160 lines
4.7 KiB
YAML
160 lines
4.7 KiB
YAML
---
|
|
|
|
# Cant use the ansible dnf module here. It doesnt work without these pacakges.
|
|
# Therefore using command module
|
|
- name: Install python and deps for ansible modules
|
|
command: dnf install --refresh -y python2 python2-dnf libselinux-python
|
|
|
|
|
|
- name: Install stuff
|
|
dnf: name={{ item }} state=latest
|
|
with_items:
|
|
# Those things are explicitly listed in Vagrantfile
|
|
# https://pagure.io/fm-orchestrator/blob/master/f/Vagrantfile
|
|
# Should they be covered by spec file?
|
|
- fedmsg-hub
|
|
- fedmsg-relay
|
|
- fedpkg
|
|
- gcc
|
|
- gcc
|
|
- gcc-c++
|
|
- krb5-workstation
|
|
- libffi-devel
|
|
- openssl-devel
|
|
- python-virtualenv
|
|
- redhat-rpm-config
|
|
- redhat-rpm-config
|
|
- swig
|
|
- systemd-devel
|
|
|
|
# Not covered by Vagrantfile nor .spec file,
|
|
# but it seems to be required
|
|
- python-systemd
|
|
|
|
# Required for copr
|
|
- copr-cli
|
|
- python-copr
|
|
|
|
|
|
- name: Install module-build-service package
|
|
dnf: name=module-build-service state=latest
|
|
|
|
|
|
# Post-install stuff
|
|
|
|
# We don't need following configs because everything required is set in
|
|
# module_build_service.py. It only causes problems with overriding our settings
|
|
- name: Remove redundant fedmsg.d files
|
|
file: path="{{item}}" state=absent
|
|
with_items:
|
|
- /etc/fedmsg.d/endpoints.py
|
|
- /etc/fedmsg.d/relay.py
|
|
- /etc/fedmsg.d/ssl.py
|
|
|
|
|
|
- name: Don't listen to fedora-infra stg hub
|
|
lineinfile:
|
|
dest: /etc/fedmsg.d/module_build_service.py
|
|
regexp: '"tcp://stg.fedoraproject.org:9940"'
|
|
line: '#"tcp://stg.fedoraproject.org:9940"'
|
|
|
|
- name: Listen to fedora-infra hub
|
|
lineinfile:
|
|
dest: /etc/fedmsg.d/module_build_service.py
|
|
regexp: '#"tcp://hub.fedoraproject.org:9940"'
|
|
line: '"tcp://hub.fedoraproject.org:9940"'
|
|
|
|
- name: Listen to copr-be-dev
|
|
lineinfile:
|
|
dest: /etc/fedmsg.d/module_build_service.py
|
|
insertafter:
|
|
line: "{{ item }}"
|
|
with_items:
|
|
- " config['endpoints']['relay_outbound'].append('tcp://{{ copr_backend_ips[0] }}:4001')"
|
|
- " config['relay_inbound'].append('tcp://{{ copr_backend_ips[0] }}:2003')"
|
|
when: env == "staging"
|
|
|
|
|
|
# We want to run fedmsg-hub as 'mbs' user, because we don't want to rpmbuild as 'fedmsg'
|
|
- name: Copy modified fedmsg-hub.service file
|
|
copy: src=fedmsg-hub.service dest=/etc/systemd/system/fedmsg-hub.service
|
|
notify: daemon reload
|
|
|
|
|
|
# Create user and group for mbs
|
|
- name: Create group for mbs-frontend
|
|
group: name=mbs state=present gid=1002
|
|
|
|
- name: Create user for mbs-frontend
|
|
user: name=mbs group=mbs uid=1002
|
|
|
|
|
|
|
|
# The config provided by MBS package is a python file
|
|
# Instead of replacing values by regex in such file, rather rename
|
|
# the original file and then install own configuration file which
|
|
# inherits the original one and then customizes it.
|
|
- name: Stat base_config
|
|
stat: path=/etc/module-build-service/base_config.py
|
|
register: base_config_stat
|
|
|
|
- name: Move config.py to base_config.py
|
|
command: mv /etc/module-build-service/config.py /etc/module-build-service/base_config.py creates=/etc/module-build-service/base_config.py
|
|
|
|
- name: Touch __init__.py file
|
|
copy: dest=/etc/module-build-service/__init__.py force=no content=''
|
|
|
|
- name: Copy production config
|
|
template: src=config.py dest=/etc/module-build-service/config.py
|
|
|
|
- name: Copy config for copr-cli
|
|
template: src=copr.conf dest=/etc/module-build-service/copr.conf
|
|
|
|
|
|
- name: Upgrade database
|
|
command: mbs-upgradedb
|
|
|
|
#- name: Generate cert
|
|
# command: mbs-gencert
|
|
# args:
|
|
# creates: /etc/module-build-service/server.crt
|
|
#
|
|
#- name: generate cacert.pem
|
|
# shell: cat /etc/module-build-service/server.crt /etc/module-build-service/server.key > /etc/module-build-service/cacert.pem
|
|
# args:
|
|
# creates: /etc/module-build-service/cacert.pem
|
|
|
|
- name: Chown /etc/module-build-service to mbs:mbs
|
|
file: path=/etc/module-build-service owner=mbs group=mbs recurse=yes mode=g+w
|
|
|
|
- name: Add copr-fe to mbs group
|
|
user: name=copr-fe groups=mbs append=yes
|
|
|
|
- name: Allow writing into DB file in SELinux
|
|
file: path="{{item}}" setype=httpd_sys_rw_content_t
|
|
with_items:
|
|
- /etc/module-build-service
|
|
- /etc/module-build-service/module_build_service.db
|
|
|
|
# Run module-build-service processes
|
|
- name: Enable fedmsg-relay
|
|
service: name=fedmsg-relay enabled=yes state=started
|
|
|
|
- name: Run fedmsg-hub
|
|
service: name=fedmsg-hub enabled=yes state=started
|
|
|
|
|
|
|
|
# Prepare and run MBS frontend
|
|
- name: Create /opt/module-build-service
|
|
file: path=/opt/module-build-service state=directory
|
|
|
|
- name: Copy mbs.wsgi file
|
|
copy: src=mbs.wsgi dest=/opt/module-build-service/mbs.wsgi
|
|
|
|
- name: Create vhosts directory
|
|
file: path=/etc/httpd/conf/vhosts/mbs state=directory
|
|
|
|
- name: Copy httpd/mbs.conf to vhosts directory
|
|
copy: src=httpd/mbs.conf dest=/etc/httpd/conf/vhosts/mbs/mbs.conf
|
|
notify: reload httpd
|