44 lines
1.6 KiB
YAML
44 lines
1.6 KiB
YAML
# this was designed to be used in dev where there is no global proxy
|
|
# this way, we can get away with a single ip and ssl cert instead of
|
|
# one for taskotron and one for resultsdb. The url scheme also stays
|
|
# closer to stg/prod
|
|
---
|
|
- name: start httpd (provided in the apache role)
|
|
service: name=httpd state=started
|
|
|
|
- name: ensure packages required for proxying are installed (yum)
|
|
package:
|
|
state: present
|
|
name:
|
|
- libsemanage-python
|
|
when: ansible_distribution_major_version|int <= 7 and ansible_distribution is 'RedHat'
|
|
|
|
- name: ensure packages required for proxying are installed (dnf)
|
|
dnf: name={{ item }} state=present
|
|
with_items:
|
|
- libsemanage-python
|
|
when: ansible_distribution_major_version|int >= 29 and ansible_distribution is 'Fedora' and ansible_cmdline.ostree is not defined
|
|
|
|
- name: ensure packages required for proxying are installed (dnf)
|
|
dnf: name={{ item }} state=present
|
|
with_items:
|
|
- libsemanage-python
|
|
when: ansible_distribution_major_version|int > 7 and ansible_distribution is 'RedHat' and ansible_cmdline.ostree is not defined
|
|
|
|
- name: allow httpd tcp connections with selinux
|
|
seboolean: name=httpd_can_network_connect state=true persistent=yes
|
|
|
|
- name: copy resultsdb proxy httpd config
|
|
template: src=resultsdb.conf.j2 dest=/etc/httpd/conf.d/resultsdb.conf owner=root group=root
|
|
notify:
|
|
- reload httpd
|
|
|
|
- name: copy execdb proxy httpd config
|
|
template: src=execdb.conf.j2 dest=/etc/httpd/conf.d/execdb.conf owner=root group=root
|
|
notify:
|
|
- reload httpd
|
|
|
|
- name: copy vault proxy httpd config
|
|
template: src=vault.conf.j2 dest=/etc/httpd/conf.d/vault.conf owner=root group=root
|
|
notify:
|
|
- reload httpd
|