WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-27 03:52:09 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
012447730e5696794deac2deb741bab16d2f28b2
fedora-infra_ansible/roles/libravatar/tasks/main.yml

158 lines
3.7 KiB
YAML
Raw Blame History

---
- import_tasks: "mount_fs.yml"
- name: install prerequisities
package: state=present pkg={{ item }}
with_items:
- postgresql-server
- postgresql-contrib
- python3-psycopg2
- libselinux-python
- libsemanage-python
- python3-virtualenv
- community-mysql-devel
- openldap-devel
- python3-pip
- gcc
- git
- httpd
- python3-mod_wsgi
- policycoreutils-python
- postfix
- mod_ssl
- letsencrypt
- cronie
- name: configure postfix for email encryption and not relaying to bastion
command: "{{ item }}"
with_items:
- postconf -e 'smtpd_tls_cert_file = /etc/letsencrypt/live/{{ server_cert_name }}/fullchain.pem'
- postconf -e 'smtpd_tls_key_file = /etc/letsencrypt/live/{{ server_cert_name }}/privkey.pem'
- postconf -e 'smtp_use_tls = yes'
- postconf -e 'relayhost ='
- git:
repo: https://git.linux-kernel.at/oliver/ivatar.git
dest: /srv/libravatar
version: "{{ git_branch }}"
ignore_errors: yes
- pip:
requirements: requirements.txt
virtualenv: /mnt/data/.virtualenv
virtualenv_command: virtualenv-3
chdir: /srv/libravatar
- name: copy run-in-venv script
shell: cp /mnt/data/run-in-venv /usr/local/bin
- name: 'postgresql host is localhost'
lineinfile:
dest: '/etc/hosts'
line: '127.0.0.1 postgresql'
state: 'present'
tags:
- config
- name: copy pg_hba.conf
copy: src="pg/{{ item }}" dest="/var/lib/pgsql/data/{{ item }}"
with_items:
- pg_hba.conf
notify:
- restart postgresql
tags:
- config
- name: ensure postgresql state
service: state=started enabled=yes name=postgresql
- name: upgrade db to head
command: "run-in-venv python3 manage.py migrate"
args:
chdir: /srv/libravatar
- name: collect static
command: "run-in-venv python3 manage.py collectstatic --noinput"
args:
chdir: /srv/libravatar
- name: set correct file attributes for /srv/libravatar
file:
path: /srv/libravatar
owner: apache
group: apache
state: directory
recurse: yes
- name: set fcontext for /srv/libravatar
sefcontext:
target: '/srv/libravatar(/.*)?'
setype: httpd_sys_content_t
state: present
- name: Apply new SELinux file context to filesystem
command: restorecon -ir /srv/libravatar
- name: Allow libravatar connect to db remote services
seboolean:
name: "{{ item }}"
state: yes
persistent: yes
with_items:
- httpd_can_network_connect_db
- httpd_can_network_connect
- nis_enabled
- name: Allow Apache use psyco shared lib in virtualenv with httpd_sys_content_t type
seboolean:
name: httpd_unified
state: yes
persistent: yes
- name: copy apache files to conf.d (templates)
template: src="httpd/{{ item }}" dest="/etc/httpd/conf.d/{{ item }}"
with_items:
- "libravatar.conf"
- "libravatar-app.include"
notify:
- reload httpd
tags:
- config
- name: cron.daily certbot renew job
copy: src="cron.daily/certbot-renew" dest="/etc/cron.daily/certbot-renew" mode=755
- name: cron.daily backup job
copy: src="cron.daily/backup" dest="/etc/cron.daily/backup" mode=755
when: env == "production"
- name: ensure service states
service: state=started enabled=yes name={{ item }}
with_items:
- httpd
- crond
- postfix
- postgresql
- name: send cron emails to desired address
lineinfile:
path: "{{ item }}"
regexp: "^MAILTO="
line: "MAILTO={{ mail_to }}"
with_items:
- /etc/anacrontab
- /etc/cron.d/0hourly
- /etc/crontab
############## backup related ##############
- name: copy root's ssh keys
shell: cp /mnt/data/root-ssh/* /root/.ssh/
when: env == "production"
- name: put pubkey from prod to stg
lineinfile:
path: "/root/.ssh/authorized_keys"
line: "{{ prod_pubkey }}"
when: env == "staging"
Reference in New Issue View Git Blame Copy Permalink