--- - name: Set root passwd ansible.builtin.user: name: root password: "{{ builder_rootpw }}" tags: - rootpw - name: Add mock user as 425 ansible.builtin.user: name: mock uid: 425 home: /var/lib/mock system: true - name: Make mock homedir 2775 ansible.builtin.file: state: directory path: /var/lib/mock mode: "2775" owner: mock group: mock - name: Add mock ssh dir ansible.builtin.file: state: directory path: /var/lib/mock/.ssh mode: "700" owner: mock group: mock - name: Add mock ssh keys ansible.builtin.copy: src: "{{ files }}/../roles/koji_builder/files/mock_auth_keys" dest: /var/lib/mock/.ssh/authorized_keys mode: "644" owner: mock group: mock - name: Add ftpsync group ansible.builtin.group: name: ftpsync gid: 263 system: true - name: Add ftpsync user ansible.builtin.user: name: ftpsync uid: 263 group: ftpsync system: yes - name: Add create-filelist script from quick-fedora-mirror ansible.builtin.copy: src: "{{ files }}/scripts/create-filelist" dest: /usr/local/bin/create-filelist mode: "755" owner: ftpsync group: ftpsync - name: Add the ftpsync update-fullfiletimelist script ansible.builtin.copy: src: "{{ files }}/scripts/update-fullfiletimelist" dest: /usr/local/bin/update-fullfiletimelist mode: "755" # ftbfs user = 264 - name: Add ftbfs group ansible.builtin.group: name: ftbfs gid: 264 system: true when: inventory_hostname.startswith('compose-x86-01') tags: - ftbfs - name: Add ftbfs user ansible.builtin.user: name: ftbfs uid: 264 group: ftbfs system: true when: inventory_hostname.startswith('compose-x86-01') tags: - ftbfs - name: Add ftbfs script config file ansible.builtin.template: src: ftbfs.cfg.j2 dest: /etc/ftbfs.cfg mode: "644" when: inventory_hostname.startswith('compose-x86-01') tags: - ftbfs - name: Add ftbfs cache dir ansible.builtin.file: state: directory path: /home/ftbfs/.cache mode: "2775" owner: ftbfs group: ftbfs when: inventory_hostname.startswith('compose-x86-01') tags: - ftbfs - name: Copy ftbfs weekly script ansible.builtin.copy: src: ftbfs.sh dest: /usr/local/bin/ftbfs.sh mode: "755" when: inventory_hostname.startswith('compose-x86-01') tags: - ftbfs - name: Add ftbfs weekly cron job ansible.builtin.copy: src: ftbfs.cron dest: /etc/cron.weekly/ mode: "755" when: inventory_hostname.startswith('compose-x86-01') tags: - ftbfs # masher user 751 - name: Add masher group ansible.builtin.group: name: masher gid: 751 system: true - name: Add masher user as 751 - and group ansible.builtin.user: name: masher uid: 751 group: masher home: /home/masher groups: mock,ftpsync # masher ssh keys and config - name: Add masher ssh dir ansible.builtin.file: state: directory path: /home/masher/.ssh mode: "700" owner: masher group: masher - name: Add masher ssh keys ansible.builtin.copy: src: "mash/masher.{{ item }}" dest: "/home/masher/.ssh/{{ item }}" mode: "600" owner: masher group: masher with_items: - id_rsa.pub - config - name: Add masher ssh priv key ansible.builtin.copy: src: "{{ private }}/files/mash/masher.id_rsa" dest: /home/masher/.ssh/id_rsa mode: "600" owner: masher group: masher - name: Add masher koji cert/key ansible.builtin.copy: src: "{{ private }}/files/mash/masher.pem" dest: /home/masher/.fedora.cert mode: "600" owner: masher group: masher - name: Add releng koji cert/key ansible.builtin.copy: src: "{{ private }}/files/releng_key_and_cert.pem" dest: /root/.fedora.cert mode: "600" owner: root group: root # rawhide group - name: Rawhide group ansible.builtin.group: name: "rawhide" gid: 265 # rawhide user 265 - name: Add rawhide user ansible.builtin.user: name: "rawhide" uid: 265 group: "rawhide" home: "/tmp" create_home: false comment: "rawhide compose account" - name: Make a bunch of dirs ansible.builtin.file: state: directory path: "{{ item }}" mode: "755" with_items: - /pub - /pub/fedora-secondary - /epel - /mnt/fedora_koji - /var/spool/rsyslog - name: Add pkgs ansible.builtin.package: state: present name: - koji - strace - mock - krb5-workstation - nfs-utils - git - intltool - mutt - createrepo - pykickstart - httpd - hardlink - pungi - compose-utils - python3-productmd - ostree - python3-libmodulemd - python3-koji-cli-plugins - make - nosync - python3-gobject - fedora-messaging # needed by pungi to emit fedora-messages. - python3-bugzilla # needed by ftbfs scrips/cron. - fedora-repo-zdicts # needed for pungi to make zchunk repodata - fedrq # needed by `sig_policy` script - rpm-ostree # needed by nightly.sh