# create a new releng system # NOTE: should be used with --limit most of the time # NOTE: make sure there is room/space for this instance on the buildvmhost # NOTE: most of these vars_path come from group_vars/releng or from hostvars --- - import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" vars: myhosts: "releng_compose:releng_compose_stg:releng_compose_eln:releng_compose_riscv" - name: Setup releng compose hosts hosts: releng_compose:releng_compose_stg:releng_compose_eln:releng_compose_riscv user: root gather_facts: true tags: - releng-compose vars_files: - /srv/web/infra/ansible/vars/global.yml - "/srv/web/infra/ansible/vars/all/00-FedoraCycleNumber.yaml" - "/srv/web/infra/ansible/vars/all/FedoraBranched.yaml" - "/srv/web/infra/ansible/vars/all/FedoraBranchedNumber.yaml" - "/srv/web/infra/ansible/vars/all/FedoraPreviousCycleNumber.yaml" - "/srv/web/infra/ansible/vars/all/FedoraPreviousPrevious.yaml" - "/srv/web/infra/ansible/vars/all/FedoraPreviousPreviousCycleNumber.yaml" - "/srv/private/ansible/vars.yml" - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" roles: - base - hosts - ipa/client - rkhunter - nagios_client - zabbix/zabbix_agent - collectd/base - sudo - role: keytab/service service: compose host: "compose-x86-01.stg.rdu3.fedoraproject.org" when: env == "staging" - role: keytab/service service: compose host: "koji{{env_suffix}}.fedoraproject.org" owner_group: releng-team when: env == "staging" or koji_instance == "primary" - role: keytab/service service: compose host: "riscv-koji.fedoraproject.org" owner_group: sysadmin-riscv when: koji_instance == "secondary" - role: keytab/service service: mash host: "koji{{env_suffix}}.fedoraproject.org" when: env == "staging" or koji_instance == "primary" - role: releng tags: - releng # production composer nfs mounts - role: nfs/client mnt_dir: '/mnt/fedora_koji' nfs_src_dir: "{{ koji_hub_nfs }}" when: "'releng_compose' or 'releng_compose_eln' in group_names" - role: nfs/client mnt_dir: '/mnt/koji/ostree' nfs_src_dir: 'fedora_ostree_content/ostree' when: "'releng_compose' in group_names" - role: nfs/client mnt_dir: '/mnt/koji/compose/ostree' nfs_src_dir: 'fedora_ostree_content/compose/ostree' when: "'releng_compose' in group_names" - role: nfs/client mnt_dir: '/mnt/koji/ostree' nfs_src_dir: 'fedora_ostree_content/ostree' when: "'releng_compose' in group_names" - role: nfs/client mnt_dir: '/mnt/koji/compose/ostree' nfs_src_dir: 'fedora_ostree_content/compose/ostree' when: "'releng_compose' in group_names" - role: nfs/client mnt_dir: '/pub' nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' when: "'releng_compose' or 'releng_compose_eln' in group_names and koji_instance != 'secondary'" - role: nfs/client mnt_dir: '/mnt/fedora_riscv_koji' nfs_src_dir: "{{ koji_hub_nfs }}" when: "'releng_compose_riscv' in group_names" # staging composer nfs mounts - role: nfs/client mnt_dir: '/mnt/fedora_koji_prod' nfs_src_dir: "{{ koji_hub_nfs }}" mount_stg: true nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3" when: "'releng_compose_stg' in group_names" - role: nfs/client mnt_dir: '/mnt/fedora_koji_prod/koji/ostree' nfs_src_dir: 'fedora_ostree_content/ostree' mount_stg: true nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3" when: "'releng_compose_stg' in group_names" - role: nfs/client mnt_dir: '/mnt/fedora_koji_prod/koji/compose/ostree' nfs_src_dir: 'fedora_ostree_content/compose/ostree' mount_stg: true nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3" when: "'releng_compose_stg' in group_names" - role: nfs/client mnt_dir: '/srv/fedora_ftp_archive' nfs_src_dir: 'fedora_ftp_archive' when: inventory_hostname.startswith('compose-rawhide') # # mount archive volumes on composer so we can run the archiving script there. # - role: nfs/client mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive00' nfs_src_dir: '/fedora_koji_archive00' when: "'releng_compose' in