infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions
ansible/roles/odcs/base/tasks/main.yml
Jan Kaluza f96df6a048 ODCS: Add compose_ci source to test possible compose-ci packages gating. 
The idea is that we will start minimal compose for every new
Koji build for package which appears in the boot.iso and therefore
can break its generation.

These composes will be built using ODCS on releng backend for now.

Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
2020-12-07 08:42:03 +01:00

373 lines
8.4 KiB
YAML
Raw Blame History

---
# install packages and generate shared configuration files
- name: install the packages required for ODCS
package:
pkg: "{{ item }}"
state: latest
with_items:
- python3-psycopg2
- python3-odcs-common
- python3-celery
- odcs
- httpd
- make
- libxml2
- intltool
tags:
- odcs
- name: install the latest ODCS packagess
package:
pkg: "{{ item }}"
state: latest
with_items:
- python3-odcs-common
- odcs
- odcs-client
when: odcs_upgrade
tags:
- odcs
- name: Enable the mod_auth_openidc module on rhel8
copy:
dest: /etc/dnf/modules.d/mod_auth_openidc.module
content: |
[mod_auth_openidc]
name=mod_auth_openidc
stream=2.3
profiles=
state=enabled
when: datacenter == "iad2"
# install required packages for frontend here, as we may
# need to reload httpd in next task when host is frontend
- name: install the packages required for ODCS frontend
package:
pkg: "{{ item }}"
state: present
with_items:
- mod_auth_openidc
- python3-mod_wsgi
when: inventory_hostname.startswith('odcs-frontend')
tags:
- odcs
- odcs/frontend
- name: install the packages required for ODCS backend
package:
pkg: "{{ item }}"
state: present
with_items:
- koji
when: inventory_hostname.startswith('odcs-backend')
tags:
- odcs
- odcs/backend
- name: create odcs-server group
group:
name: odcs-server
gid: 64321
state: present
- name: create odcs-server user
user:
name: odcs-server
uid: 64321
group: odcs-server
- name: create ODCS_TARGET_DIR
file:
path: "{{ item }}"
state: directory
owner: odcs-server
group: odcs-server
mode: 0775
# recurse: yes
follow: no
with_items:
- "{{ odcs_target_dir }}"
tags:
- odcs
- odcs/frontend
- name: create ODCS_TARGET_DIR private
file:
path: "{{ item }}"
state: directory
owner: odcs-server
group: odcs-server
mode: 0770
# recurse: yes
follow: no
with_items:
- "{{ odcs_target_dir }}/private"
tags:
- odcs
- odcs/frontend
- name: ensure ODCS service directories have right ownership
file:
path: "{{ item }}"
state: directory
owner: odcs-server
group: odcs-server
recurse: yes
follow: no
with_items:
- /var/run/odcs-backend
- /var/log/odcs-backend
tags:
- odcs
- odcs/backend
# this app config is shared by backend and frontend, but has different
# owner groups on backend and frontend, and notify different handlers,
# we can have vars set for frontend and backend seperately to do that,
# but it looks a little weird to have such special vars in
# inventory/group_vars/odcs-*, also we don't want to repeat the same
# required vars in frontend and backend, so just have 2 tasks in base
# to keep it simple.
- name: generate the ODCS app config for frontend
template:
src: etc/odcs/config.py.j2
dest: /etc/odcs/config.py
owner: odcs-server
group: apache
mode: 0440
notify:
- restart apache
when: inventory_hostname.startswith('odcs-frontend')
tags:
- odcs
- odcs/frontend
- name: generate the ODCS app config for backend
template:
src: etc/odcs/config.py.j2
dest: /etc/odcs/config.py
owner: odcs-server
group: odcs-server
mode: 0440
notify:
- restart odcs-celery-backend
when: inventory_hostname.startswith('odcs-backend')
tags:
- odcs
- odcs/backend
- name: generate the ODCS raw_config_wrapper config for backend
template:
src: etc/odcs/raw_config_wrapper.conf.j2
dest: /etc/odcs/raw_config_wrapper.conf
owner: odcs-server
group: odcs-server
mode: 0440
notify:
- restart odcs-celery-backend
when: inventory_hostname.startswith('odcs-backend')
tags:
- odcs
- odcs/backend
- name: generate the ODCS runroot_koji config for backend
template:
src: etc/odcs/runroot_koji.conf.j2
dest: /etc/odcs/runroot_koji.conf
owner: odcs-server
group: odcs-server
mode: 0440
notify:
