ansible-msvsphere.ci/roles/koji_server/tasks/kojira.yml

---
- name: Install koji-utils
  ansible.builtin.dnf:
    name: koji-utils
    state: installed

- name: Generate /etc/kojira/kojira.conf config
  ansible.builtin.template:
    src: etc/kojira/kojira.conf.j2
    dest: /etc/kojira/kojira.conf
    owner: root
    group: root
    mode: 0o644
  notify: restart kojira

# TODO: add FreeIPA support
- name: Generate kojira principal keytab
  ansible.builtin.include_role:
    name: msvsphere.ci.kerberos_principal
  vars:
    kerberos_principal_name: "{{ koji_kojira_principal }}"
    kerberos_principal_keytab_path: "{{ koji_kojira_keytab }}"

- name: Check if kojira DB user exists
  community.postgresql.postgresql_query:
    db: "{{ koji_db_name }}"
    login_user: "{{ koji_db_user }}"
    login_password: "{{ koji_db_password }}"
    login_host: "{{ koji_db_server_ip }}"
    query: >
      SELECT krb_principal FROM user_krb_principals
        WHERE krb_principal = %(krb_principal)s      
    named_args:
      krb_principal: "{{ koji_kojira_principal }}"
  register: kojira_user_initialized

- name: Configure kojira Koji user
  block:
    - name: Obtain Koji admin kerberos ticket
      ansible.builtin.shell: "echo '{{ koji_admin_password }}' | kinit {{ koji_admin_principal }}"

    - name: Check if kojira Koji user exist
      command: koji userinfo kojira
      register: koji_kojira_userinfo
      changed_when: koji_kojira_userinfo.stderr is search('No\s+such\s+user')

    - name: Create kojira Koji user
      command: "koji add-user kojira --principal='{{ koji_kojira_principal }}'"
      register: koji_kojira_add_user
      when: koji_kojira_userinfo.changed
      notify: restart kojira

    - name: Grant kojira Koji user repo permissions
      command: koji grant-permission repo kojira
      when: koji_kojira_add_user.changed
  always:
    - name: Destroy Koji admin kerberos ticket
      ansible.builtin.command: "kdestroy -p {{ koji_admin_principal }}"
      ignore_errors: true
  when: kojira_user_initialized.rowcount == 0

- name: Enable and start kojira service
  ansible.builtin.service:
    name: kojira
    enabled: true
    state: started
Adds kerberos_principal and koji_server roles 9 months ago			`---`
			`- name: Install koji-utils`
			`ansible.builtin.dnf:`
			`name: koji-utils`
			`state: installed`

			`- name: Generate /etc/kojira/kojira.conf config`
			`ansible.builtin.template:`
			`src: etc/kojira/kojira.conf.j2`
			`dest: /etc/kojira/kojira.conf`
			`owner: root`
			`group: root`
			`mode: 0o644`
			`notify: restart kojira`

			`# TODO: add FreeIPA support`
			`- name: Generate kojira principal keytab`
			`ansible.builtin.include_role:`
			`name: msvsphere.ci.kerberos_principal`
			`vars:`
			`kerberos_principal_name: "{{ koji_kojira_principal }}"`
			`kerberos_principal_keytab_path: "{{ koji_kojira_keytab }}"`

			`- name: Check if kojira DB user exists`
			`community.postgresql.postgresql_query:`
			`db: "{{ koji_db_name }}"`
			`login_user: "{{ koji_db_user }}"`
			`login_password: "{{ koji_db_password }}"`
			`login_host: "{{ koji_db_server_ip }}"`
			`query: >`
			`SELECT krb_principal FROM user_krb_principals`
			`WHERE krb_principal = %(krb_principal)s`
			`named_args:`
			`krb_principal: "{{ koji_kojira_principal }}"`
			`register: kojira_user_initialized`

			`- name: Configure kojira Koji user`
			`block:`
			`- name: Obtain Koji admin kerberos ticket`
			`ansible.builtin.shell: "echo '{{ koji_admin_password }}' \| kinit {{ koji_admin_principal }}"`

			`- name: Check if kojira Koji user exist`
			`command: koji userinfo kojira`
			`register: koji_kojira_userinfo`
			`changed_when: koji_kojira_userinfo.stderr is search('No\s+such\s+user')`

			`- name: Create kojira Koji user`
			`command: "koji add-user kojira --principal='{{ koji_kojira_principal }}'"`
			`register: koji_kojira_add_user`
			`when: koji_kojira_userinfo.changed`
			`notify: restart kojira`

			`- name: Grant kojira Koji user repo permissions`
			`command: koji grant-permission repo kojira`
			`when: koji_kojira_add_user.changed`
			`always:`
			`- name: Destroy Koji admin kerberos ticket`
			`ansible.builtin.command: "kdestroy -p {{ koji_admin_principal }}"`
			`ignore_errors: true`
			`when: kojira_user_initialized.rowcount == 0`

			`- name: Enable and start kojira service`
			`ansible.builtin.service:`
			`name: kojira`
			`enabled: true`
			`state: started`