mirror of
https://github.com/rocky-linux/infrastructure
synced 2024-11-25 14:41:28 +00:00
commit
2d92f1fd7a
@ -1,5 +1,7 @@
|
||||
# Infrastructure
|
||||
|
||||
![Rocky Linux Infrastructure (develop)](https://img.shields.io/github/last-commit/rocky-linux/infrastructure/develop) ![Rocky Linux Infrastructure repo issues](https://img.shields.io/github/issues/rocky-linux/infrastructure) ![GitHub Workflow Status - Ansible Lint](https://img.shields.io/github/workflow/status/rocky-linux/infrastructure/Ansible%20Lint) ![GitHub Workflow Status - YAML Lint](https://img.shields.io/github/workflow/status/rocky-linux/infrastructure/YAML%20Lint)
|
||||
|
||||
We will add more data here soon
|
||||
|
||||
```
|
||||
@ -21,4 +23,3 @@ The main branch is the top level branch that should, in most circumstances, not
|
||||
|
||||
* main
|
||||
* develop
|
||||
|
||||
|
@ -156,6 +156,22 @@ When pushing to your own forked version of this repository, pre-commit must run
|
||||
|
||||
When the linter passes, the push will complete and you will be able to open a PR.
|
||||
|
||||
## General YAML Formatting
|
||||
|
||||
It is recommended that each yaml file starts with `---` and ends with `...`. This can help with linting and also stating an obvious end to the file.
|
||||
|
||||
### Plugin and Formatting Assistance
|
||||
|
||||
The YAML format is extremely easy and can be generally followed without much to think about, the same goes with ansible's syntax. Ideally, your editor can assist with these things. If you are a vim user, the following plugins can be useful:
|
||||
|
||||
```
|
||||
stephpy/vim-yaml
|
||||
pearofducks/ansible-vim
|
||||
vim-syntastic/syntastic
|
||||
```
|
||||
|
||||
These can be installed using [vim-plug](https://github.com/junegunn/vim-plug).
|
||||
|
||||
## Initializing the Ansible Host
|
||||
|
||||
When initializing the ansible host, you should be in `./infrastructure/ansible` so that the `ansible.cfg` is used. You will need to run the `init-rocky-ansible-host.yml` playbook and to get started, which will install all the roles and collections required for the playbooks to run.
|
||||
|
@ -2,3 +2,4 @@
|
||||
|
||||
chrony_server: true
|
||||
chrony_allow_cidr: "10.0.0.0/16"
|
||||
...
|
||||
|
@ -0,0 +1,3 @@
|
||||
---
|
||||
# ipa vars
|
||||
...
|
@ -7,3 +7,4 @@ ipaclient_no_ntp: true
|
||||
ipaclient_mkhomedir: true
|
||||
ipaclient_ssh_trust_dns: true
|
||||
ipasssd_enable_dns_updates: true
|
||||
...
|
||||
|
@ -10,3 +10,4 @@ ipareplica_setup_ca: true
|
||||
ipareplica_setup_kra: true
|
||||
ipareplica_setup_dns: true
|
||||
ipa_dns_master: 10.100.1.110
|
||||
...
|
||||
|
@ -13,3 +13,4 @@ ipaclient_no_ntp: true
|
||||
ipaclient_mkhomedir: true
|
||||
ipaserver_no_hbac_allow: true
|
||||
ipaserver_reverse_zones: ["1.100.10.in-addr.arpa."]
|
||||
...
|
||||
|
@ -3,3 +3,4 @@
|
||||
rabbitmq_cluster_name: "rabbit"
|
||||
rabbitmq_cluster_list: "{{ groups['rabbitmq'] }}"
|
||||
rabbitmq_env: "production"
|
||||
...
|
||||
|
@ -2,3 +2,4 @@
|
||||
|
||||
chrony_server: true
|
||||
chrony_allow_cidr: "10.0.0.0/16"
|
||||
...
|
||||
|
@ -0,0 +1,3 @@
|
||||
---
|
||||
# ipa vars
|
||||
...
