Merge pull request #15001 from rocky-linux/develop

Sync with Main

README.md

@@ -1,5 +1,7 @@
 # Infrastructure
 
+![Rocky Linux Infrastructure (develop)](https://img.shields.io/github/last-commit/rocky-linux/infrastructure/develop) ![Rocky Linux Infrastructure repo issues](https://img.shields.io/github/issues/rocky-linux/infrastructure) ![GitHub Workflow Status - Ansible Lint](https://img.shields.io/github/workflow/status/rocky-linux/infrastructure/Ansible%20Lint) ![GitHub Workflow Status - YAML Lint](https://img.shields.io/github/workflow/status/rocky-linux/infrastructure/YAML%20Lint)
+
 We will add more data here soon
 
 ```
@@ -21,4 +23,3 @@ The main branch is the top level branch that should, in most circumstances, not
 
 * main
 * develop
-

ansible/README.md

@@ -156,6 +156,22 @@ When pushing to your own forked version of this repository, pre-commit must run
 
 When the linter passes, the push will complete and you will be able to open a PR.
 
+## General YAML Formatting
+
+It is recommended that each yaml file starts with `---` and ends with `...`. This can help with linting and also stating an obvious end to the file.
+
+### Plugin and Formatting Assistance
+
+The YAML format is extremely easy and can be generally followed without much to think about, the same goes with ansible's syntax. Ideally, your editor can assist with these things. If you are a vim user, the following plugins can be useful:
+
+```
+stephpy/vim-yaml
+pearofducks/ansible-vim
+vim-syntastic/syntastic
+```
+
+These can be installed using [vim-plug](https://github.com/junegunn/vim-plug).
+
 ## Initializing the Ansible Host
 
 When initializing the ansible host, you should be in `./infrastructure/ansible` so that the `ansible.cfg` is used. You will need to run the `init-rocky-ansible-host.yml` playbook and to get started, which will install all the roles and collections required for the playbooks to run.

ansible/inventories/production/group_vars/chronyservers/main.yml

@@ -2,3 +2,4 @@
 
 chrony_server: true
 chrony_allow_cidr: "10.0.0.0/16"
+...

ansible/inventories/production/group_vars/ipa/main.yml

@@ -0,0 +1,3 @@
+---
+# ipa vars
+...

ansible/inventories/production/group_vars/ipaclients/main.yml

@@ -7,3 +7,4 @@ ipaclient_no_ntp: true
 ipaclient_mkhomedir: true
 ipaclient_ssh_trust_dns: true
 ipasssd_enable_dns_updates: true
+...

ansible/inventories/production/group_vars/ipareplicas/main.yml

@@ -10,3 +10,4 @@ ipareplica_setup_ca: true
 ipareplica_setup_kra: true
 ipareplica_setup_dns: true
 ipa_dns_master: 10.100.1.110
+...

ansible/inventories/production/group_vars/ipaserver/main.yml

@@ -13,3 +13,4 @@ ipaclient_no_ntp: true
 ipaclient_mkhomedir: true
 ipaserver_no_hbac_allow: true
 ipaserver_reverse_zones: ["1.100.10.in-addr.arpa."]
+...

ansible/inventories/production/group_vars/rabbitmq/main.yml

@@ -3,3 +3,4 @@
 rabbitmq_cluster_name: "rabbit"
 rabbitmq_cluster_list: "{{ groups['rabbitmq'] }}"
 rabbitmq_env: "production"
+...

ansible/inventories/staging/group_vars/chronyservers/main.yml

@@ -2,3 +2,4 @@
 
 chrony_server: true
 chrony_allow_cidr: "10.0.0.0/16"
+...

ansible/inventories/staging/group_vars/ipa/main.yml

@@ -0,0 +1,3 @@
+---
+# ipa vars
+...

ansible/inventories/staging/group_vars/ipaclients/main.yml

@@ -7,3 +7,4 @@ ipaclient_no_ntp: true
 ipaclient_mkhomedir: true
 ipaclient_ssh_trust_dns: true
 ipasssd_enable_dns_updates: true
+...

ansible/inventories/staging/group_vars/ipareplicas/main.yml

@@ -10,3 +10,4 @@ ipareplica_setup_ca: true
 ipareplica_setup_kra: true
 ipareplica_setup_dns: true
 ipa_dns_master: 10.100.1.110
+...

