Ryan Lerch
62952df107
Replaces many references to file: with ansible.builtin.file Signed-off-by: Ryan Lerch <rlerch@redhat.com>
240 lines
6.3 KiB
YAML
240 lines
6.3 KiB
YAML
---
|
|
- import_tasks: "mount_fs.yml"
|
|
|
|
- name: Register security context for pgsql directory
|
|
command: "ls -dZ /var/lib/pgsql"
|
|
register: pgsql_ls
|
|
changed_when: false # `ls' command is not changing anything
|
|
|
|
- name: Update selinux context for postgress db dir if it's wrong
|
|
command: "restorecon -vvRF /var/lib/pgsql"
|
|
when: pgsql_ls.stdout is defined and 'postgresql_db_t' not in pgsql_ls.stdout
|
|
|
|
- name: Install weekly custom copr-frontend-crontab
|
|
copy: src=cron.weekly/copr-frontend-optional dest=/etc/cron.weekly/
|
|
mode=0755
|
|
tags: [cron_tasks]
|
|
|
|
- name: Install daily custom copr-frontend-crontab
|
|
copy: src=cron.daily/copr-frontend-optional dest=/etc/cron.daily/
|
|
mode=0755
|
|
tags: [cron_tasks]
|
|
|
|
- name: Install hourly custom copr-frontend-crontab
|
|
copy: src=cron.hourly/copr-frontend-optional dest=/etc/cron.hourly/
|
|
mode=0755
|
|
tags: [cron_tasks]
|
|
|
|
- name: Install copr-frontend and copr-selinux
|
|
dnf:
|
|
state: present
|
|
name:
|
|
- copr-frontend
|
|
- copr-selinux
|
|
tags:
|
|
- packages
|
|
|
|
- name: Configure cron job for generating prometheus metrics hourly
|
|
cron:
|
|
name: "generating prometheus metrics"
|
|
user: root
|
|
minute: "*/5"
|
|
job: "/usr/bin/python3 /usr/bin/copr-frontend-prometheus-monitoring.py"
|
|
tags:
|
|
- cron_tasks
|
|
|
|
- name: Deploy the prometheus monitoring script
|
|
copy:
|
|
src: copr-frontend-prometheus-monitoring.py
|
|
dest: /usr/bin/copr-frontend-prometheus-monitoring.py
|
|
mode: "0750"
|
|
owner: root
|
|
group: root
|
|
tags:
|
|
- cron_tasks
|
|
|
|
# we install python-alembic because https://bugzilla.redhat.com/show_bug.cgi?id=1536058
|
|
- name: Install additional pkgs for copr-frontend
|
|
dnf:
|
|
state: present
|
|
pkg:
|
|
- "bash-completion"
|
|
- "mod_ssl"
|
|
- redis
|
|
- pxz
|
|
- python3-alembic
|
|
- mod_auth_gssapi
|
|
- nagios-plugins-http
|
|
- python3-prometheus_client
|
|
- python3-beautifulsoup4
|
|
tags:
|
|
- packages
|
|
|
|
# - name: Patch for issue XXX
|
|
# patch: src=patches/xxx.patch
|
|
# dest=/the/patched/file.py
|
|
# tags: patches
|
|
|
|
- name: Directory for postgresql dumps
|
|
ansible.builtin.file: state=directory path=/var/www/html/db_dumps/
|
|
owner=copr-fe mode=755
|
|
|
|
- name: Directory for usage graphs
|
|
ansible.builtin.file: state=directory path=/var/www/html/usage/
|
|
owner=copr-fe mode=755
|
|
|
|
- name: Install copr configs
|
|
template: src="copr.conf" dest=/etc/copr/copr.conf mode=600
|
|
notify:
|
|
- reload httpd
|
|
- restart copr-fe-fedora-messaging-reader
|
|
tags:
|
|
- config
|
|
- copr_infrastructure_password
|
|
|
|
- name: Install config for 'copr-frontend chroots-template'
|
|
copy: src="chroots.conf" dest=/etc/copr/chroots.conf mode=600
|
|
owner=copr-fe group=copr-fe
|
|
register: chroots_conf_installed
|
|
tags:
|
|
- config
|
|
- chroots_config
|
|
|
|
- import_tasks: "psql_setup.yml"
|
|
|
|
- name: Upgrade db to head
|
|
command: alembic-3 upgrade head
|
|
become: yes
|
|
become_user: copr-fe
|
|
args:
|
|
chdir: /usr/share/copr/coprs_frontend/
|
|
register: alembic_result
|
|
changed_when: alembic_result.stdout is search("Running upgrade")
|
|
|
|
- name: Apply the config comments
|
|
command: copr-frontend chroots-template
|
|
become: yes
|
|
become_user: copr-fe
|
|
args:
|
|
chdir: /usr/share/copr/coprs_frontend/
|
|
when: chroots_conf_installed.changed
|
|
tags:
|
|
- config
|
|
- chroots_config
|
|
|
|
- name: Enable and start redis # TODO: .service in copr-backend should depend on redis
