Ryan Lerch
62952df107
Replaces many references to file: with ansible.builtin.file Signed-off-by: Ryan Lerch <rlerch@redhat.com>
131 lines
3 KiB
YAML
131 lines
3 KiB
YAML
---
|
|
# tasklist for setting up bodhi
|
|
# This is the base set of files needed for bodhi
|
|
|
|
- name: Create the bodhi configuration directory
|
|
ansible.builtin.file:
|
|
path: /etc/bodhi
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
|
|
- name: Create the bodhi group
|
|
group:
|
|
name: bodhi
|
|
system: yes
|
|
|
|
- name: Create the bodhi user
|
|
user:
|
|
name: bodhi
|
|
group: bodhi
|
|
comment: Bodhi Server
|
|
shell: /sbin/nologin
|
|
home: /usr/share/bodhi
|
|
system: yes
|
|
state: present
|
|
|
|
- name: Configure alembic
|
|
template:
|
|
src: alembic.ini
|
|
dest: /etc/bodhi/alembic.ini
|
|
owner: bodhi
|
|
group: root
|
|
tags:
|
|
- config
|
|
- bodhi
|
|
|
|
# Bodhi virtualhost in RabbitMQ
|
|
|
|
- name: Configure the bodhi virtual host
|
|
run_once: true
|
|
delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
|
|
rabbitmq_vhost:
|
|
name: /bodhi
|
|
state: present
|
|
tags:
|
|
- rabbitmq_cluster
|
|
- config
|
|
- bodhi
|
|
|
|
- name: Configure the HA policy for the bodhi queues
|
|
run_once: true
|
|
delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
|
|
rabbitmq_policy:
|
|
name: HA
|
|
apply_to: queues
|
|
pattern: .*
|
|
tags:
|
|
ha-mode: all
|
|
ha-sync-mode: automatic # Auto sync queues to new cluster members
|
|
ha-sync-batch-size: 10000 # Larger is faster, but must finish in 1 net_ticktime
|
|
vhost: /bodhi
|
|
tags:
|
|
- rabbitmq_cluster
|
|
- config
|
|
- bodhi
|
|
|
|
- name: Grant the admin user access to the bodhi vhost
|
|
run_once: true
|
|
delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
|
|
rabbitmq_user:
|
|
user: admin
|
|
vhost: /bodhi
|
|
configure_priv: .*
|
|
read_priv: .*
|
|
write_priv: .*
|
|
tags: administrator
|
|
tags:
|
|
- rabbitmq_cluster
|
|
- config
|
|
- bodhi
|
|
|
|
- name: Grant the nagios-monitoring user access to the bodhi vhost
|
|
run_once: true
|
|
delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
|
|
rabbitmq_user:
|
|
user: nagios-monitoring
|
|
vhost: /bodhi
|
|
configure_priv: "^$"
|
|
read_priv: "^$"
|
|
write_priv: "^$"
|
|
tags: monitoring
|
|
tags:
|
|
- rabbitmq_cluster
|
|
- config
|
|
- bodhi
|
|
|
|
# Create a user for Celery
|
|
# - name: Create a user for Celery usage
|
|
# run_once: true
|
|
# delegate_to: "rabbitmq01{{ env_suffix }}.{{ datacenter }}.fedoraproject.org"
|
|
# rabbitmq_user:
|
|
# user: "bodhi-celery{{ env_suffix }}"
|
|
# vhost: /bodhi
|
|
# configure_priv: .*
|
|
# write_priv: .*
|
|
# read_priv: .*
|
|
# state: present
|
|
# tags:
|
|
# - rabbitmq_cluster
|
|
# - config
|
|
# - bodhi
|
|
|
|
- name: Grant the bodhi user access to the bodhi vhost
|
|
run_once: true
|
|
delegate_to: "rabbitmq01{{ env_suffix }}.iad2.fedoraproject.org"
|
|
rabbitmq_user:
|
|
user: "bodhi{{ env_suffix }}"
|
|
vhost: /bodhi
|
|
configure_priv: .*
|
|
read_priv: .*
|
|
write_priv: .*
|
|
# We have to repeat the topic permissions here until this is fixed:
|
|
# https://github.com/ansible-collections/community.rabbitmq/issues/156
|
|
topic_permissions:
|
|
- vhost: /pubsub
|
|
read_priv: .*
|
|
write_priv: "{{ bodhi_sent_topics }}"
|
|
tags:
|
|
- rabbitmq_cluster
|
|
- config
|
|
- bodhi
|