WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-30 21:41:53 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
9523dadd164dfd82f33bbf8564d5deffc6a9ddbe
fedora-infra_ansible/roles/copr/dist_git/tasks/main.yml

169 lines
5.2 KiB
YAML
Raw Blame History

- include: "mount_fs.yml"
#- copy: src="dist-git-epel-7.repo" dest="/etc/yum.repos.d/"
# pre-create users/groups and copy uids/gids from the current prod copr-dist-git
- group: name="packager" state=present gid=987
- group: name="cvsadmin" state=present gid=1001
- group: name="copr-dist-git" state=present gid=1002
- group: name="copr-service" state=present gid=1003
- name: create user for git repos
user: name="copr-dist-git" group=copr-dist-git groups=cvsadmin,packager uid=1001
- name: create user for copr-dist-git service
user: name="copr-service" group=copr-service groups=packager,docker,apache,mock generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa uid=1002
- name: enable copr dist-git repo
shell: "dnf -y copr enable clime/dist-git"
when: devel
- name: install dist-git
dnf: state=latest name="dist-git"
- name: set home for copr-dist-git user
user: name="copr-dist-git" home=/srv/git
when: devel
- name: install packages
dnf: state=present name={{ item }}
with_items:
#- epel-release
- cgit
# - dist-git
- copr-dist-git
- rdiff-backup
- tmpwatch
- name: install copr-dist-git
dnf: state=latest name={{ item }}
with_items:
- copr-dist-git
- name: switch selinux to permissive
selinux: policy=targeted state=permissive
- name: ensure git storage path exists
file: path="/var/lib/dist-git/git" state=directory group=packager mode=0775
#- file: path="/var/lib/dist-git/git/pkgs-git-repos-list" state=file group=packager
# - file: path="/var/lib/dist-git/git/rpms/" state=directory group=packager
when: not devel
- name: install packages which should be added as requirements
dnf: state=present name={{ item }}
with_items:
- pyrpkg
- name: make sure directories are owned by copr-service user
file: path={{ item }} owner=copr-service group=copr-service state=directory recurse=yes
with_items:
- /var/lib/copr-dist-git/
- /var/log/copr-dist-git/
- name: make sure directories are owned by copr-service:packager user
file: path=/var/lib/dist-git/git owner=copr-service group=packager
when: not devel
- name: make sure directories are owned by root:root user
file: path=/srv/git owner=root group=root mode=0755
when: devel
# set ssh key, so that copr-service could access gitolite
- name: read pub key into var
command: cat /home/copr-service/.ssh/id_rsa.pub
register: cat_pubkey
check_mode: no
changed_when: false
- set_fact: pubkey="{{cat_pubkey.stdout|join('')}}"
- debug: msg={{pubkey}}
- name: prepare authorized key, so copr-service could interact with gitolite
authorized_key: user="copr-dist-git" key="{{pubkey}}"
when: devel
- name: set correct selinux policy for copr-dist-git's .ssh dir
shell: 'semanage fcontext -a -t ssh_home_t "/srv/git/.ssh(/.*)?" && restorecon -R /srv/git/.ssh'
when: devel
- name: prepare authorized key, so copr-service could interact with gitolite
authorized_key: user="copr-dist-git" key="{{pubkey}}" key_options="command=\"HOME=/var/lib/dist-git/git/ /usr/share/gitolite3/gitolite-shell $USER \"'"
when: not devel
## keys done
- name: install config for copr-dist-git
template: src=copr-dist-git.conf.j2 dest=/etc/copr/copr-dist-git.conf mode=0644
tags:
- config
- name: set git variables for copr-service user
copy: src=".gitconfig" dest="/home/copr-service/.gitconfig"
- name: set git config username
git_config: name=user.name scope=global value="Copr dist git"
- name: install httpd config to serve lookaside and smart-git
copy: src="httpd/dist-git/{{ item }}" dest="/etc/httpd/conf.d/dist-git/{{ item }}"
with_items:
- lookaside.conf
- lookaside-copr.conf
- git-smart-http.conf
tags:
- config
notify:
- reload httpd
- name: install copr-dist-git httpd config
copy: src="httpd/{{ item }}" dest="/etc/httpd/conf.d/{{ item }}"
with_items:
- copr-dist-git.conf
tags:
- config
notify:
- reload httpd
- copy: src="dist-git.conf" dest="/etc/dist-git/dist-git.conf" mode=0644
tags:
- config
- copy: src="copr-dist-git.hourly" dest="/etc/cron.hourly/copr-dist-git" mode=755
tags:
- config
- copy: src="ssh_config" dest="/home/copr-service/.ssh/config" owner=copr-service group=copr-service mode=0600
- template: src="cgitrc" dest="/etc/cgitrc" owner=root group=root mode=0644
- template: src="cgitrc.slow" dest="/etc/cgitrc.slow" owner=root group=root mode=0644
- command: "/usr/share/dist-git/dist_git_sync.sh"
when: not devel
- name: allow httpd to run cgit
seboolean: name=httpd_enable_cgi state=true persistent=true
- name: install robots.txt
copy: src="robots.txt" dest="/var/www/html/" mode=0644
tags:
- config
- name: set up tmpwatch cron job
cron: name="clean tmp" minute="0" job="/usr/sbin/tmpwatch 2h /tmp/"
- name: ensure that services are enabled and started
service: name="{{ item }}" enabled=yes state=started
with_items:
- "httpd"
- "dist-git.socket"
- "copr-dist-git"
- name: Create /var/cache/cgit/repo-list.rc if does not exists (it last 30 minutes to generate)
command: /etc/cron.hourly/copr-dist-git creates=/var/cache/cgit/repo-list.rc
- name: install dist-git-selinux package
dnf: state=present name={{ item }}
with_items:
- dist-git-selinux # this takes several hours to finish due to fs relabelling
Reference in New Issue View Git Blame Copy Permalink