blob: 08d0b1825d9dbdfa3d24ba4b1b5c4e13fe6c0189 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
|
- name: set root passwd
user: name=root password={{ builder_rootpw }} state=present
- name: add mock user as 425
user: name=mock uid=425 state=present home=/var/lib/mock createhome=yes system=yes
- name: make mock homedir 2775
file: state=directory path=/var/lib/mock mode=2775 owner=mock group=mock
- name: add mock ssh dir
file: state=directory path=/var/lib/mock/.ssh mode=700 owner=mock group=mock
- name: add mock ssh keys
copy: src="{{ files }}/../roles/koji_builder/files//mock_auth_keys" dest=/var/lib/mock/.ssh/authorized_keys mode=644 owner=mock group=mock
- name: add ftpsync group
group: name=ftpsync gid=263 system=yes state=present
- name: add ftpsync user
user: name=ftpsync uid=263 group=ftpsync createhome=yes system=yes state=present
- name: add the ftpsync update-fullfilelist script
copy: src=update-fullfilelist dest=/usr/local/bin/update-fullfilelist owner=ftpsync group=ftpsync mode=555
- name: add masher group
group: name=masher gid=751 system=yes state=present
# masher user 751
- name: add masher user as 751 - and group
user: name=masher uid=751 group=masher home=/home/masher groups=mock,ftpsync,fedmsg
# masher ssh keys and config
- name: add masher ssh dir
file: state=directory path=/home/masher/.ssh mode=700 owner=masher group=masher
- name: add masher ssh keys
copy: src="mash/masher.{{ item }}" dest="/home/masher/.ssh/{{ item }}" mode=600 owner=masher group=masher
with_items:
- id_rsa.pub
- config
- name: add masher ssh priv key
copy: src="{{ private }}/files/mash/masher.id_rsa" dest=/home/masher/.ssh/id_rsa mode=600 owner=masher group=masher
- name: add masher koji cert/key
copy: src="{{ private }}/files/mash/masher.pem" dest=/home/masher/.fedora.cert mode=600 owner=masher group=masher
- name: add masher koji ca cert
copy: src="{{ private }}/files/koji/buildercerts/fedora-ca.cert" dest=/home/masher/.fedora-server-ca.cert
- name: add masher koji ca upload cert
copy: src="{{ private }}/files/koji/buildercerts/fedora-ca.cert" dest=/home/masher/.fedora-upload-ca.cert
- name: add releng koji cert/key
copy: src="{{ private }}/files/releng_key_and_cert.pem" dest=/root/.fedora.cert mode=600 owner=root group=root
- name: add masher koji ca cert
copy: src="{{ private }}/files/koji/buildercerts/fedora-ca.cert" dest=/root/.fedora-server-ca.cert
- name: add masher koji ca upload cert
copy: src="{{ private }}/files/koji/buildercerts/fedora-ca.cert" dest=/root/.fedora-upload-ca.cert
- name: add koji ca cert to central system ca-trust
copy: src="{{ private }}/files/koji/buildercerts/fedora-ca.cert" dest=/etc/pki/ca-trust/source/anchors/fedora-server-ca.cert
- name: update ca-trust
command: /usr/bin/update-ca-trust
# rawhide group
- name: rawhide group
group: name=rawhide gid=265
# rawhide user 265
- name: add rawhide user
user: name=rawhide uid=265 group=rawhide home=/tmp comment="rawhide compose account"
- name: make a bunch of dirs
file: state=directory path={{ item }}
with_items:
- /pub
- /epel
- /mnt/fedora_koji
- /var/spool/rsyslog
- name: add pkgs
yum: state=present pkg={{ item }}
with_items:
- yum-utils
- koji
- strace
- mock
- nfs-utils
- git
- mash
- intltool
- mutt
- createrepo
- pykickstart
- pyliblzma
- httpd