- restart odcs-celery-backend
when: inventory_hostname.startswith('odcs-backend')
tags:
- odcs
- odcs/backend
- name: Make sure the /etc/fedmsg.d/odcs.py file (provided by rpm) is absent.
file:
path: /etc/fedmsg.d/odcs.py
state: absent
tags:
- odcs
- odcs/backend
- name: copy the ODCS pungi config template to backend
copy:
src: "{{ roles_path }}/odcs/base/files/pungi.conf"
dest: /etc/odcs/pungi.conf
owner: odcs-server
group: odcs-server
mode: 0640
notify:
- restart odcs-celery-backend
when: inventory_hostname.startswith('odcs-backend')
tags:
- odcs
- odcs/backend
- name: copy the odcs-celery-backend.service file.
template:
src: "etc/systemd/system/odcs-celery-backend.service.j2"
dest: /etc/systemd/system/odcs-celery-backend.service
owner: odcs-server
group: odcs-server
mode: 0640
notify:
- restart odcs-celery-backend
when: inventory_hostname.startswith('odcs-backend')
tags:
- odcs
- odcs/backend
- name: copy the odcs-celery-beat.service file.
template:
src: "etc/systemd/system/odcs-celery-beat.service.j2"
dest: /etc/systemd/system/odcs-celery-beat.service
owner: odcs-server
group: odcs-server
mode: 0640
notify:
- restart odcs-celery-beat
when: inventory_hostname.startswith('odcs-frontend')
tags:
- odcs
- odcs/frontend
- name: Reload systemd daemon
systemd:
daemon_reload: yes
tags:
- odcs
- odcs/backend
- odcs/frontend
- name: enable ODCS backend (odcs-celery-backend)
service:
name: odcs-celery-backend
enabled: yes
when: inventory_hostname.startswith('odcs-backend')
tags:
- odcs
- odcs/backend
- name: enable ODCS beat (odcs-celery-beat)
service:
name: odcs-celery-beat
enabled: yes
when: inventory_hostname.startswith('odcs-frontend')
tags:
- odcs
- odcs/frontend
- name: copy the fedora-messaging.toml.j2 file.
template:
src: "fedora-messaging.toml.j2"
dest: /etc/fedora-messaging/config.toml
owner: odcs-server
group: odcs-server
mode: 0640
tags:
- odcs
- odcs/frontend
- odcs/backend
- name: copy the odcs-backend.conf tmpfiles.d file.
copy:
src: "{{ roles_path }}/odcs/base/files/tmpfiles.d/odcs-backend.conf"
dest: /etc/tmpfiles.d/odcs-backend.conf
owner: odcs-server
group: odcs-server
mode: 0640
notify:
- restart odcs-celery-backend
when: inventory_hostname.startswith('odcs-backend')
tags:
- odcs
- odcs/backend
- name: Run systemd-tmpfiles --create
command: systemd-tmpfiles --create
args:
creates: /var/run/odcs-backend
notify:
- restart odcs-celery-backend
when: inventory_hostname.startswith('odcs-backend')
tags:
- odcs
- odcs/backend
- name: copy the odcs rabbitmq private queue crt.
copy:
src: "{{private}}/files/rabbitmq/{{env}}/pki/issued/odcs-private-queue{{env_suffix}}.crt"
dest: /etc/odcs/odcs-private-queue.crt
owner: odcs-server
group: apache
mode: 0640
tags:
- odcs
- odcs/backend
- odcs/frontend
- name: copy the odcs rabbitmq private queue key.
copy:
src: "{{private}}/files/rabbitmq/{{env}}/pki/private/odcs-private-queue{{env_suffix}}.key"
dest: /etc/odcs/odcs-private-queue.key
owner: odcs-server
group: apache
mode: 0640
tags:
- odcs
- odcs/backend
- odcs/frontend
- name: copy the odcs rabbitmq crt.
copy:
src: "{{private}}/files/rabbitmq/{{env}}/pki/issued/odcs{{env_suffix}}.crt"
dest: /etc/odcs/odcs-rabbitmq.crt
owner: odcs-server
group: apache
mode: 0640
tags:
- odcs
- odcs/backend
- odcs/frontend
- name: copy the odcs rabbitmq key.
copy:
src: "{{private}}/files/rabbitmq/{{env}}/pki/private/odcs{{env_suffix}}.key"
dest: /etc/odcs/odcs-rabbitmq.key
owner: odcs-server
group: apache
mode: 0640
tags:
- odcs
- odcs/backend
- odcs/frontend
- name: copy the odcs rabbitmq CA cert.
copy:
src: "{{private}}/files/rabbitmq/{{env}}/pki/ca.crt"
dest: /etc/odcs/ca.crt
owner: odcs-server
group: apache
mode: 0640
tags:
- odcs
- odcs/backend
- odcs/frontend
- name: copy the custom_compose_raw_config_wrapper.conf file.
copy:
src: "{{ roles_path }}/odcs/base/files/odcs/custom_compose_raw_config_wrapper.conf"
dest: /etc/odcs/custom_compose_raw_config_wrapper.conf
owner: odcs-server
group: odcs-server
mode: 0640
notify:
- restart odcs-celery-backend
when: inventory_hostname.startswith('odcs-backend')
tags:
- odcs
- odcs/backend
View git blame Copy permalink