roles/zuul_server/tasks/main.yaml - ci/ansible-cesnet - Gitiles

 - name: Prepeare Python env
   include_role:
     name: el7_centos_python_env

 - name: Install Zuul
   include_role:
     name: openstack.zuul
   vars:
     zuul_install_method: git
     zuul_git_version: 5fbc185236c6d66ab2e4c2a5fd53ea0202070273
     zuul_pip_executable: /opt/rh/rh-python36/root/bin/pip
     zuul_pip_extra_args: "--install-option='--install-scripts=/usr/local/bin'"
     zuul_file_zuul_conf_src: files/zuul/zuul.conf

 - name: Provision Zuul SSH directory
   file:
     path: /var/lib/zuul/.ssh
     state: directory
     owner: zuul
     group: zuul
     mode: 0700

 - name: Provision Zuul SSH private key
   copy:
     src: ../ansible-cesnet-secrets/zuul/id_rsa
     dest: /var/lib/zuul/.ssh/id_rsa
     owner: zuul
     group: zuul
     mode: 0600

 - name: Gerrit's SSH server pubkey
   file:
     path: /var/lib/zuul/.ssh/known_hosts
     state: touch
     owner: zuul
     group: zuul
     mode: 0600

 - name: Gerrit's SSH server pubkey content
   known_hosts:
     path: /var/lib/zuul/.ssh/known_hosts
     name: '[gerrit.cesnet.cz]:29418'
     key: '[gerrit.cesnet.cz]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCbNpJXucXZHmjFeAVQwc87AeUtyYDULfW/AVfkXbJ86JSzoMfV19GSfPf2v+lVVaEJKrHN4I4X2p2vuTiibFHHXRFuquxltQeAY1wMUthL+x67EfcvptPEslwR134HtNX+fJOrrBx2K2Qvj2/BT9JXQm62NbBBIpIrIyBiMUaCnw=='

 - name: Gerrit's SSH server pubkey content (IPv6 address)
   known_hosts:
     path: /var/lib/zuul/.ssh/known_hosts
     name: '[2001:718:1:1f:50:56ff:feee:163]:29418'
     key: '[2001:718:1:1f:50:56ff:feee:163]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCbNpJXucXZHmjFeAVQwc87AeUtyYDULfW/AVfkXbJ86JSzoMfV19GSfPf2v+lVVaEJKrHN4I4X2p2vuTiibFHHXRFuquxltQeAY1wMUthL+x67EfcvptPEslwR134HtNX+fJOrrBx2K2Qvj2/BT9JXQm62NbBBIpIrIyBiMUaCnw=='

 - name: fingergw firewall
   firewalld:
     zone: public
     permanent: yes
     state: enabled
     port: 79/tcp
     immediate: yes

 - name: Apache modules from SCL
   package:
     name: 'httpd24-{{ item }}'
     state: present
   with_items:
     - mod_md
     - mod_ssl
   notify:
     - restart apache

 - name: Apache firewall
   firewalld:
     zone: public
     permanent: yes
     immediate: yes
     state: enabled
     service: '{{ item }}'
   with_items:
     - http
     - https

 - name: mpm_prefork disabled
   lineinfile:
     path: /opt/rh/httpd24/root/etc/httpd/conf.modules.d/00-mpm.conf
     regexp: '^LoadModule mpm_prefork_module.*'
     state: absent
   notify:
     - restart apache

 - name: mpm_event enabled
   lineinfile:
     path: /opt/rh/httpd24/root/etc/httpd/conf.modules.d/00-mpm.conf
     line: 'LoadModule mpm_event_module modules/mod_mpm_event.so'
     state: present
   notify:
     - restart apache

 - name: remove default Apache server admin
   lineinfile:
     path: /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf
     regexp: '^ServerAdmin root.*'
     state: absent
   notify:
     - restart apache

 - name: Apache server admin jan.kundrat@cesnet.cz
   lineinfile:
     path: /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf
     line: 'ServerAdmin mailto:jan.kundrat@cesnet.cz'
     state: present
   notify:
     - restart apache

 - name: Apache LetsEncrypt agreement
   lineinfile:
     path: /opt/rh/httpd24/root/etc/httpd/conf.d/00-letsencrypt.conf
     create: yes
     line: 'MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
     state: present
   notify:
     - restart apache

 - name: Apache zuul vhost
   copy:
     dest: /opt/rh/httpd24/root/etc/httpd/conf.d/20-zuul.gerrit.cesnet.cz.conf
     src: files/zuul/vhost.conf
     mode: 0644
   notify:
     - restart apache

