fedora-infra_ansible/roles/koji_builder/tasks/main.yml

#
# This is a base koji_builder role.
#
- name: set hostname
  hostname: name="{{inventory_hostname}}"
  tags:
  - koji_builder

- name: set root passwd
  user: name=root password={{ builder_rootpw }} state=present
  tags:
  - koji_builder
  - rootpw

- name: add mock user as 425
  user: name=mock uid=425 state=present home=/var/lib/mock createhome=yes system=yes
  tags:
  - koji_builder

- name: make mock homedir perms
  file: state=directory path=/var/lib/mock mode=2775 owner=root group=mock
  tags:
  - koji_builder

- name: add mock ssh dir
  file: state=directory path=/var/lib/mock/.ssh mode=700 owner=mock group=mock
  tags:
  - koji_builder

- name: add mock ssh keys
  copy: src=mock_auth_keys dest=/var/lib/mock/.ssh/authorized_keys mode=640 owner=mock group=mock
  tags:
  - koji_builder

- name: add kojibuilder
  user: name=kojibuilder groups=mock
  tags:
  - koji_builder

- name: add mockbuilder
  user: name=mockbuilder groups=mock
  tags:
  - koji_builder

- name: mockbuilder .ssh dir
  file: state=directory path=/home/mockbuilder/.ssh mode=700 owner=mockbuilder group=mockbuilder
  tags:
  - koji_builder

- name: mockbuilder ssh key
  copy: src=ftbfs_auth_keys dest=/home/mockbuilder/.ssh/authorized_keys mode=644 owner=mockbuilder group=mockbuilder
  tags:
  - koji_builder

- name: make a bunch of dirs
  file: state=directory path={{ item }}
  with_items:
    - /pub
    - /mnt/fedora_koji
    - /pub/fedora
    - /pub/epel
  tags:
  - koji_builder

- name: add pkgs
  dnf: state=present pkg={{ item }}
  with_items:
    - yum-utils
    - koji-builder
    - python-osbs-client
    - koji-containerbuild-builder
    - strace
    - mock
    - kernel-firmware
    - kernel-modules
    - ntp
    - ntpdate
    - rsyslog
    - audit
    - pycdio
    - python-kickstart
    - libvirt-client
    - oz
    - imagefactory
    - imagefactory-plugins-TinMan
    - imagefactory-plugins-Docker
    - imagefactory-plugins-vSphere
    - imagefactory-plugins-ovfcommon
    - imagefactory-plugins
    - imagefactory-plugins-OVA
    - imagefactory-plugins-EC2
    - imagefactory-plugins-RHEVM
    - python-psphere
    - VMDKstream
    - pykickstart
  tags:
  - koji_builder
  when: ansible_architecture != 's390x'

- name: add pkgs (s390x)
  dnf: state=present pkg={{ item }}
  with_items:
    - yum-utils
    - koji-builder
    - python-osbs-client
    - koji-containerbuild-builder
    - strace
    - mock
    - kernel-firmware
    - ntp
    - ntpdate
    - rsyslog
    - audit
    - pycdio
    - python-kickstart
    - pykickstart
  tags:
  - koji_builder
  when: ansible_architecture == 's390x'

- name: enable virtlogd service
  service: name=virtlogd state=started enabled=yes
  tags:
  - koji_builder
  when: ansible_distribution_major_version|int > 23 and ansible_architecture != 's390x'

- name: build /etc/kojid/kojid.conf from group vars
  template: src=kojid.conf dest=/etc/kojid/kojid.conf
  notify:
  - restart kojid
  tags:
  - koji_builder

- name: build /etc/koji/koji.conf from group vars
  template: src=koji.conf dest=/etc/koji.conf
  tags:
  - koji_builder

- name: config for the kojid runroot plugin (only some builders)
  template: src=runroot.conf.j2 dest=/etc/kojid/plugins/runroot.conf
  when: "'runroot' in group_names"
  notify:
  - restart kojid
  tags:
  - koji_builder

