Infrastructure/ansible
5
0
Fork 0
Code Issues Pull requests 3 Projects Releases Packages Wiki Activity Actions
ansible/roles/fedmsg/base/tasks/main.yml
Kevin Fenzi e3e2cb1d93 odcs: retire service ( infra 12192 ) 
Time to retire ODCS. ELN is moved off and that was the last thing using
it. Thanks for all the service ODCS!

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2024-09-24 18:21:51 +00:00

301 lines
7.6 KiB
YAML
Raw Blame History

---
# tasklist for setting up fedmsg
# This is the base set of files needed for fedmsg
- name: install needed packages
package:
state: present
name:
- libsemanage-python
- python-psutil
tags:
- packages
- fedmsg/base
when: ansible_distribution_major_version|int < 8
- name: install python2 fedmsg package
package: name=fedmsg state=present
when: "'python34_fedmsg' not in group_names and ansible_distribution_major_version|int < 22"
tags: fedmsg/base
- name: install python2 fedmsg package
dnf: pkg=fedmsg state=present
when: "'python34_fedmsg' not in group_names and ansible_distribution_major_version|int > 21"
tags: fedmsg/base
- name: install the python34 fedmsg package (yum)
package: name=python34-fedmsg-core state=present
when: "'python34_fedmsg' in group_names and ansible_distribution_major_version|int < 22"
tags: fedmsg/base
- name: install the python3 fedmsg package (dnf)
dnf: pkg=python3-fedmsg state=present
when: "'python34_fedmsg' in group_names and ansible_distribution_major_version|int > 21"
tags: fedmsg/base
- name: install needed packages
dnf:
name: ['libsemanage-python', 'python-psutil']
state: present
tags:
- packages
- fedmsg/base
when: ansible_distribution_major_version|int < 31 and ansible_distribution == 'Fedora'
- name: setup /etc/fedmsg.d directory
file: path=/etc/fedmsg.d owner=root group=root mode=0755 state=directory
tags:
- config
- fedmsg/base
- name: remove any old static endpoints files
file: dest="/etc/fedmsg.d/{{item}}" state=absent
with_items:
- endpoints-bodhi.py
- endpoints-elections.py
- endpoints-external-composer.py
- endpoints-github2fedmsg.py
- endpoints-kerneltest.py
- pkgdb.py
tags:
- config
- fedmsgdconfig
- fedmsg/base
# Any files that change need to restart any services that depend on them. A
# trick here is that some hosts have an httpd that uses fedmsg, while others do
# not. Some hosts have a fedmsg-hub that uses this config, while others do not.
# Our handlers in handlers/restart_services.yml are smart enough to
# *conditionally* restart these services, only if they are installed on the
# system.
- name: setup basic /etc/fedmsg.d/ contents for internal hosts
template: >
src="{{ item }}.j2"
dest="/etc/fedmsg.d/{{ item }}"
owner=root
group=root
mode=0644
with_items:
- ssl.py
- endpoints.py
- endpoints-anitya.py
- endpoints-fedbadges.py
- endpoints-hotness.py
- endpoints-mailman.py
- endpoints-fedimg.py
- endpoints-bugzilla2fedmsg.py
- relay.py
- logging.py
- base.py
when: "'persistent_cloud' not in group_names"
tags:
- config
- fedmsgdconfig
- fedmsg/base
notify:
- reload httpd
- restart fedmsg-gateway
- restart fedmsg-hub
- restart fedmsg-irc
- restart fedmsg-relay
- name: dynamically generate policy from group/host vars.
template: >
src="{{ item }}.j2"
dest="/etc/fedmsg.d/{{ item }}"
owner=root
group=root
mode=0644
with_items:
- policy.py
when: "'persistent_cloud' not in group_names"
tags:
- config
- fedmsgdconfig
- fedmsgdpolicy
- fedmsg/base
notify:
- reload httpd
- restart fedmsg-gateway
- restart fedmsg-hub
- restart fedmsg-irc
- restart fedmsg-relay
- name: setup basic /etc/fedmsg.d/ contents for firewalled/external hosts
template: >
src="{{ item }}.j2"
dest="/etc/fedmsg.d/{{ item }}"
owner=root
group=root
mode=0644
with_items:
- ssl.py
- relay.py
- logging.py
- base.py
when: "'persistent_cloud' in group_names"
tags:
- config
- fedmsgdconfig
- fedmsg/base
notify:
- reload httpd
- restart fedmsg-gateway
- restart fedmsg-hub
- restart fedmsg-irc
- restart fedmsg-relay
- name: install fedmsg-relay in case we're in debug mode.
package: name=fedmsg-relay state=present
when: fedmsg_debug_loopback == true and ansible_distribution_major_version|int < 22
tags:
- fedmsg_loopback
- fedmsg/base
notify:
- reload httpd
- restart fedmsg-gateway
- restart fedmsg-hub
- restart fedmsg-irc
- restart fedmsg-relay
- name: install fedmsg-relay in case we're in debug mode.
dnf: name=fedmsg-relay state=present
when: fedmsg_debug_loopback == true and ansible_distribution_major_version|int > 21
tags:
- fedmsg_loopback
- fedmsg/base
notify:
- reload httpd
- restart fedmsg-gateway
- restart fedmsg-hub
- restart fedmsg-irc
- restart fedmsg-relay
- name: destroy standard config to make way for debug loopback.
file: dest=/etc/fedmsg.d/{{item}} state=absent
with_items:
- relay.py
- policy.py
when: fedmsg_debug_loopback == true
tags:
- fedmsg_loopback
- fedmsg/base
notify:
- reload httpd
- restart fedmsg-gateway
- restart fedmsg-hub
- restart fedmsg-irc
- restart fedmsg-relay
- name: overwrite standard config with local fedmsg debugging loopback
copy: src=relay-debug-loopback.py dest=/etc/fedmsg.d/relay.py
when: fedmsg_debug_loopback == true
tags:
- fedmsg_loopback
- fedmsg/base
notify:
- reload httpd
- restart fedmsg-gateway
- restart fedmsg-hub
- restart fedmsg-irc
- restart fedmsg-relay
- name: start fedmsg-relay, only for loopback testing
service: name=fedmsg-relay state=started
when: fedmsg_debug_loopback == true
tags:
- fedmsg_loopback
- fedmsg/base
- name: setup /etc/pki/fedmsg directory
file: path=/etc/pki/fedmsg owner=root group=root mode=0755 state=directory
tags:
- config
- fedmsg/base
- name: install fedmsg ca.cert
copy: >
src="{{ private }}/files/fedmsg-certs/keys/ca.crt"
dest=/etc/pki/fedmsg/ca.crt
owner=root
group=root
mode=0644
tags:
- config
- fedmsg/base
- name: fedmsg certs
copy: >
src="{{ private }}/files/fedmsg-certs/keys/{{item['service']}}-{{fedmsg_fqdn | default(inventory_hostname)}}.crt"
dest=/etc/pki/fedmsg/
mode=644
owner={{item['owner']}}
group={{item['group']}}
with_items:
- "{{ fedmsg_certs }}"
when: fedmsg_certs != []
tags:
- config
- fedmsg/base
- name: fedmsg keys
copy: >
src="{{ private }}/files/fedmsg-certs/keys/{{item['service']}}-{{fedmsg_fqdn | default(inventory_hostname)}}.key"
dest=/etc/pki/fedmsg/
mode=0640
owner={{item['owner']}}
group={{item['group']}}
with_items:
- "{{ fedmsg_certs }}"
when: fedmsg_certs != []
tags:
- config
- fedmsg/base
# Three tasks for handling our custom selinux module
- name: ensure a directory exists for our custom selinux module
file: dest=/usr/local/share/fedmsg state=directory
tags:
- fedmsg/base
- name: copy over our custom selinux module
copy: src=selinux/fedmsg.pp dest=/usr/local/share/fedmsg/fedmsg.pp
register: selinux_module
tags:
- fedmsg/base
- name: install our custom selinux module
command: semodule -i /usr/local/share/fedmsg/fedmsg.pp
when: selinux_module is changed
tags:
- fedmsg/base
# Also, label the ports that we commonly use for fedmsg under mod_wsgi
# to be http_port_t so selinux lets apache bind there.
- name: check semanage ports
command: semanage port -l
register: semanageoutput
check_mode: no
changed_when: "1 != 1"
tags:
- fedmsg/base
- name: set ports so httpd can bind to fedmsg endpoints
command: semanage port -a -t http_port_t -p tcp 3000-3100
when: semanageoutput.stdout.find("3000-3100") == -1
tags:
- fedmsg/base
- name: Check if the nrpe user exists
shell: /usr/bin/getent passwd nrpe | /usr/bin/wc -l | tr -d ' '
register: nrpe_exists
check_mode: no
changed_when: "1 != 1"
tags:
- fedmsg/base
- name: Add nrpe user to the fedmsg group if it exists
user: name=nrpe groups=fedmsg append=yes
when: nrpe_exists.stdout == "1"
tags:
- fedmsg/base
Reference in a new issue View git blame Copy permalink