From 4ff14a86411a3c111fb12bce826101c0b4de7aaa Mon Sep 17 00:00:00 2001 From: nazunalika Date: Thu, 31 Dec 2020 14:49:48 -0700 Subject: [PATCH] kojihub changes --- .../files/usr/local/bin/lock-wrapper | 52 +++++++++++++++++++ .../playbooks/init-rocky-system-config.yml | 3 ++ ansible/playbooks/tasks/scripts.yml | 9 ++++ ansible/playbooks/vars/kojihub.yml | 25 ++++----- 4 files changed, 73 insertions(+), 16 deletions(-) create mode 100644 ansible/playbooks/files/usr/local/bin/lock-wrapper create mode 100644 ansible/playbooks/tasks/scripts.yml diff --git a/ansible/playbooks/files/usr/local/bin/lock-wrapper b/ansible/playbooks/files/usr/local/bin/lock-wrapper new file mode 100644 index 0000000..834d77b --- /dev/null +++ b/ansible/playbooks/files/usr/local/bin/lock-wrapper @@ -0,0 +1,52 @@ +#!/bin/bash +# Borrowed from Fedora Infra for Rocky Linux + +if [ $# -lt 2 ]; then + echo "Usage: $0 [name] [script]" + exit 1; +fi + +NAME=$1 +SCRIPT=$2 + +SILENT="no" +if [ $# -ge 3 -a "$3" == "--silent" ]; then + SILENT="yes" + shift +fi + +shift 2 + +LOCKDIR="/var/tmp/$NAME" +PIDFILE="$LOCKDIR/pid" + +function cleanup { + rm -rf "$LOCKDIR" + +} + +RESTORE_UMASK=$(umask -p) +umask 0077 +mkdir "$LOCKDIR" >& /dev/null +if [ $? != 0 ]; then + PID=$(cat "$PIDFILE") + if [ -n "$PID" ] && /bin/ps $PID > /dev/null + then + if [ "$SILENT" != "yes" ]; then + echo "$PID is still running" + /bin/ps -o user,pid,start,time,comm $PID + fi + exit 1; + else + echo "$LOCKDIR exists but $PID is dead" + echo "Removing lockdir and re-running" + /bin/rm -rf $LOCKDIR + mkdir $LOCKDIR || exit + fi +fi + +trap cleanup EXIT SIGQUIT SIGHUP SIGTERM +echo $$ > "$PIDFILE" + +$RESTORE_UMASK +eval "$SCRIPT $*" diff --git a/ansible/playbooks/init-rocky-system-config.yml b/ansible/playbooks/init-rocky-system-config.yml index b57b649..258283a 100644 --- a/ansible/playbooks/init-rocky-system-config.yml +++ b/ansible/playbooks/init-rocky-system-config.yml @@ -39,6 +39,9 @@ - name: Configure grub import_tasks: tasks/grub.yml + - name: Configure common scripts + import_tasks: tasks/scripts.yml + post_tasks: - name: Touching run file that ansible has ran here file: diff --git a/ansible/playbooks/tasks/scripts.yml b/ansible/playbooks/tasks/scripts.yml new file mode 100644 index 0000000..7f430ff --- /dev/null +++ b/ansible/playbooks/tasks/scripts.yml @@ -0,0 +1,9 @@ +--- +# Common scripts that rocky uses on nodes +- name: Lock Wrapper script + copy: + src: "usr/local/bin/lock-wrapper" + dest: "/usr/local/bin/lock-wrapper" + owner: root + group: root + mode: '0755' diff --git a/ansible/playbooks/vars/kojihub.yml b/ansible/playbooks/vars/kojihub.yml index ec3cdb2..e3f28cd 100644 --- a/ansible/playbooks/vars/kojihub.yml +++ b/ansible/playbooks/vars/kojihub.yml @@ -1,5 +1,7 @@ --- # koji hub settings +# This should be the front-facing URL of koji +koji_url_name: koji.rockylinux.org # Use an internal CA (IPA) koji_internal_ca: true @@ -13,9 +15,9 @@ koji_db_user: koji # This will need to change when koji_postgresql_vm is false koji_db_host: "{{ ansible_fqdn }}" -koji_web_url: "https://{{ ansible_fqdn }}/koji" -koji_hub_url: "https://{{ ansible_fqdn }}/kojihub" -koji_files_url: "https://{{ ansible_fqdn }}/kojifiles" +koji_web_url: "https://{{ koji_url_name }}/koji" +koji_hub_url: "https://{{ koji_url_name }}/kojihub" +koji_files_url: "https://{{ koji_url_name }}/kojifiles" # The IPA internal CA is combined with the others koji_web_cacert: /etc/pki/tls/certs/ca-bundle.crt @@ -35,27 +37,18 @@ koji_admin_localuser: true koji_admin_localuser_name: koji # Hub Settings -koji_hub_principal: "HTTP/{{ ansible_fqdn }}@ROCKYLINUX.ORG" -koji_hub_proxy_principals: koji/kojiweb@ROCKYLINUX.ORG -koji_hub_keytab: /etc/koji.keytab +koji_hub_principal: "host/kojihub@ROCKYLINUX.ORG" +koji_hub_proxy_principals: "HTTP/{{ inventory_hostname }}@ROCKYLINUX.ORG" +koji_hub_keytab: /etc/keytabs/host.keytab koji_hub_principal_format: compile/%s@ROCKYLINUX.ORG # This should be sufficient even for LE -koji_hub_ca: "{{ koji_web_cacert }}" +koji_hub_ca: "{{ koji_web_cacert }}" # Koji FAS Syncing # This isn't implemented yet in the role koji_fas_sync: false koji_fas_url: https://accounts.rockylinux.org -# Not implemented yet -koji_hub_plugin_mqtt_host: mqtt.rockylinux.org -koji_hub_plugin_mqtt_topic: koji -koji_hub_plugin_mqtt_ca: "{{ koji_hub_ca }}" -koji_hub_plugin_mqtt_tls_cert: /etc/pki/tls/certs/mqtt.pem -koji_hub_plugin_mqtt_tls_key: /etc/pki/tls/certs/mqtt.key -koji_hub_plugin_mqtt_excluded_tags: - - testing-tag - # IPA Certs if Required ipa_getcert_requested_hostnames: - name: "{{ ansible_fqdn }}"