WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-01 05:51:56 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
7aa7553b84af5dc8efa78e9d8a4e50dde369052d
fedora-infra_ansible/roles/mediawiki/tasks/main.yml
Aurélien Bompard d884a0f8ba Use the combined RabbitMQ CA cert in the clients 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2025-04-11 15:15:45 +02:00

287 lines
7.8 KiB
YAML
Raw Blame History

---
- name: Allow Apache to remotely connect to mysql
seboolean: name=httpd_can_network_connect_db state=yes persistent=yes
tags:
- mediawiki
- name: Allow Apache to remotely connect to wiki
seboolean: name=httpd_can_network_connect state=yes persistent=yes
tags:
- mediawiki
- name: Allow Apache to remotely connect to Memcached
seboolean: name=httpd_can_network_memcache state=yes persistent=yes
tags:
- mediawiki
- name: Allow Apache to talk to the wiki uploads dir over nfs
seboolean: name=httpd_use_nfs state=yes persistent=yes
tags:
- mediawiki
- name: Set sebooleans so apache can send emails
seboolean: name=httpd_can_sendmail state=yes persistent=yes
tags:
- mediawiki
- name: Set sebooleans so apache can build svgs
seboolean: name=httpd_setrlimit state=yes persistent=yes
tags:
- mediawiki
- name: Set sebooleans so apache can map files
seboolean: name=domain_can_mmap_files state=yes persistent=yes
tags:
- mediawiki
- name: Install needed packages
ansible.builtin.package:
state: present
name:
- "{{ wikiver }}"
- "{{ wikiver }}-Lockdown"
- "{{ wikiver }}-SpecialInterwiki"
- "{{ wikiver }}-RSS"
- mediawiki-FedoraBadges
- php-zmq
- php-pecl-uuid
- librsvg2-tools
- php-pgsql # For badges db access
- php-mbstring
- fedora-messaging
- composer
- git
tags:
- packages
- mediawiki
# mediawiki-OpenIDConnect here is pulled from the infra repo, which is also patched to add
# the FPCA check, and returns the message to the user:
# "You need to have signed the FPCA to log into the wiki"
- name: Install needed packages (fedora only)
ansible.builtin.package: name={{ item }} state=present
with_items:
- "{{ wikiver }}-skin-fedora"
- php-mysqlnd
- mediawiki-OpenIDConnect
- mediawiki-OpenIDConnectAPI
- php-rmccue-requests
- mediawiki-fedoradocsredirect
- mediawiki-backtick-code
tags:
- packages
- mediawiki
- name: Create /etc/pki/fedora-messaging
ansible.builtin.file:
dest: /etc/pki/fedora-messaging
mode: "0775"
owner: root
group: root
state: directory
tags:
- config
- mediawiki
- fedora-messaging
- name: Deploy the fedora-messaging CA
ansible.builtin.copy:
src: "{{ private }}/files/rabbitmq/{{env}}/ca-combined.crt"
dest: /etc/pki/fedora-messaging/cacert.pem
mode: "0644"
owner: root
group: root
tags:
- config
- mediawiki
- fedora-messaging
- name: Deploy the Fedora wiki fedora-messaging cert
ansible.builtin.copy:
src: "{{ private }}/files/rabbitmq/{{env}}/pki/issued/mediawiki{{env_suffix}}.crt"
dest: /etc/pki/fedora-messaging/mediawiki{{env_suffix}}-cert.pem
mode: "0644"
owner: root
group: root
tags:
- config
- mediawiki
- fedora-messaging
- name: Deploy the Fedora wiki fedora-messaging key
ansible.builtin.copy:
src: "{{ private }}/files/rabbitmq/{{env}}/pki/private/mediawiki{{env_suffix}}.key"
dest: /etc/pki/fedora-messaging/mediawiki{{env_suffix}}-key.pem
mode: "0640"
owner: root
group: apache
tags:
- config
- mediawiki
- fedora-messaging
- name: Install fedora-messaging config
ansible.builtin.template:
src: "fedora-messaging.toml"
dest: /etc/fedora-messaging/config.toml
owner: root
group: apache
mode: "0640"
tags:
- config
- mediawiki
- fedora-messaging
- name: Startup apache
service: name=httpd enabled=yes state=started
tags:
- mediawiki
- name: Fedora branding
ansible.builtin.copy: src=skins/ dest=/usr/share/{{ wikiver }}/skins owner=root group=root mode=775
tags:
- config
- mediawiki
- name: Creating wiki dir
ansible.builtin.file: path=/srv/web/{{wikiname}}-wiki owner=root group=root mode=755 state=directory
tags:
- mediawiki
# - name: Creating config dir
# ansible.builtin.file: src=/usr/share/{{ wikiver }}/config dest=/srv/web/{{wikiname}}/config owner=apache group=apache mode=755 state=directory
