--- - import_tasks: "mount_fs.yml" - name: Register security context for pgsql directory command: "ls -dZ /var/lib/pgsql" register: pgsql_ls changed_when: false # `ls' command is not changing anything - name: Update selinux context for postgress db dir if it's wrong command: "restorecon -vvRF /var/lib/pgsql" when: pgsql_ls.stdout is defined and 'postgresql_db_t' not in pgsql_ls.stdout - name: Install weekly custom copr-frontend-crontab copy: src=cron.weekly/copr-frontend-optional dest=/etc/cron.weekly/ mode=0755 tags: [cron_tasks] - name: Install daily custom copr-frontend-crontab copy: src=cron.daily/copr-frontend-optional dest=/etc/cron.daily/ mode=0755 tags: [cron_tasks] - name: Install hourly custom copr-frontend-crontab copy: src=cron.hourly/copr-frontend-optional dest=/etc/cron.hourly/ mode=0755 tags: [cron_tasks] - name: Install copr-frontend and copr-selinux dnf: state: present name: - copr-frontend - copr-selinux tags: - packages - name: Configure cron job for generating prometheus metrics hourly cron: name: "generating prometheus metrics" user: root minute: "*/5" job: "/usr/bin/python3 /usr/bin/copr-frontend-prometheus-monitoring.py" tags: - cron_tasks - name: Deploy the prometheus monitoring script copy: src: copr-frontend-prometheus-monitoring.py dest: /usr/bin/copr-frontend-prometheus-monitoring.py mode: "0750" owner: root group: root tags: - cron_tasks # we install python-alembic because https://bugzilla.redhat.com/show_bug.cgi?id=1536058 - name: Install additional pkgs for copr-frontend dnf: state: present pkg: - "bash-completion" - "mod_ssl" - redis - pxz - python3-alembic - mod_auth_gssapi - nagios-plugins-http - python3-prometheus_client - python3-beautifulsoup4 tags: - packages # - name: Patch for issue XXX # patch: src=patches/xxx.patch # dest=/the/patched/file.py # tags: patches - name: Directory for postgresql dumps ansible.builtin.file: state=directory path=/var/www/html/db_dumps/ owner=copr-fe mode=755 - name: Directory for usage graphs ansible.builtin.file: state=directory path=/var/www/html/usage/ owner=copr-fe mode=755 - name: Install copr configs template: src="copr.conf" dest=/etc/copr/copr.conf mode=600 notify: - reload httpd - restart copr-fe-fedora-messaging-reader tags: - config - copr_infrastructure_password - name: Install config for 'copr-frontend chroots-template' copy: src="chroots.conf" dest=/etc/copr/chroots.conf mode=600 owner=copr-fe group=copr-fe register: chroots_conf_installed tags: - config - chroots_config - import_tasks: "psql_setup.yml" - name: Upgrade db to head command: alembic-3 upgrade head become: yes become_user: copr-fe args: chdir: /usr/share/copr/coprs_frontend/ register: alembic_result changed_when: alembic_result.stdout is search("Running upgrade") - name: Apply the config comments command: copr-frontend chroots-template become: yes become_user: copr-fe args: chdir: /usr/share/copr/coprs_frontend/ when: chroots_conf_installed.changed tags: - config - chroots_config - name: Enable and start redis # TODO: .service in copr-backend should depend on redis service: name=redis enabled=yes state=started when: not services_disabled|bool # This was state=yes for https://bugzilla.redhat.com/show_bug.cgi?id=1535689 for # some time, and since requests were fixed we want it the other way around # again. - name: Dis-alllow execmem for Apache seboolean: name: httpd_execmem state: no persistent: yes - name: Install letsencrypt ssl certificates for dev include_role: name=copr/certbot tags: - config - certbot - import_tasks: "httpd.yml" - name: Enable services service: state=started enabled=yes name={{ item }} with_items: - httpd - crond when: not services_disabled|bool - name: Set dev banner for dev instance when: devel|bool copy: src=banner-include.html dest=/var/lib/copr/ - name: Disallow robots on dev instance when: devel|bool copy: src=robots.txt dest=/var/www/html/ - name: Register whether indexes rebuild is required command: copr-frontend update_indexes_required become: yes become_user: copr-fe register: update_indexes_required_result changed_when: false failed_when: false - name: Rebuild indexes command: ./manage.py update_indexes become: yes become_user: copr-fe args: chdir: /usr/share/copr/coprs_frontend/ when: update_indexes_required_result.rc != 0 - name: Make sure /etc/fedora-messaging directory exists ansible.builtin.file: path=/etc/fedora-messaging state=directory - name: Install fedora messaging config for Copr template: src="fedora-messaging/copr_messaging.toml" dest="/etc/fedora-messaging/copr_messaging.toml" notify: - restart copr-fe-fedora-messaging-reader tags: - config - name: Detect copr-frontend version package_facts: manager=auto - name: Install custom systemd service files copy: src=systemd dest=/etc notify: - reload httpd - name: Compress rotated httpd logs copy: src="httpd.logrotate" dest="/etc/logrotate.d/httpd" tags: [logrotate_tasks] - name: Start logrotate service service: name=logrotate.timer state=started enabled=yes when: not services_disabled|bool - name: Start fm-consumer service service: state=started enabled=yes name="fm-consumer@copr_messaging" when: - not services_disabled|bool - name: Install bash_profile file to ease some admin tasks copy: content: | export PGUSER=copr-fe export PGDATABASE=coprdb dest: "{{ copr_fe_homedir }}/.bash_profile" - name: Configure options in node exporter lineinfile: path: /etc/default/prometheus-node-exporter regexp: '^ARGS=' line: 'ARGS=--collector.textfile.directory="/var/lib/prometheus/node-exporter" --collector.systemd' backrefs: yes notify: restart node_exporter - name: Install nrpe dnf: name=nrpe state=present - name: Install the check script template: dest: "/usr/bin/copr-cdn-check.py" src: "copr-cdn-check.py.j2" group: "nagios" mode: "0750" vars: api_key: "{{ copr_uptimerobot_api_key_ro | default('not-configured') }}" tags: copr_cdn - name: Install gai.conf copy: src=gai.conf dest=/etc notify: - reload httpd