when: ansible_distribution_major_version|int < 22
- name: add pkgs
dnf: state=present pkg={{ item }}
with_items:
- yum-utils
- koji
- strace
- mock
- nfs-utils
- git
- mash
- intltool
- mutt
- createrepo
- pykickstart
- pyliblzma
- pungi
- compose-utils
- httpd
when: ansible_distribution_major_version|int > 21
- name: copy over our mash.conf
template: src=mash.conf dest=/etc/mash/mash.conf
- name: /etc/koji/koji.conf
template: src="{{ files }}//../roles/koji_builder/templates/koji.conf" dest=/etc/koji.conf
# mock configs
- name: put extra special mock configs in
template: src="{{ item }}" dest="/etc/mock/{{ item }}" mode=644
with_items:
- fedora-22-compose-armhfp.cfg
- fedora-23-compose-armhfp.cfg
- fedora-24-compose-armhfp.cfg
- fedora-branched-compose-armhfp.cfg
- fedora-rawhide-compose-armhfp.cfg
- fedora-22-compose-i386.cfg
- fedora-23-compose-i386.cfg
- fedora-24-compose-i386.cfg
- fedora-branched-compose-i386.cfg
- fedora-rawhide-compose-i386.cfg
- fedora-22-compose-x86_64.cfg
- fedora-23-compose-x86_64.cfg
- fedora-24-compose-x86_64.cfg
- fedora-branched-compose-x86_64.cfg
- fedora-rawhide-compose-x86_64.cfg
- fedora-22-compose-aarch64.cfg
- fedora-23-compose-aarch64.cfg
- fedora-24-compose-aarch64.cfg
- fedora-branched-compose-aarch64.cfg
- fedora-rawhide-compose-aarch64.cfg
# idmapd and make sure it's set to run
- name: idmapd.conf
copy: src="{{ files }}/../roles/koji_builder/files//idmapd.conf" dest=/etc/idmapd.conf
tags:
- configs
- name: make a mnt/koji link
file: state=link src=/mnt/fedora_koji/koji dest=/mnt/koji
when: inventory_hostname.startswith('compose-x86-01') or inventory_hostname.startswith('rawhide-composer') or inventory_hostname.startswith('branched-composer')
- name: symlink /srv/pungi
file: src=/mnt/fedora_koji/compose dest=/srv/pungi state=link
when: not inventory_hostname.startswith('compose-aarch64-01')
- name: add pkgs for nightly compose
yum: state=present pkg={{ item }}
with_items:
- packagedb-cli
when: inventory_hostname.startswith('branched-composer') or inventory_hostname.startswith('rawhide-composer') or inventory_hostname.startswith('composer.stg')
# put cron job in for branched compose
- name: branched compose cron
copy: src="branched" dest=/etc/cron.d/branched
when: inventory_hostname.startswith('branched-composer')
# put cron job in for rawhide compose
- name: rawhide compose cron
copy: src="rawhide" dest=/etc/cron.d/rawhide
when: inventory_hostname.startswith('rawhide-composer')
# put cron job in for aarch64 branched compose
- name: aarch64 branched compose cron
copy: src="aarch64.branched" dest=/etc/cron.d/branched
when: inventory_hostname.startswith('compose-aarch64-01')
# put cron job in for aarch64 rawhide compose
- name: aarch64 rawhide compose cron
copy: src="aarch64.rawhide" dest=/etc/cron.d/rawhide
when: inventory_hostname.startswith('compose-aarch64-01')
# put cron job in for two-week nightly compose
- name: twoweek compose cron
copy: src="twoweek-updates" dest=/etc/cron.d/twoweek-updates
when: inventory_hostname.startswith('compose-x86-01')
- name: install compose /etc/httpd/conf.d/compose.conf file
copy: >
src="compose.conf"
dest="/etc/httpd/conf.d/compose.conf"
owner=root
group=root
mode=0644
notify:
- reload httpd
tags:
- config
when: inventory_hostname.startswith('compose-x86-01')
|
