mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-03-20 03:57:02 +08:00
pagure: Fix lint errors in main task
Signed-off-by: Lenka Segura <lsegura@redhat.com>
This commit is contained in:
Lenka Segura
@@ -1,3 +1,5 @@
|
||||
---
|
||||
- name: Restart pagure_milter
|
||||
service: name=pagure_milter state=restarted
|
||||
ansible.builtin.service:
|
||||
name: pagure_milter
|
||||
state: restarted
|
||||
|
||||
@@ -1,7 +1,9 @@
|
||||
---
|
||||
# Configuration for the pagure webapp
|
||||
- name: Install needed packages
|
||||
ansible.builtin.package: name={{ item }} state=present
|
||||
ansible.builtin.package:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
with_items:
|
||||
- pagure
|
||||
- pagure-ci
|
||||
@@ -27,8 +29,9 @@
|
||||
- packages
|
||||
|
||||
- name: Initialize postgres if necessary
|
||||
ansible.builtin.command: /usr/bin/postgresql-setup initdb
|
||||
creates=/var/lib/pgsql/data
|
||||
ansible.builtin.command:
|
||||
cmd: /usr/bin/postgresql-setup initdb
|
||||
creates: /var/lib/pgsql/data
|
||||
notify:
|
||||
- Restart postgresql
|
||||
tags:
|
||||
@@ -37,7 +40,7 @@
|
||||
- name: Create the pagure DB user
|
||||
become_user: postgres
|
||||
become: true
|
||||
postgresql_user:
|
||||
community.postgresql.postgresql_user:
|
||||
name: "{{ pagure_db_user }}"
|
||||
password: "{{ pagure_db_pass }}"
|
||||
tags:
|
||||
@@ -48,7 +51,7 @@
|
||||
- name: Create the pagure DB user
|
||||
become_user: postgres
|
||||
become: true
|
||||
postgresql_user:
|
||||
community.postgresql.postgresql_user:
|
||||
name: "{{ pagure_db_admin_user }}"
|
||||
password: "{{ pagure_db_admin_pass }}"
|
||||
tags:
|
||||
@@ -59,7 +62,7 @@
|
||||
- name: Create the pagure database creation
|
||||
become_user: postgres
|
||||
become: true
|
||||
postgresql_db:
|
||||
community.postgresql.postgresql_db:
|
||||
name: "{{ pagure_db_name }}"
|
||||
owner: "{{ pagure_db_user }}"
|
||||
encoding: UTF-8
|
||||
@@ -71,7 +74,7 @@
|
||||
- name: Create the pagure DB user
|
||||
become_user: postgres
|
||||
become: true
|
||||
postgresql_user:
|
||||
community.postgresql.postgresql_user:
|
||||
name: "{{ pagure_stg_db_user }}"
|
||||
password: "{{ pagure_stg_db_pass }}"
|
||||
tags:
|
||||
@@ -82,7 +85,7 @@
|
||||
- name: Create the pagure DB user
|
||||
become_user: postgres
|
||||
become: true
|
||||
postgresql_user:
|
||||
community.postgresql.postgresql_user:
|
||||
name: "{{ pagure_stg_db_admin_user }}"
|
||||
password: "{{ pagure_stg_db_admin_pass }}"
|
||||
tags:
|
||||
@@ -93,7 +96,7 @@
|
||||
- name: Create the pagure database creation
|
||||
become_user: postgres
|
||||
become: true
|
||||
postgresql_db:
|
||||
community.postgresql.postgresql_db:
|
||||
name: "{{ pagure_stg_db_name }}"
|
||||
owner: "{{ pagure_stg_db_user }}"
|
||||
encoding: UTF-8
|
||||
@@ -103,27 +106,39 @@
|
||||
when: env == 'pagure-staging'
|
||||
|
||||
- name: Put in robots.txt
|
||||
ansible.builtin.template: src=robots.txt.j2 dest=/var/www/html/robots.txt
|
||||
ansible.builtin.template:
|
||||
src: robots.txt.j2
|
||||
dest: /var/www/html/robots.txt
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
tags:
|
||||
- pagure
|
||||
|
||||
- name: Create the "git" user
|
||||
ansible.builtin.command: useradd --create-home --home-dir=/srv/git/ git
|
||||
creates=/srv/git/
|
||||
ansible.builtin.command:
|
||||
cmd: useradd --create-home --home-dir=/srv/git/ git
|
||||
creates: /srv/git/
|
||||
tags:
|
||||
- pagure
|
||||
|
||||
- name: Create the /attachments folder
|
||||
ansible.builtin.file: state=directory
|
||||
path=/srv/attachments
