From fcdf86b31c586d74b0ad5bdad7efa4fa79f48722 Mon Sep 17 00:00:00 2001 From: nazunalika Date: Sun, 29 Aug 2021 22:02:24 -0700 Subject: [PATCH 01/14] Linting and Formatting This commit appends the README.md to state that yaml files should start with `---` and end with `...`. This also addresses some linting warnings that were not appearing during pre-commit on local system. --- ansible/README.md | 16 ++++++++++++++ .../group_vars/chronyservers/main.yml | 1 + .../production/group_vars/ipa/main.yml | 3 +++ .../production/group_vars/ipaclients/main.yml | 1 + .../group_vars/ipareplicas/main.yml | 1 + .../production/group_vars/ipaserver/main.yml | 1 + .../production/group_vars/rabbitmq/main.yml | 1 + .../staging/group_vars/chronyservers/main.yml | 1 + .../staging/group_vars/ipa/main.yml | 3 +++ .../staging/group_vars/ipaclients/main.yml | 1 + .../staging/group_vars/ipareplicas/main.yml | 1 + .../staging/group_vars/ipaserver/main.yml | 1 + .../staging/group_vars/rabbitmq/main.yml | 1 + ansible/playbooks/adhoc-facts-refresh.yml | 1 + .../playbooks/adhoc-gitlab-creategroup.yml | 1 + .../playbooks/adhoc-gitlab-createproject.yml | 1 + .../playbooks/adhoc-gitlab-deletegroup.yml | 1 + .../playbooks/adhoc-gitlab-deleteproject.yml | 1 + ansible/playbooks/adhoc-ipabinder.yml | 1 + ansible/playbooks/adhoc-ipadnsrecord.yml | 1 + ansible/playbooks/adhoc-ipadnszone.yml | 1 + ansible/playbooks/adhoc-ipagetcert.yml | 1 + ansible/playbooks/adhoc-ipagetkeytab.yml | 1 + ansible/playbooks/adhoc-ipagroup.yml | 1 + ansible/playbooks/adhoc-ipaservice.yml | 1 + .../playbooks/adhoc-ipauser-disable-pdr.yml | 1 + ansible/playbooks/adhoc-ipauser-disable.yml | 1 + ansible/playbooks/adhoc-ipauser-enable.yml | 1 + ansible/playbooks/adhoc-ipauser.yml | 1 + ansible/playbooks/adhoc-rabbitmqqueue.yml | 1 + ansible/playbooks/adhoc-rabbitmquser.yml | 1 + ansible/playbooks/handlers/main.yml | 1 + ansible/playbooks/import-rockygroups.yml | 1 + ansible/playbooks/import-rockyipaprivs.yml | 1 + ansible/playbooks/import-rockypwpolicy.yml | 1 + ansible/playbooks/import-rockysudo.yml | 1 + ansible/playbooks/import-rockyusers.yml | 1 + .../playbooks/init-rocky-account-services.yml | 1 + ansible/playbooks/init-rocky-ansible-host.yml | 21 ++++++++++--------- ansible/playbooks/init-rocky-bugzilla.yml | 1 + .../playbooks/init-rocky-builder-postfix.yml | 1 + ansible/playbooks/init-rocky-chrony.yml | 1 + .../init-rocky-install-kvm-hosts.yml | 1 + .../playbooks/init-rocky-ipa-internal-dns.yml | 1 + ansible/playbooks/init-rocky-ipa-team.yml | 1 + .../playbooks/init-rocky-koji-ecosystem.yml | 1 + ansible/playbooks/init-rocky-mantisbt.yml | 1 + ansible/playbooks/init-rocky-noggin-theme.yml | 1 + ansible/playbooks/init-rocky-noggin.yml | 1 + ansible/playbooks/init-rocky-repo-servers.yml | 1 + .../playbooks/init-rocky-system-config.yml | 1 + .../role-rocky-bootstrap_staging.yml | 1 + ansible/playbooks/role-rocky-gitlab-ee.yml | 1 + .../playbooks/role-rocky-gitlab-runner.yml | 1 + ansible/playbooks/role-rocky-graylog.yml | 1 + ansible/playbooks/role-rocky-ipa-client.yml | 1 + ansible/playbooks/role-rocky-ipa-replica.yml | 1 + ansible/playbooks/role-rocky-ipa.yml | 1 + ansible/playbooks/role-rocky-ipsilon.yml | 1 + .../playbooks/role-rocky-kojid-staging.yml | 1 + ansible/playbooks/role-rocky-kojid.yml | 1 + .../playbooks/role-rocky-kojihub-staging.yml | 1 + ansible/playbooks/role-rocky-kojihub.yml | 1 + ansible/playbooks/role-rocky-monitoring.yml | 5 +++-- ansible/playbooks/role-rocky-mqtt.yml | 1 + .../playbooks/role-rocky-node_exporter.yml | 1 + ansible/playbooks/role-rocky-pinnwand.yml | 9 ++++---- ansible/playbooks/role-rocky-rabbitmq.yml | 1 + ansible/playbooks/role-rocky-repopool.yml | 1 + ansible/playbooks/role-rocky-sigul-bridge.yml | 1 + ansible/playbooks/role-rocky-sigul-server.yml | 1 + ansible/playbooks/role-rocky-srpmproc.yml | 1 + ansible/playbooks/role-rocky-wikijs.yml | 3 ++- ansible/playbooks/tasks/account_services.yml | 1 + ansible/playbooks/tasks/auditd.yml | 1 + ansible/playbooks/tasks/authentication.yml | 1 + ansible/playbooks/tasks/bugzilla.yml | 1 + ansible/playbooks/tasks/bugzilla_install.yml | 1 + ansible/playbooks/tasks/chrony.yml | 1 + ansible/playbooks/tasks/efs_mount.yml | 15 +++++++------ .../playbooks/tasks/gitlab-reconfigure.yml | 1 + ansible/playbooks/tasks/gitlab-runner.yml | 5 +++-- ansible/playbooks/tasks/grub.yml | 1 + ansible/playbooks/tasks/harden.yml | 1 + ansible/playbooks/tasks/init-koji.yml | 7 ++++--- ansible/playbooks/tasks/koji_efs.yml | 3 ++- ansible/playbooks/tasks/main.yml | 1 + ansible/playbooks/tasks/mantis.yml | 1 + ansible/playbooks/tasks/mantispatch.yml | 1 + ansible/playbooks/tasks/noggin.yml | 1 + ansible/playbooks/tasks/postfix_relay.yml | 1 + .../playbooks/tasks/rabbitmq-reconfigure.yml | 1 + ansible/playbooks/tasks/repository.yml | 1 + ansible/playbooks/tasks/scripts.yml | 1 + ansible/playbooks/tasks/srpmproc.yml | 1 + ansible/playbooks/tasks/ssh_config.yml | 1 + .../tasks/variable_loader_common.yml | 1 + ansible/playbooks/vars/RedHat.yml | 1 + ansible/playbooks/vars/bugzilla.yml | 1 + ansible/playbooks/vars/buildsys.yml | 1 + ansible/playbooks/vars/chrony.yml | 1 + ansible/playbooks/vars/chronyserver.yml | 1 + ansible/playbooks/vars/common.yml | 1 + ansible/playbooks/vars/gitlab.yml | 1 + ansible/playbooks/vars/gitlab_runner.yml | 1 + ansible/playbooks/vars/graylog.yml | 1 + ansible/playbooks/vars/ipa/adminusers.yml | 1 + ansible/playbooks/vars/ipa/agreements.yml | 1 + ansible/playbooks/vars/ipa/fdns.yml | 1 + ansible/playbooks/vars/ipa/groups.yml | 1 + ansible/playbooks/vars/ipa/ipaclient.yml | 1 + ansible/playbooks/vars/ipa/ipaprivs.yml | 1 + ansible/playbooks/vars/ipa/ipareplica.yml | 1 + ansible/playbooks/vars/ipa/ipaserver.yml | 1 + ansible/playbooks/vars/ipa/rdns.yml | 1 + ansible/playbooks/vars/ipa/sudorules.yml | 1 + ansible/playbooks/vars/ipa/svcusers.yml | 1 + ansible/playbooks/vars/ipa/users.yml | 1 + ansible/playbooks/vars/ipaserver.yml | 1 + ansible/playbooks/vars/ipsilon.yml | 1 + ansible/playbooks/vars/mantis.yml | 1 + ansible/playbooks/vars/matterbridge.yml | 1 + ansible/playbooks/vars/monitoring.yml | 1 + .../vars/mounts/bootstrap_staging.yml | 1 + ansible/playbooks/vars/mounts/repopool.yml | 1 + ansible/playbooks/vars/mounts/srpmproc.yml | 1 + ansible/playbooks/vars/mqtt.yml | 1 + ansible/playbooks/vars/pinnwand.yml | 1 + .../playbooks/vars/production/koji-common.yml | 1 + ansible/playbooks/vars/production/kojid.yml | 1 + ansible/playbooks/vars/production/kojihub.yml | 3 ++- ansible/playbooks/vars/rabbitmq.yml | 9 ++++---- ansible/playbooks/vars/sigul_bridge.yml | 1 + ansible/playbooks/vars/sigul_server.yml | 1 + .../playbooks/vars/staging/koji-common.yml | 1 + ansible/playbooks/vars/staging/kojid.yml | 1 + ansible/playbooks/vars/staging/kojihub.yml | 3 ++- ansible/playbooks/vars/wikijs.yml | 1 + ansible/roles/requirements.yml | 1 + 139 files changed, 193 insertions(+), 37 deletions(-) diff --git a/ansible/README.md b/ansible/README.md index 536ac08..eded3be 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -156,6 +156,22 @@ When pushing to your own forked version of this repository, pre-commit must run When the linter passes, the push will complete and you will be able to open a PR. +## General YAML Formatting + +It is recommended that each yaml file starts with `---` and ends with `...`. This can help with linting and also stating an obvious end to the file. + +### Plugin and Formatting Assistance + +The YAML format is extremely easy and can be generally followed without much to think about, the same goes with ansible's syntax. Ideally, your editor can assist with these things. If you are a vim user, the following plugins can be useful: + +``` +stephpy/vim-yaml +pearofducks/ansible-vim +vim-syntastic/syntastic +``` + +These can be installed using [vim-plug](https://github.com/junegunn/vim-plug). + ## Initializing the Ansible Host When initializing the ansible host, you should be in `./infrastructure/ansible` so that the `ansible.cfg` is used. You will need to run the `init-rocky-ansible-host.yml` playbook and to get started, which will install all the roles and collections required for the playbooks to run. diff --git a/ansible/inventories/production/group_vars/chronyservers/main.yml b/ansible/inventories/production/group_vars/chronyservers/main.yml index 354d2aa..58b4ddf 100644 --- a/ansible/inventories/production/group_vars/chronyservers/main.yml +++ b/ansible/inventories/production/group_vars/chronyservers/main.yml @@ -2,3 +2,4 @@ chrony_server: true chrony_allow_cidr: "10.0.0.0/16" +... diff --git a/ansible/inventories/production/group_vars/ipa/main.yml b/ansible/inventories/production/group_vars/ipa/main.yml index e69de29..f968b2e 100644 --- a/ansible/inventories/production/group_vars/ipa/main.yml +++ b/ansible/inventories/production/group_vars/ipa/main.yml @@ -0,0 +1,3 @@ +--- +# ipa vars +... diff --git a/ansible/inventories/production/group_vars/ipaclients/main.yml b/ansible/inventories/production/group_vars/ipaclients/main.yml index abd0ae9..24b45f3 100644 --- a/ansible/inventories/production/group_vars/ipaclients/main.yml +++ b/ansible/inventories/production/group_vars/ipaclients/main.yml @@ -7,3 +7,4 @@ ipaclient_no_ntp: true ipaclient_mkhomedir: true ipaclient_ssh_trust_dns: true ipasssd_enable_dns_updates: true +... diff --git a/ansible/inventories/production/group_vars/ipareplicas/main.yml b/ansible/inventories/production/group_vars/ipareplicas/main.yml index 13ab775..e0cc521 100644 --- a/ansible/inventories/production/group_vars/ipareplicas/main.yml +++ b/ansible/inventories/production/group_vars/ipareplicas/main.yml @@ -10,3 +10,4 @@ ipareplica_setup_ca: true ipareplica_setup_kra: true ipareplica_setup_dns: true ipa_dns_master: 10.100.1.110 +... diff --git a/ansible/inventories/production/group_vars/ipaserver/main.yml b/ansible/inventories/production/group_vars/ipaserver/main.yml index c09acd8..9915f7d 100644 --- a/ansible/inventories/production/group_vars/ipaserver/main.yml +++ b/ansible/inventories/production/group_vars/ipaserver/main.yml @@ -13,3 +13,4 @@ ipaclient_no_ntp: true ipaclient_mkhomedir: true ipaserver_no_hbac_allow: true ipaserver_reverse_zones: ["1.100.10.in-addr.arpa."] +... diff --git a/ansible/inventories/production/group_vars/rabbitmq/main.yml b/ansible/inventories/production/group_vars/rabbitmq/main.yml index 16dd22f..ef073a9 100644 --- a/ansible/inventories/production/group_vars/rabbitmq/main.yml +++ b/ansible/inventories/production/group_vars/rabbitmq/main.yml @@ -3,3 +3,4 @@ rabbitmq_cluster_name: "rabbit" rabbitmq_cluster_list: "{{ groups['rabbitmq'] }}" rabbitmq_env: "production" +... diff --git a/ansible/inventories/staging/group_vars/chronyservers/main.yml b/ansible/inventories/staging/group_vars/chronyservers/main.yml index 354d2aa..58b4ddf 100644 --- a/ansible/inventories/staging/group_vars/chronyservers/main.yml +++ b/ansible/inventories/staging/group_vars/chronyservers/main.yml @@ -2,3 +2,4 @@ chrony_server: true chrony_allow_cidr: "10.0.0.0/16" +... diff --git a/ansible/inventories/staging/group_vars/ipa/main.yml b/ansible/inventories/staging/group_vars/ipa/main.yml index e69de29..f968b2e 100644 --- a/ansible/inventories/staging/group_vars/ipa/main.yml +++ b/ansible/inventories/staging/group_vars/ipa/main.yml @@ -0,0 +1,3 @@ +--- +# ipa vars +... diff --git a/ansible/inventories/staging/group_vars/ipaclients/main.yml b/ansible/inventories/staging/group_vars/ipaclients/main.yml index abd0ae9..24b45f3 100644 --- a/ansible/inventories/staging/group_vars/ipaclients/main.yml +++ b/ansible/inventories/staging/group_vars/ipaclients/main.yml @@ -7,3 +7,4 @@ ipaclient_no_ntp: true ipaclient_mkhomedir: true ipaclient_ssh_trust_dns: true ipasssd_enable_dns_updates: true +... diff --git a/ansible/inventories/staging/group_vars/ipareplicas/main.yml b/ansible/inventories/staging/group_vars/ipareplicas/main.yml index 13ab775..e0cc521 100644 --- a/ansible/inventories/staging/group_vars/ipareplicas/main.yml +++ b/ansible/inventories/staging/group_vars/ipareplicas/main.yml @@ -10,3 +10,4 @@ ipareplica_setup_ca: true ipareplica_setup_kra: true ipareplica_setup_dns: true ipa_dns_master: 10.100.1.110 +... diff --git a/ansible/inventories/staging/group_vars/ipaserver/main.yml b/ansible/inventories/staging/group_vars/ipaserver/main.yml index c09acd8..9915f7d 100644 --- a/ansible/inventories/staging/group_vars/ipaserver/main.yml +++ b/ansible/inventories/staging/group_vars/ipaserver/main.yml @@ -13,3 +13,4 @@ ipaclient_no_ntp: true ipaclient_mkhomedir: true ipaserver_no_hbac_allow: true ipaserver_reverse_zones: ["1.100.10.in-addr.arpa."] +... diff --git a/ansible/inventories/staging/group_vars/rabbitmq/main.yml b/ansible/inventories/staging/group_vars/rabbitmq/main.yml index efe73c5..5806cc1 100644 --- a/ansible/inventories/staging/group_vars/rabbitmq/main.yml +++ b/ansible/inventories/staging/group_vars/rabbitmq/main.yml @@ -3,3 +3,4 @@ rabbitmq_cluster_name: "rabbit" rabbitmq_cluster_list: "{{ groups['rabbitmq'] }}" rabbitmq_env: "staging" +... diff --git a/ansible/playbooks/adhoc-facts-refresh.yml b/ansible/playbooks/adhoc-facts-refresh.yml index 4a9e645..b43b928 100644 --- a/ansible/playbooks/adhoc-facts-refresh.yml +++ b/ansible/playbooks/adhoc-facts-refresh.yml @@ -5,3 +5,4 @@ - name: Force a fact refresh to have those available in local cache setup: gather_timeout: 30 +... diff --git a/ansible/playbooks/adhoc-gitlab-creategroup.yml b/ansible/playbooks/adhoc-gitlab-creategroup.yml index 8eb15ea..7ffdfd3 100644 --- a/ansible/playbooks/adhoc-gitlab-creategroup.yml +++ b/ansible/playbooks/adhoc-gitlab-creategroup.yml @@ -38,3 +38,4 @@ visibility: "{{ gitlab_visibility|default('private') }}" delegate_to: localhost register: gitlab_group_return +... diff --git a/ansible/playbooks/adhoc-gitlab-createproject.yml b/ansible/playbooks/adhoc-gitlab-createproject.yml index 8c40715..c29c3ae 100644 --- a/ansible/playbooks/adhoc-gitlab-createproject.yml +++ b/ansible/playbooks/adhoc-gitlab-createproject.yml @@ -41,3 +41,4 @@ validate_certs: true visibility: "{{ gitlab_visibility|default('private') }}" delegate_to: localhost +... diff --git a/ansible/playbooks/adhoc-gitlab-deletegroup.yml b/ansible/playbooks/adhoc-gitlab-deletegroup.yml index c0a4f34..cbc185f 100644 --- a/ansible/playbooks/adhoc-gitlab-deletegroup.yml +++ b/ansible/playbooks/adhoc-gitlab-deletegroup.yml @@ -35,3 +35,4 @@ state: absent validate_certs: true delegate_to: localhost +... diff --git a/ansible/playbooks/adhoc-gitlab-deleteproject.yml b/ansible/playbooks/adhoc-gitlab-deleteproject.yml index 9dbc3a3..60463ee 100644 --- a/ansible/playbooks/adhoc-gitlab-deleteproject.yml +++ b/ansible/playbooks/adhoc-gitlab-deleteproject.yml @@ -35,3 +35,4 @@ state: absent validate_certs: true delegate_to: localhost +... diff --git a/ansible/playbooks/adhoc-ipabinder.yml b/ansible/playbooks/adhoc-ipabinder.yml index 7da5cd4..74b4304 100644 --- a/ansible/playbooks/adhoc-ipabinder.yml +++ b/ansible/playbooks/adhoc-ipabinder.yml @@ -39,3 +39,4 @@ file: path: "/tmp/binder.update" state: absent +... diff --git a/ansible/playbooks/adhoc-ipadnsrecord.yml b/ansible/playbooks/adhoc-ipadnsrecord.yml index 4c8ec9d..39f4a79 100644 --- a/ansible/playbooks/adhoc-ipadnsrecord.yml +++ b/ansible/playbooks/adhoc-ipadnsrecord.yml @@ -55,3 +55,4 @@ managedby: - "{{ ipa_name_value[:-1] }}" ignore_errors: true +... diff --git a/ansible/playbooks/adhoc-ipadnszone.yml b/ansible/playbooks/adhoc-ipadnszone.yml index b24f588..d2956dd 100644 --- a/ansible/playbooks/adhoc-ipadnszone.yml +++ b/ansible/playbooks/adhoc-ipadnszone.yml @@ -27,3 +27,4 @@ name: "{{ ipa_zone }}" tags: - dns +... diff --git a/ansible/playbooks/adhoc-ipagetcert.yml b/ansible/playbooks/adhoc-ipagetcert.yml index 8007411..6947810 100644 --- a/ansible/playbooks/adhoc-ipagetcert.yml +++ b/ansible/playbooks/adhoc-ipagetcert.yml @@ -32,3 +32,4 @@ roles: - role: rockylinux.ipagetcert state: present +... diff --git a/ansible/playbooks/adhoc-ipagetkeytab.yml b/ansible/playbooks/adhoc-ipagetkeytab.yml index c89d3d7..b58e373 100644 --- a/ansible/playbooks/adhoc-ipagetkeytab.yml +++ b/ansible/playbooks/adhoc-ipagetkeytab.yml @@ -135,3 +135,4 @@ state: file tags: - keytab +... diff --git a/ansible/playbooks/adhoc-ipagroup.yml b/ansible/playbooks/adhoc-ipagroup.yml index 793eb11..4ab20cf 100644 --- a/ansible/playbooks/adhoc-ipagroup.yml +++ b/ansible/playbooks/adhoc-ipagroup.yml @@ -47,3 +47,4 @@ check_mode: false changed_when: "1 != 1" when: ipa_fas +... diff --git a/ansible/playbooks/adhoc-ipaservice.yml b/ansible/playbooks/adhoc-ipaservice.yml index d4f0fd5..3014bc1 100644 --- a/ansible/playbooks/adhoc-ipaservice.yml +++ b/ansible/playbooks/adhoc-ipaservice.yml @@ -28,3 +28,4 @@ force: "{{ ipa_force | default(false) }}" tags: - services +... diff --git a/ansible/playbooks/adhoc-ipauser-disable-pdr.yml b/ansible/playbooks/adhoc-ipauser-disable-pdr.yml index a5fc316..57996c4 100644 --- a/ansible/playbooks/adhoc-ipauser-disable-pdr.yml +++ b/ansible/playbooks/adhoc-ipauser-disable-pdr.yml @@ -82,3 +82,4 @@ server_uri: ldap://localhost/ bind_dn: "uid={{ ipa_admin }},cn=users,cn=accounts,dc=rockylinux,dc=org" bind_pw: "{{ ipaadmin_password }}" +... diff --git a/ansible/playbooks/adhoc-ipauser-disable.yml b/ansible/playbooks/adhoc-ipauser-disable.yml index dd0153b..1aed0fb 100644 --- a/ansible/playbooks/adhoc-ipauser-disable.yml +++ b/ansible/playbooks/adhoc-ipauser-disable.yml @@ -27,3 +27,4 @@ state: disabled tags: - users +... diff --git a/ansible/playbooks/adhoc-ipauser-enable.yml b/ansible/playbooks/adhoc-ipauser-enable.yml index 1ccea7e..7eae854 100644 --- a/ansible/playbooks/adhoc-ipauser-enable.yml +++ b/ansible/playbooks/adhoc-ipauser-enable.yml @@ -27,3 +27,4 @@ state: enabled tags: - users +... diff --git a/ansible/playbooks/adhoc-ipauser.yml b/ansible/playbooks/adhoc-ipauser.yml index 2019125..4f6e9ee 100644 --- a/ansible/playbooks/adhoc-ipauser.yml +++ b/ansible/playbooks/adhoc-ipauser.yml @@ -38,3 +38,4 @@ update_password: on_create tags: - users +... diff --git a/ansible/playbooks/adhoc-rabbitmqqueue.yml b/ansible/playbooks/adhoc-rabbitmqqueue.yml index 5be4723..14355c1 100644 --- a/ansible/playbooks/adhoc-rabbitmqqueue.yml +++ b/ansible/playbooks/adhoc-rabbitmqqueue.yml @@ -85,3 +85,4 @@ loop_var: routing_item tags: - rabbitmq +... diff --git a/ansible/playbooks/adhoc-rabbitmquser.yml b/ansible/playbooks/adhoc-rabbitmquser.yml index 14b326b..df454dc 100644 --- a/ansible/playbooks/adhoc-rabbitmquser.yml +++ b/ansible/playbooks/adhoc-rabbitmquser.yml @@ -33,3 +33,4 @@ state: present tags: - rabbitmq +... diff --git a/ansible/playbooks/handlers/main.yml b/ansible/playbooks/handlers/main.yml index 83aa26b..43de0a9 100644 --- a/ansible/playbooks/handlers/main.yml +++ b/ansible/playbooks/handlers/main.yml @@ -45,3 +45,4 @@ service: name: postfix state: restarted +... diff --git a/ansible/playbooks/import-rockygroups.yml b/ansible/playbooks/import-rockygroups.yml index 46eb8c7..6f9dcec 100644 --- a/ansible/playbooks/import-rockygroups.yml +++ b/ansible/playbooks/import-rockygroups.yml @@ -12,3 +12,4 @@ loop: "{{ ipagroups }}" tags: - groups +... diff --git a/ansible/playbooks/import-rockyipaprivs.yml b/ansible/playbooks/import-rockyipaprivs.yml index c6497b7..dd5d012 100644 --- a/ansible/playbooks/import-rockyipaprivs.yml +++ b/ansible/playbooks/import-rockyipaprivs.yml @@ -42,3 +42,4 @@ when: iparoles is defined tags: - rbac +... diff --git a/ansible/playbooks/import-rockypwpolicy.yml b/ansible/playbooks/import-rockypwpolicy.yml index 0759fea..df4e36b 100644 --- a/ansible/playbooks/import-rockypwpolicy.yml +++ b/ansible/playbooks/import-rockypwpolicy.yml @@ -14,3 +14,4 @@ loop: "{{ ipapwpolicies }}" tags: - groups +... diff --git a/ansible/playbooks/import-rockysudo.yml b/ansible/playbooks/import-rockysudo.yml index a9a3009..8705940 100644 --- a/ansible/playbooks/import-rockysudo.yml +++ b/ansible/playbooks/import-rockysudo.yml @@ -10,3 +10,4 @@ - rockyadm hostcat: all cmdcat: all +... diff --git a/ansible/playbooks/import-rockyusers.yml b/ansible/playbooks/import-rockyusers.yml index 8f7f20d..50e01f4 100644 --- a/ansible/playbooks/import-rockyusers.yml +++ b/ansible/playbooks/import-rockyusers.yml @@ -68,3 +68,4 @@ file: path: "/tmp/binder.update" state: absent +... diff --git a/ansible/playbooks/init-rocky-account-services.yml b/ansible/playbooks/init-rocky-account-services.yml index 312a4f7..16a9656 100644 --- a/ansible/playbooks/init-rocky-account-services.yml +++ b/ansible/playbooks/init-rocky-account-services.yml @@ -32,3 +32,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/init-rocky-ansible-host.yml b/ansible/playbooks/init-rocky-ansible-host.yml index 5559fca..ebc5b58 100644 --- a/ansible/playbooks/init-rocky-ansible-host.yml +++ b/ansible/playbooks/init-rocky-ansible-host.yml @@ -8,16 +8,16 @@ collection_installation_dir: collections installation_prefix: ../ pre_tasks: -# example prepare ansible box for execution -# - name: install required pip modules on the host running ansible -# pip: -# name: -# - jmespath -# - netaddr -# - python-consul -# - pyvmomi -# - python-ldap -# - twine + # example prepare ansible box for execution + # - name: install required pip modules on the host running ansible + # pip: + # name: + # - jmespath + # - netaddr + # - python-consul + # - pyvmomi + # - python-ldap + # - twine - name: Remove existing public roles file: @@ -54,3 +54,4 @@ path: "../tmp/known_hosts" state: touch mode: "0644" +... diff --git a/ansible/playbooks/init-rocky-bugzilla.yml b/ansible/playbooks/init-rocky-bugzilla.yml index 081d8c1..600ff6a 100644 --- a/ansible/playbooks/init-rocky-bugzilla.yml +++ b/ansible/playbooks/init-rocky-bugzilla.yml @@ -57,3 +57,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/init-rocky-builder-postfix.yml b/ansible/playbooks/init-rocky-builder-postfix.yml index 97bf800..3892d56 100644 --- a/ansible/playbooks/init-rocky-builder-postfix.yml +++ b/ansible/playbooks/init-rocky-builder-postfix.yml @@ -34,3 +34,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/init-rocky-chrony.yml b/ansible/playbooks/init-rocky-chrony.yml index d013d4b..dd0f6fa 100644 --- a/ansible/playbooks/init-rocky-chrony.yml +++ b/ansible/playbooks/init-rocky-chrony.yml @@ -38,3 +38,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/init-rocky-install-kvm-hosts.yml b/ansible/playbooks/init-rocky-install-kvm-hosts.yml index a59dad5..fe5826d 100644 --- a/ansible/playbooks/init-rocky-install-kvm-hosts.yml +++ b/ansible/playbooks/init-rocky-install-kvm-hosts.yml @@ -57,3 +57,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/init-rocky-ipa-internal-dns.yml b/ansible/playbooks/init-rocky-ipa-internal-dns.yml index 8772ba4..64eb00c 100644 --- a/ansible/playbooks/init-rocky-ipa-internal-dns.yml +++ b/ansible/playbooks/init-rocky-ipa-internal-dns.yml @@ -30,3 +30,4 @@ name: '{{ item }}' dynamic_update: true with_items: '{{ fdns }}' +... diff --git a/ansible/playbooks/init-rocky-ipa-team.yml b/ansible/playbooks/init-rocky-ipa-team.yml index d3bd6fc..02d3e54 100644 --- a/ansible/playbooks/init-rocky-ipa-team.yml +++ b/ansible/playbooks/init-rocky-ipa-team.yml @@ -33,3 +33,4 @@ - name: "Start privileges for services" import_tasks: import-rockyipaprivs.yml +... diff --git a/ansible/playbooks/init-rocky-koji-ecosystem.yml b/ansible/playbooks/init-rocky-koji-ecosystem.yml index f2f7a37..2668701 100644 --- a/ansible/playbooks/init-rocky-koji-ecosystem.yml +++ b/ansible/playbooks/init-rocky-koji-ecosystem.yml @@ -32,3 +32,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/init-rocky-mantisbt.yml b/ansible/playbooks/init-rocky-mantisbt.yml index f5cc2bb..659bb3b 100644 --- a/ansible/playbooks/init-rocky-mantisbt.yml +++ b/ansible/playbooks/init-rocky-mantisbt.yml @@ -57,3 +57,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/init-rocky-noggin-theme.yml b/ansible/playbooks/init-rocky-noggin-theme.yml index 7d80e0f..befd1eb 100644 --- a/ansible/playbooks/init-rocky-noggin-theme.yml +++ b/ansible/playbooks/init-rocky-noggin-theme.yml @@ -38,3 +38,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/init-rocky-noggin.yml b/ansible/playbooks/init-rocky-noggin.yml index 13dde78..0f09e25 100644 --- a/ansible/playbooks/init-rocky-noggin.yml +++ b/ansible/playbooks/init-rocky-noggin.yml @@ -32,3 +32,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/init-rocky-repo-servers.yml b/ansible/playbooks/init-rocky-repo-servers.yml index 24a1f4d..433dd87 100644 --- a/ansible/playbooks/init-rocky-repo-servers.yml +++ b/ansible/playbooks/init-rocky-repo-servers.yml @@ -32,3 +32,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/init-rocky-system-config.yml b/ansible/playbooks/init-rocky-system-config.yml index 3c20900..cf8478a 100644 --- a/ansible/playbooks/init-rocky-system-config.yml +++ b/ansible/playbooks/init-rocky-system-config.yml @@ -54,3 +54,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-bootstrap_staging.yml b/ansible/playbooks/role-rocky-bootstrap_staging.yml index 7154846..c2eae66 100644 --- a/ansible/playbooks/role-rocky-bootstrap_staging.yml +++ b/ansible/playbooks/role-rocky-bootstrap_staging.yml @@ -38,3 +38,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-gitlab-ee.yml b/ansible/playbooks/role-rocky-gitlab-ee.yml index b9e9a84..429e1f1 100644 --- a/ansible/playbooks/role-rocky-gitlab-ee.yml +++ b/ansible/playbooks/role-rocky-gitlab-ee.yml @@ -56,3 +56,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-gitlab-runner.yml b/ansible/playbooks/role-rocky-gitlab-runner.yml index 18cd8b6..19e2ce5 100644 --- a/ansible/playbooks/role-rocky-gitlab-runner.yml +++ b/ansible/playbooks/role-rocky-gitlab-runner.yml @@ -46,3 +46,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-graylog.yml b/ansible/playbooks/role-rocky-graylog.yml index e6e7cbe..2e46c6e 100644 --- a/ansible/playbooks/role-rocky-graylog.yml +++ b/ansible/playbooks/role-rocky-graylog.yml @@ -63,3 +63,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-ipa-client.yml b/ansible/playbooks/role-rocky-ipa-client.yml index fc1a864..3beea05 100644 --- a/ansible/playbooks/role-rocky-ipa-client.yml +++ b/ansible/playbooks/role-rocky-ipa-client.yml @@ -39,3 +39,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-ipa-replica.yml b/ansible/playbooks/role-rocky-ipa-replica.yml index 64a3b42..06f2367 100644 --- a/ansible/playbooks/role-rocky-ipa-replica.yml +++ b/ansible/playbooks/role-rocky-ipa-replica.yml @@ -51,3 +51,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-ipa.yml b/ansible/playbooks/role-rocky-ipa.yml index 0283c05..4203b38 100644 --- a/ansible/playbooks/role-rocky-ipa.yml +++ b/ansible/playbooks/role-rocky-ipa.yml @@ -61,3 +61,4 @@ freeipa.ansible_freeipa.ipadnsconfig: ipaadmin_password: '{{ ipaadmin_password }}' allow_sync_ptr: true +... diff --git a/ansible/playbooks/role-rocky-ipsilon.yml b/ansible/playbooks/role-rocky-ipsilon.yml index bc9f883..4305937 100644 --- a/ansible/playbooks/role-rocky-ipsilon.yml +++ b/ansible/playbooks/role-rocky-ipsilon.yml @@ -75,3 +75,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-kojid-staging.yml b/ansible/playbooks/role-rocky-kojid-staging.yml index a6a29f9..6b33570 100644 --- a/ansible/playbooks/role-rocky-kojid-staging.yml +++ b/ansible/playbooks/role-rocky-kojid-staging.yml @@ -88,3 +88,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-kojid.yml b/ansible/playbooks/role-rocky-kojid.yml index e365219..a8fe405 100644 --- a/ansible/playbooks/role-rocky-kojid.yml +++ b/ansible/playbooks/role-rocky-kojid.yml @@ -88,3 +88,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-kojihub-staging.yml b/ansible/playbooks/role-rocky-kojihub-staging.yml index 0ac3884..e0a1be8 100644 --- a/ansible/playbooks/role-rocky-kojihub-staging.yml +++ b/ansible/playbooks/role-rocky-kojihub-staging.yml @@ -121,3 +121,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-kojihub.yml b/ansible/playbooks/role-rocky-kojihub.yml index d28afe6..7790731 100644 --- a/ansible/playbooks/role-rocky-kojihub.yml +++ b/ansible/playbooks/role-rocky-kojihub.yml @@ -121,3 +121,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-monitoring.yml b/ansible/playbooks/role-rocky-monitoring.yml index 3743cfe..8d1b34e 100644 --- a/ansible/playbooks/role-rocky-monitoring.yml +++ b/ansible/playbooks/role-rocky-monitoring.yml @@ -37,8 +37,8 @@ state: present roles: - #- role: rockylinux.ipagetcert - # state: present + # - role: rockylinux.ipagetcert + # state: present - role: cloudalchemy.prometheus state: present - role: cloudalchemy.alertmanager @@ -61,3 +61,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-mqtt.yml b/ansible/playbooks/role-rocky-mqtt.yml index e7972ff..6bd77b9 100644 --- a/ansible/playbooks/role-rocky-mqtt.yml +++ b/ansible/playbooks/role-rocky-mqtt.yml @@ -59,3 +59,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-node_exporter.yml b/ansible/playbooks/role-rocky-node_exporter.yml index 6e95cf1..0457451 100644 --- a/ansible/playbooks/role-rocky-node_exporter.yml +++ b/ansible/playbooks/role-rocky-node_exporter.yml @@ -19,3 +19,4 @@ port: 9100/tcp permanent: true state: enabled +... diff --git a/ansible/playbooks/role-rocky-pinnwand.yml b/ansible/playbooks/role-rocky-pinnwand.yml index aae89e9..534e4e0 100644 --- a/ansible/playbooks/role-rocky-pinnwand.yml +++ b/ansible/playbooks/role-rocky-pinnwand.yml @@ -31,8 +31,8 @@ state: present tasks: - #- include_tasks: tasks/pinnwand.yml - # tags: ['includetasks'] + # - include_tasks: tasks/pinnwand.yml + # tags: ['includetasks'] roles: - role: rockylinux.ipagetcert @@ -46,8 +46,8 @@ # Define variables in vars/matomo/nginx.yml - role: nginxinc.nginx_core.nginx tags: ['nginx'] - #- role: nginxinc.nginx_core.nginx_config - # tags: ['nginx'] + # - role: nginxinc.nginx_core.nginx_config + # tags: ['nginx'] post_tasks: - name: Open firewalld ports @@ -64,3 +64,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-rabbitmq.yml b/ansible/playbooks/role-rocky-rabbitmq.yml index 8fd9985..7cbd6b5 100644 --- a/ansible/playbooks/role-rocky-rabbitmq.yml +++ b/ansible/playbooks/role-rocky-rabbitmq.yml @@ -75,3 +75,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-repopool.yml b/ansible/playbooks/role-rocky-repopool.yml index b0dae60..ac21641 100644 --- a/ansible/playbooks/role-rocky-repopool.yml +++ b/ansible/playbooks/role-rocky-repopool.yml @@ -39,3 +39,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-sigul-bridge.yml b/ansible/playbooks/role-rocky-sigul-bridge.yml index de26d7e..e291e33 100644 --- a/ansible/playbooks/role-rocky-sigul-bridge.yml +++ b/ansible/playbooks/role-rocky-sigul-bridge.yml @@ -89,3 +89,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-sigul-server.yml b/ansible/playbooks/role-rocky-sigul-server.yml index 12a7e7b..594183b 100644 --- a/ansible/playbooks/role-rocky-sigul-server.yml +++ b/ansible/playbooks/role-rocky-sigul-server.yml @@ -76,3 +76,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-srpmproc.yml b/ansible/playbooks/role-rocky-srpmproc.yml index ca6241f..7562a3b 100644 --- a/ansible/playbooks/role-rocky-srpmproc.yml +++ b/ansible/playbooks/role-rocky-srpmproc.yml @@ -38,3 +38,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-wikijs.yml b/ansible/playbooks/role-rocky-wikijs.yml index 78e06e5..6f69704 100644 --- a/ansible/playbooks/role-rocky-wikijs.yml +++ b/ansible/playbooks/role-rocky-wikijs.yml @@ -56,7 +56,7 @@ port: "{{ item.port }}" permanent: "{{ item.permanent }}" state: "{{ item.state }}" - immediate: yes + immediate: true loop: "{{ firewall_rules }}" - name: Touching run file that ansible has ran here @@ -67,3 +67,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/tasks/account_services.yml b/ansible/playbooks/tasks/account_services.yml index 506a293..4bd38a8 100644 --- a/ansible/playbooks/tasks/account_services.yml +++ b/ansible/playbooks/tasks/account_services.yml @@ -24,3 +24,4 @@ name: httpd state: running enabled: true +... diff --git a/ansible/playbooks/tasks/auditd.yml b/ansible/playbooks/tasks/auditd.yml index c4e1570..455f99a 100644 --- a/ansible/playbooks/tasks/auditd.yml +++ b/ansible/playbooks/tasks/auditd.yml @@ -33,3 +33,4 @@ - regenerate_auditd_rules tags: - harden +... diff --git a/ansible/playbooks/tasks/authentication.yml b/ansible/playbooks/tasks/authentication.yml index 14794c9..cfe0cec 100644 --- a/ansible/playbooks/tasks/authentication.yml +++ b/ansible/playbooks/tasks/authentication.yml @@ -66,3 +66,4 @@ when: - ansible_facts['os_family'] == 'RedHat' - ansible_facts['distribution_major_version'] == '8' +... diff --git a/ansible/playbooks/tasks/bugzilla.yml b/ansible/playbooks/tasks/bugzilla.yml index fb24b71..f514496 100644 --- a/ansible/playbooks/tasks/bugzilla.yml +++ b/ansible/playbooks/tasks/bugzilla.yml @@ -52,3 +52,4 @@ - name: Install necessary pieces import_tasks: bugzilla_install.yml +... diff --git a/ansible/playbooks/tasks/bugzilla_install.yml b/ansible/playbooks/tasks/bugzilla_install.yml index 505c999..0d7213e 100644 --- a/ansible/playbooks/tasks/bugzilla_install.yml +++ b/ansible/playbooks/tasks/bugzilla_install.yml @@ -57,3 +57,4 @@ file: path: "{{ bugzilla_dir }}/answer" state: absent +... diff --git a/ansible/playbooks/tasks/chrony.yml b/ansible/playbooks/tasks/chrony.yml index db72733..005fb2a 100644 --- a/ansible/playbooks/tasks/chrony.yml +++ b/ansible/playbooks/tasks/chrony.yml @@ -30,3 +30,4 @@ name: "{{ chrony_service_name }}" state: "{{ chrony_service_state }}" enabled: "{{ chrony_service_enabled }}" +... diff --git a/ansible/playbooks/tasks/efs_mount.yml b/ansible/playbooks/tasks/efs_mount.yml index dc0eb3a..c790cbd 100644 --- a/ansible/playbooks/tasks/efs_mount.yml +++ b/ansible/playbooks/tasks/efs_mount.yml @@ -3,19 +3,18 @@ # - name: "Installing amazon-efs-utils" - become: yes + become: true become_user: root yum: name: 'https://git.rockylinux.org/neil/efs-utils/-/jobs/5/artifacts/raw/build/amazon-efs-utils-1.30.1-1.el8.noarch.rpm?inline=false' - disable_gpg_check: yes - validate_certs: yes + disable_gpg_check: true + validate_certs: true state: present tags: - amazon_efs_utils - packages - mounts - - name: "Gathering ec2 facts" amazon.aws.ec2_metadata_facts: tags: @@ -23,18 +22,17 @@ # "you can use /etc/hosts" https://github.com/aws/efs-utils/issues/1 - name: "Install custom hosts file because fmlC-w amazon said so." - become: yes + become: true become_user: root ansible.builtin.lineinfile: path: /etc/hosts line: "{{ item.ip_map[ansible_ec2_placement_availability_zone] }} {{ item.fsid }}.efs.