ansible/inventories/staging/group_vars/ipaserver/main.yml

@@ -13,3 +13,4 @@ ipaclient_no_ntp: true
 ipaclient_mkhomedir: true
 ipaserver_no_hbac_allow: true
 ipaserver_reverse_zones: ["1.100.10.in-addr.arpa."]
+...

ansible/inventories/staging/group_vars/rabbitmq/main.yml

@@ -3,3 +3,4 @@
 rabbitmq_cluster_name: "rabbit"
 rabbitmq_cluster_list: "{{ groups['rabbitmq'] }}"
 rabbitmq_env: "staging"
+...

ansible/playbooks/adhoc-facts-refresh.yml

@@ -5,3 +5,4 @@
     - name: Force a fact refresh to have those available in local cache
       setup:
         gather_timeout: 30
+...

ansible/playbooks/adhoc-gitlab-creategroup.yml

@@ -38,3 +38,4 @@
         visibility: "{{ gitlab_visibility|default('private') }}"
       delegate_to: localhost
       register: gitlab_group_return
+...

ansible/playbooks/adhoc-gitlab-createproject.yml

@@ -41,3 +41,4 @@
         validate_certs: true
         visibility: "{{ gitlab_visibility|default('private') }}"
       delegate_to: localhost
+...

ansible/playbooks/adhoc-gitlab-deletegroup.yml

@@ -35,3 +35,4 @@
         state: absent
         validate_certs: true
       delegate_to: localhost
+...

ansible/playbooks/adhoc-gitlab-deleteproject.yml

@@ -35,3 +35,4 @@
         state: absent
         validate_certs: true
       delegate_to: localhost
+...

ansible/playbooks/adhoc-ipabinder.yml

@@ -39,3 +39,4 @@
       file:
         path: "/tmp/binder.update"
         state: absent
+...

ansible/playbooks/adhoc-ipadnsrecord.yml

@@ -55,3 +55,4 @@
         managedby:
           - "{{ ipa_name_value[:-1] }}"
       ignore_errors: true
+...

ansible/playbooks/adhoc-ipadnszone.yml

@@ -27,3 +27,4 @@
         name: "{{ ipa_zone }}"
       tags:
         - dns
+...

ansible/playbooks/adhoc-ipagetcert.yml

@@ -32,3 +32,4 @@
   roles:
     - role: rockylinux.ipagetcert
       state: present
+...

ansible/playbooks/adhoc-ipagetkeytab.yml

@@ -135,3 +135,4 @@
         state: file
       tags:
         - keytab
+...

ansible/playbooks/adhoc-ipagroup.yml

@@ -47,3 +47,4 @@
       check_mode: false
       changed_when: "1 != 1"
       when: ipa_fas
+...

ansible/playbooks/adhoc-ipaservice.yml

@@ -28,3 +28,4 @@
         force: "{{ ipa_force | default(false) }}"
       tags:
         - services
+...

ansible/playbooks/adhoc-ipauser-disable-pdr.yml

@@ -82,3 +82,4 @@
         server_uri: ldap://localhost/
         bind_dn: "uid={{ ipa_admin }},cn=users,cn=accounts,dc=rockylinux,dc=org"
         bind_pw: "{{ ipaadmin_password }}"
+...

ansible/playbooks/adhoc-ipauser-disable.yml

@@ -27,3 +27,4 @@
         state: disabled
       tags:
         - users
+...

ansible/playbooks/adhoc-ipauser-enable.yml

@@ -27,3 +27,4 @@
         state: enabled
       tags:
         - users
+...

ansible/playbooks/adhoc-ipauser.yml

@@ -38,3 +38,4 @@
         update_password: on_create
       tags:
         - users
+...

ansible/playbooks/adhoc-rabbitmqqueue.yml

@@ -85,3 +85,4 @@
         loop_var: routing_item
       tags:
         - rabbitmq
+...

ansible/playbooks/adhoc-rabbitmquser.yml

@@ -33,3 +33,4 @@
         state: present
       tags:
         - rabbitmq
+...

ansible/playbooks/handlers/main.yml

@@ -45,3 +45,4 @@
   service:
     name: postfix
     state: restarted
+...

ansible/playbooks/import-rockygroups.yml

@@ -12,3 +12,4 @@
   loop: "{{ ipagroups }}"
   tags:
     - groups
+...

