From bc527aab5c02c363fd9bc39106a52dd2be22ab65 Mon Sep 17 00:00:00 2001 From: Clement Verna Date: Aug 10 2021 20:35:58 +0000 Subject: Remove the old osbs-cluster playbook. This is the old osbs playbook that was used before aarch64 was added. The new playbooks are under playbooks/groups/osbs. Signed-off-by: Clement Verna --- diff --git a/playbooks/groups/osbs-cluster.yml b/playbooks/groups/osbs-cluster.yml deleted file mode 100644 index 3bf9b3d..0000000 --- a/playbooks/groups/osbs-cluster.yml +++ /dev/null @@ -1,818 +0,0 @@ -# create an osbs server -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=osbs_control" -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=osbs_control_stg" -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=osbs_nodes:osbs_masters" -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=osbs_nodes_stg:osbs_masters_stg" -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=osbs_aarch64_masters_stg" -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=osbs_aarch64_masters" - -- name: make the box be real - hosts: osbs_control:osbs_masters:osbs_nodes:osbs_control_stg:osbs_masters_stg:osbs_nodes_stg:osbs_aarch64_masters_stg:osbs_aarch64_masters - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - roles: - - base - - rkhunter - - nagios_client - - hosts - - ipa/client - - sudo - - collectd/base - - rsyncd - - tasks: - - name: put openshift repo on os- systems - template: src="{{ files }}/openshift/openshift.repo" dest="/etc/yum.repos.d/openshift.repo" - tags: - - config - - packages - - yumrepos - - name: install redhat ca file - package: - name: subscription-manager-rhsm-certificates - state: present - - import_tasks: "{{ tasks_path }}/motd.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - -- name: OSBS control hosts pre-req setup - hosts: osbs_control:osbs_control_stg - tags: - - osbs-cluster-prereq - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: deploy private key to control hosts - copy: - src: "{{private}}/files/osbs/{{env}}/control_key" - dest: "/root/.ssh/id_rsa" - owner: root - mode: 0600 - - - name: set ansible to use pipelining - ini_file: - dest: /etc/ansible/ansible.cfg - section: ssh_connection - option: pipelining - value: "True" - -- name: Setup cluster masters pre-reqs - hosts: osbs_masters_stg:osbs_masters:osbs_aarch64_masters_stg:osbs_aarch64_masters - tags: - - osbs-cluster-prereq - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: ensure origin conf dir exists - file: - path: "/etc/origin" - state: "directory" - - - name: create cert dir for openshift public facing REST API SSL - file: - path: "/etc/origin/master/named_certificates" - state: "directory" - - - name: install cert for openshift public facing REST API SSL - copy: - src: "{{private}}/files/osbs/{{env}}/osbs-internal.pem" - dest: "/etc/origin/master/named_certificates/{{osbs_url}}.pem" - - - name: install key for openshift public facing REST API SSL - copy: - src: "{{private}}/files/osbs/{{env}}/osbs-internal.key" - dest: "/etc/origin/master/named_certificates/{{osbs_url}}.key" - - - name: place htpasswd file - copy: - src: "{{private}}/files/httpd/osbs-{{env}}.htpasswd" - dest: /etc/origin/master/htpasswd - - -- name: Setup cluster hosts pre-reqs - hosts: osbs_masters_stg:osbs_nodes_stg:osbs_masters:osbs_nodes:osbs_aarch64_masters_stg:osbs_aarch64_masters - tags: - - osbs-cluster-prereq - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - handlers: - - name: restart NetworkManager - service: - name: NetworkManager - state: restarted - - tasks: - - name: Install necessary packages that openshift-ansible needs - package: - state: installed - name: - - tar - - rsync -# - dbus-python - - NetworkManager -# - libselinux-python - - python2-pyyaml - when: env == "staging" - - name: Install necessary packages that openshift-ansible needs - package: - state: installed - name: - - tar - - rsync -# - dbus-python - - NetworkManager -# - libselinux-python - - python3-PyYAML - when: env == "production" - - - name: Deploy controller public ssh keys to osbs cluster hosts - authorized_key: - user: root - key: "{{ lookup('file', '{{private}}/files/osbs/{{env}}/control_key.pub') }}" - - # This is required for OpenShift built-in SkyDNS inside the overlay network - # of the cluster - - name: ensure NM_CONTROLLED is set to "yes" for osbs cluster - lineinfile: - dest: "/etc/sysconfig/network-scripts/ifcfg-eth0" - line: "NM_CONTROLLED=yes" - notify: - - restart NetworkManager - - # This is required for OpenShift built-in SkyDNS inside the overlay network - # of the cluster - - name: ensure NetworkManager is enabled and started - service: - name: NetworkManager - state: started - enabled: yes - - - name: cron entry to clean up docker storage - copy: - src: "{{files}}/osbs/cleanup-docker-storage" - dest: "/etc/cron.d/cleanup-docker-storage" - - - name: copy docker-storage-setup config - copy: - src: "{{files}}/osbs/docker-storage-setup" - dest: "/etc/sysconfig/docker-storage-setup" - -- name: Deploy kerberose keytab to cluster hosts - hosts: osbs_masters_stg:osbs_nodes_stg:osbs_masters:osbs_nodes:osbs_aarch64_masters_stg:osbs_aarch64_masters - tags: - - osbs-cluster-prereq - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: keytab/service - owner_user: root - owner_group: root - service: osbs - host: "osbs.fedoraproject.org" - when: env == "production" - - role: keytab/service - owner_user: root - owner_group: root - service: osbs - host: "osbs.stg.fedoraproject.org" - when: env == "staging" - -- name: Deploy OpenShift Cluster x86_64 - hosts: osbs_control:osbs_control_stg - tags: - - osbs-deploy-openshift - - osbs-x86-deploy-openshift - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: ansible-ansible-openshift-ansible - cluster_inventory_filename: "{{ inventory_filename }}" - openshift_master_public_api_url: "https://{{ osbs_url }}:8443" - openshift_release: "v3.9.0" - openshift_ansible_path: "/root/openshift-ansible" - openshift_ansible_pre_playbook: "playbooks/prerequisites.yml" - openshift_ansible_playbook: "playbooks/deploy_cluster.yml" - openshift_ansible_version: "openshift-ansible-3.9.37-1" - openshift_ansible_ssh_user: root - openshift_ansible_install_examples: false - openshift_ansible_containerized_deploy: true - openshift_cluster_masters_group: "{{ cluster_masters_group }}" - openshift_cluster_nodes_group: "{{ cluster_nodes_group }}" - openshift_cluster_infra_group: "{{ cluster_infra_group }}" - openshift_auth_profile: "osbs" - openshift_cluster_url: "https://{{osbs_url}}" - openshift_master_ha: false - openshift_debug_level: 2 - openshift_shared_infra: true - openshift_deployment_type: "origin" - openshift_ansible_python_interpreter: "/usr/bin/python3" - openshift_ansible_use_crio: false - openshift_ansible_crio_only: false - tags: ['openshift-cluster-x86','ansible-ansible-openshift-ansible'] - when: env == "production" - -- name: Deploy OpenShift Cluster aarch64 - hosts: osbs_control:osbs_control_stg - tags: - - osbs-deploy-openshift - - osbs-aarch-deploy-openshift - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: ansible-ansible-openshift-ansible - cluster_inventory_filename: "{{ inventory_filename }}" - openshift_htpasswd_file: "/etc/origin/htpasswd" - openshift_master_public_api_url: "https://{{ osbs_url }}:8443" - openshift_release: "v3.9.0" - openshift_ansible_path: "/root/openshift-ansible" - openshift_ansible_pre_playbook: "playbooks/prerequisites.yml" - openshift_ansible_playbook: "playbooks/deploy_cluster.yml" - openshift_ansible_version: "osbs-aarch64-fedora" - openshift_ansible_ssh_user: root - openshift_ansible_install_examples: false - openshift_ansible_containerized_deploy: false - openshift_cluster_masters_group: "{{ aarch_masters_group }}" - openshift_cluster_nodes_group: "{{ aarch_nodes_group }}" - openshift_cluster_infra_group: "{{ aarch_infra_group }}" - openshift_auth_profile: "osbs" - openshift_cluster_url: "https://{{osbs_url}}" - openshift_master_ha: false - openshift_debug_level: 2 - openshift_shared_infra: true - openshift_deployment_type: "origin" - openshift_ansible_python_interpreter: "/usr/bin/python3" - openshift_ansible_use_crio: false - openshift_ansible_crio_only: false - tags: ['openshift-cluster-aarch','ansible-ansible-openshift-ansible'] - -- name: Setup OSBS requirements for OpenShift cluster hosts - hosts: osbs_masters_stg:osbs_nodes_stg:osbs_masters:osbs_nodes - tags: - - osbs-cluster-req - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: install fedora dnsmasq specific top-config - copy: - src: "{{files}}/osbs/fedora-dnsmasq-master.conf.{{env}}" - dest: "/etc/dnsmasq.conf" - when: - is_fedora is defined or (ansible_distribution_major_version|int > 8 and ansible_distribution == 'RedHat') - - name: Ensures /etc/dnsmasq.d/ dir exists - file: path="/etc/dnsmasq.d/" state=directory - - name: install fedora dnsmasq specific config - copy: - src: "{{files}}/osbs/fedora-dnsmasq.conf.{{env}}" - dest: "/etc/dnsmasq.d/fedora-dns.conf" - -- name: Create worker namespace - hosts: osbs_masters_stg[0]:osbs_masters[0]:osbs_aarch64_masters_stg[0]:osbs_aarch64_masters[0] - tags: - - osbs-worker-namespace - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - vars: - osbs_kubeconfig_path: /etc/origin/master/admin.kubeconfig - osbs_environment: - KUBECONFIG: "{{ osbs_kubeconfig_path }}" - - roles: - - role: osbs-namespace - osbs_namespace: "{{ osbs_worker_namespace }}" - osbs_service_accounts: "{{ osbs_worker_service_accounts }}" - osbs_nodeselector: "{{ osbs_worker_default_nodeselector|default('') }}" - osbs_sources_command: "{{ osbs_conf_sources_command }}" - -- name: setup ODCS secret in worker namespace - hosts: osbs_masters_stg[0]:osbs_masters[0]:osbs_aarch64_masters_stg[0]:osbs_aarch64_masters[0] - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - roles: - - role: osbs-secret - osbs_namespace: "{{ osbs_worker_namespace }}" - osbs_secret_name: odcs-oidc-secret - osbs_secret_files: - - source: "{{ private }}/files/osbs/{{ env }}/odcs-oidc-token" - dest: token - tags: - - osbs-worker-namespace - -- name: Create orchestrator namespace - hosts: osbs_masters_stg[0]:osbs_masters[0] - roles: - - role: osbs-namespace - osbs_orchestrator: true - osbs_worker_clusters: "{{ osbs_conf_worker_clusters }}" - osbs_cpu_limitrange: "{{ osbs_orchestrator_cpu_limitrange }}" - osbs_nodeselector: "{{ osbs_orchestrator_default_nodeselector|default('') }}" - osbs_sources_command: "{{ osbs_conf_sources_command }}" - osbs_readwrite_users: "{{ osbs_conf_readwrite_users }}" - osbs_service_accounts: "{{ osbs_conf_service_accounts }}" - koji_use_kerberos: true - koji_kerberos_keytab: "FILE:/etc/krb5.osbs_{{ osbs_url }}.keytab" - koji_kerberos_principal: "osbs/{{osbs_url}}@{{ ipa_realm }}" - tags: - - osbs-orchestrator-namespace - - -- name: Add the orchestrator labels to the nodes - hosts: osbs_masters_stg[0]:osbs_masters[0] - tags: - - osbs-labels-nodes - tasks: - - name: Add the orchestrator labels to the nodes - command: "oc -n {{ osbs_namespace }} label nodes {{ item }} orchestrator=true --overwrite" - loop: "{{ groups['osbs_nodes_stg'] }}" - when: env == "staging" - - - name: Add the orchestrator labels to the nodes - command: "oc -n {{ osbs_namespace }} label nodes {{ item }} orchestrator=true --overwrite" - loop: "{{ groups['osbs_nodes'] }}" - when: env == "production" - -- name: Add the worker labels to the nodes x86_64 - hosts: osbs_masters_stg[0]:osbs_masters[0] - tags: - - osbs-labels-nodes - tasks: - - name: Add the worker label - command: "oc -n {{ osbs_worker_namespace }} label nodes {{ item }} worker=true --overwrite" - loop: "{{ groups['osbs_nodes_stg'] }}" - when: env == "staging" - - name: Add the worker label - command: "oc -n {{ osbs_worker_namespace }} label