Adds koji_db_server role

CHANGELOG.rst

@@ -5,6 +5,14 @@ msvsphere.ci Release Notes
 .. contents:: Topics
 
 
+v0.1.3
+======
+
+New Roles
+---------
+
+- msvsphere.ci.koji_db_server - A role that configures a PostgreSQL server for Koji.
+
 v0.1.2
 ======
 

README.md

@@ -4,6 +4,7 @@ The MSVSphere OS CI/CD collection.
 
 ## Roles
 
+* [koji_db_server](roles/koji_db_server/README.md)
 * [koji_server_ca](roles/koji_server_ca/README.md)
 * [koji_tools](roles/koji_tools/README.md)
 * [postgresql_server](roles/postgresql_server/README.md)

changelogs/.plugin-cache.yaml

@@ -1,5 +1,9 @@
 objects:
   role:
+    koji_db_server:
+      description: A role that configures a PostgreSQL server for Koji.
+      name: koji_db_server
+      version_added: 0.1.3
     koji_server_ca:
       description: A role that creates a Koji server CA and issues an HTTPS certificate.
       name: koji_server_ca
@@ -28,4 +32,4 @@ plugins:
   strategy: {}
   test: {}
   vars: {}
-version: 0.1.2
+version: 0.1.3

changelogs/changelog.yaml

@@ -25,3 +25,10 @@ releases:
         name: koji_server_ca
         namespace: null
     release_date: '2023-12-13'
+  0.1.3:
+    objects:
+      role:
+      - description: A role that configures a PostgreSQL server for Koji.
+        name: koji_db_server
+        namespace: null
+    release_date: '2023-12-14'

galaxy.yml

@@ -1,6 +1,6 @@
 namespace: msvsphere
 name: ci
-version: 0.1.2
+version: 0.1.3
 readme: README.md
 authors:
   - Eugene Zamriy <ezamriy@msvsphere-os.ru>
@@ -9,7 +9,8 @@ license_file: LICENSE
 tags:
   - linux
   - msvsphere
-dependencies: {}
+dependencies:
+  'community.postgresql': '*'
 repository: https://git.inferitos.ru/msvsphere/ansible-msvsphere.ci
 homepage: https://git.inferitos.ru/msvsphere/ansible-msvsphere.ci
 issues: https://git.inferitos.ru/msvsphere/ansible-msvsphere.ci/issues

molecule/koji_db_server/converge.yml

@@ -0,0 +1,16 @@
+---
+- name: Converge
+  hosts: all
+  gather_facts: true
+  become: true
+
+  tasks:
+    - name: Setup and configure PostgreSQL server
+      ansible.builtin.include_role:
+        name: postgresql_server
+        rolespec_validate: true
+
+    - name: Test koji_db_server role
+      ansible.builtin.include_role:
+        name: msvsphere.ci.koji_db_server
+        rolespec_validate: true

molecule/koji_db_server/molecule.yml

@@ -0,0 +1,17 @@
+---
+driver:
+  name: vagrant
+
+platforms:
+  - name: msvsphere-9
+    box: msvsphere/9
+    memory: 1024
+    cpus: 1
+
+provisioner:
+  name: ansible
+  inventory:
+    group_vars:
+      all:
+        koji_db_server_password: 'MsVsPhErE-32167'
+        koji_db_server_ip: '127.0.0.1'

molecule/koji_db_server/verify.yml

@@ -0,0 +1,21 @@
+---
+- name: Verify
+  hosts: all
+  become: true
+
+  tasks:
+    - name: Check Koji database connection
+      ansible.builtin.command:
+        argv:
+          - psql
+          - -t
+          - --csv
+          - -c
+          - "SELECT 'exists' FROM pg_database WHERE datname='koji'"
+          - "postgresql://koji:{{ koji_db_server_password }}@127.0.0.1:5432/koji"
+      register: psql_cmd
+
+    - name: Verify Koji database connection status
+      ansible.builtin.assert:
+        that: |
+          psql_cmd.rc == 0 and psql_cmd.stdout == 'exists'

