245 lines
7.3 KiB
YAML
245 lines
7.3 KiB
YAML
---
|
|
# tasklist for setting up Dist Git
|
|
#
|
|
# This is a bit complex, so I'm dividing it into sections.
|
|
|
|
# -- Common ----------------------------------------------
|
|
# This is very basic stuff that is needed by multiple of the next sections.
|
|
- name: install the needed packages
|
|
yum: pkg={{item}} state=present
|
|
with_items:
|
|
- git
|
|
- httpd
|
|
- mod_ssl
|
|
- python-fedmsg-genacls
|
|
|
|
- name: install the httpd config file
|
|
copy: src=pkgs.fedoraproject.org.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org.conf
|
|
notify:
|
|
- restart httpd
|
|
|
|
- name: install the httpd config directory
|
|
file: dest=/etc/httpd/conf.d/pkgs.fedoraproject.org state=directory
|
|
notify:
|
|
- restart httpd
|
|
|
|
- name: install the mod_ssl configuration
|
|
copy: src=ssl.conf dest=/etc/httpd/conf.d/ssl.conf
|
|
notify:
|
|
- restart httpd
|
|
|
|
- name: allow httpd to access the files on NFS
|
|
seboolean: name=httpd_use_nfs state=yes persistent=yes
|
|
|
|
- name: setup our own /etc/fas.conf with the proper fas_client_admin_app and fas_client_restricted_app var
|
|
template: src={{ item }} dest=/etc/fas.conf owner=root mode=600
|
|
with_items:
|
|
- fas.conf.j2
|
|
tags:
|
|
- config
|
|
- fas_client
|
|
notify:
|
|
- run fasclient
|
|
|
|
|
|
|
|
# -- Dist Git --------------------------------------------
|
|
# This is the Git setup itself: group, root directory, scripts,...
|
|
- name: create the distgit root directory (/srv/git)
|
|
file: dest=/srv/git state=directory mode=0755
|
|
|
|
- name: create the distgit root directory (/srv/git/rpms)
|
|
file: dest=/srv/git/rpms state=directory mode=2775 group=packager
|
|
|
|
- name: install the distgit scripts
|
|
copy: src={{item}} dest=/usr/local/bin/{{item}} owner=root group=root mode=0755
|
|
with_items:
|
|
- setup_git_package
|
|
- mkbranch
|
|
- pkgdb2-clone
|
|
|
|
- name: install the Dist Git-related httpd config
|
|
copy: src=git-smart-http.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/git-smart-http.conf
|
|
notify:
|
|
- restart httpd
|
|
|
|
- name: install the pkgdb_sync_git_branches.py scripts
|
|
template: src={{item}} dest=/usr/local/bin/{{item}} owner=root group=root mode=0755
|
|
with_items:
|
|
- pkgdb_sync_git_branches.py
|
|
tags:
|
|
- config
|
|
- distgit
|
|
|
|
- name: pkgdb_sync_git_branches cron job
|
|
copy: src=pkgdb_sync_git_branches.cron
|
|
dest=/etc/cron.d/pkgdb_sync_git_branches
|
|
owner=root mode=644
|
|
tags:
|
|
- config
|
|
- distgit
|
|
|
|
- name: schedule the update hook check
|
|
cron: >
|
|
name="check-update-hooks" cron_file="ansible-check-update-hooks"
|
|
minute=0 hour=0 weekday=3
|
|
user=nobody
|
|
job="MAILTO=root PATH=/usr/bin:/usr/local/bin git check-perms --check=update-hook /src/git/rpms}}"
