From 51ac7e0a6fc4c5ffad0debd91c640b78e7a54c47 Mon Sep 17 00:00:00 2001
From: nazunalika <tucklesepk@gmail.com>
Date: Mon, 4 Jan 2021 01:17:40 -0700
Subject: [PATCH] working koji config

---
 README.md                    |  6 ++----
 defaults/main.yml            |  3 +++
 tasks/config.yml             | 30 +++++++++++++++++++++++++++++
 tasks/main.yml               |  3 +++
 tasks/packages.yml           | 15 +++++++++++++++
 templates/buildtools.repo.j2 | 10 ++++++++++
 templates/kojid.conf.j2      | 33 ++++++++++++++++++++++++++++++++
 templates/oz.cfg.j2          | 31 ++++++++++++++++++++++++++++++
 templates/runroot.conf.j2    | 37 ++++++++++++++++++++++++++++++++++++
 9 files changed, 164 insertions(+), 4 deletions(-)
 create mode 100644 tasks/config.yml
 create mode 100644 templates/buildtools.repo.j2
 create mode 100644 templates/kojid.conf.j2
 create mode 100644 templates/oz.cfg.j2
 create mode 100644 templates/runroot.conf.j2

diff --git a/README.md b/README.md
index 13ffe68..65fb348 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
 CI Badge
 
-# Ansible template role
-basic Role to use going forward because I forget pieces
+# Kojid Role
+This role prepares a system to be a koji builder. This requires kerberos keytabs.
 
 ## Getting started
 Ensure all dependencies are installed and then follow the below process
@@ -36,5 +36,3 @@ There are numerous other options within the [defaults/main.yml](./defaults/main.
 
 ## Changelog
 The [changelog](./CHANGELOG.md) is stored externally
-
-
diff --git a/defaults/main.yml b/defaults/main.yml
index e8fccf0..f17458d 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -33,6 +33,9 @@ kojid_web_url: https://koji.rockylinux.org/koji
 kojid_hub_url: https://koji.rockylinux.org/kojihub
 kojid_files_url: https://koji.rockylinux.org/kojifiles
 kojid_ca_bundle: /etc/pki/tls/certs/ca-bundle.crt
+kojid_keytab: /etc/kojid.keytab
+kojid_smtp_host: smtp.rockylinux.org
+kojid_allowed_scm: "git.centos.org:/* git.rockylinux.org:/*"
 
 kojid_maxjobs: 20
 kojid_minspace: 8192
diff --git a/tasks/config.yml b/tasks/config.yml
new file mode 100644
index 0000000..1c3a418
--- /dev/null
+++ b/tasks/config.yml
@@ -0,0 +1,30 @@
+---
+# kojid configuration
+
+# oz
+- name: OZ Config
+  template:
+    src: oz.cfg.j2
+    dest: /etc/oz/oz.cfg
+    owner: root
+    group: root
+    mode: '0644'
+  notify: restart_kojid
+
+- name: runroot config
+  template:
+    src: runroot.conf.j2
+    dest: /etc/kojid/plugins/runroot.conf
+    owner: root
+    group: root
+    mode: '0644'
+  notify: restart_kojid
+
+- name: Configure kojid
+  template:
+    src: kojid.conf.j2
+    dest: /etc/kojid/kojid.conf
+    owner: root
+    group: root
+    mode: '0644'
+  notify: restart_kojid
diff --git a/tasks/main.yml b/tasks/main.yml
index 2ef516d..e8931ef 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -12,3 +12,6 @@
 
