commit 85575166a0d117345350fabfd5c0d712e52683ab
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Wed Aug 18 21:24:25 2021 +0200
Update tasks
tasks/cloud_setup_basic.yml | 60 ++++++----------
tasks/openvpn_client.yml | 1 -
tasks/persistent_cloud.yml | 55 ++++++---------
tasks/postfix_basic.yml | 1 +
tasks/rdiff_backup_server.yml | 2 +-
tasks/reg-server.yml | 17 ++++-
tasks/virt_instance_create.yml | 29 ++++++--
tasks/yumrepos.yml | 153 +++++++++++++++++++++++++++++++++++++++-
8 files changed, 233 insertions(+), 85 deletions(-)
---
diff --git a/tasks/cloud_setup_basic.yml b/tasks/cloud_setup_basic.yml
index 1ff61d5..c886ed0 100644
--- a/tasks/cloud_setup_basic.yml
+++ b/tasks/cloud_setup_basic.yml
@@ -6,51 +6,24 @@
- ntp
- libsemanage-python
- libselinux-python
- when: ansible_distribution_major_version|int < 22
+ - iptables
+ when: ansible_distribution_major_version|int < 8 and ansible_distribution ==
'RedHat'
tags:
- packages
- name: Install desired extra packages (dnf)
- dnf: state=present pkg={{ item }}
- with_items:
- - ntpdate
- - ntp
- - libsemanage-python
- - libselinux-python
- when: ansible_distribution_major_version|int > 21 and ansible_cmdline.ostree is not
defined
- tags:
- - packages
-
-- name: remove some packages (yum)
- package: state=absent pkg={{ item }}
- with_items:
- - chrony
- tags:
- - packages
- when: ansible_distribution_major_version|int < 22
-
-- name: remove some packages (dnf)
- dnf: state=absent pkg={{ item }}
- with_items:
- - chrony
+ dnf:
+ state: present
+ pkg:
+ - chrony
+ - python3-libselinux
+ when: ansible_distribution_major_version|int > 7 and ansible_distribution ==
'RedHat' and ansible_cmdline.ostree is not defined
tags:
- packages
- when: ansible_distribution_major_version|int > 21 and ansible_cmdline.ostree is not
defined
- name: Include basessh
include_role: name=basessh
-- name: put step-tickers in place
- copy: src="{{ files }}/common/step-tickers" dest=/etc/ntp/step-tickers
- when: ansible_cmdline.ostree is not defined
- tags:
- - ntp
- - config
-
-- name: enable the service
- service: name=ntpd state=started enabled=true
- when: ansible_cmdline.ostree is not defined
-
#- name: edit hostname to be instance name - prefix hostbase var if it exists
# shell: hostname {{ hostbase }}`curl -s
http://169.254.169.254/latest/meta-data/instance-id`
# tags:
@@ -86,14 +59,21 @@
- name: update all
command: yum -y update creates=/etc/sysconfig/global-update-applied
register: updated
- when: ansible_distribution_major_version|int < 22
+ when: ansible_distribution_major_version|int < 8 and ansible_distribution ==
'RedHat'
+ tags:
+ - packages
+
+- name: update all
+ command: dnf -y update creates=/etc/sysconfig/global-update-applied
+ register: updated
+ when: ansible_distribution_major_version|int > 7 and ansible_distribution ==
'RedHat' and ansible_cmdline.ostree is not defined
tags:
- packages
- name: update all
command: dnf -y update creates=/etc/sysconfig/global-update-applied
register: updated
- when: ansible_distribution_major_version|int > 21 and ansible_cmdline.ostree is not
defined
+ when: ansible_distribution_major_version|int >= 29 and ansible_distribution ==