|
@ -7,3 +7,4 @@ ipaclient_no_ntp: true
|
||||
ipaclient_mkhomedir: true
|
||||
ipaclient_ssh_trust_dns: true
|
||||
ipasssd_enable_dns_updates: true
|
||||
...
|
||||
|
@ -10,3 +10,4 @@ ipareplica_setup_ca: true
|
||||
ipareplica_setup_kra: true
|
||||
ipareplica_setup_dns: true
|
||||
ipa_dns_master: 10.100.1.110
|
||||
...
|
||||
|
@ -13,3 +13,4 @@ ipaclient_no_ntp: true
|
||||
ipaclient_mkhomedir: true
|
||||
ipaserver_no_hbac_allow: true
|
||||
ipaserver_reverse_zones: ["1.100.10.in-addr.arpa."]
|
||||
...
|
||||
|
@ -3,3 +3,4 @@
|
||||
rabbitmq_cluster_name: "rabbit"
|
||||
rabbitmq_cluster_list: "{{ groups['rabbitmq'] }}"
|
||||
rabbitmq_env: "staging"
|
||||
...
|
||||
|
@ -5,3 +5,4 @@
|
||||
- name: Force a fact refresh to have those available in local cache
|
||||
setup:
|
||||
gather_timeout: 30
|
||||
...
|
||||
|
@ -38,3 +38,4 @@
|
||||
visibility: "{{ gitlab_visibility|default('private') }}"
|
||||
delegate_to: localhost
|
||||
register: gitlab_group_return
|
||||
...
|
||||
|
@ -41,3 +41,4 @@
|
||||
validate_certs: true
|
||||
visibility: "{{ gitlab_visibility|default('private') }}"
|
||||
delegate_to: localhost
|
||||
...
|
||||
|
@ -35,3 +35,4 @@
|
||||
state: absent
|
||||
validate_certs: true
|
||||
delegate_to: localhost
|
||||
...
|
||||
|
@ -35,3 +35,4 @@
|
||||
state: absent
|
||||
validate_certs: true
|
||||
delegate_to: localhost
|
||||
...
|
||||
|
@ -39,3 +39,4 @@
|
||||
file:
|
||||
path: "/tmp/binder.update"
|
||||
state: absent
|
||||
...
|
||||
|
@ -55,3 +55,4 @@
|
||||
managedby:
|
||||
- "{{ ipa_name_value[:-1] }}"
|
||||
ignore_errors: true
|
||||
...
|
||||
|
@ -27,3 +27,4 @@
|
||||
name: "{{ ipa_zone }}"
|
||||
tags:
|
||||
- dns
|
||||
...
|
||||
|
@ -32,3 +32,4 @@
|
||||
roles:
|
||||
- role: rockylinux.ipagetcert
|
||||
state: present
|
||||
...
|
||||
|
@ -135,3 +135,4 @@
|
||||
state: file
|
||||
tags:
|
||||
- keytab
|
||||
...
|
||||
|
@ -47,3 +47,4 @@
|
||||
check_mode: false
|
||||
changed_when: "1 != 1"
|
||||
when: ipa_fas
|
||||
...
|
||||
|
@ -28,3 +28,4 @@
|
||||
force: "{{ ipa_force | default(false) }}"
|
||||
tags:
|
||||
- services
|
||||
...
|
||||
|
@ -82,3 +82,4 @@
|
||||
server_uri: ldap://localhost/
|
||||
bind_dn: "uid={{ ipa_admin }},cn=users,cn=accounts,dc=rockylinux,dc=org"
|
||||
bind_pw: "{{ ipaadmin_password }}"
|
||||
...
|
||||
|
@ -27,3 +27,4 @@
|
||||
state: disabled
|
||||
tags:
|
||||
- users
|
||||
...
|
||||
|
@ -27,3 +27,4 @@
|
||||
state: enabled
|
||||
tags:
|
||||
- users
|
||||
...
|
||||
|
@ -38,3 +38,4 @@
|
||||
update_password: on_create
|
||||
tags:
|
||||
- users
|
||||
...
