2015-11-17 15:47:33 +00:00
|
|
|
---
|
|
|
|
|
# Configuration for the fedora-packages webapp
|
|
|
|
|
|
2017-12-22 18:48:37 +00:00
|
|
|
- name: Set require selinux booleans
|
|
|
|
|
seboolean: name={{item}} persistent=yes state=yes
|
|
|
|
|
with_items:
|
|
|
|
|
- httpd_use_nfs
|
|
|
|
|
- httpd_execmem
|
|
|
|
|
tags:
|
|
|
|
|
- packages
|
|
|
|
|
- packages/web
|
|
|
|
|
- selinux
|
|
|
|
|
|
2015-11-17 15:47:33 +00:00
|
|
|
- name: install needed packages
|
2017-10-09 00:38:19 +02:00
|
|
|
package: name={{ item }} state=present
|
2015-11-17 15:47:33 +00:00
|
|
|
with_items:
|
|
|
|
|
- fedora-packages
|
|
|
|
|
- python-psycopg2
|
|
|
|
|
- python-memcached
|
|
|
|
|
tags:
|
|
|
|
|
- packages
|
|
|
|
|
- packages/web
|
|
|
|
|
|
2017-10-10 22:05:32 +00:00
|
|
|
- name: install python-sqlalchemy0.8 only on rhel6
|
|
|
|
|
package: name=python-sqlalchemy0.8 state=present
|
|
|
|
|
tags:
|
|
|
|
|
- packages
|
|
|
|
|
- packages/web
|
|
|
|
|
when: ansible_distribution_major_version|int < 7
|
|
|
|
|
|
2015-11-17 15:47:33 +00:00
|
|
|
- name: Create some directories
|
2015-11-21 01:32:44 +00:00
|
|
|
file:
|
|
|
|
|
path={{ item }}
|
|
|
|
|
state=directory
|
|
|
|
|
owner=apache
|
|
|
|
|
group=fedmsg
|
|
|
|
|
mode=775
|
2015-11-17 15:47:33 +00:00
|
|
|
with_items:
|
|
|
|
|
- /etc/fedoracommunity
|
|
|
|
|
- /var/cache/fedoracommunity # the gluster role usually creates this one
|
2015-11-19 17:10:30 +00:00
|
|
|
- /var/tmp/fedoracommunity
|
2015-11-17 15:47:33 +00:00
|
|
|
- /var/log/fedoracommunity
|
|
|
|
|
tags:
|
|
|
|
|
- packages
|
|
|
|
|
- packages/web
|
|
|
|
|
|
|
|
|
|
- name: Create some more locked down directories
|
|
|
|
|
file: path={{ item }} state=directory owner=apache group=apache mode=700
|
|
|
|
|
with_items:
|
|
|
|
|
- /etc/pki/fedoracommunity
|
|
|
|
|
tags:
|
|
|
|
|
- packages
|
|
|
|
|
- packages/web
|
|
|
|
|
|
|
|
|
|
- name: Copy over the app config
|
|
|
|
|
template: >
|
|
|
|
|
src=packages-app.ini.j2
|
|
|
|
|
dest=/etc/fedoracommunity/production.ini
|
2015-11-18 17:05:05 +00:00
|
|
|
owner=apache group=fedmsg mode=0440
|
2015-11-17 15:47:33 +00:00
|
|
|
notify:
|
|
|
|
|
- reload httpd
|
2015-11-17 16:53:19 +00:00
|
|
|
- restart fedmsg-hub
|
2015-11-17 15:47:33 +00:00
|
|
|
tags:
|
|
|
|
|
- packages
|
|
|
|
|
- packages/web
|
|
|
|
|
|
|
|
|
|
- name: Copy over the httpd config
|
|
|
|
|
copy: >
|
|
|
|
|
src=packages-httpd.conf
|
|
|
|
|
dest=/etc/httpd/conf.d/fedora-packages.conf
|
|
|
|
|
owner=root group=root mode=644
|
|
|
|
|
notify:
|
|
|
|
|
- reload httpd
|
|
|
|
|
tags:
|
|
|
|
|
- packages
|
|
|
|
|
- packages/web
|
|
|
|
|
|
2015-11-17 16:53:19 +00:00
|
|
|
- name: Copy over the fedmsg consumer config
|
|
|
|
|
template: >
|
|
|
|
|
src=fedoracommunity.py
|
|
|
|
|
dest=/etc/fedmsg.d/fedoracommunity.py
|
|
|
|
|
owner=root group=root mode=644
|
2015-11-17 15:47:33 +00:00
|
|
|
notify:
|
2015-11-17 16:53:19 +00:00
|
|
|
- restart fedmsg-hub
|
2015-11-17 15:47:33 +00:00
|
|
|
tags:
|
|
|
|
|
- packages
|
|
|
|
|
- packages/web
|
|
|
|
|
|
|
|
|
|
- name: Copy over certs/public-keys, probably for talking with koji.
