mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-06-27 23:57:02 +08:00
c99ece376c
This commit also adjusts Bodhi to use dogpile cache's in-memory backend, and adjusts the backend01 to install bodhi-composer. Signed-off-by: Randy Barlow <randy@electronsweatshop.com>
432 lines
11 KiB
YAML
432 lines
11 KiB
YAML
---
|
|
# tasklist for setting up bodhi/masher (requires bodhi/base)
|
|
# This is the base set of files needed for bodhi/masher
|
|
|
|
- name: add ftpsync group
|
|
group: name=ftpsync gid=263 system=yes state=present
|
|
tags:
|
|
- bodhi
|
|
|
|
- name: add ftpsync user
|
|
user: name=ftpsync uid=263 group=ftpsync createhome=yes system=yes state=present
|
|
tags:
|
|
- bodhi
|
|
|
|
- name: install needed packages
|
|
package: name={{ item }} state=present
|
|
with_items:
|
|
- mock
|
|
- fedmsg-hub
|
|
- fedmsg-relay
|
|
- python-mock
|
|
- sigul
|
|
- python-alembic
|
|
- python-scandir
|
|
- python2-productmd
|
|
- compose-utils
|
|
- python-fedmsg-meta-fedora-infrastructure
|
|
- pungi
|
|
- pungi-utils
|
|
- python2-koji-cli-plugins
|
|
- python2-pdc-client
|
|
- python2-modulemd
|
|
tags:
|
|
- packages
|
|
- bodhi
|
|
|
|
- name: install tag2distrepo on fedora bodhi backends
|
|
package: name=python2-tag2distrepo state=present
|
|
when: inventory_hostname.startswith('bodhi-backend02')
|
|
tags:
|
|
- packages
|
|
- bodhi
|
|
|
|
- name: install python3-ccolutils on fedora bodhi backends
|
|
package: name=python3-cccolutils state=present
|
|
when: inventory_hostname.startswith('bodhi-backend01')
|
|
tags:
|
|
- packages
|
|
- bodhi
|
|
|
|
- name: install bodhi-composer
|
|
package: name=bodhi-composer state=present
|
|
when: inventory_hostname.startswith('bodhi-backend01') and env == "staging"
|
|
tags:
|
|
- packages
|
|
- bodhi
|
|
|
|
- name: install ostree
|
|
package: name=ostree state=present
|
|
when: inventory_hostname.startswith('bodhi-backend01')
|
|
tags:
|
|
- packages
|
|
- bodhi
|
|
|
|
- name: hotfix /usr/bin/alembic to use our webob forward compat package
|
|
copy: src=alembic dest=/usr/bin/alembic
|
|
tags:
|
|
- hotfix
|
|
- bodhi
|
|
|
|
- name: add masher group
|
|
group: name=masher gid=751 system=yes state=present
|
|
tags:
|
|
- bodhi
|
|
|
|
# masher user 751
|
|
- name: add masher user as 751 - and group
|
|
user: name=masher uid=751 group=masher home=/home/masher groups=mock,ftpsync,bodhi
|
|
tags:
|
|
- bodhi
|
|
|
|
- name: add apache user to the masher group so it can talk to the monitoring socket
|
|
user: name=apache groups=mock,ftpsync,masher append=yes
|
|
tags:
|
|
- bodhi
|
|
|
|
- name: add nrpe to the apache group so it can talk to the monitoring socket
|
|
user: name=nrpe groups=apache append=yes
|
|
tags:
|
|
- fedmsgmonitor
|
|
- nagios_client
|
|
|
|
- name: install bodhi.pem file
|
|
copy: >
|
|
src="{{ private }}/files/bodhi_key_and_cert.pem"
|
|
dest="/etc/pki/bodhi/bodhi.pem"
|
|
owner=apache
|
|
group=apache
|
|
mode=0400
|
|
when: inventory_hostname.startswith('bodhi-backend')
|
|
tags:
|
|
- config
|
|
- bodhi
|
|
|
|
- name: Put pungi configurations in place
|
|
template: src="{{item}}" dest=/etc/bodhi/{{item}}
|
|
with_items:
|
|
- pungi.module.conf.j2
|
|
- pungi.rpm.conf.j2
|
|
- variants.module.xml.j2
|
|
- variants.rpm.xml.j2
|
|
tags:
|
|
- bodhi
|
|
- bodhi/pungi
|
|
- config
|
|
|
|
- name: setup /etc/bodhi/mash.conf file...