|
||||
|
@ -85,3 +85,4 @@
|
||||
loop_var: routing_item
|
||||
tags:
|
||||
- rabbitmq
|
||||
...
|
||||
|
@ -33,3 +33,4 @@
|
||||
state: present
|
||||
tags:
|
||||
- rabbitmq
|
||||
...
|
||||
|
@ -45,3 +45,4 @@
|
||||
service:
|
||||
name: postfix
|
||||
state: restarted
|
||||
...
|
||||
|
@ -12,3 +12,4 @@
|
||||
loop: "{{ ipagroups }}"
|
||||
tags:
|
||||
- groups
|
||||
...
|
||||
|
@ -42,3 +42,4 @@
|
||||
when: iparoles is defined
|
||||
tags:
|
||||
- rbac
|
||||
...
|
||||
|
@ -14,3 +14,4 @@
|
||||
loop: "{{ ipapwpolicies }}"
|
||||
tags:
|
||||
- groups
|
||||
...
|
||||
|
@ -10,3 +10,4 @@
|
||||
- rockyadm
|
||||
hostcat: all
|
||||
cmdcat: all
|
||||
...
|
||||
|
@ -68,3 +68,4 @@
|
||||
file:
|
||||
path: "/tmp/binder.update"
|
||||
state: absent
|
||||
...
|
||||
|
@ -32,3 +32,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -8,16 +8,16 @@
|
||||
collection_installation_dir: collections
|
||||
installation_prefix: ../
|
||||
pre_tasks:
|
||||
# example prepare ansible box for execution
|
||||
# - name: install required pip modules on the host running ansible
|
||||
# pip:
|
||||
# name:
|
||||
# - jmespath
|
||||
# - netaddr
|
||||
# - python-consul
|
||||
# - pyvmomi
|
||||
# - python-ldap
|
||||
# - twine
|
||||
# example prepare ansible box for execution
|
||||
# - name: install required pip modules on the host running ansible
|
||||
# pip:
|
||||
# name:
|
||||
# - jmespath
|
||||
# - netaddr
|
||||
# - python-consul
|
||||
# - pyvmomi
|
||||
# - python-ldap
|
||||
# - twine
|
||||
|
||||
- name: Remove existing public roles
|
||||
file:
|
||||
@ -54,3 +54,4 @@
|
||||
path: "../tmp/known_hosts"
|
||||
state: touch
|
||||
mode: "0644"
|
||||
...
|
||||
|
@ -57,3 +57,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -34,3 +34,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -38,3 +38,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -57,3 +57,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -30,3 +30,4 @@
|
||||
name: '{{ item }}'
|
||||
dynamic_update: true
|
||||
with_items: '{{ fdns }}'
|
||||
...
|
||||
|
@ -33,3 +33,4 @@
|
||||
|
||||
- name: "Start privileges for services"
|
||||
import_tasks: import-rockyipaprivs.yml
|
||||
...
|
||||
|
@ -32,3 +32,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -57,3 +57,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -38,3 +38,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -32,3 +32,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
