fedora-infra_ansible/playbooks/groups/buildvm.yml

# create a new koji builder
# NOTE: should be used with --limit most of the time
# NOTE: make sure there is room/space for this builder on the buildvmhost
# NOTE: most of these vars_path come from group_vars/buildvm or from hostvars

- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=buildvm:buildvm-stg:buildvm-aarch64:buildvm-ppc64:buildvm-ppc64le:buildppcle:buildppc:buildvm-s390:buildvm-ppc64-stg:buildvm-ppc64le-stg:buildvm-aarch64-stg"

- name: make koji builder(s)
  hosts: buildvm:buildvm-stg:buildvm-aarch64:buildvm-ppc64:buildvm-ppc64le:buildppcle:buildppc:buildvm-s390:buildvm-ppc64-stg:buildvm-ppc64le-stg:buildvm-aarch64-stg
  user: root
  gather_facts: True

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  pre_tasks:
  - include: "{{ tasks }}/yumrepos.yml"

  roles:
  - base
  - hosts
  - apache
  - { role: nfs/client, mnt_dir: '/mnt/fedora_koji',  nfs_src_dir: "{{ koji_hub_nfs }}" }
  - { role: fas_client, when: not inventory_hostname.startswith('bkernel') }
  - { role: sudo, when: not inventory_hostname.startswith('bkernel') }
  - koji_builder
  - role: keytab/service
    kt_location: /etc/kojid/kojid.keytab
    service: compile
  - role: keytab/service
    owner_user: root
    owner_group: root
    service: osbs
    host: "osbs.fedoraproject.org"
    when: env == "production"
  - role: keytab/service
    owner_user: root
    owner_group: root
    service: osbs
    host: "osbs.stg.fedoraproject.org"
    when: env == "staging"

  tasks:
  - include: "{{ tasks }}/2fa_client.yml"
    when: not inventory_hostname.startswith('bkernel')
  - include: "{{ tasks }}/motd.yml"
    when: not inventory_hostname.startswith('bkernel')

  - name: make sure httpd is running
    service: name=httpd state=running enabled=yes

  - name: make sure kojid is running
    service: name=kojid state=running enabled=yes

  handlers:
  - include: "{{ handlers }}/restart_services.yml"

- name: configure osbs on koji builders
  hosts: buildvm:buildvm-stg
  tags:
    - osbs
  user: root
  gather_facts: True

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  pre_tasks:
  - include: "{{ tasks }}/osbs_certs.yml"
  - include: "{{ tasks }}/osbs_repos.yml"

  roles:
  - {
      role: osbs-client,
        when: env == 'staging' and ansible_architecture == 'x86_64',
        general: {
          verbose: 0,
          build_json_dir: '/etc/osbs/input/',
          openshift_required_version: 1.1.0,
        },
        default: {
          username: "{{ osbs_koji_stg_username }}",
          password: "{{ osbs_koji_stg_password }}",
          koji_use_kerberos: True,
          koji_kerberos_keytab: "FILE:/etc/krb5.osbs_{{osbs_url}}.keytab",
          koji_kerberos_principal: "osbs/{{osbs_url}}@{{ipa_realm}}",
          openshift_url: 'https://{{ osbs_url }}/',
          registry_uri: 'https://{{ docker_registry }}/v2',
          source_registry_uri: 'https://{{ source_registry }}/v2',
          build_host: '{{ osbs_url }}',
          koji_root: 'http://{{ koji_root }}',
          koji_hub: 'https://koji.stg.fedoraproject.org/kojihub',
          sources_command: 'fedpkg sources',
          build_type: 'prod',
          authoritative_registry: 'registry.example.com',
          vendor: 'Fedora Project',
          verify_ssl: true,
          use_auth: true,
          builder_use_auth: true,
          distribution_scope: 'private',
          registry_api_versions: 'v2',
          builder_openshift_url: 'https://{{osbs_url}}'
        }
    }
  - {
      role: osbs-client,
        when: env == 'production' and ansible_architecture == 'x86_64',
        general: {
          verbose: 0,
          build_json_dir: '/etc/osbs/input/',
          openshift_required_version: 1.1.0,
        },
        default: {
          username: "{{ osbs_koji_prod_username }}",
          password: "{{ osbs_koji_prod_password }}",
          koji_use_kerberos: True,
          koji_kerberos_keytab: "FILE:/etc/krb5.osbs_{{osbs_url}}.keytab",
          koji_kerberos_principal: "osbs/{{osbs_url}}@{{ipa_realm}}",
          openshift_url: 'https://{{ osbs_url }}/',
          registry_uri: 'https://{{ docker_registry }}/v2',
          source_registry_uri: 'https://{{ source_registry }}/v2',
          build_host: '{{ osbs_url }}',
          koji_root: 'http://{{ koji_root }}',
          koji_hub: 'https://koji.fedoraproject.org/kojihub',
          sources_command: 'fedpkg sources',
          build_type: 'prod',
          authoritative_registry: 'registry.example.com',
          vendor: 'Fedora Project',
          verify_ssl: true,
          use_auth: true,
          builder_use_auth: true,
          distribution_scope: 'private',
          registry_api_versions: 'v2',
          builder_openshift_url: 'https://{{osbs_url}}'
        }
    }

  handlers:
  - include: "{{ handlers }}/restart_services.yml"