kojihub changes

2024-12-22 19:08:30 +00:00 · 2020-12-31 14:49:48 -07:00 · 2020-12-31 14:49:48 -07:00 · 4ff14a8641
commit 4ff14a8641
parent 3c5a2e914e
4 changed files with 73 additions and 16 deletions
--- a/ansible/playbooks/files/usr/local/bin/lock-wrapper
+++ b/ansible/playbooks/files/usr/local/bin/lock-wrapper
@ -0,0 +1,52 @@
 #!/bin/bash
 # Borrowed from Fedora Infra for Rocky Linux
 if [ $# -lt 2  ]; then
    echo "Usage: $0 [name] [script]"
    exit 1;
 fi
 NAME=$1
 SCRIPT=$2
 SILENT="no"
 if [ $# -ge 3 -a "$3" == "--silent"  ]; then
    SILENT="yes"
    shift
 fi
 shift 2
 LOCKDIR="/var/tmp/$NAME"
 PIDFILE="$LOCKDIR/pid"
 function cleanup {
    rm -rf "$LOCKDIR"
 }
 RESTORE_UMASK=$(umask -p)
 umask 0077
 mkdir "$LOCKDIR" >& /dev/null
 if [ $? != 0  ]; then
    PID=$(cat "$PIDFILE")
    if [ -n "$PID"  ] && /bin/ps $PID > /dev/null
    then
        if [ "$SILENT" != "yes"  ]; then
 	    echo "$PID is still running"
 	    /bin/ps -o user,pid,start,time,comm $PID
 	fi
        exit 1;
    else
        echo "$LOCKDIR exists but $PID is dead"
        echo "Removing lockdir and re-running"
        /bin/rm -rf $LOCKDIR
        mkdir $LOCKDIR || exit
    fi
 fi
 trap cleanup EXIT SIGQUIT SIGHUP SIGTERM
 echo $$ > "$PIDFILE"
 $RESTORE_UMASK
 eval "$SCRIPT $*"
--- a/ansible/playbooks/init-rocky-system-config.yml
+++ b/ansible/playbooks/init-rocky-system-config.yml
@ -39,6 +39,9 @@
    - name: Configure grub
      import_tasks: tasks/grub.yml
    - name: Configure common scripts
      import_tasks: tasks/scripts.yml
  post_tasks:
    - name: Touching run file that ansible has ran here
      file:
--- a/ansible/playbooks/tasks/scripts.yml
+++ b/ansible/playbooks/tasks/scripts.yml
@ -0,0 +1,9 @@
 ---
 # Common scripts that rocky uses on nodes
 - name: Lock Wrapper script
  copy:
    src: "usr/local/bin/lock-wrapper"
    dest: "/usr/local/bin/lock-wrapper"
    owner: root
    group: root
    mode: '0755'
--- a/ansible/playbooks/vars/kojihub.yml
+++ b/ansible/playbooks/vars/kojihub.yml
@ -1,5 +1,7 @@
 ---
 # koji hub settings
 # This should be the front-facing URL of koji
 koji_url_name: koji.rockylinux.org
 # Use an internal CA (IPA)
 koji_internal_ca: true
@ -13,9 +15,9 @@ koji_db_user: koji
 # This will need to change when koji_postgresql_vm is false
 koji_db_host: "{{ ansible_fqdn }}"
-koji_web_url: "https://{{ ansible_fqdn }}/koji"
+koji_web_url: "https://{{ koji_url_name }}/koji"
-koji_hub_url: "https://{{ ansible_fqdn }}/kojihub"
+koji_hub_url: "https://{{ koji_url_name }}/kojihub"
-koji_files_url: "https://{{ ansible_fqdn }}/kojifiles"
+koji_files_url: "https://{{ koji_url_name }}/kojifiles"
 # The IPA internal CA is combined with the others
 koji_web_cacert: /etc/pki/tls/certs/ca-bundle.crt
@ -35,27 +37,18 @@ koji_admin_localuser: true
 koji_admin_localuser_name: koji
 # Hub Settings
-koji_hub_principal: "HTTP/{{ ansible_fqdn }}@ROCKYLINUX.ORG"
+koji_hub_principal: "host/kojihub@ROCKYLINUX.ORG"
-koji_hub_proxy_principals: koji/kojiweb@ROCKYLINUX.ORG
+koji_hub_proxy_principals: "HTTP/{{ inventory_hostname }}@ROCKYLINUX.ORG"
-koji_hub_keytab: /etc/koji.keytab
+koji_hub_keytab: /etc/keytabs/host.keytab
 koji_hub_principal_format: compile/%s@ROCKYLINUX.ORG
 # This should be sufficient even for LE
-koji_hub_ca: "{{ koji_web_cacert }}"
+koji_hub_ca: "{{ koji_web_cacert  }}"
 # Koji FAS Syncing
 # This isn't implemented yet in the role
 koji_fas_sync: false
 koji_fas_url: https://accounts.rockylinux.org
 # Not implemented yet
 koji_hub_plugin_mqtt_host: mqtt.rockylinux.org
 koji_hub_plugin_mqtt_topic: koji
 koji_hub_plugin_mqtt_ca: "{{ koji_hub_ca }}"
 koji_hub_plugin_mqtt_tls_cert: /etc/pki/tls/certs/mqtt.pem
 koji_hub_plugin_mqtt_tls_key: /etc/pki/tls/certs/mqtt.key
 koji_hub_plugin_mqtt_excluded_tags:
  - testing-tag
 # IPA Certs if Required
 ipa_getcert_requested_hostnames:
  - name: "{{ ansible_fqdn }}"