fedora-infra_ansible/playbooks/groups/bodhi-backend.yml

# create a new bodhi-backend system
#
# This group makes bodhi-backend servers.
# They are used by releng to push updates with bodhi.
# They also run some misc releng scripts.
#

- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=bodhi_backend:bodhi_backend_stg"

# Once the instance exists, configure it.

- name: make bodhi-backend server system
  hosts: bodhi_backend:bodhi_backend_stg
  user: root
  gather_facts: True

  vars_files:
  - /srv/web/infra/ansible/vars/global.yml
  - "/srv/web/infra/ansible/vars/all/RelEngFrozen.yaml"
  - "/srv/private/ansible/vars.yml"
  - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  pre_tasks:
  - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README
  - import_tasks: "{{ tasks_path }}/yumrepos.yml"

  roles:
  - base
  - nagios_client
  - collectd/base
  - hosts
  - fas_client
  - sudo
  - rkhunter
#  - fedmsg/base

  - role: nfs/client
    mnt_dir: '/mnt/fedora_koji'
    nfs_src_dir: 'fedora_koji'

  - role: nfs/client
    mnt_dir: '/mnt/koji/ostree'
    nfs_src_dir: 'fedora-ostree-content/ostree'
    when: env != 'staging' and datacenter == 'phx2'

  - role: nfs/client
    mnt_dir: '/mnt/koji/compose/ostree'
    nfs_src_dir: 'fedora-ostree-content/compose/ostree'
    when: env != 'staging' and datacenter == 'phx2'

  - role: nfs/client
    mnt_dir: '/mnt/koji/ostree'
    nfs_src_dir: 'fedora_ostree_content/ostree'
    when: env != 'staging' and datacenter == 'iad2'

  - role: nfs/client
    mnt_dir: '/mnt/koji/compose/ostree'
    nfs_src_dir: 'fedora_ostree_content/compose/ostree'
    when: env != 'staging' and datacenter == 'iad2'

  - role: nfs/client
    mnt_dir: '/mnt/koji/ostree'
    nfs_src_dir: 'fedora-ostree-content-stg/ostree'
    when: env == 'staging'

  - role: nfs/client
    mnt_dir: '/mnt/koji/compose/ostree'
    nfs_src_dir: 'fedora-ostree-content-stg/compose/ostree'
    when: env == 'staging'

    # In staging, we mount fedora_koji as read only (see nfs_mount_opts)
  - role: nfs/client
    mnt_dir: '/mnt/fedora_koji_prod'
    nfs_src_dir: 'fedora_koji'
    when: env == 'staging'

  - role: nfs/client
    mnt_dir: '/pub/'
    nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub/'

  - role: keytab/service
    owner_user: apache
    owner_group: apache
    service: bodhi
    host: "bodhi.fedoraproject.org"
    when: env == "production"
  - role: keytab/service
    owner_user: apache
    owner_group: apache
    service: bodhi
    host: "bodhi.stg.fedoraproject.org"
    when: env == "staging"
  - bodhi2/backend
  - role: push-container-registry
    cert_dest_dir: "/etc/docker/certs.d/registry{{ env_suffix }}.fedoraproject.org"
    cert_src: "{{private}}/files/docker-registry/{{env}}/pki/issued/containerstable.crt"
    key_src: "{{private}}/files/docker-registry/{{env}}/pki/private/containerstable.key"
    certs_group: apache
  - role: rabbit/user
    username: "bodhi{{ env_suffix }}"
  - role: rabbit/queue
    username: "bodhi{{ env_suffix }}"
    queue_name: "{{ bodhi_message_queue_name }}"
    routing_keys: "{{ bodhi_message_routing_keys }}"
    thresholds:
      warning: 10
      critical: 100


  tasks:
  - name: create secondary volume dir for stg bodhi
    file: dest=/mnt/koji/vol state=directory owner=apache group=apache mode=0755
    tags: bodhi
    when: env == 'staging'
  - name: create symlink for stg/prod secondary volume
    file: src=/mnt/fedora_koji_prod/koji dest=/mnt/koji/vol/prod state=link
    tags: bodhi
    when: env == 'staging'
  - import_tasks: "{{ tasks_path }}/2fa_client.yml"
  - import_tasks: "{{ tasks_path }}/motd.yml"

  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"