Update to 2021-12-31 14:05

2025-07-26 15:55:56 +02:00 · 2021-12-31 14:05:49 +01:00
parent 489c627e9d
commit 6430e931d0
46 changed files with 856 additions and 51 deletions
--- a/roles/rpm_build_server/tasks/conf.yml
+++ b/roles/rpm_build_server/tasks/conf.yml
@@ -0,0 +1,58 @@
+---
+
+- name: Deploy mock config
+  template: src=mock/{{ item }}.j2 dest=/etc/mock/{{ item }}
+  loop:
+    - site-defaults.cfg
+    - el7-x86_64.cfg
+    - el8-x86_64.cfg
+  tags: rpm
+
+- name: Deploy rpmmacros
+  template: src=rpmmacros.j2 dest={{ rpm_root_dir }}/.rpmmacros owner={{ rpm_user }} mode=600
+  tags: rpm
+
+- name: Deploy main configuration
+  template: src=config.yml.j2 dest={{ rpm_root_dir }}/etc/config.yml
+  notify: restart build-watcher
+  tags: rpm
+
+- name: Check if gpg key exists
+  shell: gpg --list-options show-only-fpr-mbox --list-secret-keys | grep -q "{{ rpm_gpg_email }}"
+  failed_when: False
+  changed_when: False
+  register: rpm_gpg_key_exists
+  become_user: "{{ rpm_user }}"
+  tags: rpm
+
+- name: Flush handlers to set permissions on directories
+  meta: flush_handlers
+  tags: rpm
+
+- when: rpm_gpg_key_exists.rc != 0
+  block:
+    - name: Generate main key
+      shell: |
+        gpg --batch \
+          --passphrase '{{ rpm_gpg_pass is defined | ternary(rpm_gpg_pass, '') }}' \
+          --pinentry-mode loopback \
+          --quick-gen-key "{{ rpm_gpg_name }} <{{ rpm_gpg_email }}>" rsa3072 default never
+
+    - name: Get key ID
+      shell: gpg --list-options show-only-fpr-mbox --list-secret-keys | grep {{ rpm_gpg_email }} | awk '{ print $1 }'
+      register: rpm_gpg_key_id
+      changed_when: False
+
+    - name: Add sub key
+      shell: |
+        gpg --batch \
+          --passphrase '{{ rpm_gpg_pass is defined | ternary(rpm_gpg_pass, '') }}' \
+          --pinentry-mode loopback \
+          --quick-add-key {{ rpm_gpg_key_id.stdout }} rsa3072 default never \
+
+    - name: Export public key
+      shell: gpg --export -a "rpms@lapiole.org" > {{ rpm_root_dir }}/repo/RPM-GPG-KEY
+
+  become_user: "{{ rpm_user }}"
+  tags: rpm
+
--- a/roles/rpm_build_server/tasks/directories.yml
+++ b/roles/rpm_build_server/tasks/directories.yml
@@ -0,0 +1,18 @@
+---
+
+- name: Create directories
+  file: path={{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
+  loop:
+    - dir: "{{ rpm_root_dir }}"
+    - dir: "{{ rpm_root_dir }}/mock"
+    - dir: "{{ rpm_root_dir }}/cache"
+    - dir: "{{ rpm_root_dir }}/cache/mock"
+    - dir: "{{ rpm_root_dir }}/cache/repo"
+    - dir: "{{ rpm_root_dir }}/repo"
+    - dir: "{{ rpm_root_dir }}/bin"
+    - dir: "{{ rpm_root_dir }}/uploads/el7"
+    - dir: "{{ rpm_root_dir }}/uploads/el8"
+    - dir: "{{ rpm_root_dir }}/errors"
+    - dir: "{{ rpm_root_dir }}/builds"
+    - dir: "{{ rpm_root_dir }}/etc"
+  tags: rpm
--- a/roles/rpm_build_server/tasks/facts.yml
+++ b/roles/rpm_build_server/tasks/facts.yml
@@ -0,0 +1,9 @@
+---
+
+- include_vars: "{{ item }}"
+  with_first_found:
+    - vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml
+    - vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml
+    - vars/{{ ansible_distribution }}.yml
+    - vars/{{ ansible_os_family }}.yml
+  tags: rpm
--- a/roles/rpm_build_server/tasks/install.yml
+++ b/roles/rpm_build_server/tasks/install.yml
@@ -0,0 +1,22 @@
+---
+
+- name: Deploy permission script
+  template: src=perms.sh.j2 dest={{ rpm_root_dir }}/bin/perms.sh mode=755
+  notify: reset permissions
+  tags: rpm
+
+- name: Install watcher daemon
+  copy: src=watcher.pl dest={{ rpm_root_dir }}/bin/watcher.pl mode=755
+  notify: restart build-watcher
+  tags: rpm
+
+- name: Deploy systemd unit
+  template: src=build-watcher.service.j2 dest=/etc/systemd/system/build-watcher.service
+  notify: restart build-watcher
+  register: rpm_unit
+  tags: rpm
+
+- name: Reload systemd
+  systemd: daemon_reload=True
+  when: rpm_unit.changed
+  tags: rpm
--- a/roles/rpm_build_server/tasks/main.yml
+++ b/roles/rpm_build_server/tasks/main.yml
@@ -0,0 +1,9 @@
+---
+
+- include: facts.yml
+- include: requirements.yml
+- include: user.yml
+- include: directories.yml
+- include: install.yml
+- include: conf.yml
+- include: services.yml
--- a/roles/rpm_build_server/tasks/requirements.yml
+++ b/roles/rpm_build_server/tasks/requirements.yml
@@ -0,0 +1,5 @@
+---
+
+- name: Install required packages
+  package: name={{ rpm_packages }}
+  tags: rpm
--- a/roles/rpm_build_server/tasks/services.yml
+++ b/roles/rpm_build_server/tasks/services.yml
@@ -0,0 +1,5 @@
+---
+
+- name: Start and enable the build watcher
+  service: name=build-watcher state=started enabled=True
+  tags: rpm
--- a/roles/rpm_build_server/tasks/user.yml
+++ b/roles/rpm_build_server/tasks/user.yml
@@ -0,0 +1,23 @@
+---
+
+- name: Create build user
+  user:
+    name: "{{ rpm_user }}"
+    system: True
+    home: "{{ rpm_root_dir }}"
+    generate_ssh_key: True
+    ssh_key_file: .ssh/id_rsa
+  tags: rpm
+
+- name: Create builder group
+  group:
+    name: "{{ rpm_build_group }}"
+  tags: rpm
+
+- name: Add build user to the mock group
+  user:
+    name: "{{ rpm_user }}"
+    append: True
+    groups:
+      - mock
+  tags: rpm