mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-04-27 12:03:38 +08:00
131 lines
3.3 KiB
YAML
131 lines
3.3 KiB
YAML
#
|
|
# This is a beaker_server role.
|
|
#
|
|
---
|
|
|
|
# it's unfortunate, but the beaker devs say that this is required until
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1074384 is solved
|
|
- name: switch selinux off
|
|
selinux: state=disabled
|
|
tags:
|
|
- selinux
|
|
- beaker-server
|
|
|
|
- name: install packages required for beaker-server
|
|
package: name={{ item }} state=present
|
|
with_items:
|
|
- beaker-server
|
|
- mod_auth_mellon
|
|
- libvirt-client
|
|
tags:
|
|
- beaker-server
|
|
- MySQL-python
|
|
|
|
- name: create /etc/httpd/saml2/{{ beaker_server_cname }}
|
|
file: >
|
|
path="/etc/httpd/saml2/{{ beaker_server_cname }}"
|
|
state=directory owner=apache group=apache mode=0700
|
|
tags:
|
|
- beaker-server
|
|
|
|
- name: copy SAML identity provider metadata
|
|
copy: >
|
|
src="{{ private }}/files/saml2/idp-{{env}}.xml"
|
|
dest="/etc/httpd/saml2/{{ beaker_server_cname }}/idp-metadata.xml"
|
|
owner="apache" group="apache" mode=0600
|
|
notify:
|
|
- reload httpd
|
|
tags:
|
|
- beaker-server
|
|
|
|
- name: copy SAML files
|
|
copy: >
|
|
src="{{ item }}" dest="/etc/httpd/{{ item }}"
|
|
owner="apache" group="apache" mode=0644
|
|
with_items:
|
|
- "saml2/{{ beaker_server_cname }}/metadata.xml"
|
|
- "saml2/{{ beaker_server_cname }}/certificate.pem"
|
|
notify:
|
|
- reload httpd
|
|
tags:
|
|
- beaker-server
|
|
|
|
- name: copy SAML private key
|
|
copy: >
|
|
src="{{ private}}/files/saml2/{{ beaker_server_cname }}/certificate.key"
|
|
dest="/etc/httpd/saml2/{{ beaker_server_cname }}/certificate.key"
|
|
owner="apache" group="apache" mode=0600
|
|
notify:
|
|
- reload httpd
|
|
tags:
|
|
- beaker-server
|
|
|
|
- name: Replace default apache beaker-server.conf
|
|
template:
|
|
src: beaker-server.conf
|
|
dest: /etc/httpd/conf.d/beaker-server.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
notify:
|
|
- reload httpd
|
|
tags:
|
|
- beaker-server
|
|
|
|
- name: Replace default beaker_server.cfg file
|
|
template:
|
|
src: etc/beaker/server.cfg.j2
|
|
dest: /etc/beaker/server.cfg
|
|
owner: apache
|
|
group: root
|
|
mode: 0660
|
|
backup: yes
|
|
force: yes
|
|
register: setup_beaker_conf
|
|
notify:
|
|
- restart beaker server
|
|
- reload httpd
|
|
tags:
|
|
- beaker-server
|
|
|
|
- name: create the beaker database
|
|
mysql_db: name={{ beaker_db_name }} state=present
|
|
|
|
- name: create beaker database user
|
|
mysql_user:
|
|
name: "{{ beaker_db_user }}"
|
|
password: "{{ beaker_db_password }}"
|
|
priv: "{{ beaker_db_name }}.*:ALL,GRANT"
|
|
state: present
|
|
|
|
- name: initialize beaker database
|
|
command: "beaker-init -u {{beaker_server_admin_user}} -p {{beaker_server_admin_pass}} -e {{beaker_server_email}}"
|
|
when: setup_beaker_conf is success
|
|
tags:
|
|
- beaker-init
|
|
- beaker-server
|
|
|
|
# workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1327051
|
|
- name: create /var/run/beaker
|
|
command: systemd-tmpfiles --create beaker-server.conf
|
|
tags:
|
|
- beaker-server
|
|
|
|
- name: ensure the Apache server and the Beaker daemon are running
|
|
service: name={{ item }} state=started enabled=yes
|
|
with_items:
|
|
- httpd
|
|
- beakerd
|
|
tags:
|
|
- beaker-server
|
|
|
|
- import_tasks: client.yml
|
|
|
|
- name: ensure beaker server has all relevant virthost ssh signatures in known_hosts
|
|
lineinfile: dest=/root/.ssh/known_hosts regexp='{{ item.hostname }}' line='{{ item.hostname }} {{ item.signature }}' create=yes owner=root group=root
|
|
with_items:
|
|
- '{{ beaker_virthost_signatures }}'
|
|
tags:
|
|
- beaker-server
|
|
|