From d1850f1ca90041998ac5a3316cc1f85c3f0a4925 Mon Sep 17 00:00:00 2001 From: Louis Abel Date: Fri, 18 Aug 2023 14:23:40 -0700 Subject: [PATCH] FQCN and simple builder --- init-rocky-simple-builder.yml | 66 ++++++++++++++++++++++++++++++++++ role-rocky-kojid-staging.yml | 28 +++++++-------- role-rocky-kojid.yml | 28 +++++++-------- role-rocky-kojihub-staging.yml | 26 +++++++------- role-rocky-kojihub.yml | 26 +++++++------- 5 files changed, 120 insertions(+), 54 deletions(-) create mode 100644 init-rocky-simple-builder.yml diff --git a/init-rocky-simple-builder.yml b/init-rocky-simple-builder.yml new file mode 100644 index 0000000..a8f8a2f --- /dev/null +++ b/init-rocky-simple-builder.yml @@ -0,0 +1,66 @@ +--- +# Basic system configuration. All hardening should also be imported here. +# Use --extra-vars="host=..." and specify a hostname in the inventory or +# provide an ansible host group name. You can also just use "all" if you +# want to ensure all systems are up to date on the configuration. +- name: Setup a simple builder system with mock + hosts: "{{ host }}" + become: true + + # This is to try to avoid the handler issue in pre/post tasks + handlers: + - name: Import handleers + ansible.builtin.import_tasks: handlers/main.yml + + pre_tasks: + - name: Check if ansible cannot be run here + ansible.builtin.stat: + path: /etc/no-ansible + register: no_ansible + + - name: Verify if we can run ansible + ansible.builtin.assert: + that: + - "not no_ansible.stat.exists" + success_msg: "We are able to run on this node" + fail_msg: "/etc/no-ansible exists - skipping run on this node" + + tasks: + - name: Install EPEL repository + ansible.builtin.dnf: + name: epel-release + state: present + tags: + - packages + + - name: Enable the CRB repository + community.general.ini_file: + dest: /etc/yum.repos.d/rocky.repo + section: crb + option: enabled + value: 1 + owner: root + group: root + mode: '0644' + when: ansible_distribution_major_version|int >= '9' + + - name: Install required builder packages + ansible.builtin.dnf: + name: + - bzip2 + - glibc-all-langpacks + - htop + - mock + - rpm-build + state: latest + update_cache: false + + post_tasks: + - name: Touching run file that ansible has ran here + ansible.builtin.file: + path: /var/log/ansible.run + state: touch + mode: '0644' + owner: root + group: root +... diff --git a/role-rocky-kojid-staging.yml b/role-rocky-kojid-staging.yml index 08a7bcb..5f28a0c 100644 --- a/role-rocky-kojid-staging.yml +++ b/role-rocky-kojid-staging.yml @@ -4,36 +4,36 @@ hosts: kojihub become: true vars_files: - - vars/vaults/encpass.yml - - vars/common.yml - - vars/staging/kojid.yml - - vars/staging/koji-common.yml + - vars/vaults/encpass.yml + - vars/common.yml + - vars/staging/kojid.yml + - vars/staging/koji-common.yml # This is to try to avoid the handler issue in pre/post tasks handlers: - - import_tasks: handlers/main.yml + - ansible.builtin.import_tasks: handlers/main.yml pre_tasks: - name: Check if ansible cannot be run here - stat: + ansible.builtin.stat: path: /etc/no-ansible register: no_ansible - name: Verify if we can run ansible - assert: + ansible.builtin.assert: that: - "not no_ansible.stat.exists" success_msg: "We are able to run on this node" fail_msg: "/etc/no-ansible exists - skipping run on this node" - name: Check for keytabs - kojid - stat: + ansible.builtin.stat: path: /etc/kojid.keytab register: kojid_keytab_check changed_when: "1 != 1" - name: Verify keytab - assert: + ansible.builtin.assert: that: - "kojid_keytab_check.stat.exists" success_msg: "It is likely we have all keytabs" @@ -42,7 +42,7 @@ # EPEL and PowerTools are required for ipsilon to function # I also couldn't find an ansible built-in to do this - name: Enable the PowerTools repository - ini_file: + community.general.ini_file: dest: /etc/yum.repos.d/Rocky-PowerTools.repo section: powertools option: enabled @@ -53,7 +53,7 @@ when: ansible_distribution_major_version == '8' - name: Enable the CRB repository - ini_file: + community.general.ini_file: dest: /etc/yum.repos.d/rocky.repo section: crb option: enabled @@ -64,14 +64,14 @@ when: ansible_distribution_major_version|int >= '9' - name: Enable the EPEL repository - yum: + ansible.builtin.dnf: name: epel-release state: present tags: - packages - name: Install rocky-tools copr - yum_repository: + ansible.builtin.yum_repository: name: copr:copr.fedorainfracloud.org:nalika:rockylinux-tool description: Copr repo for rockylinux-tools owned by nalika file: copr_repos @@ -90,7 +90,7 @@ post_tasks: - name: "Setup shared filesystem mount" - import_tasks: tasks/koji_efs.yml + ansible.builtin.import_tasks: tasks/koji_efs.yml - name: Touching run file that ansible has ran here file: diff --git a/role-rocky-kojid.yml b/role-rocky-kojid.yml index 67a72de..95a20e2 100644 --- a/role-rocky-kojid.yml +++ b/role-rocky-kojid.yml @@ -4,36 +4,36 @@ hosts: kojihub become: true vars_files: - - vars/vaults/encpass.yml - - vars/common.yml - - vars/production/kojid.yml - - vars/production/koji-common.yml + - vars/vaults/encpass.yml + - vars/common.yml + - vars/production/kojid.yml + - vars/production/koji-common.yml # This is to try to avoid the handler issue in pre/post tasks handlers: - - import_tasks: handlers/main.yml + - ansible.builtin.import_tasks: handlers/main.yml pre_tasks: - name: Check if ansible cannot be run here - stat: + ansible.builtin.stat: path: /etc/no-ansible register: no_ansible - name: Verify if we can run ansible - assert: + ansible.builtin.assert: that: - "not no_ansible.stat.exists" success_msg: "We are able to run on this node" fail_msg: "/etc/no-ansible exists - skipping run on this node" - name: Check for keytabs - kojid - stat: + ansible.builtin.stat: path: /etc/kojid.keytab register: kojid_keytab_check changed_when: "1 != 1" - name: Verify keytab - assert: + ansible.builtin.assert: that: - "kojid_keytab_check.stat.exists" success_msg: "It is likely we have all keytabs" @@ -42,7 +42,7 @@ # EPEL and PowerTools are required for ipsilon to function # I also couldn't find an ansible built-in to do this - name: Enable the PowerTools repository - ini_file: + community.general.ini_file: dest: /etc/yum.repos.d/Rocky-PowerTools.repo section: powertools option: enabled @@ -53,7 +53,7 @@ when: ansible_distribution_major_version == '8' - name: Enable the CRB repository - ini_file: + community.general.ini_file: dest: /etc/yum.repos.d/rocky.repo section: crb option: enabled @@ -64,14 +64,14 @@ when: ansible_distribution_major_version|int >= '9' - name: Enable the EPEL repository - yum: + ansible.builtin.dnf: name: epel-release state: present tags: - packages - name: Install rocky-tools copr - yum_repository: + ansible.builtin.yum_repository: name: copr:copr.fedorainfracloud.org:nalika:rockylinux-tool description: Copr repo for rockylinux-tools owned by nalika file: copr_repos @@ -90,7 +90,7 @@ post_tasks: - name: "Setup shared filesystem mount" - import_tasks: tasks/koji_efs.yml + ansible.builtin.import_tasks: tasks/koji_efs.yml - name: Touching run file that ansible has ran here file: diff --git a/role-rocky-kojihub-staging.yml b/role-rocky-kojihub-staging.yml index 5718ba4..5b945be 100644 --- a/role-rocky-kojihub-staging.yml +++ b/role-rocky-kojihub-staging.yml @@ -11,47 +11,47 @@ # This is to try to avoid the handler issue in pre/post tasks handlers: - - import_tasks: handlers/main.yml + - ansible.builtin.import_tasks: handlers/main.yml pre_tasks: - name: Check if ansible cannot be run here - stat: + ansible.builtin.stat: path: /etc/no-ansible register: no_ansible - name: Verify if we can run ansible - assert: + ansible.builtin.assert: that: - "not no_ansible.stat.exists" success_msg: "We are able to run on this node" fail_msg: "/etc/no-ansible exists - skipping run on this node" - name: Check for keytabs - web - stat: + ansible.builtin.stat: path: /etc/keytabs/koji-web.keytab register: koji_keytab changed_when: "1 != 1" - name: Check for keytabs - kojira - stat: + ansible.builtin.stat: path: /etc/keytabs/kojira.keytab register: kojira_keytab changed_when: "1 != 