Ryan Lerch
62952df107
Replaces many references to file: with ansible.builtin.file Signed-off-by: Ryan Lerch <rlerch@redhat.com>
172 lines
4.7 KiB
YAML
172 lines
4.7 KiB
YAML
---
|
|
- import_tasks: "mount_fs.yml"
|
|
|
|
# pre-create users/groups and copy uids/gids from the current prod copr-dist-git
|
|
- group: name="packager" state=present gid=987
|
|
- group: name="copr-dist-git" state=present gid=1003
|
|
- group: name="apache" state=present gid=48
|
|
|
|
- name: Create user for git repos and copr-dist-git service
|
|
user: name="copr-dist-git" group=copr-dist-git groups=packager,apache uid=1002
|
|
|
|
- name: Install packages
|
|
dnf:
|
|
state: present
|
|
name:
|
|
- cgit
|
|
- copr-dist-git
|
|
- highlight
|
|
- nfs-utils
|
|
- rdiff-backup
|
|
- scl-utils-build
|
|
- tmpwatch
|
|
- nagios-plugins-http
|
|
tags:
|
|
- packages
|
|
|
|
- name: Install latest dist-git and copr-dist-git
|
|
dnf:
|
|
state: present
|
|
name:
|
|
- dist-git
|
|
- dist-git-selinux
|
|
- copr-dist-git
|
|
|
|
- name: Switch selinux to enforcing
|
|
selinux: policy=targeted state=enforcing
|
|
|
|
- name: Make sure directories are owned by copr-dist-git user
|
|
ansible.builtin.file: path={{ item }} owner=copr-dist-git group=copr-dist-git state=directory recurse=yes
|
|
with_items:
|
|
- /var/log/copr-dist-git/
|
|
|
|
- name: Install config for copr-dist-git
|
|
template: src=copr-dist-git.conf.j2 dest=/etc/copr/copr-dist-git.conf mode=0644
|
|
tags:
|
|
- config
|
|
- copr_infrastructure_password
|
|
notify:
|
|
- restart copr-dist-git
|
|
|
|
- name: Set git variables for copr-dist-git user
|
|
copy: src=".gitconfig" dest="/home/copr-dist-git/.gitconfig"
|
|
|
|
- name: Set git config username
|
|
git_config: name=user.name scope=global value="Copr dist git"
|
|
|
|
- name: Install httpd config needed for COPR lookaside cache
|
|
copy: src="httpd/dist-git/{{ item }}" dest="/etc/httpd/conf.d/dist-git/{{ item }}"
|
|
with_items:
|
|
- lookaside-copr.conf
|
|
tags:
|
|
- config
|
|
notify:
|
|
- reload httpd
|
|
|
|
- name: Letsencrypt for copr-dist-git
|
|
include_role: name=copr/certbot
|
|
tags:
|
|
- config
|
|
- certbot
|
|
|
|
- name: Install copr-dist-git httpd config
|
|
copy: src="httpd/{{ item }}" dest="/etc/httpd/conf.d/{{ item }}"
|
|
with_items:
|
|
- copr-dist-git.conf
|
|
tags:
|
|
- config
|
|
notify:
|
|
- reload httpd
|
|
|
|
- name: Install /etc/httpd/conf.d/ssl.conf
|
|
template: src="ssl.conf.j2" dest="/etc/httpd/conf.d/ssl.conf" owner=root group=root mode=0644
|
|
notify:
|
|
- reload httpd
|
|
|
|
- name: Temporary logrotation fix until copr-dist-git 0.26 is released & deployed
|
|
copy: src="logrotate.d/copr-dist-git" dest="/etc/logrotate.d/copr-dist-git"
|
|
|
|
- name: Install /etc/dist-git/dist-git.conf file
|
|
copy: src="dist-git.conf" dest="/etc/dist-git/dist-git.conf" mode=0644
|
|
tags:
|
|
- config
|
|
|
|
- name: Install cgitrc
|
|
template: src="cgitrc" dest="/etc/cgitrc" owner=root group=root mode=0644
|
|
|
|
- name: Allow httpd to run cgit
|
|
seboolean: name=httpd_enable_cgi state=true persistent=true
|
|
|
|
- name: Install robots.txt
|
|
copy: src="robots.txt" dest="/var/www/html/" mode=0644
|
|
tags:
|
|
- config
|
|
|
|
- name: Set up tmpwatch cron job
|
|
cron: name="clean tmp" minute="0" job="/usr/sbin/tmpwatch 2h /tmp/"
|
|
|
|
- name: Ensure that services are enabled and started
|
|
service: name="{{ item }}" enabled=yes state=started
|
|
with_items:
|
|
- "httpd"
|
|
- "dist-git.socket"
|
|
- "copr-dist-git"
|
|
when: not services_disabled|bool
|
|
|
|
- name: Create place for our custom SELinux policy
|
|
ansible.builtin.file: path=/usr/local/share/selinux state=directory
|
|
|
|
- name: Copy over our custom selinux policy for cgit
|
|
copy: src=git_script_t.pp dest=/usr/local/share/selinux/git_script_t.pp
|
|
register: cgit_selinux_module
|
|
tags:
|
|
- selinux
|
|
|
|
- name: Install our custom selinux policy for cgit
|
|
command: semodule -i /usr/local/share/selinux/git_script_t.pp
|
|
when: cgit_selinux_module is changed
|
|
tags:
|
|
- selinux
|
|
|
|
- name: Create CGIT config file if it does not exist (takes almost an hour)
|
|
command: /usr/bin/copr-dist-git-refresh-cgit creates=/var/cache/cgit/repo-configuration.rc
|
|
|
|
- name: Ensure that .config directory exists
|
|
ansible.builtin.file: path=/home/copr-dist-git/.config state=directory
|
|
|
|
- name: Install .config/copr for copr-dist-git user (required for pruning)
|
|
template: src="copr.conf" dest="/home/copr-dist-git/.config/copr" owner=copr-dist-git group=copr-dist-git
|
|
|
|
- name: Install the helper cron scripts
|
|
copy:
|
|
src: "{{ item }}"
|
|
dest: "/usr/local/bin/{{ item }}"
|
|
mode: '0755'
|
|
tags:
|
|
- config
|
|
- cron
|
|
loop:
|
|
- test-too-soon
|
|
|
|
- name: Install copr-dist-git.daily cron file
|
|
copy: src="copr-dist-git.daily" dest="/etc/cron.daily/copr-dist-git" mode=755
|
|
tags:
|
|
- config
|
|
- cron
|
|
|
|
- name: Install copr-dist-git.weekly cron file
|
|
copy: src="copr-dist-git.weekly" dest="/etc/cron.weekly/copr-dist-git" mode=755
|
|
tags:
|
|
- config
|
|
- cron
|
|
|
|
- name: Drop monthly cron job
|
|
ansible.builtin.file:
|
|
path: /etc/cron.monthly/copr-dist-git
|
|
state: absent
|
|
tags:
|
|
- config
|
|
- cron
|
|
|
|
- name: Install /etc/gitconfig file
|
|
copy: src="gitconfig" dest="/etc/gitconfig"
|