Hey look, an ansibled arm koji and db. What fun!

8 files changed, 150 insertions, 5 deletions

diff --git a/inventory/host_vars/arm-koji01.qa.fedoraproject.org b/inventory/host_vars/arm-koji01.qa.fedoraproject.org
new file mode 100644
index 000000000..2aa94df86
--- /dev/null
+++ b/inventory/host_vars/arm-koji01.qa.fedoraproject.org
@@ -0,0 +1,82 @@
+---
+nm: 255.255.255.0
+gw: 10.5.131.254
+dns: 10.5.126.21
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
+ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
+volgroup: /dev/vg_guests
+eth0_ip: 10.5.131.61
+vmhost: virthost-comm04.qa.fedoraproject.org
+datacenter: phx2
+nrpe_procs_warn: 900
+nrpe_procs_crit: 1000
+
+fas_client_groups: sysadmin-noc,sysadmin-secondary
+
+fedmsg_fqdn: arm-koji01.qa.fedoraproject.org
+
+custom_rules: [
+    # Need for rsync from secondary01 for content.
+    '-A INPUT -p tcp -m tcp -s 209.132.181.8 --dport 873 -j ACCEPT',
+]
+
+sudoers: "{{ private }}/files/sudo/sysadmin-secondary-sudoers"
+
+#
+# define this here because arm koji only needs eth0, not eth1 also
+#
+virt_install_command: virt-install -n {{ inventory_hostname }} -r {{ mem_size }}
+                 --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }}
+                 --vcpus={{ num_cpus }}  -l {{ ks_repo }} -x
+                 "ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0
+                  hostname={{ inventory_hostname }} nameserver={{ dns }}
+                  ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none"
+                 --network=bridge=br0,model=virtio --network=bridge=br1,model=virtio
+                 --autostart --noautoconsole
+
+koji_topurl: "http://arm.fedoraproject.org/"
+koji_server_url: "http://arm.koji.fedoraproject.org/kojihub"
+koji_weburl: "http://arm.koji.fedoraproject.org/koji"
+
+fedmsg_koji_instance: arm
+
+# Set this to use the qa domain resolv.conf to make sure it can talk to it's db
+resolvconf: resolv.conf/qa
+
+# Overload the fedmsg_certs definition from the ansible koji group, since the
+# arm hub *also* does compose stuff, not just koji stuff.
+fedmsg_certs:
+- service: shell
+  owner: root
+  group: sysadmin
+- service: koji
+  owner: root
+  group: apache
+  can_send:
+  - buildsys.build.state.change
+  - buildsys.package.list.change
+  - buildsys.repo.done
+  - buildsys.repo.init
+  - buildsys.rpm.sign
+  - buildsys.tag
+  - buildsys.task.state.change
+  - buildsys.untag
+- service: bodhi
+  owner: root
+  group: localreleng
+  can_send:
+  - compose.branched.complete
+  - compose.branched.mash.complete
+  - compose.branched.mash.start
+  - compose.branched.pungify.complete
+  - compose.branched.pungify.start
+  - compose.branched.rsync.complete
+  - compose.branched.rsync.start
+  - compose.branched.start
+  - compose.epelbeta.complete
+  - compose.rawhide.complete
+  - compose.rawhide.mash.complete
+  - compose.rawhide.mash.start
+  - compose.rawhide.rsync.complete
+  - compose.rawhide.rsync.start
+  - compose.rawhide.start
diff --git a/inventory/host_vars/db-arm-koji01.qa.fedoraproject.org b/inventory/host_vars/db-arm-koji01.qa.fedoraproject.org
new file mode 100644
index 000000000..5e2066876
--- /dev/null
+++ b/inventory/host_vars/db-arm-koji01.qa.fedoraproject.org
@@ -0,0 +1,43 @@
+---
+nm: 255.255.255.0
+gw: 10.5.131.254
+dns: 10.5.126.21
+volgroup: /dev/vg_guests
+eth0_ip: 10.5.131.62
+vmhost: virthost-comm04.qa.fedoraproject.org
+datacenter: phx2
+
+ks_url: http://infrastructure.phx2.fedoraproject.org/repo/rhel/ks/kvm-rhel-7
+ks_repo: http://infrastructure.phx2.fedoraproject.org/repo/rhel/RHEL7-x86_64/
+
+# This is a generic list, monitored by collectd
+databases:
+- koji
+
+# This is a more strict list, to be made publicly available
+dbs_to_backup:
+- koji
+
+# These are normally group variables, but in this case db servers are often different
+lvm_size: 500000
+mem_size: 8192
+num_cpus: 12
+fas_client_groups: sysadmin-dba,sysadmin-noc,sysadmin-secondary
+sudoers: "{{ private }}/files/sudo/sysadmin-secondary-sudoers"
+
+# kernel SHMMAX value
+kernel_shmmax: 68719476736
+
+#
+# Only allow postgresql access from the frontend node.
+#
+custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.131.61 --dport 5432 -j ACCEPT' ]
+
+#
+# Large updates pushes cause lots of db threads doing the tag moves, so up this from default. 
+# 
+nrpe_procs_warn: 600
+nrpe_procs_crit: 700
+
+host_backup_targets: ['/backups']
+shared_buffers: "4GB"
diff --git a/inventory/inventory b/inventory/inventory
index e63a8e12a..39d82719f 100644
--- a/inventory/inventory
+++ b/inventory/inventory
@@ -259,6 +259,7 @@ db-fas01.phx2.fedoraproject.org
 db-datanommer02.phx2.fedoraproject.org
 db-koji01.phx2.fedoraproject.org
 db-s390-koji01.qa.fedoraproject.org
+db-arm-koji01.qa.fedoraproject.org
 db-qa01.qa.fedoraproject.org
 