script - python3-xmltodict # needed for comps - python-bugzilla-cli # for filing bugs/utility tags: - releng # merge this into above after freeze - name: Add packages to rawhide composer ansible.builtin.package: state: present name: - rpm-ostree tags: - releng when: inventory_hostname.startswith('compose-rawhide01.rdu3') - name: Add pkgs from infrastructure testing repo ansible.builtin.dnf: state: present name: python3-libpagure enablerepo: infrastructure-tags-stg - name: Add pkgs ansible.builtin.package: state: present name: - pungi-utils when: "'releng_compose' in group_names or 'releng_compose_eln' in group_names" - name: Custom compose-koji ansible.builtin.template: src: compose-koji.j2 dest: /usr/bin/compose-koji mode: "755" - name: /etc/koji.conf ansible.builtin.template: src: koji.conf.j2 dest: /etc/koji.conf.d/compose.conf mode: "644" - name: Make a mnt/koji link ansible.builtin.file: state: link src: /mnt/fedora_koji/koji dest: /mnt/koji when: "'releng_compose' in group_names or 'releng_compose_eln' in group_names" # Add skopeo for OCI Image management, only in stage first for testing - name: Add pkgs for OCI Image management ansible.builtin.package: state: present name: - skopeo when: env == "staging" # put cron job in for branched compose - name: Branched compose cron ansible.builtin.template: src: branched.j2 dest: /etc/cron.d/branched mode: "644" when: inventory_hostname.startswith('compose-branched01.rdu3') # put cron job in for rawhide compose - name: Rawhide compose cron ansible.builtin.template: src: rawhide.j2 dest: /etc/cron.d/rawhide mode: "644" when: inventory_hostname.startswith('compose-rawhide01.rdu3') # put cron job in for cloud nightly compose - name: Cloud updates compose cron ansible.builtin.template: src: cloud-updates.j2 dest: /etc/cron.d/cloud-updates mode: "644" when: inventory_hostname.startswith('compose-x86-01.rdu3') # put cron job in for docker nightly compose - name: Docker compose cron ansible.builtin.template: src: container-updates.j2 dest: /etc/cron.d/container-updates mode: "644" when: inventory_hostname.startswith('compose-x86-01.rdu3') # put cron job in for IoT stable compose - name: IoT stable compose cron ansible.builtin.copy: src: stable-iot dest: /etc/cron.d/stable-iot mode: "644" when: inventory_hostname.startswith('compose-iot01.rdu3') # put cron job in for IoT rawhide compose - name: IoT rawhide compose cron ansible.builtin.copy: src: rawhide-iot dest: /etc/cron.d/rawhide-iot mode: "644" when: inventory_hostname.startswith('compose-iot01.rdu3') # put cron job in for ELN compose - name: ELN compose cron ansible.builtin.copy: src: eln dest: /etc/cron.d/eln mode: "644" when: inventory_hostname.startswith('compose-eln01.rdu3') # put cron job in for enforcing FESCo SIG Policy # https://docs.fedoraproject.org/en-US/fesco/SIG_policy/ - name: SIG policy cron ansible.builtin.template: src: sig_policy.j2 dest: /etc/cron.d/sig_policy mode: "644" when: inventory_hostname.startswith('compose-x86-01.rdu3') tags: - cronjob - name: Create /etc/pki/fedora-messaging ansible.builtin.file: dest: /etc/pki/fedora-messaging mode: "775" owner: root group: root state: directory tags: - config - releng - name: Deploy the fedora-messaging CA ansible.builtin.copy: src: "{{ private }}/files/rabbitmq/{{ env }}/ca-combined.crt" dest: /etc/pki/fedora-messaging/rabbitmq-ca.crt mode: "644" owner: apache group: apache tags: - config - releng - name: Deploy the fedora-messaging cert ansible.builtin.copy: src: "{{ private }}/files/rabbitmq/{{ env }}/pki/issued/pungi{{ env_suffix }}.crt" dest: /etc/pki/fedora-messaging/rabbitmq-pungi.crt mode: "644" owner: apache group: apache tags: - config - releng - name: Deploy the fedora-messaging key ansible.builtin.copy: src: "{{ private }}/files/rabbitmq/{{ env }}/pki/private/pungi{{ env_suffix }}.key" dest: /etc/pki/fedora-messaging/rabbitmq-pungi.key mode: "600" owner: apache group: apache tags: - config - releng - name: Install fedora-messaging config ansible.builtin.template: src: fedora-messaging.toml.j2 dest: /etc/fedora-messaging/config.toml owner: apache group: apache mode: "600" tags: - config - releng - name: Install compose /etc/httpd/conf.d/compose.conf file ansible.builtin.copy: src: compose.conf dest: /etc/httpd/conf.d/compose.conf owner: root group: root mode: "644" notify: - Reload httpd tags: - config when: inventory_hostname.startswith('compose-x86-01')