mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-04-27 20:12:54 +08:00
1e0274e20a
OK, now this is the *fourth* time I've done this, maybe I'll screw it up a bit less this time? Maybe? Signed-off-by: Adam Williamson <awilliam@redhat.com>
194 lines
6.4 KiB
YAML
194 lines
6.4 KiB
YAML
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=openqa:openqa_stg"
|
|
|
|
- name: setup base openQA host
|
|
hosts: openqa:openqa_stg
|
|
user: root
|
|
gather_facts: True
|
|
|
|
vars_files:
|
|
- /srv/web/infra/ansible/vars/global.yml
|
|
- "/srv/private/ansible/vars.yml"
|
|
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
|
|
|
pre_tasks:
|
|
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
|
|
|
|
roles:
|
|
- { role: base, tags: ['base'] }
|
|
- { role: rkhunter, tags: ['rkhunter'] }
|
|
- { role: nagios_client, tags: ['nagios_client'] }
|
|
- { role: hosts, tags: ['hosts']}
|
|
- { role: fas_client, tags: ['fas_client'] }
|
|
- { role: collectd/base, tags: ['collectd_base'] }
|
|
- { role: sudo, tags: ['sudo'] }
|
|
- { role: openvpn/client,
|
|
when: deployment_type == "prod", tags: ['openvpn_client'] }
|
|
- apache
|
|
|
|
tasks:
|
|
- import_tasks: "{{ tasks_path }}/2fa_client.yml"
|
|
- import_tasks: "{{ tasks_path }}/motd.yml"
|
|
|
|
handlers:
|
|
- import_tasks: "{{ handlers_path }}/restart_services.yml"
|
|
|
|
- name: configure fedora-messaging queues on openQA servers
|
|
hosts: openqa:openqa_stg
|
|
user: root
|
|
gather_facts: True
|
|
|
|
vars_files:
|
|
- /srv/web/infra/ansible/vars/global.yml
|
|
- "/srv/private/ansible/vars.yml"
|
|
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
|
|
|
roles:
|
|
- role: rabbit/queue
|
|
username: "openqa"
|
|
queue_name: "openqa{{ openqa_env_suffix }}_scheduler"
|
|
routing_keys:
|
|
- "org.fedoraproject.prod.pungi.compose.status.change"
|
|
- "org.fedoraproject.prod.bodhi.update.request.testing"
|
|
- "org.fedoraproject.prod.bodhi.update.edit"
|
|
vars:
|
|
# yes, even the staging scheduler listens to production, it
|
|
# has to or else it wouldn't schedule any jobs
|
|
env: "production"
|
|
env_suffix: ""
|
|
tags: ['rabbit']
|
|
- role: rabbit/queue
|
|
username: "openqa{{ openqa_env_suffix }}"
|
|
queue_name: "openqa{{ openqa_env_suffix }}_resultsdb_reporter"
|
|
routing_keys:
|
|
- "org.fedoraproject.{{ deployment_type }}.openqa.job.done"
|
|
vars:
|
|
# for this role to work correctly we do need to look like a
|
|
# staging server
|
|
env: "{{ openqa_env }}"
|
|
env_suffix: "{{ openqa_env_suffix }}"
|
|
tags: ['rabbit']
|
|
- role: rabbit/queue
|
|
username: "openqa{{ openqa_env_suffix }}"
|
|
queue_name: "openqa{{ openqa_env_suffix }}_wiki_reporter"
|
|
routing_keys:
|
|
- "org.fedoraproject.{{ deployment_type }}.openqa.job.done"
|
|
vars:
|
|
# for this role to work correctly we do need to look like a
|
|
# staging server
|
|
env: "{{ openqa_env }}"
|
|
env_suffix: "{{ openqa_env_suffix }}"
|
|
tags: ['rabbit']
|
|
# relvalconsumer queue, we still use openqa auth for this as it's
|
|
# easy that way
|
|
- role: rabbit/queue
|
|
username: "openqa"
|
|
queue_name: "openqa_relvalconsumer{{ relvalconsumer_env_suffix }}"
|
|
routing_keys:
|
|
- "org.fedoraproject.prod.pungi.compose.status.change"
|
|
vars:
|
|
# yes, even the staging scheduler listens to production, it
|
|
# has to or else it wouldn't schedule any jobs
|
|
env: "production"
|
|
env_suffix: ""
|
|
tags: ['rabbit']
|
|
# autocloudreporter queue, we still use openqa auth for this as it's
|
|
# easy that way
|
|
- role: rabbit/queue
|
|
username: "openqa"
|
|
queue_name: "openqa_autocloudreporter{{ autocloudreporter_env_suffix }}"
|
|
routing_keys:
|
|
- "org.fedoraproject.prod.autocloud.image.failed"
|
|
- "org.fedoraproject.prod.autocloud.image.success"
|
|
vars:
