ansible/tasks/sign_setup.yml

---

- name: put builder-repo on system
  copy: src="{{ files }}/sign/{{ item }}" dest="/etc/yum.repos.d/{{ item }}"
  with_items:
  - builder-rpms.repo
  when: is_rhel is defined
  tags:
  - config
  - packages

- name: install sigul
  yum: state=present name={{ item }}
  with_items:
  - sigul
  - gnupg1
  - rpm-sign
  - bzip2
  tags:
  - packages

- name: setup /etc/sigul/bridge.conf file
  template: src="{{ files }}/sign/bridge.conf.j2" dest=/etc/sigul/bridge.conf owner=root group=sigul mode=640
  tags:
  - config
  when: inventory_hostname.startswith('sign')

- name: setup /etc/sigul/server.conf file
  copy: src="{{ files }}/sign/server.conf.primary" dest=/etc/sigul/server.conf owner=root group=sigul mode=640
  when: inventory_hostname.startswith('sign')

- name: setup secondary /etc/sigul/bridge.conf file
  template: src="{{ files }}/sign/bridge.conf.secondary.j2" dest=/etc/sigul/bridge.conf owner=root group=sigul mode=640
  tags:
  - config
  when: inventory_hostname.startswith('secondary')

- name: Install secondary arch koji configs
  template: src="{{ files }}/sign/bridge.conf.secondary.j2" dest=/etc/sigul/bridge.conf owner=root group=sigul mode=640
  tags:
  - config
  when: inventory_hostname.startswith('secondary')

- name: setup secondary koji config files
  copy: src="{{ files }}/sign/{{ item }}" dest=/etc/{{ item }} owner=root group=root mode=644
  with_items:
  - koji-arm.conf
  - koji-ppc.conf
  - koji-s390.conf
  when: inventory_hostname.startswith('secondary')

- name: setup gpg link
  file: state=link src=/usr/bin/gpg1 dest=/usr/bin/gpg