WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-25 02:50:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

Round 2: add koji-containerbuild plugin

Browse Source
This commit is contained in:
Adam Miller
2016-02-18 13:57:27 -06:00
committed by Adam Miller
parent 3ce8793c3b
commit 5cabd007f9
13 changed files with 160 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
inventory/group_vars/buildarm
View File

@@ -18,3 +18,9 @@ csi_relationship: |
* Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios
* Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver.
* Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new
# These variables are for koji-containerbuild/osbs
osbs_fqdn: "osbs.fedorainfracloud.org"
docker_registry: "registry.fedoraproject.org"
koji_root: "koji.fedoraproject.org/koji"
koji_hub: "koji.fedoraproject.org/kojihub"

6
inventory/group_vars/buildhw
View File

@@ -19,3 +19,9 @@ csi_relationship: |
* Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios
* Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver.
* Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new
# These variables are for koji-containerbuild/osbs
osbs_fqdn: "osbs.fedorainfracloud.org"
docker_registry: "registry.fedoraproject.org"
koji_root: "koji.fedoraproject.org/koji"
koji_hub: "koji.fedoraproject.org/kojihub"

6
inventory/group_vars/buildvm
View File

@@ -30,3 +30,9 @@ csi_relationship: |
* Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios
* Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver.
* Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new
# These variables are for koji-containerbuild/osbs
osbs_fqdn: "osbs.fedorainfracloud.org"
docker_registry: "registry.fedoraproject.org"
koji_root: "koji.fedoraproject.org/koji"
koji_hub: "koji.fedoraproject.org/kojihub"

6
inventory/group_vars/buildvm-stg
View File

@@ -33,3 +33,9 @@ csi_relationship: |
* Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios
* Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver.
* Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new
# These variables are for koji-containerbuild/osbs
osbs_fqdn: "osbs-dev.fedorainfracloud.org"
docker_registry: "osbs-dev.fedorainfracloud.org"
koji_root: "koji.stg.fedoraproject.org/koji"
koji_hub: "koji.stg.fedoraproject.org/kojihub"

7
inventory/group_vars/koji
View File

@@ -1,5 +1,5 @@
---
# Define resources for this group of hosts here.
# Define resources for this group of hosts here.
lvm_size: 30000
mem_size: 16384
num_cpus: 16
@@ -43,3 +43,8 @@ fedmsg_certs:
nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3"
virt_install_command: "{{ virt_install_command_two_nic }}"
osbs_fqdn: "osbs.fedorainfracloud.org"
docker_registry: "registry.fedoraproject.org"
koji_root: "koji.fedoraproject.org/koji"
koji_hub: "koji.fedoraproject.org/kojihub"

15
inventory/group_vars/koji-stg
View File

@@ -1,5 +1,5 @@
---
# Define resources for this group of hosts here.
# Define resources for this group of hosts here.
lvm_size: 250000
mem_size: 8192
num_cpus: 8
@@ -41,3 +41,16 @@ sudoers: "{{ private }}/files/sudo/releng-sudoers"
koji_server_url: "http://koji.stg.fedoraproject.org/kojihub"
koji_weburl: "http://koji.stg.fedoraproject.org/koji"
koji_topurl: "http://kojipkgs.fedoraproject.org/"
osbs_fqdn: "osbs-dev.fedorainfracloud.org"
docker_registry: "osbs-dev.fedorainfracloud.org"
koji_root: "koji.stg.fedoraproject.org/koji"
koji_hub: "koji.stg.fedoraproject.org/kojihub"
# Add custom iptable rule to allow stage koji to talk to
# osbs-dev.fedorainfracloud.org (will move to stage osbs later, this is for the
# sake of testing).
custom_rules: [
'-A OUTPUT -p tcp -m tcp -d 209.132.184.60 --dport 8443 -j ACCEPT'
]

29
playbooks/groups/buildhw.yml
View File

@@ -7,7 +7,7 @@
remote_user: root
gather_facts: True
vars_files:
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
@@ -29,6 +29,33 @@
- hosts
- { role: fas_client, when: not inventory_hostname.startswith('bkernel') }
- { role: sudo, when: not inventory_hostname.startswith('bkernel') }
- {
role: osbs-client,
general: {
verbose: 0,
build_json_dir: '/usr/share/osbs/',
openshift_required_version: 1.1.0,
},
default: {
openshift_url: 'https://{{ osbs_fqdn }}:8443/',
registry_uri: 'https://{{ docker_registry }}:5000/v2',
source_registry_uri: 'https://{{ docker_registry }}:5000/v2',
build_host: '{{ osbs_fqdn }}',
koji_root: 'http://{{ koji_root }}',
koji_hub: 'http://{{ koji_hub }}',
sources_command: 'fedpkg sources',
build_type: 'prod',
authoritative_registry: 'registry.example.com',
vendor: 'Fedora Project',
verify_ssl: false,
use_auth: false,
builder_use_auth: true,
distribution_scope: 'private',
registry_api_versions: 'v2',
builder_openshift_url: 'https://172.17.0.1:8443/'
}
}
tasks:
- include: "{{ tasks }}/2fa_client.yml"

