Adds Gitea installation and Koji builders support

master 0.1.6
Eugene Zamriy 11 months ago
parent 08a701d6b0
commit 2af76fe3f4
Signed by: ezamriy
GPG Key ID: 7EBF95C7DCFA496C

@ -5,6 +5,21 @@ msvsphere.ci Release Notes
.. contents:: Topics .. contents:: Topics
v0.1.6
======
Release Summary
---------------
Implemented Gitea installation and Koji builders support.
New Roles
---------
- msvsphere.ci.gitea_binary - A role that installs Gitea from an official binary.
- msvsphere.ci.gitea_db_server - A role that configures a PostgreSQL server for Gitea.
- msvsphere.ci.koji_builder - A role that configures a Koji builder.
v0.1.5 v0.1.5
====== ======

@ -4,8 +4,11 @@ The MSVSphere OS CI/CD collection.
## Roles ## Roles
* [gitea_binary](roles/gitea_binary/README.md)
* [gitea_db_server](roles/gitea_db_server/README.md)
* [kerberos_kdc](roles/kerberos_kdc/README.md) * [kerberos_kdc](roles/kerberos_kdc/README.md)
* [kerberos_principal](roles/kerberos_principal/README.md) * [kerberos_principal](roles/kerberos_principal/README.md)
* [koji_builder](roles/koji_builder/README.md)
* [koji_cli](roles/koji_cli/README.md) * [koji_cli](roles/koji_cli/README.md)
* [koji_db_server](roles/koji_db_server/README.md) * [koji_db_server](roles/koji_db_server/README.md)
* [koji_server](roles/koji_server/README.md) * [koji_server](roles/koji_server/README.md)

@ -1,5 +1,13 @@
objects: objects:
role: role:
gitea_binary:
description: A role that installs Gitea from an official binary.
name: gitea_binary
version_added: 0.1.6
gitea_db_server:
description: A role that configures a PostgreSQL server for Gitea.
name: gitea_db_server
version_added: 0.1.6
kerberos_kdc: kerberos_kdc:
description: A role that installs and configures a Kerberos KDC. description: A role that installs and configures a Kerberos KDC.
name: kerberos_kdc name: kerberos_kdc
@ -8,6 +16,10 @@ objects:
description: A role that creates a kerberos principal. description: A role that creates a kerberos principal.
name: kerberos_principal name: kerberos_principal
version_added: 0.1.4 version_added: 0.1.4
koji_builder:
description: A role that configures a Koji builder.
name: koji_builder
version_added: 0.1.6
koji_cli: koji_cli:
description: A role that installs and configures Koji CLI tools. description: A role that installs and configures Koji CLI tools.
name: koji_cli name: koji_cli
@ -48,4 +60,4 @@ plugins:
strategy: {} strategy: {}
test: {} test: {}
vars: {} vars: {}
version: 0.1.5 version: 0.1.6

@ -58,3 +58,20 @@ releases:
name: kerberos_kdc name: kerberos_kdc
namespace: null namespace: null
release_date: '2023-12-18' release_date: '2023-12-18'
0.1.6:
changes:
release_summary: Implemented Gitea installation and Koji builders support.
fragments:
- 2-add-builders-and-git-support.yml
objects:
role:
- description: A role that installs Gitea from an official binary.
name: gitea_binary
namespace: null
- description: A role that configures a PostgreSQL server for Gitea.
name: gitea_db_server
namespace: null
- description: A role that configures a Koji builder.
name: koji_builder
namespace: null
release_date: '2023-12-22'

@ -0,0 +1,2 @@
---
release_summary: Implemented Gitea installation and Koji builders support.

@ -1,6 +1,6 @@
namespace: msvsphere namespace: msvsphere
name: ci name: ci
version: 0.1.5 version: 0.1.6
readme: README.md readme: README.md
authors: authors:
- Eugene Zamriy <ezamriy@msvsphere-os.ru> - Eugene Zamriy <ezamriy@msvsphere-os.ru>
@ -10,6 +10,8 @@ tags:
- linux - linux
- msvsphere - msvsphere
dependencies: dependencies:
'ansible.posix': '*'
'community.general': '*'
'community.postgresql': '*' 'community.postgresql': '*'
repository: https://git.inferitos.ru/msvsphere/ansible-msvsphere.ci repository: https://git.inferitos.ru/msvsphere/ansible-msvsphere.ci
homepage: https://git.inferitos.ru/msvsphere/ansible-msvsphere.ci homepage: https://git.inferitos.ru/msvsphere/ansible-msvsphere.ci

@ -0,0 +1,49 @@
# msvsphere.ci.gitea_binary
An Ansible role that installs Gitea from an official binary.
## Variables
| Variable | Default value | Type | Description | Required |
| -------- | ------------- | ---- | ----------- | -------- |
| gitea_binary_version | "1.21.2" | str | Gitea version. | no |
| gitea_binary_url | "https://dl.gitea.com/gitea/{{ gitea_binary_version }}/gitea-{{ gitea_binary_version }}-linux-amd64" | str | Gitea binary download URL. | no |
| gitea_binary_checksum | "https://dl.gitea.com/gitea/{{ gitea_binary_version }}/gitea-{{ gitea_binary_version }}-linux-amd64.sha256" | str | Gitea binary SHA256 checksum file URL. | no |
| gitea_binary_system_user | "git" | str | Gitea system user name. | no |
| gitea_binary_system_group | "git" | str | Gitea system group name. | no |
| gitea_db_name | "gitea" | str | Gitea PostgreSQL database name. | no |
| gitea_db_user | "gitea" | str | Gitea PostgreSQL database user. | no |
| gitea_db_password | | str | Gitea PostgreSQL database user password. | yes |
| gitea_domain_name | | str | Gitea server domain name. | yes |
| gitea_admin_user | "gitadmin" | str | Gitea administrator user name. | no |
| gitea_admin_password | | str | Gitea administrator user password. | yes |
| gitea_admin_email | "{{ gitea_admin_user }}@{{ gitea_domain_name }}" | str | Gitea administrator user e-mail. | no |
| gitea_app_name | "MSVSphere Git Server" | str | Gitea application name (page title). | no |
| gitea_binary_ca_cert_path | | str | Gitea certificate authority certificate path. | yes |
| gitea_binary_cert_path | | str | Gitea certificate path. | yes |
| gitea_binary_cert_key_path | | str | Gitea certificate key path. | yes |
| gitea_binary_cert_chain_path | | str | Gitea certificate chain path. | yes |
## Example playbook
```yaml
---
- hosts: all
roles:
- role: msvsphere.ci.gitea_binary
gitea_domain_name: 'git.msvsphere.test'
gitea_db_password: 'P@s$w0Rd'
gitea_admin_password: 'p@S$W0rD'
gitea_binary_ca_cert_path: /etc/pki/koji/koji-ca.crt
gitea_binary_cert_path: "/etc/pki/koji/{{ gitea_domain_name }}.crt"
gitea_binary_cert_key_path: "/etc/pki/koji/{{ gitea_domain_name }}.key"
gitea_binary_cert_chain_path: "/etc/pki/koji/{{ gitea_domain_name }}.crt"
```
## License
MIT.
## Authors
* [Eugene Zamriy](mailto:ezamriy@msvsphere-os.ru)

@ -0,0 +1,20 @@
---
gitea_binary_version: '1.21.2'
gitea_binary_url: "https://dl.gitea.com/gitea/{{ gitea_binary_version }}/gitea-{{ gitea_binary_version }}-linux-amd64"
gitea_binary_checksum: "https://dl.gitea.com/gitea/{{ gitea_binary_version }}/gitea-{{ gitea_binary_version }}-linux-amd64.sha256"
gitea_binary_system_user: git
gitea_binary_system_group: git
gitea_db_name: gitea
gitea_db_user: gitea
gitea_db_password:
gitea_domain_name:
gitea_admin_user: 'gitadmin'
gitea_admin_password:
gitea_admin_email: "{{ gitea_admin_user }}@{{ gitea_domain_name }}"
# Gitea application name (page title)
gitea_app_name: 'MSVSphere Git Server'
# Apache httpd configuration
gitea_binary_ca_cert_path:
gitea_binary_cert_path:
gitea_binary_cert_key_path:
gitea_binary_cert_chain_path:

@ -0,0 +1,10 @@
---
- name: restart gitea
ansible.builtin.service:
name: gitea
state: restarted
- name: restart httpd
ansible.builtin.service:
name: httpd
state: restarted

@ -0,0 +1,101 @@
---
argument_specs:
main:
short_description: A role that installs Gitea from an official binary.
author: Eugene Zamriy
version_added: '0.1.6'
options:
gitea_binary_version:
description: Gitea version.
default: '1.21.2'
type: 'str'
required: false
gitea_binary_url:
description: Gitea binary download URL.
default: 'https://dl.gitea.com/gitea/{{ gitea_binary_version }}/gitea-{{ gitea_binary_version }}-linux-amd64'
type: 'str'
required: false
gitea_binary_checksum:
description: Gitea binary SHA256 checksum file URL.
default: 'https://dl.gitea.com/gitea/{{ gitea_binary_version }}/gitea-{{ gitea_binary_version }}-linux-amd64.sha256'
type: 'str'
required: false
gitea_binary_system_user:
description: Gitea system user name.
default: git
type: 'str'
required: false
gitea_binary_system_group:
description: Gitea system group name.
default: git
type: 'str'
required: false
gitea_db_name:
description: Gitea PostgreSQL database name.
default: gitea
type: 'str'
required: false
gitea_db_user:
description: Gitea PostgreSQL database user.
default: gitea
type: 'str'
required: false
gitea_db_password:
description: Gitea PostgreSQL database user password.
type: 'str'
required: true
gitea_domain_name:
description: Gitea server domain name.
type: 'str'
required: true
gitea_admin_user:
description: Gitea administrator user name.
default: 'gitadmin'
type: 'str'
required: false
gitea_admin_password:
description: Gitea administrator user password.
type: 'str'
required: true
gitea_admin_email:
description: Gitea administrator user e-mail.
default: '{{ gitea_admin_user }}@{{ gitea_domain_name }}'
type: 'str'
required: false
gitea_app_name:
description: Gitea application name (page title).
default: 'MSVSphere Git Server'
type: 'str'
required: false
gitea_binary_ca_cert_path:
description: Gitea certificate authority certificate path.
type: 'str'
required: true
gitea_binary_cert_path:
description: Gitea certificate path.
type: 'str'
required: true
gitea_binary_cert_key_path:
description: Gitea certificate key path.
type: 'str'
required: true
gitea_binary_cert_chain_path:
description: Gitea certificate chain path.
type: 'str'
required: true

@ -0,0 +1,17 @@
---
galaxy_info:
author: Eugene Zamriy
description: A role that installs Gitea from an official binary.
company: Softline PJSC
license: MIT
min_ansible_version: 2.13
platforms:
- name: EL
versions:
- "9"
galaxy_tags:
- gitea
- httpd
- postgresql
dependencies: []

@ -0,0 +1,167 @@
---
- name: Check if required variables are defined
ansible.builtin.fail:
msg: "{{ item }} is not defined or empty"
when: |
(vars[item] is undefined)
or (vars[item] is none)
or (vars[item] | trim | length == 0)
with_items:
- gitea_admin_user
- gitea_admin_password
- gitea_admin_email
- gitea_binary_version
- gitea_binary_url
- gitea_binary_checksum
- gitea_domain_name
- gitea_binary_ca_cert_path
- gitea_binary_cert_path
- gitea_binary_cert_key_path
- gitea_binary_cert_chain_path
- name: Add Gitea domain name to /etc/hosts
ansible.builtin.lineinfile:
dest: /etc/hosts
regexp: ".*?\\s{{ gitea_domain_name }}"
line: "127.0.0.1 {{ gitea_domain_name }}"
state: present
- name: Install git
ansible.builtin.dnf:
name: git-core
state: installed
- name: Download Gitea binary
ansible.builtin.get_url:
url: "{{ gitea_binary_url }}"
dest: /usr/local/bin/gitea
checksum: "sha256:{{ gitea_binary_checksum }}"
owner: root
group: root
mode: '0755'
- name: Create Gitea system group
ansible.builtin.group:
name: "{{ gitea_binary_system_group }}"
system: true
state: present
- name: Create Gitea system user
ansible.builtin.user:
name: "{{ gitea_binary_system_user }}"
group: "{{ gitea_binary_system_group }}"
shell: /bin/bash
home: "/home/{{ gitea_binary_system_user }}"
system: true
comment: 'Git Version Control'
- name: Create Gitea working directories
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: "{{ gitea_binary_system_user }}"
group: "{{ gitea_binary_system_group }}"
mode: '0750'
with_items:
- /var/lib/gitea
- /var/lib/gitea/custom
- /var/lib/gitea/data
- /var/lib/gitea/log
- name: Create Gitea configuration directory
ansible.builtin.file:
path: /etc/gitea
state: directory
owner: root
group: "{{ gitea_binary_system_group }}"
mode: '0770'
- name: Generate Gitea configuration file
community.general.ini_file:
path: /etc/gitea/app.ini
option: "{{ item.key }}"
section: "{{ item.section | default(none) }}"
value: "{{ item.value }}"
owner: "{{ gitea_binary_system_user }}"
group: "{{ gitea_binary_system_group }}"
mode: '0600'
with_items:
# default section
- { key: 'APP_NAME', value: "{{ gitea_app_name }}" }
- { key: 'RUN_USER', value: "{{ gitea_binary_system_user }}" }
- { key: 'WORK_PATH', value: '/var/lib/gitea' }
- { key: 'RUN_MODE', value: 'prod' }
# database section
- { key: 'DB_TYPE', value: 'postgres', section: 'database' }
- { key: 'HOST', value: '127.0.0.1:5432', section: 'database' }
- { key: 'NAME', value: "{{ gitea_db_name }}", section: 'database' }
- { key: 'USER', value: "{{ gitea_db_user }}", section: 'database' }
- { key: 'PASSWD', value: "{{ gitea_db_password }}", section: 'database' }
- { key: 'SCHEMA', value: '', section: 'database' }
- { key: 'SSL_MODE', value: 'disable', section: 'database' }
#- { key: 'PATH', value: '/var/lib/gitea/data/gitea.db', section: 'database'}
- { key: 'LOG_SQL', value: 'false', section: 'database' }
# repository section
- { key: 'ROOT', value: '/var/lib/gitea/data/gitea-repositories', section: 'repository' }
# server section
- { key: 'SSH_DOMAIN', value: "{{ gitea_domain_name }}", section: 'server' }
- { key: 'DOMAIN', value: "{{ gitea_domain_name }}", section: 'server' }
- { key: 'HTTP_PORT', value: '3000', section: 'server' }
- { key: 'ROOT_URL', value: "http://{{ gitea_domain_name }}/", section: 'server' }
- { key: 'APP_DATA_PATH', value: '/var/lib/gitea/data', section: 'server' }
- { key: 'DISABLE_SSH', value: 'false', section: 'server' }
- { key: 'SSH_PORT', value: '22', section: 'server' }
- { key: 'LFS_START_SERVER', value: 'true', section: 'server' }
- { key: 'OFFLINE_MODE', value: 'false', section: 'server' }
# security section
- { key: 'INSTALL_LOCK', value: 'true', section: 'security' }
notify:
- restart gitea
- name: Generate Gitea systemd service
ansible.builtin.template:
src: gitea.service.j2
dest: /etc/systemd/system/gitea.service
owner: root
group: root
mode: '0644'
- name: Generate Gitea httpd virtual host config
ansible.builtin.template:
src: httpd-vhost.conf.j2
dest: /etc/httpd/conf.d/{{ gitea_domain_name }}.conf
owner: root
group: root
mode: '0644'
notify: restart httpd
- name: Enable and start Gitea systemd service
ansible.builtin.systemd_service:
name: gitea
daemon_reload: true
enabled: true
state: started
- name: Wait for Gitea service up
ansible.builtin.uri:
url: "http://127.0.0.1:3000/"
method: GET
register: result
until: result.status == 200
retries: 30
delay: 2
- name: Check if Gitea administrator user exists
ansible.builtin.shell:
cmd: "/usr/local/bin/gitea -c /etc/gitea/app.ini admin user list --admin | tail -n +2 | grep '{{ gitea_admin_user }}'"
become: true
become_user: "{{ gitea_binary_system_user }}"
register: gitea_admin_list
changed_when: gitea_admin_list.rc != 0
failed_when: gitea_admin_list.rc not in [0, 1]
- name: Create Gitea administrator user
ansible.builtin.command: "/usr/local/bin/gitea -c /etc/gitea/app.ini admin user create --admin --username '{{ gitea_admin_user }}' --password '{{ gitea_admin_password }}' --email '{{ gitea_admin_email }}' --must-change-password=false"
become: true
become_user: "{{ gitea_binary_system_user }}"
when: gitea_admin_list.rc != 0

