From 81a7c77f7e687be546008aceb3168a71cfec304c Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <patrick@puiterwijk.org>
Date: Fri, 5 Oct 2018 17:10:33 +0200
Subject: [PATCH] Deploy repoBridge

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
---
 playbooks/groups/pkgs.yml                     |  5 ++
 roles/repospanner/bridge/tasks/main.yml       | 62 +++++++++++++++++++
 .../bridge/templates/repoBridge.json          | 10 +++
 3 files changed, 77 insertions(+)
 create mode 100644 roles/repospanner/bridge/tasks/main.yml
 create mode 100644 roles/repospanner/bridge/templates/repoBridge.json

diff --git a/playbooks/groups/pkgs.yml b/playbooks/groups/pkgs.yml
index 5be63b3fe3..39c21003eb 100644
--- a/playbooks/groups/pkgs.yml
+++ b/playbooks/groups/pkgs.yml
@@ -24,6 +24,11 @@
       region: rpms,
       spawn_repospanner_node: true,
       when: env == "staging" }
+  - { role: repospanner/bridge,
+      zone: rpms,
+      zonecert: pagure_push,
+      baseurl: "https://fedora01.rpms.stg.fedoraproject.org:8443",
+      when: env == "staging" }
   - gitolite/base
   - cgit/base
   - cgit/clean_lock_cron
diff --git a/roles/repospanner/bridge/tasks/main.yml b/roles/repospanner/bridge/tasks/main.yml
new file mode 100644
index 0000000000..877f1da019
--- /dev/null
+++ b/roles/repospanner/bridge/tasks/main.yml
@@ -0,0 +1,62 @@
+---
+# Configuration for repoSpanner bridge
+
+- name: install needed packages
+  package: name={{ item }} state=present
+  with_items:
+  - repoSpanner-bridge
+  tags:
+  - repospanner/bridge
+  - packages
+
+- name: Create group
+  group:
+    name: repoBridge
+    state: present
+  tags:
+  - repospanner/bridge
+  - config
+
+- name: Create user
+  user:
+    name: repoBridge
+    state: present
+    group: repoBridge
+    shell: /sbin/nologin
+  tags:
+  - repospanner/bridge
+  - config
+
+- name: Create directory
+  file:
+    path: /etc/repobridge
+    state: directory
+    owner: repoBridge
+    group: repoBridge
+    mode: 0755
+  tags:
+  - repospanner/bridge
+  - config
+
+- name: Deploy configuration
+  template: src=repoBridge.json
+            dest=/etc/repobridge/{{zone}}.json
+            owner=repoBridge group=repoBridge mode=0644
+  tags:
+  - repospanner/bridge
+  - config
+
+- name: Deploy certificates
+  copy: src="{{private}}/files/repoSpanner/{{env}}/ca/{{item.src}}"
+        dest="/etc/repobridge/{{item.dest}}"
+        owner=repoBridge group=repoBridge mode=0644
+  with_items:
+  - src: ca.crt
+    dest: ca.crt
+  - src: "{{zonecert}}.crt"
+    dest: user.crt
+  - src: "{{zonecert}.key"
+    dest: user.key
+  tags:
+  - repospanner/bridge
+  - config
diff --git a/roles/repospanner/bridge/templates/repoBridge.json b/roles/repospanner/bridge/templates/repoBridge.json
new file mode 100644
index 0000000000..fdfa85d545
--- /dev/null
+++ b/roles/repospanner/bridge/templates/repoBridge.json
@@ -0,0 +1,10 @@
+{
+    "ca": "/etc/repoBridge/ca.crt",
+    "baseurl": "https://{{baseurl}}",
+    "certs": {
+        "_default_": {
+            "cert": "/etc/repoBridge/user.crt",
+            "key" : "/etc/repoBridge/user.key"
+        }
+    }
+}