From 5af447bba4eca01439cdcab7068e1c54e3210c79 Mon Sep 17 00:00:00 2001 From: Pedro Alvarez Date: Thu, 19 Aug 2021 10:48:59 +0200 Subject: baserock_ostree: Move to Ubuntu --- baserock_ostree/image-config.yml | 73 ++++++++++++++++++++--------------- baserock_ostree/instance-config.yml | 76 +++++++++++++++++++++++++++++-------- 2 files changed, 103 insertions(+), 46 deletions(-) diff --git a/baserock_ostree/image-config.yml b/baserock_ostree/image-config.yml index 28a1e3b6..2f2d745e 100644 --- a/baserock_ostree/image-config.yml +++ b/baserock_ostree/image-config.yml @@ -3,67 +3,78 @@ # Tested against Fedora 26 base image. --- - hosts: ostree - gather_facts: false become: yes become_user: root tasks: - # See: https://fedoramagazine.org/getting-ansible-working-fedora-23/ - - name: install Python2 and required deps for Ansible modules - raw: dnf install -y python2 python2-dnf libselinux-python - - - name: enable persistant journal - shell: mkdir /var/log/journal - args: - creates: /var/log/journal - - name: ensure system up to date - dnf: name=* state=latest + apt: + upgrade: yes + update_cache: yes - name: install lvm2 tools - dnf: name=lvm2 state=latest + apt: + name: lvm2 - name: lighttpd installed - dnf: name=lighttpd state=latest + apt: + name: lighttpd - name: ostree installed - dnf: name=ostree state=latest + apt: + name: ostree + + - name: pkg-config installed + apt: + name: pkg-config # We only need BuildStream for the bst-artifact-receive hook, but it's # easiest to install all the deps - name: buildstream dep - bubblewrap - dnf: name=bubblewrap state=latest + apt: + name: bubblewrap + - name: buildstream dep - libcairo2-dev + apt: + name: libcairo2-dev + - name: buildstream dep - libgirepository1.0-dev + apt: + name: libgirepository1.0-dev - name: buildstream dep - git - dnf: name=git state=latest - - name: buildstream dep - python3-gobject - dnf: name=python3-gobject state=latest + apt: + name: git - name: buildstream dep - python3-pip - dnf: name=python3-pip state=latest + apt: + name: python3-pip + - name: buildstream dep - python3-gobject - from pip + pip: + name: PyGObject + version: "3.40.1" + executable: pip3 - name: buildstream sources - git: dest=/home/fedora/buildstream repo=https://gitlab.com/buildstream/buildstream version=1.1.3 - become_user: fedora + git: + dest: /home/{{ ansible_user_id }}/buildstream + repo: https://gitlab.com/buildstream/buildstream + version: 1.1.3 + become_user: "{{ ansible_user_id }}" register: buildstream_source - name: buildstream installed command: /usr/bin/pip3 install . args: - chdir: /home/fedora/buildstream + chdir: /home/{{ ansible_user_id }}/buildstream when: buildstream_source.changed # We also install ostree-push/receive, which is used for pushing to the # releases/ repo. - name: ostree-push/receive sources - git: dest=/home/fedora/ostree-push repo=https://github.com/ssssam/ostree-push version=9aa82b67325786a810653155b952a17b7ccc436a - become_user: fedora + git: + dest: /home/{{ ansible_user_id }}/ostree-push + repo: https://github.com/ssssam/ostree-push + version: 9aa82b67325786a810653155b952a17b7ccc436a + become_user: "{{ ansible_user_id }}" - name: ostree-push/receive installed command: make PREFIX=/usr/ install args: - chdir: /home/fedora/ostree-push + chdir: /home/{{ ansible_user_id }}/ostree-push creates: /usr/bin/ostree-receive - - - name: disable SELinux on subsequent boots - selinux: state=disabled - - - name: disable SELinux on current boot - command: setenforce 0 diff --git a/baserock_ostree/instance-config.yml b/baserock_ostree/instance-config.yml index 6363500e..89ff4c94 100644 --- a/baserock_ostree/instance-config.yml +++ b/baserock_ostree/instance-config.yml @@ -12,18 +12,25 @@ - import_tasks: ../tasks/create-data-volume.yml vars: lv_name: ostree - lv_size: 290g + lv_size: 90g mountpoint: /srv # This should