37 lines
1.3 KiB
YAML
37 lines
1.3 KiB
YAML
# this was designed to be used in dev where there is no global proxy
|
|
# this way, we can get away with a single ip and ssl cert instead of
|
|
# one for taskotron and one for resultsdb. The url scheme also stays
|
|
# closer to stg/prod
|
|
---
|
|
- name: start httpd (provided in the apache role)
|
|
service: name=httpd state=started
|
|
|
|
- name: ensure packages required for proxying are installed (yum)
|
|
package: name={{ item }} state=present
|
|
with_items:
|
|
- libsemanage-python
|
|
when: ansible_distribution_major_version|int < 22
|
|
|
|
- name: ensure packages required for proxying are installed (dnf)
|
|
dnf: name={{ item }} state=present
|
|
with_items:
|
|
- libsemanage-python
|
|
when: ansible_distribution_major_version|int > 21 and ansible_cmdline.ostree is not defined
|
|
|
|
- name: allow httpd tcp connections with selinux
|
|
seboolean: name=httpd_can_network_connect state=true persistent=yes
|
|
|
|
- name: copy resultsdb proxy httpd config
|
|
template: src=resultsdb.conf.j2 dest=/etc/httpd/conf.d/resultsdb.conf owner=root group=root
|
|
notify:
|
|
- reload httpd
|
|
|
|
- name: copy execdb proxy httpd config
|
|
template: src=execdb.conf.j2 dest=/etc/httpd/conf.d/execdb.conf owner=root group=root
|
|
notify:
|
|
- reload httpd
|
|
|
|
- name: copy vault proxy httpd config
|
|
template: src=vault.conf.j2 dest=/etc/httpd/conf.d/vault.conf owner=root group=root
|
|
notify:
|
|
- reload httpd
|