nodes {{ item }} worker=true --overwrite" - loop: "{{ groups['osbs_nodes'] }}" - when: env == "production" - -- name: Add the worker labels to the nodes aarch64 - hosts: osbs_aarch64_masters_stg[0]:osbs_aarch64_masters[0] - tags: - - osbs-labels-nodes - tasks: - - name: Add the worker label - command: "oc -n {{ osbs_worker_namespace }} label nodes {{ item }} worker=true --overwrite" - loop: "{{ groups['osbs-aarch64-nodes-stg'] }}" - when: env == "staging" - - name: Add the worker label - command: "oc -n {{ osbs_worker_namespace }} label nodes {{ item }} worker=true --overwrite" - loop: "{{ groups['osbs-aarch64-nodes'] }}" - when: env == "production" - -- name: setup reactor config secret in orchestrator namespace - hosts: osbs_masters_stg[0]:osbs_masters[0] - roles: - - role: osbs-secret - osbs_secret_name: reactor-config-secret - osbs_secret_files: - - source: "/tmp/{{ osbs_namespace }}-{{ env }}-reactor-config-secret.yml" - dest: config.yaml - tags: - - osbs-orchestrator-namespace - -- name: setup ODCS secret in orchestrator namespace - hosts: osbs_masters_stg[0]:osbs_masters[0] - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - roles: - - role: osbs-secret - osbs_secret_name: odcs-oidc-secret - osbs_secret_files: - - source: "{{ private }}/files/osbs/{{ env }}/odcs-oidc-token" - dest: token - tags: - - osbs-orchestrator-namespace - - -- name: setup client config secret in orchestrator namespace - hosts: osbs_masters_stg[0]:osbs_masters[0] - roles: - - role: osbs-secret - osbs_secret_name: client-config-secret - osbs_secret_files: - - source: "/tmp/{{ osbs_namespace }}-{{ env }}-client-config-secret.conf" - dest: osbs.conf - tags: - - osbs-orchestrator-namespace - -- name: Save orchestrator token x86_64 - hosts: osbs_masters_stg[0]:osbs_masters[0] - tasks: - - name: get orchestrator service account token - command: "oc -n {{ osbs_worker_namespace }} sa get-token orchestrator" - register: orchestator_token_x86_64 - - name: save the token locally - local_action: > - copy - content="{{ orchestator_token_x86_64.stdout }}" - dest=/tmp/.orchestator-token-x86_64 - mode=0400 - tags: - - osbs-orchestrator-namespace - -- name: setup orchestrator token for x86_64-osbs - hosts: osbs_masters_stg[0]:osbs_masters[0] - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - roles: - - role: osbs-secret - osbs_secret_name: x86-64-orchestrator - osbs_secret_files: - - source: "/tmp/.orchestator-token-x86_64" - dest: token - - post_tasks: - - name: Delete the temporary secret file - local_action: > - file - state=absent - path="/tmp/.orchestator-token-x86_64" - tags: - - osbs-orchestrator-namespace - -- name: Save orchestrator token aarch64 - hosts: osbs_aarch64_masters_stg[0]:osbs_aarch64_masters[0] - tasks: - - name: get orchestrator service account token - command: "oc -n {{ osbs_worker_namespace }} sa get-token orchestrator" - register: orchestator_token_aarch64 - - name: save the token locally - local_action: > - copy - content="{{ orchestator_token_aarch64.stdout }}" - dest=/tmp/.orchestator-token-aarch64 - mode=0400 - tags: - - osbs-orchestrator-namespace - -- name: setup orchestrator token for aarch64-osbs - hosts: osbs_masters_stg[0]:osbs_masters[0] - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - roles: - - role: osbs-secret - osbs_secret_can_fail: true - osbs_secret_name: aarch64-orchestrator - osbs_secret_files: - - source: "/tmp/.orchestator-token-aarch64" - dest: token - - post_tasks: - - name: Delete the temporary secret file - local_action: > - file - state=absent - path="/tmp/.orchestator-token-aarch64" - - tags: - - osbs-orchestrator-namespace - -- name: Add dockercfg secret to allow registry push orchestrator - hosts: osbs_masters_stg[0]:osbs_masters[0] - tags: - - osbs-dockercfg-secret - user: root - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - name: Create the username:password string needed by the template - set_fact: - auth_info_prod: "{{candidate_registry_osbs_prod_username}}:{{candidate_registry_osbs_prod_password}}" - auth_info_stg: "{{candidate_registry_osbs_stg_username}}:{{candidate_registry_osbs_stg_password}}" - - - name: Create the dockercfg secret file - local_action: > - template - src="{{ files }}/osbs/dockercfg-{{env}}-secret.j2" - dest="/tmp/.dockercfg" - mode=0400 - - roles: - - role: osbs-secret - osbs_secret_name: "v2-registry-dockercfg" - osbs_secret_type: kubernetes.io/dockercfg - osbs_secret_files: - - source: "/tmp/.dockercfg" - dest: .dockercfg - - post_tasks: - - name: Delete the temporary secret file - local_action: > - file - state=absent - path="/tmp/.dockercfg" - -- name: Add dockercfg secret to allow registry push worker - hosts: osbs_masters_stg[0]:osbs_masters[0]:osbs_aarch64_masters_stg[0]:osbs_aarch64_masters[0] - tags: - - osbs-dockercfg-secret - user: root - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - name: Create the username:password string needed by the template - set_fact: - auth_info_prod: "{{candidate_registry_osbs_prod_username}}:{{candidate_registry_osbs_prod_password}}" - auth_info_stg: "{{candidate_registry_osbs_stg_username}}:{{candidate_registry_osbs_stg_password}}" - - - name: Create the dockercfg secret file - local_action: > - template - src="{{ files }}/osbs/dockercfg-{{env}}-secret.j2" - dest="/tmp/.dockercfg" - mode=0400 - - roles: - - role: osbs-secret - osbs_namespace: "{{ osbs_worker_namespace }}" - osbs_secret_name: "v2-registry-dockercfg" - osbs_secret_type: kubernetes.io/dockercfg - osbs_secret_files: - - source: "/tmp/.dockercfg" - dest: .dockercfg - - post_tasks: - - name: Delete the temporary secret file - local_action: > - file - state=absent - path="/tmp/.dockercfg" - -- name: post-install master host osbs tasks - hosts: osbs_masters_stg:osbs_masters:osbs_aarch64_masters_stg[0]:osbs_aarch64_masters[0] - tags: - - osbs-post-install - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/private/ansible/files/openstack/passwords.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - vars: - osbs_kubeconfig_path: /etc/origin/master/admin.kubeconfig - osbs_environment: - KUBECONFIG: "{{ osbs_kubeconfig_path }}" - koji_pki_dir: /etc/pki/koji - koji_ca_cert_path: "{{koji_pki_dir}}/fedora-server-ca.cert" - koji_cert_path: "{{koji_pki_dir}}/fedora-builder.pem" - koji_builder_user: dockerbuilder - osbs_builder_user: builder - - tasks: - - name: cron entry to clean up old builds - copy: - src: "{{files}}/osbs/cleanup-old-osbs-builds" - dest: "/etc/cron.d/cleanup-old-osbs-builds" - -- name: post-install osbs control tasks - hosts: osbs_control - tags: osbs-post-install - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/private/ansible/files/openstack/passwords.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - tasks: - - name: enable nrpe for monitoring (noc01) - iptables: action=insert chain=INPUT destination_port=5666 protocol=tcp source=10.3.163.10 state=present jump=ACCEPT - tags: - - iptables - - -- name: post-install osbs tasks - hosts: osbs_nodes_stg:osbs_nodes:osbs_aarch64_nodes_stg:osbs_aarch64_nodes - tags: - - osbs-post-install - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/private/ansible/files/openstack/passwords.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - vars: - osbs_kubeconfig_path: /etc/origin/master/admin.kubeconfig - osbs_environment: - KUBECONFIG: "{{ osbs_kubeconfig_path }}" - koji_pki_dir: /etc/pki/koji - koji_ca_cert_path: "{{koji_pki_dir}}/fedora-server-ca.cert" - koji_cert_path: "{{koji_pki_dir}}/fedora-builder.pem" - koji_builder_user: dockerbuilder - osbs_builder_user: builder - - - handlers: - - name: Remove the previous buildroot image - docker_image: - state: absent - name: buildroot - - - name: Build the new buildroot container - docker_image: - path: /etc/osbs/buildroot/ - name: buildroot - nocache: yes - - - name: restart and reload docker service - systemd: - name: docker - state: restarted - daemon_reload: yes - - tasks: - - name: enable nrpe for monitoring (noc01) - iptables: action=insert chain=INPUT destination_port=5666 protocol=tcp source=10.3.163.10 state=present jump=ACCEPT - tags: - - iptables - - - name: copy docker iptables script - copy: - src: "{{files}}/osbs/fix-docker-iptables.