 - name: Apache service
   systemd:
     name: httpd24-httpd
     state: started
     enabled: yes
	- name: Prepeare Python env
	include_role:
	name: el7_centos_python_env

	- name: Install Zuul
	include_role:
	name: openstack.zuul
	vars:
	zuul_install_method: git
	zuul_git_version: 5fbc185236c6d66ab2e4c2a5fd53ea0202070273
	zuul_pip_executable: /opt/rh/rh-python36/root/bin/pip
	zuul_pip_extra_args: "--install-option='--install-scripts=/usr/local/bin'"
	zuul_file_zuul_conf_src: files/zuul/zuul.conf

	- name: Provision Zuul SSH directory
	file:
	path: /var/lib/zuul/.ssh
	state: directory
	owner: zuul
	group: zuul
	mode: 0700

	- name: Provision Zuul SSH private key
	copy:
	src: ../ansible-cesnet-secrets/zuul/id_rsa
	dest: /var/lib/zuul/.ssh/id_rsa
	owner: zuul
	group: zuul
	mode: 0600

	- name: Gerrit's SSH server pubkey
	file:
	path: /var/lib/zuul/.ssh/known_hosts
	state: touch
	owner: zuul
	group: zuul
	mode: 0600

	- name: Gerrit's SSH server pubkey content
	known_hosts:
	path: /var/lib/zuul/.ssh/known_hosts
	name: '[gerrit.cesnet.cz]:29418'
	key: '[gerrit.cesnet.cz]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCbNpJXucXZHmjFeAVQwc87AeUtyYDULfW/AVfkXbJ86JSzoMfV19GSfPf2v+lVVaEJKrHN4I4X2p2vuTiibFHHXRFuquxltQeAY1wMUthL+x67EfcvptPEslwR134HtNX+fJOrrBx2K2Qvj2/BT9JXQm62NbBBIpIrIyBiMUaCnw=='

	- name: Gerrit's SSH server pubkey content (IPv6 address)
	known_hosts:
	path: /var/lib/zuul/.ssh/known_hosts
	name: '[2001:718:1:1f:50:56ff:feee:163]:29418'
	key: '[2001:718:1:1f:50:56ff:feee:163]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCbNpJXucXZHmjFeAVQwc87AeUtyYDULfW/AVfkXbJ86JSzoMfV19GSfPf2v+lVVaEJKrHN4I4X2p2vuTiibFHHXRFuquxltQeAY1wMUthL+x67EfcvptPEslwR134HtNX+fJOrrBx2K2Qvj2/BT9JXQm62NbBBIpIrIyBiMUaCnw=='

	- name: fingergw firewall
	firewalld:
	zone: public
	permanent: yes
	state: enabled
	port: 79/tcp
	immediate: yes

	- name: Apache modules from SCL
	package:
	name: 'httpd24-{{ item }}'
	state: present
	with_items:
	- mod_md
	- mod_ssl
	notify:
	- restart apache

	- name: Apache firewall
	firewalld:
	zone: public
	permanent: yes
	immediate: yes
	state: enabled
	service: '{{ item }}'
	with_items:
	- http
	- https

	- name: mpm_prefork disabled
	lineinfile:
	path: /opt/rh/httpd24/root/etc/httpd/conf.modules.d/00-mpm.conf
	regexp: '^LoadModule mpm_prefork_module.*'
	state: absent
	notify:
	- restart apache

	- name: mpm_event enabled
	lineinfile:
	path: /opt/rh/httpd24/root/etc/httpd/conf.modules.d/00-mpm.conf
	line: 'LoadModule mpm_event_module modules/mod_mpm_event.so'
	state: present
	notify:
	- restart apache

	- name: remove default Apache server admin
	lineinfile:
	path: /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf
	regexp: '^ServerAdmin root.*'
	state: absent
	notify:
	- restart apache

	- name: Apache server admin jan.kundrat@cesnet.cz
	lineinfile:
	path: /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf
	line: 'ServerAdmin mailto:jan.kundrat@cesnet.cz'
	state: present
	notify:
	- restart apache

	- name: Apache LetsEncrypt agreement
	lineinfile:
	path: /opt/rh/httpd24/root/etc/httpd/conf.d/00-letsencrypt.conf
	create: yes
	line: 'MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
	state: present
	notify:
	- restart apache

	- name: Apache zuul vhost
	copy:
	dest: /opt/rh/httpd24/root/etc/httpd/conf.d/20-zuul.gerrit.cesnet.cz.conf
	src: files/zuul/vhost.conf
	mode: 0644
	notify:
	- restart apache

	- name: Apache service
	systemd:
	name: httpd24-httpd
	state: started
	enabled: yes