commit df401cedeb8f73c48d872117e26e0c99dca11396 Author: Nicolas Chauvet <kwizart(a)gmail.com&gt; Date: Thu Jan 24 18:52:29 2019 +0100 Few updates for hotness (wip) playbooks/groups/hotness.yml | 77 ++++++++++++++++++++++++++++++++++++ roles/hotness/templates/hotness.py | 13 +++--- 2 files changed, 83 insertions(+), 7 deletions(-) --- diff --git a/playbooks/groups/hotness.yml b/playbooks/groups/hotness.yml new file mode 100644 index 0000000..0be155a --- /dev/null +++ b/playbooks/groups/hotness.yml @@ -0,0 +1,77 @@ +# create a new hotness server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars + +#- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=hotness:hotness-stg" + +- name: dole out the generic configuration + hosts: hotness:hotness-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - collectd/base + - hosts + - fas_client + - sudo + - role: keytab/service + service: hotness + owner_user: fedmsg + # The proxies don't actually need to talk to these hosts so we won't bother + # putting them on the vpn. + #- { role: openvpn/client, + # when: env != "staging" } + + pre_tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + + tasks: + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: set up fedmsg basics + hosts: hotness:hotness-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - fedmsg/base + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" + +- name: dole out the service-specific config + hosts: hotness:hotness-stg + user: root + gather_facts: True + + roles: + - fedmsg/hub + - hotness + - role: collectd/fedmsg-service + process: fedmsg-hub + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/roles/hotness/templates/hotness.py b/roles/hotness/templates/hotness.py index 653a2a2..af3ea45 100644 --- a/roles/hotness/templates/hotness.py +++ b/roles/hotness/templates/hotness.py @@ -55,17 +55,16 @@ config = { {% endif %} 'git_url': 'https://pkgs.rpmfusion.org/git/free/{package}.git', - 'krb_principal': 'hotness/hotness01{{env_suffix}}.phx2.fedoraproject.org@{{ipa_realm}}', - 'krb_keytab': '/etc/krb5.hotness_hotness01{{env_suffix}}.phx2.fedoraproject.org.keytab', - 'krb_ccache': None, - 'krb_proxyuser': None, - 'krb_sessionopts': {'timeout': 3600, 'krb_rdns': False}, + 'authtype': 'ssl', + 'cert': '/etc/koji.conf.d/hotness.pem', + 'ca': '/etc/pki/tls/certs/rpmfusion-upload-ca.cert', + 'serverca': '/etc/pki/tls/certs/rpmfusion-server-ca.cert', 'user_email': ('RPM Fusion Release Monitoring ', &#39;&lt;release-monitoring(a)rpmfusion.org&gt;&#39;), 'opts': {'scratch': True}, 'priority': 30, - 'target_tag': 'rawhide', + 'target_tag': 'rawhide-free', }, 'hotness.anitya': { @@ -82,7 +81,7 @@ config = { {% else %} "hotness.mdapi_url": "https://apps.fedoraproject.org/mdapi", 'hotness.pdc_url': 'https://pdc.fedoraproject.org', - 'hotness.dist_git_url': 'https://src.fedoraproject.org', + 'hotness.dist_git_url': 'https://pkgs.rpmfusion.org/git/free', {% endif %} 'hotness.yumconfig': '/etc/hotness-yum.conf',