WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-20 03:57:02 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
a8714caab3df6e13e4b5d4fd0e412efc5bda47d2
fedora-infra_ansible/roles/anitya/fedmsg/tasks/main.yml

134 lines
3.3 KiB
YAML
Raw Blame History

---
# tasklist for setting up fedmsg
# This is the base set of files needed for fedmsg
- name: install needed packages
package: name={{ item }} state=present
with_items:
- fedmsg
- libsemanage-python
- python-psutil
- policycoreutils-python # This is in the kickstart now. Here for old hosts.
tags:
- packages
- anitya/fedmsg
# We use setgid here so that the monitoring sockets created by fedmsg services
# are accessible to the nrpe group.
- name: create a /var/run/fedmsg dir with setgid for monitoring.
file: >
dest=/var/run/fedmsg
mode=2775
owner=fedmsg
group=nrpe
state=directory
tags:
- anitya/fedmsg
- name: setup /etc/fedmsg.d directory
file: path=/etc/fedmsg.d owner=root group=root mode=0755 state=directory
tags:
- anitya/fedmsg
- config
# Any files that change need to restart any services that depend on them. A
# trick here is that some hosts have an httpd that uses fedmsg, while others do
# not. Some hosts have a fedmsg-hub that uses this config, while others do not.
# Our handlers in handlers/restart_services.yml are smart enough to
# *conditionally* restart these services, only if they are installed on the
# system.
- name: setup basic /etc/fedmsg.d/ contents
template: >
src="{{ item }}.j2"
dest="/etc/fedmsg.d/{{ item }}"
owner=root
group=root
mode=644
with_items:
- ssl.py
- relay.py
- logging.py
- base.py
tags:
- config
- fedmsgdconfig
- anitya/fedmsg
notify:
- reload httpd
- restart fedmsg-relay
- name: Remove unwanted files
file: dest=/etc/fedmsg.d/{{item}} state=absent
with_items:
- endpoints.py
tags:
- config
- fedmsgdconfig
- anitya/fedmsg
notify:
- reload httpd
- restart fedmsg-relay
- name: setup /etc/pki/fedmsg directory
file: path=/etc/pki/fedmsg owner=root group=root mode=0755 state=directory
tags:
- config
- anitya/fedmsg
- name: install fedmsg ca.cert
copy: >
src="{{ private }}/files/fedmsg-certs/keys/ca.crt"
dest=/etc/pki/fedmsg/ca.crt
owner=root
group=root
mode=0644
tags:
- config
- anitya/fedmsg
- name: fedmsg certs
copy: >
src="{{ private }}/files/fedmsg-certs/keys/{{item['service']}}-{{fedmsg_fqdn | default(inventory_hostname)}}.crt"
dest=/etc/pki/fedmsg/
mode=644
owner={{item['owner']}}
group={{item['group']}}
with_items:
- "{{ fedmsg_certs }}"
when: fedmsg_certs != []
tags:
- config
- anitya/fedmsg
- name: fedmsg keys
copy: >
src="{{ private }}/files/fedmsg-certs/keys/{{item['service']}}-{{fedmsg_fqdn | default(inventory_hostname)}}.key"
dest=/etc/pki/fedmsg/
mode=0640
owner={{item['owner']}}
group={{item['group']}}
with_items:
- "{{ fedmsg_certs }}"
when: fedmsg_certs != []
tags:
- config
- anitya/fedmsg
# Three tasks for handling our custom selinux module
- name: ensure a directory exists for our custom selinux module
file: dest=/usr/local/share/fedmsg state=directory
tags:
- anitya/fedmsg
- name: copy over our custom selinux module
copy: src=selinux/fedmsg.pp dest=/usr/local/share/fedmsg/fedmsg.pp
register: selinux_module
tags:
- anitya/fedmsg
- name: install our custom selinux module
command: semodule -i /usr/local/share/fedmsg/fedmsg.pp
when: selinux_module is changed
tags:
- anitya/fedmsg
Reference in New Issue View Git Blame Copy Permalink