ansible/playbooks/import-rockyipaprivs.yml

@@ -42,3 +42,4 @@
   when: iparoles is defined
   tags:
     - rbac
+...

ansible/playbooks/import-rockypwpolicy.yml

@@ -14,3 +14,4 @@
   loop: "{{ ipapwpolicies }}"
   tags:
     - groups
+...

ansible/playbooks/import-rockysudo.yml

@@ -10,3 +10,4 @@
       - rockyadm
     hostcat: all
     cmdcat: all
+...

ansible/playbooks/import-rockyusers.yml

@@ -68,3 +68,4 @@
   file:
     path: "/tmp/binder.update"
     state: absent
+...

ansible/playbooks/init-rocky-account-services.yml

@@ -32,3 +32,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/init-rocky-ansible-host.yml

@@ -8,16 +8,16 @@
     collection_installation_dir: collections
     installation_prefix: ../
   pre_tasks:
-# example prepare ansible box for execution
+    # example prepare ansible box for execution
-#    - name: install required pip modules on the host running ansible
+    #  - name: install required pip modules on the host running ansible
-#      pip:
+    #    pip:
-#        name:
+    #      name:
-#          - jmespath
+    #        - jmespath
-#          - netaddr
+    #        - netaddr
-#          - python-consul
+    #        - python-consul
-#          - pyvmomi
+    #        - pyvmomi
-#          - python-ldap
+    #        - python-ldap
-#          - twine
+    #        - twine
 
     - name: Remove existing public roles
       file:
@@ -54,3 +54,4 @@
         path: "../tmp/known_hosts"
         state: touch
         mode: "0644"
+...

ansible/playbooks/init-rocky-bugzilla.yml

@@ -57,3 +57,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/init-rocky-builder-postfix.yml

@@ -34,3 +34,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/init-rocky-chrony.yml

@@ -38,3 +38,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/init-rocky-install-kvm-hosts.yml

@@ -57,3 +57,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/init-rocky-ipa-internal-dns.yml

@@ -30,3 +30,4 @@
         name: '{{ item }}'
         dynamic_update: true
       with_items: '{{ fdns }}'
+...

ansible/playbooks/init-rocky-ipa-team.yml

@@ -33,3 +33,4 @@
 
     - name: "Start privileges for services"
       import_tasks: import-rockyipaprivs.yml
+...

ansible/playbooks/init-rocky-koji-ecosystem.yml

@@ -32,3 +32,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/init-rocky-mantisbt.yml

@@ -57,3 +57,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/init-rocky-noggin-theme.yml

@@ -38,3 +38,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/init-rocky-noggin.yml

@@ -32,3 +32,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/init-rocky-openqa-developer-host.yml

@@ -0,0 +1,53 @@
+# Sets up local OpenQA testing environment
+# This playbook is *NOT* intended for WAN-facing systems!
+#
+# Usages:
+#   # Install and configure an openQA developer host, download all current Rocky ISOs,
+#   # and POST a test job
+#   ansible-playbook playbooks/init-rocky-openqa-developer-host.yml
+#
+#   # Only perform ISO download tasks
+#   ansible-playbook playbooks/init-rocky-openqa-developer-host.yml --tags=download_isos
+#
+#   # Only perform configuration, do not download ISOs or POST a job
+#   ansible-playbook playbooks/init-rocky-openqa-developer-host.yml --tags=configure
+#
+# Created: @akatch
+---
+- name: Rocky OpenQA Runbook
+  hosts: localhost
+  connection: local
+  become: true
+  vars_files:
+    - vars/openqa.yml
+
+  # This is to try to avoid the handler issue in pre/post tasks
+  handlers:
+    - import_tasks: handlers/main.yml
+
+  pre_tasks:
+    - name: Check if ansible cannot be run here
+      stat:
+        path: /etc/no-ansible
+      register: no_ansible
+
+    - name: Verify if we can run ansible
+      assert:
+        that:
+          - "not no_ansible.stat.exists"
+        success_msg: "We are able to run on this node"
+        fail_msg: "/etc/no-ansible exists - skipping run on this node"
+
+  tasks:
+    - name: Install and configure OpenQA
+      import_tasks: tasks/openqa.yml
+
+  post_tasks:
+    - name: Touching run file that ansible has ran here
+      file:
+        path: /var/log/ansible.run
+        state: touch
+        mode: '0644'
+        owner: root
+        group: root
+...

