--- - name: Install packages needed by resalloc server dnf: state: present name: - genisoimage - libvirt-client - postgresql-server - python3-psycopg2 - python3-ibm-vpc - resalloc - resalloc-server - resalloc-openstack - resalloc-aws - resalloc-webui - resalloc-ibm-cloud - virt-install - yq - name: Install IP to YAML spawner script copy: content: | #! /bin/sh -ex echo --- echo name: "$RESALLOC_NAME" hostname=$( "$@" ) echo host: "$hostname" mode: "0755" dest: /usr/local/bin/copr-resalloc-vm-ip-to-yaml tags: provision_config - name: Install a copr specific IP checker copy: content: | #!/usr/bin/sh die() { echo "$*" >&2 ; exit 1; } PS4='[$(date +%Y-%m-%d\ %H:%M:%S)] + ' set -x set -e test -n "$RESALLOC_NAME" test -n "$RESALLOC_RESOURCE_DATA" decoded=$(echo "$RESALLOC_RESOURCE_DATA" | base64 --decode) IP=$(echo "$decoded" | yq .host || :) if test -z "$IP"; then set -- $(echo "$decoded") IP=$1 fi case $RESALLOC_NAME in *vmhost_p09_02_prod_01867876_20260202_151259*) exit 0 ;; esac ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ConnectTimeout=10 "${SSH_USER-root}@$IP" true mode: "0755" dest: /usr/local/bin/resalloc-check-vm-ip tags: - provision_config - ip_checking_script - name: See if postgreSQL is initialized stat: path=/var/lib/pgsql/data/PG_VERSION register: postgres_initialized - name: Init postgresql ansible.builtin.shell: "postgresql-setup initdb" when: not postgres_initialized.stat.exists - name: Enable PostgreSQL service service: state=started enabled=yes name=postgresql - name: Allow system users to conenct into the database lineinfile: path: /var/lib/pgsql/data/pg_ident.conf line: "{{ item }}" owner: postgres group: postgres mode: "0600" with_items: - "all postgres postgres" - "all resalloc resalloc" - "all lighttpd resalloc" - name: Configure access to the resalloc database postgresql_pg_hba: dest: /var/lib/pgsql/data/pg_hba.conf contype: local databases: all users: all method: peer options: map=all - name: Create PG user postgresql_user: name="resalloc" become: yes become_user: postgres - name: Create db postgresql_db: name="resalloc" encoding='UTF-8' owner=resalloc become: yes become_user: postgres - set_fact: provision_directory: /var/lib/resallocserver/provision ibmcloud_token_file: /var/lib/resallocserver/.ibm-cloud-token tags: - always - name: Setup provision directory include_tasks: setup_provisioning_environment.yml tags: - always vars: cloud_vars: true provision_user: resalloc - name: Install .ansible.cfg for {{ provision_user }} user ansible.builtin.copy: src=ansible.cfg dest=/var/lib/resallocserver/.ansible.cfg owner=resalloc group=resalloc mode=600 tags: - provision_config - name: Resalloc, sync resalloc provisioning files ansible.posix.synchronize: src: "resalloc_provision/" dest: "/var/lib/resallocserver/resalloc_provision/" rsync_opts: - "--chown=resalloc:resalloc" - "--no-perms" tags: - provision_config - name: Resalloc, perms for provisioning files, D700, F600, Preserve Executable ansible.builtin.file: path: "/var/lib/resallocserver/resalloc_provision/" owner: resalloc group: resalloc mode: 'g-rwx,o-rwx' state: directory recurse: yes tags: - provision_config - name: Resalloc, scripts ansible.builtin.template: src: "resalloc/{{ item }}.j2" dest: "/var/lib/resallocserver/resalloc_provision/{{ item }}" mode: "0700" with_items: - vm-delete - vm-release - ibm-cloud-list-deleting-vms - osuosl-vm - osuosl-list tags: - provision_config - name: Resalloc, ssh directory ansible.builtin.file: path: /var/lib/resallocserver/.ssh state: directory mode: "0700" owner: resalloc group: resalloc - name: Resalloc, copy backend ssh identity ansible.builtin.copy: src: "{{ private }}/files/copr/buildsys.priv" dest: /var/lib/resallocserver/.ssh/id_rsa owner: resalloc group: resalloc mode: "0600" - name: Resalloc, ssh config file ansible.builtin.template: src: "ssh_config.j2" dest: /var/lib/resallocserver/.ssh/config owner: resalloc group: resalloc mode: "0600" tags: - backend_to_hv_ssh_config - provision_config - name: Resalloc, server config ansible.builtin.template: src: "resalloc/{{ item }}" dest: "/etc/resallocserver/{{ item | replace('.j2', '') }}" mode: "0640" owner: resalloc group: resalloc with_items: - server.yaml.j2 - pools.yaml.j2 tags: - provision_config - resalloc_config - name: Start/enable resalloc server service: name: resalloc state: started enabled: yes when: not services_disabled|bool - name: Shortcuts around resalloc-aws-start ansible.builtin.template: src="{{ roles_path }}/copr/backend/templates/provision/copr-resalloc-aws-new.j2" dest="/usr/local/bin/copr-resalloc-aws-new-{{ item }}" mode=0755 with_items: - aarch64 - x86_64 tags: - provision_config - provision_config_resalloc_aws - name: Shortcut for creating s390x images in cloud ansible.builtin.copy: src: copr-prepare-s390x-image-builder dest: /usr/local/bin/copr-prepare-s390x-image-builder mode: "0755" tags: - images_s390x - name: Sometimes it is worth having the copr.py ansible plugin ansible.builtin.package: name=ansible-collection-community-general state=latest - name: Install IBM Cloud token file ansible.builtin.copy: content: "IBMCLOUD_API_KEY={{ copr_cloud_ibm_token | default('unset') }}" dest: "{{ ibmcloud_token_file }}" owner: resalloc group: resalloc mode: "0600" tags: - provision_config