|
|
|
|
# -- Gitolite --------------------------------------------
|
|
# This is the permission management for package maintainers, using Gitolite.
|
|
- name: mount the lookaside path
|
|
mount: >
|
|
src=vtap-fedora-nfs01.storage.phx2.redhat.com:/vol/fedora_sourcecache
|
|
name=/srv/cache/lookaside
|
|
fstype=nfs
|
|
opts=rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3
|
|
state=mounted
|
|
when: env != "staging"
|
|
|
|
- name: create the /var/log/gitolite directory
|
|
file: path=/var/log/gitolite owner=root group=packager state=directory mode=2775
|
|
|
|
- name: create the gen-acls group
|
|
group: name=gen-acls gid=417 state=present
|
|
|
|
- name: create the gen-acls user
|
|
user: name=gen-acls comment="dummy system account for the gen-acls fedmsg job"
|
|
uid=417 group=gen-acls groups=packager shell=/bin/bash home=/srv/git
|
|
|
|
- name: create the /etc/gitolite/conf directory
|
|
file: path=/etc/gitolite/conf owner=gen-acls group=gen-acls state=directory mode=0755
|
|
|
|
- name: create the /etc/gitolite/logs directory
|
|
file: path=/etc/gitolite/logs owner=gen-acls group=packager
|
|
state=directory mode=0775
|
|
|
|
- name: create the /etc/gitolite/local/VREF directory
|
|
file: path=/etc/gitolite/local/VREF owner=gen-acls group=packager
|
|
state=directory mode=0775
|
|
|
|
- name: create /etc/gitolite/gitolite.rc
|
|
copy: src=gitolite.rc dest=/etc/gitolite/gitolite.rc owner=root group=root mode=0755
|
|
|
|
- name: Create the repositories symlink
|
|
command: ln -s /srv/git/rpms/ /srv/git/repositories
|
|
creates=/srv/git/repositories
|
|
tags:
|
|
- config
|
|
- distgit
|
|
|
|
- name: Create the gitolite.rc symlink
|
|
command: ln -s /etc/gitolite/gitolite.rc /srv/git/.gitolite.rc
|
|
creates=/srv/git/.gitolite.rc
|
|
tags:
|
|
- config
|
|
- distgit
|
|
|
|
- name: Create the gitolite configuration symlink
|
|
command: ln -s /etc/gitolite/ /srv/git/.gitolite
|
|
creates=/srv/git/.gitolite
|
|
tags:
|
|
- config
|
|
- distgit
|
|
|
|
- name: Create the update-block-push-origin symlink
|
|
command: ln -s /usr/share/git-core/update-block-push-origin /etc/gitolite/local/VREF/update-block-push-origin
|
|
creates=/etc/gitolite/local/VREF/update-block-push-origin
|
|
tags:
|
|
- config
|
|
- distgit
|
|
|
|
- name: install the genacls.sh script
|
|
copy: src={{item}} dest=/usr/local/bin/{{item}} mode=0755
|
|
with_items:
|
|
- genacls.sh
|
|
|
|
- name: install the genacls.pkgdb scripts
|
|
template: src={{item}} dest=/usr/local/bin/{{item}}
|
|
owner=root group=root mode=0755
|
|
with_items:
|
|
- genacls.pkgdb
|
|
tags:
|
|
- config
|
|
- distgit
|
|
|
|
- name: Add the genacl daily cron job
|
|
copy: src=genacls.cron dest=/etc/cron.d/genacls.cron
|
|
owner=root mode=644
|
|
tags:
|
|
- config
|
|
- distgit
|
|
|
|
- name: install the fedmsg configuration
|
|
copy: src=fedmsg-genacls-config.py dest=/etc/fedmsg.d/genacls.py owner=root group=root mode=0644
|
|
tags:
|
|
- config
|
|
- distgit
|
|
|
|
- name: Get admin users
|
|
command: "/srv/web/infra/ansible/scripts/users-from-fas @sysadmin-main {{ admin_groups }}"
|
|
register: admin_user_list
|
|
run_once: True
|
|
delegate_to: localhost
|
|
tags:
|
|
- config
|
|
- distgit
|
|
|
|
- name: Save the list the users having a shell access
|
|
template: src=gitolite_admins dest=/etc/gitolite/admins
|
|
owner=gen-acls group=packager mode=660
|
|
tags:
|
|
- config
|
|
- distgit
|
|
|
|
|
|
# -- CGit ------------------------------------------------
|
|
# This is the pretty web view of the repositories, using CGit.
|
|
- name: install the cgitrc file
|
|
copy: src=cgitrc dest=/etc/cgitrc
|
|
|
|
- name: install the CGit-related httpd config
|
|
copy: src=redirect.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/redirect.conf
|
|
notify:
|
|
- restart httpd
|
|
|
|
|
|
# -- Lookaside Cache -------------------------------------
|
|
# This is the annex to Dist Git, where we host source tarballs.
|
|
- name: install the Lookaside Cache httpd configs
|
|
copy: src={{item}} dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/{{item}}
|
|
with_items:
|
|
- lookaside.conf
|
|
- lookaside-upload.conf
|
|
notify:
|
|
- restart httpd
|
|
|
|
- name: create the Lookaside Cache root directory
|
|
file: dest=/srv/cache/lookaside/pkgs state=directory
|
|
|
|
- name: install the fedora-ca.cert
|
|
copy: src={{private}}/files/fedora-ca.cert dest=/etc/httpd/conf/cacert.pem
|
|
|
|
- name: install the pkgs cert
|
|
copy: src={{private}}/files/pkgs.fedoraproject.org_key_and_cert.pem dest=/etc/httpd/conf/pkgs.fedoraproject.org_key_and_cert.pem owner=apache mode=0400
|
|
|
|
- name: install the updatecrl.sh script
|
|
copy: src=updatecrl.sh dest=/usr/local/bin/updatecrl.sh owner=root mode=755
|
|
|
|
- name: run the updatecrl script
|
|
command: /usr/local/bin/updatecrl.sh creates=/etc/pki/tls/crl.pem
|
|
|
|
- name: schedule cron job to run the updatectl script
|
|
cron: >
|
|
name="updatecrl" cron_file="ansible-updatecrl"
|
|
minute=0
|
|
user=root
|
|
job="/usr/local/bin/updatecrl.sh"
|
|
|
|
- name: create /srv/web directory
|
|
file: dest=/srv/web state=directory
|
|
|
|
- name: install the upload CGI script
|
|
copy: src=dist-git-upload.cgi dest=/srv/web/upload.cgi owner=root group=root mode=0755
|
|
notify:
|
|
- restart httpd
|