@ -0,0 +1,17 @@
[Unit]
Description=Gitea (Git with a cup of tea)
After=syslog.target
After=network.target
[Service]
RestartSec=2s
User={{ gitea_binary_system_user }}
Group={{ gitea_binary_system_group }}
WorkingDirectory=/var/lib/gitea/
ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
Restart=always
Environment=USER={{ gitea_binary_system_user }} HOME=/home/{{ gitea_binary_system_user }} GITEA_WORK_DIR=/var/lib/gitea
WatchdogSec=30s
[Install]
WantedBy=multi-user.target

@ -0,0 +1,19 @@
<virtualhost *:443>
ServerName {{ gitea_domain_name }}
SSLEngine on
SSLHonorCipherOrder on
SSLCipherSuite PROFILE=SYSTEM
SSLProxyCipherSuite PROFILE=SYSTEM
SSLCertificateFile {{ gitea_binary_cert_path }}
SSLCertificateKeyFile {{ gitea_binary_cert_key_path }}
SSLCertificateChainFile {{ gitea_binary_cert_chain_path }}
SSLCACertificateFile {{ gitea_binary_ca_cert_path }}
ProxyPreserveHost On
ProxyRequests off
AllowEncodedSlashes NoDecode
ProxyPass / http://localhost:3000/ nocanon
ErrorLog /var/log/httpd/{{ gitea_domain_name }}-error.log
CustomLog /var/log/httpd/{{ gitea_domain_name }}-access.log combined
</virtualhost>

@ -0,0 +1,32 @@
# msvsphere.ci.gitea_db_server
An Ansible role that configures a PostgreSQL server for Gitea.
## Variables
| Variable | Default value | Type | Description | Required |
| -------- | ------------- | ---- | ----------- | -------- |
| gitea_db_name | "gitea" | str | Gitea database name. | no |
| gitea_db_user | "gitea" | str | Gitea database user. | no |
| gitea_db_password | | str | Gitea database user password. | yes |
| gitea_server_ip | | str | Gitea server IP address. | yes |
| gitea_db_server_password_encryption | "scram-sha-256" | str | Password encryption algorithm. | no |
## Example playbook
```yaml
---
- hosts: all
roles:
- role: msvsphere.ci.gitea_db_server
gitea_server_ip: '127.0.0.1'
gitea_db_password: 'p@$Sw0Rd'
```
## License
MIT.
## Authors
* [Eugene Zamriy](mailto:ezamriy@msvsphere-os.ru)

@ -0,0 +1,6 @@
---
gitea_db_name: gitea
gitea_db_user: gitea
gitea_db_password:
gitea_server_ip:
gitea_db_server_password_encryption: 'scram-sha-256'

@ -0,0 +1,5 @@
---
- name: restart postgresql
ansible.builtin.service:
name: postgresql
state: restarted

@ -0,0 +1,34 @@
---
argument_specs:
main:
short_description: A role that configures a PostgreSQL server for Gitea.
author: Eugene Zamriy
version_added: '0.1.6'
options:
gitea_db_name:
description: Gitea database name.
default: 'gitea'
type: 'str'
required: false
gitea_db_user:
description: Gitea database user name.
default: 'gitea'
type: 'str'
required: false
gitea_db_password:
description: Gitea database user password.
type: 'str'
required: true
gitea_server_ip:
description: Gitea server IP address.
type: 'str'
required: true
gitea_db_server_password_encryption:
description: Password encryption algorithm.
default: 'scram-sha-256'
type: 'str'
required: false

@ -0,0 +1,16 @@
---
galaxy_info:
author: Eugene Zamriy
description: A role that configures a PostgreSQL server for Gitea.
company: Softline PJSC
license: MIT
min_ansible_version: 2.13
platforms:
- name: EL
versions:
- "9"
galaxy_tags:
- gitea
- postgresql
dependencies: []

