roles/kojira: Deploy the Koji repository agent

The *kojira* role sets up the Koji repository agent to manage repository metadata for build tags. It runs as a daemon, usually on the same machine as the Koji hub. A client certificate is required for authentication, and must be supplied by placing it in the `certs/koji/{{ inventory_hostname }}` directory.
2018-08-12 10:04:23 -05:00
parent 1a8d7ce29a
commit aed2776e27
4 changed files with 112 additions and 0 deletions
--- a/roles/kojira/tasks/main.yml
+++ b/roles/kojira/tasks/main.yml
@@ -0,0 +1,49 @@
+- name: ensure packages are installed
+  package:
+    name=koji-utils
+    state=present
+  tags:
+  - install
+
+- name: ensure kojira certificate is installed
+  copy:
+    src={{ item }}
+    dest=/etc/kojira/kojira.pem
+    mode=0400
+    owner=root
+    group=root
+  with_fileglob:
+  - certs/koji/{{ inventory_hostname }}/kojira.pem
+  notify: restart kojira
+- name: ensure kojira ca certificates are installed
+  copy:
+    src={{ item }}
+    dest=/etc/kojira/{{ item|basename }}
+    mode=0644
+  with_fileglob:
+  - certs/koji/{{ inventory_hostname }}/*.crt
+- name: ensure koji hub server ca certificate is trusted
+  copy:
+    src={{ item }}
+    dest=/etc/pki/ca-trust/source/anchors/koji-hub.crt
+    mode=0644
+  with_fileglob:
+  - certs/koji/{{ inventory_hostname }}/serverca.crt
+  notify: update ca trust
+- name: ensure kojira is configured
+  template:
+    src=kojira.conf.j2
+    dest=/etc/kojira/kojira.conf
+  notify: restart kojira
+
+# TODO: It would be better if kojira did not run as root
+
+- name: ensure kojira starts at boot
+  service:
+    name=kojira
+    enabled=yes
+- meta: flush_handlers
+- name: ensure kojira is running
+  service:
+    name=kojira
+    state=started