ansible/playbooks/init-rocky-repo-servers.yml

@@ -32,3 +32,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/init-rocky-system-config.yml

@@ -54,3 +54,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-bootstrap_staging.yml

@@ -38,3 +38,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-gitlab-ee.yml

@@ -56,3 +56,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-gitlab-runner.yml

@@ -46,3 +46,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-graylog.yml

@@ -63,3 +63,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-ipa-client.yml

@@ -39,3 +39,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-ipa-replica.yml

@@ -51,3 +51,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-ipa.yml

@@ -61,3 +61,4 @@
       freeipa.ansible_freeipa.ipadnsconfig:
         ipaadmin_password: '{{ ipaadmin_password }}'
         allow_sync_ptr: true
+...

ansible/playbooks/role-rocky-ipsilon.yml

@@ -44,14 +44,14 @@
       tags:
         - packages
 
-    - name: Install arrfab ipsilon repo
+    - name: Install rocky ipsilon repo
       yum_repository:
-        name: copr:copr.fedorainfracloud.org:arrfab:noggin
+        name: copr:copr.fedorainfracloud.org:nalika:rocky-idp
-        description: Copr repo for noggin owned by arrfab
+        description: Copr repo for rocky-idp owned by nalika
         file: copr_repos
-        baseurl: https://download.copr.fedorainfracloud.org/results/arrfab/noggin/epel-8-$basearch/
+        baseurl: https://download.copr.fedorainfracloud.org/results/nalika/rocky-idp/epel-8-$basearch/
         gpgcheck: true
-        gpgkey: https://download.copr.fedorainfracloud.org/results/arrfab/noggin/pubkey.gpg
+        gpgkey: https://download.copr.fedorainfracloud.org/results/nalika/rocky-idp/pubkey.gpg
         enabled: true
 
   # For now, this is sufficient for testing with a localhost cert. In the
@@ -75,3 +75,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-kojid-staging.yml

@@ -88,3 +88,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-kojid.yml

@@ -88,3 +88,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-kojihub-staging.yml

@@ -121,3 +121,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-kojihub.yml

@@ -121,3 +121,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-monitoring.yml

@@ -37,8 +37,8 @@
         state: present
 
   roles:
-    #- role: rockylinux.ipagetcert
+    # - role: rockylinux.ipagetcert
-    #  state: present
+    #   state: present
     - role: cloudalchemy.prometheus
       state: present
     - role: cloudalchemy.alertmanager
@@ -61,3 +61,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-mqtt.yml

@@ -59,3 +59,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-node_exporter.yml

@@ -19,3 +19,4 @@
         port: 9100/tcp
         permanent: true
         state: enabled
+...

ansible/playbooks/role-rocky-pinnwand.yml

@@ -31,8 +31,8 @@
         state: present
 
   tasks:
-      #- include_tasks: tasks/pinnwand.yml
+      # - include_tasks: tasks/pinnwand.yml
-      #  tags: ['includetasks']
+      #   tags: ['includetasks']
 
   roles:
     - role: rockylinux.ipagetcert
@@ -46,8 +46,8 @@
     # Define variables in vars/matomo/nginx.yml
     - role: nginxinc.nginx_core.nginx
       tags: ['nginx']
-      #- role: nginxinc.nginx_core.nginx_config
+      # - role: nginxinc.nginx_core.nginx_config
-      #  tags: ['nginx']
+      #   tags: ['nginx']
 
   post_tasks:
     - name: Open firewalld ports
@@ -64,3 +64,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-rabbitmq.yml

@@ -75,3 +75,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-repopool.yml

@@ -39,3 +39,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-sigul-bridge.yml

@@ -89,3 +89,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-sigul-server.yml

@@ -76,3 +76,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-srpmproc.yml

@@ -38,3 +38,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-wikijs.yml

@@ -56,7 +56,7 @@
         port: "{{ item.port }}"
         permanent: "{{ item.permanent }}"
         state: "{{ item.state }}"
-        immediate: yes
+        immediate: true
       loop: "{{ firewall_rules }}"
 
     - name: Touching run file that ansible has ran here
@@ -67,3 +67,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/tasks/account_services.yml

@@ -24,3 +24,4 @@
     name: httpd
     state: running
     enabled: true
+...

