WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-30 21:41:53 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
7aa7553b84af5dc8efa78e9d8a4e50dde369052d
fedora-infra_ansible/roles/planet/tasks/main.yml
Aurélien Bompard d884a0f8ba Use the combined RabbitMQ CA cert in the clients 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2025-04-11 15:15:45 +02:00

347 lines
9.9 KiB
YAML
Raw Blame History

---
# tasks to setup a planet server
#
- name: Add planet group
group: name=planet-user gid=104 system=yes state=present
tags:
- planet_server
- name: Add planet user
user: name=planet-user uid=104 group=planet-user home=/srv/planet comment="People Planet Eater" createhome=yes system=yes shell=/bin/bash
tags:
- planet_server
- name: Add apache to planet group
user: name=apache append=yes groups=planet-user
tags:
- planet_server
- name: Install the planet packages (and fedora-messaging)
ansible.builtin.package: pkg={{item}} state=present
with_items:
- venus
- fedora-messaging
tags:
- planet_server
- name: Add base planet config directory
ansible.builtin.file: path=/etc/planet state=directory owner=root group=root mode=0775
tags:
- planet_server
- name: Copy the planet http config file
ansible.builtin.template: src=planet.conf dest=/etc/httpd/conf.d/planet.conf
tags:
- planet_server
- sslciphers
- name: Copy the run planet-config script into /usr/local/bin
ansible.builtin.copy: src=pull-run-planet-config.sh dest=/usr/local/bin/pull-run-planet-config.sh mode=755
tags:
- planet_server
- name: Copy the planetconfigbuilder.py script into /usr/local/bin
ansible.builtin.copy: src=planetconfigbuilder.py dest=/usr/local/bin/planetconfigbuilder.py mode=755
tags:
- planet_server
- name: Create planet directory
ansible.builtin.file: path={{ item }} state=directory owner=planet-user group=web mode=0775
with_items:
- /srv/planet
- /srv/planet/site
- /srv/planet/config
- name: Check the selinux context of the planet dir
ansible.builtin.command: matchpathcon "/srv/planet"
register: gitcontext
check_mode: no
changed_when: false
tags:
- config
- selinux
- planet_server
- name: Set the SELinux policy for the planet dir
ansible.builtin.command: semanage fcontext -a -t httpd_sys_content_t "/srv/planet(/.*)?"
when: gitcontext.stdout.find('httpd_sys_content_t') == -1
tags:
- config
- selinux
- planet_server
- name: Copy the run-planet script
ansible.builtin.copy: src=run-planet dest=/srv/planet/config/run-planet
tags:
- planet_server
#
# base planet.fedoraproject.org planet
#
- name: Create planet directory (people)
ansible.builtin.file: path={{ item }} state=directory owner=planet-user group=web mode=0775
with_items:
- /etc/planet/people
- /srv/planet/config/people
- name: Base planet config files
ansible.builtin.copy: src=people_base_config dest=/etc/planet/people_base_config mode=0644 owner=root group=root
tags:
- planet_server
- name: Copy the planet cron job (people)
ansible.builtin.copy: src=planet-cron dest=/etc/cron.d/planet-cron
tags:
- planet_server
#
# design
#
- name: Create planet directory (design)
ansible.builtin.file: path={{ item }} state=directory owner=planet-user group=web mode=0775
with_items:
- /etc/planet/design
- /srv/planet/config/design
- /srv/planet/config/design/cache
- /srv/planet/site/design
- name: Copy the planet cron job (design)
ansible.builtin.copy: src=sub-planets/design/planet-group.cron dest=/etc/cron.d/planet-design.cron
tags:
- planet_server
- name: Copy the planet fpbulder.conf (design)
ansible.builtin.copy: src=sub-planets/design/fpbuilder.conf dest=/etc/planet/design/fpbuilder.conf
tags:
- planet_server
- name: Copy the planet base_config (design)
ansible.builtin.copy: src=sub-planets/design/base_config dest=/etc/planet/design/base_config mode=0644 owner=root group=root
tags:
- planet_server
#
# desktop
#
- name: Create planet directory (desktop)
ansible.builtin.file: path={{ item }} state=directory owner=planet-user group=web mode=0775
with_items:
- /etc/planet/desktop
- /srv/planet/config/desktop
- /srv/planet/config/desktop/cache
- /srv/planet/site/desktop
- name: Copy the planet cron job (desktop)
ansible.builtin.copy: src=sub-planets/desktop/planet-group.cron dest=/etc/cron.d/planet-desktop.cron
tags:
- planet_server
- name: Copy the planet fpbulder.conf (desktop)
ansible.builtin.copy: src=sub-planets/desktop/fpbuilder.conf dest=/etc/planet/desktop/fpbuilder.conf
tags:
- planet_server
- name: Copy the planet base_config (desktop)
ansible.builtin.copy: src=sub-planets/desktop/base_config dest=/etc/planet/desktop/base_config mode=0644 owner=root group=root
tags:
- planet_server
#
# edited
#
- name: Create planet directory (edited)
ansible.builtin.file: path={{ item }} state=directory owner=planet-user group=web mode=0775
with_items:
- /etc/planet/edited
- /srv/planet/config/edited
- /srv/planet/config/edited/cache
- /srv/planet/site/edited
- name: Copy the planet cron job (edited)
ansible.builtin.copy: src=sub-planets/edited/planet-group.cron dest=/etc/cron.d/planet-edited.cron