group_names" - role: nfs/client mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive01' nfs_src_dir: '/fedora_koji_archive01' when: "'releng_compose' in group_names" - role: nfs/client mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive02' nfs_src_dir: '/fedora_koji_archive02' when: "'releng_compose' in group_names" - role: nfs/client mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive03' nfs_src_dir: '/fedora_koji_archive03' when: "'releng_compose' in group_names" - role: nfs/client mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive04' nfs_src_dir: '/fedora_koji_archive04' when: "'releng_compose' in group_names" - role: nfs/client mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive05' nfs_src_dir: '/fedora_koji_archive05' when: "'releng_compose' in group_names" - role: nfs/client mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive06' nfs_src_dir: '/fedora_koji_archive06' when: "'releng_compose' in group_names" - role: rabbit/user user_name: "pungi{{ env_suffix }}" user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(pungi|compose|logger)\..* when: koji_instance == "primary" or env == "staging" - { role: "push-container-registry", cert_dest_dir: "/etc/docker/certs.d/registry.stg.fedoraproject.org", cert_src: "{{private}}/files/docker-registry/staging/pki/issued/containerstable.crt", key_src: "{{private}}/files/docker-registry/staging/pki/private/containerstable.key", when: env == "staging" } - { role: "push-container-registry", cert_dest_dir: "/etc/docker/certs.d/registry.fedoraproject.org", cert_src: "{{private}}/files/docker-registry/{{env}}/pki/issued/containerstable.crt", key_src: "{{private}}/files/docker-registry/{{env}}/pki/private/containerstable.key", when: env == "production" } - { role: login-registry, candidate_registry: "candidate-registry.stg.fedoraproject.org", candidate_registry_osbs_username: "{{candidate_registry_osbs_stg_username}}", candidate_registry_osbs_password: "{{candidate_registry_osbs_stg_password}}", when: env == "staging" } - { role: login-registry, candidate_registry: "candidate-registry.fedoraproject.org", candidate_registry_osbs_username: "{{candidate_registry_osbs_prod_username}}", candidate_registry_osbs_password: "{{candidate_registry_osbs_prod_password}}", when: env == "production" } - { role: login-registry, candidate_registry: "quay.io", candidate_registry_osbs_username: "{{quay_io_username}}", candidate_registry_osbs_password: "{{quay_io_password}}", when: env == "production" } tasks: # this is how you include other task lists - name: install skopeo and buildah for container management ansible.builtin.package: name: - skopeo - buildah tags: - containerrebuild - name: Install ansible for container automated rebuilds ansible.builtin.package: name: - ansible - python3-dockerfile-parse tags: - containerrebuild - name: Set releng user keytab ansible.builtin.copy: src: "{{private}}/files/keytabs/{{env}}/releng" dest: /etc/krb5.releng.keytab owner: root group: "releng-team" mode: "0640" tags: - containerrebuild - name: Install fedpkg in case we need to run scripts that require it ansible.builtin.package: name: - fedpkg tags: - packages - name: Copy releng ssh key for rebuild fedpkg/distgit pushes ansible.builtin.copy: src: "{{private}}/files/releng/sshkeys/container-rebuild-{{env}}" dest: /etc/pki/releng owner: root group: "releng-team" mode: "0600" tags: - containerrebuild - name: Place relengpush script for automatic rebuilds ansible.builtin.copy: src: "{{files}}/releng/relengpush" dest: "/usr/local/bin/relengpush" owner: root group: "releng-team" mode: "0750" tags: - containerrebuild - name: Place relengpush int script for automatic rebuilds ansible.builtin.copy: src: "{{files}}/releng/relengpush-int" dest: "/usr/local/bin/relengpush-int" owner: root group: "releng-team" mode: "0750" tags: - containerrebuild handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml"