builder when mock/mock-core-configs are updated
|
|
# shell: /usr/bin/copr-update-builder
|
|
# when: mock_updated.changed
|
|
|
|
- name: put copr-rpmbuild configuration file in the right place
|
|
copy: src=files/main.ini dest=/etc/copr-rpmbuild/main.ini
|
|
|
|
- name: mockbuilder user
|
|
user: name=mockbuilder groups=mock
|
|
when:
|
|
- prepare_base_image is defined
|
|
|
|
- name: mockbuilder .ssh
|
|
file: state=directory path=/home/mockbuilder/.ssh mode=0700 owner=mockbuilder group=mockbuilder
|
|
when:
|
|
- prepare_base_image is defined
|
|
|
|
- name: mockbuilder authorized_keys
|
|
authorized_key: user=mockbuilder key='{{ lookup('file', 'files/buildsys.pub') }}'
|
|
|
|
- name: root authorized_keys
|
|
authorized_key: user=root key='{{ lookup('file', 'files/buildsys.pub') }}'
|
|
|
|
- name: setup 10x more fds in limits.conf
|
|
copy:
|
|
content: |
|
|
* soft nofile 10240
|
|
* hard nofile 10240
|
|
dest: /etc/security/limits.d/50-copr-fds.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
when:
|
|
- prepare_base_image is defined
|
|
|
|
- name: disable core dumps
|
|
ini_file: dest=/etc/systemd/coredump.conf section=Coredump option=Storage value=none
|
|
when:
|
|
- prepare_base_image is defined
|
|
|
|
- name: 'Remove %_install_langs from /etc/rpm/macros.image-language-conf'
|
|
lineinfile:
|
|
dest: '/etc/rpm/macros.image-language-conf'
|
|
regexp: '^%_install_lang.*'
|
|
state: 'absent'
|
|
when:
|
|
- prepare_base_image is defined
|
|
|
|
- name: Disable DNF makecache timer
|
|
systemd:
|
|
name: dnf-makecache.timer
|
|
state: stopped
|
|
enabled: no
|
|
when:
|
|
- prepare_base_image is defined
|
|
|
|
- name: Disable DNF makecache service
|
|
systemd:
|
|
name: dnf-makecache.service
|
|
state: stopped
|
|
enabled: no
|
|
when:
|
|
- prepare_base_image is defined
|
|
|
|
- name: mount cache filesystem on /var/cache/mock
|
|
mount: path=/var/cache/mock state=mounted src=mock_cache_tmpfs fstype=tmpfs opts="size=32G"
|
|
|
|
- name: Collect facts about builder hardware
|
|
setup:
|
|
gather_subset:
|
|
- hardware
|
|
|
|
- name: Make sure that at least 135G of swap is available
|
|
assert:
|
|
that:
|
|
- ansible_memory_mb.swap.free >= 1024 * 135
|
|
fail_msg: "Swap is not available, the builder is unusable"
|
|
success_msg: "Swap seems to be available for this builder"
|
|
when:
|
|
- prepare_base_image is not defined
|