298 lines
6.6 KiB
YAML
298 lines
6.6 KiB
YAML
---
|
|
# Configuration for the pagure webapp
|
|
|
|
- name: install needed packages
|
|
yum: pkg={{ item }} state=present
|
|
with_items:
|
|
- pagure
|
|
- pagure-milters
|
|
- pagure-ev
|
|
- python-psycopg2
|
|
- redis
|
|
- libsemanage-python
|
|
- mod_ssl
|
|
tags:
|
|
- pagure
|
|
- packages
|
|
|
|
- name: Initialize postgres if necessary
|
|
command: /usr/bin/postgresql-setup initdb
|
|
creates=/var/lib/pgsql/data
|
|
notify:
|
|
- restart postgresql
|
|
tags:
|
|
- pagure
|
|
|
|
|
|
# Set-up gitolite
|
|
|
|
- name: install needed packages
|
|
yum: pkg=gitolite3 state=present
|
|
tags:
|
|
- pagure
|
|
- gitolite
|
|
- packages
|
|
|
|
- name: Rename the user gitolite into git
|
|
command: usermod --move-home --login git --home /srv/git/ gitolite3
|
|
creates=/srv/git/
|
|
tags:
|
|
- gitolite
|
|
- pagure
|
|
|
|
- name: Rename the group gitolite into git
|
|
command: groupmod --new-name git gitolite3
|
|
creates=/srv/git/.gitolite/conf
|
|
tags:
|
|
- gitolite
|
|
- pagure
|
|
|
|
- name: create the /srv/git/.gitolite/conf folder
|
|
action: file state=directory
|
|
path=/srv/git/.gitolite/conf
|
|
owner=git group=git mode=0775
|
|
tags:
|
|
- gitolite
|
|
- pagure
|
|
|
|
- name: create the /srv/git/.gitolite/keydir folder
|
|
action: file state=directory
|
|
path=/srv/git/.gitolite/keydir
|
|
owner=git group=git mode=0775
|
|
tags:
|
|
- gitolite
|
|
- pagure
|
|
|
|
- name: create the /srv/git/.gitolite/logs folder
|
|
action: file state=directory
|
|
path=/srv/git/.gitolite/logs
|
|
owner=git group=git mode=0775
|
|
tags:
|
|
- gitolite
|
|
- pagure
|
|
|
|
- name: Adjust owner of /srv/git
|
|
file: name=/srv/git state=directory recurse=yes owner=git group=git
|
|
tags:
|
|
- gitolite
|
|
- pagure
|
|
|
|
- name: Adjust permissions of /srv/git/.gitolite
|
|
file: name=/srv/git/.gitolite state=directory recurse=yes owner=git group=git
|
|
tags:
|
|
- gitolite
|
|
- pagure
|
|
|
|
- name: install our own gitolite configuration
|
|
template: src=gitolite.rc
|
|
dest=/srv/git/.gitolite.rc
|
|
owner=git group=git mode=0755
|
|
tags:
|
|
- gitolite
|
|
- pagure
|
|
|
|
- name: create all the directories where we store the git repos
|
|
action: file state=directory
|
|
path={{ item }}
|
|
owner=git group=git mode=0775
|
|
with_items:
|
|
- /srv/git/repositories/
|
|
- /srv/git/repositories/forks
|
|
- /srv/git/repositories/docs
|
|
- /srv/git/repositories/tickets
|
|
- /srv/git/repositories/requests
|
|
tags:
|
|
- gitolite
|
|
- pagure
|
|
|
|
- name: create the /srv/tmp folder where to clone repos
|
|
action: file state=directory
|
|
path=/srv/tmp
|
|
owner=git group=git mode=0775
|
|
tags:
|
|
- gitolite
|
|
- pagure
|
|
|
|
|
|
# Set-up postfix and the milter for postfix
|
|
|
|
- name: Add the /etc/aliases file
|
|
copy: src=aliases dest=/etc/aliases owner=root mode=644
|
|
tags:
|
|
- config
|
|
- pagure
|
|
- postfix
|
|
notify:
|
|
- restart postfix
|
|
- restart pagure_milter
|
|
|
|
|
|
# Set-up stunnel for the event source server
|
|
|
|
- name: install stunnel service definition
|
|
copy: src=stunnel.service
|
|
dest=/usr/lib/systemd/system/stunnel.service
|
|
owner=root group=root mode=0755
|
|
notify:
|
|
- reload systemd
|
|
- restart stunnel
|
|
tags:
|
|
- pagure
|
|
- stunnel
|
|
|
|
- name: ensure old stunnel init file is gone
|
|
file: dest=/etc/init.d/stunnel/stunnel.init state=absent
|
|
tags:
|
|
- pagure
|
|
- stunnel
|
|
- config
|
|
|
|
- name: install stunnel.conf
|
|
template: src={{ item.file }}
|
|
dest={{ item.dest }}
|
|