'Fedora' and ansible_cmdline.ostree is not defined
tags:
- packages
@@ -102,3 +82,9 @@
when: updated is defined
tags:
- packages
+
+- name: ensure tmp.mount is not masked, logrotate start would fail
+ systemd:
+ name: tmp.mount
+ masked: no
+ when: ansible_distribution_major_version|int >= 30 and ansible_distribution ==
'Fedora'
diff --git a/tasks/openvpn_client.yml b/tasks/openvpn_client.yml
index f9b44d1..0758fff 100644
--- a/tasks/openvpn_client.yml
+++ b/tasks/openvpn_client.yml
@@ -44,4 +44,3 @@
service: name=openvpn state=started enabled=true
tags:
- service
- when: ansible_distribution_major_version|int == 6
diff --git a/tasks/persistent_cloud.yml b/tasks/persistent_cloud.yml
index 11a16dc..103bb1d 100644
--- a/tasks/persistent_cloud.yml
+++ b/tasks/persistent_cloud.yml
@@ -1,5 +1,7 @@
# New tasks to spin up instance in
https://fedorainfracloud.org
+- include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README
+
- name: check it out
local_action: shell nc -w 5 {{ inventory_hostname }} 22 < /dev/null
register: host_is_up
@@ -7,22 +9,6 @@
changed_when: false
check_mode: no
-- name: clean out old known_hosts (name based entries)
- local_action: known_hosts path={{item}} host={{inventory_hostname}} state=absent
- ignore_errors: True
- with_items:
- - /root/.ssh/known_hosts
- - /etc/ssh/ssh_known_hosts
- when: host_is_up|failed
-
-- name: clean out old known_hosts (IP based entries)
- local_action: known_hosts path={{item}} host={{ lookup('dig',
inventory_hostname, wantlist=False) }} state=absent
- ignore_errors: True
- with_items:
- - /root/.ssh/known_hosts
- - /etc/ssh/ssh_known_hosts
- when: host_is_up|failed
-
- name: spin UP VM using nova_compute
become: False
local_action:
@@ -33,7 +19,7 @@
login_tenant_name: "{{inventory_tenant}}"
name: "{{inventory_instance_name}}"
image_id: "{{ image|image_name_to_id('admin', ADMIN_PASS,
inventory_tenant, os_auth_url) }}"
- wait_for: 300
+ wait_for: 600
flavor_id: "{{ instance_type|flavor_name_to_id('admin', ADMIN_PASS,
inventory_tenant, os_auth_url) }}"
security_groups: "{{security_group}}"
key_name: "{{ keypair }}"
@@ -42,7 +28,7 @@
floating_ips:
- "{{public_ip}}"
register: nova_result
- when: host_is_up|failed
+ when: host_is_up is failed
# instance can be both id and name, volume must be id
# volume must be id
@@ -62,35 +48,34 @@
# If it is attach it.
#
- local_action: shell nova --os-auth-url="{{os_auth_url}}"
--os-username="admin" --os-password="{{ADMIN_PASS}}"
--os-tenant-name={{inventory_tenant}} volume-attach
"{{inventory_instance_name}}" "{{item.volume_id}}"
"{{item.device}}"
- with_items: "{{ volumes|default([]) }}"
+ with_items: "{{ volume_available.results|default([]) }}"
ignore_errors: True
failed_when: False
- when: volumes is defined and volume_available is defined and volume_available
+ when: volumes is defined and volume_available is defined and item.changed
- name: wait for he host to be hot
local_action: wait_for host={{ public_ip }} port=22 delay=1 timeout=600
- when: host_is_up|failed
+ when: host_is_up is failed
+
+# SSH is up and running, however cloud-init still did not deployed ssh keypair
+# we have to wait some time. 10 sec is usually enough, but not always.
