fedora-infra_ansible/roles/releng/tasks/main.yml

---
- name: Set root passwd
  ansible.builtin.user:
    name: root
    password: "{{ builder_rootpw }}"
  tags:
  - rootpw

- name: Add mock user as 425
  ansible.builtin.user:
    name: mock
    uid: 425
    home: /var/lib/mock
    system: true

- name: Make mock homedir 2775
  ansible.builtin.file:
    state: directory
    path: /var/lib/mock
    mode: "2775"
    owner: mock
    group: mock

- name: Add mock ssh dir
  ansible.builtin.file:
    state: directory
    path: /var/lib/mock/.ssh
    mode: "700"
    owner: mock
    group: mock

- name: Add mock ssh keys
  ansible.builtin.copy:
    src: "{{ files }}/../roles/koji_builder/files/mock_auth_keys"
    dest: /var/lib/mock/.ssh/authorized_keys
    mode: "644"
    owner: mock
    group: mock

- name: Add ftpsync group
  ansible.builtin.group:
    name: ftpsync
    gid: 263
    system: true

- name: Add ftpsync user
  ansible.builtin.user:
    name: ftpsync
    uid: 263
    group: ftpsync
    system: yes

- name: Add create-filelist script from quick-fedora-mirror
  ansible.builtin.copy:
    src: "{{ files }}/scripts/create-filelist"
    dest: /usr/local/bin/create-filelist
    mode: "755"
    owner: ftpsync
    group: ftpsync

- name: Add the ftpsync update-fullfiletimelist script
  ansible.builtin.copy:
    src: "{{ files }}/scripts/update-fullfiletimelist"
    dest: /usr/local/bin/update-fullfiletimelist
    mode: "755"

# ftbfs user = 264
- name: Add ftbfs group
  ansible.builtin.group:
    name: ftbfs
    gid: 264
    system: true
  when: inventory_hostname.startswith('compose-x86-01')
  tags:
    - ftbfs

- name: Add ftbfs user
  ansible.builtin.user:
    name: ftbfs
    uid: 264
    group: ftbfs
    system: true
  when: inventory_hostname.startswith('compose-x86-01')
  tags:
    - ftbfs

- name: Add ftbfs script config file
  ansible.builtin.template:
    src: ftbfs.cfg.j2
    dest: /etc/ftbfs.cfg
    mode: "644"
  when: inventory_hostname.startswith('compose-x86-01')
  tags:
    - ftbfs

- name: Add ftbfs cache dir
  ansible.builtin.file:
    state: directory
    path: /home/ftbfs/.cache
    mode: "2775"
    owner: ftbfs
    group: ftbfs
  when: inventory_hostname.startswith('compose-x86-01')
  tags:
    - ftbfs

- name: Copy ftbfs weekly script
  ansible.builtin.copy:
    src: ftbfs.sh
    dest: /usr/local/bin/ftbfs.sh
    mode: "755"
  when: inventory_hostname.startswith('compose-x86-01')
  tags:
    - ftbfs

- name: Add ftbfs weekly cron job
  ansible.builtin.copy:
    src: ftbfs.cron
    dest: /etc/cron.weekly/
    mode: "755"
  when: inventory_hostname.startswith('compose-x86-01')
  tags:
    - ftbfs

# masher user 751
- name: Add masher group
  ansible.builtin.group:
    name: masher
    gid: 751
    system: true

- name: Add masher user as 751 - and group
  ansible.builtin.user:
    name: masher
    uid: 751
    group: masher
    home: /home/masher
    groups: mock,ftpsync

# masher ssh keys and config
- name: Add masher ssh dir
  ansible.builtin.file:
    state: directory
    path: /home/masher/.ssh
    mode: "700"
    owner: masher
    group: masher

- name: Add masher ssh keys
  ansible.builtin.copy:
    src: "mash/masher.{{ item }}"
    dest: "/home/masher/.ssh/{{ item }}"
    mode: "600"
    owner: masher
    group: masher
  with_items:
    - id_rsa.pub
    - config

- name: Add masher ssh priv key
  ansible.builtin.copy:
    src: "{{ private }}/files/mash/masher.id_rsa"
    dest: /home/masher/.ssh/id_rsa
    mode: "600"
    owner: masher
    group: masher

- name: Add masher koji cert/key
  ansible.builtin.copy:
    src: "{{ private }}/files/mash/masher.pem"
    dest: /home/masher/.fedora.cert
    mode: "600"
    owner: masher
    group: masher

- name: Add releng koji cert/key
  ansible.builtin.copy:
    src: "{{ private }}/files/releng_key_and_cert.pem"
    dest: /root/.fedora.cert
    mode: "600"
    owner: root
    group: root

# rawhide group
- name: Rawhide group
  ansible.builtin.group:
    name: "rawhide"
    gid: 265

# rawhide user 265
- name: Add rawhide user
  ansible.builtin.user:
    name: "rawhide"
    uid: 265
    group: "rawhide"
    home: "/tmp"
    create_home: false
    comment: "rawhide compose account"

- name: Make a bunch of dirs
  ansible.builtin.file:
    state: directory
    path: "{{ item }}"
    mode: "755"
  with_items:
    - /pub
    - /pub/fedora-secondary
    - /epel
    - /mnt/fedora_koji
    - /var/spool/rsyslog

