--- - name: Install koji-utils ansible.builtin.dnf: name: koji-utils state: installed - name: Generate /etc/kojira/kojira.conf config ansible.builtin.template: src: etc/kojira/kojira.conf.j2 dest: /etc/kojira/kojira.conf owner: root group: root mode: 0o644 notify: restart kojira # TODO: add FreeIPA support - name: Generate kojira principal keytab ansible.builtin.include_role: name: msvsphere.ci.kerberos_principal vars: kerberos_principal_name: "{{ koji_kojira_principal }}" kerberos_principal_keytab_path: "{{ koji_kojira_keytab }}" - name: Check if kojira DB user exists community.postgresql.postgresql_query: db: "{{ koji_db_name }}" login_user: "{{ koji_db_user }}" login_password: "{{ koji_db_password }}" login_host: "{{ koji_db_server_ip }}" query: > SELECT krb_principal FROM user_krb_principals WHERE krb_principal = %(krb_principal)s named_args: krb_principal: "{{ koji_kojira_principal }}" register: kojira_user_initialized - name: Configure kojira Koji user block: - name: Obtain Koji admin kerberos ticket ansible.builtin.shell: "echo '{{ koji_admin_password }}' | kinit {{ koji_admin_principal }}" - name: Check if kojira Koji user exist command: koji userinfo kojira register: koji_kojira_userinfo changed_when: koji_kojira_userinfo.stderr is search('No\s+such\s+user') - name: Create kojira Koji user command: "koji add-user kojira --principal='{{ koji_kojira_principal }}'" register: koji_kojira_add_user when: koji_kojira_userinfo.changed notify: restart kojira - name: Grant kojira Koji user repo permissions command: koji grant-permission repo kojira when: koji_kojira_add_user.changed always: - name: Destroy Koji admin kerberos ticket ansible.builtin.command: "kdestroy -p {{ koji_admin_principal }}" ignore_errors: true when: kojira_user_initialized.rowcount == 0 - name: Enable and start kojira service ansible.builtin.service: name: kojira enabled: true state: started