44
playbooks/groups/buildvm.yml
View File

@@ -1,4 +1,4 @@
# create a new koji builder
# create a new koji builder
# NOTE: should be used with --limit most of the time
# NOTE: make sure there is room/space for this builder on the buildvmhost
# NOTE: most of these vars_path come from group_vars/buildvm or from hostvars
@@ -10,7 +10,7 @@
user: root
gather_facts: True
vars_files:
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
@@ -22,20 +22,46 @@
- base
- hosts
- apache
- { role: nfs/client,
when: ( ansible_architecture == 'x86_64' or ansible_architecture == 'ppc64le' or ansible_architecture == 'ppc64' ) and not inventory_hostname.startswith('buildvm-ppc64'),
- { role: nfs/client,
when: ( ansible_architecture == 'x86_64' or ansible_architecture == 'ppc64le' or ansible_architecture == 'ppc64' ) and not inventory_hostname.startswith('buildvm-ppc64'),
mnt_dir: '/mnt/fedora_koji', nfs_src_dir: 'fedora_koji' }
- { role: nfs/client,
when: inventory_hostname.startswith('aarch64') ,
- { role: nfs/client,
when: inventory_hostname.startswith('aarch64') ,
mnt_dir: '/mnt/fedora_koji', nfs_src_dir: 'fedora_arm/data' }
- { role: nfs/client,
when: inventory_hostname.startswith('buildvm-ppc64') ,
- { role: nfs/client,
when: inventory_hostname.startswith('buildvm-ppc64') ,
mnt_dir: '/mnt/fedora_koji', nfs_src_dir: 'fedora_ppc/data' }
- { role: nfs/client,
- { role: nfs/client,
when: datacenter == 'staging', mnt_dir: '/mnt/fedora_koji', nfs_src_dir: 'fedora_koji' }
- { role: fas_client, when: not inventory_hostname.startswith('bkernel') }
- { role: sudo, when: not inventory_hostname.startswith('bkernel') }
- koji_builder
- {
role: osbs-client,
general: {
verbose: 0,
build_json_dir: '/usr/share/osbs/',
openshift_required_version: 1.1.0,
},
default: {
openshift_url: 'https://{{ osbs_fqdn }}:8443/',
registry_uri: 'https://{{ docker_registry }}:5000/v2',
source_registry_uri: 'https://{{ docker_registry }}:5000/v2',
build_host: '{{ osbs_fqdn }}',
koji_root: 'http://{{ koji_root }}',
koji_hub: 'http://{{ koji_hub }}',
sources_command: 'fedpkg sources',
build_type: 'prod',
authoritative_registry: 'registry.example.com',
vendor: 'Fedora Project',
verify_ssl: false,
use_auth: false,
builder_use_auth: true,
distribution_scope: 'private',
registry_api_versions: 'v2',
builder_openshift_url: 'https://172.17.0.1:8443/'
}
}
tasks:
- include: "{{ tasks }}/2fa_client.yml"

31
playbooks/groups/koji-hub.yml
View File

@@ -4,14 +4,14 @@
- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=koji-stg:koji01.phx2.fedoraproject.org:koji02.phx2.fedoraproject.org:s390-koji01.qa.fedoraproject.org:arm-koji01.qa.fedoraproject.org"
# Once the instance exists, configure it.
# Once the instance exists, configure it.
- name: make koji_hub server system
hosts: koji-stg:koji01.phx2.fedoraproject.org:koji02.phx2.fedoraproject.org:s390-koji01.qa.fedoraproject.org:arm-koji01.qa.fedoraproject.org
user: root
gather_facts: True
vars_files:
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
@@ -29,6 +29,33 @@
- koji_hub
- { role: rsyncd, when: not inventory_hostname.startswith('koji') }
- { role: koji_builder, when: env == "staging" or inventory_hostname.startswith('s390') or inventory_hostname.startswith('arm') }
- {
role: osbs-client,
general: {
verbose: 0,
build_json_dir: '/usr/share/osbs/',
openshift_required_version: 1.1.0,
},
default: {
openshift_url: 'https://{{ osbs_fqdn }}:8443/',
registry_uri: 'https://{{ docker_registry }}:5000/v2',
source_registry_uri: 'https://{{ docker_registry }}:5000/v2',
build_host: '{{ osbs_fqdn }}',
koji_root: 'http://{{ koji_root }}',
koji_hub: 'http://{{ koji_hub }}',
sources_command: 'fedpkg sources',
build_type: 'prod',
authoritative_registry: 'registry.example.com',
vendor: 'Fedora Project',
verify_ssl: false,
use_auth: false,
builder_use_auth: true,
distribution_scope: 'private',
registry_api_versions: 'v2',
builder_openshift_url: 'https://172.17.0.1:8443/'
}
}
- { role: nfs/server, when: env == "staging" }
- { role: keepalived, when: env == "production" and inventory_hostname.startswith('koji') }
- role: nfs/client

