roles/koji-builder: Deploy the Koji builder

The *koji-builder* role installs and configures the Koji builder (*kojid*). It supports configuring an HTTP proxy, if required.
2018-08-12 10:10:47 -05:00
parent da4ec1612c
commit a0dd911a63
6 changed files with 567 additions and 0 deletions
--- a/roles/koji-builder/tasks/main.yml
+++ b/roles/koji-builder/tasks/main.yml
@@ -0,0 +1,78 @@
+- name: ensure packages are installed
+  package:
+    name=koji-builder
+    state=present
+  tags:
+  - install
+
+- name: ensure kojid certificate is installed
+  copy:
+    src={{ item }}
+    dest=/etc/kojid/kojid.pem
+    mode=0400
+    owner=root
+    group=root
+  with_fileglob:
+  - certs/koji/{{ inventory_hostname }}/kojid.pem
+  notify: restart kojid
+- name: ensure kojid ca certificates are installed
+  copy:
+    src={{ item }}
+    dest=/etc/kojid/{{ item|basename }}
+    mode=0644
+  with_fileglob:
+  - certs/koji/{{ inventory_hostname }}/*.crt
+- name: ensure koji hub server ca certificate is trusted
+  copy:
+    src={{ item }}
+    dest=/etc/pki/ca-trust/source/anchors/koji-hub.crt
+    mode=0644
+  with_fileglob:
+  - certs/koji/{{ inventory_hostname }}/serverca.crt
+  notify: update ca trust
+- name: ensure kojid is configured
+  template:
+    src=kojid.conf.j2
+    dest=/etc/kojid/kojid.conf
+  notify: restart kojid
+
+- name: ensure kojid unit extension directory exists
+  file:
+    path=/etc/systemd/system/kojid.service.d
+    mode=0755
+    state=directory
+- name: ensure http proxy is configured for kojid
+  template:
+    src=http_proxy.conf.j2
+    dest=/etc/systemd/system/kojid.service.d/http_proxy.conf
+    mode=0644
+  notify:
+  - reload systemd
+  - restart kojid
+
+- name: ensure mock is configured
+  template:
+    src=site-defaults.mock.cfg.j2
+    dest=/etc/mock/site-defaults.cfg
+    mode=0644
+
+- name: ensure kojid starts at boot
+  service:
+    name=kojid
+    enabled=yes
+- meta: flush_handlers
+- name: ensure kojid is running
+  service:
+    name=kojid
+    state=started
+
+- name: ensure root has an ssh key
+  user:
+    name=root
+    generate_ssh_key=yes
+    ssh_key_type=rsa
+    ssh_key_bits=4096
+  register: root_user
+- name: display ssh public key for root
+  debug:
+    var=root_user.ssh_public_key