{{ env }}" - dest: /usr/local/bin/fix-docker-iptables - mode: 0755 - tags: - - iptables - notify: - - restart and reload docker service - - - name: copy docker custom service config - copy: - src: "{{files}}/osbs/docker.firewall.service" - dest: /etc/systemd/system/docker.service.d/firewall.conf - tags: - - docker - notify: - - restart and reload docker service - - - name: copy the osbs customization file - copy: - src: "{{item}}" - dest: "/etc/osbs/buildroot/" - owner: root - mode: 0600 - with_items: - - "{{files}}/osbs/worker_customize.json" - - "{{files}}/osbs/orchestrator_customize.json" - - - name: Create buildroot container conf directory - file: - path: "/etc/osbs/buildroot/" - state: directory - - - name: Upload Dockerfile for buildroot container - template: - src: "{{ files }}/osbs/buildroot-Dockerfile-{{env}}.j2" - dest: "/etc/osbs/buildroot/Dockerfile" - mode: 0400 - notify: - - Remove the previous buildroot image - - Build the new buildroot container - - - name: Upload krb5.conf for buildroot container - template: - src: "{{ roles_path }}/base/templates/krb5.conf.j2" - dest: "/etc/osbs/buildroot/krb5.conf" - mode: 0644 - notify: - - Remove the previous buildroot image - - Build the new buildroot container - - - name: Upload internal CA for buildroot - copy: - src: "{{private}}/files/osbs/{{env}}/osbs-internal.pem" - dest: "/etc/osbs/buildroot/ca.crt" - mode: 0400 - notify: - - Remove the previous buildroot image - - Build the new buildroot container - - - name: stat infra repofile - stat: - path: "/etc/yum.repos.d/infra-tags.repo" - register: infra_repo_stat - - - name: stat /etc/osbs/buildroot/ infra repofile - stat: - path: "/etc/osbs/buildroot/infra-tags.repo" - register: etcosbs_infra_repo_stat - - - name: remove old /etc/osbs/buildroot/ infra repofile - file: - path: "/etc/osbs/buildroot/infra-tags.repo" - state: absent - when: etcosbs_infra_repo_stat.stat.exists and infra_repo_stat.stat.checksum != etcosbs_infra_repo_stat.stat.checksum - - - name: Copy repofile for buildroot container (because Docker) - copy: - src: "/etc/yum.repos.d/infra-tags.repo" - dest: "/etc/osbs/buildroot/infra-tags.repo" - remote_src: true - notify: - - Remove the previous buildroot image - - Build the new buildroot container - - when: etcosbs_infra_repo_stat.stat.exists == false - - - name: stat /etc/ keytab - stat: - path: "/etc/krb5.osbs_{{osbs_url}}.keytab" - register: etc_kt_stat - - - name: stat /etc/osbs/buildroot/ keytab - stat: - path: "/etc/osbs/buildroot/krb5.osbs_{{osbs_url}}.keytab" - register: etcosbs_kt_stat - - - name: remove old hardlink to /etc/osbs/buildroot/ keytab - file: - path: "/etc/osbs/buildroot/krb5.osbs_{{osbs_url}}.keytab" - state: absent - when: etcosbs_kt_stat.stat.exists and etc_kt_stat.stat.checksum != etcosbs_kt_stat.stat.checksum - - - name: Hardlink keytab for buildroot container (because Docker) - file: - src: "/etc/krb5.osbs_{{osbs_url}}.keytab" - dest: "/etc/osbs/buildroot/krb5.osbs_{{osbs_url}}.keytab" - state: hard - notify: - - Remove the previous buildroot image - - Build the new buildroot container - - when: etcosbs_kt_stat.stat.exists == false - - - name: pull fedora required docker images - command: "docker pull {{source_registry}}/{{item}}" - with_items: "{{fedora_required_images}}" - register: docker_pull_fedora - changed_when: "'Downloaded newer image' in docker_pull_fedora.stdout" - - - name: enable nrpe for monitoring (noc01) - iptables: action=insert chain=INPUT destination_port=5666 protocol=tcp source=10.3.163.10 state=present jump=ACCEPT