[ansible] Update bodhi-backend playbook
by Nicolas Chauvet
commit 1c22a1e0cf5e09d00540574f2a6b02edf29da928
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Tue Feb 6 23:15:40 2018 +0100
Update bodhi-backend playbook
playbooks/groups/bodhi-backend.yml | 9 ++++++---
1 files changed, 6 insertions(+), 3 deletions(-)
---
diff --git a/playbooks/groups/bodhi-backend.yml b/playbooks/groups/bodhi-backend.yml
index a8ce720..9473c8a 100644
--- a/playbooks/groups/bodhi-backend.yml
+++ b/playbooks/groups/bodhi-backend.yml
@@ -1,13 +1,13 @@
# create a new bodhi-backend system
#
# This group makes bodhi-backend servers.
-# They are used by releng to push updates with bodhi.
+# They are used by releng to push updates with bodhi.
# They also run some misc releng scripts.
#
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=bodhi-backend:bodhi-backend-stg"
-# Once the instance exists, configure it.
+# Once the instance exists, configure it.
- name: make bodhi-backend server system
hosts: bodhi-backend:bodhi-backend-stg
@@ -19,6 +19,9 @@
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+ pre_tasks:
+ - import_tasks: "{{ tasks_path }}/yumrepos.yml"
+
roles:
- base
- nagios/client
@@ -33,6 +36,7 @@
mnt_dir: '/pub/'
nfs_src_dir: 'rpmfusion_ftp/download0.rpmfusion.org/pub/'
+ # In staging, we mount fedora_koji as read only (see nfs_mount_opts)
- role: nfs/client
mnt_dir: '/mnt/rpmfusion_koji'
nfs_src_dir: 'rpmfusion_koji'
@@ -55,7 +59,6 @@
tags: bodhi
when: env == 'staging'
- import_tasks: "{{ tasks_path }}/2fa_client.yml"
- - import_tasks: "{{ tasks_path }}/yumrepos.yml"
- import_tasks: "{{ tasks_path }}/motd.yml"
handlers:
6 years, 10 months
[ansible] Update dnf-automatic
by Nicolas Chauvet
commit f386bc02c3e3bf44258621453a62ccb783f1e835
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Tue Feb 6 23:02:16 2018 +0100
Update dnf-automatic
roles/dnf-automatic/tasks/main.yml | 94 +++++++++++++++++++++++------------
1 files changed, 62 insertions(+), 32 deletions(-)
---
diff --git a/roles/dnf-automatic/tasks/main.yml b/roles/dnf-automatic/tasks/main.yml
index 80b8046..a848291 100644
--- a/roles/dnf-automatic/tasks/main.yml
+++ b/roles/dnf-automatic/tasks/main.yml
@@ -1,37 +1,67 @@
---
#
-# This role adds dnf automatic package and configuration.
-# We want this on any public facing Fedora installs so we
-# can pick up security updates.
+# This role adds dnf automatic package and configuration.
+# We want this on any public facing Fedora installs so we
+# can pick up security updates.
