diff --git a/roles/copr/dist_git/files/dist-git-epel-7.repo b/roles/copr/dist_git/files/dist-git-epel-7.repo new file mode 100644 index 0000000000..1dab247abf --- /dev/null +++ b/roles/copr/dist_git/files/dist-git-epel-7.repo @@ -0,0 +1,17 @@ +[asamalik-dist-git] +name=Copr repo for dist-git owned by asamalik +baseurl=https://copr-be.cloud.fedoraproject.org/results/asamalik/dist-git/epel-7-$basearch/ +skip_if_unavailable=True +gpgcheck=1 +gpgkey=https://copr-be.cloud.fedoraproject.org/results/asamalik/dist-git/pubkey.gpg +enabled=1 +enabled_metadata=1 + +[msuchy-copr] +name=Copr repo for copr owned by msuchy +baseurl=https://copr-be.cloud.fedoraproject.org/results/msuchy/copr/epel-7-$basearch/ +skip_if_unavailable=True +gpgcheck=1 +gpgkey=https://copr-be.cloud.fedoraproject.org/results/msuchy/copr/pubkey.gpg +enabled=1 +enabled_metadata=1 diff --git a/roles/copr/dist_git/files/httpd/lookaside.conf b/roles/copr/dist_git/files/httpd/lookaside.conf new file mode 100644 index 0000000000..d967d1b0ff --- /dev/null +++ b/roles/copr/dist_git/files/httpd/lookaside.conf @@ -0,0 +1,6 @@ +alias /lookaside /var/lib/dist-git/cache/lookaside + + Options Indexes FollowSymLinks + AllowOverride None + Require all granted + diff --git a/roles/copr/dist_git/files/systemd/copr_distgit_updater.service b/roles/copr/dist_git/files/systemd/copr_distgit_updater.service new file mode 100644 index 0000000000..63fd7c1182 --- /dev/null +++ b/roles/copr/dist_git/files/systemd/copr_distgit_updater.service @@ -0,0 +1,13 @@ +[Unit] +Description=copr aux service to import srpm into dist-git +Requires=dist-git.socket +After=dist-git.socket + + +[Service] +User=copr-service +Group=copr-service +ExecStart=/usr/bin/python2.7 /usr/share/copr/dist-git/dist_git_importer.py + +[Install] +WantedBy=multi-user.target diff --git a/roles/copr/dist_git/handlers/main.yml b/roles/copr/dist_git/handlers/main.yml new file mode 100644 index 0000000000..12a4eb45fe --- /dev/null +++ b/roles/copr/dist_git/handlers/main.yml @@ -0,0 +1,2 @@ +- name: restart httpd + service: name="httpd" state="restarted" diff --git a/roles/copr/dist_git/tasks/main.yml b/roles/copr/dist_git/tasks/main.yml new file mode 100644 index 0000000000..269cb919fc --- /dev/null +++ b/roles/copr/dist_git/tasks/main.yml @@ -0,0 +1,65 @@ +- name: ensure git storage path exists + file: path="/var/lib/dist-git/cache/lookaside" state=directory +- file: path="/var/lib/dist-git/git/pkgs-git-repos-list" state=directory +- file: path="/var/lib/dist-git/git/rpms/" state=directory + +- copy: src="dist-git-epel-7.repo" dest="/etc/yum.repos.d/" + +- name: install packages + yum: state=present name={{ item }} + with_items: + - epel-release + - cgit + - dist-git + - dist-git-selinux + - copr-dist-git + +- name: install packages which should be added as requirements + yum: state=present name={{ item }} + with_items: + - pyrpkg + +# TODO: remove, this should be done by `dist-git` package +- group: name="cvsadmin" state=present + +- name: create user for git repos + user: name="copr-dist-git" groups=cvsadmin,packager + +- name: create user for copr-git service + user: name="copr-service" groups=apache,packager generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa + +# set ssh key, so that copr-service could access gitolite +- name: read pub key into var + command: cat /home/copr-service/.ssh/id_rsa.pub + register: cat_pubkey + +- set_fact: pubkey="{{cat_pubkey.stdout|join('')}}" + +- debug: msg={{pubkey}} + +- name: prepare authorized key, so copr-service could interact with gitolite + authorized_key: user="copr-dist-git" key="{{pubkey}}" key_options="command=\"HOME=/var/lib/dist-git/git/ /usr/share/gitolite3/gitolite-shell $USER \"'" + +## keys done +- name: install config for httpd to serve lookaside openly + copy: src="httpd/lookaside.conf" dest="/etc/httpd/conf.d/dist-git/lookaside.conf" + tags: + - config + notify: + - restart httpd + +- lineinfile: dest=/etc/cgitrc regexp="^project-list=" line="project-list=/var/lib/dist-git/git/pkgs-git-repos-list" +- lineinfile: dest=/etc/cgitrc regexp="^scan-path=" line="scan-path=/var/lib/dist-git/git/rpms/" + +- name: install systemd unit + copy: src="systemd/copr_distgit_updater.service" dest="/etc/systemd/system/" + +- command: "systemctl daemon-reload" + +- name: ensure that services are enabled and started + service: name="{{ item }}" enabled=yes state=started + with_items: + - "httpd" + - "dist-git.socket" + - "copr_distgit_updater" +