mirror of
https://github.com/rocky-linux/ansible-role-kojid.git
synced 2024-11-21 20:51:26 +00:00
initial working kojid stuff
This commit is contained in:
parent
fc4ce8359c
commit
9c749f89fe
@ -1,2 +1,59 @@
|
||||
---
|
||||
# ansible default variables - most variables live here
|
||||
# kojid
|
||||
kojid_packages:
|
||||
- koji-builder
|
||||
- koji-builder-plugins
|
||||
- python3-koji
|
||||
- python3-kickstart
|
||||
- libvirt-client
|
||||
- oz
|
||||
- strace
|
||||
- mock
|
||||
- createrepo_c
|
||||
- dnf-plugins-core
|
||||
- gpgme
|
||||
- pykickstart
|
||||
- imagefactory
|
||||
- imagefactory-plugins
|
||||
- imagefactory-plugins-Docker
|
||||
- imagefactory-plugins-GCE
|
||||
- imagefactory-plugins-HyperV
|
||||
- imagefactory-plugins-IndirectionCloud
|
||||
- imagefactory-plugins-OVA
|
||||
- imagefactory-plugins-RHEVM
|
||||
- imagefactory-plugins-TinMan
|
||||
- imagefactory-plugins-ovfcommon
|
||||
- imagefactory-plugins-vSphere
|
||||
- rng-tools
|
||||
|
||||
kojid_vendor: Rocky
|
||||
kojid_packager: infrastructure@rockylinux.org
|
||||
kojid_distribution: Rocky
|
||||
kojid_web_url: https://koji.rockylinux.org/koji
|
||||
kojid_hub_url: https://koji.rockylinux.org/kojihub
|
||||
kojid_files_url: https://koji.rockylinux.org/kojifiles
|
||||
kojid_ca_bundle: /etc/pki/tls/certs/ca-bundle.crt
|
||||
|
||||
kojid_maxjobs: 20
|
||||
kojid_minspace: 8192
|
||||
|
||||
# NFS
|
||||
kojid_nfs: true
|
||||
kojid_mount: /mnt/koji
|
||||
kojid_nfs_path: nfs.rockylinux.org:/export/koji
|
||||
|
||||
# Are we building images? This is definable in a playbook
|
||||
kojid_image_builder: false
|
||||
kojid_runroot_builder: false
|
||||
|
||||
# Builtools repo
|
||||
# Not sure if we're using this yet
|
||||
kojid_buildtools_repo: False
|
||||
kojid_buildtools_repo_host: https://localhost
|
||||
kojid_buildtools_repo_url: "{{ kojid_buildtools_repo_host }}/builder/$basearch/"
|
||||
kojid_buildtools_repo_gpgcheck: false
|
||||
kojid_buildtools_repo_gpgkey: RPM-GPG-KEY-Rocky-Infra
|
||||
|
||||
# SSH Pubkeys, define them in a playbook
|
||||
# mockbuilder_pub_key
|
||||
# kojibuilder_pub_key
|
||||
|
6
handlers/main.yml
Normal file
6
handlers/main.yml
Normal file
@ -0,0 +1,6 @@
|
||||
---
|
||||
# handlers
|
||||
- name: restart_kojid
|
||||
service:
|
||||
name: kojid
|
||||
state: restarted
|
@ -1,53 +1,13 @@
|
||||
---
|
||||
galaxy_info:
|
||||
author: your name
|
||||
description: your role description
|
||||
company: your company (optional)
|
||||
|
||||
# If the issue tracker for your role is not on github, uncomment the
|
||||
# next line and provide a value
|
||||
# issue_tracker_url: http://example.com/issue/tracker
|
||||
|
||||
# Choose a valid license ID from https://spdx.org - some suggested licenses:
|
||||
# - BSD-3-Clause (default)
|
||||
# - MIT
|
||||
# - GPL-2.0-or-later
|
||||
# - GPL-3.0-only
|
||||
# - Apache-2.0
|
||||
# - CC-BY-4.0
|
||||
author: Louis Abel
|
||||
description: Rocky Linux Koji Builder
|
||||
company: Rocky Linux
|
||||
license: MIT
|
||||
|
||||
min_ansible_version: 2.8
|
||||
|
||||
# If this a Container Enabled role, provide the minimum Ansible Container version.
|
||||
# min_ansible_container_version:
|
||||
|
||||
#
|
||||
# Provide a list of supported platforms, and for each platform a list of versions.
|
||||
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
|
||||
# To view available platforms and versions (or releases), visit:
|
||||
# https://galaxy.ansible.com/api/v1/platforms/
|
||||
#
|
||||
# platforms:
|
||||
# - name: Fedora
|
||||
# versions:
|
||||
# - all
|
||||
# - 25
|
||||
# - name: SomePlatform
|
||||
# versions:
|
||||
# - all
|
||||
# - 1.0
|
||||
# - 7
|
||||
# - 99.99
|
||||
|
||||
min_ansible_version: 2.9
|
||||
platforms:
|
||||
- name: EL
|
||||
versions:
|
||||
- 8
|
||||
galaxy_tags: []