@ -0,0 +1,75 @@
---
- name: Check if required variables are defined
ansible.builtin.fail:
msg: "{{ item }} is not defined or empty"
when: |
(vars[item] is undefined)
or (vars[item] is none)
or (vars[item] | trim | length == 0)
with_items:
- gitea_db_name
- gitea_db_user
- gitea_db_password
- gitea_server_ip
- gitea_db_server_password_encryption
- name: Install dependencies
dnf:
name:
- glibc-langpack-en
- python3-psycopg2
state: present
- name: Create Gitea database
community.postgresql.postgresql_db:
name: "{{ gitea_db_name }}"
template: template0
encoding: UTF8
lc_collate: en_US.UTF-8
lc_ctype: en_US.UTF-8
become: true
become_user: postgres
- name: Create Gitea database user
community.postgresql.postgresql_user:
db: "{{ gitea_db_name }}"
name: "{{ gitea_db_user }}"
password: "{{ gitea_db_password }}"
environment:
PGOPTIONS: "-c password_encryption=scram-sha-256"
become: true
become_user: postgres
- name: Get PostgreSQL server version
community.postgresql.postgresql_info:
filter: ver*
become: true
become_user: postgres
register: postgres_version
- name: GRANT USAGE, CREATE PRIVILEGES ON SCHEMA public TO gitea_db_user
community.postgresql.postgresql_privs:
db: "{{ gitea_db_name }}"
privs: USAGE,CREATE
type: schema
objs: public
role: "{{ gitea_db_user }}"
become: true
become_user: postgres
when: postgres_version.version.major >= 15
- name: Allow requests from Gitea server
community.postgresql.postgresql_pg_hba:
dest: /var/lib/pgsql/data/pg_hba.conf
contype: host
databases: "{{ gitea_db_name }}"
users: "{{ gitea_db_user }}"
address: "{{ gitea_server_ip }}/32"
method: "{{ gitea_db_server_password_encryption }}"
register: pg_hba_status
- name: Restart PostgreSQL
ansible.builtin.service:
name: postgresql
state: restarted
when: pg_hba_status.changed

@ -0,0 +1,41 @@
# msvsphere.ci.koji_builder
An Ansible role that configures a Koji builder.
## Variables
| Variable | Default value | Type | Description | Required |
| -------- | ------------- | ---- | ----------- | -------- |
| koji_domain_name | | str | Koji server domain name. | yes |
| koji_kerberos_realm | | str | Koji Kerberos realm. | yes |
| koji_builder_git_server_url | "git.inferitos.ru" | str | Sources git server domain name. | no |
| koji_builder_storage_url | "sources.inferitos.ru" | str | Sources storage domain name. | no |
| koji_builder_storage_proto | "http" | str | Sources storage protocol. | no |
| koji_builder_ca_cert_path | "/mnt/koji/koji-ca.crt" | str | Koji CA certificate path. | no |
| koji_builder_principal | "compile/{{ koji_domain_name }}@{{ koji_kerberos_realm }}" | str | Koji builder Kerberos principal. | no |
| koji_builder_keytab | "/etc/kojid/kojid.keytab" | str | Koji builder Kerberos keytab file path. | no |
| koji_builder_nfs_mount | true | bool | Mount /mnt/koji via NFS if true, use local directory otherwise. | no |
| koji_builder_distribution | MSVSphere | str | RPM distribution macros. | no |
| koji_builder_packager | MSVSphere | str | RPM packager macros. | no |
| koji_builder_vendor | MSVSphere | str | RPM vendor macros. | no |
## Example playbook
```yaml
---
- hosts: all
roles:
- role: msvsphere.ci.koji_builder
koji_domain_name: 'koji.msvsphere.test'
koji_builder_nfs_mount: false
koji_kerberos_realm: 'MSVSPHERE.TEST'
koji_builder_ca_cert_path: '/etc/pki/koji/koji-ca.crt'
```
## License
MIT.
## Authors
* [Eugene Zamriy](mailto:ezamriy@msvsphere-os.ru)

@ -0,0 +1,13 @@
---
koji_domain_name:
koji_kerberos_realm:
koji_builder_git_server_url: git.inferitos.ru
koji_builder_storage_url: sources.inferitos.ru
koji_builder_storage_proto: http
koji_builder_ca_cert_path: /mnt/koji/koji-ca.crt
koji_builder_principal: "compile/{{ koji_domain_name }}@{{ koji_kerberos_realm }}"
koji_builder_keytab: /etc/kojid/kojid.keytab
koji_builder_nfs_mount: true
koji_builder_distribution: MSVSphere
koji_builder_packager: MSVSphere
koji_builder_vendor: MSVSphere