1" - name: Check for keytabs - gc - stat: + ansible.builtin.stat: path: /etc/keytabs/koji-gc.keytab register: gc_keytab changed_when: "1 != 1" - name: Check for keytabs - host - stat: + ansible.builtin.stat: path: /etc/keytabs/host.keytab register: host_keytab changed_when: "1 != 1" - name: Verify keytab - assert: + ansible.builtin.assert: that: - "koji_keytab.stat.exists" - "kojira_keytab.stat.exists" @@ -63,7 +63,7 @@ # EPEL and PowerTools are required for ipsilon to function # I also couldn't find an ansible built-in to do this - name: Enable the PowerTools repository - ini_file: + community.general.ini_file: dest: /etc/yum.repos.d/Rocky-PowerTools.repo section: powertools option: enabled @@ -74,7 +74,7 @@ when: ansible_distribution_major_version == '8' - name: Enable the CRB repository - ini_file: + community.general.ini_file: dest: /etc/yum.repos.d/rocky.repo section: crb option: enabled @@ -85,14 +85,14 @@ when: ansible_distribution_major_version|int >= '9' - name: Enable the EPEL repository - yum: + ansible.builtin.dnf: name: epel-release state: present tags: - packages - name: Install rocky-tools copr - yum_repository: + ansible.builtin.yum_repository: name: copr:copr.fedorainfracloud.org:nalika:rockylinux-tool description: Copr repo for rockylinux-tools owned by nalika file: copr_repos @@ -123,7 +123,7 @@ post_tasks: - name: "Setup shared filesystem mount" - import_tasks: tasks/koji_efs.yml + ansible.builtin.import_tasks: tasks/koji_efs.yml - name: Touching run file that ansible has ran here file: diff --git a/role-rocky-kojihub.yml b/role-rocky-kojihub.yml index 4c3b615..76fb333 100644 --- a/role-rocky-kojihub.yml +++ b/role-rocky-kojihub.yml @@ -11,47 +11,47 @@ # This is to try to avoid the handler issue in pre/post tasks handlers: - - import_tasks: handlers/main.yml + - ansible.builtin.import_tasks: handlers/main.yml pre_tasks: - name: Check if ansible cannot be run here - stat: + ansible.builtin.stat: path: /etc/no-ansible register: no_ansible - name: Verify if we can run ansible - assert: + ansible.builtin.assert: that: - "not no_ansible.stat.exists" success_msg: "We are able to run on this node" fail_msg: "/etc/no-ansible exists - skipping run on this node" - name: Check for keytabs - web - stat: + ansible.builtin.stat: path: /etc/keytabs/koji-web.keytab register: koji_keytab changed_when: "1 != 1" - name: Check for keytabs - kojira - stat: + ansible.builtin.stat: path: /etc/keytabs/kojira.keytab register: kojira_keytab changed_when: "1 != 1" - name: Check for keytabs - gc - stat: + ansible.builtin.stat: path: /etc/keytabs/koji-gc.keytab register: gc_keytab changed_when: "1 != 1" - name: Check for keytabs - host - stat: + ansible.builtin.stat: path: /etc/keytabs/host.keytab register: host_keytab changed_when: "1 != 1" - name: Verify keytab - assert: + ansible.builtin.assert: that: - "koji_keytab.stat.exists" - "kojira_keytab.stat.exists" @@ -63,7 +63,7 @@ # EPEL and PowerTools are required for ipsilon to function # I also couldn't find an ansible built-in to do this - name: Enable the PowerTools repository - ini_file: + community.general.ini_file: dest: /etc/yum.repos.d/Rocky-PowerTools.repo section: powertools option: enabled @@ -74,7 +74,7 @@ when: ansible_distribution_major_version == '8' - name: Enable the CRB repository - ini_file: + community.general.ini_file: dest: /etc/yum.repos.d/rocky.repo section: crb option: enabled @@ -85,14 +85,14 @@ when: ansible_distribution_major_version|int >= '9' - name: Enable the EPEL repository - yum: + ansible.builtin.dnf: name: epel-release state: present tags: - packages - name: Install rocky-tools copr - yum_repository: + ansible.builtin.yum_repository: name: copr:copr.fedorainfracloud.org:nalika:rockylinux-tool description: Copr repo for rockylinux-tools owned by nalika file: copr_repos @@ -123,7 +123,7 @@ post_tasks: - name: "Setup shared filesystem mount" - import_tasks: tasks/koji_efs.yml + ansible.builtin.import_tasks: tasks/koji_efs.yml - name: Touching run file that ansible has ran here file: