ansible/roles/bodhi2/base/tasks/main.yml

---
# tasklist for setting up bodhi
# This is the base set of files needed for bodhi

- name: install needed packages
  package: name={{ item }} state=present
  with_items:
  - bodhi-docs
  - bodhi-server
  - libsemanage-python
  - python-psycopg2
  tags:
  - packages
  - bodhi

- name: setup /etc/bodhi/ directory
  file: path=/etc/bodhi owner=root group=root mode=0755 state=directory
  tags:
  - config
  - bodhi

- name: setup basic /etc/bodhi/ contents (staging)
  template: >
    src="staging.ini.j2"
    dest="/etc/bodhi/production.ini"
    owner=bodhi
    group=bodhi
    mode=0600
  when: inventory_hostname.startswith('bodhi0') and env == 'staging'
  notify:
  - reload bodhi httpd
  tags:
  - config
  - bodhi

- name: Configure alembic
  template:
    src: alembic.ini
    dest: /etc/bodhi/alembic.ini
    owner: bodhi
    group: root
  tags:
  - config
  - bodhi

- name: setup basic /etc/bodhi/ contents (production)
  template: >
    src="production.ini.j2"
    dest="/etc/bodhi/production.ini"
    owner=bodhi
    group=bodhi
    mode=0600
  when: inventory_hostname.startswith('bodhi0') and env == 'production'
  notify:
  - reload bodhi httpd
  tags:
  - config
  - bodhi

- name: Copy some fedmsg configuration of our own for fedmsg-hub
  template: >
      src={{item}}
      dest=/etc/fedmsg.d/{{item}}
      owner=root
      group=root
      mode=0644
  with_items:
  - bodhi-logging.py
  - bodhi-threading.py
  - bodhi.py
  - masher.py
  - updates_handler.py
  - signed_handler.py
  notify:
  - restart fedmsg-hub
  tags:
  - config
  - bodhi

- name: setup basic /etc/httpd/conf.d/ bodhi contents
  template: >
    src="bodhi-app.conf"
    dest="/etc/httpd/conf.d/bodhi.conf"
    owner=root
    group=root
    mode=0644
  when: inventory_hostname.startswith('bodhi0')
  notify:
  - reload bodhi httpd
  tags:
  - config
  - bodhi

- name: setup /etc/pki/bodhi directory
  file: path=/etc/pki/bodhi owner=root group=root mode=0755 state=directory
  tags:
  - config
  - bodhi

- name: setup /var/cache/bodhi directory
  file: dest=/var/cache/bodhi mode=0755 state=directory
  tags:
  - config
  - bodhi

- name: Create ccache directory
  file: dest=/var/run/bodhi.ccache mode=0700 state=directory
        owner=apache group=apache
  tags:
  - config
  - bodhi

#- name: setup /var/log/bodhi directory
#  file: path=/var/log/bodhi owner=bodhi group=bodhi mode=0755 state=directory
#  when: inventory_hostname.startswith('bodhi0')
#  tags:
#  - config
#  - bodhi

#- name: check the selinux context of the bugzilla cookie
#  command: matchpathcon /var/tmp/bodhi-bz.cookie
#  register: cookiecontext
#  check_mode: no
#  changed_when: "1 != 1"
#  tags:
#  - config
#  - bodhi
#  - selinux
#
#- name: set the SELinux policy for the bugzilla cookie
#  command: semanage fcontext -a -t httpd_tmp_t "/var/tmp/bodhi-bz.cookie"
#  when: cookiecontext.stdout.find('httpd_tmp_t') == -1
#  tags:
#  - config
#  - bodhi
#  - selinux

- name: enable httpd_tmp_exec SELinux boolean
  seboolean: name=httpd_tmp_exec state=yes persistent=yes
  tags:
  - config
  - bodhi
  - selinux

- name: enable httpd_can_network_connect_db SELinux boolean
  seboolean: name=httpd_can_network_connect_db state=yes persistent=yes
  tags:
  - config
  - bodhi
  - selinux

- name: enable httpd_can_network_connect SELinux boolean
  seboolean: name=httpd_can_network_connect state=yes persistent=yes
  tags:
  - config
  - bodhi
  - selinux

- name: enable httpd_execmem SELinux boolean
  seboolean: name=httpd_execmem state=yes persistent=yes
  tags:
  - config
  - bodhi
  - selinux

- name: check the selinux context of bodhi's homedir
  command: matchpathcon /usr/share/bodhi/.fedora
  register: homedir
  check_mode: no
  changed_when: "1 != 1"
  tags:
  - config
  - bodhi
  - selinux

- name: /usr/share/bodhi/.fedora file contexts
  command: semanage fcontext -a -t httpd_sys_rw_content_t "/usr/share/bodhi/.fedora"
  when: homedir.stdout.find('httpd_sys_content_t') == -1
  tags:
  - config
  - bodhi
  - selinux