|
||||
owner=git group=git mode=0775
|
||||
ansible.builtin.file:
|
||||
state: directory
|
||||
path: /srv/attachments
|
||||
owner: git
|
||||
group: git
|
||||
mode: '0775'
|
||||
tags:
|
||||
- pagure
|
||||
|
||||
- name: Create the /var/log/pagure folder where to store the logs
|
||||
ansible.builtin.file: state=directory
|
||||
path=/var/log/pagure
|
||||
owner=git group=git mode=0775
|
||||
ansible.builtin.file:
|
||||
state: directory
|
||||
path: /var/log/pagure
|
||||
owner: git
|
||||
group: git
|
||||
mode: '0775'
|
||||
tags:
|
||||
- pagure
|
||||
- fix_log
|
||||
@@ -148,9 +163,12 @@
|
||||
# - gitolite
|
||||
|
||||
- name: Create all the directories where we store the git repos
|
||||
ansible.builtin.file: state=directory
|
||||
path={{ item }}
|
||||
owner=git group=git mode=0775
|
||||
ansible.builtin.file:
|
||||
state: directory
|
||||
path: "{{ item }}"
|
||||
owner: git
|
||||
group: git
|
||||
mode: '0775'
|
||||
with_items:
|
||||
- /srv/git/repositories/
|
||||
- /srv/git/repositories/forks
|
||||
@@ -162,15 +180,18 @@
|
||||
- pagure
|
||||
|
||||
- name: Create the /srv/tmp folder where to clone repos
|
||||
ansible.builtin.file: state=directory
|
||||
path=/srv/tmp
|
||||
owner=git group=git mode=0775
|
||||
ansible.builtin.file:
|
||||
state: directory
|
||||
path: /srv/tmp
|
||||
owner: git
|
||||
group: git
|
||||
mode: '0775'
|
||||
tags:
|
||||
- pagure
|
||||
|
||||
# On RHEL 8.8 and newer, git operations fail because of dubious ownership. This should fix it.
|
||||
- name: Configure git directories as safe
|
||||
git_config:
|
||||
community.general.git_config:
|
||||
name: safe.directory
|
||||
scope: system
|
||||
value: "*"
|
||||
@@ -180,7 +201,7 @@
|
||||
# Set things up for the mirroring feature
|
||||
|
||||
- name: Create the `paguremirroring` group
|
||||
group:
|
||||
ansible.builtin.group:
|
||||
name: paguremirroring
|
||||
state: present
|
||||
tags:
|
||||
@@ -188,7 +209,7 @@
|
||||
- mirror
|
||||
|
||||
- name: Create the `paguremirroring` user
|
||||
user:
|
||||
ansible.builtin.user:
|
||||
name: paguremirroring
|
||||
group: paguremirroring
|
||||
groups: paguremirroring,git
|
||||
@@ -201,7 +222,12 @@
|
||||
# Set-up postfix and the milter for postfix
|
||||
|
||||
- name: Add the /etc/aliases file
|
||||
ansible.builtin.copy: src=aliases dest=/etc/aliases owner=root mode=644
|
||||
ansible.builtin.copy:
|
||||
src: aliases
|
||||
dest: /etc/aliases
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
tags:
|
||||
- config
|
||||
- pagure
|
||||
@@ -213,9 +239,12 @@
|
||||
# Override pagure_ev systemd service file
|
||||
|
||||
- name: Install pagure_ev service definition
|
||||
ansible.builtin.copy: src=pagure_ev.service
|
||||
dest=/usr/lib/systemd/system/pagure_ev.service
|
||||
owner=root group=root mode=0644
|
||||
ansible.builtin.copy:
|
||||
src: pagure_ev.service
|
||||
dest: /usr/lib/systemd/system/pagure_ev.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
notify:
|
||||
- Reload systemd
|
||||
- Restart pagure_ev
|
||||
@@ -226,9 +255,12 @@
|
||||
# Set-up stunnel for the event source server
|
||||
|
||||
- name: Install stunnel service definition
|
||||
ansible.builtin.copy: src=stunnel.service
|
||||
dest=/usr/lib/systemd/system/stunnel.service
|
||||
owner=root group=root mode=0644
|
||||
ansible.builtin.copy:
|
||||
src: stunnel.service
|
||||
dest: /usr/lib/systemd/system/stunnel.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
notify:
|
||||
- Reload systemd
|
||||
- Restart stunnel
|
||||
@@ -237,9 +269,12 @@
|
||||
- stunnel
|
||||
|