ansible/playbooks/tasks/auditd.yml

@@ -33,3 +33,4 @@
     - regenerate_auditd_rules
   tags:
     - harden
+...

ansible/playbooks/tasks/authentication.yml

@@ -66,3 +66,4 @@
   when:
     - ansible_facts['os_family'] == 'RedHat'
     - ansible_facts['distribution_major_version'] == '8'
+...

ansible/playbooks/tasks/bugzilla.yml

@@ -52,3 +52,4 @@
 
 - name: Install necessary pieces
   import_tasks: bugzilla_install.yml
+...

ansible/playbooks/tasks/bugzilla_install.yml

@@ -57,3 +57,4 @@
   file:
     path: "{{ bugzilla_dir }}/answer"
     state: absent
+...

ansible/playbooks/tasks/chrony.yml

@@ -30,3 +30,4 @@
     name: "{{ chrony_service_name }}"
     state: "{{ chrony_service_state }}"
     enabled: "{{ chrony_service_enabled }}"
+...

ansible/playbooks/tasks/efs_mount.yml

@@ -3,19 +3,18 @@
 #
 
 - name: "Installing amazon-efs-utils"
-  become: yes
+  become: true
   become_user: root
   yum:
     name: 'https://git.rockylinux.org/neil/efs-utils/-/jobs/5/artifacts/raw/build/amazon-efs-utils-1.30.1-1.el8.noarch.rpm?inline=false'
-    disable_gpg_check: yes
+    disable_gpg_check: true
-    validate_certs: yes
+    validate_certs: true
     state: present
   tags:
     - amazon_efs_utils
     - packages
     - mounts
 
-
 - name: "Gathering ec2 facts"
   amazon.aws.ec2_metadata_facts:
   tags:
@@ -23,18 +22,17 @@
 
 # "you can use /etc/hosts" https://github.com/aws/efs-utils/issues/1
 - name: "Install custom hosts file because fmlC-w amazon said so."
-  become: yes
+  become: true
   become_user: root
   ansible.builtin.lineinfile:
     path: /etc/hosts
     line: "{{ item.ip_map[ansible_ec2_placement_availability_zone] }} {{ item.fsid }}.efs.{{ ansible_ec2_placement_region }}.amazonaws.com"
-    create: yes
+    create: true
   tags:
     - mounts
 
-
 - name: "Creating and mounting {{ item.fsid }} at {{ item.mount_point }}"
-  become: yes
+  become: true
   become_user: root
   ansible.posix.mount:
     path: "{{ item.mount_point }}"
@@ -44,3 +42,4 @@
     state: "{{ item.state | default('mounted') }}"
   tags:
     - mounts
+...

ansible/playbooks/tasks/gitlab-reconfigure.yml

@@ -62,3 +62,4 @@
     owner: root
     group: root
     mode: '0750'
+...

ansible/playbooks/tasks/gitlab-runner.yml

@@ -23,8 +23,9 @@
   become: true
 
 - name: Create gitlab-runner user
-  become: yes
+  become: true
   user:
     name: gitlab-runner
     shell: /bin/bash
-    system: yes
+    system: true
+...

ansible/playbooks/tasks/grub.yml

@@ -2,3 +2,4 @@
 - name: Add kernel boot options to all kernels and default config
   command: /usr/sbin/grubby --update-kernel=ALL --args "{{ grub_boot_options }}"
   changed_when: "1 != 1"
+...

ansible/playbooks/tasks/harden.yml

@@ -214,3 +214,4 @@
     state: absent
   tags:
     - harden
+...

ansible/playbooks/tasks/init-koji.yml

@@ -4,7 +4,7 @@
   shell: "set -o pipefail && echo \"{{ rockykoji_password }}\" | kinit rockykoji@ROCKYLINUX.ORG"
   check_mode: false
   changed_when: "1 != 1"
-  become: yes
+  become: true
   become_user: koji
   when: rockykoji_has_password | bool
 
@@ -12,14 +12,14 @@
   shell: "set -o pipefail && kinit -kt /home/koji/.koji/keytab koji/rockykoji@ROCKYLINUX.ORG"
   check_mode: false
   changed_when: "1 != 1"
-  become: yes
+  become: true
   become_user: koji
   when: not rockykoji_has_password | bool
 
 - name: Import current necessary tags
   shell: "set -o pipefail && koji add-tag {{ item }}"
   changed_when: "1 != 1"
-  become: yes
+  become: true
   become_user: koji
   loop:
     - build-modules
@@ -60,3 +60,4 @@
     - module-rocky-8.4.0-build
     - trash
     - trashcan
+...

