WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-26 19:42:55 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
012447730e5696794deac2deb741bab16d2f28b2
fedora-infra_ansible/roles/distgit/pagure/tasks/main.yml

455 lines
10 KiB
YAML
Raw Blame History

---
# Configuration for the pagure webapp
- name: install needed packages
package: name={{ item }} state=present
with_items:
- pagure
- pagure-ev
- pagure-logcom
- pagure-milters
- pagure-webhook
- python-psycopg2
- python2-pygments2
- redis
- libsemanage-python
- python-fedora-flask
- pagure-dist-git
# For the pagure-sync-bugzilla.py script
- python-bugzilla
- python-requests
- PyYAML
- python-six
# - mod_ssl
# - stunnel
tags:
- pagure
- packages
- name: install needed packages
package: name={{ item }} state=present
with_items:
- pagure-theme-srcfpo
tags:
- pagure
- packages
# Set-up stunnel for the event source server
#- name: install stunnel service definition
# copy: src=stunnel.service
# dest=/usr/lib/systemd/system/stunnel.service
# owner=root group=root mode=0755
# notify:
# - reload systemd
# - restart stunnel
# tags:
# - pagure
# - stunnel
#- name: ensure old stunnel init file is gone
# file: dest=/etc/init.d/stunnel/stunnel.init state=absent
# tags:
# - pagure
# - stunnel
# - config
#- name: install stunnel.conf
# template: src={{ item.file }}
# dest={{ item.dest }}
# owner=root group=root mode=0600
# with_items:
# - { file: stunnel-conf.j2, dest: /etc/stunnel/stunnel.conf }
# notify: restart stunnel
# tags:
# - pagure
# - stunnel
# - config
- name: Make sure mere mortals can access the fedmsg key
acl:
path: /etc/pki/fedmsg/shell-{{ inventory_hostname }}.key
entity: packager
etype: group
permissions: r
state: present
# Set-up Pagure
- name: Create a group pagure we can use
group: name=pagure
tags:
- pagure
- name: Create an user we can run pagure under
user: name=pagure group=packager append=yes
tags:
- pagure
- name: create the /srv/tmp folder where to clone repos
file: state=directory
path=/srv/tmp
owner=pagure group=pagure mode=0775
tags:
- pagure
- name: copy sundry pagure configuration
template: src={{ item.file }}
dest={{ item.location }}/{{ item.file }}
owner=pagure group=postfix mode=0640
with_items:
- { file: pagure.cfg, location: /etc/pagure }
- { file: alembic.ini, location: /etc/pagure }
tags:
- config
- web
- pagure
notify:
- restart apache
- name: Allow repoSpanner access to Pagure config
acl: path=/etc/pagure/pagure.cfg
etype=user
entity=repoSpanner
permissions=r
state=present
tags:
- config
- pagure
when: env == "staging"
- name: pagure configuration for the hooks
template: src={{ item.file }}
dest={{ item.location }}/{{ item.file }}
owner=pagure group=packager mode=0640
with_items:
- { file: pagure_hook.cfg, location: /etc/pagure }
tags:
- config
- web
- pagure
notify:
- restart apache
- name: create the database scheme
command: /usr/bin/python2 /usr/share/pagure/pagure_createdb.py
changed_when: "1 != 1"
environment:
PAGURE_CONFIG: /etc/pagure/pagure.cfg
tags:
- web
- pagure
- name: create all the directories where we store the git repos
file: state=directory
path={{ item }}
owner=root group=packager mode=2775
with_items:
- /srv/git/repositories/
- /srv/git/repositories/forks
- /srv/git/repositories/requests
tags:
- gitolite
- pagure
- name: create the remotes folder so pagure can clone remote repos
file: state=directory
path={{ item }}
owner=root group=packager mode=2775
with_items:
- /srv/git/remotes
tags:
- gitolite
- pagure
- name: Install the apache configuration file
template: src={{ item }} dest=/etc/httpd/conf.d/{{ item }}
owner=root group=root mode=0644
with_items:
- z_pagure.conf
tags:
- files
- config
- pagure
notify:
- restart apache
- name: Install the wsgi file
template: src={{ item }}
dest=/var/www/{{ item }}
owner=pagure group=pagure mode=0644
with_items:
- pagure.wsgi
tags:
- config
- web
- pagure
notify:
- restart apache
- name: Add default facl so apache can read git repos
acl: default=yes etype=user entity=apache permissions="rx" name=/srv/git state=present
register: acl_updates
tags:
- pagure
- name: Manually fix current default ACLs since Ansible doesnt know recursive acls
when: acl_updates.changed
command: /usr/bin/setfacl -Rdm user:apache:rx /srv/git
tags:
- pagure
- name: Manually fix current ACLs since Ansible doesnt know recursive acls
when: acl_updates.changed
command: /usr/bin/setfacl -Rm user:apache:rx /srv/git
tags:
- pagure
- name: Override the default pagure_worker.service file to change the user it is run under
copy: src={{ item }}.service
dest=/etc/systemd/system/{{ item }}.service
owner=root group=root mode=0755
with_items:
- pagure_ev
- pagure_logcom
- pagure_webhook
- pagure_worker
notify:
- reload systemd
tags:
- pagure
- name: set sebooleans so pagure can talk to the db
seboolean: name=httpd_can_network_connect_db
state=true