#
+- block:
+ - name: install dnf-automatic
+ dnf:
+ name: dnf-automatic
+ state: present
+ tags:
+ - packages
-- name: install dnf-automatic
- dnf: name=dnf-automatic state=present
- tags:
- - packages
- when: ansible_distribution == 'Fedora' and ansible_distribution_major_version|int > 21
-
-- name: install /etc/dnf/automatic.conf
- template: src=automatic.conf.j2 dest=/etc/dnf/automatic.conf mode=0644
- tags:
- - config
- when: ansible_distribution == 'Fedora' and ansible_distribution_major_version|int > 21
-
-- name: enable and start dnf-automatic
- command: systemctl enable dnf-automatic.timer creates=/etc/systemd/system/basic.target.wants/dnf-automatic.timer
- tags:
- - config
- when: ansible_distribution == 'Fedora' and ansible_distribution_major_version|int > 21
-
-- name: check if dnf-automatic.timer is active
- command: systemctl is-active dnf-automatic.timer
- register: automaticative
- always_run: yes
- changed_when: 1 != 1
- ignore_errors: true
- when: ansible_distribution == 'Fedora' and ansible_distribution_major_version|int > 21
-
-- name: start dnf-automatic.timer if it is not active
- command: systemctl start dnf-automatic.timer
- when: automaticative|failed and ansible_distribution == 'Fedora' and ansible_distribution_major_version|int > 21
+ - name: install /etc/dnf/automatic.conf
+ template:
+ src: automatic.conf.j2
+ dest: /etc/dnf/automatic.conf
+ mode: 0644
+ tags:
+ - config
+
+ - name: enable and start dnf-automatic
+ command: systemctl enable dnf-automatic.timer
+ when: ansible_distribution_major_version|int < 26
+ args:
+ creates: /etc/systemd/system/basic.target.wants/dnf-automatic.timer
+ tags:
+ - config
+
+ - name: check if dnf-automatic.timer is active
+ command: systemctl is-active dnf-automatic.timer
+ register: automaticative
+ check_mode: no
+ changed_when: 1 != 1
+ ignore_errors: true
+ when: ansible_distribution_major_version|int < 26
+
+ - name: start dnf-automatic.timer if it is not active
+ command: systemctl start dnf-automatic.timer
+ when: automaticative|failed and ansible_distribution_major_version|int < 26
+
+ - name: enable and start dnf-automatic f26+
+ command: systemctl enable dnf-automatic-install.timer
+ when: ansible_distribution_major_version|int >= 26
+ args:
+ creates: /etc/systemd/system/basic.target.wants/dnf-automatic-install.timer
+ tags:
+ - config
+
+ - name: check if dnf-automatic-install.timer is active
+ command: systemctl is-active dnf-automatic-install.timer
+ register: automaticative
+ check_mode: no
+ changed_when: 1 != 1
+ ignore_errors: true
+ when: ansible_distribution_major_version|int >= 26
+
+ - name: start dnf-automatic-install.timer if it is not active
+ command: systemctl start dnf-automatic-install.timer
+ when: automaticative|failed and ansible_distribution_major_version|int >= 26
+
+ - name: disable silly makecache timer
+ systemd: name=dnf-makecache masked=yes
+
+ when: ansible_pkg_mgr == 'dnf'
6 years, 10 months
[ansible] Add check mode
by Nicolas Chauvet
commit 2a3fdb7b44c4b19818e88d30cbfae45d9ca07874
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Tue Feb 6 22:59:12 2018 +0100
Add check mode
tasks/create_swap_file.yml | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
---
diff --git a/tasks/create_swap_file.yml b/tasks/create_swap_file.yml
index a02ce6e..7cba56f 100644
--- a/tasks/create_swap_file.yml
+++ b/tasks/create_swap_file.yml
@@ -16,6 +16,7 @@
- name: Check swap file type
command: file {{ swap_file_path }}
+ check_mode: no
register: swapfile
- name: Make swap file
6 years, 10 months
[ansible] include tasks
by Nicolas Chauvet
commit dbda071a457efdbce5d13c6dd2f2f6284a349458
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Tue Feb 6 22:56:52 2018 +0100
