WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-20 03:57:02 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
c04dd50fbfe6f24b20784d8a8fc717748a4c83e4
fedora-infra_ansible/roles/fedmsg/gateway/slave/tasks/main.yml
Kevin Fenzi c04dd50fbf certificates: move to new 2024 wildcard fedoraproject.org cert 
The old one expires in about 57 days, but might as well just renew it
early and avoid problems later.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2024-10-03 16:50:01 -07:00

139 lines
3.6 KiB
YAML
Raw Blame History

---
# Tasks to set up fedmsg-gateway-slave
- name: install needed packages
package:
state: present
name:
- fedmsg-gateway
- stunnel
tags:
- packages
- fedmsg/gateway
- fedmsg/gateway/slave
when: (ansible_distribution == 'RedHat' and ansible_distribution_major_version|int < 8) or (ansible_distribution_major_version|int < 30 and ansible_distribution == 'Fedora')
- name: install needed packages in a python 3 manner
package:
state: present
name:
- python3-fedmsg
- stunnel
tags:
- packages
- fedmsg/gateway
- fedmsg/gateway/slave
when: (ansible_distribution_major_version|int >= 30 and ansible_distribution == 'Fedora') or (ansible_distribution == 'RedHat' and ansible_distribution_major_version|int >= 8)
#- name: Apply fixing patch
# patch: src=fixup.patch dest=/usr/lib/python2.7/site-packages/fedmsg/consumers/__init__.py
# tags:
# - packages
# - fedmsg/gateway
# - patch
- name: Copy in empty endpoints.py and gateway.py
copy: src={{item}} dest=/etc/fedmsg.d/{{item}}
with_items:
- endpoints.py
- gateway.py
tags:
- fedmsgdconfig
- fedmsg
- fedmsg/gateway
- fedmsg/gateway/slave
- name: install /etc/fedmsg.d/fedmsg-gateway-slave.py
template: src={{ item.file }}
dest={{ item.dest }}
owner=root group=root mode=0644
with_items:
- { file: fedmsg-gateway-slave.py.j2, dest: /etc/fedmsg.d/fedmsg-gateway-slave.py }
tags:
- fedmsgdconfig
- fedmsg
- fedmsg/gateway
- fedmsg/gateway/slave
# Stunnel specific bits
- name: create directories
file: path=/etc/{{ item }} state=directory
with_items:
- stunnel
tags:
- fedmsg/gateway
- fedmsg/gateway/slave
- name: install stunnel service definition
copy: src=stunnel.service
dest=/usr/lib/systemd/system/stunnel.service
owner=root group=root mode=0644
notify:
- reload systemd
- restart stunnel
tags:
- fedmsg/gateway
- fedmsg/gateway/slave
- name: ensure old stunnel init file is gone
file: dest=/etc/init.d/stunnel/stunnel.init state=absent
tags:
- fedmsg/gateway
- fedmsg/gateway/slave
- name: install stunnel.conf
template: src={{ item.file }}
dest={{ item.dest }}
owner=root group=root mode=0600
with_items:
- { file: stunnel-conf.j2, dest: /etc/stunnel/stunnel.conf }
notify: restart stunnel
tags:
- fedmsg/gateway
- fedmsg/gateway/slave
- name: put our combined cert in place
copy: >
src={{private}}/files/httpd/wildcard-2024.fedoraproject.org.combined.cert
dest=/etc/pki/tls/certs/wildcard-2024.fedoraproject.org.combined.cert
owner=root group=root mode=0644
notify: restart stunnel
tags:
- fedmsg/gateway
- fedmsg/gateway/slave
- name: start the gateway for raw zeromq traffic
service: name=fedmsg-gateway state=started enabled=yes
tags:
- fedmsg/gateway
- fedmsg/gateway/slave
when: (ansible_distribution == 'RedHat' and ansible_distribution_major_version|int < 8) or (ansible_distribution_major_version|int < 30 and ansible_distribution == 'Fedora')
- name: start the gateway for raw zeromq traffic
service: name=fedmsg-gateway-3 state=started enabled=yes
tags:
- fedmsg/gateway
- fedmsg/gateway/slave
when: (ansible_distribution_major_version|int >= 30 and ansible_distribution == 'Fedora') or (ansible_distribution == 'RedHat' and ansible_distribution_major_version|int >= 8)
- name: start stunnel for websockets traffic
service: name=stunnel state=started enabled=yes
tags:
- fedmsg/gateway
- fedmsg/gateway/slave
- name: ensure that nrpe has rights to monitor us
user:
name: nrpe
append: yes
groups:
- fedmsg
ignore_errors: true
tags:
- fedmsgmonitor
Reference in New Issue View Git Blame Copy Permalink