# tags:
# - mediawiki
# This doesn't seem to exist anymore in upstream....
# - name: Install utils
# ansible.builtin.file: src=/usr/share/{{ wikiver }}/install-utils.inc dest=/srv/web/{{wikiname}}-wiki/install-utils.inc state=link
# tags:
# - mediawiki
- name: Install localsettings
ansible.builtin.template: src=LocalSettings.php.{{wikiname}}.j2 dest=/srv/web/{{wikiname}}-wiki/LocalSettings.php owner=apache group=apache mode=600 setype=httpd_sys_content_t
notify: Reload httpd
tags:
- mediawiki
- localsettings
- name: Httpd conf
ansible.builtin.template: src=mediawiki-app.conf.j2 dest=/etc/httpd/conf.d/{{wikiname}}.conf
notify: Reload httpd
tags:
- mediawiki
- name: Linking index.php
ansible.builtin.file: dest=/srv/web/{{wikiname}}-wiki/index.php src=/usr/share/{{ wikiver }}/index.php state=link
tags:
- mediawiki
- name: Linkng api.php
ansible.builtin.file: dest=/srv/web/{{wikiname}}-wiki/api.php src=/usr/share/{{ wikiver }}/api.php state=link
tags:
- mediawiki
- name: Linking opensearch
ansible.builtin.file: dest=/srv/web/{{wikiname}}-wiki/opensearch_desc.php src=/usr/share/{{ wikiver }}/opensearch_desc.php state=link
tags:
- mediawiki
- name: Linking extensions
ansible.builtin.file: dest=/srv/web/{{wikiname}}-wiki/extensions src=/usr/share/{{ wikiver }}/extensions state=link
tags:
- mediawiki
- name: Linking includes
ansible.builtin.file: dest=/srv/web/{{wikiname}}-wiki/includes src=/usr/share/{{ wikiver }}/includes state=link
tags:
- mediawiki
- name: Linking languages
ansible.builtin.file: dest=/srv/web/{{wikiname}}-wiki/languages src=/usr/share/{{ wikiver }}/languages state=link
tags:
- mediawiki
- name: Linking maintenance
ansible.builtin.file: dest=/srv/web/{{wikiname}}-wiki/maintenance src=/usr/share/{{ wikiver }}/maintenance state=link
tags:
- mediawiki
# - name: Linking serialized
# ansible.builtin.file: dest=/srv/web/{{wikiname}}-wiki/serialized src=/usr/share/{{ wikiver }}/serialized state=link
# tags:
# - mediawiki
- name: Linking skins
ansible.builtin.file: dest=/srv/web/{{wikiname}}-wiki/skins src=/usr/share/{{ wikiver }}/skins state=link
tags:
- mediawiki
- name: Linking load
ansible.builtin.file: dest=/srv/web/{{wikiname}}-wiki/load.php src=/usr/share/{{ wikiver }}/load.php state=link
tags:
- mediawiki
- name: Linking resources
ansible.builtin.file: dest=/srv/web/{{wikiname}}-wiki/resources src=/usr/share/{{ wikiver }}/resources state=link
tags:
- mediawiki
- name: Linking vendor
ansible.builtin.file: dest=/srv/web/{{wikiname}}-wiki/vendor src=/usr/share/{{ wikiver }}/vendor state=link
tags:
- mediawiki
- name: Download the Fedora Messaging extension
git:
repo: https://github.com/fedora-infra/mediawiki-fedora-messaging.git
dest: /usr/share/{{ wikiver }}/extensions/FedoraMessaging
version: stable
register: result_git
tags:
- config
- mediawiki
- fedora-messaging
- name: Create a directory for the php dependencies
ansible.builtin.file:
path: /srv/web/fp-wiki/extensions/FedoraMessaging/vendor
owner: apache
group: apache
mode: "0755"
state: directory
tags:
- config
- mediawiki
- fedora-messaging
- name: Install the php dependencies
become: yes
become_user: apache
ansible.builtin.command:
cmd: composer install
chdir: /srv/web/fp-wiki/extensions/FedoraMessaging
when: result_git is changed
tags:
- config
- mediawiki
- fedora-messaging
- name: Ensure a directory exists for our SELinux policy
ansible.builtin.file: dest=/usr/local/share/selinux/ state=directory
tags: selinux
- name: Copy over our custom selinux policy
ansible.builtin.copy: src=selinux/mediawiki.pp dest=/usr/local/share/selinux/mediawiki.pp
register: selinux_module
tags:
- selinux
- mediawiki
- name: Install our custom selinux policy
ansible.builtin.command: semodule -i /usr/local/share/selinux/mediawiki.pp
when: selinux_module is changed
tags:
- selinux
- mediawiki
Reference in New Issue View Git Blame Copy Permalink