Skip to content

Actualize separate build node deployment #31

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
anfimovdm merged 1 commit into from
Jun 2, 2025
Merged

Actualize separate build node deployment #31

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion playbooks/albs_with_separate_build_node.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@
hosts: build_node_vm
roles:
- separate_build_node
- { role: ezamriy.fail2ban, fail2ban_ignoreip: '127.0.0.1/8 192.168.0.0/24' }
tags:
- build-node-deploy
connection: "{{ 'local' if use_local_connection else 'ssh' }}"
Expand Down
16 changes: 5 additions & 11 deletions roles/separate_build_node/defaults/main/common.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,21 +4,15 @@ base_work_dir: "/srv/alternatives"
home_dir: "/home/{{ service_user }}"
base_conf_dir: "{{ home_dir }}/.config"
final_conf_dir: "{{ base_conf_dir }}/castor"
service_user: albs-builder
service_group: albs-builder
build_node_working_directory: "{{ home_dir }}/albs"
build_node_venv_directory: "{{ home_dir }}/.builder-venv"
build_node_requirements_path: "{{ build_node_working_directory }}/albs-node/requirements.txt"
powertools_repository_name: crb
working_directories:
- "{{ base_work_dir }}"
- "{{ build_node_working_directory }}"
- "/var/cache/pbuilder/aptcache/"
- "/var/cache/pbuilder/pbuilder_envs/"
- "{{ base_work_dir }}/castor/build_node/pbuilder_envs/buster-amd64/aptcache"
- "{{ base_work_dir }}/castor/build_node/pbuilder_envs/bionic-amd64/aptcache"
- "{{ base_work_dir }}/castor/build_node/pbuilder_envs/focal-amd64/aptcache"
- "{{ base_work_dir }}/castor/build_node/pbuilder_envs/jessie-amd64/aptcache"
- "{{ base_work_dir }}/castor/build_node/pbuilder_envs/stretch-amd64/aptcache"
- "{{ base_work_dir }}/castor/build_node/pbuilder_envs/xenial-amd64/aptcache"
- "{{ base_work_dir }}/castor/build_node/pbuilder_envs/buster-arm64/aptcache"
- "{{ base_work_dir }}/castor/build_node/pbuilder_envs/buster-armhf/aptcache"
- "{{ base_work_dir }}/castor/build_node/pbuilder_envs/raspbian-armhf/aptcache"
- "{{ base_work_dir }}/castor/build_node"
- "{{ base_work_dir }}/castor/build_node/mock_configs"
- "{{ final_conf_dir }}"
Expand Down
45 changes: 21 additions & 24 deletions roles/separate_build_node/defaults/main/dnf.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,35 +1,32 @@
---
os_version: "8"
os_version: "9"
build_node_dnf_packages:
- "python3"
- "centpkg"
- "cmake"
- "cpio"
- "createrepo_c"
- "ef2sprogs"
- "fedpkg"
- "gcc"
- "gcc-c++"
- "python3-devel"
- "python3-virtualenv"
- "cmake"
- "python3-pycurl"
- "git"
- "htop"
- "kernel-rpm-macros"
- "keyrings-filesystem"
- "libicu"
- "libicu-devel"
- "python3-lxml"
- "git"
- "tree"
- "mlocate"
- "mc"
- "createrepo_c"
- "mock"
- "mock-rpmautospec"
- "python3"
- "python3-createrepo_c"
- "xmlsec1-openssl-devel"
- "cpio"
- "sudo"
- "kernel-rpm-macros"
- "python3-devel"
- "python3-libmodulemd"
- "dpkg-dev"
- "mock"
- "debootstrap"
- "pbuilder"
- "apt"
- "apt-libs"
- "python3-apt"
- "keyrings-filesystem"
- "python3-lxml"
- "python3-pycurl"
- "python3-virtualenv"
- "sudo"
- "tree"
- "ubu-keyring"
- "debian-keyring"
- "xmlsec1-openssl-devel"
...
7 changes: 6 additions & 1 deletion roles/separate_build_node/tasks/common.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,15 @@
---

- name: Allow 'wheel' group to have passwordless sudo
lineinfile:
ansible.builtin.lineinfile:
dest: /etc/sudoers
state: present
regexp: '^%wheel'
line: '%wheel ALL=(ALL) NOPASSWD: ALL'
validate: 'visudo -cf %s'

- name: Set SELinux mode to permissive
ansible.posix.selinux:
policy: targeted
state: permissive
...
35 changes: 24 additions & 11 deletions roles/separate_build_node/tasks/create_env.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---

- name: Create service user
user:
- name: Create user "{{ service_user }}"
ansible.builtin.user:
name: "{{ service_user }}"
groups: wheel, mock
append: yes
Expand All @@ -10,7 +10,7 @@
generate_ssh_key: yes

- name: Create subsequent directories
file:
ansible.builtin.file:
path: "{{ item }}"
state: directory
recurse: yes
Expand All @@ -19,27 +19,40 @@
with_items: "{{ working_directories }}"

- name: Generate build node config
template:
ansible.builtin.template:
src: build_node.j2
dest: "{{ final_conf_dir }}/build_node.yml"
owner: "{{ service_user }}"
group: "{{ service_group }}"
mode: "0644"

- name: Cloud build node repository
git:
- name: Clone albs-node repository
become: yes
become_user: "{{ service_user }}"
ansible.builtin.git:
repo: https://github.com/AlmaLinux/albs-node.git
dest: "{{ build_node_working_directory }}/albs-node"
clone: yes
update: yes
accept_hostkey: yes
force: yes

- name: Create venv
- name: Create Python virtual environment
become: yes
become_user: "{{ service_user }}"
pip:
virtualenv: "{{ build_node_venv_directory }}"
virtualenv_command: "python3 -m venv"
ansible.builtin.command: python3 -m venv --system-site-packages "{{ build_node_venv_directory }}"
args:
creates: "{{ build_node_venv_directory }}/bin/activate"

- name: Upgrade pip in virtualenv
become: yes
become_user: "{{ service_user }}"
ansible.builtin.command: "{{ build_node_venv_directory }}/bin/pip install --upgrade pip"

- name: Install requirements into virtualenv
become: yes
become_user: "{{ service_user }}"
ansible.builtin.pip:
requirements: "{{ build_node_requirements_path }}"
virtualenv_site_packages: yes
virtualenv: "{{ build_node_venv_directory }}"
...
18 changes: 9 additions & 9 deletions roles/separate_build_node/tasks/dnf.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,37 +1,37 @@
---

- name: Update system packages
dnf:
ansible.builtin.dnf:
name: "*"
state: latest
register: update_state

- name: Reboot a machine
reboot:
ansible.builtin.reboot:
reboot_timeout: 180
when: update_state.changed

- name: Install epel repository
dnf:
name: "epel-release"
ansible.builtin.dnf:
name: epel-release
state: latest

- name: Install build system repository
yum_repository:
ansible.builtin.yum_repository:
name: "buildnode"
file: "buildnode"
description: "Repository with dependencies for albs-node code"
baseurl: https://repo.almalinux.org/build_system/{{ os_version }}/$basearch/
enabled: no
gpgcheck: no

- name: Install DNF packages
dnf:
- name: Install required system packages packages
ansible.builtin.dnf:
name: "{{ build_node_dnf_packages }}"
state: latest
enablerepo:
- "epel"
- "buildnode"
- epel
- buildnode
- "{{ powertools_repository_name }}"
update_cache: yes
...
16 changes: 8 additions & 8 deletions roles/separate_build_node/tasks/install_systemd_service.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
---
- name: Create build node systemd service
template:
dest: "/etc/systemd/system/albs-build-node.service"
src: "albs_build_node.service.j2"
group: "root"
owner: "root"
mode: "0644"
ansible.builtin.template:
dest: /etc/systemd/system/albs-build-node.service
src: albs_build_node.service.j2
group: root
owner: root
mode: 0644

- name: Enable and start build node systemd service
systemd:
name: "albs-build-node.service"
ansible.builtin.systemd:
name: albs-build-node.service
masked: no
state: restarted
daemon_reload: yes
Expand Down
3 changes: 2 additions & 1 deletion roles/separate_build_node/templates/albs_build_node.service.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
[Unit]
Description=ALBS build node
After=network.target remote-fs.target

[Service]
RemainAfterExit=no
Expand All @@ -8,7 +9,7 @@ RestartSec=5s
Type=simple
User={{ service_user }}
Group={{ service_group }}
ExecStart={{ build_node_venv_directory }}/bin/python3 {{ build_node_working_directory }}/albs-node/almalinux_build_node.py
ExecStart=/bin/bash -c "{{ build_node_venv_directory }}/bin/python3 {{ build_node_working_directory }}/albs-node/almalinux_build_node.py"

[Install]
WantedBy=multi-user.target
18 changes: 16 additions & 2 deletions roles/separate_build_node/templates/build_node.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,25 @@
---
master_url: "{{ albs_api_url }}"
base_arch: "{{ machine_arch }}"
threads_count: {{ threads_count | default(4) }}
base_arch: "{{ machine_arch }}"
build_src: {{ build_src | default(True) }}
{% if exclusions_url is defined and exclusions_url %}
exclusions_url: "{{ exclusions_url }}"
{% endif %}
jwt_token: "{{ albs_jwt_token }}"
pulp_host: "{{ pulp_host }}"
pulp_user: "{{ pulp_user }}"
pulp_password: "{{ pulp_password }}"
pulp_uploader_max_workers: {{ pulp_uploader_workers | default(2) }}
{% if sentry_dsn is defined and sentry_dsn %}
sentry_dsn: "{{ sentry_dsn }}"
{% endif %}
{% if sentry_traces_sample_rate is defined and sentry_traces_sample_rate %}
sentry_traces_sample_rate: {{ sentry_traces_sample_rate }}
{% endif %}
{% if sentry_environment is defined and sentry_environment %}
sentry_environment: {{ sentry_environment }}
{% endif %}
{% if immudb_address is defined and immudb_address %}
immudb_address: "{{ immudb_address }}"
{% endif %}
Expand All @@ -17,4 +31,4 @@ immudb_username: "{{ immudb_username }}"
{% endif %}
{% if immudb_password is defined and immudb_password %}
immudb_password: "{{ immudb_password }}"
{% endif %}
{% endif %}
Loading