ansible/playbooks/tasks/koji_efs.yml

@@ -20,7 +20,7 @@
   ansible.builtin.lineinfile:
     path: /etc/hosts
     line: "{{ koji_efs_fs_ip_map[ansible_ec2_placement_availability_zone] }} {{ koji_efs_fsid }}"
-    create: yes
+    create: true
   tags:
     - mounts
 
@@ -33,3 +33,4 @@
     state: "{{ koji_efs_fs_state | default('mounted') }}"
   tags:
     - mounts
+...

ansible/playbooks/tasks/main.yml

@@ -1 +1,2 @@
 ---
+...

ansible/playbooks/tasks/mantis.yml

@@ -90,3 +90,4 @@
 
 - name: Patch up some pages
   import_tasks: mantispatch.yml
+...

ansible/playbooks/tasks/mantispatch.yml

@@ -23,3 +23,4 @@
     path: "/var/www/mantisbt-{{ mantis_version }}/login_page.php"
     state: absent
     regex: 'LDAP != config_get_global'
+...

ansible/playbooks/tasks/noggin.yml

@@ -86,3 +86,4 @@
   lineinfile:
     path: "/opt/noggin/noggin/noggin/app.py"
     line: "app = create_app()"
+...

ansible/playbooks/tasks/openqa.yml

@@ -0,0 +1,192 @@
+---
+- name: Install OpenQA packages
+  yum:
+    name: "{{ openqa_packages }}"
+    state: present
+  tags:
+    - packages
+
+- name: Copy httpd configuration files
+  copy:
+    remote_src: true
+    src: /etc/httpd/conf.d/{{ item }}.template
+    dest: /etc/httpd/conf.d/{{ item }}
+    mode: '0644'
+    owner: root
+    group: root
+  loop:
+    - openqa.conf
+    - openqa-ssl.conf
+  notify: restart_httpd
+  tags:
+    - configure
+
+- name: Template OpenQA configuration files
+  template:
+    src: etc/openqa/{{ item }}.j2
+    dest: /etc/openqa/{{ item }}
+    owner: "{{ openqa_user }}"
+    group: "{{ openqa_group }}"
+    mode: "0444"
+  loop:
+    - openqa.ini
+    - client.conf
+  tags:
+    - configure
+
+- name: Get service facts
+  service_facts:
+
+- name: Check for non-empty postgres data directory
+  stat:
+    path: /var/lib/pgsql/data/base
+  register: postgres_data_dir
+
+- name: If postgresql is not already running, initialize database
+  command: postgresql-setup --initdb
+  when: not ( ansible_facts.services["postgresql.service"]["state"] == "running" )
+        and not postgres_data_dir.stat.exists
+
+- name: Enable and start postgresql service
+  systemd:
+    name: postgresql
+    state: started
+    enabled: true
+  when: not ( ansible_facts.services["postgresql.service"]["state"] == "running" )
+        and not postgres_data_dir.stat.exists
+
+- name: Configure SELinux to allow httpd connection to network
+  seboolean:
+    name: httpd_can_network_connect
+    state: true
+    persistent: true
+  tags:
+    - configure
+
+- name: Enable and start OpenQA services
+  systemd:
+    name: "{{ item }}"
+    state: started
+    enabled: true
+  loop: "{{ openqa_services }}"
+  tags:
+    - configure
+
+- name: Create openqa-vnc firewalld service
+  template:
+    src: etc/firewalld/services/openqa-vnc.xml.j2
+    dest: /etc/firewalld/services/openqa-vnc.xml
+    owner: root
+    group: root
+    mode: "0644"
+  tags:
+    - configure
+
+- name: Load openqa-vnc firewalld service
+  systemd:
+    name: firewalld
+    state: reloaded
+  tags:
+    - configure
+
+- name: Permit traffic for {{ item }} service
+  ansible.posix.firewalld:
+    service: "{{ item }}"
+    permanent: true
+    state: enabled
+  loop:
+    - http
+    - openqa-vnc
+  tags:
+    - configure
+