{{ ansible_ec2_placement_region }}.amazonaws.com" - create: yes + create: true tags: - mounts - - name: "Creating and mounting {{ item.fsid }} at {{ item.mount_point }}" - become: yes + become: true become_user: root ansible.posix.mount: path: "{{ item.mount_point }}" @@ -44,3 +42,4 @@ state: "{{ item.state | default('mounted') }}" tags: - mounts +... diff --git a/ansible/playbooks/tasks/gitlab-reconfigure.yml b/ansible/playbooks/tasks/gitlab-reconfigure.yml index e5d9446..4781ebb 100644 --- a/ansible/playbooks/tasks/gitlab-reconfigure.yml +++ b/ansible/playbooks/tasks/gitlab-reconfigure.yml @@ -62,3 +62,4 @@ owner: root group: root mode: '0750' +... diff --git a/ansible/playbooks/tasks/gitlab-runner.yml b/ansible/playbooks/tasks/gitlab-runner.yml index 19b18bd..131e2f1 100644 --- a/ansible/playbooks/tasks/gitlab-runner.yml +++ b/ansible/playbooks/tasks/gitlab-runner.yml @@ -23,8 +23,9 @@ become: true - name: Create gitlab-runner user - become: yes + become: true user: name: gitlab-runner shell: /bin/bash - system: yes + system: true +... diff --git a/ansible/playbooks/tasks/grub.yml b/ansible/playbooks/tasks/grub.yml index 69516d3..b06e7f1 100644 --- a/ansible/playbooks/tasks/grub.yml +++ b/ansible/playbooks/tasks/grub.yml @@ -2,3 +2,4 @@ - name: Add kernel boot options to all kernels and default config command: /usr/sbin/grubby --update-kernel=ALL --args "{{ grub_boot_options }}" changed_when: "1 != 1" +... diff --git a/ansible/playbooks/tasks/harden.yml b/ansible/playbooks/tasks/harden.yml index 997ce49..8bca3f9 100644 --- a/ansible/playbooks/tasks/harden.yml +++ b/ansible/playbooks/tasks/harden.yml @@ -214,3 +214,4 @@ state: absent tags: - harden +... diff --git a/ansible/playbooks/tasks/init-koji.yml b/ansible/playbooks/tasks/init-koji.yml index a040b60..e029636 100644 --- a/ansible/playbooks/tasks/init-koji.yml +++ b/ansible/playbooks/tasks/init-koji.yml @@ -4,7 +4,7 @@ shell: "set -o pipefail && echo \"{{ rockykoji_password }}\" | kinit rockykoji@ROCKYLINUX.ORG" check_mode: false changed_when: "1 != 1" - become: yes + become: true become_user: koji when: rockykoji_has_password | bool @@ -12,14 +12,14 @@ shell: "set -o pipefail && kinit -kt /home/koji/.koji/keytab koji/rockykoji@ROCKYLINUX.ORG" check_mode: false changed_when: "1 != 1" - become: yes + become: true become_user: koji when: not rockykoji_has_password | bool - name: Import current necessary tags shell: "set -o pipefail && koji add-tag {{ item }}" changed_when: "1 != 1" - become: yes + become: true become_user: koji loop: - build-modules @@ -60,3 +60,4 @@ - module-rocky-8.4.0-build - trash - trashcan +... diff --git a/ansible/playbooks/tasks/koji_efs.yml b/ansible/playbooks/tasks/koji_efs.yml index de57bb7..e35867c 100644 --- a/ansible/playbooks/tasks/koji_efs.yml +++ b/ansible/playbooks/tasks/koji_efs.yml @@ -20,7 +20,7 @@ ansible.builtin.lineinfile: path: /etc/hosts line: "{{ koji_efs_fs_ip_map[ansible_ec2_placement_availability_zone] }} {{ koji_efs_fsid }}" - create: yes + create: true tags: - mounts @@ -33,3 +33,4 @@ state: "{{ koji_efs_fs_state | default('mounted') }}" tags: - mounts +... diff --git a/ansible/playbooks/tasks/main.yml b/ansible/playbooks/tasks/main.yml index ed97d53..91da2a7 100644 --- a/ansible/playbooks/tasks/main.yml +++ b/ansible/playbooks/tasks/main.yml @@ -1 +1,2 @@ --- +... diff --git a/ansible/playbooks/tasks/mantis.yml b/ansible/playbooks/tasks/mantis.yml index 8d8730b..b786cc1 100644 --- a/ansible/playbooks/tasks/mantis.yml +++ b/ansible/playbooks/tasks/mantis.yml @@ -90,3 +90,4 @@ - name: Patch up some pages import_tasks: mantispatch.yml +... diff --git a/ansible/playbooks/tasks/mantispatch.yml b/ansible/playbooks/tasks/mantispatch.yml index 0e4a4b8..5ccbe0f 100644 --- a/ansible/playbooks/tasks/mantispatch.yml +++ b/ansible/playbooks/tasks/mantispatch.yml @@ -23,3 +23,4 @@ path: "/var/www/mantisbt-{{ mantis_version }}/login_page.php" state: absent regex: 'LDAP != config_get_global' +... diff --git a/ansible/playbooks/tasks/noggin.yml b/ansible/playbooks/tasks/noggin.yml index 48ee659..735afcd 100644 --- a/ansible/playbooks/tasks/noggin.yml +++ b/ansible/playbooks/tasks/noggin.yml @@ -86,3 +86,4 @@ lineinfile: path: "/opt/noggin/noggin/noggin/app.py" line: "app = create_app()" +... diff --git a/ansible/playbooks/tasks/postfix_relay.yml b/ansible/playbooks/tasks/postfix_relay.yml index ba984a5..c25b5b7 100644 --- a/ansible/playbooks/tasks/postfix_relay.yml +++ b/ansible/playbooks/tasks/postfix_relay.yml @@ -35,3 +35,4 @@ name: postfix state: restarted enabled: true +... diff --git a/ansible/playbooks/tasks/rabbitmq-reconfigure.yml b/ansible/playbooks/tasks/rabbitmq-reconfigure.yml index d8480c8..b2a4de3 100644 --- a/ansible/playbooks/tasks/rabbitmq-reconfigure.yml +++ b/ansible/playbooks/tasks/rabbitmq-reconfigure.yml @@ -1,2 +1,3 @@ --- # RabbitMQ Additional Changes +... diff --git a/ansible/playbooks/tasks/repository.yml b/ansible/playbooks/tasks/repository.yml index 55bf307..ca86fa3 100644 --- a/ansible/playbooks/tasks/repository.yml +++ b/ansible/playbooks/tasks/repository.yml @@ -1,2 +1,3 @@ --- # no tasks yet +... diff --git a/ansible/playbooks/tasks/scripts.yml b/ansible/playbooks/tasks/scripts.yml index 7f430ff..5b81a8d 100644 --- a/ansible/playbooks/tasks/scripts.yml +++ b/ansible/playbooks/tasks/scripts.yml @@ -7,3 +7,4 @@ owner: root group: root mode: '0755' +... diff --git a/ansible/playbooks/tasks/srpmproc.yml b/ansible/playbooks/tasks/srpmproc.yml index c15207e..23a0ae2 100644 --- a/ansible/playbooks/tasks/srpmproc.yml +++ b/ansible/playbooks/tasks/srpmproc.yml @@ -7,3 +7,4 @@ with_items: - httpd_can_network_connect_db - httpd_can_network_connect +... diff --git a/ansible/playbooks/tasks/ssh_config.yml b/ansible/playbooks/tasks/ssh_config.yml index 6b34484..15941ac 100644 --- a/ansible/playbooks/tasks/ssh_config.yml +++ b/ansible/playbooks/tasks/ssh_config.yml @@ -43,3 +43,4 @@ with_items: - /etc/ssh/ssh_host_dsa_key.pub - /etc/ssh/ssh_host_dsa_key +... diff --git a/ansible/playbooks/tasks/variable_loader_common.yml b/ansible/playbooks/tasks/variable_loader_common.yml index a0c4f48..ab182af 100644 --- a/ansible/playbooks/tasks/variable_loader_common.yml +++ b/ansible/playbooks/tasks/variable_loader_common.yml @@ -19,3 +19,4 @@ always: - debug: msg="Variables are now loaded" +... diff --git a/ansible/playbooks/vars/RedHat.yml b/ansible/playbooks/vars/RedHat.yml index 858d593..2af88ed 100644 --- a/ansible/playbooks/vars/RedHat.yml +++ b/ansible/playbooks/vars/RedHat.yml @@ -159,3 +159,4 @@ enable_svc: syslog_packages: - rsyslog +... diff --git a/ansible/playbooks/vars/bugzilla.yml b/ansible/playbooks/vars/bugzilla.yml index 0293b5b..43e8b5b 100644 --- a/ansible/playbooks/vars/bugzilla.yml +++ b/ansible/playbooks/vars/bugzilla.yml @@ -50,3 +50,4 @@ ipa_getcert_requested_hostnames: postcmd: "/bin/systemctl reload httpd" cnames: - "bugs.rockylinux.org" +... diff --git a/ansible/playbooks/vars/buildsys.yml b/ansible/playbooks/vars/buildsys.yml index ccb2f5f..1afd6fb 100644 --- a/ansible/playbooks/vars/buildsys.yml +++ b/ansible/playbooks/vars/buildsys.yml @@ -3,3 +3,4 @@ smtp_user_name: "username" smtp_user_pass: "password" smtp_relayhost: "smtp.rockylinux.org" +... diff --git a/ansible/playbooks/vars/chrony.yml b/ansible/playbooks/vars/chrony.yml index e40f9d6..7d9338d 100644 --- a/ansible/playbooks/vars/chrony.yml +++ b/ansible/playbooks/vars/chrony.yml @@ -31,3 +31,4 @@ chrony_timeservers: # is chrony ntp server - allows client connections chrony_server: false +... diff --git a/ansible/playbooks/vars/chronyserver.yml b/ansible/playbooks/vars/chronyserver.yml index 84d67c1..293795e 100644 --- a/ansible/playbooks/vars/chronyserver.yml +++ b/ansible/playbooks/vars/chronyserver.yml @@ -7,3 +7,4 @@ chrony_timeservers: # is chrony ntp server - allows client connections chrony_server: true +... diff --git a/ansible/playbooks/vars/common.yml b/ansible/playbooks/vars/common.yml index 73afb11..b431f6e 100644 --- a/ansible/playbooks/vars/common.yml +++ b/ansible/playbooks/vars/common.yml @@ -11,3 +11,4 @@ rocky_ipaserver_lb: "ipa-lb.rockylinux.org" rocky_ldap_bind_pw: "{{ ipa_binder_password }}" rocky_ldap_userman_dn: "uid=userman,cn=users,cn=accounts,dc=rockylinux,dc=org" rocky_ldap_userman_pw: "{{ ipa_userman_password }}" +... diff --git a/ansible/playbooks/vars/gitlab.yml b/ansible/playbooks/vars/gitlab.yml index 09ff50d..35fbe97 100644 --- a/ansible/playbooks/vars/gitlab.yml +++ b/ansible/playbooks/vars/gitlab.yml @@ -84,3 +84,4 @@ ipa_getcert_requested_hostnames: postcmd: "/usr/local/bin/fix_gitlab_certs.sh" cnames: - "git.rockylinux.org" +... diff --git a/ansible/playbooks/vars/gitlab_runner.yml b/ansible/playbooks/vars/gitlab_runner.yml index 7e57b37..28a779f 100644 --- a/ansible/playbooks/vars/gitlab_runner.yml +++ b/ansible/playbooks/vars/gitlab_runner.yml @@ -7,3 +7,4 @@ gitlab_runner_runners: tags: [] gitlab_runner_timeout_stop_seconds: 60 +... diff --git a/ansible/playbooks/vars/graylog.yml b/ansible/playbooks/vars/graylog.yml index f8c3298..5565dc5 100644 --- a/ansible/playbooks/vars/graylog.yml +++ b/ansible/playbooks/vars/graylog.yml @@ -29,3 +29,4 @@ graylog_ipa_dnsrecord_name: graylog graylog_ipa_dnsrecord_record_type: CNAME graylog_ipa_dnsrecord_record_value: graylog002.rockylinux.org. graylog_ipa_dnsrecord_state: present +... diff --git a/ansible/playbooks/vars/ipa/adminusers.yml b/ansible/playbooks/vars/ipa/adminusers.yml index 4a15dec..4fd54d7 100644 --- a/ansible/playbooks/vars/ipa/adminusers.yml +++ b/ansible/playbooks/vars/ipa/adminusers.yml @@ -60,3 +60,4 @@ adminusers: password: ThisIsNotMyPassword1! title: Security Director loginshell: /bin/bash +... diff --git a/ansible/playbooks/vars/ipa/agreements.yml b/ansible/playbooks/vars/ipa/agreements.yml index 2c6aed1..2640c2c 100644 --- a/ansible/playbooks/vars/ipa/agreements.yml +++ b/ansible/playbooks/vars/ipa/agreements.yml @@ -1,2 +1,3 @@ --- # Vars for Agreements for the Rocky Linux Project +... diff --git a/ansible/playbooks/vars/ipa/fdns.yml b/ansible/playbooks/vars/ipa/fdns.yml index c721d4e..06bc340 100644 --- a/ansible/playbooks/vars/ipa/fdns.yml +++ b/ansible/playbooks/vars/ipa/fdns.yml @@ -2,3 +2,4 @@ fdns: - rockylinux.org. - aws.rockylinux.org. +... diff --git a/ansible/playbooks/vars/ipa/groups.yml b/ansible/playbooks/vars/ipa/groups.yml index c11d1dd..e3723a9 100644 --- a/ansible/playbooks/vars/ipa/groups.yml +++ b/ansible/playbooks/vars/ipa/groups.yml @@ -96,3 +96,4 @@ ipagroups: - label - group: mq_pub_readonly description: RabbitMQ ReadOnly +... diff --git a/ansible/playbooks/vars/ipa/ipaclient.yml b/ansible/playbooks/vars/ipa/ipaclient.yml