mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-03-20 03:57:02 +08:00
110 lines
3.0 KiB
YAML
110 lines
3.0 KiB
YAML
---
|
|
- name: install needed packages
|
|
package: name={{ item }} state=present update_cache=yes
|
|
with_items:
|
|
- bzip2
|
|
- mod_ssl
|
|
- nfs-utils
|
|
tags:
|
|
- packages
|
|
|
|
- name: Create /srv/pub directory
|
|
file: path=/srv/pub state=directory
|
|
|
|
- name: Create /srv/web directory
|
|
file: path=/srv/web state=directory
|
|
|
|
## This is used by internal systems to get beta content
|
|
- name: Create /mnt/koji/compose directory
|
|
file: path=/mnt/koji/compose state=directory
|
|
|
|
- name: Set httpd_use_nfs seboolean
|
|
seboolean: name=httpd_use_nfs state=yes persistent=yes
|
|
|
|
- name: check the selinux context rsyncd log
|
|
command: matchpathcon /var/log/rsyncd-fedora.log
|
|
register: rsyncdlog
|
|
check_mode: no
|
|
changed_when: "1 != 1"
|
|
tags:
|
|
- config
|
|
- selinux
|
|
|
|
- name: /var/log/rsyncd-fedora.log file context
|
|
command: semanage fcontext -a -t rsync_log_t /var/log/rsyncd-fedora.log
|
|
when: rsyncdlog.stdout.find('rsync_log_t') == -1
|
|
tags:
|
|
- config
|
|
- selinux
|
|
|
|
- name: /etc/motd_fedora
|
|
template: src=rsync/motd_fedora.j2 dest=/etc/motd_fedora
|
|
|
|
- name: Configure logrotate for /var/log/rsyncd-fedora.log
|
|
copy: src=logrotate-rsync-fedora dest=/etc/logrotate.d/rsync-fedora
|
|
|
|
- name: check the selinux context pubdir
|
|
command: matchpathcon /srv/pub
|
|
register: pubdir
|
|
check_mode: no
|
|
changed_when: "1 != 1"
|
|
tags:
|
|
- config
|
|
- selinux
|
|
|
|
- name: /srv/pub file contexts
|
|
command: semanage fcontext -a -t httpd_sys_content_t "/srv/pub(/.*)?"
|
|
when: pubdir.stdout.find('httpd_sys_content_t') == -1
|
|
tags:
|
|
- config
|
|
- selinux
|
|
|
|
- name: Copy wildcard cert from puppet private
|
|
copy: src="{{private}}/files/httpd/wildcard-2020.fedoraproject.org.cert" dest=/etc/pki/tls/certs/wildcard-2020.fedoraproject.org.cert owner=root group=root mode=0644
|
|
|
|
- name: Copy wildcard key from puppet private
|
|
copy: src="{{private}}/files/httpd/wildcard-2020.fedoraproject.org.key" dest=/etc/pki/tls/private/wildcard-2020.fedoraproject.org.key owner=root group=root mode=0600
|
|
|
|
- name: Copy intermediate wildcard cert from puppet private
|
|
copy: src="{{private}}/files/httpd/wildcard-2020.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/certs/wildcard-2020.fedoraproject.org.intermediate.cert owner=root group=root mode=0644
|
|
|
|
- name: Configure httpd dl main conf
|
|
template: src=httpd/dl.fedoraproject.org.conf dest=/etc/httpd/conf.d/dl.fedoraproject.org.conf
|
|
tags:
|
|
- httpd
|
|
- config
|
|
- sslciphers
|
|
notify:
|
|
- reload httpd
|
|
|
|
- name: Make sure apache autoindex.conf is replaced with ours
|
|
copy: src=httpd/dl.fedoraproject.org/autoindex.conf dest=/etc/httpd/conf.d/autoindex.conf
|
|
tags:
|
|
- httpd
|
|
- config
|
|
notify:
|
|
- reload httpd
|
|
|
|
- name: Configure httpd dl sub conf
|
|
copy: src=httpd/dl.fedoraproject.org/ dest=/etc/httpd/conf.d/dl.fedoraproject.org/
|
|
tags:
|
|
- httpd
|
|
- config
|
|
notify:
|
|
- reload httpd
|
|
|
|
- name: Install haveged for entropy
|
|
package: name=haveged state=present
|
|
tags:
|
|
- httpd
|
|
- httpd/proxy
|
|
|
|
- name: Set haveged running/enabled
|
|
service: name=haveged enabled=yes state=started
|
|
tags:
|
|
- service
|
|
- httpd
|
|
- httpd/proxy
|
|
|
|
##
|