- name: override kojid.service file to set TasksMax to unlimited
  copy: src=kojid.service dest=/etc/systemd/system/kojid.service
  notify:
  - reload systemd
  - restart kojid
  tags:
  - koji_builder

# setup for oz/imagefactory
- name: make .psphere dir
  file: state=directory path=/root/.psphere mode=775 owner=root group=root
  tags:
  - koji_builder

- name: make .psphere/templates dir
  file: state=directory path=/root/.psphere/templates mode=775 owner=root group=root
  tags:
  - koji_builder

- name: copy over /root/.psphere/config.yaml
  copy: src={{ private }}/files/koji/config.yaml dest=/root/.psphere/config.yaml
  tags:
  - koji_builder
  when: ansible_architecture != 's390x'
# done oz/imagefactory

- name: copy over /etc/security/limits.conf
  copy: src=limits.conf dest=/etc/security/limits.conf
  tags:
  - koji_builder

# oz.cfg  upstream ram and cpu definitions are not enough
- name: oz.cfg
  copy: src=oz.cfg dest=/etc/oz/oz.cfg
  when: not inventory_hostname.startswith(('buildppc','buildvm-s390x'))
  tags:
  - koji_builder

# install libvirtd.conf
#
# This provides us with the ability to use virt-manager from non root accounts.
# This is useful in the oz/imagefactory context for debugging

- name: install libvirtd.conf
  copy: src="{{ files }}/virthost/libvirtd.conf" dest=/etc/libvirt/libvirtd.conf
  notify:
  - restart libvirtd
  tags:
  - koji_builder
  when: ansible_architecture != 's390x'

#
# On primary we want to make a /mnt/koji link to /mnt/fedora_koji/koji
#

- name: make a mnt/koji link
  file: state=link src=/mnt/fedora_koji/koji dest=/mnt/koji
  when: koji_hub_nfs is defined and koji_hub_nfs == "fedora_koji" and createrepo == True
  tags:
  - koji_builder

- name: make a mnt/koji link
  file: state=link src=/mnt/fedora_koji/koji dest=/mnt/koji
  when: inventory_hostname == "buildvm-s390x-01.s390.fedoraproject.org"
  tags:
  - koji_builder

#
# alternative arch builders however want to link to just /mnt/fedora_koji
#

- name: make a mnt/koji link
  file: state=link src=/mnt/fedora_koji dest=/mnt/koji
  when: koji_hub_nfs is defined and koji_hub_nfs != "fedora_koji" and createrepo == True
  tags:
  - koji_builder

- name: mock site-defaults.cfg
  template: src=builders/site-defaults.cfg dest=/etc/mock/site-defaults.cfg mode=0644 owner=root group=mock
  when: not inventory_hostname.startswith('bkernel')
  tags:
  - koji_builder

#
# x86_64 builders run pungify, that needs hfs module in order to make
# The efi/mac images. This module is only needed on rhel.
#

- name: special pkgs for the x86_64 builders
  package: state=present pkg={{ item }}
  with_items:
  - kmod-hfsplus
  when: is_rhel is defined and ansible_architecture == 'x86_64' and ansible_distribution_major_version|int == '6'
  tags:
  - koji_builder

# Before, the builders had the "apache" role. This is a temporary play to remove the httpd daemon everywhere
- name: Uninstall httpd
  package: name=httpd
           state=absent
  tags:
  - koji_builder
  - removehttpd

- name: Add the Apache group
  group: name=apache 
         gid=48
         system=yes
         state=present
  tags:
  - koji_builder
  - removehttpd

- name: Create the apache user
  user: name=apache
        uid=48 
        createhome=no
        group=apache
        home=/usr/share/httpd
        shell=/sbin/nologin
        system=yes
        state=present
  tags:
  - koji_builder
  - removehttpd

- name: make sure we are in permissive selinux mode
  selinux: policy=targeted state=permissive
  tags:
  - koji_builder
  - selinux