53
ansible/playbooks/init-rocky-openqa-developer-host.yml
Normal file
53
ansible/playbooks/init-rocky-openqa-developer-host.yml
Normal file
@ -0,0 +1,53 @@
|
||||
# Sets up local OpenQA testing environment
|
||||
# This playbook is *NOT* intended for WAN-facing systems!
|
||||
#
|
||||
# Usages:
|
||||
# # Install and configure an openQA developer host, download all current Rocky ISOs,
|
||||
# # and POST a test job
|
||||
# ansible-playbook playbooks/init-rocky-openqa-developer-host.yml
|
||||
#
|
||||
# # Only perform ISO download tasks
|
||||
# ansible-playbook playbooks/init-rocky-openqa-developer-host.yml --tags=download_isos
|
||||
#
|
||||
# # Only perform configuration, do not download ISOs or POST a job
|
||||
# ansible-playbook playbooks/init-rocky-openqa-developer-host.yml --tags=configure
|
||||
#
|
||||
# Created: @akatch
|
||||
---
|
||||
- name: Rocky OpenQA Runbook
|
||||
hosts: localhost
|
||||
connection: local
|
||||
become: true
|
||||
vars_files:
|
||||
- vars/openqa.yml
|
||||
|
||||
# This is to try to avoid the handler issue in pre/post tasks
|
||||
handlers:
|
||||
- import_tasks: handlers/main.yml
|
||||
|
||||
pre_tasks:
|
||||
- name: Check if ansible cannot be run here
|
||||
stat:
|
||||
path: /etc/no-ansible
|
||||
register: no_ansible
|
||||
|
||||
- name: Verify if we can run ansible
|
||||
assert:
|
||||
that:
|
||||
- "not no_ansible.stat.exists"
|
||||
success_msg: "We are able to run on this node"
|
||||
fail_msg: "/etc/no-ansible exists - skipping run on this node"
|
||||
|
||||
tasks:
|
||||
- name: Install and configure OpenQA
|
||||
import_tasks: tasks/openqa.yml
|
||||
|
||||
post_tasks:
|
||||
- name: Touching run file that ansible has ran here
|
||||
file:
|
||||
path: /var/log/ansible.run
|
||||
state: touch
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
@ -32,3 +32,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -54,3 +54,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -38,3 +38,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -56,3 +56,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -46,3 +46,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -63,3 +63,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -39,3 +39,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -51,3 +51,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -61,3 +61,4 @@
|
||||
freeipa.ansible_freeipa.ipadnsconfig:
|
||||
ipaadmin_password: '{{ ipaadmin_password }}'
|
||||
allow_sync_ptr: true
|
||||
...
|
||||
|
@ -44,14 +44,14 @@
|
||||
tags:
|
||||
- packages
|
||||
|
||||
- name: Install arrfab ipsilon repo
|
||||
- name: Install rocky ipsilon repo
|
||||
yum_repository:
|
||||
name: copr:copr.fedorainfracloud.org:arrfab:noggin
|
||||
description: Copr repo for noggin owned by arrfab
|
||||
name: copr:copr.fedorainfracloud.org:nalika:rocky-idp
|
||||
description: Copr repo for rocky-idp owned by nalika
|
||||
file: copr_repos
|
||||
baseurl: https://download.copr.fedorainfracloud.org/results/arrfab/noggin/epel-8-$basearch/
|
||||
baseurl: https://download.copr.fedorainfracloud.org/results/nalika/rocky-idp/epel-8-$basearch/
|
||||
gpgcheck: true
|
||||
gpgkey: https://download.copr.fedorainfracloud.org/results/arrfab/noggin/pubkey.gpg
|
||||
gpgkey: https://download.copr.fedorainfracloud.org/results/nalika/rocky-idp/pubkey.gpg
|
||||
enabled: true
|
||||
|
||||
# For now, this is sufficient for testing with a localhost cert. In the
|
||||
@ -75,3 +75,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -88,3 +88,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -88,3 +88,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -121,3 +121,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -121,3 +121,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -37,8 +37,8 @@
|
||||
state: present
|
||||
|
||||
roles:
|
||||
#- role: rockylinux.ipagetcert
|
||||
# state: present
|
||||
# - role: rockylinux.ipagetcert
|
||||
# state: present
|
||||
- role: cloudalchemy.prometheus
|
||||
state: present
|
||||
- role: cloudalchemy.alertmanager
|
||||
@ -61,3 +61,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -59,3 +59,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -19,3 +19,4 @@
|
||||
port: 9100/tcp
|
||||
permanent: true
|
||||
state: enabled
|
||||
...