|
|
template: >
|
|
src=mash.conf
|
|
dest=/etc/bodhi/mash.conf
|
|
owner=apache
|
|
group=apache
|
|
mode=0640
|
|
tags:
|
|
- config
|
|
- bodhi
|
|
when: env == "production"
|
|
|
|
# tasks for setting up epelmasher
|
|
|
|
- name: install needed packages
|
|
package: name={{ item }} state=present
|
|
with_items:
|
|
- repoview
|
|
tags:
|
|
- packages
|
|
- bodhi
|
|
when: env == "production"
|
|
|
|
#
|
|
# koji ssl cert for owner sync jobs below
|
|
#
|
|
#
|
|
# cron job that syncs packages to koji
|
|
#
|
|
- name: put owner-sync-pagure in place
|
|
template: src=owner-sync-pagure.j2 dest=/usr/local/bin/owner-sync-pagure mode=0755
|
|
tags:
|
|
- config
|
|
- bodhi
|
|
- cron
|
|
|
|
- name: remove all old koji-sync cronjobs
|
|
file:
|
|
path: /etc/cron.d/{{item}}
|
|
state: absent
|
|
with_items:
|
|
- update-koji-owner-EL-6
|
|
- update-koji-owner-EL-6
|
|
- update-koji-owner-epel7
|
|
- update-koji-owner-fedora
|
|
- update-koji-owner-fedora-container
|
|
- update-koji-owner-modules
|
|
tags:
|
|
- bodhi
|
|
- cron
|
|
|
|
- name: have fedmsg own /usr/share/fedmsg, so it can write the CRL there.
|
|
file: path=/usr/share/fedmsg state=directory owner=fedmsg group=fedmsg
|
|
tags:
|
|
- bodhi
|
|
|
|
- name: sync packages from pagure-on-dist-git to koji (all branches)
|
|
# XXX If you modify this taglist. Please also modify the other copy in
|
|
# bodhi2/backend/files/koji-sync-listener.py
|
|
# This cronjob runs only once a day. The listener script runs reactively.
|
|
cron: name="owner-sync" minute="15" hour="4" user="root"
|
|
job="/usr/local/bin/lock-wrapper owner-sync '/usr/local/bin/owner-sync-pagure f29 f28 f27 f26 f29-container f28-container f27-container f26-container f28-docker f27-docker f26-docker f28-modular f27-modular epel7 dist-6E-epel module-package-list modular'"
|
|
cron_file=update-koji-owner
|
|
when: inventory_hostname.startswith('bodhi-backend01') and env == "production"
|
|
tags:
|
|
- bodhi
|
|
- cron
|
|
|
|
- name: Ensure that /var/lib/bodhi exists
|
|
file:
|
|
path: /var/lib/bodhi
|
|
state: directory
|
|
mode: 0755
|
|
owner: apache
|
|
group: apache
|
|
when: inventory_hostname.startswith('bodhi-backend01')
|
|
tags:
|
|
- bodhi
|
|
- cron
|
|
|
|
- name: Install weekly bodhi-dequeue-stable cron job that moves updates from batched to stable
|
|
cron:
|
|
name: "bodhi-dequeue-stable"
|
|
minute: "0"
|
|
hour: "3"
|
|
weekday: "*"
|
|
job: "/usr/bin/bodhi-dequeue-stable && touch /var/lib/bodhi/dequeue-stable"
|
|
user: "apache"
|
|
when: inventory_hostname.startswith('bodhi-backend01.phx2')
|
|
tags:
|
|
- bodhi
|
|
- cron
|
|
|
|
- name: put the koji sync listener script in place
|
|
copy:
|
|
src: koji-sync-listener.py
|
|
dest: /usr/local/bin/koji-sync-listener.py
|
|
mode: 0755
|
|
when: inventory_hostname.startswith('bodhi-backend01') and env == "production"
|
|
notify:
|
|
- restart koji-sync-listener
|
|
tags:
|
|
- bodhi
|
|
- koji-sync
|
|
|
|
- name: put the koji sync listener systemd file in place.
