--- - name: OpenStack package repository for RHEL8, noarch only ansible.builtin.copy: content: | [openstack-for-rhel8] name = RHEL OpenStack RPMs baseurl = https://infrastructure.fedoraproject.org/repo/rhel/rhel8/other/rhel-8-x86_64-openstack-16-rpms/ gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release enabled=1 gpgcheck=1 exclude=*x86_64* dest: /etc/yum.repos.d/openstack.repo tags: - config - openstack # - name: Enable swap in fstab # mount: name=none src=LABEL=swap # fstype=swap opts=sw passno=0 dump=0 # state=present # register: fstab_swap_entry # tags: swap # - name: Mount the swap # ansible.builtin.shell: swapon -a # when: fstab_swap_entry.changed # tags: swap - name: Install the default profile script ansible.builtin.copy: src=profile.sh dest=/etc/profile.d/copr-hypervisor.sh tags: profile_scripts - name: Install libvirt packages ansible.builtin.package: name={{ item }} state=present with_items: - qemu-kvm - libguestfs-tools-c - libvirt - libvirt-daemon - podman - virt-install - python3-glanceclient tags: - openstack - packages - libvirtd - name: Install libvirtd.conf ansible.builtin.copy: src="{{ files }}/virthost/libvirtd.conf" dest=/etc/libvirt/libvirtd.conf notify: - Restart libvirtd tags: - libvirtd - config - set_fact: image_pool_dir=/libvirt-images image_pool_name=images tags: libvirtd - name: Create libvirt image directory ansible.builtin.file: path={{ image_pool_dir }} owner=qemu group=qemu mode=ug=rwx,g+s state=directory tags: libvirtd - name: Mount libvirt image partition mount: name={{ image_pool_dir }} src='LABEL=vmvolumes' fstype=ext4 state=mounted tags: libvirtd - name: Correct selinux sefcontext: target: "{{ image_pool_dir }}(/.*)?" setype: virt_image_t state: present register: semanage_run tags: libvirtd - name: Restorecon ansible.builtin.shell: restorecon -irv "{{ image_pool_dir }}" when: semanage_run.changed tags: libvirtd - name: Check host-bridge in libvirt ansible.builtin.shell: virsh net-info host-bridge register: libvirt_bridge_exists failed_when: false changed_when: libvirt_bridge_exists.rc != 0 tags: libvirtd - name: Copy host-bridge config file to host ansible.builtin.copy: src=libvirt-net-bridge.xml dest=/root/.tmp-ansible-file.xml when: libvirt_bridge_exists.changed tags: libvirtd - name: Define host-bridge in libvirt ansible.builtin.shell: | virsh net-define /root/.tmp-ansible-file.xml virsh net-start host-bridge virsh net-autostart host-bridge when: libvirt_bridge_exists.changed notify: Restart libvirtd tags: libvirtd - name: Check if image pool exists ansible.builtin.shell: virsh pool-info "{{ image_pool_name }}" register: libvirt_pool_exists failed_when: false changed_when: libvirt_pool_exists.rc != 0 tags: libvirtd - name: Copy image pool config file to host ansible.builtin.template: src=libvirt-pool-images.xml dest=/root/.tmp-ansible-file.xml when: libvirt_pool_exists.changed tags: libvirtd - name: Define image pool in libvirt ansible.builtin.shell: | virsh pool-define /root/.tmp-ansible-file.xml virsh pool-start "{{ image_pool_name }}" virsh pool-autostart "{{ image_pool_name }}" when: libvirt_pool_exists.changed notify: Restart libvirtd tags: libvirtd - name: Allow copr user controlling libvirt ini_file: path: /usr/lib/systemd/system/libvirtd.socket section: Socket option: SocketGroup value: libvirt backup: yes notify: - Reload systemd - Restart libvirtd.socket tags: libvirtd - name: Create the copr user user: name=copr uid=11666 group=libvirt groups=qemu password_lock=true - name: Assure that copr-be can ssh there as copr@... authorized_key: user=copr key="{{ item }}" with_file: - buildsys.pub - name: Add @copr keys for sysadmin-main and other allowed users authorized_key: user=copr key="{{ item }}" with_lines: - "{{ auth_keys_from_fas }} @sysadmin-copr" tags: - copr_admins - config - sshkeys # todo: generate it's own key - name: Make sure hostA can ssh to hostB ansible.builtin.copy: src: "{{ private }}/files/copr/buildsys.priv" dest: /home/copr/.ssh/id_rsa owner: copr mode: "0600" - name: Provide pub key, too, so we can install them to generated builder images ansible.builtin.copy: src=buildsys.pub dest=/home/copr/.ssh/id_rsa.pub owner=copr mode=0600 - name: Enable praiskup-helpers repo community.general.copr: state: enabled name: praiskup/helpers # TODO: fix error in the Copr Ansible module: # Chroot rhel-8.5-ppc64le does not exist in praiskup/helpers chroot: "{{ 'epel-8-x86_64' if ansible_distribution != 'Fedora' else 'fedora-40-x86_64' }}" tags: - update_helpers - packages - name: Install the latest helper package ansible.builtin.package: name=praiskup-helpers state=latest tags: - update_helpers - packages - name: Install configuration for /bin/copr-image ansible.builtin.copy: dest: /etc/eimg/eimg.sh content: | EIMG_COPR_PLAYBOOK_DIR=/home/copr/provision EIMG_COPR_PLAYBOOK=local-image-update.yml EIMG_FINAL_SYSPREP_ARGS=(--ssh-inject "root:file:$HOME/.ssh/id_rsa.pub" --run-command "chcon -v -R -h system_u:object_r:ssh_home_t:s0 /root/.ssh" ) EIMG_ANSIBLE_IN_CONTAINER=: tags: provision_config - name: Setup provision directory include_tasks: "{{ roles_path }}/copr/backend/tasks/setup_provisioning_environment.yml" vars: provision_directory: /home/copr/provision provision_user: copr tags: always - name: Ensure weekly cleanup of virtlogd/qemu logs older than 30 days ansible.builtin.cron: name: "Cleanup old virtlogd-qemu logs" minute: 0 hour: 3 weekday: 1 user: root job: | find /var/log/libvirt/qemu -maxdepth 1 -type f -name '*.log' -mtime +30 -delete tags: - cron