You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
67 lines
2.1 KiB
67 lines
2.1 KiB
9 months ago
|
---
|
||
|
- name: Install koji-utils
|
||
|
ansible.builtin.dnf:
|
||
|
name: koji-utils
|
||
|
state: installed
|
||
|
|
||
|
- name: Generate /etc/kojira/kojira.conf config
|
||
|
ansible.builtin.template:
|
||
|
src: etc/kojira/kojira.conf.j2
|
||
|
dest: /etc/kojira/kojira.conf
|
||
|
owner: root
|
||
|
group: root
|
||
|
mode: 0o644
|
||
|
notify: restart kojira
|
||
|
|
||
|
# TODO: add FreeIPA support
|
||
|
- name: Generate kojira principal keytab
|
||
|
ansible.builtin.include_role:
|
||
|
name: msvsphere.ci.kerberos_principal
|
||
|
vars:
|
||
|
kerberos_principal_name: "{{ koji_kojira_principal }}"
|
||
|
kerberos_principal_keytab_path: "{{ koji_kojira_keytab }}"
|
||
|
|
||
|
- name: Check if kojira DB user exists
|
||
|
community.postgresql.postgresql_query:
|
||
|
db: "{{ koji_db_name }}"
|
||
|
login_user: "{{ koji_db_user }}"
|
||
|
login_password: "{{ koji_db_password }}"
|
||
|
login_host: "{{ koji_db_server_ip }}"
|
||
|
query: >
|
||
|
SELECT krb_principal FROM user_krb_principals
|
||
|
WHERE krb_principal = %(krb_principal)s
|
||
|
named_args:
|
||
|
krb_principal: "{{ koji_kojira_principal }}"
|
||
|
register: kojira_user_initialized
|
||
|
|
||
|
- name: Configure kojira Koji user
|
||
|
block:
|
||
|
- name: Obtain Koji admin kerberos ticket
|
||
|
ansible.builtin.shell: "echo '{{ koji_admin_password }}' | kinit {{ koji_admin_principal }}"
|
||
|
|
||
|
- name: Check if kojira Koji user exist
|
||
|
command: koji userinfo kojira
|
||
|
register: koji_kojira_userinfo
|
||
|
changed_when: koji_kojira_userinfo.stderr is search('No\s+such\s+user')
|
||
|
|
||
|
- name: Create kojira Koji user
|
||
|
command: "koji add-user kojira --principal='{{ koji_kojira_principal }}'"
|
||
|
register: koji_kojira_add_user
|
||
|
when: koji_kojira_userinfo.changed
|
||
|
notify: restart kojira
|
||
|
|
||
|
- name: Grant kojira Koji user repo permissions
|
||
|
command: koji grant-permission repo kojira
|
||
|
when: koji_kojira_add_user.changed
|
||
|
always:
|
||
|
- name: Destroy Koji admin kerberos ticket
|
||
|
ansible.builtin.command: "kdestroy -p {{ koji_admin_principal }}"
|
||
|
ignore_errors: true
|
||
|
when: kojira_user_initialized.rowcount == 0
|
||
|
|
||
|
- name: Enable and start kojira service
|
||
|
ansible.builtin.service:
|
||
|
name: kojira
|
||
|
enabled: true
|
||
|
state: started
|