|
||||
|
@ -31,8 +31,8 @@
|
||||
state: present
|
||||
|
||||
tasks:
|
||||
#- include_tasks: tasks/pinnwand.yml
|
||||
# tags: ['includetasks']
|
||||
# - include_tasks: tasks/pinnwand.yml
|
||||
# tags: ['includetasks']
|
||||
|
||||
roles:
|
||||
- role: rockylinux.ipagetcert
|
||||
@ -46,8 +46,8 @@
|
||||
# Define variables in vars/matomo/nginx.yml
|
||||
- role: nginxinc.nginx_core.nginx
|
||||
tags: ['nginx']
|
||||
#- role: nginxinc.nginx_core.nginx_config
|
||||
# tags: ['nginx']
|
||||
# - role: nginxinc.nginx_core.nginx_config
|
||||
# tags: ['nginx']
|
||||
|
||||
post_tasks:
|
||||
- name: Open firewalld ports
|
||||
@ -64,3 +64,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -75,3 +75,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -39,3 +39,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -89,3 +89,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -76,3 +76,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -38,3 +38,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -56,7 +56,7 @@
|
||||
port: "{{ item.port }}"
|
||||
permanent: "{{ item.permanent }}"
|
||||
state: "{{ item.state }}"
|
||||
immediate: yes
|
||||
immediate: true
|
||||
loop: "{{ firewall_rules }}"
|
||||
|
||||
- name: Touching run file that ansible has ran here
|
||||
@ -67,3 +67,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -24,3 +24,4 @@
|
||||
name: httpd
|
||||
state: running
|
||||
enabled: true
|
||||
...
|
||||
|
@ -33,3 +33,4 @@
|
||||
- regenerate_auditd_rules
|
||||
tags:
|
||||
- harden
|
||||
...
|
||||
|
@ -66,3 +66,4 @@
|
||||
when:
|
||||
- ansible_facts['os_family'] == 'RedHat'
|
||||
- ansible_facts['distribution_major_version'] == '8'
|
||||
...
|
||||
|
@ -52,3 +52,4 @@
|
||||
|
||||
- name: Install necessary pieces
|
||||
import_tasks: bugzilla_install.yml
|
||||
...
|
||||
|
@ -57,3 +57,4 @@
|
||||
file:
|
||||
path: "{{ bugzilla_dir }}/answer"
|
||||
state: absent
|
||||
...
|
||||
|
@ -30,3 +30,4 @@
|
||||
name: "{{ chrony_service_name }}"
|
||||
state: "{{ chrony_service_state }}"
|
||||
enabled: "{{ chrony_service_enabled }}"
|
||||
...
|
||||
|
@ -3,19 +3,18 @@
|
||||
#
|
||||
|
||||
- name: "Installing amazon-efs-utils"
|
||||
become: yes
|
||||
become: true
|
||||
become_user: root
|
||||
yum:
|
||||
name: 'https://git.rockylinux.org/neil/efs-utils/-/jobs/5/artifacts/raw/build/amazon-efs-utils-1.30.1-1.el8.noarch.rpm?inline=false'
|
||||
disable_gpg_check: yes
|
||||
validate_certs: yes
|
||||
disable_gpg_check: true
|
||||
validate_certs: true
|
||||
state: present
|
||||
tags:
|
||||
- amazon_efs_utils
|
||||
- packages
|
||||
- mounts
|
||||
|
||||
|
||||
- name: "Gathering ec2 facts"
|
||||
amazon.aws.ec2_metadata_facts:
|
||||
tags:
|
||||
@ -23,18 +22,17 @@
|
||||
|
||||
# "you can use /etc/hosts" https://github.com/aws/efs-utils/issues/1
|
||||
- name: "Install custom hosts file because fmlC-w amazon said so."
|
||||
become: yes
|
||||
become: true
|
||||
become_user: root
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/hosts
|
||||
line: "{{ item.ip_map[ansible_ec2_placement_availability_zone] }} {{ item.fsid }}.efs.{{ ansible_ec2_placement_region }}.amazonaws.com"
|
||||
create: yes
|
||||
create: true
|
||||
tags:
|
||||
- mounts
|
||||
|
||||
|
||||
- name: "Creating and mounting {{ item.fsid }} at {{ item.mount_point }}"
|
||||
become: yes
|
||||
become: true
|
||||
become_user: root
|
||||
ansible.posix.mount:
|
||||
path: "{{ item.mount_point }}"
|
||||
@ -44,3 +42,4 @@
|
||||
state: "{{ item.state | default('mounted') }}"
|
||||
tags:
|
||||
- mounts
|
||||
...
