playbooks/groups/releng-compose.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

# create a new releng system
# NOTE: should be used with --limit most of the time
# NOTE: make sure there is room/space for this instance on the buildvmhost
# NOTE: most of these vars_path come from group_vars/releng or from hostvars

- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=releng-compose:releng-stg:compose-ppc64-01.ppc.fedoraproject.org:compose-ppc64le-01.ppc.fedoraproject.org:compose-s390-01.s390.fedoraproject.org"

- name: Setup releng compose hosts
  hosts: releng-compose:releng-secondary:releng-stg
  user: root
  gather_facts: True
  tags:
   - releng-compose

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  pre_tasks:
  - include: "{{ tasks }}/yumrepos.yml"

  roles:
  - base
  - hosts
  - builder_repo
  - fas_client
  - rkhunter
  - nagios/client
  - collectd/base
  - sudo
  - role: keytab/service
    service: compose
    host: "composer.stg.phx2.fedoraproject.org"
    when: env == "staging"
  - role: keytab/service
    service: compose
    host: "koji{{env_suffix}}.fedoraproject.org"
  - role: keytab/service
    service: mash
    host: "koji{{env_suffix}}.fedoraproject.org"
  - role: loopabull/target
    loopabull_role: koji
    when: "env == 'staging' and inventory_hostname == 'composer.stg.phx2.fedoraproject.org'"
  - { role: nfs/client, when: "'releng-stg' not in group_names",  mnt_dir: '/mnt/fedora_koji',  nfs_src_dir: "{{ koji_hub_nfs }}" }
  - { role: nfs/client, when: "'releng-compose' in group_names", mnt_dir: '/pub',  nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' }
  - { role: nfs/client, when: "'releng-secondary' in group_names", mnt_dir: '/pub/fedora-secondary',  nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub/fedora-secondary' }
  - { role: nfs/client, when: "'releng-stg' in group_names", mnt_dir: '/mnt/fedora_koji_prod',  nfs_src_dir: "{{ koji_hub_nfs }}" }
  - fedmsg/base
  - releng
  - {
    role: "manage-container-images",
      cert_dest_dir: "/etc/docker/certs.d/registry.stg.fedoraproject.org",
      cert_src: "{{private}}/files/docker-registry/{{env}}/docker-registry-internal.pem",
      key_src: "{{private}}/files/docker-registry/{{env}}/docker-registry-internal.key",
    when: env == "staging"
  }
  - {
    role: "manage-container-images",
      cert_dest_dir: "/etc/docker/certs.d/candidate-registry.stg.fedoraproject.org",
      cert_src: "{{private}}/files/docker-registry/{{env}}/docker-registry-internal.pem",
      key_src: "{{private}}/files/docker-registry/{{env}}/docker-registry-internal.key",
    when: env == "staging"
  }

  tasks:
  # this is how you include other task lists
  - include: "{{ tasks }}/2fa_client.yml"
  - include: "{{ tasks }}/motd.yml"

  handlers:
  - include: "{{ handlers }}/restart_services.yml"