@ -0,0 +1,5 @@
---
- name: restart kojid
ansible.builtin.service:
name: kojid
state: restarted

@ -0,0 +1,76 @@
---
argument_specs:
main:
short_description: A role that configures a Koji builder.
author: Eugene Zamriy
version_added: '0.1.6'
options:
koji_domain_name:
description: Koji server domain name.
type: 'str'
required: true
koji_kerberos_realm:
description: Koji Kerberos realm.
type: 'str'
required: true
koji_builder_git_server_url:
description: Sources git server domain name.
default: git.inferitos.ru
type: 'str'
required: false
koji_builder_storage_url:
description: Sources storage domain name.
default: sources.inferitos.ru
type: 'str'
required: false
koji_builder_storage_proto:
description: Sources storage protocol.
default: http
type: 'str'
required: false
koji_builder_nfs_mount:
description: Mount /mnt/koji via NFS if true, use local directory otherwise.
default: true
type: 'bool'
required: false
koji_builder_ca_cert_path:
description: Koji CA certificate path.
default: /mnt/koji/koji-ca.crt
type: 'str'
required: false
koji_builder_principal:
description: Koji builder Kerberos principal.
default: 'compile/{{ koji_domain_name }}@{{ koji_kerberos_realm }}'
type: 'str'
required: false
koji_builder_keytab:
description: Koji builder Kerberos keytab file path.
default: '/etc/kojid/kojid.keytab'
type: 'str'
required: false
koji_builder_distribution:
description: RPM distribution macros.
default: 'MSVSphere'
type: 'str'
required: false
koji_builder_packager:
description: RPM packager macros.
default: 'MSVSphere'
type: 'str'
required: false
koji_builder_vendor:
description: RPM vendor macros.
default: 'MSVSphere'
type: 'str'
required: false

@ -0,0 +1,15 @@
---
galaxy_info:
author: Eugene Zamriy
description: A role that configures a Koji builder.
company: Softline PJSC
license: MIT
min_ansible_version: 2.13
platforms:
- name: EL
versions:
- "9"
galaxy_tags:
- koji
dependencies: []

@ -0,0 +1,97 @@
---
- name: Check if required variables are defined
ansible.builtin.fail:
msg: "{{ item }} is not defined or empty"
when: |
(vars[item] is undefined)
or (vars[item] is none)
or (vars[item] | trim | length == 0)
with_items:
- koji_domain_name
- koji_kerberos_realm
- koji_builder_git_server_url
- koji_builder_storage_url
- koji_builder_storage_proto
- koji_builder_principal
- koji_builder_keytab
- koji_builder_distribution
- koji_builder_packager
- koji_builder_vendor
- name: Create /mnt/koji directory
ansible.builtin.file:
path: /mnt/koji
state: directory
owner: root
group: root
mode: '0755'
- block:
- name: Install nfs-utils
ansible.builtin.dnf:
name: nfs-utils
state: installed
- name: Mount /mnt/koji NFS directory
ansible.posix.mount:
src: "{{ koji_domain_name }}:/mnt/koji"
path: /mnt/koji
fstype: nfs4
opts: ro
state: mounted
when: koji_builder_nfs_mount
- name: Add Koji CA certificate to system
ansible.builtin.file:
src: "{{ koji_builder_ca_cert_path }}"
dest: /etc/pki/ca-trust/source/anchors/koji-ca.crt
state: link
register: koji_builder_ca_anchor
- name: Trust Koji CA certificate
command: update-ca-trust extract
when: koji_builder_ca_anchor.changed
notify:
- restart kojid
- name: Install koji-builder
ansible.builtin.dnf:
name: koji-builder
state: present
# TODO: add FreeIPA support
- name: Generate koji-builder principal keytab
ansible.builtin.include_role:
name: msvsphere.ci.kerberos_principal
vars:
kerberos_principal_name: "{{ koji_builder_principal }}"
kerberos_principal_keytab_path: "{{ koji_builder_keytab }}"
- name: Configure kojid
community.general.ini_file:
path: /etc/kojid/kojid.conf
section: kojid
option: "{{ item.key }}"
value: "{{ item.value }}"
with_items:
- { key: 'server', value: "https://{{ koji_domain_name }}/kojihub" }
- { key: 'topurl', value: "https://{{ koji_domain_name }}/kojifiles" }
- { key: 'topdir', value: '/mnt/koji' }
- { key: 'workdir', value: '/tmp/koji' }
- { key: 'allowed_scms', value: "{{ koji_builder_git_server_url }}:/*:false:inferitpkg-get-sources,--storage-proto,{{ koji_builder_storage_proto }},--storage-url,{{ koji_builder_storage_url }}" }
- { key: 'krb_principal', value: "{{ koji_builder_principal }}" }
- { key: 'keytab', value: "{{ koji_builder_keytab }}" }
- { key: 'vendor', value: "{{ koji_builder_vendor }}" }
- { key: 'packager', value: "{{ koji_builder_packager }}" }
- { key: 'distribution', value: "{{ koji_builder_distribution }}" }
- { key: 'use_createrepo_c', value: 'True' }
# NOTE: this setting allows building i686 and x86_64 architectures in parallel
- { key: 'build_arch_can_fail', value: 'True' }
notify:
- restart kojid
- name: Enable and start kojid service
ansible.builtin.service:
name: kojid
enabled: true
state: started