|
||||
|
@ -62,3 +62,4 @@
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0750'
|
||||
...
|
||||
|
@ -23,8 +23,9 @@
|
||||
become: true
|
||||
|
||||
- name: Create gitlab-runner user
|
||||
become: yes
|
||||
become: true
|
||||
user:
|
||||
name: gitlab-runner
|
||||
shell: /bin/bash
|
||||
system: yes
|
||||
system: true
|
||||
...
|
||||
|
@ -2,3 +2,4 @@
|
||||
- name: Add kernel boot options to all kernels and default config
|
||||
command: /usr/sbin/grubby --update-kernel=ALL --args "{{ grub_boot_options }}"
|
||||
changed_when: "1 != 1"
|
||||
...
|
||||
|
@ -214,3 +214,4 @@
|
||||
state: absent
|
||||
tags:
|
||||
- harden
|
||||
...
|
||||
|
@ -4,7 +4,7 @@
|
||||
shell: "set -o pipefail && echo \"{{ rockykoji_password }}\" | kinit rockykoji@ROCKYLINUX.ORG"
|
||||
check_mode: false
|
||||
changed_when: "1 != 1"
|
||||
become: yes
|
||||
become: true
|
||||
become_user: koji
|
||||
when: rockykoji_has_password | bool
|
||||
|
||||
@ -12,14 +12,14 @@
|
||||
shell: "set -o pipefail && kinit -kt /home/koji/.koji/keytab koji/rockykoji@ROCKYLINUX.ORG"
|
||||
check_mode: false
|
||||
changed_when: "1 != 1"
|
||||
become: yes
|
||||
become: true
|
||||
become_user: koji
|
||||
when: not rockykoji_has_password | bool
|
||||
|
||||
- name: Import current necessary tags
|
||||
shell: "set -o pipefail && koji add-tag {{ item }}"
|
||||
changed_when: "1 != 1"
|
||||
become: yes
|
||||
become: true
|
||||
become_user: koji
|
||||
loop:
|
||||
- build-modules
|
||||
@ -60,3 +60,4 @@
|
||||
- module-rocky-8.4.0-build
|
||||
- trash
|
||||
- trashcan
|
||||
...
|
||||
|
@ -20,7 +20,7 @@
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/hosts
|
||||
line: "{{ koji_efs_fs_ip_map[ansible_ec2_placement_availability_zone] }} {{ koji_efs_fsid }}"
|
||||
create: yes
|
||||
create: true
|
||||
tags:
|
||||
- mounts
|
||||
|
||||
@ -33,3 +33,4 @@
|
||||
state: "{{ koji_efs_fs_state | default('mounted') }}"
|
||||
tags:
|
||||
- mounts
|
||||
...
|
||||
|
@ -1 +1,2 @@
|
||||
---
|
||||
...
|
||||
|
@ -90,3 +90,4 @@
|
||||
|
||||
- name: Patch up some pages
|
||||
import_tasks: mantispatch.yml
|
||||
...
|
||||
|
@ -23,3 +23,4 @@
|
||||
path: "/var/www/mantisbt-{{ mantis_version }}/login_page.php"
|
||||
state: absent
|
||||
regex: 'LDAP != config_get_global'
|
||||
...
|
||||
|
@ -86,3 +86,4 @@
|
||||
lineinfile:
|
||||
path: "/opt/noggin/noggin/noggin/app.py"
|
||||
line: "app = create_app()"
|
||||
...
