fedora-infra_ansible/roles/fedmsg/gateway/slave/tasks/main.yml

---
# Tasks to set up fedmsg-gateway-slave


- name: install needed packages
  package:
    state: present
    name:
    - fedmsg-gateway
    - stunnel
  tags:
  - packages
  - fedmsg/gateway
  - fedmsg/gateway/slave
  when: (ansible_distribution == 'RedHat' and ansible_distribution_major_version|int < 8) or (ansible_distribution_major_version|int < 30 and ansible_distribution == 'Fedora')

- name: install needed packages in a python 3 manner
  package:
    state: present
    name:
    - python3-fedmsg
    - stunnel
  tags:
  - packages
  - fedmsg/gateway
  - fedmsg/gateway/slave
  when: (ansible_distribution_major_version|int >= 30 and ansible_distribution == 'Fedora') or (ansible_distribution == 'RedHat' and ansible_distribution_major_version|int >= 8)


#- name: Apply fixing patch
#  patch: src=fixup.patch dest=/usr/lib/python2.7/site-packages/fedmsg/consumers/__init__.py
#  tags:
#  - packages
#  - fedmsg/gateway
#  - patch

- name: Copy in empty endpoints.py and gateway.py
  copy: src={{item}} dest=/etc/fedmsg.d/{{item}}
  with_items:
  - endpoints.py
  - gateway.py
  tags:
  - fedmsgdconfig
  - fedmsg
  - fedmsg/gateway
  - fedmsg/gateway/slave

- name: install /etc/fedmsg.d/fedmsg-gateway-slave.py
  template: src={{ item.file }}
            dest={{ item.dest }}
            owner=root group=root mode=0644
  with_items:
  - { file: fedmsg-gateway-slave.py.j2, dest: /etc/fedmsg.d/fedmsg-gateway-slave.py }
  tags:
  - fedmsgdconfig
  - fedmsg
  - fedmsg/gateway
  - fedmsg/gateway/slave


# Stunnel specific bits

- name: create directories
  file: path=/etc/{{ item }} state=directory
  with_items:
  - stunnel
  tags:
  - fedmsg/gateway
  - fedmsg/gateway/slave

- name: install stunnel service definition
  copy: src=stunnel.service
        dest=/usr/lib/systemd/system/stunnel.service
        owner=root group=root mode=0644
  notify:
  - reload systemd
  - restart stunnel
  tags:
  - fedmsg/gateway
  - fedmsg/gateway/slave

- name: ensure old stunnel init file is gone
  file: dest=/etc/init.d/stunnel/stunnel.init state=absent
  tags:
  - fedmsg/gateway
  - fedmsg/gateway/slave

- name: install stunnel.conf
  template: src={{ item.file }}
            dest={{ item.dest }}
            owner=root group=root mode=0600
  with_items:
  - { file: stunnel-conf.j2, dest: /etc/stunnel/stunnel.conf }
  notify: restart stunnel
  tags:
  - fedmsg/gateway
  - fedmsg/gateway/slave

- name: put our combined cert in place
  copy: >
    src={{private}}/files/httpd/wildcard-2020.fedoraproject.org.combined.cert
    dest=/etc/pki/tls/certs/wildcard-2020.fedoraproject.org.combined.cert
    owner=root group=root mode=0644
  notify: restart stunnel
  tags:
  - fedmsg/gateway
  - fedmsg/gateway/slave

- name: start the gateway for raw zeromq traffic
  service: name=fedmsg-gateway state=started enabled=yes
  tags:
  - fedmsg/gateway
  - fedmsg/gateway/slave
  when: (ansible_distribution == 'RedHat' and ansible_distribution_major_version|int < 8) or (ansible_distribution_major_version|int < 30 and ansible_distribution == 'Fedora')

- name: start the gateway for raw zeromq traffic
  service: name=fedmsg-gateway-3 state=started enabled=yes
  tags:
  - fedmsg/gateway
  - fedmsg/gateway/slave
  when: (ansible_distribution_major_version|int >= 30 and ansible_distribution == 'Fedora') or (ansible_distribution == 'RedHat' and ansible_distribution_major_version|int >= 8)

- name: start stunnel for websockets traffic
  service: name=stunnel state=started enabled=yes
  tags:
  - fedmsg/gateway
  - fedmsg/gateway/slave

- name: ensure that nrpe has rights to monitor us
  user:
    name: nrpe
    append: yes
    groups:
    - fedmsg
  ignore_errors: true
  tags:
  - fedmsgmonitor