index 5dc1f47..682098c 100644 --- a/ansible/playbooks/vars/ipa/ipaclient.yml +++ b/ansible/playbooks/vars/ipa/ipaclient.yml @@ -8,3 +8,4 @@ ipaclient_mkhomedir: true ipaclient_ssh_trust_dns: true ipasssd_enable_dns_updates: true ipatype: client +... diff --git a/ansible/playbooks/vars/ipa/ipaprivs.yml b/ansible/playbooks/vars/ipa/ipaprivs.yml index 00260f2..c8bed98 100644 --- a/ansible/playbooks/vars/ipa/ipaprivs.yml +++ b/ansible/playbooks/vars/ipa/ipaprivs.yml @@ -40,3 +40,4 @@ iparoles: - "Stage User Administrators" - "User Administrators" - "FAS Agreement Administrators" +... diff --git a/ansible/playbooks/vars/ipa/ipareplica.yml b/ansible/playbooks/vars/ipa/ipareplica.yml index feb8faf..38dd5f4 100644 --- a/ansible/playbooks/vars/ipa/ipareplica.yml +++ b/ansible/playbooks/vars/ipa/ipareplica.yml @@ -11,3 +11,4 @@ ipareplica_setup_ca: true ipareplica_setup_kra: true ipareplica_setup_dns: true ipatype: replica +... diff --git a/ansible/playbooks/vars/ipa/ipaserver.yml b/ansible/playbooks/vars/ipa/ipaserver.yml index 44adc67..efaefbb 100644 --- a/ansible/playbooks/vars/ipa/ipaserver.yml +++ b/ansible/playbooks/vars/ipa/ipaserver.yml @@ -13,3 +13,4 @@ ipaclient_mkhomedir: true ipaserver_no_hbac_allow: true ipaserver_reverse_zones: ["32.10.in-addr.arpa."] ipatype: server +... diff --git a/ansible/playbooks/vars/ipa/rdns.yml b/ansible/playbooks/vars/ipa/rdns.yml index 1149231..2e52d7b 100644 --- a/ansible/playbooks/vars/ipa/rdns.yml +++ b/ansible/playbooks/vars/ipa/rdns.yml @@ -1,3 +1,4 @@ --- rdns: - 32.10.in-addr.arpa. +... diff --git a/ansible/playbooks/vars/ipa/sudorules.yml b/ansible/playbooks/vars/ipa/sudorules.yml index ed97d53..91da2a7 100644 --- a/ansible/playbooks/vars/ipa/sudorules.yml +++ b/ansible/playbooks/vars/ipa/sudorules.yml @@ -1 +1,2 @@ --- +... diff --git a/ansible/playbooks/vars/ipa/svcusers.yml b/ansible/playbooks/vars/ipa/svcusers.yml index e19bfaa..d5bf8e1 100644 --- a/ansible/playbooks/vars/ipa/svcusers.yml +++ b/ansible/playbooks/vars/ipa/svcusers.yml @@ -42,3 +42,4 @@ svcusers: password: ThisIsNotMyPassword1! title: System Account - Automation loginshell: /sbin/nologin +... diff --git a/ansible/playbooks/vars/ipa/users.yml b/ansible/playbooks/vars/ipa/users.yml index 2c90cee..a291293 100644 --- a/ansible/playbooks/vars/ipa/users.yml +++ b/ansible/playbooks/vars/ipa/users.yml @@ -70,3 +70,4 @@ users: password: ThisIsNotMyPassword1! title: Security Director loginshell: /bin/bash +... diff --git a/ansible/playbooks/vars/ipaserver.yml b/ansible/playbooks/vars/ipaserver.yml index b6854f0..b4216b4 100644 --- a/ansible/playbooks/vars/ipaserver.yml +++ b/ansible/playbooks/vars/ipaserver.yml @@ -1,2 +1,3 @@ --- ipatype: server +... diff --git a/ansible/playbooks/vars/ipsilon.yml b/ansible/playbooks/vars/ipsilon.yml index 587c4d8..38532ba 100644 --- a/ansible/playbooks/vars/ipsilon.yml +++ b/ansible/playbooks/vars/ipsilon.yml @@ -63,3 +63,4 @@ apache_vhosts: SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 CustomLog logs/ssl-seven.rockylinux.org.org_request.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" +... diff --git a/ansible/playbooks/vars/mantis.yml b/ansible/playbooks/vars/mantis.yml index 5b12fb8..c54af44 100644 --- a/ansible/playbooks/vars/mantis.yml +++ b/ansible/playbooks/vars/mantis.yml @@ -29,3 +29,4 @@ ipa_getcert_requested_hostnames: postcmd: "/bin/systemctl reload httpd" cnames: - "bugs.rockylinux.org" +... diff --git a/ansible/playbooks/vars/matterbridge.yml b/ansible/playbooks/vars/matterbridge.yml index d9c820b..37d3498 100644 --- a/ansible/playbooks/vars/matterbridge.yml +++ b/ansible/playbooks/vars/matterbridge.yml @@ -14,3 +14,4 @@ mbridge_mattermost_ignore_nicks: mbridge_mattermost_label: MM mbridge_mattermost_server: ws.chat.rockylinux.org mbridge_mattermost_team: rocky-linux +... diff --git a/ansible/playbooks/vars/monitoring.yml b/ansible/playbooks/vars/monitoring.yml index 962ab43..1dc9e62 100644 --- a/ansible/playbooks/vars/monitoring.yml +++ b/ansible/playbooks/vars/monitoring.yml @@ -39,3 +39,4 @@ ipa_getcert_requested_hostnames: # - host2 # labels: # env: production +... diff --git a/ansible/playbooks/vars/mounts/bootstrap_staging.yml b/ansible/playbooks/vars/mounts/bootstrap_staging.yml index 3618d8a..4c71a43 100644 --- a/ansible/playbooks/vars/mounts/bootstrap_staging.yml +++ b/ansible/playbooks/vars/mounts/bootstrap_staging.yml @@ -16,3 +16,4 @@ mounts: us-east-2a: 10.100.100.250 us-east-2b: 10.100.101.250 us-east-2c: 10.100.102.250 +... diff --git a/ansible/playbooks/vars/mounts/repopool.yml b/ansible/playbooks/vars/mounts/repopool.yml index 0af64c0..4419869 100644 --- a/ansible/playbooks/vars/mounts/repopool.yml +++ b/ansible/playbooks/vars/mounts/repopool.yml @@ -24,3 +24,4 @@ mounts: us-east-2a: 10.101.100.246 us-east-2b: 10.101.101.246 us-east-2c: 10.101.102.246 +... diff --git a/ansible/playbooks/vars/mounts/srpmproc.yml b/ansible/playbooks/vars/mounts/srpmproc.yml index c98df6b..88a3579 100644 --- a/ansible/playbooks/vars/mounts/srpmproc.yml +++ b/ansible/playbooks/vars/mounts/srpmproc.yml @@ -48,3 +48,4 @@ mounts: us-east-2a: 10.101.100.246 us-east-2b: 10.101.101.246 us-east-2c: 10.101.102.246 +... diff --git a/ansible/playbooks/vars/mqtt.yml b/ansible/playbooks/vars/mqtt.yml index 48a8ffb..ae97f27 100644 --- a/ansible/playbooks/vars/mqtt.yml +++ b/ansible/playbooks/vars/mqtt.yml @@ -3,3 +3,4 @@ mqtt_tls_ca_cert: "/etc/pki/tls/certs/ca-bundle.crt" mqtt_tls_cert: "/etc/pki/tls/certs/{{ ansible_fqdn }}.crt" mqtt_tls_key: "/etc/pki/tls/private/{{ ansible_fqdn }}.key" +... diff --git a/ansible/playbooks/vars/pinnwand.yml b/ansible/playbooks/vars/pinnwand.yml index 773d0af..87d65c6 100644 --- a/ansible/playbooks/vars/pinnwand.yml +++ b/ansible/playbooks/vars/pinnwand.yml @@ -62,3 +62,4 @@ pinnwand_config: consume: 2 refill: 1 spamscore: 50 +... diff --git a/ansible/playbooks/vars/production/koji-common.yml b/ansible/playbooks/vars/production/koji-common.yml index a08c2df..feab453 100644 --- a/ansible/playbooks/vars/production/koji-common.yml +++ b/ansible/playbooks/vars/production/koji-common.yml @@ -11,3 +11,4 @@ koji_efs_fs_opts: - _netdev - tls - iam +... diff --git a/ansible/playbooks/vars/production/kojid.yml b/ansible/playbooks/vars/production/kojid.yml index 51b8abe..813ad90 100644 --- a/ansible/playbooks/vars/production/kojid.yml +++ b/ansible/playbooks/vars/production/kojid.yml @@ -13,3 +13,4 @@ kojid_ca_bundle: /etc/pki/tls/certs/ca-bundle.crt kojid_keytab: /etc/kojid.keytab kojid_smtp_host: smtp.rockylinux.org kojid_allowed_scm: "git.rockylinux.org:/staging/rpms/*:off:/var/srpmproc/srpmproc_wrapper git.rockylinux.org:/rocky/*:off:/var/srpmproc/srpmproc_wrapper git.rockylinux.org:/original/rpms/*:off:/var/srpmproc/srpmproc_wrapper" +... diff --git a/ansible/playbooks/vars/production/kojihub.yml b/ansible/playbooks/vars/production/kojihub.yml index 28f4677..0c0d7de 100644 --- a/ansible/playbooks/vars/production/kojihub.yml +++ b/ansible/playbooks/vars/production/kojihub.yml @@ -1,7 +1,7 @@ --- # koji hub settings # This should be the front-facing URL of koji -#koji_url_name: koji.rockylinux.org +# koji_url_name: koji.rockylinux.org # Use an internal CA (IPA) koji_internal_ca: true @@ -117,3 +117,4 @@ postgresql_users: postgresql_global_config_options: - option: listen_addresses value: '*' +... diff --git a/ansible/playbooks/vars/rabbitmq.yml b/ansible/playbooks/vars/rabbitmq.yml index b69071c..6428d19 100644 --- a/ansible/playbooks/vars/rabbitmq.yml +++ b/ansible/playbooks/vars/rabbitmq.yml @@ -9,16 +9,16 @@ rabbitmq_tls_key: "/etc/pki/tls/private/{{ ansible_fqdn }}.key" #rabbitmq_cookie: ... # Admin passwords - these should be in a vault -#rabbitmq_admin_password: ... +# rabbitmq_admin_password: ... # rabbitmq cluster list and information should be defined in hostvars to ensure # that the configuration is idempotent. -#rabbitmq_cluster_name: -#rabbitmq_env: +# rabbitmq_cluster_name: +# rabbitmq_env: # Federation / Public Queues rabbitmq_enable_public: false -#pubsub_federation_pass: +# pubsub_federation_pass: # THIS IS DYNAMIC. IT'S ADVISED IT NOT BE STATIC. # This should be changed depending on how inventory is managed. For example, if @@ -42,3 +42,4 @@ ipa_getcert_requested_hostnames: postcmd: "/bin/systemctl restart rabbitmq-server" cnames: - "rabbitmq-{{ rabbitmq_env }}.rockylinux.org" +... diff --git a/ansible/playbooks/vars/sigul_bridge.yml b/ansible/playbooks/vars/sigul_bridge.yml index e483f5e..378fd20 100644 --- a/ansible/playbooks/vars/sigul_bridge.yml +++ b/ansible/playbooks/vars/sigul_bridge.yml @@ -14,3 +14,4 @@ ipa_getcert_requested_hostnames: owner: sigul nss_db_dir: "{{ sigul_nss_dir }}" nss_nickname: "{{ sigul_bridge_cert_nickname }}" +... diff --git a/ansible/playbooks/vars/sigul_server.yml b/ansible/playbooks/vars/sigul_server.yml index 5b2ef00..8bf07ed 100644 --- a/ansible/playbooks/vars/sigul_server.yml +++ b/ansible/playbooks/vars/sigul_server.yml @@ -12,3 +12,4 @@ ipa_getcert_requested_hostnames: owner: sigul nss_db_dir: "{{ sigul_nss_dir }}" nss_nickname: "{{ sigul_server_cert_nickname }}" +... diff --git a/ansible/playbooks/vars/staging/koji-common.yml b/ansible/playbooks/vars/staging/koji-common.yml index a08c2df..feab453 100644 --- a/ansible/playbooks/vars/staging/koji-common.yml +++ b/ansible/playbooks/vars/staging/koji-common.yml @@ -11,3 +11,4 @@ koji_efs_fs_opts: - _netdev - tls - iam +... diff --git a/ansible/playbooks/vars/staging/kojid.yml b/ansible/playbooks/vars/staging/kojid.yml index 65cb973..b547cad 100644 --- a/ansible/playbooks/vars/staging/kojid.yml +++ b/ansible/playbooks/vars/staging/kojid.yml @@ -13,3 +13,4 @@ kojid_ca_bundle: /etc/pki/tls/certs/ca-bundle.crt kojid_keytab: /etc/kojid.keytab kojid_smtp_host: smtp.rockylinux.org kojid_allowed_scm: "git.rockylinux.org:/staging/rpms/*:off:/var/srpmproc/srpmproc_wrapper git.rockylinux.org:/rocky/*:off:/var/srpmproc/srpmproc_wrapper git.rockylinux.org:/original/rpms/*:off:/var/srpmproc/srpmproc_wrapper" +... diff --git a/ansible/playbooks/vars/staging/kojihub.yml b/ansible/playbooks/vars/staging/kojihub.yml index 7d6cf0b..1d6d705 100644 --- a/ansible/playbooks/vars/staging/kojihub.yml +++ b/ansible/playbooks/vars/staging/kojihub.yml @@ -1,7 +1,7 @@ --- # koji hub settings # This should be the front-facing URL of koji -#koji_url_name: kojistg.rockylinux.org +# koji_url_name: kojistg.rockylinux.org # Use an internal CA (IPA) koji_internal_ca: true @@ -117,3 +117,4 @@ postgresql_users: postgresql_global_config_options: - option: listen_addresses value: '*' +... diff --git a/ansible/playbooks/vars/wikijs.yml b/ansible/playbooks/vars/wikijs.yml index e66085a..bbea24d 100644 --- a/ansible/playbooks/vars/wikijs.yml +++ b/ansible/playbooks/vars/wikijs.yml @@ -107,3 +107,4 @@ nginx_config_http_template: custom_options: - "proxy_pass http://localhost:3000/;" http_demo_conf: false +... diff --git a/ansible/roles/requirements.yml b/ansible/roles/requirements.yml index ac9e165..ddde038 100644 --- a/ansible/roles/requirements.yml +++ b/ansible/roles/requirements.yml @@ -62,3 +62,4 @@ collections: # source: https://github.com/rocky-linux/taiga-ansible.git # type: git # version: master +... From 65a83babc9f48edd21b99b9500ac6f1ee8dc19bf Mon Sep 17 00:00:00 2001 From: akatch Date: Mon, 30 Aug 2021 19:18:39 -0500 Subject: [PATCH 02/14] Add automation for bootstrapping an openQA developer box (#14994) * Add automation for bootstrapping an openQA developer box This PR adds the playbook `init-rocky-openqa-developer-host.yml`, to be used for bootstrapping developer instances of OpenQA. This playbook mostly follows the automation from [this repo](https://github.com/rocky-linux/OpenQA-Fedora-Installation). * Add suggestions from @nazunalika --- .../init-rocky-openqa-developer-host.yml | 40 +++++ ansible/playbooks/tasks/openqa.yml | 148 ++++++++++++++++++ .../templates/etc/openqa/client.conf.j2 | 3 + .../templates/etc/openqa/openqa.ini.j2 | 6 + ansible/playbooks/vars/openqa.yml | 67 ++++++++ 5 files changed, 264 insertions(+) create mode 100644 ansible/playbooks/init-rocky-openqa-developer-host.yml create mode 100644 ansible/playbooks/tasks/openqa.yml create mode 100644 ansible/playbooks/templates/etc/openqa/client.conf.j2 create mode 100644 ansible/playbooks/templates/etc/openqa/openqa.ini.j2 create mode 100644 ansible/playbooks/vars/openqa.yml diff --git a/ansible/playbooks/init-rocky-openqa-developer-host.yml b/ansible/playbooks/init-rocky-openqa-developer-host.yml new file mode 100644 index 0000000..1de39a1 --- /dev/null +++ b/ansible/playbooks/init-rocky-openqa-developer-host.yml @@ -0,0 +1,40 @@ +# Sets up local OpenQA testing environment +# This playbook is *NOT* intended for WAN-facing systems! +# Created: @akatch +--- +- name: Rocky OpenQA Runbook + hosts: localhost + connection: local + become: true + vars_files: + - vars/openqa.yml + + # This is to try to avoid the handler issue in pre/post tasks + handlers: + - import_tasks: handlers/main.yml + + pre_tasks: + - name: Check if ansible cannot be run here + stat: + path: /etc/no-ansible + register: no_ansible + + - name: Verify if we can run ansible + assert: + that: + - "not no_ansible.stat.exists" + success_msg: "We are able to run on this node" + fail_msg: "/etc/no-ansible exists - skipping run on this node" + + tasks: + - name: Install and configure OpenQA + import_tasks: tasks/openqa.yml + + post_tasks: + - name: Touching run file that ansible has ran here + file: + path: /var/log/ansible.run + state: touch + mode: '0644' + owner: root + group: root diff --git a/ansible/playbooks/tasks/openqa.yml b/ansible/playbooks/tasks/openqa.yml new file mode 100644 index 0000000..725c33a --- /dev/null +++ b/ansible/playbooks/tasks/openqa.yml @@ -0,0 +1,148 @@ +--- +- name: Install OpenQA packages + yum: + name: "{{ openqa_packages }}" + state: present + +- name: Copy httpd configuration files + copy: + remote_src: true + src: /etc/httpd/conf.d/{{ item }}.template + dest: /etc/httpd/conf.d/{{ item }} + loop: + - openqa.conf + - openqa-ssl.conf + notify: restart_httpd + +- name: Template OpenQA configuration files + template: + src: etc/openqa/{{ item }}.j2 + dest: /etc/openqa/{{ item }} + owner: "{{ openqa_user }}" + group: "{{ openqa_group }}" + mode: "0444" + loop: + - openqa.ini + - client.conf + +- name: Get service facts + service_facts: + +- name: Check for non-empty postgres data directory + stat: + path: /var/lib/pgsql/data + register: postgres_data_dir + +- name: If postgresql is not already running, initialize database + command: postgresql-setup --initdb + when: not ( ansible_facts.services["postgresql.service"]["state"] == "running" ) + and not postgres_data_dir.stat.exists + +- name: Enable and start postgresql service + systemd: + name: postgresql + state: started + enabled: true + when: not ( ansible_facts.services["postgresql.service"]["state"] == "running" ) + and not postgres_data_dir.stat.exists + +- name: Configure SELinux to allow httpd connection to network + seboolean: + name: httpd_can_network_connect + state: true + persistent: true + +- name: Enable and start OpenQA services + systemd: + name: "{{ item }}" + state: started + enabled: true + loop: "{{ openqa_services }}" + +- name: Permit traffic for {{ item }} service + ansible.posix.firewalld: + service: "{{ item }}" + permanent: true + state: enabled + loop: + - httpd + - openqa-vnc + +- name: Permit VNC traffic for local workers + ansible.posix.firewalld: + port: "{{ openqa_min_vnc_port }}-{{ openqa_max_vnc_port }}/tcp" + permanent: true + state: enabled + +- name: Reload FirewallD + systemd: + name: firewalld + state: reloaded + +- name: Check for existing repository + stat: + path: "{{ openqa_homedir }}/share/tests/rocky" + register: rocky_testing_repo + +- name: Clone repository if it does not already exist + git: + accept_hostkey: true + dest: "{{ openqa_homedir }}/share/tests/rocky" + repo: "{{ openqa_rocky_testing_repo }}" + version: develop + when: not rocky_testing_repo.stat.exists + +- name: Set permissions on repo dir + file: + path: "{{ openqa_homedir }}/share/tests/rocky" + recurse: true + owner: "{{ openqa_user }}" + group: "{{ openqa_group }}" + mode: "0775" + +- name: Run fifloader.py + command: ./fifloader.py -l -c templates.fif.json templates-updates.fif.json + args: + chdir: "{{ openqa_homedir }}/share/tests/rocky" + +- name: Create ISO directory + file: + path: "{{ openqa_homedir }}/share/factory/iso/fixed" + state: directory + owner: "{{ openqa_user }}" + group: "{{ openqa_group }}" + mode: "0775" + +- name: Download ISOs + get_url: + dest: "{{ openqa_homedir }}/share/factory/iso/fixed/" + url: "{{ rocky_iso_download_url }}/{{ item }}" + owner: "{{ openqa_user }}" + group: "{{ openqa_group }}" + mode: "0775" + loop: + - CHECKSUM + - Rocky-{{ rocky_version }}-{{ rocky_arch }}-boot.iso + - Rocky-{{ rocky_version }}-{{ rocky_arch }}-dvd1.iso + - Rocky-{{ rocky_version }}-{{ rocky_arch }}-minimal.iso + +- name: Verify ISO checksums + command: shasum -a 256 --ignore-missing -c CHECKSUM + args: + chdir: "{{ openqa_homedir }}/share/factory/iso/fixed" + +- name: Start OpenQA worker + ansible.builtin.systemd: + name: "openqa-worker@1" + state: started + enabled: true + +- name: POST a job + command: | + openqa-cli api -X POST isos \ + ISO=Rocky-{{ rocky_version }}-{{ rocky_arch }}-minimal.iso \ + ARCH={{ rocky_arch }} \ + DISTRI=rocky \ + FLAVOR=minimal-iso \ + VERSION={{ rocky_version }} \ + BUILD="{{ '%Y%m%d.%H%M%S' | strftime }}.0" diff --git a/ansible/playbooks/templates/etc/openqa/client.conf.j2 b/ansible/playbooks/templates/etc/openqa/client.conf.j2 new file mode 100644 index 0000000..a0d7254 --- /dev/null +++ b/ansible/playbooks/templates/etc/openqa/client.conf.j2 @@ -0,0 +1,3 @@ +[{{ openqa_host }}] +key = {{ openqa_client_key }} +secret = {{ openqa_client_secret }} diff --git a/ansible/playbooks/templates/etc/openqa/openqa.ini.j2 b/ansible/playbooks/templates/etc/openqa/openqa.ini.j2 new file mode 100644 index 0000000..932c182 --- /dev/null +++ b/ansible/playbooks/templates/etc/openqa/openqa.ini.j2 @@ -0,0 +1,6 @@ +[global] +branding=plain +download_domains = rockylinux.org fedoraproject.org opensuse.org + +[auth] +method = Fake diff --git a/ansible/playbooks/vars/openqa.yml b/ansible/playbooks/vars/openqa.yml new file mode 100644 index 0000000..8d3883a --- /dev/null +++ b/ansible/playbooks/vars/openqa.yml @@ -0,0 +1,67 @@ +--- +# Default OpenQA user and group +openqa_user: geekotest +openqa_group: geekotest + +# OpenQA data directory +openqa_homedir: /var/lib/openqa + +# URL for the repository containing the RockyLinux test automation +openqa_rocky_testing_repo: "https://github.com/rocky-linux/os-autoinst-distri-rocky.git" + +# The RockyLinux version to fetch for testing +rocky_version: 8.4 + +# The RockyLinux architecture to fetch for testing +rocky_arch: x86_64 + +# Public download URL for RockyLinux ISOs +rocky_iso_download_url: "https://download.rockylinux.org/pub/rocky/8/isos/{{ rocky_arch }}" + +# The host the openqa-cli should access when it runs. +# Change this if you want to access your OpenQA via an +# alternative URL +openqa_host: localhost + +# These are the default client credentials. +# They will expire 24 hours after installation and must +# be replaced with new ones. +openqa_client_key: 1234567890ABCDEF +openqa_client_secret: 1234567890ABCDEF + +# The number of workers to enable on this system +openqa_worker_count: 1 + +# Port range to open for VNC access to local workers. +# The max port should be 5990 + n where n is the total +# number of workers you want to enable on your system. +openqa_min_vnc_port: 5991 +openqa_max_vnc_port: "{{ 5990 + openqa_worker_count|int }}" + +# Packages to install +openqa_packages: +- git +- vim-enhanced +- openqa +- openqa-httpd +- openqa-worker +- fedora-messaging +- guestfs-tools +- libguestfs-xfs +- python3-fedfind +- python3-libguestfs +- libvirt-daemon-config-network +- virt-install +- withlock +- postgresql-server +- perl-REST-Client + +# Services to start and enable +openqa_services: +- sshd +- httpd +- openqa-gru +- openqa-scheduler +- openqa-websockets +- openqa-webui +- fm-consumer@fedora_openqa_scheduler From 8780f712a6835d8bd1de4cf41afd1487a8045930 Mon Sep 17 00:00:00 2001 From: nazunalika Date: Mon, 30 Aug 2021 17:21:56 -0700 Subject: [PATCH 03/14] fix lints --- ansible/playbooks/vars/openqa.yml | 44 ++++++++++++++--------------- ansible/playbooks/vars/rabbitmq.yml | 2 +- 2 files changed, 23 insertions(+), 23 deletions(-) diff --git a/ansible/playbooks/vars/openqa.yml b/ansible/playbooks/vars/openqa.yml index 8d3883a..f095d4e 100644 --- a/ansible/playbooks/vars/openqa.yml +++ b/ansible/playbooks/vars/openqa.yml @@ -40,28 +40,28 @@ openqa_max_vnc_port: "{{ 5990 + openqa_worker_count|int }}" # Packages to install openqa_packages: -- git -- vim-enhanced -- openqa -- openqa-httpd -- openqa-worker -- fedora-messaging -- guestfs-tools -- libguestfs-xfs -- python3-fedfind -- python3-libguestfs -- libvirt-daemon-config-network -- virt-install -- withlock -- postgresql-server -- perl-REST-Client + - git + - vim-enhanced + - openqa + - openqa-httpd + - openqa-worker + - fedora-messaging + - guestfs-tools + - libguestfs-xfs + - python3-fedfind + - python3-libguestfs + - libvirt-daemon-config-network + - virt-install + - withlock + - postgresql-server + - perl-REST-Client # Services to start and enable openqa_services: -- sshd -- httpd -- openqa-gru -- openqa-scheduler -- openqa-websockets -- openqa-webui -- fm-consumer@fedora_openqa_scheduler + - sshd + - httpd + - openqa-gru + - openqa-scheduler + - openqa-websockets + - openqa-webui + - fm-consumer@fedora_openqa_scheduler diff --git a/ansible/playbooks/vars/rabbitmq.yml b/ansible/playbooks/vars/rabbitmq.yml index 6428d19..edec714 100644 --- a/ansible/playbooks/vars/rabbitmq.yml +++ b/ansible/playbooks/vars/rabbitmq.yml @@ -6,7 +6,7 @@ rabbitmq_tls_key: "/etc/pki/tls/private/{{ ansible_fqdn }}.key" # These should be in a vault, with a different value. Generated by: # dd if=/dev/urandom bs=30 count=1 | base64 -#rabbitmq_cookie: ... +# rabbitmq_cookie: ... # Admin passwords - these should be in a vault # rabbitmq_admin_password: ... From d2b9157848ac8d877b7d1d4521ff17197e9ea18c Mon Sep 17 00:00:00 2001 From: nazunalika Date: Mon, 30 Aug 2021 17:25:18 -0700 Subject: [PATCH 04/14] fix lints --- ansible/playbooks/init-rocky-openqa-developer-host.yml | 1 + ansible/playbooks/tasks/openqa.yml | 7 +++++++ ansible/playbooks/vars/openqa.yml | 1 + 3 files changed, 9 insertions(+) diff --git a/ansible/playbooks/init-rocky-openqa-developer-host.yml b/ansible/playbooks/init-rocky-openqa-developer-host.yml index 1de39a1..bbe037b 100644 --- a/ansible/playbooks/init-rocky-openqa-developer-host.yml +++ b/ansible/playbooks/init-rocky-openqa-developer-host.yml @@ -38,3 +38,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/tasks/openqa.yml b/ansible/playbooks/tasks/openqa.yml index 725c33a..791fa35 100644 --- a/ansible/playbooks/tasks/openqa.yml +++ b/ansible/playbooks/tasks/openqa.yml @@ -9,6 +9,9 @@ remote_src: true src: /etc/httpd/conf.d/{{ item }}.template dest: /etc/httpd/conf.d/{{ item }} + mode: '0644' + owner: root + group: root loop: - openqa.conf - openqa-ssl.conf @@ -102,6 +105,7 @@ - name: Run fifloader.py command: ./fifloader.py -l -c templates.fif.json templates-updates.fif.json + changed_when: "1 != 1" args: chdir: "{{ openqa_homedir }}/share/tests/rocky" @@ -128,6 +132,7 @@ - name: Verify ISO checksums command: shasum -a 256 --ignore-missing -c CHECKSUM + changed_when: "1 != 1" args: chdir: "{{ openqa_homedir }}/share/factory/iso/fixed" @@ -146,3 +151,5 @@ FLAVOR=minimal-iso \ VERSION={{ rocky_version }} \ BUILD="{{ '%Y%m%d.