+
+- name: waiting for cloud-init
+ pause: seconds=30
+ when: host_is_up is failed
- name: gather ssh host key from new instance
local_action: command ssh-keyscan -t rsa {{ inventory_hostname }}
ignore_errors: True
register: hostkey
- when: host_is_up|failed
+ when: host_is_up is failed
-- name: add new ssh host key (you still need to add it to official ssh_host_keys later)
- local_action: known_hosts path={{ item }} key={{ hostkey.stdout }} host={{
inventory_hostname }} state=present
+- name: add new ssh host key (until we can sign it)
+ local_action: known_hosts path={{item}} key="{{ hostkey.stdout }}" host={{
inventory_hostname }} state=present
ignore_errors: True
with_items:
- /root/.ssh/known_hosts
- - /etc/ssh/ssh_known_hosts
- when: host_is_up|failed
-
-# SSH is up and running, however cloud-init still did not deployed ssh keypair
-# we have to wait some time. 10 sec is usually enough, but not always.
-
-- name: waiting for cloud-init
- pause: seconds=30
- when: host_is_up|failed
+ when: host_is_up is failed
#
# Next we try and gather facts. If the host doesn't have python2 this will fail.
@@ -108,7 +93,7 @@
- name: install python2 and dnf stuff
raw: dnf -y install python-dnf libselinux-python
- when: facts|failed
+ when: facts is failed
# TODO - somehow guess when keypair is finally deployed and return little bit earlier
## We need to specify user, here we trying with fedora or root
@@ -120,3 +105,5 @@
# # poll: 5
# ignore_errors: True
#
+- name: Include SSH config
+ import_role: name=basessh
diff --git a/tasks/postfix_basic.yml b/tasks/postfix_basic.yml
index 2688861..4bd6a7d 100644
--- a/tasks/postfix_basic.yml
+++ b/tasks/postfix_basic.yml
@@ -12,6 +12,7 @@
- "{{ roles_path }}/base/files/postfix/main.cf/main.cf.{{ inventory_hostname
}}"
- "{{ roles_path }}/base/files/postfix/main.cf/main.cf.{{ host_group }}"
- "{{ roles_path }}/base/files/postfix/main.cf/main.cf.{{ postfix_group
}}"
+ - "{{ roles_path }}/base/files/postfix/main.cf/main.cf.{{ datacenter }}"
- "{{ roles_path }}/base/files/postfix/main.cf/main.cf"
notify:
- restart postfix
diff --git a/tasks/rdiff_backup_server.yml b/tasks/rdiff_backup_server.yml
index 1e2d553..c3eeff1 100644
--- a/tasks/rdiff_backup_server.yml
+++ b/tasks/rdiff_backup_server.yml
@@ -1,7 +1,7 @@
---
# tasklist for setting up a rdiff backup server.
- name: install rdiff-backup
- yum: pkg={{ item }} state=present
+ package: name={{ item }} state=present
with_items:
- rdiff-backup
- git
diff --git a/tasks/reg-server.yml b/tasks/reg-server.yml
index 1173bff..6fb6b04 100644
--- a/tasks/reg-server.yml
+++ b/tasks/reg-server.yml
@@ -1,7 +1,6 @@
- name: install reg-server
package:
- name: reg-server
- state: latest
+ name: reg
tags:
- regserver
@@ -34,3 +33,17 @@
when: env == "staging"
tags:
- regserver
+
+- name: Copy fedora icon
+ copy:
+ src: "{{files}}/reg-server/fedora.png"
+ dest: "/var/lib/reg-server/static/fedora.png"
+ tags:
+ - regserver
+
+- name: Copy custom styles.css
+ copy:
+ src: "{{files}}/reg-server/styles.css"
+ dest: "/var/lib/reg-server/static/css/styles.css"
+ tags:
+ - regserver
diff --git a/tasks/virt_instance_create.yml b/tasks/virt_instance_create.yml
index 1ede210..f0ff9ef 100644
--- a/tasks/virt_instance_create.yml
+++ b/tasks/virt_instance_create.yml
@@ -4,11 +4,18 @@
- include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README
- name: get vm list
+ vars:
+ ansible_python_interpreter: "{{
hostvars[vmhost]['ansible_python']['executable'] }}"
delegate_to: "{{ vmhost }}"
virt: command=list_vms
register: result
check_mode: no
+- name: ensure no old facts exist
+ delegate_to: localhost
+ file: path=/root/.ansible_facts_cache/{{ inventory_hostname }} state=absent
+ when: inventory_hostname not in result.list_vms
+
- name: ensure the lv for the guest is made
lvol: lv={{ inventory_hostname }} vg={{ volgroup }} size={{ lvm_size }} state=present
delegate_to: "{{ vmhost }}"
@@ -90,8 +97,8 @@
with_items:
- /root/.ssh/known_hosts
- /etc/ssh/ssh_known_hosts
- when: inventory_hostname not in result.list_vms and inventory_hostname in
groups['osbs-masters-stg']+groups['osbs-nodes-stg']
- delegate_to:
osbs-control01.stg.phx2.fedoraproject.org
+ when: inventory_hostname not in result.list_vms and inventory_hostname in
groups['osbs_masters_stg']+groups['osbs_nodes_stg']
+ delegate_to: osbs-control01.stg.{{ datacenter }}.fedoraproject.org
- name: (osbs-control01) make sure there is no old ssh host key for the host still
around
known_hosts: path={{item}} host={{ inventory_hostname }} state=absent
@@ -99,8 +106,8 @@
with_items:
- /root/.ssh/known_hosts
- /etc/ssh/ssh_known_hosts
- when: inventory_hostname not in result.list_vms and inventory_hostname in
groups['osbs-masters']+groups['osbs-nodes']
- delegate_to:
osbs-control01.phx2.fedoraproject.org
+ when: inventory_hostname not in result.list_vms and inventory_hostname in
groups['osbs_masters']+groups['osbs_nodes']
+ delegate_to: osbs-control01.{{ datacenter }}.fedoraproject.org
- name: wait for ssh on the vm to start back
local_action: wait_for delay=10 host={{ inventory_hostname }} port=22 state=started
timeout=1200
@@ -125,8 +132,8 @@
with_items:
- /root/.ssh/known_hosts
- /etc/ssh/ssh_known_hosts
- when: inventory_hostname not in result.list_vms and inventory_hostname in
groups['osbs-masters-stg']+groups['osbs-nodes-stg']
- delegate_to:
osbs-control01.stg.phx2.fedoraproject.org
+ when: inventory_hostname not in result.list_vms and inventory_hostname in
groups['osbs_masters_stg']+groups['osbs_nodes_stg']
+ delegate_to: osbs-control01.stg.{{ datacenter }}.fedoraproject.org
- name: (osbs-control01) add new ssh host key
known_hosts: path={{item}} key="{{ hostkey.stdout }}" host={{
inventory_hostname }} state=present
@@ -134,6 +141,12 @@
with_items:
- /root/.ssh/known_hosts
- /etc/ssh/ssh_known_hosts
- when: inventory_hostname not in result.list_vms and inventory_hostname in
groups['osbs-masters']+groups['osbs-nodes']
- delegate_to:
osbs-control01.phx2.fedoraproject.org
+ when: inventory_hostname not in result.list_vms and inventory_hostname in
groups['osbs_masters']+groups['osbs_nodes']
+ delegate_to: osbs-control01.{{ datacenter }}.fedoraproject.org
+- name: gather facts
+ setup:
+ check_mode: no
+ ignore_errors: True
+ register: facts
+ when: inventory_hostname not in result.list_vms
diff --git a/tasks/yumrepos.yml b/tasks/yumrepos.yml
index 5ae06a5..6ed69d3 100644
--- a/tasks/yumrepos.yml
+++ b/tasks/yumrepos.yml
@@ -1,4 +1,153 @@
---
+- name: Include vars/all/
+ include_vars:
+ dir: /srv/web/infra/ansible/vars/all/
+ ignore_files: [README]
+ tags:
+ - config
+ - packages
+ - yumrepos
+