14
roles/koji_builder/tasks/main.yml
View File

@@ -1,5 +1,5 @@
#
# This is a base koji_builder role.
# This is a base koji_builder role.
#
- name: set root passwd
user: name=root password={{ builder_rootpw }} state=present
@@ -27,7 +27,7 @@
- koji_builder
- name: add kojibuilder
user: name=kojibuilder groups=mock
user: name=kojibuilder groups=mock
tags:
- koji_builder
@@ -72,6 +72,7 @@
with_items:
- yum-utils
- koji-builder
- koji-containerbuild-builder
- strace
- mock
- kernel-firmware
@@ -101,6 +102,7 @@
with_items:
- yum-utils
- koji-builder
- koji-containerbuild-builder
- strace
- mock
- kernel-firmware
@@ -187,7 +189,7 @@
- koji_builder
- name: copy over builder cert to /etc/kojid/kojibuilder.pem
copy: src="{{ private }}/files/koji/buildercerts/{{ inventory_hostname }}.pem" dest=/etc/kojid/kojibuilder.pem mode=600
copy: src="{{ private }}/files/koji/buildercerts/{{ inventory_hostname }}.pem" dest=/etc/kojid/kojibuilder.pem mode=600
tags:
- koji_builder
@@ -277,20 +279,20 @@
- koji_builder
- name: set kernel params for more loops
command: /sbin/grubby --update-kernel=ALL --args=max_loop=64
command: /sbin/grubby --update-kernel=ALL --args=max_loop=64
when: max_loop is defined and max_loop.stdout.find("max_loop=64") == -1
tags:
- koji_builder
#
# x86_64 builders run pungify, that needs hfs module in order to make
# The efi/mac images. This module is only needed on rhel.
# The efi/mac images. This module is only needed on rhel.
#
- name: special pkgs for the x86_64 builders
yum: state=present pkg={{ item }}
with_items:
- kmod-hfsplus
- kmod-hfsplus
when: is_rhel is defined and ansible_architecture == 'x86_64' and ansible_distribution_major_version|int == '6'
tags:
- koji_builder

7
roles/koji_builder/templates/kojid.conf
View File

@@ -72,9 +72,14 @@ serverca = /etc/kojid/cacert.pem
{% if 'runroot' in group_names %}
; Config for it lives in /etc/kojid/runroot.conf
plugins = runroot
plugins = runroot builder_container
; We use the hub's plugin path since that's where
; the package installs the builder plugin.
pluginpath = /usr/lib/koji-hub-plugins
{% else %}
plugins = builder_container
{% endif %}

5
roles/koji_hub/tasks/main.yml
View File

@@ -1,6 +1,6 @@
---
#
# Setup koji hub server.
# Setup koji hub server.
#
- name: install koji hub server packages
yum: name={{ item }} state=present
@@ -10,6 +10,7 @@
- koji-web
- koji-utils
- koji-theme-fedora
- koji-containerbuild-hub
- mod_ssl
- mod_wsgi
- git
@@ -188,7 +189,7 @@
- name: instaall fedora-ca.cert in various places
copy: src={{ private }}/files/fedora-ca.cert dest={{ item }} owner=apache
with_items:
with_items:
- /etc/kojira/extras_cacert.pem
- /etc/pki/tls/certs/extras_cacert.pem
- /etc/pki/tls/certs/extras_upload_cacert.pem

14
roles/koji_hub/templates/hub.conf.j2
View File

@@ -1,8 +1,8 @@
[hub]
[hub]
## Basic options ##
DBName = koji
DBUser = koji
DBName = koji
DBUser = koji
{% if inventory_hostname.startswith('koji') %}
DBHost = db-koji01
DBPass = {{ kojiPassword }}
@@ -13,7 +13,7 @@ DBPass = {{ s390kojiPassword }}
DBHost = db-arm-koji01
DBPass = {{ armkojiPassword }}
{% endif %}
KojiDir = /mnt/koji
KojiDir = /mnt/koji
MemoryWarnThreshold = 10000
MaxRequestLength = 83886080
@@ -75,18 +75,18 @@ DisableNotifications = True
#Plugins = koji-disable-builds-plugin
#Plugins = darkserver-plugin
Plugins = fedmsg-koji-plugin runroot_hub
Plugins = fedmsg-koji-plugin runroot_hub hub_containerbuild
{% if inventory_hostname.startswith('koji') %}
[policy]
tag =
tag =
has_perm secure-boot && package kernel shim grub2 fedora-release fedora-repos pesign :: allow
package kernel shim grub2 fedora-release fedora-repos pesign :: deny
all :: allow
channel =
channel =
method createrepo :: use createrepo
has req_channel :: req
is_child_task :: parent