|
|
copy:
|
|
src: koji-sync-listener.service
|
|
dest: /usr/lib/systemd/system/koji-sync-listener.service
|
|
mode: 0755
|
|
when: inventory_hostname.startswith('bodhi-backend01') and env == "production"
|
|
notify:
|
|
- reload systemd
|
|
- restart koji-sync-listener
|
|
tags:
|
|
- bodhi
|
|
- koji-sync
|
|
|
|
- name: start the koji sync listener
|
|
service: name=koji-sync-listener enabled=yes state=started
|
|
when: inventory_hostname.startswith('bodhi-backend01') and env == "production"
|
|
tags:
|
|
- bodhi
|
|
- koji-sync
|
|
|
|
#
|
|
# cron job that syncs updates to master mirror
|
|
#
|
|
|
|
- name: put new-updates-sync in place
|
|
copy: src=new-updates-sync dest=/usr/local/bin/new-updates-sync mode=0755
|
|
when: inventory_hostname.startswith('bodhi-backend01') and env == "production"
|
|
tags:
|
|
- config
|
|
- bodhi
|
|
- cron
|
|
|
|
- name: put update-fullfiletimelist in place
|
|
copy: src="{{ files }}/scripts/update-fullfiletimelist" dest=/usr/local/bin/update-fullfiletimelist mode=0755
|
|
when: inventory_hostname.startswith('bodhi-backend01') and env == "production"
|
|
tags:
|
|
- config
|
|
- bodhi
|
|
- cron
|
|
|
|
- name: add create-filelist script from quick-fedora-mirror
|
|
copy: src="{{ files }}/scripts/create-filelist" dest=/usr/local/bin/create-filelist mode=0755
|
|
when: inventory_hostname.startswith('bodhi-backend01') and env == "production"
|
|
tags:
|
|
- config
|
|
- bodhi
|
|
- cron
|
|
|
|
- name: Updates sync cron job.
|
|
cron: name="updates-sync" minute="*/5" user="ftpsync"
|
|
job="/usr/local/bin/lock-wrapper updates-push '/usr/local/bin/new-updates-sync'"
|
|
cron_file=updates-sync
|
|
when: inventory_hostname.startswith('bodhi-backend01') and env == "production"
|
|
tags:
|
|
- config
|
|
- bodhi
|
|
- cron
|
|
|
|
- name: directory sizes update cron job.
|
|
cron: name="directory-sizes-update" minute="30" hour="19" user="ftpsync"
|
|
job="/usr/bin/find /pub/alt/ /pub/archive/ /pub/fedora-secondary/ /pub/fedora/ /pub/epel/ -type d ! -path '/pub/alt/screenshots/f21/source' | grep -v snapshot | /usr/bin/xargs -n 1 /usr/bin/du --exclude=.snapshot -sh > /tmp/DIRECTORY_SIZES.txt 2> /dev/null; cp /tmp/DIRECTORY_SIZES.txt /pub/"
|
|
cron_file=directory-sizes-update
|
|
when: inventory_hostname.startswith('bodhi-backend01') and env == "production"
|
|
tags:
|
|
- config
|
|
- bodhi
|
|
- cron
|
|
|
|
# bodhi jobs, previously run by the TurboGears scheduler.
|
|
|
|
- name: bodhi-approve-testing cron job.
|
|
cron: name="bodhi-approve-testing" hour="*/6" minute=0 user="apache"
|
|
job="/usr/bin/bodhi-approve-testing /etc/bodhi/production.ini > /dev/null"
|
|
cron_file=bodhi-approve-testing-job
|
|
when: inventory_hostname.startswith('bodhi-backend02') and env == "production"
|
|
tags:
|
|
- config
|
|
- bodhi
|
|
- cron
|
|
|
|
- name: bodhi-check-policies cron job.
|
|
cron: name="bodhi-check-policies" hour="*/6" minute=0 user="apache"
|
|
job="/usr/bin/bodhi-check-policies >& /dev/null"
|
|
cron_file=bodhi-check-policies-job
|
|
when: (inventory_hostname.startswith('bodhi-backend01') and env == "staging") or (inventory_hostname.startswith('bodhi-backend02') and env == "production")
|
|
tags:
|
|
- config
|
|
- bodhi
|
|
- cron
|
|
|
|
- name: bodhi-expire-overrides cron job.
|
|
cron: name="bodhi-expire-overrides" hour="*" minute=0 user="apache"
|
|
job="/usr/bin/bodhi-expire-overrides /etc/bodhi/production.ini 2>&1 | logger -t bodhi-expire-overrides"
|
|
cron_file=bodhi-expire-overrides-job
|
|
when: inventory_hostname.startswith('bodhi-backend02') and env == "production"
|
|
tags:
|
|
- config
|
|
- bodhi
|
|
- cron
|
|
|
|
- name: setup basic /etc/bodhi/ contents
|
|
template: >
|
|
src="{{ roles_path }}/bodhi2/base/templates/production.ini.j2"
|
|
dest="/etc/bodhi/production.ini"
|
|
owner=apache
|
|
group=apache
|
|
mode=0600
|
|
when: inventory_hostname.startswith('bodhi-backend')
|
|
notify:
|
|
- reload bodhi httpd
|
|
tags:
|
|
- config
|
|
- bodhi
|
|
|
|
- name: make a mnt/koji link
|
|
file: state=link src=/mnt/fedora_koji/koji dest=/mnt/koji
|
|
when: env != 'staging'
|
|
tags:
|
|
- bodhi
|
|
|
|
- name: create the /usr/lib/systemd/system/fedmsg-hub.service.d drop-in directory
|
|
file: path=/usr/lib/systemd/system/fedmsg-hub.service.d state=directory mode=0755
|
|
tags:
|
|
- config
|
|
- bodhi
|
|
|
|
- name: install a femdsg-hub.service drop-in to run it as the apache
|
|
copy: >
|
|
src="fedmsg-hub.conf"
|
|
dest="/usr/lib/systemd/system/fedmsg-hub.service.d/fedmsg-hub.conf"
|
|
owner=root
|
|
group=root
|
|
mode=0644
|
|
notify:
|
|
- reload systemd
|
|
- restart fedmsg-hub
|
|
tags:
|
|
- bodhi
|
|
- config
|
|
|
|
- name: have the apache own /var/cache/bodhi because of course..
|
|
file: >
|
|
path="/var/cache/bodhi"
|
|
owner=apache
|
|
group=apache
|
|
when: inventory_hostname.startswith('bodhi-backend')
|
|
tags:
|
|
- config
|
|
- bodhi
|
|
|
|
- name: have the apache own /var/cache/fedmsg because of course..
|
|
file: >
|
|
path="/var/cache/fedmsg"
|
|
owner=apache
|
|
group=apache
|
|
state=directory
|
|
when: inventory_hostname.startswith('bodhi-backend')
|
|
tags:
|
|
- config
|
|
- bodhi
|
|
|
|
- name: ensure that nrpe has rights to monitor us (dir), including setgid bit.
|
|
file: >
|
|
dest=/var/run/fedmsg
|
|
mode=2775
|
|
owner=apache
|
|
group=nrpe
|
|
state=directory
|
|
ignore_errors: true
|
|
notify:
|
|
- restart fedmsg-hub
|
|
tags:
|
|
- fedmsgmonitor
|
|
- bodhi
|
|
|
|
- name: ensure that nrpe has rights to monitor us (file)
|
|
file: >
|
|
dest=/var/run/fedmsg/monitoring-fedmsg-hub.socket
|
|
mode=0775
|
|
owner=apache
|
|
group=nrpe
|
|
state=file
|
|
ignore_errors: true
|
|
tags:
|
|
- fedmsgmonitor
|
|
- bodhi
|
|
|
|
- name: ensure apache is disabled on the backend
|
|
service: name=httpd enabled=no state=stopped
|
|
tags:
|
|
- bodhi
|
|
|
|
- name: ensure fedmsg-hub is enabled and started on the backend
|
|
service: name=fedmsg-hub enabled=yes state=started
|
|
tags:
|
|
- bodhi
|
|
|
|
- name: Set up koji profile
|
|
template: src=kojiprofile.conf dest=/etc/koji.conf.d/bodhi.conf
|
|
tags:
|
|
- bodhi
|
|
|
|
- name: Put in tag2distrepo config
|
|
template: >
|
|
src=tag2distrepo.py.j2
|
|
dest=/etc/fedmsg.d/tag2distrepo.py
|
|
when: inventory_hostname.startswith('bodhi-backend02')
|
|
tags:
|
|
- config
|
|
- bodhi
|