From db0ac230a06f36e7547d48d6d92f483a290ecb24 Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Tue, 30 Jun 2015 17:36:59 +0000 Subject: [PATCH] Tag up the fas_server role. --- roles/fas_server/tasks/main.yml | 35 +++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/roles/fas_server/tasks/main.yml b/roles/fas_server/tasks/main.yml index eecc8584d4..66f2b9bfcb 100644 --- a/roles/fas_server/tasks/main.yml +++ b/roles/fas_server/tasks/main.yml @@ -12,6 +12,7 @@ - mod_wsgi tags: - packages + - fas - name: enable httpd_can_network_connect selinux boolean seboolean: name={{ item }} state=yes persistent=yes @@ -20,16 +21,19 @@ - allow_ypbind tags: - config + - fas - name: setup /var/www/.python-eggs directory file: path=/var/www/.python-eggs owner=apache group=apache mode=0700 state=directory tags: - config + - fas - name: setup /etc/fas-gpg directory file: path=/etc/fas-gpg owner=fas group=fas mode=0700 state=directory setype=httpd_sys_rw_content_t tags: - config + - fas - name: install /etc/httpd/conf.d/accounts.conf file template: > @@ -42,11 +46,13 @@ - restart httpd tags: - config + - fas - name: setup /etc/pki/fas directory file: path=/etc/pki/fas owner=fas group=fas mode=0755 state=directory tags: - config + - fas - name: install pythonsitelib/fas/config/log.cfg copy: > @@ -59,6 +65,7 @@ - restart httpd tags: - config + - fas # $bugzillaUser = "fedora-admin-xmlrpc@redhat.com" @@ -71,6 +78,7 @@ mode=0600 tags: - config + - fas - name: install /etc/pki/fas/fedora-server-ca.cert file copy: > @@ -81,6 +89,7 @@ mode=0644 tags: - config + - fas - name: install /etc/pki/fas/fedora-upload-ca.cert file copy: > @@ -91,6 +100,7 @@ mode=0644 tags: - config + - fas - name: install /usr/share/fas/static/fedora-server-ca.cert file copy: > @@ -101,6 +111,7 @@ mode=0644 tags: - config + - fas - name: install /usr/share/fas/static/fedora-upload-ca.cert file copy: > @@ -111,6 +122,7 @@ mode=0644 tags: - config + - fas - name: install /etc/fas.cfg file template: > @@ -123,6 +135,7 @@ - restart httpd tags: - config + - fas - name: install /usr/local/bin/yubikey-remove.py file template: > @@ -133,6 +146,7 @@ mode=0750 tags: - config + - fas # $gen_cert = "True" @@ -148,36 +162,42 @@ - restart httpd tags: - config + - fas - name: setup /var/lock/fedora-ca directory file: path=/var/lock/fedora-ca owner=fas group=fas mode=0700 state=directory setype=var_lock_t when: master_fas_node == True tags: - config + - fas - name: setup /var/lib/fedora-ca directory file: path=/var/lib/fedora-ca owner=fas group=fas mode=0771 state=directory setype=httpd_sys_content_t when: master_fas_node == True tags: - config + - fas #- name: install /var/lib/fedora-ca/.rnd file # file: path=/var/lib/fedora-ca/.rnd owner=fas group=fas mode=0600 setype=httpd_sys_content_t # when: master_fas_node == True # tags: # - config +# - fas - name: setup /var/lib/fedora-ca/newcerts directory file: path=/var/lib/fedora-ca/newcerts owner=fas group=fas mode=0700 state=directory when: master_fas_node == True tags: - config + - fas - name: setup /var/lib/fedora-ca/private directory file: path=/var/lib/fedora-ca/private owner=fas group=fas mode=0700 state=directory when: master_fas_node == True tags: - config + - fas - name: install /var/lib/fedora-ca/private/cakey.pem file copy: > @@ -189,6 +209,7 @@ when: master_fas_node == True tags: - config + - fas - name: install /var/lib/fedora-ca/Makefile file copy: > @@ -200,6 +221,7 @@ when: master_fas_node == True tags: - config + - fas - name: install /var/lib/fedora-ca/openssl.cnf file copy: > @@ -211,6 +233,7 @@ when: master_fas_node == True tags: - config + - fas - name: install /var/lib/fedora-ca/certhelper.py file copy: > @@ -222,6 +245,7 @@ when: master_fas_node == True tags: - config + - fas - name: install /var/lib/fedora-ca/cacert.pem file copy: > @@ -233,6 +257,7 @@ when: master_fas_node == True tags: - config + - fas #For publishing the crl - name: setup /srv/web/ca directory @@ -240,6 +265,7 @@ when: master_fas_node == True tags: - config + - fas - name: twice every month, force a new crl to be created cron: > @@ -252,11 +278,14 @@ when: master_fas_node == True tags: - config + - fas - name: create directory /var/lib/fedora-ca/crl/ file: path={{ item }} state=directory with_items: - /var/lib/fedora-ca/crl/ + tags: + - fas - name: touch /var/lib/fedora-ca/crl/crl.pem and /var/lib/fedora-ca/cacert.pem command: touch /var/lib/fedora-ca/cacert.pem /var/lib/fedora-ca/crl/crl.pem @@ -264,18 +293,21 @@ changed_when: "1 != 1" tags: - config + - fas - name: create /srv/web/ca/crl.pem link file: path="/srv/web/ca/crl.pem" state=link src="/var/lib/fedora-ca/crl/crl.pem" when: master_fas_node == True tags: - config + - fas - name: create /srv/web/ca/cacert.pem link file: path="/srv/web/ca/cacert.pem" state=link src="/var/lib/fedora-ca/cacert.pem" when: master_fas_node == True tags: - config + - fas - name: install /etc/export-bugzilla.cfg file template: > @@ -287,6 +319,7 @@ when: master_fas_node == True tags: - config + - fas - name: HOTFIX fix the export-bugzilla cron to not store bugzilla token @@ -299,6 +332,7 @@ tags: - config - hotfix + - fas - name: run export-bugzilla program @@ -310,3 +344,4 @@ when: master_fas_node == True tags: - config + - fas