owner=root group=root mode=0600
|
|
with_items:
|
|
- { file: stunnel-conf.j2, dest: /etc/stunnel/stunnel.conf }
|
|
notify: restart stunnel
|
|
tags:
|
|
- pagure
|
|
- stunnel
|
|
- config
|
|
|
|
|
|
# Set-up Pagure
|
|
|
|
- name: create the /var/www/releases folder
|
|
action: file state=directory
|
|
path=/var/www/releases
|
|
owner=git group=git mode=0775
|
|
tags:
|
|
- pagure
|
|
- web
|
|
|
|
- name: copy sundry pagure configuration
|
|
template: src={{ item.file }}
|
|
dest={{ item.location }}/{{ item.file }}
|
|
owner=git group=postfix mode=0640
|
|
with_items:
|
|
- { file: pagure.cfg, location: /etc/pagure }
|
|
- { file: alembic.ini, location: /etc/pagure }
|
|
changed_when: "1 != 1"
|
|
tags:
|
|
- config
|
|
- web
|
|
- pagure
|
|
notify:
|
|
- restart apache
|
|
|
|
- name: create the database scheme
|
|
command: /usr/bin/python2 /usr/share/pagure/pagure_createdb.py
|
|
changed_when: "1 != 1"
|
|
environment:
|
|
PAGURE_CONFIG: /etc/pagure/pagure.cfg
|
|
tags:
|
|
- web
|
|
- pagure
|
|
|
|
- name: Install the SSL cert so that we can use https
|
|
copy: >
|
|
src={{ private}}/files/httpd/{{ item }} dest=/etc/pki/tls/certs/{{ item }}
|
|
owner=root group=root mode=0600
|
|
notify: restart stunnel
|
|
with_items:
|
|
- pagure.io.cert
|
|
- pagure.io.key
|
|
- pagure.io.intermediate.cert
|
|
tags:
|
|
- config
|
|
- pagure
|
|
|
|
- name: Install the configuration file to activate https
|
|
copy: >
|
|
src={{ item }} dest=/etc/httpd/conf.d/{{ item }}
|
|
owner=root group=root mode=0644
|
|
with_items:
|
|
- 0_pagure.conf
|
|
tags:
|
|
- files
|
|
- config
|
|
- pagure
|
|
notify:
|
|
- restart apache
|
|
|
|
- name: Install all the configuration files of pagure
|
|
template: src={{ item.file }}
|
|
dest={{ item.location }}/{{ item.file }}
|
|
owner={{ item.user }} group={{ item.group }} mode={{ item.mode }}
|
|
with_items:
|
|
- { file: pagure.conf, location: /etc/httpd/conf.d, user: apache, group: apache, mode: 600 }
|
|
tags:
|
|
- config
|
|
- web
|
|
- pagure
|
|
notify:
|
|
- restart apache
|
|
|
|
- name: Install the wsgi file
|
|
template: src=pagure.wsgi
|
|
dest=/var/www/pagure.wsgi
|
|
owner=git group=git mode=0644
|
|
tags:
|
|
- config
|
|
- web
|
|
- pagure
|
|
notify:
|
|
- restart apache
|
|
|
|
- name: Add default facl so apache can read git repos
|
|
acl: default=yes etype=user entity=apache permissions="rx" name=/srv/git state=present
|
|
register: acl_updates
|
|
tags:
|
|
- pagure
|
|
|
|
- name: Manually fix current default ACLs since Ansible doesnt know recursive acls
|
|
when: acl_updates.changed
|
|
command: /usr/bin/setfacl -Rdm user:apache:rx /srv/git
|
|
tags:
|
|
- pagure
|
|
|
|
- name: Manually fix current ACLs since Ansible doesnt know recursive acls
|
|
when: acl_updates.changed
|
|
command: /usr/bin/setfacl -Rm user:apache:rx /srv/git
|
|
tags:
|
|
- pagure
|
|
|
|
- name: set sebooleans so pagure can talk to the db
|
|
action: seboolean name=httpd_can_network_connect_db
|
|
state=true
|
|
persistent=true
|
|
tags:
|
|
- selinux
|
|
- web
|
|
- pagure
|
|
|
|
- name: set sebooleans so apache can send emails
|
|
action: seboolean name=httpd_can_sendmail
|
|
state=true
|
|
persistent=true
|
|
tags:
|
|
- selinux
|
|
- web
|
|
- pagure
|
|
|
|
|
|
# Ensure all the services are up and running
|
|
|
|
- name: Start and enable httpd, postfix, pagure_milter
|
|
service: name={{ item }} enabled=yes state=started
|
|
with_items:
|
|
- httpd
|
|
- postfix
|
|
- pagure_milter
|
|
- redis
|
|
- pagure_ev
|
|
ignore_errors: true
|
|
tags:
|
|
- pagure
|
|
- service
|
|
- postfix
|