include tasks
playbooks/groups/buildhw.yml | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/playbooks/groups/buildhw.yml b/playbooks/groups/buildhw.yml
index 45f805a..961b48c 100644
--- a/playbooks/groups/buildhw.yml
+++ b/playbooks/groups/buildhw.yml
@@ -31,7 +31,7 @@
when: not inventory_hostname.startswith('bkernel')
- import_tasks: "{{ tasks_path }}/motd.yml"
when: not inventory_hostname.startswith('bkernel')
- - import_tasks: "{{ tasks_path }}/create_swap_file.yml swap_file_path=/var/swap-file swap_file_bs=1M swap_file_count=4096"
+ - include_tasks: "{{ tasks_path }}/create_swap_file.yml swap_file_path=/var/swap-file swap_file_bs=1M swap_file_count=4096"
when: inventory_hostname.endswith('scaleway.rpmfusion.net')
- name: make sure kojid is running
6 years, 10 months
[ansible] Update inventory
by Nicolas Chauvet
commit bd6a7671073df335ba9670d848cd6106318c2861
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Tue Feb 6 16:48:30 2018 +0100
Update inventory
inventory/builders | 6 ++++++
roles/base/files/resolv.conf/home | 1 +
2 files changed, 7 insertions(+), 0 deletions(-)
---
diff --git a/inventory/builders b/inventory/builders
index e95fc4b..4fb0c43 100644
--- a/inventory/builders
+++ b/inventory/builders
@@ -1,6 +1,7 @@
[buildaarch64]
aarch64-01.linaro.rpmfusion.net ansible_user=fedora ansible_become=yes
aarch64-02.linaro.rpmfusion.net ansible_user=fedora ansible_become=yes
+aarch64-jetson-tx1.home.rpmfusion.net
[buildvm]
buildvm-01.online.rpmfusion.net
@@ -27,6 +28,7 @@ buildarm
buildhw-x86
[buildarm:children]
+home-arm
scaleway-c1
[linaro:children]
@@ -42,6 +44,10 @@ arm-builder02.scaleway.rpmfusion.net
arm-builder03.scaleway.rpmfusion.net
arm-builder04.scaleway.rpmfusion.net
+[home-arm]
+arm-jetson-tk1.home.rpmfusion.net
+arm-jetson-tx1.home.rpmfusion.net
+
[builders:children]
buildaarch64
buildhw
diff --git a/roles/base/files/resolv.conf/home b/roles/base/files/resolv.conf/home
new file mode 100644
index 0000000..1ea217a
--- /dev/null
+++ b/roles/base/files/resolv.conf/home
@@ -0,0 +1 @@
+nameserver 192.168.1.1
6 years, 10 months
[ansible] Update koji builder override
by Nicolas Chauvet
commit 3e7252b740252d574fc72e44f1364aa7f6946c78
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Tue Feb 6 14:41:19 2018 +0100
Update koji builder override
.../files/builders/kojid.service.d.override.conf | 1 +
roles/koji_builder/tasks/main.yml | 8 --------
2 files changed, 1 insertions(+), 8 deletions(-)
---
diff --git a/roles/koji_builder/files/builders/kojid.service.d.override.conf b/roles/koji_builder/files/builders/kojid.service.d.override.conf
index 582d935..831dae9 100644
--- a/roles/koji_builder/files/builders/kojid.service.d.override.conf
+++ b/roles/koji_builder/files/builders/kojid.service.d.override.conf
@@ -1,2 +1,3 @@
[Service]
+TasksMax=infinity
Environment="http_proxy=http://proxy:3128"
diff --git a/roles/koji_builder/tasks/main.yml b/roles/koji_builder/tasks/main.yml
index 9f78984..5d79281 100644
--- a/roles/koji_builder/tasks/main.yml
+++ b/roles/koji_builder/tasks/main.yml
@@ -155,14 +155,6 @@
tags:
- koji_builder
-- name: override kojid.service file to set TasksMax to unlimited
- copy: src=kojid.service dest=/etc/systemd/system/kojid.service
- notify:
- - reload systemd
- - restart kojid
- tags:
- - koji_builder
-
# setup for oz/imagefactory
- name: make .psphere dir
file: state=directory path=/root/.psphere mode=775 owner=root group=root
6 years, 10 months
[ansible] Update koji_builder
by Nicolas Chauvet
commit 49c3588ffd60f25c67b78507ce4f3cf2513338e3
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Tue Feb 6 14:15:17 2018 +0100
Update koji_builder