|
|
# yes, even the staging reporter listens to production, the
|
|
# staging autocloud has been inactive since 2017 so there are
|
|
# no results to forward...
|
|
env: "production"
|
|
env_suffix: ""
|
|
tags: ['rabbit']
|
|
# check-compose queue, we still use openqa auth for this as it's
|
|
# easy that way
|
|
- role: rabbit/queue
|
|
username: "openqa{{ checkcompose_env_suffix }}"
|
|
queue_name: "openqa{{ checkcompose_env_suffix }}_checkcomp"
|
|
routing_keys:
|
|
- "org.fedoraproject.{{ deployment_type }}.openqa.job.done"
|
|
vars:
|
|
# for this role to work correctly we do need to look like a
|
|
# staging server
|
|
env: "{{ checkcompose_env }}"
|
|
env_suffix: "{{ checkcompose_env_suffix }}"
|
|
tags: ['rabbit']
|
|
|
|
- name: set up openQA server data NFS mounts (staging)
|
|
hosts: openqa_stg
|
|
|
|
vars_files:
|
|
- /srv/web/infra/ansible/vars/global.yml
|
|
- "/srv/private/ansible/vars.yml"
|
|
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
|
|
|
roles:
|
|
- role: nfs/client
|
|
mnt_dir: '/var/lib/openqa/testresults'
|
|
nfs_src_dir: 'fedora_openqa_stg/testresults'
|
|
nfs_mount_opts: 'rw,bg,nfsvers=3'
|
|
tags: ['nfs_client']
|
|
- role: nfs/client
|
|
mnt_dir: '/var/lib/openqa/images'
|
|
nfs_src_dir: 'fedora_openqa_stg/images'
|
|
nfs_mount_opts: 'rw,bg,nfsvers=3'
|
|
tags: ['nfs_client']
|
|
|
|
handlers:
|
|
- import_tasks: "{{ handlers_path }}/restart_services.yml"
|
|
|
|
- name: set up openQA server data NFS mounts (prod)
|
|
hosts: openqa
|
|
|
|
vars_files:
|
|
- /srv/web/infra/ansible/vars/global.yml
|
|
- "/srv/private/ansible/vars.yml"
|
|
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
|
|
|
roles:
|
|
- role: nfs/client
|
|
mnt_dir: '/var/lib/openqa/testresults'
|
|
nfs_src_dir: 'fedora_openqa/testresults'
|
|
nfs_mount_opts: 'rw,bg,nfsvers=3'
|
|
tags: ['nfs_client']
|
|
- role: nfs/client
|
|
mnt_dir: '/var/lib/openqa/images'
|
|
nfs_src_dir: 'fedora_openqa/images'
|
|
nfs_mount_opts: 'rw,bg,nfsvers=3'
|
|
tags: ['nfs_client']
|
|
|
|
handlers:
|
|
- import_tasks: "{{ handlers_path }}/restart_services.yml"
|
|
|
|
- name: configure openQA
|
|
hosts: openqa:openqa_stg
|
|
user: root
|
|
gather_facts: True
|
|
|
|
vars_files:
|
|
- /srv/web/infra/ansible/vars/global.yml
|
|
- "/srv/private/ansible/vars.yml"
|
|
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
|
|
|
# relvalconsumer and autocloudreporter aren't particularly related
|
|
# to openQA in any way, we just put those role on these boxes. There's
|
|
# nowhere more obviously correct for rvc and acr should be on an
|
|
# Autocloud box but I don't know if they're authed for RDB.
|
|
roles:
|
|
- { role: openqa/server, tags: ['openqa_server'] }
|
|
- { role: openqa/dispatcher, tags: ['openqa_dispatcher'] }
|
|
- { role: check-compose, tags: ['check-compose'] }
|
|
- { role: fedmsg/base, tags: ['fedmsg_base', 'fedmsg'] }
|
|
- { role: fedmsg/hub, tags: ['fedmsg_hub', 'fedmsg'] }
|
|
- { role: relvalconsumer, tags: ['relvalconsumer'] }
|
|
- { role: autocloudreporter, tags: ['autocloudreporter'] }
|
|
|
|
handlers:
|
|
- import_tasks: "{{ handlers_path }}/restart_services.yml"
|