 - name: Create the users for kojid
   import_tasks: users.yml
+
+- name: Configure kojid
+  import_tasks: config.yml
diff --git a/tasks/packages.yml b/tasks/packages.yml
index 089e49b..be91612 100644
--- a/tasks/packages.yml
+++ b/tasks/packages.yml
@@ -4,3 +4,18 @@
   yum:
     name: "{{ kojid_packages  }}"
     state: present
+
+# armv7l specific
+- name: Install libkcapi for increased armv7 sockets
+  yum:
+    name: libkcapi
+    state: present
+  when: ansible_architecture == 'armv7l'
+
+# x86_64 specific
+- name: Install x86_64 specific packages
+  yum:
+    name:
+      - python3-osbs-client
+    state: present
+  when: ansible_architecture == 'x86_64'
diff --git a/templates/buildtools.repo.j2 b/templates/buildtools.repo.j2
new file mode 100644
index 0000000..600ec76
--- /dev/null
+++ b/templates/buildtools.repo.j2
@@ -0,0 +1,10 @@
+[r8-rockytools]
+name = Rocky Infra Tools
+baseurl = {{ kojid_buildtools_repo_url }}
+enabled=1
+{% if kojid_buildtools_repo_gpgcheck %}
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/kojid_buildtools_repo_gpgkey
+{% else %}
+gpgcheck=0
+{% endif %}
diff --git a/templates/kojid.conf.j2 b/templates/kojid.conf.j2
new file mode 100644
index 0000000..e342900
--- /dev/null
+++ b/templates/kojid.conf.j2
@@ -0,0 +1,33 @@
+[kojid]
+sleeptime=15
+maxjobs={{ kojid_maxjobs }}
+minspace={{ kojid_minspace }}
+topdir={{ kojid_mount }}
+workdir=/tmp/koji
+mockdir=/var/lib/mock
+mockuser=kojibuilder
+vendor={{ kojid_vendor }}
+packager={{ kojid_packager }}
+mockhost=redhat-linux-gnu
+server={{ kojid_hub_url }}
+topurl={{ kojid_files_url }}
+use_createrepo_c=True
+from_addr=Koji Build System <buildsys@rockylinux.org>
+smtphost={{ kojid_smtp_host }}
+host_principal_format = compile/%s@ROCKYLINUX.ORG
+keytab = {{ kojid_keytab }}
+serverca = {{ kojid_ca_bundle }}
+
+; Modify
+allowed_scvs={{ kojid_allowed_scm }}
+
+; Other settings
+build_arch_can_fail = true
+
+{% set plugins = [] %}
+
+{% if kojid_runroot_builder %}
+{{ plugins.append("runroot") }}
+{% endif %}
+
+plugins = {{ plugins | join(" ") }}
diff --git a/templates/oz.cfg.j2 b/templates/oz.cfg.j2
new file mode 100644
index 0000000..5911183
--- /dev/null
+++ b/templates/oz.cfg.j2
@@ -0,0 +1,31 @@
+[paths]
+output_dir = /var/lib/libvirt/images
+data_dir = /var/lib/oz
+screenshot_dir = /var/lib/oz/screenshots
+# sshprivkey = /etc/oz/id_rsa-icicle-gen
+
+[libvirt]
+uri = qemu:///system
+image_type = raw
+# type = kvm
+# bridge_name = virbr0
+{% if ansible_architecture == 'ppc64' or ansible_architecture == 'ppc64le' %}
+cpus = 4
+{% else %}
+cpus = 4
+{% endif %}
+memory = 4096
+
+[cache]
+original_media = yes
+modified_media = no
+jeos = no
+
+[icicle]
+safe_generation = no
+
+[timeouts]
+install = 14400
+inactivity = 300
+boot = 300
+shutdown = 90
diff --git a/templates/runroot.conf.j2 b/templates/runroot.conf.j2
new file mode 100644
index 0000000..fe4794c
--- /dev/null
+++ b/templates/runroot.conf.j2
@@ -0,0 +1,37 @@
+[paths]
+; comma-delimited list of default mountpoints
+; They will be mounted during each run. It is suggested, that these
+; paths has readonly options and are made writable via extra_mounts
+; parameter for individual calls.
+default_mounts = /mnt/koji
+
+; comma-delimited list of safe roots.
+; Each extra_mount need to start with some of these prefixes. Other paths are
+; not allowed for mounting. Only absolute paths are allowed here, no
+; wildcards.
+safe_roots = /mnt/koji/compose,/srv/odcs
+
+; path substitutions is tuple per line, delimited by comma, order is
+; important.
+; Path prefixes which can be substituted for other mountpoints.
+; Usable for locations symlinked from other mounts.
+; path_subs = /mnt/archive/prehistory/,/mnt/prehistoric_disk/archive/prehistory
+
+; mount origins, order is important here, ordered by best catch
+[path0]
+mountpoint = /mnt/koji/compose
+path = /mnt/koji/compose
+fstype = bind
+options = bind
+
+[path1]
+mountpoint = /mnt/koji
+path = /mnt/koji
+fstype = bind
+options = bind
+
+[path2]
+mountpoint = /srv/odcs
+path = /srv/odcs
+fstype = bind
+options = bind