+- name: enable repos for archived Fedora releases
+ set_fact:
+ archive_if_archived: >-
+ {{
+ '/archive'
+ if ansible_distribution_major_version|int < (
+ FedoraPreviousPreviousCycleNumber|int
+ if FedoraPreviousPrevious == True
+ else FedoraPreviousCycleNumber|int
+ )
+ else ''
+ }}
+ when: ansible_distribution == 'Fedora'
+ tags:
+ - config
+ - packages
+ - yumrepos
+
+- name: put rhel repos on rhel systems
+ copy: src="{{ files }}/common/rhel{{ ansible_distribution_major_version|int
}}.repo" dest="/etc/yum.repos.d/rhel{{ ansible_distribution_major_version|int
}}.repo"
+ when: ansible_distribution == 'RedHat' and not
inventory_hostname.startswith('ppc9') and datacenter != "aws"
+ tags:
+ - config
+ - packages
+ - yumrepos
+
+- name: put rhel repos on rhel systems (power9)
+ copy: src="{{ files }}/common/rhel{{ ansible_distribution_major_version|int
}}-power9.repo" dest="/etc/yum.repos.d/rhel{{
ansible_distribution_major_version|int }}.repo"
+ when: ansible_distribution == 'RedHat' and
inventory_hostname.startswith('ppc9') and datacenter != "aws"
+ tags:
+ - config
+ - packages
+ - yumrepos
+
+- name: put rhel rhev for power repos on rhel power systems
+ copy: src="{{ files }}/common/rhel7-power-rhev.repo"
dest="/etc/yum.repos.d/rhel7-power-rhev.repo"
+ when: ansible_distribution == 'RedHat' and
ansible_distribution_major_version|int == 7 and ansible_architecture =='ppc64le'
and not inventory_hostname.startswith('ppc9')
+ tags:
+ - config
+ - packages
+ - yumrepos
+
+- name: put openshift 3.4 repo on os- systems
+ template: src="{{ files }}/openshift/openshift.repo"
dest="/etc/yum.repos.d/openshift.repo"
+ when: ansible_distribution == 'RedHat' and
ansible_distribution_major_version|int == 7 and
inventory_hostname.startswith('os-') and datacenter != "aws"
+ tags:
+ - config
+ - packages
+ - yumrepos
+
+- name: put epel repos on el systems
+ copy: src="{{ files }}/common/epel{{ ansible_distribution_major_version|int
}}.repo" dest="/etc/yum.repos.d/epel{{ ansible_distribution_major_version|int
}}.repo"
+ when: ((ansible_distribution == 'RedHat' or ansible_distribution ==
'CentOS') and use_default_epel) and datacenter != "aws"
+ tags:
+ - config
+ - packages
+ - yumrepos
+
+- name: put epel repos on el systems (aws)
+ copy: src="{{ files }}/common/original-epel{{
ansible_distribution_major_version|int }}.repo" dest="/etc/yum.repos.d/epel{{
ansible_distribution_major_version|int }}.repo"
+ when: ((ansible_distribution == 'RedHat' or ansible_distribution ==
'CentOS') and use_default_epel) and datacenter == "aws"
+ tags:
+ - config
+ - packages
+ - yumrepos
+
+- name: put epel gpg key on el systems (aws)
+ copy: src="{{ files }}/common/RPM-GPG-KEY-EPEL-{{
ansible_distribution_major_version|int }}"
dest="/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version|int
}}"
+ when: ((ansible_distribution == 'RedHat' or ansible_distribution ==
'CentOS') and use_default_epel) and datacenter == "aws"
+ tags:
+ - config
+ - packages
+ - yumrepos
+
+- name: epel release on el systems (aws)
+ package:
+ name: 'epel-release'
+ state: present
+ when: ((ansible_distribution == 'RedHat' or ansible_distribution ==
'CentOS') and use_default_epel) and datacenter == "aws"
+ tags:
+ - config
+ - packages
+ - yumrepos
+
+- name: put fedora repos on primary architecture systems