persistent=true
tags:
- selinux
- web
- pagure
- name: set sebooleans so apache can send emails
seboolean: name=httpd_can_sendmail
state=true
persistent=true
tags:
- selinux
- web
- pagure
- name: set sebooleans so pagure can talk to libgit2
seboolean: name=httpd_execmem
state=true
persistent=true
tags:
- selinux
- web
- pagure
- name: set sebooleans so pagure can talk to repospanner
seboolean: name=httpd_can_network_connect
state=true
persistent=true
tags:
- selinux
- web
- pagure
when: env == "staging"
# HOTFIX: adjust bugzilla overrides
- name: HOTFIX - adjust bugzilla overrides
copy: src=fas2.py dest=/usr/lib/python2.7/site-packages/fedora/client/fas2.py
tags:
- config
- pagure
- fas
- hotfix
- hotfixfas
- name: generate pagure-sync-bugzilla.py script
template:
src: pagure-sync-bugzilla.py.j2
dest: /usr/local/bin/pagure-sync-bugzilla.py
owner: root
group: root
mode: 0700
tags:
- pagure
- bugzilla
- name: Configure cron job for a daily pagure-sync-bugzilla.py script run
cron:
name: pagure-sync-bugzilla
user: root
minute: 0
hour: 18
job: /usr/local/bin/lock-wrapper pagure-sync-bugzilla "/usr/local/bin/pagure-sync-bugzilla.py"
cron_file: pagure-sync-bugzilla
state: present
when: env != 'staging'
tags:
- pagure
- bugzilla
# Cron job to export extras information from the pagure DB
- name: Install the apache configuration file for /extras
copy: src={{ item }} dest=/etc/httpd/conf.d/{{ item }}
owner=root group=root mode=0644
with_items:
- pagure_cron.conf
tags:
- files
- config
- pagure
notify:
- restart apache
- name: create the /srv/cache/extras folder for the crons
file: state=directory
path=/srv/cache/extras
owner=apache group=apache mode=0775
tags:
- pagure
- name: Configure cron job for a hourly pagure_poc
cron:
name: pagure-poc
user: root
minute: 0
job: /usr/bin/python2 /usr/libexec/pagure-dist-git/pagure_poc.py /srv/cache/extras
cron_file: pagure-poc
state: present
tags:
- pagure
- name: Configure cron job for a hourly pagure_bz
cron:
name: pagure-poc
user: root
minute: 0
job: /usr/bin/python2 /usr/libexec/pagure-dist-git/pagure_bz.py /srv/cache/extras
cron_file: pagure-bz
state: present
tags:
- pagure
- name: Configure cron job for a hourly pagure_owner_alias
cron:
name: pagure-poc
user: root
minute: 0
job: /usr/bin/python2 /usr/libexec/pagure-dist-git/pagure_owner_alias.py /srv/cache/extras
cron_file: pagure-owner-alias
state: present
tags:
- pagure
# setup fedora-messaging
- name: install fedora-messaging as a dependency
package: name={{ item }} state=present
when: env == 'staging'
with_items:
- python2-fedora-messaging
tags:
- pagure
- fedora-messaging
- name: create the config folder for fedora-messaging
when: env == 'staging'
file: path=/etc/fedora-messaging/ owner=root group=root mode=0755 state=directory
tags:
- pagure
- fedora-messaging
- name: install the configuration file for fedora-messaging
template:
src=fedora-messaging.toml
dest=/etc/fedora-messaging/config.toml
when: env == 'staging'
tags:
- pagure
- fedora-messaging
- name: create folder where we'll place the certs
when: env == 'staging'
file: path=/etc/pki/rabbitmq/pagurecert/ owner=root group=root mode=0755 state=directory
tags:
- pagure
- fedora-messaging
- name: deploy pagure/rabbitmq certificate
copy: src={{ item.src }}
dest=/etc/pki/rabbitmq/pagurecert/{{ item.dest }}
owner={{ item.owner }} group={{ item.group}} mode={{ item.mode }}
when: env == 'staging'
with_items:
- src: "{{private}}/files/rabbitmq/{{env}}/pki/issued/pagure{{ env_suffix }}.crt"
dest: src.fp.o.crt
owner: pagure
group: repoSpanner
mode: "444"
- src: "{{private}}/files/rabbitmq/{{env}}/pki/private/pagure{{ env_suffix }}.key"
dest: src.fp.o.key
owner: pagure
group: repoSpanner
mode: "440"
- src: "{{private}}/files/rabbitmq/{{env}}/pki/ca.crt"
dest: src.fp.o.ca
owner: pagure
group: repoSpanner
mode: "444"
tags:
- pagure
- fedora-messaging
# Ensure all the services are up and running
- name: Start and enable httpd, postfix, pagure_milter
service: name={{ item }} enabled=yes state=started
with_items:
- httpd
- postfix
# - stunnel
- redis
- pagure_ev
- pagure_logcom
# - pagure_milter
- pagure_webhook
- pagure_worker
# - pagure_api_key_expire_mail
# - pagure_api_key_expire_mail.timer
tags:
- pagure
- service
- postfix
- name: Add SAR script for pagure
copy: src={{ roles_path }}/pagure/frontend/files/pagure_sar.py
dest=/usr/local/bin/pagure_sar.py
owner=root mode=0700
tags:
- SAR
- GDPR
- pagure
- name: override the default syslog logrotate file
copy: src=syslog-logrotate dest=/etc/logrotate.d/syslog
tags:
- pagure
- logrotate
- name: hotfix the default hook so it updates pending PR async
copy: >
src=hotfix-20190227-hooks-default.py
dest=/usr/lib/python2.7/site-packages/pagure/hooks/default.py
owner=root group=root mode=0644
tags:
- hotfix
- pagure
Reference in New Issue View Git Blame Copy Permalink