fedora-infra_ansible/roles/supybot/tasks/main.yml

---
- name: Install limnoria package
  ansible.builtin.package: name={{ item }} state=present enablerepo=epel-testing
  with_items:
  - limnoria
  - supybot-fedora
  - supybot-koji
  - supybot-notify
  - supybot-meetbot
  - python3-sgmllib3k
  when: inventory_hostname.startswith('value02')
  tags: supybot

- set_fact: botname={{ botnames[env] }}

- name: Creating zodbot log dir
  ansible.builtin.file: path={{ item }} state=directory owner=daemon
  with_items:
  - /var/lib/{{ botname }}
  - /var/lib/{{ botname }}/conf
  - /var/lib/{{ botname }}/data
  - /var/lib/{{ botname }}/logs
  - /srv/web
  - /srv/web/meetbot
  tags: supybot

- name: Create teams directory
  ansible.builtin.file: path=/srv/web/meetbot/teams state=directory owner=apache group=apache mode=0755
  tags: supybot

- name: Create archives directory
  ansible.builtin.file: path=/srv/web/meetbot/archives state=directory owner=apache group=apache mode=0755
  tags: supybot

- name: Setup meetings_by_team script
  ansible.builtin.copy: src=meetings_by_team.sh dest=/usr/local/bin/meetings_by_team.sh mode=755
  tags: supybot

- name: Teams cron job
  cron:
    name: meetings-by-team
    hour: "23"
    minute: "0"
    user: apache
    job: "/usr/local/bin/meetings_by_team.sh"
    state: "{{ 'present' if inventory_hostname.startswith('value02') else 'absent' }}"
  tags: supybot

- name: Setup archive script
  ansible.builtin.copy: src=archive.sh dest=/usr/local/bin/archive.sh mode=755
  tags: supybot

- name: Teams cron job
  cron:
    name: archive
    hour: "23"
    minute: "30"
    user: apache
    job: "/usr/local/bin/archive.sh >& /dev/null"
    state: "{{ 'present' if inventory_hostname.startswith('value02') else 'absent' }}"
  tags: supybot
  when: inventory_hostname.startswith('value02')

- name: Setup meetbot.conf apache config
  ansible.builtin.copy: src=meetbot.conf dest=/etc/httpd/conf.d/meetbot.conf mode=644
  tags: supybot

- name: Check the selinux context of the /srv/web/meetbot dir
  ansible.builtin.command: matchpathcon /srv/web/meetbot
  register: context
  check_mode: no
  changed_when: "1 != 1"
  tags:
  - config
  - selinux
  - meetbot
  - supybot

- name: /srv/web/meetbot file contexts
  ansible.builtin.command: semanage fcontext -a -t httpd_sys_content_t "/srv/web/meetbot(/.*)?"
  when: context.stdout.find('httpd_sys_content_t') == -1
  tags:
  - config
  - selinux
  - meetbot
  - supybot

- name: Turn on httpd_use_nfs to allow meetbot-raw to serve meetings
  seboolean: name={{ item }} state=true persistent=true
  with_items:
  - httpd_use_nfs
  tags:
  - meetbot
  - config
  - selinux

  # Set up for fedora-messaging
- name: Create the RabbitMQ user
  import_role:
    name: rabbit/user
  vars:
    user_name: "{{ botnames[env] }}"
    user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.meetbot\..*
  when:
  - inventory_hostname.startswith('value02')

- name: Create /etc/pki/fedora-messaging
  ansible.builtin.file:
    dest: /etc/pki/fedora-messaging
    mode: "0775"
    state: directory
  when:
  - inventory_hostname.startswith('value02')
  tags:
  - config

- name: Deploy the fedora-messaging CA
  ansible.builtin.copy:
    src: "{{ private }}/files/rabbitmq/{{env}}/ca-combined.crt"
    dest: /etc/pki/fedora-messaging/rabbitmq-ca.crt
    mode: "0644"
    owner: daemon
    group: daemon
  when:
  - inventory_hostname.startswith('value02')
  tags:
  - config

- name: Deploy the fedora-messaging cert
  ansible.builtin.copy:
    src: "{{ private }}/files/rabbitmq/{{env}}/pki/issued/{{ botname }}.crt"
    dest: /etc/pki/fedora-messaging/{{ botname }}.crt
    mode: "0644"
    owner: daemon
    group: daemon
  when:
  - inventory_hostname.startswith('value02')
  tags:
  - config

- name: Deploy the fedora-messaging key
  ansible.builtin.copy:
    src: "{{ private }}/files/rabbitmq/{{env}}/pki/private/{{ botname }}.key"
    dest: /etc/pki/fedora-messaging/{{ botname }}.key
    mode: "0600"
    owner: daemon
    group: daemon
  when:
  - inventory_hostname.startswith('value02')
  tags:
  - config

- name: Install fedora-messaging config
  ansible.builtin.template:
    src: fedora-messaging.toml.j2
    dest: /etc/fedora-messaging/{{ botname }}.toml
    owner: daemon
    group: daemon
    mode: "0600"
  when:
  - inventory_hostname.startswith('value02')
  tags:
  - config

- name: Setup zodbot systemd service file (prod)
  ansible.builtin.copy: src=zodbot.service dest=/etc/systemd/system/zodbot.service
  when: env == "production"
  notify:
  - Reload systemd
  tags:
  - config
  - supybot

- name: Enable zodbot service (prod)
  service: name=zodbot state=started enabled=true
  when: env == "production" and inventory_hostname.startswith('value02')
  tags:
  - config
  - supybot

- name: Setup ursabot systemd service file (stg)
  ansible.builtin.copy: src=ursabot.service dest=/etc/systemd/system/ursabot.service
  when: env == "staging"
  notify:
  - Reload systemd
  tags:
  - config
  - supybot

- name: Enable ursabot service (stg)
  service: name=ursabot state=started enabled=true
  when: env == "staging"
  tags:
  - config
  - supybot

- name: Setup the SAR script for the meetbot logs
  ansible.builtin.copy: src=meetbot_sar.py dest=/usr/local/bin/meetbot_sar.py
        owner=root group=root mode=0700
  tags:
  - config
  - supybot
  - SAR
  - GDPR