Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Try to improve and organize the koji_hub role.

Browse source
This commit is contained in:
Ralph Bean 2014-11-11 19:19:41 +00:00
parent 3ca99df287
commit c45cb4e945
1 changed files with 54 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

68
roles/koji_hub/tasks/main.yml
View file

@ -15,6 +15,7 @@
- gnupg2 - gnupg2
tags: tags:
- packages - packages
- koji_hub
- name: make koji pki directory - name: make koji pki directory
file: state=directory path=/etc/pki/koji/ owner=root group=root file: state=directory path=/etc/pki/koji/ owner=root group=root
@ -25,58 +26,82 @@
- certs - certs
- private - private
- confs - confs
tags:
- koji_hub
- name: hub config - name: hub config
template: src=hub.conf.j2 dest=/etc/koji-hub/hub.conf owner=apache group=apache mode=600 template: src=hub.conf.j2 dest=/etc/koji-hub/hub.conf owner=apache group=apache mode=600
tags: tags:
- config - config
- koji_hub
notify: restart httpd notify: restart httpd
- name: kojiweb config - name: kojiweb config
template: src=web.conf.j2 dest=/etc/kojiweb/web.conf owner=apache group=apache mode=600 template: src=web.conf.j2 dest=/etc/kojiweb/web.conf owner=apache group=apache mode=600
tags: tags:
- config - config
- koji_hub
notify: restart httpd notify: restart httpd
- name: enable httpd_can_network_connect SELinux boolean for fedmsg - name: enable httpd_can_network_connect SELinux boolean for fedmsg
seboolean: name=httpd_can_network_connect state=yes persistent=yes seboolean: name=httpd_can_network_connect state=yes persistent=yes
tags: tags:
- config - config
- selinux
- koji_hub
- name: koji fedmsg plugin - name: koji fedmsg plugin
copy: src=fedmsg-koji-plugin.py dest=/usr/lib/koji-hub-plugins/fedmsg-koji-plugin.py copy: src=fedmsg-koji-plugin.py dest=/usr/lib/koji-hub-plugins/fedmsg-koji-plugin.py
notify:
- restart httpd
tags: tags:
- config - config
- koji_hub
- name: init koji ca key file
copy: src={{ puppet_private }}/koji/koji.stg_key.pem dest=/etc/pki/tls/private/koji.stg_key.pem
tags:
- config
- name: install kojiweb_cert_key.pem - name: install kojiweb_cert_key.pem
copy: src={{ puppet_private }}/koji/kojiweb_cert_key.pem dest=/etc/pki/tls/private/kojiweb_cert_key.pem owner=apache mode=600 copy: src={{ puppet_private }}/koji/kojiweb_cert_key.pem dest=/etc/pki/tls/private/kojiweb_cert_key.pem owner=apache mode=600
notify:
- restart httpd
tags: tags:
- config - config
- koji_hub
when: env != 'staging'
- name: install koji_key.pem - name: install production koji_cert.pem
copy: src={{ puppet_private }}/koji/koji_key.pem dest=/etc/pki/tls/private/koji_key.pem owner=apache mode=600
tags:
- config
- name: install koji_cert.pem
copy: src={{ puppet_private }}/koji/koji_cert.pem dest=/etc/pki/tls/certs/koji_cert.pem owner=apache mode=600 copy: src={{ puppet_private }}/koji/koji_cert.pem dest=/etc/pki/tls/certs/koji_cert.pem owner=apache mode=600
notify:
- restart httpd
tags: tags:
- config - config
- koji_hub
when: env != 'staging'
- name: Install koji ssl certs - name: install production koji_key.pem
copy: src={{ puppet_private }}/koji/koji_key.pem dest=/etc/pki/tls/private/koji_key.pem owner=apache mode=600
notify:
- restart httpd
tags:
- config
- koji_hub
when: env != 'staging'
- name: Install staging koji ssl cert