@ -7,6 +7,7 @@ An Ansible role that configures a Koji server.
| Variable | Default value | Type | Description | Required | | Variable | Default value | Type | Description | Required |
| -------- | ------------- | ---- | ----------- | -------- | | -------- | ------------- | ---- | ----------- | -------- |
| koji_domain_name | | str | Koji server domain name. | yes | | koji_domain_name | | str | Koji server domain name. | yes |
| koji_builders | [] | list | Koji builders list. | no |
| koji_db_name | "koji" | str | Koji PostgreSQL database name. | no | | koji_db_name | "koji" | str | Koji PostgreSQL database name. | no |
| koji_db_user | "koji" | str | Koji PostgreSQL database user. | no | | koji_db_user | "koji" | str | Koji PostgreSQL database user. | no |
| koji_db_password | | str | Koji PostgreSQL database user password. | yes | | koji_db_password | | str | Koji PostgreSQL database user password. | yes |

@ -1,5 +1,6 @@
--- ---
koji_domain_name: koji_domain_name:
koji_builders: []
koji_db_name: koji koji_db_name: koji
koji_db_user: koji koji_db_user: koji
koji_db_password: koji_db_password:

@ -11,6 +11,13 @@ argument_specs:
type: str type: str
required: false required: false
koji_builders:
description: Koji builders list.
default: []
type: list
elements: str
version_added: '0.1.6'
koji_db_user: koji_db_user:
description: Koji database user. description: Koji database user.
default: koji default: koji

@ -0,0 +1,20 @@
---
- name: Check if Koji build host is already exist
ansible.builtin.shell: "koji list-hosts | grep {{ koji_build_host }}"
ignore_errors: true
register: koji_list_hosts
changed_when: koji_list_hosts.rc != 0
- name: Add Koji build host
ansible.builtin.command: "koji add-host {{ koji_build_host }} i386 x86_64"
register: koji_add_host
when: koji_list_hosts.rc != 0
- name: Add Koji build host to createrepo channel
ansible.builtin.command: "koji add-host-to-channel {{ koji_build_host }} createrepo"
when: koji_list_hosts.rc != 0 and koji_build_host_createrepo is true
# TODO: make capacity configurable
- name: Set Koji build host capacity to 10
ansible.builtin.command: "koji edit-host {{ koji_build_host }} --capacity=10"
when: koji_list_hosts.rc != 0

@ -114,3 +114,21 @@
- name: Install and configure kojira - name: Install and configure kojira
import_tasks: kojira.yml import_tasks: kojira.yml
- name: Add Koji builders
block:
- name: Obtain Koji admin kerberos ticket
ansible.builtin.shell: "echo '{{ koji_admin_password }}' | kinit {{ koji_admin_principal }}"
changed_when: False
- include: koji_add_host.yml
vars:
koji_build_host: "{{ item }}"
koji_build_host_createrepo: true
with_items: "{{ koji_builders }}"
always:
- name: Destroy Koji admin kerberos ticket
ansible.builtin.command: "kdestroy -p {{ koji_admin_principal }}"
ignore_errors: true
changed_when: False
when: koji_builders

@ -0,0 +1,2 @@
---
koji_server_ca_fqdn:
Loading…
Cancel
Save