perhaps have been called ostree-cache - name: ostree user - user: name=ostree + user: + name: ostree - name: ostree-releases user - user: name=ostree-releases + user: + name: ostree-releases - name: data directory - file: mode=0755 owner=ostree group=ostree path=/srv/ostree/ state=directory + file: + mode: 0755 + owner: ostree + group: ostree + path: /srv/ostree/ + state: directory - name: cache repository command: ostree init --repo=/srv/ostree/cache --mode=archive-z2 @@ -32,7 +39,12 @@ creates: /srv/ostree/cache/config - name: releases directory - file: mode=0755 owner=ostree-releases group=ostree-releases path=/srv/ostree/releases state=directory + file: + mode: 0755 + owner: ostree-releases + group: ostree-releases + path: /srv/ostree/releases + state: directory - name: releases repository command: ostree init --repo=/srv/ostree/releases --mode=archive-z2 @@ -46,27 +58,57 @@ dest: /etc/lighttpd/lighttpd.conf - name: restart lighttpd server - service: name=lighttpd enabled=yes state=restarted + service: + name: lighttpd + enabled: yes + state: restarted - name: sshd configuration for ostree user -- header - lineinfile: state="present" line="Match user ostree" path=/etc/ssh/sshd_config + lineinfile: + state: "present" + line: "Match user ostree" + path: /etc/ssh/sshd_config - name: sshd configuration for ostree user -- force command - lineinfile: state="present" line=" ForceCommand bst-artifact-receive --pull-url https://ostree.baserock.org/cache/ --verbose /srv/ostree/cache" insertafter="Match user ostree$" path=/etc/ssh/sshd_config + lineinfile: + state: "present" + line: " ForceCommand bst-artifact-receive --pull-url https://ostree.baserock.org/cache/ --verbose /srv/ostree/cache" + insertafter: "Match user ostree$" + path: /etc/ssh/sshd_config - name: sshd configuration for ostree user -- disable password auth - lineinfile: state="present" line=" PasswordAuthentication no" insertafter="Match user ostree$" path=/etc/ssh/sshd_config + lineinfile: + state: "present" + line: " PasswordAuthentication no" + insertafter: "Match user ostree$" + path: /etc/ssh/sshd_config - name: sshd configuration for ostree-releases user -- header - lineinfile: state="present" line="Match user ostree-releases" path=/etc/ssh/sshd_config + lineinfile: + state: "present" + line: "Match user ostree-releases" + path: /etc/ssh/sshd_config - name: sshd configuration for ostree-releases user -- force command - lineinfile: state="present" line=" ForceCommand ostree-receive -v --repo /srv/ostree/releases" insertafter="Match user ostree-releases$" path=/etc/ssh/sshd_config + lineinfile: + state: "present" + line: " ForceCommand ostree-receive -v --repo /srv/ostree/releases" + insertafter: "Match user ostree-releases$" + path: /etc/ssh/sshd_config - name: sshd configuration for ostree-releases user -- disable password auth - lineinfile: state="present" line=" PasswordAuthentication no" insertafter="Match user ostree-releases$" path=/etc/ssh/sshd_config + lineinfile: + state: "present" + line: " PasswordAuthentication no" + insertafter: "Match user ostree-releases$" + path: /etc/ssh/sshd_config - name: restart sshd server - service: name=sshd enabled=yes state=restarted + service: + name: sshd + enabled: yes + state: restarted - name: install systemd units - copy: src=./{{item}} dest=/{{item}} + copy: + src: ./{{item}} + dest: /{{item}} with_items: - etc/systemd/system/ostree-update-summary-cache.service - etc/systemd/system/ostree-update-summary-cache.timer @@ -74,7 +116,11 @@ - etc/systemd/system/ostree-update-summary-releases.timer - name: enable systemd units - systemd: name={{item}} enabled=yes daemon_reload=yes state=started + systemd: + name: "{{item}}" + enabled: yes + daemon_reload: yes + state: started with_items: - ostree-update-summary-cache.service - ostree-update-summary-cache.timer -- cgit v1.2.1