|
|
|
|
|
copy: >
|
|
|
|
|
src="{{private}}/files/packages/fedora-ca.cert"
|
|
|
|
|
dest="/etc/pki/fedoracommunity/{{item}}"
|
|
|
|
|
owner=apache
|
|
|
|
|
group=apache
|
|
|
|
|
mode=0644
|
|
|
|
|
with_items:
|
|
|
|
|
- fedora-server-ca.cert
|
|
|
|
|
- fedora-upload-ca.cert
|
|
|
|
|
tags:
|
|
|
|
|
- packages
|
|
|
|
|
- packages/web
|
|
|
|
|
|
|
|
|
|
- name: permanently hotfix the distmappings file
|
|
|
|
|
copy: >
|
|
|
|
|
src=distmappings.py
|
|
|
|
|
dest="{{pythonsitelib}}/fedoracommunity/search/distmappings.py"
|
|
|
|
|
owner=root group=root mode=0644
|
|
|
|
|
notify:
|
|
|
|
|
- reload httpd
|
2015-11-17 16:53:19 +00:00
|
|
|
- restart fedmsg-hub
|
2015-11-17 15:47:33 +00:00
|
|
|
tags:
|
|
|
|
|
- packages
|
|
|
|
|
- packages/web
|
2017-10-10 22:13:51 +00:00
|
|
|
when: ansible_distribution_major_version|int < 7
|
2015-11-17 15:47:33 +00:00
|
|
|
|
|
|
|
|
# Here's the indexer stuff
|
|
|
|
|
- name: Create cache structure
|
|
|
|
|
file: >
|
|
|
|
|
dest="/var/cache/fedoracommunity/{{item}}"
|
|
|
|
|
state=directory
|
|
|
|
|
owner=apache
|
2015-11-30 17:58:16 +00:00
|
|
|
group=fedmsg
|
|
|
|
|
mode=0775
|
2015-11-17 15:47:33 +00:00
|
|
|
with_items:
|
|
|
|
|
- packages
|
|
|
|
|
- rpm_cache
|
|
|
|
|
- git.fedoraproject.org
|
|
|
|
|
- packages/icons
|
|
|
|
|
- packages/xapian
|
|
|
|
|
- packages/xapian/search
|
|
|
|
|
- packages/tmp
|
|
|
|
|
- packages/tmp/icons
|
|
|
|
|
- packages/tmp/search
|
|
|
|
|
- packages/tmp/var
|
|
|
|
|
when: install_packages_indexer
|
|
|
|
|
tags:
|
|
|
|
|
- packages
|
|
|
|
|
- packages/web
|
|
|
|
|
|
|
|
|
|
- name: Copy over the default icon
|
|
|
|
|
copy: >
|
|
|
|
|
src=package_128x128.png
|
|
|
|
|
dest=/var/cache/fedoracommunity/packages/icons/package_128x128.png
|
|
|
|
|
owner=root mode=644 setype=fusefs_t
|
|
|
|
|
when: install_packages_indexer
|
|
|
|
|
tags:
|
|
|
|
|
- packages
|
|
|
|
|
- packages/web
|
|
|
|
|
- icon
|
|
|
|
|
|
2015-11-18 15:53:33 +00:00
|
|
|
- name: hotfix the fedmsg-hub executable to pick up forward compat packages
|
|
|
|
|
copy: src=fedmsg-hub-forward-compat dest=/usr/bin/fedmsg-hub
|
|
|
|
|
tags:
|
|
|
|
|
- packages
|
|
|
|
|
- packages/web
|
|
|
|
|
- hotfix
|
2017-10-10 22:09:31 +00:00
|
|
|
when: ansible_distribution_major_version|int < 7
|
2015-11-18 15:53:33 +00:00
|
|
|
|
2015-11-17 16:53:19 +00:00
|
|
|
# Our fedmsg updater should handle everything, no more need for cron.
|
|
|
|
|
#- name: Copy the indexer cronjobs
|
|
|
|
|
# copy: src="{{item}}" dest="/etc/cron.d/{{item}}"
|
|
|
|
|
# with_items:
|
|
|
|
|
# - cron-sync-package-index
|
|
|
|
|
# when: install_packages_indexer
|
|
|
|
|
# tags:
|
|
|
|
|
# - packages
|
|
|
|
|
# - packages/web
|
2015-11-17 15:47:33 +00:00
|
|
|
|
|
|
|
|
# Lastly, here's some selinux stuff.
|
|
|
|
|
- name: set some selinux booleans
|
|
|
|
|
seboolean: name={{item}} persistent=yes state=yes
|
|
|
|
|
with_items:
|
|
|
|
|
- httpd_tmp_exec
|
|
|
|
|
- httpd_can_network_memcache
|
|
|
|
|
- httpd_can_network_connect
|
|
|
|
|
- httpd_use_fusefs
|
|
|
|
|
tags:
|
|
|
|
|
- packages
|
|
|
|
|
- packages/web
|
|
|
|
|
- selinux
|
2017-10-11 01:31:26 +02:00
|
|
|
|
2018-02-13 20:32:22 +01:00
|
|
|
- name: /var/cache/fedoracommunity/git.fedoraproject.org file contexts
|
|
|
|
|
sefcontext:
|
|
|
|
|
target: '/var/cache/fedoracommunity/git.fedoraproject.org(/.*)?'
|
|
|
|
|
setype: httpd_sys_rw_content_t
|
|
|
|
|
state: present
|
|
|
|
|
|
2017-10-11 01:31:26 +02:00
|
|
|
- name: Build the database the first time. This takes a while
|
2017-12-22 13:00:30 +00:00
|
|
|
command: /usr/bin/fcomm-index-packages --index-db-dest=/var/cache/fedoracommunity/packages/xapian --icons-dest /var/cache/fedoracommunity/packages/icons --mdapi-url=https://apps{{env_suffix}}.fedoraproject.org/mdapi --icons-url=https://dl.fedoraproject.org/pub/alt/screenshots --tagger-url=https://apps{{env_suffix}}.fedoraproject.org/tagger creates=/var/cache/fedoracommunity/packages/xapian/search/termlist.glass
|
2017-10-11 01:31:26 +02:00
|
|
|
tags:
|
|
|
|
|
- packages
|
|
|
|
|
- packages/web
|
|
|
|
|
- selinux
|
2017-10-13 21:21:32 +00:00
|
|
|
when: ansible_distribution_major_version|int > 6
|
