--- # install packages and generate shared configuration files - name: install the packages required for ODCS package: pkg: "{{ item }}" with_items: - python3-psycopg2 - python3-odcs-common - python3-celery - odcs - httpd - make - libxml2 - intltool tags: - odcs - name: install the latest ODCS packagess package: pkg: "{{ item }}" with_items: - python3-odcs-common - odcs - odcs-client when: odcs_upgrade tags: - odcs - name: Enable the mod_auth_openidc module on rhel8 copy: dest: /etc/dnf/modules.d/mod_auth_openidc.module content: | [mod_auth_openidc] name=mod_auth_openidc stream=2.3 profiles= state=enabled when: datacenter == "iad2" # install required packages for frontend here, as we may # need to reload httpd in next task when host is frontend - name: install the packages required for ODCS frontend package: pkg: "{{ item }}" state: present with_items: - mod_auth_openidc - python3-mod_wsgi when: inventory_hostname.startswith('odcs-frontend') tags: - odcs - odcs/frontend - name: install the packages required for ODCS backend package: pkg: "{{ item }}" state: present with_items: - koji when: inventory_hostname.startswith('odcs-backend') tags: - odcs - odcs/backend - name: create odcs-server group group: name: odcs-server gid: 64321 state: present - name: create odcs-server user user: name: odcs-server uid: 64321 group: odcs-server - name: create ODCS_TARGET_DIR file: path: "{{ item }}" state: directory owner: odcs-server group: odcs-server mode: 0775 # recurse: yes follow: no with_items: - "{{ odcs_target_dir }}" tags: - odcs - odcs/frontend - name: create ODCS_TARGET_DIR private file: path: "{{ item }}" state: directory owner: odcs-server group: odcs-server mode: 0770 # recurse: yes follow: no with_items: - "{{ odcs_target_dir }}/private" tags: - odcs - odcs/frontend - name: ensure ODCS service directories have right ownership file: path: "{{ item }}" state: directory owner: odcs-server group: odcs-server recurse: yes follow: no with_items: - /var/run/odcs-backend - /var/log/odcs-backend tags: - odcs - odcs/backend # this app config is shared by backend and frontend, but has different # owner groups on backend and frontend, and notify different handlers, # we can have vars set for frontend and backend seperately to do that, # but it looks a little weird to have such special vars in # inventory/group_vars/odcs-*, also we don't want to repeat the same # required vars in frontend and backend, so just have 2 tasks in base # to keep it simple. - name: generate the ODCS app config for frontend template: src: etc/odcs/config.py.j2 dest: /etc/odcs/config.py owner: odcs-server group: apache mode: 0440 notify: - restart apache when: inventory_hostname.startswith('odcs-frontend') tags: - odcs - odcs/frontend - name: generate the ODCS app config for backend template: src: etc/odcs/config.py.j2 dest: /etc/odcs/config.py owner: odcs-server group: odcs-server mode: 0440 notify: - restart odcs-celery-backend when: inventory_hostname.startswith('odcs-backend') tags: - odcs - odcs/backend - name: generate the ODCS raw_config_wrapper config for backend template: src: etc/odcs/raw_config_wrapper.conf.j2 dest: /etc/odcs/raw_config_wrapper.conf owner: odcs-server group: odcs-server mode: 0440 notify: - restart odcs-celery-backend when: inventory_hostname.startswith('odcs-backend') tags: - odcs - odcs/backend - name: generate the ODCS runroot_koji config for backend template: src: etc/odcs/runroot_koji.conf.j2 dest: /etc/odcs/runroot_koji.conf owner: odcs-server group: odcs-server mode: 0440 notify: - restart odcs-celery-backend when: inventory_hostname.startswith('odcs-backend') tags: - odcs - odcs/backend - name: Make sure the /etc/fedmsg.d/odcs.py file (provided by rpm) is absent. file: path: /etc/fedmsg.d/odcs.py state: absent tags: - odcs - odcs/backend - name: copy the ODCS pungi config template to backend copy: src: "{{ roles_path }}/odcs/base/files/pungi.conf" dest: /etc/odcs/pungi.conf owner: odcs-server group: odcs-server mode: 0640 notify: - restart odcs-celery-backend when: inventory_hostname.startswith('odcs-backend') tags: - odcs - odcs/backend - name: copy the odcs-celery-backend.service file. template: src: "etc/systemd/system/odcs-celery-backend.service.j2" dest: /etc/systemd/system/odcs-celery-backend.service owner: odcs-server group: odcs-server mode: 0640 notify: - restart odcs-celery-backend when: inventory_hostname.startswith('odcs-backend') tags: - odcs - odcs/backend - name: copy the odcs-celery-beat.service file. template: src: "etc/systemd/system/odcs-celery-beat.service.j2" dest: /etc/systemd/system/odcs-celery-beat.service owner: odcs-server group: odcs-server mode: 0640 notify: - restart odcs-celery-beat when: inventory_hostname.startswith('odcs-frontend') tags: - odcs - odcs/frontend - name: Reload systemd daemon systemd: daemon_reload: yes tags: - odcs - odcs/backend - odcs/frontend - name: enable ODCS backend (odcs-celery-backend) service: name: odcs-celery-backend enabled: yes when: inventory_hostname.startswith('odcs-backend') tags: - odcs - odcs/backend - name: enable ODCS beat (odcs-celery-beat) service: name: odcs-celery-beat enabled: yes when: inventory_hostname.startswith('odcs-frontend') tags: - odcs - odcs/frontend - name: copy the fedora-messaging.toml.j2 file. template: src: "fedora-messaging.toml.j2" dest: /etc/fedora-messaging/config.toml owner: odcs-server group: odcs-server mode: 0640 tags: - odcs - odcs/frontend - odcs/backend - name: copy the odcs-backend.conf tmpfiles.d file. copy: src: "{{ roles_path }}/odcs/base/files/tmpfiles.d/odcs-backend.conf" dest: /etc/tmpfiles.d/odcs-backend.conf owner: odcs-server group: odcs-server mode: 0640 notify: - restart odcs-celery-backend when: inventory_hostname.startswith('odcs-backend') tags: - odcs - odcs/backend - name: configure logrotate copy: src: "{{ roles_path }}/odcs/base/files/logrotate.d/odcs" dest: /etc/logrotate.d/odcs when: inventory_hostname.startswith('odcs-backend') tags: - odcs - odcs/backend - name: Run systemd-tmpfiles --create command: systemd-tmpfiles --create args: creates: /var/run/odcs-backend notify: - restart odcs-celery-backend when: inventory_hostname.startswith('odcs-backend') tags: - odcs - odcs/backend - name: copy the odcs rabbitmq private queue crt. copy: src: "{{private}}/files/rabbitmq/{{env}}/pki/issued/odcs-private-queue{{env_suffix}}.crt" dest: /etc/odcs/odcs-private-queue.crt owner: odcs-server group: apache mode: 0640 tags: - odcs - odcs/backend - odcs/frontend - name: copy the odcs rabbitmq private queue key. copy: src: "{{private}}/files/rabbitmq/{{env}}/pki/private/odcs-private-queue{{env_suffix}}.key" dest: /etc/odcs/odcs-private-queue.key owner: odcs-server group: apache mode: 0640 tags: - odcs - odcs/backend - odcs/frontend - name: copy the odcs rabbitmq crt. copy: src: "{{private}}/files/rabbitmq/{{env}}/pki/issued/odcs{{env_suffix}}.crt" dest: /etc/odcs/odcs-rabbitmq.crt owner: odcs-server group: apache mode: 0640 tags: - odcs - odcs/backend - odcs/frontend - name: copy the odcs rabbitmq key. copy: src: "{{private}}/files/rabbitmq/{{env}}/pki/private/odcs{{env_suffix}}.key" dest: /etc/odcs/odcs-rabbitmq.key owner: odcs-server group: apache mode: 0640 tags: - odcs - odcs/backend - odcs/frontend - name: copy the odcs rabbitmq CA cert. copy: src: "{{private}}/files/rabbitmq/{{env}}/pki/ca.crt" dest: /etc/odcs/ca.crt owner: odcs-server group: apache mode: 0640 tags: - odcs - odcs/backend - odcs/frontend - name: copy the custom_compose_raw_config_wrapper.conf file. copy: src: "{{ roles_path }}/odcs/base/files/odcs/custom_compose_raw_config_wrapper.conf" dest: /etc/odcs/custom_compose_raw_config_wrapper.conf owner: odcs-server group: odcs-server mode: 0640 notify: - restart odcs-celery-backend when: inventory_hostname.startswith('odcs-backend') tags: - odcs - odcs/backend