299 lines
6.7 KiB
YAML
299 lines
6.7 KiB
YAML
---
|
|
# Configuration for the pagure webapp
|
|
|
|
- name: install needed packages
|
|
package: name={{ item }} state=present
|
|
with_items:
|
|
- pagure
|
|
- pagure-ev
|
|
- pagure-logcom
|
|
- pagure-milters
|
|
- pagure-webhook
|
|
- python-psycopg2
|
|
- redis
|
|
- libsemanage-python
|
|
- python-fedora-flask
|
|
- python2-pagure-dist-git
|
|
# For the pagure-sync-bugzilla.py script
|
|
- python-bugzilla
|
|
- python-requests
|
|
- PyYAML
|
|
- python-six
|
|
# - mod_ssl
|
|
# - stunnel
|
|
tags:
|
|
- pagure
|
|
- packages
|
|
|
|
# Set-up stunnel for the event source server
|
|
|
|
#- name: install stunnel service definition
|
|
# copy: src=stunnel.service
|
|
# dest=/usr/lib/systemd/system/stunnel.service
|
|
# owner=root group=root mode=0755
|
|
# notify:
|
|
# - reload systemd
|
|
# - restart stunnel
|
|
# tags:
|
|
# - pagure
|
|
# - stunnel
|
|
|
|
#- name: ensure old stunnel init file is gone
|
|
# file: dest=/etc/init.d/stunnel/stunnel.init state=absent
|
|
# tags:
|
|
# - pagure
|
|
# - stunnel
|
|
# - config
|
|
|
|
#- name: install stunnel.conf
|
|
# template: src={{ item.file }}
|
|
# dest={{ item.dest }}
|
|
# owner=root group=root mode=0600
|
|
# with_items:
|
|
# - { file: stunnel-conf.j2, dest: /etc/stunnel/stunnel.conf }
|
|
# notify: restart stunnel
|
|
# tags:
|
|
# - pagure
|
|
# - stunnel
|
|
# - config
|
|
|
|
|
|
# Set-up Pagure
|
|
|
|
- name: Create a group pagure we can use
|
|
group: name=pagure
|
|
tags:
|
|
- pagure
|
|
|
|
- name: Create an user we can run pagure under
|
|
user: name=pagure group=packager append=yes
|
|
tags:
|
|
- pagure
|
|
|
|
- name: create the /srv/tmp folder where to clone repos
|
|
file: state=directory
|
|
path=/srv/tmp
|
|
owner=pagure group=pagure mode=0775
|
|
tags:
|
|
- pagure
|
|
|
|
- name: copy sundry pagure configuration
|
|
template: src={{ item.file }}
|
|
dest={{ item.location }}/{{ item.file }}
|
|
owner=pagure group=postfix mode=0640
|
|
with_items:
|
|
- { file: pagure.cfg, location: /etc/pagure }
|
|
- { file: alembic.ini, location: /etc/pagure }
|
|
tags:
|
|
- config
|
|
- web
|
|
- pagure
|
|
notify:
|
|
- restart apache
|
|
|
|
- name: pagure configuration for the hooks
|
|
template: src={{ item.file }}
|
|
dest={{ item.location }}/{{ item.file }}
|
|
owner=pagure group=packager mode=0640
|
|
with_items:
|
|
- { file: pagure_hook.cfg, location: /etc/pagure }
|
|
tags:
|
|
- config
|
|
- web
|
|
- pagure
|
|
notify:
|
|
- restart apache
|
|
|
|
- name: create the database scheme
|
|
command: /usr/bin/python2 /usr/share/pagure/pagure_createdb.py
|
|
changed_when: "1 != 1"
|
|
environment:
|
|
PAGURE_CONFIG: /etc/pagure/pagure.cfg
|
|
tags:
|
|
- web
|
|
- pagure
|
|
|
|
- name: create all the directories where we store the git repos
|
|
file: state=directory
|
|
path={{ item }}
|
|
owner=root group=packager mode=2775
|
|
with_items:
|
|
- /srv/git/repositories/
|
|
- /srv/git/repositories/forks
|
|
- /srv/git/repositories/requests
|
|
tags:
|
|
- gitolite
|
|
- pagure
|
|
|
|
- name: create the remotes folder so pagure can clone remote repos
|
|
file: state=directory
|
|
path={{ item }}
|
|
owner=root group=packager mode=2775
|
|
with_items:
|
|
- /srv/git/remotes
|
|
tags:
|
|
- gitolite
|
|
- pagure
|
|
|
|
- name: Install the apache configuration file
|
|
template: src={{ item }} dest=/etc/httpd/conf.d/{{ item }}
|
|
owner=root group=root mode=0644
|
|
with_items:
|
|
- z_pagure.conf
|
|
tags:
|
|
- files
|
|
- config
|
|
- pagure
|
|
notify:
|
|
- restart apache
|
|
|
|
- name: Install the wsgi file
|
|
template: src={{ item }}
|
|
dest=/var/www/{{ item }}
|
|
owner=pagure group=pagure mode=0644
|
|
with_items:
|
|
- pagure.wsgi
|
|
tags:
|
|
- config
|
|
- web
|
|
- pagure
|
|
notify:
|
|
- restart apache
|
|
|
|
- name: Add default facl so apache can read git repos
|
|
acl: default=yes etype=user entity=apache permissions="rx" name=/srv/git state=present
|
|
register: acl_updates
|
|
tags:
|
|
- pagure
|
|
|
|
- name: Manually fix current default ACLs since Ansible doesnt know recursive acls
|
|
when: acl_updates.changed
|
|
command: /usr/bin/setfacl -Rdm user:apache:rx /srv/git
|
|
tags:
|
|
- pagure
|
|
|
|
- name: Manually fix current ACLs since Ansible doesnt know recursive acls
|
|
when: acl_updates.changed
|
|
command: /usr/bin/setfacl -Rm user:apache:rx /srv/git
|
|
tags:
|
|
- pagure
|
|
|
|
- name: Override the default pagure_worker.service file to change the user it is run under
|
|
copy: src={{ item }}.service
|
|
dest=/etc/systemd/system/{{ item }}.service
|
|
owner=root group=root mode=0755
|
|
with_items:
|
|
- pagure_ev
|
|
- pagure_logcom
|
|
- pagure_webhook
|
|
- pagure_worker
|
|
notify:
|
|
- reload systemd
|
|
tags:
|
|
- pagure
|
|
|
|
- name: set sebooleans so pagure can talk to the db
|
|
seboolean: name=httpd_can_network_connect_db
|
|
state=true
|
|
persistent=true
|
|
tags:
|
|
- selinux
|
|
- web
|
|
- pagure
|
|
|
|
- name: set sebooleans so apache can send emails
|
|
seboolean: name=httpd_can_sendmail
|
|
state=true
|
|
persistent=true
|
|
tags:
|
|
- selinux
|
|
- web
|
|
- pagure
|
|
|
|
# HOTFIX: adjust bugzilla overrides
|
|
- name: HOTFIX - adjust bugzilla overrides
|
|
copy: src=fas2.py dest=/usr/lib/python2.7/site-packages/fedora/client/fas2.py
|
|
tags:
|
|
- config
|
|
- pagure
|
|
- fas
|
|
- hotfix
|
|
- hotfixfas
|
|
|
|
- name: generate pagure-sync-bugzilla.py script
|
|
template:
|
|
src: pagure-sync-bugzilla.py.j2
|
|
dest: /usr/local/bin/pagure-sync-bugzilla.py
|
|
owner: root
|
|
group: root
|
|
mode: 0700
|
|
tags:
|
|
- pagure
|
|
- bugzilla
|
|
|
|
- name: Configure cron job for a daily pagure-sync-bugzilla.py script run
|
|
cron:
|
|
name: pagure-sync-bugzilla
|
|
user: root
|
|
minute: 0
|
|
hour: 18
|
|
job: /usr/local/bin/lock-wrapper pagure-sync-bugzilla "/usr/local/bin/pagure-sync-bugzilla.py"
|
|
cron_file: pagure-sync-bugzilla
|
|
state: present
|
|
when: env != 'staging'
|
|
tags:
|
|
- pagure
|
|
- bugzilla
|
|
|
|
# Cron job to export extras information from the pagure DB
|
|
- name: Install the apache configuration file for /extras
|
|
copy: src={{ item }} dest=/etc/httpd/conf.d/{{ item }}
|
|
owner=root group=root mode=0644
|
|
with_items:
|
|
- pagure_cron.conf
|
|
tags:
|
|
- files
|
|
- config
|
|
- pagure
|
|
notify:
|
|
- restart apache
|
|
|
|
- name: create the /srv/cache/extras folder for the crons
|
|
file: state=directory
|
|
path=/srv/cache/extras
|
|
owner=apache group=apache mode=0775
|
|
tags:
|
|
- pagure
|
|
|
|
- name: Configure cron job for a hourly pagure_poc
|
|
cron:
|
|
name: pagure-poc
|
|
user: root
|
|
minute: 0
|
|
job: /usr/bin/python2 /usr/libexec/pagure-dist-git/pagure_poc.py /srv/cache/extras
|
|
cron_file: pagure-poc
|
|
state: present
|
|
tags:
|
|
- pagure
|
|
|
|
# Ensure all the services are up and running
|
|
|
|
- name: Start and enable httpd, postfix, pagure_milter
|
|
service: name={{ item }} state=started
|
|
#enabled=yes
|
|
with_items:
|
|
- httpd
|
|
- postfix
|
|
# - stunnel
|
|
- redis
|
|
- pagure_ev
|
|
- pagure_logcom
|
|
- pagure_milter
|
|
- pagure_webhook
|
|
- pagure_worker
|
|
- fedmsg-relay
|
|
ignore_errors: true
|
|
tags:
|
|
- pagure
|
|
- service
|
|
- postfix
|