roles/ci_logs_server/tasks/main.yml - ci/ansible-cesnet - Gitiles

 # NOTE: this is not a complete configuration, some bits are still done via Puppet

 - name: One user per each Zuul tenant
   user:
     name: "ci-logs-{{ item.tenant | lower }}"
     state: present
   with_items: "{{ ci_logs_zuul_tenants }}"

 - name: SSH auth key for each Zuul tenant
   authorized_key:
     user: "ci-logs-{{ item.tenant | lower }}"
     state: present
     key: "{{ item.pubkey }}"
   with_items: "{{ ci_logs_zuul_tenants }}"

 - name: htdocs for each Zuul tenant
   file:
     path: "/home/ci-logs-{{ item.tenant | lower }}/public_html"
     state: directory
     owner: "ci-logs-{{ item.tenant | lower }}"
     group: apache
     mode: 0755
   with_items: "{{ ci_logs_zuul_tenants }}"

 - name: home dir world-searchable for each Zuul tenant
   file:
     path: "/home/ci-logs-{{ item.tenant | lower }}"
     mode: 0711
   with_items: "{{ ci_logs_zuul_tenants }}"

 - name: Apache vhost for Zuul tenant logs
   copy:
     dest: "{{ ci_logs_apache_prefix }}/30-ci-logs-tenants.conf"
     content: |
       AliasMatch "^/t/([^/]+)/(.*)$" "/home/ci-logs-$1/public_html/$2"
       <DirectoryMatch "^/home/ci-logs-([^/]+)/public_html/">
         Options Indexes MultiViews SymLinksIfOwnerMatch
         RemoveType .gz
         AddEncoding gzip .gz
       </DirectoryMatch>
   notify:
     - restart apache

 - name: Mirror stuff for Buildroot
   file:
     path: "/home/ci-logs-public/public_html/mirror/buildroot"
     state: directory
     owner: "ci-logs-public"
     group: apache
     mode: 0755

 - name: Apache selinux user home
   seboolean:
     name: httpd_enable_homedirs
     state: yes
     persistent: yes

 # This is only needed becase certbot needs an HTTP vhost as well
 - name: Apache HTTPS redirect
   copy:
     dest: "{{ ci_logs_apache_prefix}}/10-ci-logs-https-redirect.conf"
     content: |
       <VirtualHost *:80>
         Redirect  / https://ci-logs.gerrit.cesnet.cz/
       </VirtualHost>
   notify:
     - restart apache
	# NOTE: this is not a complete configuration, some bits are still done via Puppet

	- name: One user per each Zuul tenant
	user:
	name: "ci-logs-{{ item.tenant \| lower }}"
	state: present
	with_items: "{{ ci_logs_zuul_tenants }}"

	- name: SSH auth key for each Zuul tenant
	authorized_key:
	user: "ci-logs-{{ item.tenant \| lower }}"
	state: present
	key: "{{ item.pubkey }}"
	with_items: "{{ ci_logs_zuul_tenants }}"

	- name: htdocs for each Zuul tenant
	file:
	path: "/home/ci-logs-{{ item.tenant \| lower }}/public_html"
	state: directory
	owner: "ci-logs-{{ item.tenant \| lower }}"
	group: apache
	mode: 0755
	with_items: "{{ ci_logs_zuul_tenants }}"

	- name: home dir world-searchable for each Zuul tenant
	file:
	path: "/home/ci-logs-{{ item.tenant \| lower }}"
	mode: 0711
	with_items: "{{ ci_logs_zuul_tenants }}"

	- name: Apache vhost for Zuul tenant logs
	copy:
	dest: "{{ ci_logs_apache_prefix }}/30-ci-logs-tenants.conf"
	content: \|
	AliasMatch "^/t/([^/]+)/(.*)$" "/home/ci-logs-$1/public_html/$2"
	<DirectoryMatch "^/home/ci-logs-([^/]+)/public_html/">
	Options Indexes MultiViews SymLinksIfOwnerMatch
	RemoveType .gz
	AddEncoding gzip .gz
	</DirectoryMatch>
	notify:
	- restart apache

	- name: Mirror stuff for Buildroot
	file:
	path: "/home/ci-logs-public/public_html/mirror/buildroot"
	state: directory
	owner: "ci-logs-public"
	group: apache
	mode: 0755

	- name: Apache selinux user home
	seboolean:
	name: httpd_enable_homedirs
	state: yes
	persistent: yes

	# This is only needed becase certbot needs an HTTP vhost as well
	- name: Apache HTTPS redirect
	copy:
	dest: "{{ ci_logs_apache_prefix}}/10-ci-logs-https-redirect.conf"
	content: \|
	<VirtualHost *:80>
	Redirect / https://ci-logs.gerrit.cesnet.cz/
	</VirtualHost>
	notify:
	- restart apache