blob: 1214cc4525d15a8d0a35e586545d96618ec8306a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
|
---
- name: mount fs
include: "mount_fs.yml"
- name: setup networking
include: "network.yml"
# pre-create copr user and group with predefined uid and gid
- group: name=copr gid=986
- user: name=copr group=copr uid=989
- name: install copr-backend and copr-selinux
dnf: state=latest name={{ item }}
with_items:
- copr-backend
- copr-selinux
- name: add additional packages for copr-backend
dnf: state=present name={{ item }}
with_items:
- python-novaclient
- python-glanceclient
- python-neutronclient
- python-keystoneclient
- name: make copr dirs
file: state=directory path={{ item }}
with_items:
- /var/lib/copr/jobs
- /var/lib/copr/public_html/results
- name: setup dirs there
file: state=directory path="/home/copr/{{ item }}" owner=copr group=copr mode=0700
with_items:
- cloud
- .ssh
- name: add copr-buildsys keys to copr user path
copy: src="{{ item }}" dest=/home/copr/cloud/ owner=copr group=copr mode=0600
with_fileglob:
- "{{ private }}/files/openstack/copr-copr/*"
- name: setup privkey for copr user
copy: src="{{ private }}/files/copr/buildsys.priv" dest=/home/copr/.ssh/id_rsa owner=copr group=copr mode=600
- name: setup copr user ssh config file
copy: src="ssh_config" dest=/home/copr/.ssh/config owner=copr group=copr mode=600
- name: check known_hosts file
command: stat /home/copr/.ssh/known_hosts
register: hostsstat
check_mode: no
changed_when: "1 != 1"
ignore_errors: yes
- name: create empty known_hosts
file: state=touch dest=/home/copr/.ssh/known_hosts owner=copr group=copr mode=600
when: hostsstat.rc == 1
- name: replace bashrc for copr user
copy: src="copr_bashrc" dest=/home/copr/.bashrc owner=copr group=copr mode=600
- name: auth_key so we can login to localhost as the copr user from the copr user
authorized_key: user=copr key="{{ item }}"
no_log: True
with_file:
- "provision/files/buildsys.pub"
- name: copy keystonerc
template: src="keystonerc" dest=/root/ owner=root group=root mode=600
when: not devel
- name: copy .boto file
copy: src="boto" dest=/home/copr/.boto owner=copr group=copr
# setup webserver
- name: add config for copr-repo path
copy: src="{{ _lighttpd_conf_src }}" dest=/etc/lighttpd/lighttpd.conf owner=root group=root mode=0644
notify:
- restart lighttpd
- name: install certificates for production
when: not devel
include: "install_certs.yml"
- name: allow lighttpd set fds limit
seboolean: name=httpd_setrlimit state=yes persistent=yes
- name: create directory for compress module of lighttpd
file: path=/var/cache/lighttpd/compress owner=lighttpd group=lighttpd mode=0644 state=directory
# mime default to text/plain and enable dirlisting for indexes
- name: update lighttpd configs
copy: src="lighttpd/{{ item }}" dest="/etc/lighttpd/conf.d/{{ item }}" owner=root group=root mode=0644
with_items:
- dirlisting.conf
- mime.conf
notify:
- restart lighttpd
- name: start webserver
service: state=started enabled=yes name=lighttpd
# setup dirs for the ansible execution off of provisioning
#- name: dirs from provision
# file: state=directory path="/home/copr/provision/{{ item }}" owner=copr group=copr
# with_items:
# - action_plugins
# - library
# tags:
# - provision_config
- name: put ansible.cfg for all this into /etc/ansible/ on the system
copy: src="provision/ansible.cfg" dest=/etc/ansible/ansible.cfg
tags:
- provision_config
- name: put provisioning files
synchronize: src="provision/" dest="/home/copr/provision/"
tags:
- provision_config
- name: put some files into the provision subdir
template: src="provision/nova_cloud_vars.yml" dest="/home/copr/provision/nova_cloud_vars.yml" owner=copr group=copr
tags:
- provision_config
- name: put copr-rpmbuild configuration file into the provision subdir
template: src="provision/copr-rpmbuild/main.ini.j2" dest="/home/copr/provision/files/main.ini" owner=copr group=copr
tags:
- provision_config
- name: testing fixture
copy: dest="/home/copr/cloud/ec2rc.variable" content=""
when: devel
- name: copy copr-be.conf
template: src="copr-be.conf.j2" dest=/etc/copr/copr-be.conf owner=root group=copr mode=640
notify:
- restart copr-backend
tags:
- config
- name: copy sign.conf
template: src=sign.conf dest=/etc/sign.conf owner=root group=copr mode=640
tags:
- config
- name: get owner for results dir
stat: path=/var/lib/copr/public_html
register: copr_results_dir_st
- name: change owner for results dir if it isn't copr
shell: "chown -R copr:copr /var/lib/copr/public_html"
when: copr_results_dir_st.stat.pw_name != "copr"
- command: "ls -dZ /var/lib/copr/public_html/"
register: public_html_ls
- name: update selinux context for results if root folder does not have proper type
command: "restorecon -vvRF /var/lib/copr/public_html/"
when: public_html_ls is defined and 'copr_data_t' not in public_html_ls.stdout
- name: install cert to access fed-cloud09
# TODO: remove this when fed-cloud09 receives external cert
include: install_cloud_cert.yml
- name: enable and run copr-backend services
service: name="{{ item }}" enabled=yes state=started
with_items:
- redis # TODO: .service in copr-backend should depend on redis
- copr-backend
- copy: src="cleanup_vm_nova.py" dest=/home/copr/ mode=755
- copy: src="cleanup_vms.sh" dest=/etc/cron.hourly/copr_cleanup_vms.sh mode=755
when: not devel
- name: setup monitoring
include: "monitoring.yml"
- name: setup fedmsg for MBS
include: "fedmsg.yml"
when: env == "staging"
|
