Deploy repoBridge

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2018-10-05 17:10:33 +02:00 · 2018-10-05 17:10:33 +02:00 · 81a7c77f7e
commit 81a7c77f7e
parent d99c8c916f
3 changed files with 77 additions and 0 deletions
--- a/playbooks/groups/pkgs.yml
+++ b/playbooks/groups/pkgs.yml
@ -24,6 +24,11 @@
      region: rpms,
      spawn_repospanner_node: true,
      when: env == "staging" }
+  - { role: repospanner/bridge,
+      zone: rpms,
+      zonecert: pagure_push,
+      baseurl: "https://fedora01.rpms.stg.fedoraproject.org:8443",
+      when: env == "staging" }
  - gitolite/base
  - cgit/base
  - cgit/clean_lock_cron
--- a/roles/repospanner/bridge/tasks/main.yml
+++ b/roles/repospanner/bridge/tasks/main.yml
@ -0,0 +1,62 @@
+---
+# Configuration for repoSpanner bridge
+
+- name: install needed packages
+  package: name={{ item }} state=present
+  with_items:
+  - repoSpanner-bridge
+  tags:
+  - repospanner/bridge
+  - packages
+
+- name: Create group
+  group:
+    name: repoBridge
+    state: present
+  tags:
+  - repospanner/bridge
+  - config
+
+- name: Create user
+  user:
+    name: repoBridge
+    state: present
+    group: repoBridge
+    shell: /sbin/nologin
+  tags:
+  - repospanner/bridge
+  - config
+
+- name: Create directory
+  file:
+    path: /etc/repobridge
+    state: directory
+    owner: repoBridge
+    group: repoBridge
+    mode: 0755
+  tags:
+  - repospanner/bridge
+  - config
+
+- name: Deploy configuration
+  template: src=repoBridge.json
+            dest=/etc/repobridge/{{zone}}.json
+            owner=repoBridge group=repoBridge mode=0644
+  tags:
+  - repospanner/bridge
+  - config
+
+- name: Deploy certificates
+  copy: src="{{private}}/files/repoSpanner/{{env}}/ca/{{item.src}}"
+        dest="/etc/repobridge/{{item.dest}}"
+        owner=repoBridge group=repoBridge mode=0644
+  with_items:
+  - src: ca.crt
+    dest: ca.crt
+  - src: "{{zonecert}}.crt"
+    dest: user.crt
+  - src: "{{zonecert}.key"
+    dest: user.key
+  tags:
+  - repospanner/bridge
+  - config
--- a/roles/repospanner/bridge/templates/repoBridge.json
+++ b/roles/repospanner/bridge/templates/repoBridge.json
@ -0,0 +1,10 @@
+{
+    "ca": "/etc/repoBridge/ca.crt",
+    "baseurl": "https://{{baseurl}}",
+    "certs": {
+        "_default_": {
+            "cert": "/etc/repoBridge/user.crt",
+            "key" : "/etc/repoBridge/user.key"
+        }
+    }
+}