274 lines
6.9 KiB
YAML
274 lines
6.9 KiB
YAML
---
|
|
#
|
|
# Install packages needed for fedora people
|
|
#
|
|
- name: install packages needed for fedora people
|
|
yum: name={{ item }} state=present
|
|
with_items:
|
|
- cvs
|
|
- git
|
|
- bzr
|
|
- mercurial
|
|
- lftp
|
|
- quota
|
|
- nano
|
|
- pyliblzma
|
|
- libxml2-python
|
|
- python-jinja2
|
|
- tree # requested in ticket 5148
|
|
- mod_ssl
|
|
tags:
|
|
- packages
|
|
- people
|
|
|
|
- name: install main httpd config
|
|
template: src=people.conf dest=/etc/httpd/conf.d/people.conf
|
|
tags:
|
|
- people
|
|
|
|
- name: install httpd config
|
|
copy: src={{item}} dest=/etc/httpd/conf.d/{{item}}
|
|
with_items:
|
|
- cgit.conf
|
|
- ssl.conf
|
|
- userdir.conf
|
|
tags:
|
|
- people
|
|
|
|
- name: Install haveged for entropy
|
|
yum: name=haveged state=installed
|
|
tags:
|
|
- httpd
|
|
- httpd/proxy
|
|
|
|
- name: Set haveged running/enabled
|
|
service: name=haveged enabled=yes state=started
|
|
tags:
|
|
- service
|
|
- httpd
|
|
- httpd/proxy
|
|
|
|
- name: Empty default welcome.conf
|
|
copy: dest=/etc/httpd/conf.d/welcome.conf content=""
|
|
tags:
|
|
- people
|
|
|
|
- name: start httpd
|
|
service: name="httpd" state=started
|
|
tags:
|
|
- people
|
|
|
|
- name: set selinux booleans needed for people
|
|
seboolean: name={{ item }} state=true persistent=true
|
|
with_items:
|
|
- httpd_enable_homedirs
|
|
- git_cgi_enable_homedirs
|
|
- git_system_enable_homedirs
|
|
- antivirus_can_scan_system
|
|
- httpd_read_user_content
|
|
tags:
|
|
- people
|
|
|
|
- name: check the selinux context of the users home git dirs
|
|
command: matchpathcon "/home/fedora/someone/public_git"
|
|
register: gitcontext
|
|
check_mode: no
|
|
changed_when: false
|
|
tags:
|
|
- config
|
|
- selinux
|
|
|
|
- name: set the SELinux policy for the users home git dirs
|
|
command: semanage fcontext -a -t git_user_content_t "/home/fedora/(.*)/public_git(.*)"
|
|
when: gitcontext.stdout.find('git_user_content_t') == -1
|
|
tags:
|
|
- config
|
|
- selinux
|
|
|
|
- name: check the selinux context of the project dirs
|
|
command: matchpathcon "/project"
|
|
register: gitcontext
|
|
check_mode: no
|
|
changed_when: false
|
|
tags:
|
|
- config
|
|
- selinux
|
|
|
|
- name: set the SELinux policy for the project dirs
|
|
command: semanage fcontext -a -t httpd_sys_content_t "/project(.*)"
|
|
when: gitcontext.stdout.find('httpd_sys_content_t') == -1
|
|
tags:
|
|
- config
|
|
- selinux
|
|
|
|
- name: check the selinux context of the web dir
|
|
command: matchpathcon "/srv/web"
|
|
register: gitcontext
|
|
check_mode: no
|
|
changed_when: false
|
|
tags:
|
|
- config
|
|
- selinux
|
|
|
|
- name: set the SELinux policy for the web dir
|
|
command: semanage fcontext -a -t httpd_sys_content_t "/srv/web(/.*)?"
|
|
when: gitcontext.stdout.find('httpd_sys_content_t') == -1
|
|
tags:
|
|
- config
|
|
- selinux
|
|
|
|
- name: check the selinux context of the people dir
|
|
command: matchpathcon "/srv/people"
|
|
register: gitcontext
|
|
check_mode: no
|
|
changed_when: false
|
|
tags:
|
|
- config
|
|
- selinux
|
|
|
|
- name: set the SELinux policy for the web dir
|
|
command: semanage fcontext -a -t httpd_sys_content_t "/srv/people(/.*)?"
|
|
when: gitcontext.stdout.find('httpd_sys_content_t') == -1
|
|
tags:
|
|
- config
|
|
- selinux
|
|
|
|
- name: check the selinux context of the planet dir
|
|
command: matchpathcon "/srv/planet"
|
|
register: gitcontext
|
|
check_mode: no
|
|
changed_when: false
|
|
tags:
|
|
- config
|
|
- selinux
|
|
|
|
- name: set the SELinux policy for the planet dir
|
|
command: semanage fcontext -a -t httpd_sys_content_t "/srv/planet(/.*)?"
