fedora-infra_ansible/roles/copr/backend/tasks/resalloc.yml

---
- name: Install packages needed by resalloc server
  dnf:
    state: present
    name:
    - genisoimage
    - libvirt-client
    - postgresql-server
    - python3-psycopg2
    - python3-ibm-vpc
    - resalloc
    - resalloc-server
    - resalloc-openstack
    - resalloc-aws
    - resalloc-webui
    - resalloc-ibm-cloud
    - virt-install
    - yq

- name: Install IP to YAML spawner script
  copy:
    content: |
      #! /bin/sh -ex
      echo ---
      echo name: "$RESALLOC_NAME"
      hostname=$( "$@" )
      echo host: "$hostname"
    mode: "0755"
    dest: /usr/local/bin/copr-resalloc-vm-ip-to-yaml
  tags: provision_config

- name: Install a copr specific IP checker
  copy:
    content: |
      #!/usr/bin/sh
      die() { echo "$*" >&2 ; exit 1; }
      PS4='[$(date +%Y-%m-%d\ %H:%M:%S)] + '
      set -x
      set -e
      test -n "$RESALLOC_NAME"
      test -n "$RESALLOC_RESOURCE_DATA"
      decoded=$(echo "$RESALLOC_RESOURCE_DATA" | base64 --decode)
      IP=$(echo "$decoded" | yq .host || :)
      if test -z "$IP"; then
        set -- $(echo "$decoded")
        IP=$1
      fi
      ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ConnectTimeout=10 "${SSH_USER-root}@$IP" true
    mode: "0755"
    dest: /usr/local/bin/resalloc-check-vm-ip
  tags:
    - provision_config
    - ip_checking_script

- name: See if postgreSQL is initialized
  stat: path=/var/lib/pgsql/data/PG_VERSION
  register: postgres_initialized

- name: Init postgresql
  ansible.builtin.shell: "postgresql-setup initdb"
  when: not postgres_initialized.stat.exists

- name: Enable PostgreSQL service
  service: state=started enabled=yes name=postgresql

- name: Allow system users to conenct into the database
  lineinfile:
    path: /var/lib/pgsql/data/pg_ident.conf
    line: "{{ item }}"
    owner: postgres
    group: postgres
    mode: "0600"
  with_items:
    - "all postgres postgres"
    - "all resalloc resalloc"
    - "all lighttpd resalloc"

- name: Configure access to the resalloc database
  postgresql_pg_hba:
    dest: /var/lib/pgsql/data/pg_hba.conf
    contype: local
    databases: all
    users: all
    method: peer
    options: map=all

- name: Create PG user
  postgresql_user: name="resalloc"
  become: yes
  become_user: postgres

- name: Create db
  postgresql_db: name="resalloc" encoding='UTF-8' owner=resalloc
  become: yes
  become_user: postgres

- set_fact:
    provision_directory: /var/lib/resallocserver/provision
    ibmcloud_token_file: /var/lib/resallocserver/.ibm-cloud-token
  tags:
  - always

- name: Setup provision directory
  include_tasks: setup_provisioning_environment.yml
  tags:
  - always
  vars:
    cloud_vars: true
    provision_user: resalloc

- name: Install .ansible.cfg for {{ provision_user }} user
  ansible.builtin.copy: src=ansible.cfg dest=/var/lib/resallocserver/.ansible.cfg
        owner=resalloc group=resalloc mode=600
  tags:
  - provision_config

- name: Resalloc, sync resalloc provisioning files
  ansible.posix.synchronize:
    src: "resalloc_provision/"
    dest: "/var/lib/resallocserver/resalloc_provision/"
    rsync_opts:
      - "--chown=resalloc:resalloc"
      - "--no-perms"
  tags:
  - provision_config

- name: Resalloc, perms for provisioning files, D700, F600, Preserve Executable
  ansible.builtin.file:
    path: "/var/lib/resallocserver/resalloc_provision/"
    owner: resalloc
    group: resalloc
    mode: 'g-rwx,o-rwx'
    state: directory
    recurse: yes
  tags:
    - provision_config

- name: Resalloc, scripts
  ansible.builtin.template:
    src: "resalloc/{{ item }}.j2"
    dest: "/var/lib/resallocserver/resalloc_provision/{{ item }}"
    mode: "0700"
  with_items:
  - vm-delete
  - vm-release
  - ibm-cloud-list-deleting-vms
  - osuosl-vm
  - osuosl-list
  tags:
  - provision_config

- name: Resalloc, ssh directory
  ansible.builtin.file:
    path: /var/lib/resallocserver/.ssh
    state: directory
    mode: "0700"
    owner: resalloc
    group: resalloc

- name: Resalloc, copy backend ssh identity
  ansible.builtin.copy:
    src: "{{ private }}/files/copr/buildsys.priv"
    dest: /var/lib/resallocserver/.ssh/id_rsa
    owner: resalloc
    group: resalloc
    mode: "0600"

- name: Resalloc, ssh config file
  ansible.builtin.template:
    src: "ssh_config.j2"
    dest: /var/lib/resallocserver/.ssh/config
    owner: resalloc
    group: resalloc
    mode: "0600"
  tags:
    - backend_to_hv_ssh_config
    - provision_config

- name: Resalloc, server config
  ansible.builtin.template:
    src: "resalloc/{{ item }}"
    dest: "/etc/resallocserver/{{ item | replace('.j2', '') }}"
    mode: "0640"
    owner: resalloc
    group: resalloc
  with_items:
  - server.yaml.j2
  - pools.yaml.j2
  tags:
  - provision_config
  - resalloc_config

- name: Start/enable resalloc server
  service:
    name: resalloc
    state: started
    enabled: yes
  when: not services_disabled|bool

- name: Shortcuts around resalloc-aws-start
  ansible.builtin.template: src="{{ roles_path }}/copr/backend/templates/provision/copr-resalloc-aws-new.j2"
            dest="/usr/local/bin/copr-resalloc-aws-new-{{ item }}"
            mode=0755
  with_items:
    - aarch64
    - x86_64
  tags:
  - provision_config
  - provision_config_resalloc_aws

- name: Shortcut for creating s390x images in cloud
  ansible.builtin.copy:
    src: copr-prepare-s390x-image-builder
    dest: /usr/local/bin/copr-prepare-s390x-image-builder
    mode: "0755"
  tags:
    - images_s390x

- name: Sometimes it is worth having the copr.py ansible plugin
  ansible.builtin.package: name=ansible-collection-community-general state=latest

- name: Install IBM Cloud token file
  ansible.builtin.copy:
    content: "IBMCLOUD_API_KEY={{ copr_cloud_ibm_token | default('unset') }}"
    dest: "{{ ibmcloud_token_file }}"
    owner: resalloc
    group: resalloc
    mode: "0600"
  tags:
  - provision_config