+ template: src="{{ files }}/common/{{ item }}" dest="/etc/yum.repos.d/{{
item }}"
+ with_items:
+ - fedora.repo
+ - fedora-updates.repo
+ - fedora-updates-testing.repo
+ when: ansible_distribution == 'Fedora' and not
inventory_hostname.startswith(('buildvm-s390x', 'buildvm-ppc64le')) and
not inventory_hostname.startswith('rawhide-test') and datacenter !=
"aws"
+ tags:
+ - config
+ - packages
+ - yumrepos
+
+- name: put fedora modular repos on primary architecture systems
+ template: src="{{ files }}/common/{{ item }}" dest="/etc/yum.repos.d/{{
item }}"
+ with_items:
+ - fedora-modular.repo
+ - fedora-updates-modular.repo
+ - fedora-updates-testing-modular.repo
+ when: ansible_distribution == 'Fedora' and not
inventory_hostname.startswith('rawhide-test') and not
inventory_hostname.startswith(('buildvm-s390x', 'buildvm-ppc64le')) and
datacenter != "aws"
+ tags:
+ - config
+ - packages
+ - yumrepos
+
+- name: put fedora repos on secondary architecture systems
+ template: src="{{ files }}/common/{{ item }}-secondary"
dest="/etc/yum.repos.d/{{ item }}"
+ with_items:
+ - fedora.repo
+ - fedora-updates.repo
+ - fedora-updates-testing.repo
+ when: ansible_distribution == 'Fedora' and (ansible_architecture ==
'ppc64' or ansible_architecture == 'ppc64le' or ansible_architecture ==
's390x') and datacenter != "aws"
+ tags:
+ - config
+ - packages
+ - yumrepos
+
+- name: put fedora repos on secondary architecture systems
+ template: src="{{ files }}/common/{{ item }}-secondary"
dest="/etc/yum.repos.d/{{ item }}"
+ with_items:
+ - fedora-modular.repo
+ - fedora-updates-modular.repo
+ - fedora-updates-testing-modular.repo
+ when: ansible_distribution == 'Fedora' and
ansible_distribution_major_version|int >= 29 and (ansible_architecture ==
'ppc64le' or ansible_architecture == 's390x') and datacenter !=
"aws"
+ tags:
+ - config
+ - packages
+ - yumrepos
+
+- name: add aarch64 server rpms repo
+ copy: src="{{ files }}/common/rhel-{{ ansible_distribution_major_version|int
}}-aarch64-server-rpms.repo" dest="/etc/yum.repos.d/rhel-{{
ansible_distribution_major_version|int }}-aarch64-server-rpms.repo"
+ when: (ansible_distribution == 'RedHat' or ansible_distribution ==
'CentOS') and inventory_hostname.startswith('aarch64-c') and
ansible_distribution_major_version|int >= 7 and datacenter != "aws"
+ tags:
+ - config
+ - packages
+ - yumrepos
+
- name: add infrastructure tags repo - RHEL
copy: src="{{ files }}/common/rhel-infra-tags.repo"
dest="/etc/yum.repos.d/infra-tags.repo"
when: (ansible_distribution == 'RedHat' or ansible_distribution ==
'CentOS')
@@ -9,7 +158,7 @@
- name: add infrastructure STAGING tags repo - RHEL
copy: src="{{ files }}/common/rhel-infra-tags-stg.repo"
dest="/etc/yum.repos.d/infra-tags-stg.repo"
- when: (ansible_distribution == 'RedHat' or ansible_distribution ==
'CentOS') and env == 'staging'
+ when: (ansible_distribution == 'RedHat' or ansible_distribution ==
'CentOS') and env in ['staging', 'pagure-staging']
tags:
- config
- packages
@@ -25,7 +174,7 @@
- name: add infrastructure STAGING tags repo - Fedora
copy: src="{{ files }}/common/fedora-infra-tags-stg.repo"
dest="/etc/yum.repos.d/infra-tags-stg.repo"
- when: ansible_distribution == 'Fedora' and env == 'staging'
+ when: ansible_distribution == 'Fedora' and env in ['staging',
'pagure-staging']
tags:
- config
- packages