|
|
when: gitcontext.stdout.find('httpd_sys_content_t') == -1
|
|
tags:
|
|
- config
|
|
- selinux
|
|
|
|
# This is a file context alias, to let ansible know that /home and /srv/home
|
|
# are equal as far as contexts are concerned.
|
|
- name: check the selinux context alias of the home dir
|
|
command: matchpathcon "/srv/home"
|
|
register: gitcontext
|
|
check_mode: no
|
|
changed_when: false
|
|
tags:
|
|
- config
|
|
- selinux
|
|
|
|
- name: set the SELinux policy alias for the home dir
|
|
command: semanage fcontext -a -e /home /srv/home
|
|
when: gitcontext.stdout.find('home_root_t') == -1
|
|
tags:
|
|
- config
|
|
- selinux
|
|
|
|
#
|
|
# This sets the default, it's safe to always run.
|
|
# Default quota for users is 2gb
|
|
#
|
|
- name: set default xfs quotas on /srv
|
|
command: xfs_quota -x -c 'limit bsoft=2g bhard=2g -d' /srv
|
|
check_mode: no
|
|
register: xfs_quotaoutput
|
|
changed_when: "xfs_quotaoutput.rc != 0"
|
|
tags:
|
|
- people
|
|
- peoplequotas
|
|
|
|
#
|
|
# This sets quotas for people who requested more than default
|
|
# It's also safe to aways run.
|
|
#
|
|
- name: set quotas for people who have more set
|
|
command: xfs_quota -x -c 'limit bsoft={{ item.quota }} bhard={{ item.quota }} {{ item.user }}' /srv
|
|
with_items:
|
|
- { user: apache, quota: 1000g }
|
|
- { user: bollocks, quota: 12g }
|
|
- { user: dmarlin, quota: 5g }
|
|
- { user: duffy, quota: 10g }
|
|
- { user: dustymabe, quota: 10g }
|
|
- { user: dwalsh, quota: 5g }
|
|
- { user: hadess, quota: 5g }
|
|
- { user: imcleod, quota: 15g }
|
|
- { user: jdulaney, quota: 5g }
|
|
- { user: jnovy, quota: 5g }
|
|
- { user: kashyapc, quota: 5g }
|
|
- { user: linuxmodder, quota: 12g }
|
|
- { user: lupinix, quota: 8g }
|
|
- { user: mimccune, quota: 3g }
|
|
- { user: nobody, quota: 1000g }
|
|
- { user: npmccallum, quota: 5g }
|
|
- { user: parasense, quota: 5g }
|
|
- { user: planet-user, quota: 1000g }
|
|
- { user: ppisar, quota: 4g }
|
|
- { user: pulpadmin, quota: 10g }
|
|
- { user: sapnetweavergatewayonfedora, quota: 5g }
|
|
- { user: slagle, quota: 7g }
|
|
- { user: spot, quota: 15g }
|
|
- { user: spstarr, quota: 4g }
|
|
- { user: steved, quota: 5g }
|
|
- { user: tekkamanninja, quota: 5g }
|
|
- { user: tflink, quota: 10g }
|
|
- { user: thunderbirdtr, quota: 3g }
|
|
- { user: zpericic, quota: 5g }
|
|
check_mode: no
|
|
register: xfs_quotaoutput
|
|
changed_when: "xfs_quotaoutput.rc != 0"
|
|
tags:
|
|
- people
|
|
- peoplequotas
|
|
|
|
- name: create repos directory
|
|
file: path=/project/repos state=directory owner=root group=cla_done mode=0775
|
|
tags:
|
|
- people
|
|
|
|
- name: create repos link
|
|
file: state=link src=/project/repos dest=/srv/repos
|
|
tags:
|
|
- people
|
|
|
|
- name: create groups link
|
|
file: state=link src=/project dest=/srv/groups
|
|
tags:
|
|
- people
|
|
|
|
- name: setup script to grab download stats for some groups.
|
|
copy: src=grab-daily-logs.sh dest=/usr/local/bin/grab-daily-logs.sh mode=0755
|
|
tags:
|
|
- people
|
|
|
|
- name: setup cron job to gather download stats
|
|
copy: src=grab-daily-logs.cron dest=/etc/cron.daily/grab-daily-logs mode=0755
|
|
tags:
|
|
- people
|
|
|
|
- name: copy static files to make main fedorapeople.org index page
|
|
copy: src=static/ dest=/srv/people/site/static
|
|
tags:
|
|
- people
|
|
|
|
- name: setup script to make main fedorapeople.org index page
|
|
copy: src=make-people-page.py dest=/usr/local/bin/make-people-page.py mode=755
|
|
tags:
|
|
- people
|
|
|
|
- name: setup script check for broken planet confs
|
|
copy: src=check-broken-planet.py dest=/usr/local/bin/check-broken-planet.py mode=755
|
|
tags:
|
|
- people
|
|
|
|
- name: setup cron to run make fedorapeople.org main index page
|
|
copy: src=make-people-page.cron dest=/etc/cron.d/make-people-page.cron mode=644
|
|
tags:
|
|
- people
|
|
|
|
- name: setup cron to run the check for broken planet confs
|
|
copy: src=check-broken-planet.cron dest=/etc/cron.d/check-broken-planet.cron mode=644
|
|
tags:
|
|
- people
|