||||
- name: Install stunnel.conf
|
||||
ansible.builtin.template: src={{ item.file }}
|
||||
dest={{ item.dest }}
|
||||
owner=root group=root mode=0600
|
||||
ansible.builtin.template:
|
||||
src: "{{ item.file }}"
|
||||
dest: "{{ item.dest }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0600'
|
||||
with_items:
|
||||
- {file: stunnel-conf.j2, dest: /etc/stunnel/stunnel.conf}
|
||||
notify: Restart stunnel
|
||||
@@ -249,9 +284,12 @@
|
||||
- config
|
||||
|
||||
- name: Add the different service files for the different services
|
||||
ansible.builtin.copy: src={{ item }}.service
|
||||
dest=/etc/systemd/system/{{ item }}.service
|
||||
owner=root group=root mode=0755
|
||||
ansible.builtin.copy:
|
||||
src: "{{ item }}.service"
|
||||
dest: "/etc/systemd/system/{{ item }}.service"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0755'
|
||||
with_items:
|
||||
- pagure_fast_worker
|
||||
- pagure_medium_worker
|
||||
@@ -265,7 +303,9 @@
|
||||
# setup fedora-messaging
|
||||
|
||||
- name: Install fedora-messaging as a dependency
|
||||
ansible.builtin.package: name={{ item }} state=present
|
||||
ansible.builtin.package:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
with_items:
|
||||
- python3-fedora-messaging
|
||||
tags:
|
||||
@@ -273,29 +313,45 @@
|
||||
- fedora-messaging
|
||||
|
||||
- name: Create the config folder for fedora-messaging
|
||||
ansible.builtin.file: path=/etc/fedora-messaging/ owner=root group=root mode=0755 state=directory
|
||||
ansible.builtin.file:
|
||||
path: /etc/fedora-messaging/
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0755'
|
||||
state: directory
|
||||
tags:
|
||||
- pagure
|
||||
- fedora-messaging
|
||||
|
||||
- name: Install the configuration file for fedora-messaging
|
||||
ansible.builtin.template:
|
||||
src=fedora-messaging.toml
|
||||
dest=/etc/fedora-messaging/config.toml
|
||||
src: fedora-messaging.toml
|
||||
dest: /etc/fedora-messaging/config.toml
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
tags:
|
||||
- pagure
|
||||
- fedora-messaging
|
||||
|
||||
- name: Create folder where we'll place the certs
|
||||
ansible.builtin.file: path=/etc/pki/rabbitmq/pagurecert/ owner=root group=root mode=0755 state=directory
|
||||
ansible.builtin.file:
|
||||
path: /etc/pki/rabbitmq/pagurecert/
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0755'
|
||||
state: directory
|
||||
tags:
|
||||
- pagure
|
||||
- fedora-messaging
|
||||
|
||||
- name: Deploy pagure/rabbitmq certificate
|
||||
ansible.builtin.copy: src={{ item.src }}
|
||||
dest=/etc/pki/rabbitmq/pagurecert/{{ item.dest }}
|
||||
owner={{ item.owner }} group={{ item.group}} mode={{ item.mode }}
|
||||
ansible.builtin.copy:
|
||||
src: "{{ item.src }}"
|
||||
dest: "/etc/pki/rabbitmq/pagurecert/{{ item.dest }}"
|
||||
owner: "{{ item.owner }}"
|
||||
group: "{{ item.group }}"
|
||||
mode: "{{ item.mode }}"
|
||||
when: env == 'pagure-staging'
|
||||
with_items:
|
||||
- src: "{{private}}/files/rabbitmq/staging/pki/issued/pagure.stg.crt"
|
||||
@@ -318,9 +374,12 @@
|
||||
- fedora-messaging
|
||||
|
||||
- name: Deploy pagure/rabbitmq certificate
|
||||
ansible.builtin.copy: src={{ item.src }}
|
||||
dest=/etc/pki/rabbitmq/pagurecert/{{ item.dest }}
|
||||
owner={{ item.owner }} group={{ item.group}} mode={{ item.mode }}
|
||||
ansible.builtin.copy:
|
||||
src: "{{ item.src }}"
|
||||
dest: "/etc/pki/rabbitmq/pagurecert/{{ item.dest }}"
|
||||
owner: "{{ item.owner }}"
|
||||
group: "{{ item.group }}"
|
||||
mode: "{{ item.mode }}"
|
||||
when: env != 'pagure-staging'
|
||||