roles/koji_builder/tasks/main.yml | 27 +++++++++++++++++++++++++++
1 files changed, 27 insertions(+), 0 deletions(-)
---
diff --git a/roles/koji_builder/tasks/main.yml b/roles/koji_builder/tasks/main.yml
index 2f58d21..9f78984 100644
--- a/roles/koji_builder/tasks/main.yml
+++ b/roles/koji_builder/tasks/main.yml
@@ -65,6 +65,7 @@
with_items:
- yum-utils
- koji-builder
+ - python2-koji
- python-osbs-client
- koji-containerbuild-builder
- strace
@@ -101,6 +102,7 @@
with_items:
- yum-utils
- koji-builder
+ - python2-koji
- python-osbs-client
- koji-containerbuild-builder
- strace
@@ -153,6 +155,14 @@
tags:
- koji_builder
+- name: override kojid.service file to set TasksMax to unlimited
+ copy: src=kojid.service dest=/etc/systemd/system/kojid.service
+ notify:
+ - reload systemd
+ - restart kojid
+ tags:
+ - koji_builder
+
# setup for oz/imagefactory
- name: make .psphere dir
file: state=directory path=/root/.psphere mode=775 owner=root group=root
@@ -265,3 +275,20 @@
tags:
- koji_builder
- selinux
+
+- name: Create directory for shared secrets
+ file:
+ path: /etc/kojid/secrets
+ state: directory
+ owner: root
+ group: root
+ mode: 0660
+ tags:
+ - koji_builder
+
+# https://pagure.io/fedora-infrastructure/issue/6636
+- name: install libkcapi to get increased sockets on armv7
+ dnf: name=libkcapi enablerepo=updates-testing state=present
+ tags:
+ - koji_builder
+ when: ansible_architecture == 'armv7l'
6 years, 10 months
[ansible] Update koji_builder
by Nicolas Chauvet
commit 5ec684830826bf72580e5ecacb7e9cb42556faa4
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Tue Feb 6 14:12:05 2018 +0100
Update koji_builder
roles/koji_builder/templates/kojid.conf | 4 ++--
roles/koji_builder/templates/runroot.conf.j2 | 11 +++++++++--
2 files changed, 11 insertions(+), 4 deletions(-)
---
diff --git a/roles/koji_builder/templates/kojid.conf b/roles/koji_builder/templates/kojid.conf
index 9180b43..36b543d 100644
--- a/roles/koji_builder/templates/kojid.conf
+++ b/roles/koji_builder/templates/kojid.conf
@@ -85,7 +85,7 @@ serverca = /etc/kojid/cacert.pem
{% if 'runroot' in group_names %}
; Config for it lives in /etc/kojid/runroot.conf
-{% if env == 'staging' %}
+{% if ansible_architecture == 'x86_64' %}
plugins = runroot builder_containerbuild
{% else %}
plugins = runroot
@@ -93,7 +93,7 @@ plugins = runroot
{% else %}
-{% if env == 'staging' and not inventory_hostname.startswith('arm') %}
+{% if ansible_architecture == 'x86_64' %}
plugins = builder_containerbuild
{% else %}
plugins =
diff --git a/roles/koji_builder/templates/runroot.conf.j2 b/roles/koji_builder/templates/runroot.conf.j2
index e91e7ef..0dc800d 100644
--- a/roles/koji_builder/templates/runroot.conf.j2
+++ b/roles/koji_builder/templates/runroot.conf.j2
@@ -8,14 +8,14 @@
default_mounts = /mnt/koji
{% elif env == 'staging' %}
; In staging we also need the production split volume
-default_mounts = /mnt/koji,/mnt/fedora_koji_prod/koji
+default_mounts = /mnt/koji,/mnt/rpmfusion_koji/koji,/etc/kojid/secrets
{% endif %}
; comma-delimited list of safe roots.
; Each extra_mount needs to start with some of these prefixes. Other paths are
; not allowed for mounting. Only absolute paths are allowed here, no
; wildcards.
-safe_roots = /mnt/koji/compose
+safe_roots = /mnt/koji/compose,/mnt/koji/atomic-cd
; path substitutions is tuple per line, delimited by comma, order is
; important.
@@ -49,4 +49,11 @@ mountpoint = /mnt/fedora_koji_prod/koji
path = /mnt/fedora_koji_prod/koji
fstype = bind
options = ro,bind
+
+; Directory for secrets to be used by certain builds
+[path3]
+mountpoint = /etc/kojid/secrets
+path = /etc/kojid/secrets
+fstype = bind
+options = ro,bind
{% endif %}
6 years, 10 months