initial working kojid stuff

This commit is contained in:
nazunalika 2021-01-03 12:35:33 -07:00
parent fc4ce8359c
commit 9c749f89fe
8 changed files with 189 additions and 51 deletions

View File

@ -1,2 +1,59 @@
---
# ansible default variables - most variables live here
# kojid
kojid_packages:
- koji-builder
- koji-builder-plugins
- python3-koji
- python3-kickstart
- libvirt-client
- oz
- strace
- mock
- createrepo_c
- dnf-plugins-core
- gpgme
- pykickstart
- imagefactory
- imagefactory-plugins
- imagefactory-plugins-Docker
- imagefactory-plugins-GCE
- imagefactory-plugins-HyperV
- imagefactory-plugins-IndirectionCloud
- imagefactory-plugins-OVA
- imagefactory-plugins-RHEVM
- imagefactory-plugins-TinMan
- imagefactory-plugins-ovfcommon
- imagefactory-plugins-vSphere
- rng-tools
kojid_vendor: Rocky
kojid_packager: infrastructure@rockylinux.org
kojid_distribution: Rocky
kojid_web_url: https://koji.rockylinux.org/koji
kojid_hub_url: https://koji.rockylinux.org/kojihub
kojid_files_url: https://koji.rockylinux.org/kojifiles
kojid_ca_bundle: /etc/pki/tls/certs/ca-bundle.crt
kojid_maxjobs: 20
kojid_minspace: 8192
# NFS
kojid_nfs: true
kojid_mount: /mnt/koji
kojid_nfs_path: nfs.rockylinux.org:/export/koji
# Are we building images? This is definable in a playbook
kojid_image_builder: false
kojid_runroot_builder: false
# Builtools repo
# Not sure if we're using this yet
kojid_buildtools_repo: False
kojid_buildtools_repo_host: https://localhost
kojid_buildtools_repo_url: "{{ kojid_buildtools_repo_host }}/builder/$basearch/"
kojid_buildtools_repo_gpgcheck: false
kojid_buildtools_repo_gpgkey: RPM-GPG-KEY-Rocky-Infra
# SSH Pubkeys, define them in a playbook
# mockbuilder_pub_key
# kojibuilder_pub_key

6
handlers/main.yml Normal file
View File

@ -0,0 +1,6 @@
---
# handlers
- name: restart_kojid
service:
name: kojid
state: restarted

View File

@ -1,53 +1,13 @@
---
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
author: Louis Abel
description: Rocky Linux Koji Builder
company: Rocky Linux
license: MIT
min_ansible_version: 2.8
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
min_ansible_version: 2.9
platforms:
- name: EL
versions:
- 8
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

View File

@ -1,2 +1,14 @@
---
# tasks
- name: Install necessary packages
import_tasks: packages.yml
- name: Apply required SELinux booleans
import_tasks: selinux_boolean.yml
- name: Ensure Storage is ready
import_tasks: storage.yml
- name: Create the users for kojid
import_tasks: users.yml

6
tasks/packages.yml Normal file
View File

@ -0,0 +1,6 @@
---
# Install packages
- name: Install required packages
yum:
name: "{{ kojid_packages }}"
state: present

12
tasks/selinux_boolean.yml Normal file
View File

@ -0,0 +1,12 @@
---
- name: Enabling SELinux booleans
seboolean:
name: "{{ item }}"
persistent: true
state: true
with_items:
- httpd_can_network_connect_db
- httpd_can_network_connect
- allow_httpd_anon_write
- httpd_use_nfs

17
tasks/storage.yml Normal file
View File

@ -0,0 +1,17 @@
---
# Storage
- name: Ensure the koji mountpoint exists
file:
path: "{{ kojid_mount }}"
state: directory
owner: apache
group: apache
mode: '0755'
- name: Mount the NFS store
mount:
path: "{{ kojid_mount }}"
src: "{{ kojid_nfs_path }}"
fstype: nfs
state: mounted
when: koji_nfs

68
tasks/users.yml Normal file
View File

@ -0,0 +1,68 @@
---
# Create the users on the koji builder
# This user likely isn't used...
# - name: add mock user
# user:
# name: mock
# uid: 425
# state: present
# home: /var/lib/mock
# createhome: true
# system: true
# - name: Fix permissions
# file:
# state: directory
# path: /var/lib/mock
# mode: '2775'
# owner: root
# group: mock
# - name: Create mock ssh directory
# file:
# state: directory
# path: /var/lib/mock/.ssh
# mode: '0700'
# owner: mock
# group: mock
- name: mockbuilder user
user:
name: mockbuilder
groups: mock
- name: mockbuilder ssh key
authorized_key:
user: mockbuilder
key: "{{ mockbuilder_pub_key }}"
when: mockbuilder_pub_key
- name: kojibuilder user
user:
name: kojibuilder
groups: mock
- name: kojibuilder ssh key
authorized_key:
user: kojibuilder
key: "{{ kojibuilder_pub_key }}"
when: kojibuilder_pub_key
# We need the apache user for NFS
- name: apache group
group:
name: apache
gid: 48
system: true
state: present
- name: apache user
user:
name: apache
uid: 48
createhome: false
group: apache
shell: /sbin/nologin
system: true
state: present