with_items:
|
||||
- src: "{{private}}/files/rabbitmq/production/pki/issued/pagure.crt"
|
||||
@@ -346,9 +405,12 @@
|
||||
# Set-up Pagure
|
||||
|
||||
- name: Create the folders used for releases and archives
|
||||
ansible.builtin.file: state=directory
|
||||
path={{ item }}
|
||||
owner=git group=git mode=0775
|
||||
ansible.builtin.file:
|
||||
state: directory
|
||||
path: "{{ item }}"
|
||||
owner: git
|
||||
group: git
|
||||
mode: '0775'
|
||||
with_items:
|
||||
- /var/www/releases
|
||||
- /var/www/archives
|
||||
@@ -357,9 +419,12 @@
|
||||
- web
|
||||
|
||||
- name: Copy sundry pagure configuration
|
||||
ansible.builtin.template: src={{ item.file }}
|
||||
dest={{ item.location }}/{{ item.file }}
|
||||
owner=git group=postfix mode=0640
|
||||
ansible.builtin.template:
|
||||
src: "{{ item.file }}"
|
||||
dest: "{{ item.location }}/{{ item.file }}"
|
||||
owner: git
|
||||
group: postfix
|
||||
mode: '0640'
|
||||
with_items:
|
||||
- {file: pagure.cfg, location: /etc/pagure}
|
||||
- {file: alembic.ini, location: /etc/pagure}
|
||||
@@ -371,9 +436,12 @@
|
||||
- Restart apache
|
||||
|
||||
- name: Install client_secrets for ipsilon
|
||||
ansible.builtin.template: src=client_secrets.json
|
||||
dest=/etc/pagure
|
||||
owner=git group=postfix mode=0640
|
||||
ansible.builtin.template:
|
||||
src: client_secrets.json
|
||||
dest: /etc/pagure
|
||||
owner: git
|
||||
group: postfix
|
||||
mode: '0640'
|
||||
tags:
|
||||
- config
|
||||
- web
|
||||
@@ -381,7 +449,8 @@
|
||||
|
||||
|
||||
- name: Create the database scheme
|
||||
ansible.builtin.command: /usr/bin/python3 /usr/share/pagure/pagure_createdb.py
|
||||
ansible.builtin.command:
|
||||
cmd: /usr/bin/python3 /usr/share/pagure/pagure_createdb.py
|
||||
changed_when: "1 != 1"
|
||||
environment:
|
||||
PAGURE_CONFIG: /etc/pagure/pagure.cfg
|
||||
@@ -390,8 +459,12 @@
|
||||
- pagure
|
||||
|
||||
- name: Install the configuration file to activate https
|
||||
ansible.builtin.template: src={{ item }} dest=/etc/httpd/conf.d/{{ item }}
|
||||
owner=root group=root mode=0644
|
||||
ansible.builtin.template:
|
||||
src: "{{ item }}"
|
||||
dest: "/etc/httpd/conf.d/{{ item }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
with_items:
|
||||
- 0_pagure.conf
|
||||
- securityheaders.conf
|
||||
@@ -404,9 +477,12 @@
|
||||
- Restart apache
|
||||
|
||||
- name: Install the wsgi file
|
||||
ansible.builtin.template: src={{ item }}
|
||||
dest=/var/www/{{ item }}
|
||||
owner=git group=git mode=0644
|
||||
ansible.builtin.template:
|
||||
src: "{{ item }}"
|
||||
dest: "/var/www/{{ item }}"
|
||||
owner: git
|
||||
group: git
|
||||
mode: '0644'
|
||||
with_items:
|
||||
- pagure.wsgi
|
||||
- docs_pagure.wsgi
|
||||
@@ -418,30 +494,43 @@
|
||||
- Restart apache
|
||||
|
||||
- name: Let paguremirroring read the pagure config
|
||||
ansible.builtin.command: /usr/bin/setfacl -m user:paguremirroring:rx /etc/pagure/pagure.cfg
|
||||
ansible.builtin.command:
|
||||
cmd: /usr/bin/setfacl -m user:paguremirroring:rx /etc/pagure/pagure.cfg
|
||||
changed_when: false
|
||||
tags:
|
||||
- pagure
|
||||
- mirror
|
||||
|
||||
- name: Add default facl so apache can read git repos
|
||||
acl: default=yes etype=user entity=apache permissions="rx" name=/srv/git state=present
|
||||
ansible.posix.acl:
|
||||
default: yes
|
||||
etype: user
|
||||
entity: apache
|
||||
permissions: "rx"
|
||||
name: /srv/git
|
||||
state: present
|
||||
register: acl_updates
|
||||
tags:
|
||||
- pagure
|
||||
|
||||
- name: Manually fix current default ACLs since Ansible doesnt know recursive acls
