mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-04-28 04:22:18 +08:00
98 lines
2.0 KiB
YAML
98 lines
2.0 KiB
YAML
---
|
|
- name: modify selinux so that httpd can serve data from NFS shares if needed
|
|
seboolean:
|
|
name: "{{item}}"
|
|
state: yes
|
|
persistent: yes
|
|
when: "'enabled' in ansible_selinux.status"
|
|
with_items:
|
|
# For requesting UserInfo from ipsilon.
|
|
- httpd_execmem
|
|
# For accessing /srv/odcs/
|
|
- httpd_use_nfs
|
|
tags:
|
|
- odcs
|
|
- odcs/frontend
|
|
- selinux
|
|
|
|
- name: create ODCS_TARGET_DIR
|
|
file:
|
|
path: "{{ odcs_target_dir }}"
|
|
state: directory
|
|
owner: apache
|
|
group: apache
|
|
mode: 0777
|
|
# recurse: yes
|
|
follow: no
|
|
tags:
|
|
- odcs
|
|
- odcs/frontend
|
|
|
|
- name: generate the ODCS Apache config
|
|
template:
|
|
src: etc/httpd/conf.d/odcs.conf.j2
|
|
dest: /etc/httpd/conf.d/odcs.conf
|
|
owner: apache
|
|
group: apache
|
|
mode: 0440
|
|
notify:
|
|
- reload apache
|
|
tags:
|
|
- odcs
|
|
- odcs/frontend
|
|
|
|
- name: Disable PrivateTmp=true in httpd.service.
|
|
lineinfile:
|
|
path: /usr/lib/systemd/system/httpd.service
|
|
regexp: '^PrivateTmp'
|
|
line: 'PrivateTmp=false'
|
|
notify:
|
|
- reload systemd
|
|
- restart apache
|
|
tags:
|
|
- odcs
|
|
- odcs/frontend
|
|
|
|
- name: ensure selinux lets httpd talk to postgres
|
|
seboolean: name={{item}} state=yes persistent=yes
|
|
with_items:
|
|
- httpd_can_network_connect_db
|
|
- httpd_can_network_connect
|
|
when: "'enabled' in ansible_selinux.status"
|
|
tags:
|
|
- odcs
|
|
- odcs/frontend
|
|
- selinux
|
|
|
|
- name: make httpd logs world readable
|
|
file:
|
|
name: /var/log/httpd
|
|
state: directory
|
|
mode: 0755
|
|
tags:
|
|
- odcs
|
|
- odcs/frontend
|
|
|
|
# This will initialize Alembic if the database is empty, and migrate to the
|
|
# latest revision
|
|
- name: migrate the database
|
|
command: "{{ item }}"
|
|
with_items:
|
|
- odcs-manager upgradedb
|
|
- odcs-manager db migrate
|
|
become: yes
|
|
become_user: odcs
|
|
when: odcs_migrate_db
|
|
tags:
|
|
- odcs
|
|
- odcs/frontend
|
|
|
|
- name: install cron job for cleanup msg
|
|
cron:
|
|
name="Send ODCS cleanup message"
|
|
job="/usr/bin/echo '{}'| fedmsg-logger --cert-prefix odcs --topic odcs.internal.msg --json-input"
|
|
tags:
|
|
- odcs
|
|
- odcs/frontend
|
|
|