%H%M%S' | strftime }}.0" + changed_when: "1 != 1" +... diff --git a/ansible/playbooks/vars/openqa.yml b/ansible/playbooks/vars/openqa.yml index f095d4e..eccbea4 100644 --- a/ansible/playbooks/vars/openqa.yml +++ b/ansible/playbooks/vars/openqa.yml @@ -65,3 +65,4 @@ openqa_services: - openqa-websockets - openqa-webui - fm-consumer@fedora_openqa_scheduler +... From 2891c562c80463c81396747196bdf1cb5ac45a08 Mon Sep 17 00:00:00 2001 From: Al Bowles Date: Thu, 2 Sep 2021 08:45:26 -0500 Subject: [PATCH 05/14] Fixes for a few openQA dev setup bugs While prepping for my demo to the testing team, I ran into a few issues. These did not come up earlier as I was using an incomplete method for nuking my local openQA install to test this automation. - Check for Postgres data directory now correctly checks for a `base` dir rather than its parent `data` (which can exist but be empty if Postgres has been installed but not initialized - firewalld service is named `http`, not `httpd` - Automation now "logs in" to web UI, allowing fifloader.py to execute --- ansible/playbooks/tasks/openqa.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/ansible/playbooks/tasks/openqa.yml b/ansible/playbooks/tasks/openqa.yml index 791fa35..46ce7d9 100644 --- a/ansible/playbooks/tasks/openqa.yml +++ b/ansible/playbooks/tasks/openqa.yml @@ -33,7 +33,7 @@ - name: Check for non-empty postgres data directory stat: - path: /var/lib/pgsql/data + path: /var/lib/pgsql/data/base register: postgres_data_dir - name: If postgresql is not already running, initialize database @@ -68,7 +68,7 @@ permanent: true state: enabled loop: - - httpd + - http - openqa-vnc - name: Permit VNC traffic for local workers @@ -103,6 +103,11 @@ group: "{{ openqa_group }}" mode: "0775" +# fifloader.py will fail if the Demo user is not logged in +- name: Authenticate to web UI the first time + uri: + url: "http://{{ openqa_host }}/login" + - name: Run fifloader.py command: ./fifloader.py -l -c templates.fif.json templates-updates.fif.json changed_when: "1 != 1" From a0829258e3297c443cdee27ed467b9622c1ada5f Mon Sep 17 00:00:00 2001 From: Al Bowles Date: Thu, 2 Sep 2021 09:53:52 -0500 Subject: [PATCH 06/14] Worker start task now honors the openqa_worker_count parameter --- ansible/playbooks/tasks/openqa.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/ansible/playbooks/tasks/openqa.yml b/ansible/playbooks/tasks/openqa.yml index 46ce7d9..8fc48e7 100644 --- a/ansible/playbooks/tasks/openqa.yml +++ b/ansible/playbooks/tasks/openqa.yml @@ -141,11 +141,14 @@ args: chdir: "{{ openqa_homedir }}/share/factory/iso/fixed" -- name: Start OpenQA worker +- name: Start {{ openqa_worker_count }} OpenQA workers ansible.builtin.systemd: - name: "openqa-worker@1" + name: "openqa-worker@{{ item }}" state: started enabled: true + # range 'end' parameter is exclusive, so add 1 + loop: "{{ range(1, (openqa_worker_count|int + 1)) | list }}" + tags: start_workers - name: POST a job command: | From 4929e29f9a6ad357cd22c8c75430ecd8a832cd2e Mon Sep 17 00:00:00 2001 From: nazunalika Date: Sat, 11 Sep 2021 00:29:50 -0700 Subject: [PATCH 07/14] add badges --- README.md | 3 ++- ansible/playbooks/vars/.gitlab.yml.swp | Bin 0 -> 12288 bytes 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 ansible/playbooks/vars/.gitlab.yml.swp diff --git a/README.md b/README.md index db1e1c8..fdfe8b0 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # Infrastructure +![Rocky Linux Infrastructure (develop)](https://img.shields.io/github/last-commit/rocky-linux/infrastructure/develop) ![Rocky Linux Infrastructure repo issues](https://img.shields.io/github/issues/rocky-linux/infrastructure) ![GitHub Workflow Status - Ansible Lint](https://img.shields.io/github/workflow/status/rocky-linux/infrastructure/Ansible%20Lint) ![GitHub Workflow Status - YAML Lint](https://img.shields.io/github/workflow/status/rocky-linux/infrastructure/YAML%20Lint) + We will add more data here soon ``` @@ -21,4 +23,3 @@ The main branch is the top level branch that should, in most circumstances, not * main * develop - diff --git a/ansible/playbooks/vars/.gitlab.yml.swp b/ansible/playbooks/vars/.gitlab.yml.swp new file mode 100644 index 0000000000000000000000000000000000000000..8c7e8b9a9d3fc27445e87308dae6f2851b989272 GIT binary patch literal 12288 zcmeHNO^6&t6z;?%CTgOn2O|iTU6ftObZ-(i#)XlDHA-;vqq~VGDXY6{W-8m$)v2o9 z-7!QDxr!kEAYMiA?m>bly=e3zh=_U>gm@9p3Vv1H(>pyo8*^0YVZWX3s#mYx`|7<{ zwQPlRm(H9eC;X!xJ`Z@_jp#6Y`2BgW|KmE=VM2U=6*QHwZ zQ*P=5UvmnBt}uZ}JBn$e^2p?h2Q1YhOn8tbY!FJhs)IGAw3WmVf6%`ZE9!GKZw&(t z1LF+r_l_MsGG|+-rw);a9=td%(7ZPcGz>HhGz>HhGz>HhGz>HhGz|QY88F!n?{)aM zv-I($@_WbFclp|UH4HQiGz>HhGz>HhGz>HhGz>HhGz>HhGz>Hh{0A9evFE*kKmK>^ zg7NtO|M2hsKkxUvFM*GMD?kPu2lfEFfgcWd-eKmhCnZr$s7-vOTh*MS#-L%?tMc-~FmJa7&;4$K3;@AJHGfUkiMfa^d9 zcp7*VxV6{wz6WjqZv$6>^S}(S7x?9F*bRILTm@bL4g!w=f9>(SpMjr%FM!X1kAZ8z z%fKu!1MCBC?#A4}Jn$H>57-O*3Ld`#J_X(cBH#${IItJ6Jl_R0pN4^d3j@CId>O zWD0j~e1$7KgG8kHhA&lj%5_F5>vO%}o-?UU)Q=a)RFG>G;KmP2f>5MEM{LmI(hiNd zGTPU@ax~tkl`}%77JCFk1knD*dD>6TM)WX?Y_H|HO$qivS zDBBh93fy5DP-g-idLlXkesT(1Cwe;4?`*pxZMV}jQ48NNT%|0bxk@m&XH2FS0(+%u zY4o7ltfH(B0EI! zHLmbzS9ws4)_s%Fh|!L4WCVzzAX^oINp#>sJcw8;%+omGexyvr<8WNYOb`5Q9aoo> z8BcBezy#45(7uc<^{Grjed&kOh-s@O8Er3Ci)zD^fedB2krM^c(c`JH5n5zoB9TA! zNn+V&!e(g~--#c|e!YKW-Pe1FbQrzT6Z(v`*?CYl~Q5Zr{+&QS=Yhh zSaEHAw(k4ejILs}!x9a~rpfZzl?x=2X-9N(!DfL0vEMuCjk5)-H zy=$LfR@uHqzRyih+E8+tPm%g{KXYL_@w?uf73p^D#8dV5qWW$+h;0)~f&8XPxMl9G zalG`*sS9MWmUY9lvoRP-o8x7Umb}`H+4iBM$cD1r7Q(xF;(Q=C<-GcwmF{U`Btb45COVILglV$GjXs@5YLFRQk(Zaq zGA3&k{)`kKUJn_+Dldx1LZM=~T^q%EZ1*lB1w!RkRy4Hu=AId{Xf@ApP$@QHTq+M_ zX3BfzLD7qh83rj7P*hAtF|Vb0Odj1W+if?PrSdFmtES=vEV*I~5mzF$FjC>HSkM-7 zqVdk-P2Z|BQT=!}Va0-K$%gwfCfVkARP1=v@IH1cV{4T?uRtCpEGTML@#3p+%4@Y+ F-rq8xuoeIS literal 0 HcmV?d00001 From 0a983db61c4f9d20ff3007d4ff36548a7638d7a8 Mon Sep 17 00:00:00 2001 From: nazunalika Date: Thu, 23 Sep 2021 13:35:06 -0700 Subject: [PATCH 08/14] add ansible.utils --- ansible/playbooks/vars/.gitlab.yml.swp | Bin 12288 -> 0 bytes ansible/roles/requirements.yml | 1 + 2 files changed, 1 insertion(+) delete mode 100644 ansible/playbooks/vars/.gitlab.yml.swp diff --git a/ansible/playbooks/vars/.gitlab.yml.swp b/ansible/playbooks/vars/.gitlab.yml.swp deleted file mode 100644 index 8c7e8b9a9d3fc27445e87308dae6f2851b989272..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 12288 zcmeHNO^6&t6z;?%CTgOn2O|iTU6ftObZ-(i#)XlDHA-;vqq~VGDXY6{W-8m$)v2o9 z-7!QDxr!kEAYMiA?m>bly=e3zh=_U>gm@9p3Vv1H(>pyo8*^0YVZWX3s#mYx`|7<{ zwQPlRm(H9eC;X!xJ`Z@_jp#6Y`2BgW|KmE=VM2U=6*QHwZ zQ*P=5UvmnBt}uZ}JBn$e^2p?h2Q1YhOn8tbY!FJhs)IGAw3WmVf6%`ZE9!GKZw&(t z1LF+r_l_MsGG|+-rw);a9=td%(7ZPcGz>HhGz>HhGz>HhGz>HhGz|QY88F!n?{)aM zv-I($@_WbFclp|UH4HQiGz>HhGz>HhGz>HhGz>HhGz>HhGz>Hh{0A9evFE*kKmK>^ zg7NtO|M2hsKkxUvFM*GMD?kPu2lfEFfgcWd-eKmhCnZr$s7-vOTh*MS#-L%?tMc-~FmJa7&;4$K3;@AJHGfUkiMfa^d9 zcp7*VxV6{wz6WjqZv$6>^S}(S7x?9F*bRILTm@bL4g!w=f9>(SpMjr%FM!X1kAZ8z z%fKu!1MCBC?#A4}Jn$H>57-O*3Ld`#J_X(cBH#${IItJ6Jl_R0pN4^d3j@CId>O zWD0j~e1$7KgG8kHhA&lj%5_F5>vO%}o-?UU)Q=a)RFG>G;KmP2f>5MEM{LmI(hiNd zGTPU@ax~tkl`}%77JCFk1knD*dD>6TM)WX?Y_H|HO$qivS zDBBh93fy5DP-g-idLlXkesT(1Cwe;4?`*pxZMV}jQ48NNT%|0bxk@m&XH2FS0(+%u zY4o7ltfH(B0EI! zHLmbzS9ws4)_s%Fh|!L4WCVzzAX^oINp#>sJcw8;%+omGexyvr<8WNYOb`5Q9aoo> z8BcBezy#45(7uc<^{Grjed&kOh-s@O8Er3Ci)zD^fedB2krM^c(c`JH5n5zoB9TA! zNn+V&!e(g~--#c|e!YKW-Pe1FbQrzT6Z(v`*?CYl~Q5Zr{+&QS=Yhh zSaEHAw(k4ejILs}!x9a~rpfZzl?x=2X-9N(!DfL0vEMuCjk5)-H zy=$LfR@uHqzRyih+E8+tPm%g{KXYL_@w?uf73p^D#8dV5qWW$+h;0)~f&8XPxMl9G zalG`*sS9MWmUY9lvoRP-o8x7Umb}`H+4iBM$cD1r7Q(xF;(Q=C<-GcwmF{U`Btb45COVILglV$GjXs@5YLFRQk(Zaq zGA3&k{)`kKUJn_+Dldx1LZM=~T^q%EZ1*lB1w!RkRy4Hu=AId{Xf@ApP$@QHTq+M_ zX3BfzLD7qh83rj7P*hAtF|Vb0Odj1W+if?PrSdFmtES=vEV*I~5mzF$FjC>HSkM-7 zqVdk-P2Z|BQT=!}Va0-K$%gwfCfVkARP1=v@IH1cV{4T?uRtCpEGTML@#3p+%4@Y+ F-rq8xuoeIS diff --git a/ansible/roles/requirements.yml b/ansible/roles/requirements.yml index ddde038..075550e 100644 --- a/ansible/roles/requirements.yml +++ b/ansible/roles/requirements.yml @@ -52,6 +52,7 @@ collections: - name: community.mysql - name: community.rabbitmq - name: ansible.posix + - name: ansible.utils - name: ktdreyer.koji_ansible - name: netbox.netbox - name: community.aws From fb12494308e03a423b97928ed52e05965a5a47ed Mon Sep 17 00:00:00 2001 From: Lukas Magauer <42647570+lumarel@users.noreply.github.com> Date: Sun, 26 Sep 2021 14:17:35 +0200 Subject: [PATCH 09/14] Remove openqa-vnc firewall service as ports get directly added (#14997) Co-authored-by: lumarel --- ansible/playbooks/tasks/openqa.