|
|
service: name=redis enabled=yes state=started
|
|
when: not services_disabled|bool
|
|
|
|
# This was state=yes for https://bugzilla.redhat.com/show_bug.cgi?id=1535689 for
|
|
# some time, and since requests were fixed we want it the other way around
|
|
# again.
|
|
- name: Dis-alllow execmem for Apache
|
|
seboolean:
|
|
name: httpd_execmem
|
|
state: no
|
|
persistent: yes
|
|
|
|
- name: Install letsencrypt ssl certificates for dev
|
|
include_role: name=copr/certbot
|
|
tags:
|
|
- config
|
|
- certbot
|
|
|
|
- import_tasks: "httpd.yml"
|
|
|
|
- name: Enable services
|
|
service: state=started enabled=yes name={{ item }}
|
|
with_items:
|
|
- httpd
|
|
- crond
|
|
when: not services_disabled|bool
|
|
|
|
- name: Set dev banner for dev instance
|
|
when: devel|bool
|
|
copy: src=banner-include.html dest=/var/lib/copr/
|
|
|
|
- name: Disallow robots on dev instance
|
|
when: devel|bool
|
|
copy: src=robots.txt dest=/var/www/html/
|
|
|
|
|
|
- name: Register whether indexes rebuild is required
|
|
command: copr-frontend update_indexes_required
|
|
become: yes
|
|
become_user: copr-fe
|
|
register: update_indexes_required_result
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: Rebuild indexes
|
|
command: ./manage.py update_indexes
|
|
become: yes
|
|
become_user: copr-fe
|
|
args:
|
|
chdir: /usr/share/copr/coprs_frontend/
|
|
when: update_indexes_required_result.rc != 0
|
|
|
|
- name: Make sure /etc/fedora-messaging directory exists
|
|
ansible.builtin.file: path=/etc/fedora-messaging state=directory
|
|
|
|
- name: Install fedora messaging config for Copr
|
|
template: src="fedora-messaging/copr_messaging.toml" dest="/etc/fedora-messaging/copr_messaging.toml"
|
|
notify:
|
|
- restart copr-fe-fedora-messaging-reader
|
|
tags:
|
|
- config
|
|
|
|
- name: Detect copr-frontend version
|
|
package_facts: manager=auto
|
|
|
|
- name: Install custom systemd service files
|
|
copy: src=systemd dest=/etc
|
|
notify:
|
|
- reload httpd
|
|
|
|
- name: Compress rotated httpd logs
|
|
copy: src="httpd.logrotate" dest="/etc/logrotate.d/httpd"
|
|
tags: [logrotate_tasks]
|
|
|
|
- name: Start logrotate service
|
|
service: name=logrotate.timer state=started enabled=yes
|
|
when: not services_disabled|bool
|
|
|
|
- name: Start fm-consumer service
|
|
service: state=started enabled=yes name="fm-consumer@copr_messaging"
|
|
when:
|
|
- not services_disabled|bool
|
|
|
|
- name: Install bash_profile file to ease some admin tasks
|
|
copy:
|
|
content: |
|
|
export PGUSER=copr-fe
|
|
export PGDATABASE=coprdb
|
|
dest: "{{ copr_fe_homedir }}/.bash_profile"
|
|
|
|
- name: Configure options in node exporter
|
|
lineinfile:
|
|
path: /etc/default/prometheus-node-exporter
|
|
regexp: '^ARGS='
|
|
line: 'ARGS=--collector.textfile.directory="/var/lib/prometheus/node-exporter" --collector.systemd'
|
|
backrefs: yes
|
|
notify: restart node_exporter
|
|
|
|
- name: Install nrpe
|
|
dnf: name=nrpe state=present
|
|
|
|
- name: Install the check script
|
|
template:
|
|
dest: "/usr/bin/copr-cdn-check.py"
|
|
src: "copr-cdn-check.py.j2"
|
|
group: "nagios"
|
|
mode: "0750"
|
|
vars:
|
|
api_key: "{{ copr_uptimerobot_api_key_ro | default('not-configured') }}"
|
|
tags: copr_cdn
|
|
|
|
- name: Install gai.conf
|
|
copy: src=gai.conf dest=/etc
|
|
notify:
|
|
- reload httpd
|