 [dbserver-stg]
@@ -330,6 +331,7 @@ keys02.fedoraproject.org
 koji01.phx2.fedoraproject.org
 koji02.phx2.fedoraproject.org
 s390-koji01.qa.fedoraproject.org
+arm-koji01.qa.fedoraproject.org
 
 # We need an inventory definition of these hosts for fedmsg certs even though
 # they are not yet ansibilized.  When they're finally assimilated, move them to
@@ -749,6 +751,7 @@ wiki02.phx2.fedoraproject.org
 retrace01.qa.fedoraproject.org
 retrace02.qa.fedoraproject.org
 s390-koji01.qa.fedoraproject.org
+arm-koji01.qa.fedoraproject.org
 resultsdb01.qa.fedoraproject.org
 
 [fedmsg-qa-network-stg]
diff --git a/playbooks/groups/koji-hub.yml b/playbooks/groups/koji-hub.yml
index d7de77ec0..90d19bc88 100644
--- a/playbooks/groups/koji-hub.yml
+++ b/playbooks/groups/koji-hub.yml
@@ -7,7 +7,7 @@
 # Once the instance exists, configure it. 
 
 - name: make koji_hub server system
-  hosts: koji-stg:koji01.phx2.fedoraproject.org:koji02.phx2.fedoraproject.org:s390-koji01.qa.fedoraproject.org
+  hosts: koji-stg:koji01.phx2.fedoraproject.org:koji02.phx2.fedoraproject.org:s390-koji01.qa.fedoraproject.org:arm-koji01.qa.fedoraproject.org
   user: root
   gather_facts: True
 