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/ansible/playbooks/tasks/openqa.yml b/ansible/playbooks/tasks/openqa.yml index 8fc48e7..928fd44 100644 --- a/ansible/playbooks/tasks/openqa.yml +++ b/ansible/playbooks/tasks/openqa.yml @@ -69,7 +69,6 @@ state: enabled loop: - http - - openqa-vnc - name: Permit VNC traffic for local workers ansible.posix.firewalld: From ed95b07b821542fb6286220061013278db885042 Mon Sep 17 00:00:00 2001 From: Trevor Cooper Date: Tue, 26 Oct 2021 20:31:01 -0700 Subject: [PATCH 10/14] Fix openqa iso download and repo permissions (#14998) * use built-in checksum of ansible get_url * do not make everything executable, enable write by geekotest group --- ansible/playbooks/tasks/openqa.yml | 24 ++++++++---------------- ansible/playbooks/vars/openqa.yml | 9 +++++++++ 2 files changed, 17 insertions(+), 16 deletions(-) diff --git a/ansible/playbooks/tasks/openqa.yml b/ansible/playbooks/tasks/openqa.yml index 928fd44..e824513 100644 --- a/ansible/playbooks/tasks/openqa.yml +++ b/ansible/playbooks/tasks/openqa.yml @@ -94,13 +94,13 @@ version: develop when: not rocky_testing_repo.stat.exists -- name: Set permissions on repo dir +- name: Set owner/group/permissions on repo contents file: path: "{{ openqa_homedir }}/share/tests/rocky" recurse: true owner: "{{ openqa_user }}" group: "{{ openqa_group }}" - mode: "0775" + mode: "u+rwX,g+rwX,o+rX,o-w" # fifloader.py will fail if the Demo user is not logged in - name: Authenticate to web UI the first time @@ -123,22 +123,14 @@ - name: Download ISOs get_url: - dest: "{{ openqa_homedir }}/share/factory/iso/fixed/" - url: "{{ rocky_iso_download_url }}/{{ item }}" + dest: "{{ openqa_homedir }}/share/factory/iso/fixed/{{ item.name }}" + url: "{{ rocky_iso_download_url }}/{{ item.name }}" + checksum: "{{ item.checksum }}" owner: "{{ openqa_user }}" group: "{{ openqa_group }}" - mode: "0775" - loop: - - CHECKSUM - - Rocky-{{ rocky_version }}-{{ rocky_arch }}-boot.iso - - Rocky-{{ rocky_version }}-{{ rocky_arch }}-dvd1.iso - - Rocky-{{ rocky_version }}-{{ rocky_arch }}-minimal.iso - -- name: Verify ISO checksums - command: shasum -a 256 --ignore-missing -c CHECKSUM - changed_when: "1 != 1" - args: - chdir: "{{ openqa_homedir }}/share/factory/iso/fixed" + tmp_dest: "/var/tmp" + mode: "0644" + loop: "{{ openqa_isos }}" - name: Start {{ openqa_worker_count }} OpenQA workers ansible.builtin.systemd: diff --git a/ansible/playbooks/vars/openqa.yml b/ansible/playbooks/vars/openqa.yml index eccbea4..6f4b089 100644 --- a/ansible/playbooks/vars/openqa.yml +++ b/ansible/playbooks/vars/openqa.yml @@ -18,6 +18,15 @@ rocky_arch: x86_64 # Public download URL for RockyLinux ISOs rocky_iso_download_url: "https://download.rockylinux.org/pub/rocky/8/isos/{{ rocky_arch }}" +# Rocky Linux ISOs +openqa_isos: + - name: "Rocky-{{ rocky_version }}-{{ rocky_arch }}-boot.iso" + checksum: "sha256:53a62a72881b931bdad6b13bcece7c3a2d4ca9c4a2f1e1a8029d081dd25ea61f" + - name: "Rocky-{{ rocky_version }}-{{ rocky_arch }}-dvd1.iso" + checksum: "sha256:ffe2fae67da6702d859cfb0b321561a5d616ce87a963d8a25b018c9c3d52d9a4" + - name: "Rocky-{{ rocky_version }}-{{ rocky_arch }}-minimal.iso" + checksum: "sha256:0de5f12eba93e00fefc06cdb0aa4389a0972a4212977362ea18bde46a1a1aa4f" + # The host the openqa-cli should access when it runs. # Change this if you want to access your OpenQA via an # alternative URL From 483e9106281149fdeb4a71c8991dc0acd230688d Mon Sep 17 00:00:00 2001 From: Russ Butler Date: Tue, 26 Oct 2021 22:31:41 -0500 Subject: [PATCH 11/14] Create openqa-vnc service to prevent conflict (#14999) Create a firewalld service to open the ports for VNC traffic. This prevents ansible from creating an invalid firewalld configuration and bringing down networking on Fedora 34 workstation due to overlapping ports. --- ansible/playbooks/tasks/openqa.yml | 20 +++++++++++++------ .../etc/firewalld/services/openqa-vnc.xml.j2 | 4 ++++ 2 files changed, 18 insertions(+), 6 deletions(-) create mode 100644 ansible/playbooks/templates/etc/firewalld/services/openqa-vnc.xml.j2 diff --git a/ansible/playbooks/tasks/openqa.yml b/ansible/playbooks/tasks/openqa.yml index e824513..51d5402 100644 --- a/ansible/playbooks/tasks/openqa.yml +++ b/ansible/playbooks/tasks/openqa.yml @@ -62,6 +62,19 @@ enabled: true loop: "{{ openqa_services }}" +- name: Create openqa-vnc firewalld service + template: + src: etc/firewalld/services/openqa-vnc.xml.j2 + dest: /etc/firewalld/services/openqa-vnc.xml + owner: root + group: root + mode: "0644" + +- name: Load openqa-vnc firewalld service + systemd: + name: firewalld + state: reloaded + - name: Permit traffic for {{ item }} service ansible.posix.firewalld: service: "{{ item }}" @@ -69,12 +82,7 @@ state: enabled loop: - http - -- name: Permit VNC traffic for local workers - ansible.posix.firewalld: - port: "{{ openqa_min_vnc_port }}-{{ openqa_max_vnc_port }}/tcp" - permanent: true - state: enabled + - openqa-vnc - name: Reload FirewallD systemd: diff --git a/ansible/playbooks/templates/etc/firewalld/services/openqa-vnc.xml.j2 b/ansible/playbooks/templates/etc/firewalld/services/openqa-vnc.xml.j2 new file mode 100644 index 0000000..e125b1c --- /dev/null +++ b/ansible/playbooks/templates/etc/firewalld/services/openqa-vnc.xml.j2 @@ -0,0 +1,4 @@ + + + + From f3216e40ba560300918edcd0f2b484072f7720f8 Mon Sep 17 00:00:00 2001 From: nazunalika Date: Fri, 29 Oct 2021 17:09:11 -0700 Subject: [PATCH 12/14] Adding requirements to prep for ansible core --- ansible/roles/requirements.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ansible/roles/requirements.yml b/ansible/roles/requirements.yml index 075550e..b8c13be 100644 --- a/ansible/roles/requirements.yml +++ b/ansible/roles/requirements.yml @@ -47,7 +47,7 @@ roles: collections: # freeipa - name: freeipa.ansible_freeipa - version: 0.3.6 + version: 0.4.2 - name: community.general - name: community.mysql - name: community.rabbitmq @@ -56,6 +56,7 @@ collections: - name: ktdreyer.koji_ansible - name: netbox.netbox - name: community.aws + - name: community.libvirt - name: containers.podman - name: nginxinc.nginx_core version: 0.3.0 From faa692bf9cc3452b5d6eb24a596be2d727fbf382 Mon Sep 17 00:00:00 2001 From: nazunalika Date: Mon, 1 Nov 2021 13:33:48 -0700 Subject: [PATCH 13/14] use up to date ipsilon --- ansible/playbooks/role-rocky-ipsilon.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ansible/playbooks/role-rocky-ipsilon.yml b/ansible/playbooks/role-rocky-ipsilon.yml index 4305937..7a2ac2b 100644 --- a/ansible/playbooks/role-rocky-ipsilon.yml +++ b/ansible/playbooks/role-rocky-ipsilon.yml @@ -44,14 +44,14 @@ tags: - packages - - name: Install arrfab ipsilon repo + - name: Install rocky ipsilon repo yum_repository: - name: copr:copr.fedorainfracloud.org:arrfab:noggin - description: Copr repo for noggin owned by arrfab + name: copr:copr.fedorainfracloud.org:nalika:rocky-idp + description: Copr repo for rocky-idp owned by nalika file: copr_repos - baseurl: https://download.copr.fedorainfracloud.org/results/arrfab/noggin/epel-8-$basearch/ + baseurl: https://download.copr.fedorainfracloud.org/results/nalika/rocky-idp/epel-8-$basearch/ gpgcheck: true - gpgkey: https://download.copr.fedorainfracloud.org/results/arrfab/noggin/pubkey.gpg + gpgkey: https://download.copr.fedorainfracloud.org/results/nalika/rocky-idp/pubkey.gpg enabled: true # For now, this is sufficient for testing with a localhost cert. In the From a0e069cfad5d99a745245416aeedb8ea129fad74 Mon Sep 17 00:00:00 2001 From: akatch Date: Wed, 24 Nov 2021 15:53:07 -0600 Subject: [PATCH 14/14] [openqa] Update ISO URL and checksums for 8.5 (#15000) * Increment minor version * Update checksums and version for 8.5 * Add tags and document additional workflows for openQA developer hosts --- .../init-rocky-openqa-developer-host.yml | 12 +++++++ ansible/playbooks/tasks/openqa.yml | 32 ++++++++++++++++++- ansible/playbooks/vars/openqa.yml | 10 +++--- 3 files changed, 48 insertions(+), 6 deletions(-) diff --git a/ansible/playbooks/init-rocky-openqa-developer-host.yml b/ansible/playbooks/init-rocky-openqa-developer-host.yml index bbe037b..f462e9b 100644 --- a/ansible/playbooks/init-rocky-openqa-developer-host.yml +++ b/ansible/playbooks/init-rocky-openqa-developer-host.yml @@ -1,5 +1,17 @@ # Sets up local OpenQA testing environment # This playbook is *NOT* intended for WAN-facing systems! +# +# Usages: +# # Install and configure an openQA developer host, download all current Rocky ISOs, +# # and POST a test job +# ansible-playbook playbooks/init-rocky-openqa-developer-host.yml +# +# # Only perform ISO download tasks +# ansible-playbook playbooks/init-rocky-openqa-developer-host.yml --tags=download_isos +# +# # Only perform configuration, do not download ISOs or POST a job +# ansible-playbook playbooks/init-rocky-openqa-developer-host.yml --tags=configure +# # Created: @akatch --- - name: Rocky OpenQA Runbook diff --git a/ansible/playbooks/tasks/openqa.yml b/ansible/playbooks/tasks/openqa.yml index 51d5402..27d3585 100644 --- a/ansible/playbooks/tasks/openqa.yml +++ b/ansible/playbooks/tasks/openqa.yml @@ -3,6 +3,8 @@ yum: name: "{{ openqa_packages }}" state: present + tags: + - packages - name: Copy httpd configuration files copy: @@ -16,6 +18,8 @@ - openqa.conf - openqa-ssl.conf notify: restart_httpd + tags: + - configure - name: Template OpenQA configuration files template: @@ -27,6 +31,8 @@ loop: - openqa.ini - client.conf + tags: + - configure - name: Get service facts service_facts: @@ -54,6 +60,8 @@ name: httpd_can_network_connect state: true persistent: true + tags: + - configure - name: Enable and start OpenQA services systemd: @@ -61,6 +69,8 @@ state: started enabled: true loop: "{{ openqa_services }}" + tags: + - configure - name: Create openqa-vnc firewalld service template: @@ -69,11 +79,15 @@ owner: root group: root mode: "0644" + tags: + - configure - name: Load openqa-vnc firewalld service systemd: name: firewalld state: reloaded + tags: + - configure - name: Permit traffic for {{ item }} service ansible.posix.firewalld: @@ -83,16 +97,22 @@ loop: - http - openqa-vnc + tags: + - configure - name: Reload FirewallD systemd: name: firewalld state: reloaded + tags: + - configure - name: Check for existing repository stat: path: "{{ openqa_homedir }}/share/tests/rocky" register: rocky_testing_repo + tags: + - configure - name: Clone repository if it does not already exist git: @@ -101,6 +121,8 @@ repo: "{{ openqa_rocky_testing_repo }}" version: develop when: not rocky_testing_repo.stat.exists + tags: + - configure - name: Set owner/group/permissions on repo contents file: @@ -109,6 +131,8 @@ owner: "{{ openqa_user }}" group: "{{ openqa_group }}" mode: "u+rwX,g+rwX,o+rX,o-w" + tags: + - configure # fifloader.py will fail if the Demo user is not logged in - name: Authenticate to web UI the first time @@ -128,6 +152,8 @@ owner: "{{ openqa_user }}" group: "{{ openqa_group }}" mode: "0775" + tags: + - download_isos - name: Download ISOs get_url: @@ -139,6 +165,8 @@ tmp_dest: "/var/tmp" mode: "0644" loop: "{{ openqa_isos }}" + tags: + - download_isos - name: Start {{ openqa_worker_count }} OpenQA workers ansible.builtin.systemd: @@ -147,7 +175,9 @@ enabled: true # range 'end' parameter is exclusive, so add 1 loop: "{{ range(1, (openqa_worker_count|int + 1)) | list }}" - tags: start_workers + tags: + - start_workers + - configure - name: POST a job command: | diff --git a/ansible/playbooks/vars/openqa.yml b/ansible/playbooks/vars/openqa.yml index 6f4b089..b11e90b 100644 --- a/ansible/playbooks/vars/openqa.yml +++ b/ansible/playbooks/vars/openqa.yml @@ -10,22 +10,22 @@ openqa_homedir: /var/lib/openqa openqa_rocky_testing_repo: "https://github.com/rocky-linux/os-autoinst-distri-rocky.git" # The RockyLinux version to fetch for testing -rocky_version: 8.4 +rocky_version: 8.5 # The RockyLinux architecture to fetch for testing rocky_arch: x86_64 # Public download URL for RockyLinux ISOs -rocky_iso_download_url: "https://download.rockylinux.org/pub/rocky/8/isos/{{ rocky_arch }}" +rocky_iso_download_url: "https://download.rockylinux.org/pub/rocky/8.5/isos/{{ rocky_arch }}" # Rocky Linux ISOs openqa_isos: - name: "Rocky-{{ rocky_version }}-{{ rocky_arch }}-boot.iso" - checksum: "sha256:53a62a72881b931bdad6b13bcece7c3a2d4ca9c4a2f1e1a8029d081dd25ea61f" + checksum: "sha256:5a0dc65d1308e47b51a49e23f1030b5ee0f0ece3702483a8a6554382e893333c" - name: "Rocky-{{ rocky_version }}-{{ rocky_arch }}-dvd1.iso" - checksum: "sha256:ffe2fae67da6702d859cfb0b321561a5d616ce87a963d8a25b018c9c3d52d9a4" + checksum: "sha256:0081f8b969d0cef426530f6d618b962c7a01e71eb12a40581a83241f22dfdc25" - name: "Rocky-{{ rocky_version }}-{{ rocky_arch }}-minimal.iso" - checksum: "sha256:0de5f12eba93e00fefc06cdb0aa4389a0972a4212977362ea18bde46a1a1aa4f" + checksum: "sha256:4eb2ae6b06876205f2209e4504110fe4115b37540c21ecfbbc0ebc11084cb779" # The host the openqa-cli should access when it runs. # Change this if you want to access your OpenQA via an