+- name: Reload FirewallD
+  systemd:
+    name: firewalld
+    state: reloaded
+  tags:
+    - configure
+
+- name: Check for existing repository
+  stat:
+    path: "{{ openqa_homedir }}/share/tests/rocky"
+  register: rocky_testing_repo
+  tags:
+    - configure
+
+- name: Clone repository if it does not already exist
+  git:
+    accept_hostkey: true
+    dest: "{{ openqa_homedir }}/share/tests/rocky"
+    repo: "{{ openqa_rocky_testing_repo }}"
+    version: develop
+  when: not rocky_testing_repo.stat.exists
+  tags:
+    - configure
+
+- name: Set owner/group/permissions on repo contents
+  file:
+    path: "{{ openqa_homedir }}/share/tests/rocky"
+    recurse: true
+    owner: "{{ openqa_user }}"
+    group: "{{ openqa_group }}"
+    mode: "u+rwX,g+rwX,o+rX,o-w"
+  tags:
+    - configure
+
+# fifloader.py will fail if the Demo user is not logged in
+- name: Authenticate to web UI the first time
+  uri:
+    url: "http://{{ openqa_host }}/login"
+
+- name: Run fifloader.py
+  command: ./fifloader.py -l -c templates.fif.json templates-updates.fif.json
+  changed_when: "1 != 1"
+  args:
+    chdir: "{{ openqa_homedir }}/share/tests/rocky"
+
+- name: Create ISO directory
+  file:
+    path: "{{ openqa_homedir }}/share/factory/iso/fixed"
+    state: directory
+    owner: "{{ openqa_user }}"
+    group: "{{ openqa_group }}"
+    mode: "0775"
+  tags:
+    - download_isos
+
+- name: Download ISOs
+  get_url:
+    dest: "{{ openqa_homedir }}/share/factory/iso/fixed/{{ item.name }}"
+    url: "{{ rocky_iso_download_url }}/{{ item.name }}"
+    checksum: "{{ item.checksum }}"
+    owner: "{{ openqa_user }}"
+    group: "{{ openqa_group }}"
+    tmp_dest: "/var/tmp"
+    mode: "0644"
+  loop: "{{ openqa_isos }}"
+  tags:
+    - download_isos
+
+- name: Start {{ openqa_worker_count }} OpenQA workers
+  ansible.builtin.systemd:
+    name: "openqa-worker@{{ item }}"
+    state: started
+    enabled: true
+  # range 'end' parameter is exclusive, so add 1
+  loop: "{{ range(1, (openqa_worker_count|int + 1)) | list }}"
+  tags:
+    - start_workers
+    - configure
+
+- name: POST a job
+  command: |
+    openqa-cli api -X POST isos \
+      ISO=Rocky-{{ rocky_version }}-{{ rocky_arch }}-minimal.iso \
+      ARCH={{ rocky_arch }} \
+      DISTRI=rocky \
+      FLAVOR=minimal-iso \
+      VERSION={{ rocky_version }} \
+      BUILD="{{ '%Y%m%d.%H%M%S' | strftime }}.0"
+  changed_when: "1 != 1"
+...

ansible/playbooks/tasks/postfix_relay.yml

@@ -35,3 +35,4 @@
     name: postfix
     state: restarted
     enabled: true
+...

ansible/playbooks/tasks/rabbitmq-reconfigure.yml

@@ -1,2 +1,3 @@
 ---
 # RabbitMQ Additional Changes
+...

ansible/playbooks/tasks/repository.yml

@@ -1,2 +1,3 @@
 ---
 # no tasks yet
+...

ansible/playbooks/tasks/scripts.yml

@@ -7,3 +7,4 @@
     owner: root
     group: root
     mode: '0755'
+...

ansible/playbooks/tasks/srpmproc.yml

@@ -7,3 +7,4 @@
   with_items:
     - httpd_can_network_connect_db
     - httpd_can_network_connect
+...

ansible/playbooks/tasks/ssh_config.yml

@@ -43,3 +43,4 @@
   with_items:
     - /etc/ssh/ssh_host_dsa_key.pub
     - /etc/ssh/ssh_host_dsa_key
+...

ansible/playbooks/tasks/variable_loader_common.yml

@@ -19,3 +19,4 @@
 
   always:
     - debug: msg="Variables are now loaded"
+...