|
||||
|
192
ansible/playbooks/tasks/openqa.yml
Normal file
192
ansible/playbooks/tasks/openqa.yml
Normal file
@ -0,0 +1,192 @@
|
||||
---
|
||||
- name: Install OpenQA packages
|
||||
yum:
|
||||
name: "{{ openqa_packages }}"
|
||||
state: present
|
||||
tags:
|
||||
- packages
|
||||
|
||||
- name: Copy httpd configuration files
|
||||
copy:
|
||||
remote_src: true
|
||||
src: /etc/httpd/conf.d/{{ item }}.template
|
||||
dest: /etc/httpd/conf.d/{{ item }}
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
loop:
|
||||
- openqa.conf
|
||||
- openqa-ssl.conf
|
||||
notify: restart_httpd
|
||||
tags:
|
||||
- configure
|
||||
|
||||
- name: Template OpenQA configuration files
|
||||
template:
|
||||
src: etc/openqa/{{ item }}.j2
|
||||
dest: /etc/openqa/{{ item }}
|
||||
owner: "{{ openqa_user }}"
|
||||
group: "{{ openqa_group }}"
|
||||
mode: "0444"
|
||||
loop:
|
||||
- openqa.ini
|
||||
- client.conf
|
||||
tags:
|
||||
- configure
|
||||
|
||||
- name: Get service facts
|
||||
service_facts:
|
||||
|
||||
- name: Check for non-empty postgres data directory
|
||||
stat:
|
||||
path: /var/lib/pgsql/data/base
|
||||
register: postgres_data_dir
|
||||
|
||||
- name: If postgresql is not already running, initialize database
|
||||
command: postgresql-setup --initdb
|
||||
when: not ( ansible_facts.services["postgresql.service"]["state"] == "running" )
|
||||
and not postgres_data_dir.stat.exists
|
||||
|
||||
- name: Enable and start postgresql service
|
||||
systemd:
|
||||
name: postgresql
|
||||
state: started
|
||||
enabled: true
|
||||
when: not ( ansible_facts.services["postgresql.service"]["state"] == "running" )
|
||||
and not postgres_data_dir.stat.exists
|
||||
|
||||
- name: Configure SELinux to allow httpd connection to network
|
||||
seboolean:
|
||||
name: httpd_can_network_connect
|
||||
state: true
|
||||
persistent: true
|
||||
tags:
|
||||
- configure
|
||||
|
||||
- name: Enable and start OpenQA services
|
||||
systemd:
|
||||
name: "{{ item }}"
|
||||
state: started
|
||||
enabled: true
|
||||
loop: "{{ openqa_services }}"
|
||||
tags:
|
||||
- configure
|
||||
|
||||
- name: Create openqa-vnc firewalld service
|
||||
template:
|
||||
src: etc/firewalld/services/openqa-vnc.xml.j2
|
||||
dest: /etc/firewalld/services/openqa-vnc.xml
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
tags:
|
||||
- configure
|
||||
|
||||
- name: Load openqa-vnc firewalld service
|
||||
systemd:
|
||||
name: firewalld
|
||||
state: reloaded
|
||||
tags:
|
||||
- configure
|
||||
|
||||
- name: Permit traffic for {{ item }} service
|
||||
ansible.posix.firewalld:
|
||||
service: "{{ item }}"
|
||||
permanent: true
|
||||
state: enabled
|
||||
loop:
|
||||
- http
|
||||
- openqa-vnc
|
||||
tags:
|
||||
- configure
|
||||
|
||||
- name: Reload FirewallD
|
||||
systemd:
|
||||
name: firewalld
|
||||
state: reloaded
|
||||
tags:
|
||||
- configure
|
||||
|
||||
- name: Check for existing repository
|
||||
stat:
|
||||
path: "{{ openqa_homedir }}/share/tests/rocky"
|
||||
register: rocky_testing_repo
|
||||
tags:
|
||||
- configure
|
||||
|
||||
- name: Clone repository if it does not already exist