@@ -27,8 +27,8 @@
   - apache
   - fedmsg/base
   - koji_hub
-  - { role: rsyncd, when: inventory_hostname.startswith('s390') }
-  - { role: koji_builder, when: env == "staging" or inventory_hostname.startswith('s390') }
+  - { role: rsyncd, when: not inventory_hostname.startswith('koji') }
+  - { role: koji_builder, when: env == "staging" or inventory_hostname.startswith('s390') or inventory_hostname.startswith('arm') }
   - { role: nfs/server, when: env == "staging" }
   - { role: keepalived, when: env == "production" and inventory_hostname.startswith('koji') }
   - role: nfs/client
@@ -39,6 +39,10 @@
     mnt_dir: '/mnt/koji'
     nfs_src_dir: 'fedora_s390/data'
     when: env == 'production' and inventory_hostname.startswith('s390')
+  - role: nfs/client
+    mnt_dir: '/mnt/koji'
+    nfs_src_dir: 'fedora_arm/data'
+    when: env == 'production' and inventory_hostname.startswith('arm')
     # In staging, we mount fedora_koji as read only (see nfs_mount_opts)
   - role: nfs/client
     mnt_dir: '/mnt/fedora_koji_prod'
diff --git a/playbooks/groups/postgresql-server.yml b/playbooks/groups/postgresql-server.yml
index 0f2d60b91..50807cd98 100644
--- a/playbooks/groups/postgresql-server.yml
+++ b/playbooks/groups/postgresql-server.yml
@@ -2,12 +2,12 @@
 # NOTE: should be used with --limit most of the time
 # NOTE: most of these vars_path come from group_vars/backup_server or from hostvars
 
-- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=db-datanommer02.phx2.fedoraproject.org:db-qa01.qa.fedoraproject.org:db-koji01.phx2.fedoraproject.org:db-fas01.stg.phx2.fedoraproject.org:db-fas01.phx2.fedoraproject.org:db01.phx2.fedoraproject.org:db01.stg.phx2.fedoraproject.org:db-s390-koji01.qa.fedoraproject.org"
+- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=db-datanommer02.phx2.fedoraproject.org:db-qa01.qa.fedoraproject.org:db-koji01.phx2.fedoraproject.org:db-fas01.stg.phx2.fedoraproject.org:db-fas01.phx2.fedoraproject.org:db01.phx2.fedoraproject.org:db01.stg.phx2.fedoraproject.org:db-s390-koji01.qa.fedoraproject.org:db-arm-koji01.qa.fedoraproject.org"
 
 # Once the instance exists, configure it. 
 
 - name: configure postgresql server system
-  hosts: db-datanommer02.phx2.fedoraproject.org:db-qa01.qa.fedoraproject.org:db-koji01.phx2.fedoraproject.org:db-fas01.stg.phx2.fedoraproject.org:db-fas01.phx2.fedoraproject.org:db01.phx2.fedoraproject.org:db01.stg.phx2.fedoraproject.org:db-s390-koji01.qa.fedoraproject.org
+  hosts: db-datanommer02.phx2.fedoraproject.org:db-qa01.qa.fedoraproject.org:db-koji01.phx2.fedoraproject.org:db-fas01.stg.phx2.fedoraproject.org:db-fas01.phx2.fedoraproject.org:db01.phx2.fedoraproject.org:db01.stg.phx2.fedoraproject.org:db-s390-koji01.qa.fedoraproject.org:db-arm-koji01.qa.fedoraproject.org
   user: root
   gather_facts: True
 