roles/koji_db_server/README.md

@@ -0,0 +1,32 @@
+# msvsphere.ci.koji_db_server
+
+An Ansible role that configures a PostgreSQL server for Koji.
+
+## Variables
+
+| Variable | Default value | Type | Description | Required |
+| -------- | ------------- | ---- | ----------- | -------- |
+| koji_db_server_db_name | "koji" | string | Koji database name. | no |
+| koji_db_server_user | "koji" | string | Koji database user name. | no |
+| koji_db_server_password | | string | Koji database user password. | yes |
+| koji_db_server_ip | | string | Koji (koji-hub/koji-web) server IP address. | yes |
+| koji_db_server_password_encryption | "scram-sha-256" | string | Password encryption algorithm. | no |
+
+## Example playbook
+
+```yaml
+---
+- hosts: all
+  roles:
+    - role: msvsphere.ci.koji_db_server
+      koji_db_server_password: 'PASSWORD'
+      koji_db_server_ip: '127.0.0.1'
+```
+
+## License
+
+MIT.
+
+## Authors
+
+* [Eugene Zamriy](mailto:ezamriy@msvsphere-os.ru)

roles/koji_db_server/defaults/main.yml

@@ -0,0 +1,6 @@
+---
+koji_db_server_db_name: 'koji'
+koji_db_server_user: 'koji'
+koji_db_server_password:
+koji_db_server_ip:
+koji_db_server_password_encryption: 'scram-sha-256'

roles/koji_db_server/meta/argument_specs.yml

@@ -0,0 +1,34 @@
+---
+argument_specs:
+  main:
+    short_description: A role that configures a PostgreSQL server for Koji.
+    author: Eugene Zamriy
+    version_added: '0.1.3'
+    options:
+      koji_db_server_db_name:
+        description: Koji database name.
+        default: 'koji'
+        type: 'str'
+        required: false
+
+      koji_db_server_user:
+        description: Koji database user name.
+        default: 'koji'
+        type: 'str'
+        required: false
+
+      koji_db_server_password:
+        description: Koji database user password.
+        type: 'str'
+        required: true
+
+      koji_db_server_ip:
+        description: Koji (koji-hub/koji-web) server IP address.
+        type: 'str'
+        required: true
+
+      koji_db_server_password_encryption:
+        description: Password encryption algorithm.
+        default: 'scram-sha-256'
+        type: 'str'
+        required: false

roles/koji_db_server/meta/main.yml

@@ -0,0 +1,16 @@
+---
+galaxy_info:
+  author: Eugene Zamriy
+  description: A role that configures a PostgreSQL server for Koji.
+  company: Softline PJSC
+  license: MIT
+  min_ansible_version: 2.13
+  platforms:
+    - name: EL
+      versions:
+        - "9"
+  galaxy_tags:
+    - postgresql
+    - koji
+
+dependencies: []

roles/koji_db_server/tasks/main.yml

@@ -0,0 +1,46 @@
+---
+- name: Check if required variables are defined
+  ansible.builtin.fail:
+    msg: "{{ item }} is not defined or empty"
+  when: |
+    (vars[item] is undefined)
+    or (vars[item] is none)
+    or (vars[item] | trim | length == 0)    
+  with_items:
+    - koji_db_server_db_name
+    - koji_db_server_user
+    - koji_db_server_password
+    - koji_db_server_ip
+    - koji_db_server_password_encryption
+
+# Required for community.postgresql.postgresql_db module
+- name: Install dependencies
+  ansible.builtin.dnf:
+    name: python3-psycopg2
+    state: installed
+
+- name: Create Koji database
+  community.postgresql.postgresql_db:
+    name: "{{ koji_db_server_db_name }}"
+  become: true
+  become_user: postgres
+
+- name: Create Koji database user
+  community.postgresql.postgresql_user:
+    db: "{{ koji_db_server_db_name }}"
+    name: "{{ koji_db_server_user }}"
+    password: "{{ koji_db_server_password }}"
+  environment:
+    PGOPTIONS: "-c password_encryption={{ koji_db_server_password_encryption }}"
+  become: true
+  become_user: postgres
+
+- name: Allow requests from Koji server
+  community.postgresql.postgresql_pg_hba:
+    dest: /var/lib/pgsql/data/pg_hba.conf
+    contype: host
+    databases: "{{ koji_db_server_db_name }}"
+    users: "{{ koji_db_server_user }}"
+    address: "{{ koji_db_server_ip }}/32"
+    method: "{{ koji_db_server_password_encryption }}"
+  notify: restart postgresql