|
||||
# List tags for your role here, one per line. A tag is a keyword that describes
|
||||
# and categorizes the role. Users find roles by searching for tags. Be sure to
|
||||
# remove the '[]' above, if you add tags to this list.
|
||||
#
|
||||
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
|
||||
# Maximum 20 tags per role.
|
||||
|
||||
dependencies: []
|
||||
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
|
||||
# if you add dependencies to this list.
|
||||
|
@ -1,2 +1,14 @@
|
||||
---
|
||||
# tasks
|
||||
|
||||
- name: Install necessary packages
|
||||
import_tasks: packages.yml
|
||||
|
||||
- name: Apply required SELinux booleans
|
||||
import_tasks: selinux_boolean.yml
|
||||
|
||||
- name: Ensure Storage is ready
|
||||
import_tasks: storage.yml
|
||||
|
||||
- name: Create the users for kojid
|
||||
import_tasks: users.yml
|
||||
|
6
tasks/packages.yml
Normal file
6
tasks/packages.yml
Normal file
@ -0,0 +1,6 @@
|
||||
---
|
||||
# Install packages
|
||||
- name: Install required packages
|
||||
yum:
|
||||
name: "{{ kojid_packages }}"
|
||||
state: present
|
12
tasks/selinux_boolean.yml
Normal file
12
tasks/selinux_boolean.yml
Normal file
@ -0,0 +1,12 @@
|
||||
---
|
||||
|
||||
- name: Enabling SELinux booleans
|
||||
seboolean:
|
||||
name: "{{ item }}"
|
||||
persistent: true
|
||||
state: true
|
||||
with_items:
|
||||
- httpd_can_network_connect_db
|
||||
- httpd_can_network_connect
|
||||
- allow_httpd_anon_write
|
||||
- httpd_use_nfs
|
17
tasks/storage.yml
Normal file
17
tasks/storage.yml
Normal file
@ -0,0 +1,17 @@
|
||||
---
|
||||
# Storage
|
||||
- name: Ensure the koji mountpoint exists
|
||||
file:
|
||||
path: "{{ kojid_mount }}"
|
||||
state: directory
|
||||
owner: apache
|
||||
group: apache
|
||||
mode: '0755'
|
||||
|
||||
- name: Mount the NFS store
|
||||
mount:
|
||||
path: "{{ kojid_mount }}"
|
||||
src: "{{ kojid_nfs_path }}"
|
||||
fstype: nfs
|
||||
state: mounted
|
||||
when: koji_nfs
|
68
tasks/users.yml
Normal file
68
tasks/users.yml
Normal file
@ -0,0 +1,68 @@
|
||||
---
|
||||
# Create the users on the koji builder
|
||||
|
||||
# This user likely isn't used...
|
||||
# - name: add mock user
|
||||
# user:
|
||||
# name: mock
|
||||
# uid: 425
|
||||
# state: present
|
||||
# home: /var/lib/mock
|
||||
# createhome: true
|
||||
# system: true
|
||||
|
||||
# - name: Fix permissions
|
||||
# file:
|
||||
# state: directory
|
||||
# path: /var/lib/mock
|
||||
# mode: '2775'
|
||||
# owner: root
|
||||
# group: mock
|
||||
|
||||
# - name: Create mock ssh directory
|
||||
# file:
|
||||
# state: directory
|
||||
# path: /var/lib/mock/.ssh
|
||||
# mode: '0700'
|
||||
# owner: mock
|
||||
# group: mock
|
||||
|
||||
- name: mockbuilder user
|
||||
user:
|
||||
name: mockbuilder
|
||||
groups: mock
|
||||
|
||||
- name: mockbuilder ssh key
|
||||
authorized_key:
|
||||
user: mockbuilder
|
||||
key: "{{ mockbuilder_pub_key }}"
|
||||
when: mockbuilder_pub_key
|
||||
|
||||
- name: kojibuilder user
|
||||
user:
|
||||
name: kojibuilder
|
||||
groups: mock
|
||||
|
||||
- name: kojibuilder ssh key
|
||||
authorized_key:
|
||||
user: kojibuilder
|
||||
key: "{{ kojibuilder_pub_key }}"
|
||||
when: kojibuilder_pub_key
|
||||
|
||||
# We need the apache user for NFS
|
||||
- name: apache group
|
||||
group:
|
||||
name: apache
|
||||
gid: 48
|
||||
system: true
|
||||
state: present
|
||||
|
||||
- name: apache user
|
||||
user:
|
||||
name: apache
|
||||
uid: 48
|
||||
createhome: false
|
||||
group: apache
|
||||
shell: /sbin/nologin
|
||||
system: true
|
||||
state: present
|
Loading…
Reference in New Issue
Block a user