-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathmain.yml
176 lines (145 loc) · 6.5 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
---
# defaults variables for kojid role
# kojid is builder role
# Ideally all settings should be common in a group variable, apart from cert/key per host
# We'll try to to add automatically new hosts to koji (default channel only) but we need to define kojihub fqdn and which koji user/profile to become to automate that
# Note that all other arches/channels/capacity tuning have to be done after through koji
# By default we'll set that to False (it's assuming crt and no keytab so to be enhanced later)
kojid_automatic_host_add: False
kojid_hub_host: kojihub.domain.com
kojid_hub_user: koji
# Which koji version (RPM / ENVR style) we want to deploy (cherry-picking version from repository and not `latest`). Should match also kojihub version
koji_version: 1.29.1-1
# Which mock version to deploy (useful sometimes to pin to specific version based on env/inventory)
kojid_mock_version: 2.8-1
# Kojid settings
kojid_vendor: CentOS
kojid_packager: [email protected]
kojid_distribution: CentOS
kojid_xmlrpc_url: http://localhost/kojihub
kojid_kojifiles_url: http://localhost/kojifiles
kojid_maxjobs: 20
kojid_minspace: 8192
# Authentication : pick one to turn boolean on : tls or kerberos and then update needed variables
# TLS auth
koji_auth_tls: True
kojid_pki_cacert: koji_ca_cert.crt
kojid_pki_client_cert: localhost.crt
kojid_pki_client_key: localhost.key
# Kerberos auth
koji_auth_kerberos: False
koji_auth_realm: EXAMPLE.COM
koji_auth_principal: compile/%[email protected]
koji_auth_keytab: kojid.keytab
# importing tuned krb5.conf (krb5-client role) if needed for complex REALMS
koji_auth_gssapi_localname: False
# Do we want to mount storage over nfs for createrepo channel ?
koji_nfs_mount: False
koji_mountpoint: /mnt/kojishare
koji_nfs_path: nfs-host.domain.com:/exports/kojishare
# Koji multiple volumes setup (see https://docs.pagure.org/koji/volumes/)
# Do we need other NFS volumes to be mounted ? and if so nfs path and dest (should be mounted *everywhere*)
koji_nfs_mount_multi: False
# If True, where do we mount these
koji_nfs_additional_mountpoints:
- src: nfs-host.domain.com:/exports/koji-vol-1
dest: /mnt/kojishare/koji/vol/vol1
- src: nfs-host2.domain.com:/exports/koji-vol-2
dest: /mnt/kojishare/koji/vol/vol2
# If we use serverca_bundle, we'll default to /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
# if False, we'll copy kojid_serverca to correct location
kojid_serverca_bundle: True
kojid_serverca: koji_ca_cert.crt
# SCM policies : it can be now using hub policy (non default and new in koji 1.3x) or builder policy (default/previous)
# Let's turn only *one* boolean so that it would then be using either local or centralized (hub) policy for SCM rules
kojid_scm_policy_hub: False
kojid_scm_policy_builder: True
# From which SCM repositories we'll allow to build from (git/gitlab/etc) (used only if kojid_scm_policy_builder is set to True (not coming from kojihub)
kojid_allowed_scms: scm.example.com:/cvs/example git.example.org:/example svn.example.org:/users/*:no
# Do we need new repo dedicated to new pkgs (rpm,mock, etc)
kojid_buildtools_repo: False
kojid_buildtools_repo_gpgcheck: False
kojid_buildtools_repo_gpgkey: RPM-GPG-KEY-CentOS-Infra
# Network settings : important
# either we delete default route to ensure we don't reach internet
# or depending on env, we can just also have no way to get out but also then we need to use a proxy
# See below options about adding specific routes through firewall/gateway
# or newer/easier way : pass all traffic to proxy (where ACLs are defined)
# Do we need to disable default route
kojid_set_default_nullroute: False
# Do we want to add other routes then to specific SCMs ?
# Name of the networkmanager connection to use
kojid_nmcli_con: eth0
# If so we can define it like this :
#kojid_add_route_to_scm:
# - scm_server: 172.30.1.1/32
# gateway: 192.168.1.1
# Same to then remove unneeded routes
# kojid_del_route_to_scm:
# - scm_server: 172.32.1.0/24
# gateway: 192.168.1.1
# Do we want to define a proxy/cache for kojid ?
# This would allow to use external git repositories (like gitlab/etc)
# Preferred method : only for git checkouts !
# Would configure system-wide /etc/gitconfig to enforce proxy for http/https git operations
kojid_scm_use_proxy: False
kojid_scm_proxy_url: http://proxy.domain:8080
# old and unpreferred method : system-wide for kojid service so everything (including connecting to kojihub/retrieve pkgs, etc)
# Basically exporting http_proxy,https_proxy env variables in kojid systemd unit
kojid_use_proxy: False
kojid_proxy_url: http://proxy.domain:8080
kojid_no_proxy_string: 127.0.0.1,::1,localhost,localhost.localdomain,localhost4,localhost4.localdomain4,localhost6,localhost6.localdomain6
# This option will disable the bootstrap_chroot in site-defaults.cfg if set to
# true
kojid_disable_bootstrap_chroot: False
# Define some ulimit for kojibuilder
# Will also be applied for --isolation=auto so nspawn
kojid_ulimits_conf: False
kojid_ulimits_nofiles: 10240
# Do we need additional user for compose (user with ssh/mock access)
kojid_compose_user: False
kojid_compose_user_list:
- login_name: centos-composer
full_name: CentOS Composer Tool
sudo_right: False
ssh_pub_key:
- ssh-rsa blablabla
# Is the host also building images through imagefactory ("image" channel in koji)
kojid_image_builder: False
# Koji Plugins
# Do we want to support plugins (boolean)
kojid_plugins: False
# If enabled, which plugins do we want to enable
# Empty list by default but we support the following plugins:
# kojid_plugins_list:
# - runroot # default from kojid, nothing to distribute
# - kiwi # default from kojid, enable kiwi image builds
# - kerberos # custom, not from kojid, enable kernel builders to use krb5 for pesign
#
kojid_plugins_list: []
# Rpmautospec
# rpmautospec isn't a koji plugin but a mock plugin : it just needs mock-rpmautospec pkg to be installed
# and plugin enabled in mock site-defaults.cfg
# Do we want to enable it ? (default is False)
kojid_rpmautospec: False
# Plugins distributed through the filestore and not from role
# not defined by default, and it should match name in kojid_plugins_list
# kojid_filestore_plugins: []
# Plugins configuration (if needed) and default values
# runroot settings
kojid_runroot_mounts:
- name: path0
mountpoint: /compose
path: /compose
fstype: bind
options: bind
- name: path1
mountpoint: /mnt/koji
path: /mnt/koji
fstype: bind
options: bind
# Zabbix config
zabbix_kojid_templates:
- Template CentOS Koji builder
zabbix_kojid_groups:
- CentOS Koji builders