|
||||
- name: Manually fix current default ACLs since Ansible doesnt know recursive acls # noqa no-handler
|
||||
when: acl_updates.changed
|
||||
ansible.builtin.command: /usr/bin/setfacl -Rdm user:apache:rx /srv/git
|
||||
changed_when: true
|
||||
tags:
|
||||
- pagure
|
||||
|
||||
- name: Manually fix current ACLs since Ansible doesnt know recursive acls
|
||||
- name: Manually fix current ACLs since Ansible doesnt know recursive acls # noqa no-handler
|
||||
when: acl_updates.changed
|
||||
ansible.builtin.command: /usr/bin/setfacl -Rm user:apache:rx /srv/git
|
||||
changed_when: true
|
||||
tags:
|
||||
- pagure
|
||||
|
||||
- import_tasks: selinux.yml
|
||||
# Import SELinux configuration tasks
|
||||
|
||||
- name: Import SELinux configuration tasks
|
||||
ansible.builtin.import_tasks: selinux.yml
|
||||
tags:
|
||||
- selinux
|
||||
- pagure
|
||||
@@ -449,9 +538,12 @@
|
||||
# Hotfix(es)
|
||||
|
||||
- name: Install the python3-only version of the stream_server so it works
|
||||
ansible.builtin.copy: src=pagure_stream_server.py
|
||||
dest=/usr/libexec/pagure-ev/pagure_stream_server.py
|
||||
owner=root mode=0755
|
||||
ansible.builtin.copy:
|
||||
src: pagure_stream_server.py
|
||||
dest: /usr/libexec/pagure-ev/pagure_stream_server.py
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0755'
|
||||
tags:
|
||||
- pagure
|
||||
- hotfix
|
||||
@@ -461,7 +553,10 @@
|
||||
# Ensure all the services are up and running
|
||||
|
||||
- name: Start and enable httpd, postfix, pagure_milter
|
||||
service: name={{ item }} enabled=yes state=started
|
||||
ansible.builtin.service:
|
||||
name: "{{ item }}"
|
||||
enabled: yes
|
||||
state: started
|
||||
with_items:
|
||||
- httpd
|
||||
- postfix
|
||||
@@ -484,33 +579,49 @@
|
||||
- pagure_mirror_project_in
|
||||
- pagure_mirror_project_in.timer
|
||||
- haveged
|
||||
ignore_errors: true
|
||||
failed_when: result.rc != 0
|
||||
tags:
|
||||
- pagure
|
||||
- service
|
||||
- postfix
|
||||
|
||||
- name: Setup logrotate to our needs
|
||||
ansible.builtin.template: src="{{ files }}/httpd/httpd.logrotate.j2" dest=/etc/logrotate.d/httpd
|
||||
ansible.builtin.template:
|
||||
src: "{{ files }}/httpd/httpd.logrotate.j2"
|
||||
dest: /etc/logrotate.d/httpd
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
tags:
|
||||
- config
|
||||
- apache
|
||||
|
||||
- name: Add SAR script for pagure
|
||||
ansible.builtin.copy: src=pagure_sar.py dest=/usr/local/bin/pagure_sar.py owner=git mode=0700
|
||||
ansible.builtin.copy:
|
||||
src: pagure_sar.py
|
||||
dest: /usr/local/bin/pagure_sar.py
|
||||
owner: git
|
||||
group: git
|
||||
mode: '0700'
|
||||
tags:
|
||||
- SAR
|
||||
- GDPR
|
||||
- pagure
|
||||
|
||||
- name: Override the default syslog logrotate file
|
||||
ansible.builtin.copy: src=syslog-logrotate dest=/etc/logrotate.d/syslog
|
||||
ansible.builtin.copy:
|
||||
src: syslog-logrotate
|
||||
dest: /etc/logrotate.d/syslog
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
tags:
|
||||
- pagure
|
||||
- logrotate
|
||||
|
||||
- name: Letsencrypt for stg.pagure.io
|
||||
include_role: name=letsencrypt
|
||||
ansible.builtin.include_role:
|
||||
name: letsencrypt
|
||||
vars:
|
||||
site_name: stg.pagure.io
|
||||
server_aliases:
|
||||
@@ -523,7 +634,8 @@
|
||||
- letsencrypt
|
||||
|
||||
- name: Letsencrypt for pagure.io
|
||||
include_role: name=letsencrypt
|
||||
ansible.builtin.include_role:
|
||||
name: letsencrypt
|
||||
vars:
|
||||
site_name: pagure.io
|
||||
server_aliases:
|
||||
|
||||
Reference in New Issue
Block a user