kojihub changes

ansible/playbooks/files/usr/local/bin/lock-wrapper

@@ -0,0 +1,52 @@
+#!/bin/bash
+# Borrowed from Fedora Infra for Rocky Linux
+
+if [ $# -lt 2  ]; then
+    echo "Usage: $0 [name] [script]"
+    exit 1;
+fi
+
+NAME=$1
+SCRIPT=$2
+
+SILENT="no"
+if [ $# -ge 3 -a "$3" == "--silent"  ]; then
+    SILENT="yes"
+    shift
+fi
+
+shift 2
+
+LOCKDIR="/var/tmp/$NAME"
+PIDFILE="$LOCKDIR/pid"
+
+function cleanup {
+    rm -rf "$LOCKDIR"
+
+}
+
+RESTORE_UMASK=$(umask -p)
+umask 0077
+mkdir "$LOCKDIR" >& /dev/null
+if [ $? != 0  ]; then
+    PID=$(cat "$PIDFILE")
+    if [ -n "$PID"  ] && /bin/ps $PID > /dev/null
+    then
+        if [ "$SILENT" != "yes"  ]; then
+	    echo "$PID is still running"
+	    /bin/ps -o user,pid,start,time,comm $PID
+	fi
+        exit 1;
+    else
+        echo "$LOCKDIR exists but $PID is dead"
+        echo "Removing lockdir and re-running"
+        /bin/rm -rf $LOCKDIR
+        mkdir $LOCKDIR || exit
+    fi
+fi
+
+trap cleanup EXIT SIGQUIT SIGHUP SIGTERM
+echo $$ > "$PIDFILE"
+
+$RESTORE_UMASK
+eval "$SCRIPT $*"

ansible/playbooks/init-rocky-system-config.yml

@@ -39,6 +39,9 @@
     - name: Configure grub
       import_tasks: tasks/grub.yml
 
+    - name: Configure common scripts
+      import_tasks: tasks/scripts.yml
+
   post_tasks:
     - name: Touching run file that ansible has ran here
       file:

ansible/playbooks/tasks/scripts.yml

@@ -0,0 +1,9 @@
+---
+# Common scripts that rocky uses on nodes
+- name: Lock Wrapper script
+  copy:
+    src: "usr/local/bin/lock-wrapper"
+    dest: "/usr/local/bin/lock-wrapper"
+    owner: root
+    group: root
+    mode: '0755'

ansible/playbooks/vars/kojihub.yml

@@ -1,5 +1,7 @@
 ---
 # koji hub settings
+# This should be the front-facing URL of koji
+koji_url_name: koji.rockylinux.org
 
 # Use an internal CA (IPA)
 koji_internal_ca: true
@@ -13,9 +15,9 @@ koji_db_user: koji
 # This will need to change when koji_postgresql_vm is false
 koji_db_host: "{{ ansible_fqdn }}"
 
-koji_web_url: "https://{{ ansible_fqdn }}/koji"
-koji_hub_url: "https://{{ ansible_fqdn }}/kojihub"
-koji_files_url: "https://{{ ansible_fqdn }}/kojifiles"
+koji_web_url: "https://{{ koji_url_name }}/koji"
+koji_hub_url: "https://{{ koji_url_name }}/kojihub"
+koji_files_url: "https://{{ koji_url_name }}/kojifiles"
 
 # The IPA internal CA is combined with the others
 koji_web_cacert: /etc/pki/tls/certs/ca-bundle.crt
@@ -35,27 +37,18 @@ koji_admin_localuser: true
 koji_admin_localuser_name: koji
 
 # Hub Settings
-koji_hub_principal: "HTTP/{{ ansible_fqdn }}@ROCKYLINUX.ORG"
-koji_hub_proxy_principals: koji/kojiweb@ROCKYLINUX.ORG
-koji_hub_keytab: /etc/koji.keytab
+koji_hub_principal: "host/kojihub@ROCKYLINUX.ORG"
+koji_hub_proxy_principals: "HTTP/{{ inventory_hostname }}@ROCKYLINUX.ORG"
+koji_hub_keytab: /etc/keytabs/host.keytab
 koji_hub_principal_format: compile/%s@ROCKYLINUX.ORG
 # This should be sufficient even for LE
-koji_hub_ca: "{{ koji_web_cacert }}"
+koji_hub_ca: "{{ koji_web_cacert  }}"
 
 # Koji FAS Syncing
 # This isn't implemented yet in the role
 koji_fas_sync: false
 koji_fas_url: https://accounts.rockylinux.org
 
-# Not implemented yet
-koji_hub_plugin_mqtt_host: mqtt.rockylinux.org
-koji_hub_plugin_mqtt_topic: koji
-koji_hub_plugin_mqtt_ca: "{{ koji_hub_ca }}"
-koji_hub_plugin_mqtt_tls_cert: /etc/pki/tls/certs/mqtt.pem
-koji_hub_plugin_mqtt_tls_key: /etc/pki/tls/certs/mqtt.key
-koji_hub_plugin_mqtt_excluded_tags:
-  - testing-tag
-
 # IPA Certs if Required
 ipa_getcert_requested_hostnames:
   - name: "{{ ansible_fqdn }}"