initial working kojid stuff

defaults/main.yml

@@ -1,2 +1,59 @@
 ---
-# ansible default variables - most variables live here
+# kojid
+kojid_packages:
+  - koji-builder
+  - koji-builder-plugins
+  - python3-koji
+  - python3-kickstart
+  - libvirt-client
+  - oz
+  - strace
+  - mock
+  - createrepo_c
+  - dnf-plugins-core
+  - gpgme
+  - pykickstart
+  - imagefactory
+  - imagefactory-plugins
+  - imagefactory-plugins-Docker
+  - imagefactory-plugins-GCE
+  - imagefactory-plugins-HyperV
+  - imagefactory-plugins-IndirectionCloud
+  - imagefactory-plugins-OVA
+  - imagefactory-plugins-RHEVM
+  - imagefactory-plugins-TinMan
+  - imagefactory-plugins-ovfcommon
+  - imagefactory-plugins-vSphere
+  - rng-tools
+
+kojid_vendor: Rocky
+kojid_packager: infrastructure@rockylinux.org
+kojid_distribution: Rocky
+kojid_web_url: https://koji.rockylinux.org/koji
+kojid_hub_url: https://koji.rockylinux.org/kojihub
+kojid_files_url: https://koji.rockylinux.org/kojifiles
+kojid_ca_bundle: /etc/pki/tls/certs/ca-bundle.crt
+
+kojid_maxjobs: 20
+kojid_minspace: 8192
+
+# NFS
+kojid_nfs: true
+kojid_mount: /mnt/koji
+kojid_nfs_path: nfs.rockylinux.org:/export/koji
+
+# Are we building images? This is definable in a playbook
+kojid_image_builder: false
+kojid_runroot_builder: false
+
+# Builtools repo
+# Not sure if we're using this yet
+kojid_buildtools_repo: False
+kojid_buildtools_repo_host: https://localhost
+kojid_buildtools_repo_url: "{{ kojid_buildtools_repo_host  }}/builder/$basearch/"
+kojid_buildtools_repo_gpgcheck: false
+kojid_buildtools_repo_gpgkey: RPM-GPG-KEY-Rocky-Infra
+
+# SSH Pubkeys, define them in a playbook
+# mockbuilder_pub_key
+# kojibuilder_pub_key

handlers/main.yml

@@ -0,0 +1,6 @@
+---
+# handlers
+- name: restart_kojid
+  service:
+    name: kojid
+    state: restarted

meta/main.yml

@@ -1,53 +1,13 @@
+---
 galaxy_info:
-  author: your name
+  author: Louis Abel
-  description: your role description
+  description: Rocky Linux Koji Builder
-  company: your company (optional)
+  company: Rocky Linux
-
-  # If the issue tracker for your role is not on github, uncomment the
-  # next line and provide a value
-  # issue_tracker_url: http://example.com/issue/tracker
-
-  # Choose a valid license ID from https://spdx.org - some suggested licenses:
-  # - BSD-3-Clause (default)
-  # - MIT
-  # - GPL-2.0-or-later
-  # - GPL-3.0-only
-  # - Apache-2.0
-  # - CC-BY-4.0
   license: MIT
-
+  min_ansible_version: 2.9
-  min_ansible_version: 2.8
+  platforms:
-
+    - name: EL
-  # If this a Container Enabled role, provide the minimum Ansible Container version.
+      versions:
-  # min_ansible_container_version:
+        - 8
-
-  #
-  # Provide a list of supported platforms, and for each platform a list of versions.
-  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
-  # To view available platforms and versions (or releases), visit:
-  # https://galaxy.ansible.com/api/v1/platforms/
-  #
-  # platforms:
-  # - name: Fedora
-  #   versions:
-  #   - all
-  #   - 25
-  # - name: SomePlatform
-  #   versions:
-  #   - all
-  #   - 1.0
-  #   - 7
-  #   - 99.99
-
   galaxy_tags: []
-    # List tags for your role here, one per line. A tag is a keyword that describes
-    # and categorizes the role. Users find roles by searching for tags. Be sure to
-    # remove the '[]' above, if you add tags to this list.
-    #
-    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
-    #       Maximum 20 tags per role.
-
 dependencies: []
-  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
-  # if you add dependencies to this list.
-  

tasks/main.yml

@@ -1,2 +1,14 @@
 ---
-# tasks
+# tasks
+
+- name: Install necessary packages
+  import_tasks: packages.yml
+
+- name: Apply required SELinux booleans
+  import_tasks: selinux_boolean.yml
+
+- name: Ensure Storage is ready
+  import_tasks: storage.yml
+
+- name: Create the users for kojid
+  import_tasks: users.yml

tasks/packages.yml

@@ -0,0 +1,6 @@
+---
+# Install packages
+- name: Install required packages
+  yum:
+    name: "{{ kojid_packages  }}"
+    state: present

tasks/selinux_boolean.yml

@@ -0,0 +1,12 @@
+---
+
+- name: Enabling SELinux booleans
+  seboolean:
+    name: "{{ item }}"
+    persistent: true
+    state: true
+  with_items:
+    - httpd_can_network_connect_db
+    - httpd_can_network_connect
+    - allow_httpd_anon_write
+    - httpd_use_nfs

tasks/storage.yml

@@ -0,0 +1,17 @@
+---
+# Storage
+- name: Ensure the koji mountpoint exists
+  file:
+    path: "{{ kojid_mount }}"
+    state: directory
+    owner: apache
+    group: apache
+    mode: '0755'
+
+- name: Mount the NFS store
+  mount:
+    path: "{{ kojid_mount }}"
+    src: "{{ kojid_nfs_path }}"
+    fstype: nfs
+    state: mounted
+  when: koji_nfs

tasks/users.yml

@@ -0,0 +1,68 @@
+---
+# Create the users on the koji builder
+
+# This user likely isn't used...
+# - name: add mock user
+#   user:
+#     name: mock
+#     uid: 425
+#     state: present
+#     home: /var/lib/mock
+#     createhome: true
+#     system: true
+
+# - name: Fix permissions
+#   file:
+#     state: directory
+#     path: /var/lib/mock
+#     mode: '2775'
+#     owner: root
+#     group: mock
+
+# - name: Create mock ssh directory
+#   file:
+#     state: directory
+#     path: /var/lib/mock/.ssh
+#     mode: '0700'
+#     owner: mock
+#     group: mock
+
+- name: mockbuilder user
+  user:
+    name: mockbuilder
+    groups: mock
+
+- name: mockbuilder ssh key
+  authorized_key:
+    user: mockbuilder
+    key: "{{ mockbuilder_pub_key }}"
+  when: mockbuilder_pub_key
+
+- name: kojibuilder user
+  user:
+    name: kojibuilder
+    groups: mock
+
+- name: kojibuilder ssh key
+  authorized_key:
+    user: kojibuilder
+    key: "{{ kojibuilder_pub_key }}"
+  when: kojibuilder_pub_key
+
+# We need the apache user for NFS
+- name: apache group
+  group:
+    name: apache
+    gid: 48
+    system: true
+    state: present
+
+- name: apache user
+  user:
+    name: apache
+    uid: 48
+    createhome: false
+    group: apache
+    shell: /sbin/nologin
+    system: true
+    state: present