diff --git a/roles/koji_hub/templates/hub.conf.j2 b/roles/koji_hub/templates/hub.conf.j2
index f6a97abc1..6b2b3c452 100644
--- a/roles/koji_hub/templates/hub.conf.j2
+++ b/roles/koji_hub/templates/hub.conf.j2
@@ -9,6 +9,9 @@ DBPass = {{ kojiPassword }}
 {% elif inventory_hostname == 's390-koji01.qa.fedoraproject.org' %}
 DBHost = db-s390-koji01
 DBPass = {{ s390kojiPassword }}
+{% elif inventory_hostname == 'arm-koji01.qa.fedoraproject.org' %}
+DBHost = db-arm-koji01
+DBPass = {{ armkojiPassword }}
 {% endif %}
 KojiDir = /mnt/koji       
 MemoryWarnThreshold = 10000
@@ -24,6 +27,8 @@ DNUsernameComponent = CN
 ProxyDNs = emailAddress=buildsys@fedoraproject.org,CN=kojiweb,OU=Fedora Builders,O=Fedora Project,ST=North Carolina,C=US|emailAddress=releng@fedoraproject.org,CN=sign-bridge1,OU=Package Signing,O=Fedora Project,ST=North Carolina,C=US
 {% elif inventory_hostname == 's390-koji01.qa.fedoraproject.org' %}
 ProxyDNs = /C=US/ST=North Carolina/O=Fedora Project/OU=Fedora Builders/CN=s390.koji.fedoraproject.org/emailAddress=buildsys@fedoraproject.org|emailAddress=buildsys@fedoraproject.org,CN=secondary-signer,OU=Fedora Builders,O=Fedora Project,ST=North Carolina,C=US
+{% elif inventory_hostname == 'arm-koji01.qa.fedoraproject.org' %}
+ProxyDNs = /C=US/ST=North Carolina/O=Fedora Project/OU=Fedora Builders/CN=arm.koji.fedoraproject.org/emailAddress=buildsys@fedoraproject.org|emailAddress=buildsys@fedoraproject.org,CN=secondary-signer,OU=Fedora Builders,O=Fedora Project,ST=North Carolina,C=US
 {% endif %}
 
 ## end SSL client certificate auth configuration
@@ -36,6 +41,8 @@ LoginCreatesUser = On
 KojiWebURL = http://koji.fedoraproject.org/koji
 {% elif inventory_hostname == 's390-koji01.qa.fedoraproject.org' %}
 KojiWebURL = http://s390.koji.fedoraproject.org/koji
+{% elif inventory_hostname == 'arm-koji01.qa.fedoraproject.org' %}
+KojiWebURL = http://arm.koji.fedoraproject.org/koji
 {% endif %}
 # The domain name that will be appended to Koji usernames
 # when creating email notifications
diff --git a/roles/koji_hub/templates/kojiweb.conf.j2 b/roles/koji_hub/templates/kojiweb.conf.j2
index f05d02166..40c9c0f9e 100644
--- a/roles/koji_hub/templates/kojiweb.conf.j2
+++ b/roles/koji_hub/templates/kojiweb.conf.j2
@@ -86,5 +86,8 @@ Alias /packages "/mnt/koji/packages/"
 {% if inventory_hostname == 's390-koji01.qa.fedoraproject.org' %}
 RewriteRule ^/compose(.+) https://s390pkgs.fedoraproject.org/compose$1  [R=301,L]
 RewriteRule ^/packages(.+) https://s390pkgs.fedoraproject.org/packages$1  [R=301,L]
+{% elif inventory_hostname == 'arm-koji01.qa.fedoraproject.org' %}
+RewriteRule ^/compose(.+) https://arm.fedoraproject.org/compose$1  [R=301,L]
+RewriteRule ^/packages(.+) https://arm.fedoraproject.org/packages$1  [R=301,L]
 {% endif %}
 {% endif %}
diff --git a/roles/koji_hub/templates/web.conf.j2 b/roles/koji_hub/templates/web.conf.j2
index 5dfd79d90..f27f6fff0 100644
--- a/roles/koji_hub/templates/web.conf.j2
+++ b/roles/koji_hub/templates/web.conf.j2
@@ -9,6 +9,9 @@ KojiFilesURL = https://kojipkgs.stg.fedoraproject.org/
 {% elif inventory_hostname == 's390-koji01.qa.fedoraproject.org' %}
 KojiHubURL = http://s390.koji.fedoraproject.org/kojihub
 KojiFilesURL = http://s390.koji.fedoraproject.org/kojifiles
+{% elif inventory_hostname == 'arm-koji01.qa.fedoraproject.org' %}
+KojiHubURL = http://arm.koji.fedoraproject.org/kojihub
+KojiFilesURL = http://arm.koji.fedoraproject.org/kojifiles
 {% else %}
 KojiHubURL = http://koji.fedoraproject.org/kojihub
 KojiFilesURL = https://kojipkgs.fedoraproject.org/