|
||||
git:
|
||||
accept_hostkey: true
|
||||
dest: "{{ openqa_homedir }}/share/tests/rocky"
|
||||
repo: "{{ openqa_rocky_testing_repo }}"
|
||||
version: develop
|
||||
when: not rocky_testing_repo.stat.exists
|
||||
tags:
|
||||
- configure
|
||||
|
||||
- name: Set owner/group/permissions on repo contents
|
||||
file:
|
||||
path: "{{ openqa_homedir }}/share/tests/rocky"
|
||||
recurse: true
|
||||
owner: "{{ openqa_user }}"
|
||||
group: "{{ openqa_group }}"
|
||||
mode: "u+rwX,g+rwX,o+rX,o-w"
|
||||
tags:
|
||||
- configure
|
||||
|
||||
# fifloader.py will fail if the Demo user is not logged in
|
||||
- name: Authenticate to web UI the first time
|
||||
uri:
|
||||
url: "http://{{ openqa_host }}/login"
|
||||
|
||||
- name: Run fifloader.py
|
||||
command: ./fifloader.py -l -c templates.fif.json templates-updates.fif.json
|
||||
changed_when: "1 != 1"
|
||||
args:
|
||||
chdir: "{{ openqa_homedir }}/share/tests/rocky"
|
||||
|
||||
- name: Create ISO directory
|
||||
file:
|
||||
path: "{{ openqa_homedir }}/share/factory/iso/fixed"
|
||||
state: directory
|
||||
owner: "{{ openqa_user }}"
|
||||
group: "{{ openqa_group }}"
|
||||
mode: "0775"
|
||||
tags:
|
||||
- download_isos
|
||||
|
||||
- name: Download ISOs
|
||||
get_url:
|
||||
dest: "{{ openqa_homedir }}/share/factory/iso/fixed/{{ item.name }}"
|
||||
url: "{{ rocky_iso_download_url }}/{{ item.name }}"
|
||||
checksum: "{{ item.checksum }}"
|
||||
owner: "{{ openqa_user }}"
|
||||
group: "{{ openqa_group }}"
|
||||
tmp_dest: "/var/tmp"
|
||||
mode: "0644"
|
||||
loop: "{{ openqa_isos }}"
|
||||
tags:
|
||||
- download_isos
|
||||
|
||||
- name: Start {{ openqa_worker_count }} OpenQA workers
|
||||
ansible.builtin.systemd:
|
||||
name: "openqa-worker@{{ item }}"
|
||||
state: started
|
||||
enabled: true
|
||||
# range 'end' parameter is exclusive, so add 1
|
||||
loop: "{{ range(1, (openqa_worker_count|int + 1)) | list }}"
|
||||
tags:
|
||||
- start_workers
|
||||
- configure
|
||||
|
||||
- name: POST a job
|
||||
command: |
|
||||
openqa-cli api -X POST isos \
|
||||
ISO=Rocky-{{ rocky_version }}-{{ rocky_arch }}-minimal.iso \
|
||||
ARCH={{ rocky_arch }} \
|
||||
DISTRI=rocky \
|
||||
FLAVOR=minimal-iso \
|
||||
VERSION={{ rocky_version }} \
|
||||
BUILD="{{ '%Y%m%d.%H%M%S' | strftime }}.0"
|
||||
changed_when: "1 != 1"
|
||||
...
|
@ -35,3 +35,4 @@
|
||||
name: postfix
|
||||
state: restarted
|
||||
enabled: true
|
||||
...
|
||||
|
@ -1,2 +1,3 @@
|
||||
---
|
||||
# RabbitMQ Additional Changes
|
||||
...
|
||||
|
@ -1,2 +1,3 @@
|
||||
---
|
||||
# no tasks yet
|
||||
...
|
||||
|
@ -7,3 +7,4 @@
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0755'
|
||||
...
|
||||
|
@ -7,3 +7,4 @@
|
||||
with_items:
|
||||
- httpd_can_network_connect_db
|
||||
- httpd_can_network_connect
|
||||
...
|
||||
|
@ -43,3 +43,4 @@
|
||||
with_items:
|
||||
- /etc/ssh/ssh_host_dsa_key.pub
|
||||
- /etc/ssh/ssh_host_dsa_key
|
||||
...
|
||||
|
@ -19,3 +19,4 @@
|
||||
|
||||
always:
|
||||
- debug: msg="Variables are now loaded"
|
||||
...
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user