tags:
- planet_server
- name: Copy the planet fpbulder.conf (edited)
ansible.builtin.copy: src=sub-planets/edited/fpbuilder.conf dest=/etc/planet/edited/fpbuilder.conf
tags:
- planet_server
- name: Copy the planet base_config (edited)
ansible.builtin.copy: src=sub-planets/edited/base_config dest=/etc/planet/edited/base_config mode=0644 owner=root group=root
tags:
- planet_server
#
# people
#
- name: Create planet directory (people)
ansible.builtin.file: path={{ item }} state=directory owner=planet-user group=web mode=0775
with_items:
- /etc/planet/people
- /srv/planet/config/people
- /srv/planet/config/people/cache
- /srv/planet/site/people
- name: Copy templates (people)
ansible.builtin.copy: src=sub-planets/people/{{ item }} dest=/srv/planet/config/people/ owner=planet-user group=planet-user
with_items:
- templates
tags:
- planet_server
- name: Copy the css and images (people)
synchronize: src=sub-planets/people/{{ item }}/ dest=/srv/planet/site/{{ item }}/
with_items:
- css-v2
- images-v2
tags:
- planet_server
- name: Copy the planet fpbulder.conf (people)
ansible.builtin.copy: src=fpbuilder.conf dest=/etc/planet/fpbuilder.conf
tags:
- planet_server
#
# security
#
- name: Create planet directory (security)
ansible.builtin.file: path={{ item }} state=directory owner=planet-user group=web mode=0775
with_items:
- /etc/planet/security
- /srv/planet/config/security
- /srv/planet/config/security/cache
- /srv/planet/site/security
- name: Copy the planet cron job (security)
ansible.builtin.copy: src=sub-planets/security/planet-group.cron dest=/etc/cron.d/planet-security.cron
tags:
- planet_server
- name: Copy the planet fpbulder.conf (security)
ansible.builtin.copy: src=sub-planets/security/fpbuilder.conf dest=/etc/planet/security/fpbuilder.conf
tags:
- planet_server
- name: Copy the planet base_config (security)
ansible.builtin.copy: src=sub-planets/security/base_config dest=/etc/planet/security/base_config mode=0644 owner=root group=root
tags:
- planet_server
#
# summer-coding
#
- name: Create planet directory (summer-coding)
ansible.builtin.file: path={{ item }} state=directory owner=planet-user group=web mode=0775
with_items:
- /etc/planet/summer-coding
- /srv/planet/config/summer-coding
- /srv/planet/config/summer-coding/cache
- /srv/planet/site/summer-coding
- name: Copy the planet cron job (summer-coding)
ansible.builtin.copy: src=sub-planets/summer-coding/planet-group.cron dest=/etc/cron.d/planet-summer-coding.cron
tags:
- planet_server
- name: Copy the planet fpbulder.conf (summer-coding)
ansible.builtin.copy: src=sub-planets/summer-coding/fpbuilder.conf dest=/etc/planet/summer-coding/fpbuilder.conf
tags:
- planet_server
- name: Copy the planet base_config (summer-coding)
ansible.builtin.copy: src=sub-planets/summer-coding/base_config dest=/etc/planet/summer-coding/base_config mode=0644 owner=root group=root
tags:
- planet_server
#
#
# QA
#
- name: Create planet directory (quality)
ansible.builtin.file: path={{ item }} state=directory owner=planet-user group=web mode=0775
with_items:
- /etc/planet/quality
- /srv/planet/config/quality
- /srv/planet/config/quality/cache
- /srv/planet/site/quality
- name: Copy the planet cron job (quality)
ansible.builtin.copy: src=sub-planets/quality/planet-group.cron dest=/etc/cron.d/planet-quality.cron
tags:
- planet_server
- name: Copy the planet fpbulder.conf (quality)
ansible.builtin.copy: src=sub-planets/quality/fpbuilder.conf dest=/etc/planet/quality/fpbuilder.conf
tags:
- planet_server
- name: Copy the planet base_config (quality)
ansible.builtin.copy: src=sub-planets/quality/base_config dest=/etc/planet/quality/base_config mode=0644 owner=root group=root
tags:
- planet_server
- name: Create /etc/pki/fedora-messaging
ansible.builtin.file:
dest: /etc/pki/fedora-messaging
mode: "0775"
owner: root
group: root
state: directory
tags:
- config
- planet_server
- name: Deploy the fedora-messaging CA
ansible.builtin.copy:
src: "{{ private }}/files/rabbitmq/{{env}}/ca-combined.crt"
dest: /etc/pki/fedora-messaging/rabbitmq-ca.crt
mode: "0644"
owner: root
group: root
tags:
- config
- planet_server
- name: Deploy the fedora-messaging cert
ansible.builtin.copy:
src: "{{ private }}/files/rabbitmq/{{env}}/pki/issued/planet{{env_suffix}}.crt"
dest: /etc/pki/fedora-messaging/planet.crt
mode: "0644"
owner: planet-user
group: planet-user
tags:
- config
- planet_server
- name: Deploy the fedora-messaging key
ansible.builtin.copy:
src: "{{ private }}/files/rabbitmq/{{env}}/pki/private/planet{{env_suffix}}.key"
dest: /etc/pki/fedora-messaging/planet.key
mode: "0600"
owner: planet-user
group: planet-user
tags:
- config
- planet_server
- name: Install fedora-messaging config
ansible.builtin.template:
src: fedora-messaging.toml.j2
dest: /etc/fedora-messaging/config.toml
owner: planet-user
group: planet-user
mode: "0600"
tags:
- config
- planet_server
Reference in New Issue View Git Blame Copy Permalink