- name: Add pkgs
  ansible.builtin.package:
    state: present
    name:
    - koji
    - strace
    - mock
    - krb5-workstation
    - nfs-utils
    - git
    - intltool
    - mutt
    - createrepo
    - pykickstart
    - httpd
    - hardlink
    - pungi
    - compose-utils
    - python3-productmd
    - ostree
    - python3-libmodulemd
    - python3-koji-cli-plugins
    - make
    - nosync
    - python3-gobject
    - fedora-messaging # needed by pungi to emit fedora-messages.
    - python3-bugzilla # needed by ftbfs scrips/cron.
    - fedora-repo-zdicts # needed for pungi to make zchunk repodata
    - fedrq # needed by `sig_policy` script
    - rpm-ostree # needed by nightly.sh script
    - python3-xmltodict # needed for comps
    - python-bugzilla-cli # for filing bugs/utility
  tags:
  - releng

# merge this into above after freeze
- name: Add packages to rawhide composer
  ansible.builtin.package:
    state: present
    name:
    - rpm-ostree
  tags:
  - releng
  when: inventory_hostname.startswith('compose-rawhide01.rdu3')

- name: Add pkgs from infrastructure testing repo
  ansible.builtin.dnf:
    state: present
    name: python3-libpagure
    enablerepo: infrastructure-tags-stg

- name: Add pkgs
  ansible.builtin.package:
    state: present
    name:
    - pungi-utils
  when: "'releng_compose' in group_names or 'releng_compose_eln' in group_names"

- name: Custom compose-koji
  ansible.builtin.template:
    src: compose-koji.j2
    dest: /usr/bin/compose-koji
    mode: "755"

- name: /etc/koji.conf
  ansible.builtin.template:
    src: koji.conf.j2
    dest: /etc/koji.conf.d/compose.conf
    mode: "644"

- name: Make a mnt/koji link
  ansible.builtin.file:
    state: link
    src: /mnt/fedora_koji/koji
    dest: /mnt/koji
  when: "'releng_compose' in group_names or 'releng_compose_eln' in group_names"

# Add skopeo for OCI Image management, only in stage first for testing
- name: Add pkgs for OCI Image management
  ansible.builtin.package:
    state: present
    name:
    - skopeo
  when: env == "staging"

# put cron job in for branched compose
- name: Branched compose cron
  ansible.builtin.template:
    src: branched.j2
    dest: /etc/cron.d/branched
    mode: "644"
  when: inventory_hostname.startswith('compose-branched01.rdu3')

# put cron job in for rawhide compose
- name: Rawhide compose cron
  ansible.builtin.template:
    src: rawhide.j2
    dest: /etc/cron.d/rawhide
    mode: "644"
  when: inventory_hostname.startswith('compose-rawhide01.rdu3')

# put cron job in for cloud nightly compose
- name: Cloud updates compose cron
  ansible.builtin.template:
    src: cloud-updates.j2
    dest: /etc/cron.d/cloud-updates
    mode: "644"
  when: inventory_hostname.startswith('compose-x86-01.rdu3')

# put cron job in for docker nightly compose
- name: Docker compose cron
  ansible.builtin.template:
    src: container-updates.j2
    dest: /etc/cron.d/container-updates
    mode: "644"
  when: inventory_hostname.startswith('compose-x86-01.rdu3')

# put cron job in for ELN compose
- name: ELN compose cron
  ansible.builtin.copy:
    src: eln
    dest: /etc/cron.d/eln
    mode: "644"
  when: inventory_hostname.startswith('compose-eln01.rdu3')

# put cron job in for enforcing FESCo SIG Policy
# https://docs.fedoraproject.org/en-US/fesco/SIG_policy/
- name: SIG policy cron
  ansible.builtin.template:
    src: sig_policy.j2
    dest: /etc/cron.d/sig_policy
    mode: "644"
  when: inventory_hostname.startswith('compose-x86-01.rdu3')
  tags:
  - cronjob

- name: Create /etc/pki/fedora-messaging
  ansible.builtin.file:
    dest: /etc/pki/fedora-messaging
    mode: "775"
    owner: root
    group: root
    state: directory
  tags:
  - config
  - releng

- name: Deploy the fedora-messaging CA
  ansible.builtin.copy:
    src: "{{ private }}/files/rabbitmq/{{ env }}/ca-combined.crt"
    dest: /etc/pki/fedora-messaging/rabbitmq-ca.crt
    mode: "644"
    owner: apache
    group: apache
  tags:
  - config
  - releng

- name: Deploy the fedora-messaging cert
  ansible.builtin.copy:
    src: "{{ private }}/files/rabbitmq/{{ env }}/pki/issued/pungi{{ env_suffix }}.crt"
    dest: /etc/pki/fedora-messaging/rabbitmq-pungi.crt
    mode: "644"
    owner: apache
    group: apache
  tags:
  - config
  - releng

- name: Deploy the fedora-messaging key
  ansible.builtin.copy:
    src: "{{ private }}/files/rabbitmq/{{ env }}/pki/private/pungi{{ env_suffix }}.key"
    dest: /etc/pki/fedora-messaging/rabbitmq-pungi.key
    mode: "600"
    owner: apache
    group: apache
  tags:
  - config
  - releng

- name: Install fedora-messaging config
  ansible.builtin.template:
    src: fedora-messaging.toml.j2
    dest: /etc/fedora-messaging/config.toml
    owner: apache
    group: apache
    mode: "600"
  tags:
  - config
  - releng

- name: Install compose /etc/httpd/conf.d/compose.conf file
  ansible.builtin.copy:
    src: compose.conf
    dest: /etc/httpd/conf.d/compose.conf
    owner: root
    group: root
    mode: "644"
  notify:
  - Reload httpd
  tags:
  - config
  when: inventory_hostname.startswith('compose-x86-01')