mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-05-12 02:46:20 +08:00
125 lines
2.9 KiB
YAML
125 lines
2.9 KiB
YAML
---
|
|
- import_tasks: "mount_fs.yml"
|
|
|
|
- name: install prerequisities
|
|
package: state=present pkg={{ item }}
|
|
with_items:
|
|
- postgresql-server
|
|
- postgresql-contrib
|
|
- python3-psycopg2
|
|
- libselinux-python
|
|
- libsemanage-python
|
|
- python3-virtualenv
|
|
- community-mysql-devel
|
|
- openldap-devel
|
|
- python3-pip
|
|
- gcc
|
|
- git
|
|
- httpd
|
|
- python3-mod_wsgi
|
|
- policycoreutils-python
|
|
- postfix
|
|
- mod_ssl
|
|
- letsencrypt
|
|
|
|
- name: configure postfix for email encryption and not relaying to bastion
|
|
command: "{{ item }}"
|
|
with_items:
|
|
- postconf -e 'smtpd_tls_cert_file = /etc/letsencrypt/live/{{ server_name }}/fullchain.pem'
|
|
- postconf -e 'smtpd_tls_key_file = /etc/letsencrypt/live/{{ server_name }}/privkey.pem'
|
|
- postconf -e 'smtp_use_tls = yes'
|
|
- postconf -e 'relayhost ='
|
|
|
|
- git:
|
|
repo: https://git.linux-kernel.at/oliver/ivatar.git
|
|
dest: /srv/libravatar
|
|
version: "{{ git_branch }}"
|
|
ignore_errors: yes
|
|
|
|
- pip:
|
|
requirements: requirements.txt
|
|
virtualenv: /mnt/data/.virtualenv
|
|
virtualenv_command: virtualenv-3
|
|
chdir: /srv/libravatar
|
|
|
|
- name: copy run-in-venv script
|
|
shell: cp /mnt/data/run-in-venv /usr/local/bin
|
|
|
|
- name: 'postgresql host is localhost'
|
|
lineinfile:
|
|
dest: '/etc/hosts'
|
|
line: '127.0.0.1 postgresql'
|
|
state: 'present'
|
|
tags:
|
|
- config
|
|
|
|
- name: copy pg_hba.conf
|
|
copy: src="pg/{{ item }}" dest="/var/lib/pgsql/data/{{ item }}"
|
|
with_items:
|
|
- pg_hba.conf
|
|
notify:
|
|
- restart postgresql
|
|
tags:
|
|
- config
|
|
|
|
- name: ensure postgresql state
|
|
service: state=started enabled=yes name=postgresql
|
|
|
|
- name: upgrade db to head
|
|
command: "run-in-venv python3 manage.py migrate"
|
|
args:
|
|
chdir: /srv/libravatar
|
|
|
|
- name: collect static
|
|
command: "run-in-venv python3 manage.py collectstatic --noinput"
|
|
args:
|
|
chdir: /srv/libravatar
|
|
|
|
- name: set correct file attributes for /srv/libravatar
|
|
file:
|
|
path: /srv/libravatar
|
|
owner: apache
|
|
group: apache
|
|
state: directory
|
|
recurse: yes
|
|
|
|
- name: set fcontext for /srv/libravatar
|
|
sefcontext:
|
|
target: '/srv/libravatar(/.*)?'
|
|
setype: httpd_sys_content_t
|
|
state: present
|
|
|
|
- name: Apply new SELinux file context to filesystem
|
|
command: restorecon -ir /srv/libravatar
|
|
|
|
- name: Allow libravatar connect to db remote services
|
|
seboolean:
|
|
name: "{{ item }}"
|
|
state: yes
|
|
persistent: yes
|
|
with_items:
|
|
- httpd_can_network_connect_db
|
|
- httpd_can_network_connect
|
|
- nis_enabled
|
|
|
|
- name: Allow Apache use psyco shared lib in virtualenv with httpd_sys_content_t type
|
|
seboolean:
|
|
name: httpd_unified
|
|
state: yes
|
|
persistent: yes
|
|
|
|
- name: copy apache files to conf.d (templates)
|
|
template: src="httpd/{{ item }}" dest="/etc/httpd/conf.d/{{ item }}"
|
|
with_items:
|
|
- "libravatar.conf"
|
|
- "libravatar-app.include"
|
|
notify:
|
|
- reload httpd
|
|
tags:
|
|
- config
|
|
|
|
- name: ensure httpd state
|
|
service: state=started enabled=yes name={{ item }}
|
|
with_items:
|
|
- httpd
|