copy: src={{ puppet_private }}/koji/koji.stg_cert.pem dest=/etc/pki/tls/certs/koji.stg_cert.pem copy: src={{ puppet_private }}/koji/koji.stg_cert.pem dest=/etc/pki/tls/certs/koji.stg_cert.pem
notify:
- restart httpd
tags: tags:
- config - config
- koji_hub
when: env == 'staging'
- name: init kojiweb ca cert file - name: install staging koji ssl key
copy: src={{ puppet_private }}/koji/kojiweb_cert_key.pem dest=/etc/pki/tls/private/kojiweb_cert_key.pem copy: src={{ puppet_private }}/koji/koji.stg_key.pem dest=/etc/pki/tls/private/koji.stg_key.pem
notify:
- restart httpd
tags: tags:
- config - config
- koji_hub
when: env == 'staging'
- name: instaall fedora-ca.cert in various places - name: instaall fedora-ca.cert in various places
copy: src={{ puppet_private }}/fedora-ca.cert dest={{ item }} owner=apache copy: src={{ puppet_private }}/fedora-ca.cert dest={{ item }} owner=apache
@ -87,16 +112,19 @@
- /etc/pki/tls/certs/upload_cacert.pem - /etc/pki/tls/certs/upload_cacert.pem
tags: tags:
- config - config
- koji_hub
- name: install kojira_cert_key - name: install kojira_cert_key
copy: src={{ puppet_private }}/koji/kojira_cert_key.pem dest=/etc/kojira/kojira_cert_key.pem owner=apache mode=600 copy: src={{ puppet_private }}/koji/kojira_cert_key.pem dest=/etc/kojira/kojira_cert_key.pem owner=apache mode=600
tags: tags:
- config - config
- koji_hub
- name: updatecrl script - name: updatecrl script
copy: src=updatecrl.sh dest=/usr/local/bin/updatecrl.sh owner=root mode=755 copy: src=updatecrl.sh dest=/usr/local/bin/updatecrl.sh owner=root mode=755
tags: tags:
- config - config
- koji_hub
- name: koji web config files - name: koji web config files
copy: src={{ item }} dest=/etc/httpd/conf.d/{{ item }} owner=root group=root copy: src={{ item }} dest=/etc/httpd/conf.d/{{ item }} owner=root group=root
@ -108,27 +136,38 @@
- repo.conf - repo.conf
tags: tags:
- config - config
- koji_hub
notify: restart httpd notify: restart httpd
- name: koji staging ssl config - name: koji staging ssl config
copy: src=koji-ssl.conf.stg dest=/etc/httpd/conf.d/ssl.conf copy: src=koji-ssl.conf.stg dest=/etc/httpd/conf.d/ssl.conf
tags: tags:
- config - config
- koji_hub
when: env == "staging" when: env == "staging"
- name: kojira config - name: kojira config
copy: src=kojira.conf dest=/etc/kojira/kojira.conf copy: src=kojira.conf dest=/etc/kojira/kojira.conf
tags: tags:
- config - config
- koji_hub
- name: make mnt/koji directory - name: make mnt/koji directory
file: state=directory path=/mnt/koji/ owner=root group=root file: state=directory path=/mnt/koji/ owner=root group=root
tags:
- koji_hub
- name: set sebooleans so koji can talk to the db - name: set sebooleans so koji can talk to the db
seboolean: name=httpd_can_network_connect_db state=true persistent=true seboolean: name=httpd_can_network_connect_db state=true persistent=true
tags:
- selinux
- koji_hub
- name: set sebooleans so koji can anon write - name: set sebooleans so koji can anon write
seboolean: name=allow_httpd_anon_write state=true persistent=true seboolean: name=allow_httpd_anon_write state=true persistent=true
tags:
- selinux
- koji_hub
- name: Set httpd to run on boot - name: Set httpd to run on boot
service: name=httpd enabled=yes service: name=httpd enabled=yes
@ -137,3 +176,4 @@
- restart httpd - restart httpd
tags: tags:
- service - service
- koji_hub