Gitiles
Code Review Sign In
gerrit.cesnet.cz / ci / ansible-cesnet / 031422bd25199ca714dd8548b24c1f9fa1955c62 / . / roles / zuul_server / tasks / main.yaml
blob: 22fbaca1ea60616cd463c91b342d4b3171b8fb75 [file] [log] [blame]
Jan Kundrát1c2bb582019-01-10 19:30:43 +0100[diff] [blame]1- name: Prepeare Python env
2 include_role:
3 name: el7_centos_python_env
4
Jan Kundrát031422b2019-01-14 17:11:03 +0100[diff] [blame^]5
6# PostgreSQL reporter from Zuul
7- name: PostgreSQL 10 packages and Python bindings
8 package:
9 name: '{{ item }}'
10 state: present
11 with_items:
12 - rh-python36-python-psycopg2
13 - rh-postgresql10-postgresql-syspaths
14 - python-psycopg2
15
16- name: PostgreSQL 10 server package
17 package:
18 name: rh-postgresql10-postgresql-server
19 state: present
20
21- name: postgresql 10 initdb
22 command: '/opt/rh/rh-postgresql10/root/usr/bin/postgresql-setup --initdb'
23 args:
24 creates: /var/opt/rh/rh-postgresql10/lib/pgsql/data/PG_VERSION
25 become: true
26 become_user: postgres
27
28- name: PostgreSQL 10 server service
29 systemd:
30 name: rh-postgresql10-postgresql
31 state: started
32 enabled: yes
33
34- name: PostgreSQL Zuul DB
35 become: yes
36 become_user: postgres
37 postgresql_db:
38 name: zuul
39 state: present
40
41- name: PostgreSQL Zuul role
42 become: yes
43 become_user: postgres
44 postgresql_user:
45 db: zuul
46 name: zuul
47 priv: "ALL"
48
Jan Kundrátecaf7a32019-01-11 13:00:14 +0100[diff] [blame]49# TODO: this is always marked as 'changed' for some reason...
Jan Kundrát1c2bb582019-01-10 19:30:43 +0100[diff] [blame]50- name: Install Zuul
51 include_role:
52 name: openstack.zuul
53 vars:
Jan Kundrát9ada9b52019-01-11 12:20:28 +0100[diff] [blame]54 zuul_install_method: pip
55 zuul_git_version: '3.3.1'
Jan Kundrát1c2bb582019-01-10 19:30:43 +0100[diff] [blame]56 zuul_pip_executable: /opt/rh/rh-python36/root/bin/pip
57 zuul_pip_extra_args: "--install-option='--install-scripts=/usr/local/bin'"
58 zuul_file_zuul_conf_src: files/zuul/zuul.conf
Jan Kundrát74982a62019-01-11 13:17:15 +0100[diff] [blame]59 zuul_file_main_yaml_src: files/zuul/main.yaml
Jan Kundrát1c2bb582019-01-10 19:30:43 +0100[diff] [blame]60
61- name: Provision Zuul SSH directory
62 file:
63 path: /var/lib/zuul/.ssh
64 state: directory
65 owner: zuul
66 group: zuul
67 mode: 0700
68
69- name: Provision Zuul SSH private key
70 copy:
71 src: ../ansible-cesnet-secrets/zuul/id_rsa
72 dest: /var/lib/zuul/.ssh/id_rsa
73 owner: zuul
74 group: zuul
75 mode: 0600
76
Jan Kundrátecaf7a32019-01-11 13:00:14 +0100[diff] [blame]77# TODO: this is buggy, `touch` always updates...
Jan Kundrát1c2bb582019-01-10 19:30:43 +0100[diff] [blame]78- name: Gerrit's SSH server pubkey
79 file:
80 path: /var/lib/zuul/.ssh/known_hosts
81 state: touch
82 owner: zuul
83 group: zuul
84 mode: 0600
85
86- name: Gerrit's SSH server pubkey content
87 known_hosts:
88 path: /var/lib/zuul/.ssh/known_hosts
89 name: '[gerrit.cesnet.cz]:29418'
90 key: '[gerrit.cesnet.cz]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCbNpJXucXZHmjFeAVQwc87AeUtyYDULfW/AVfkXbJ86JSzoMfV19GSfPf2v+lVVaEJKrHN4I4X2p2vuTiibFHHXRFuquxltQeAY1wMUthL+x67EfcvptPEslwR134HtNX+fJOrrBx2K2Qvj2/BT9JXQm62NbBBIpIrIyBiMUaCnw=='
91
92- name: Gerrit's SSH server pubkey content (IPv6 address)
93 known_hosts:
94 path: /var/lib/zuul/.ssh/known_hosts
95 name: '[2001:718:1:1f:50:56ff:feee:163]:29418'
96 key: '[2001:718:1:1f:50:56ff:feee:163]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCbNpJXucXZHmjFeAVQwc87AeUtyYDULfW/AVfkXbJ86JSzoMfV19GSfPf2v+lVVaEJKrHN4I4X2p2vuTiibFHHXRFuquxltQeAY1wMUthL+x67EfcvptPEslwR134HtNX+fJOrrBx2K2Qvj2/BT9JXQm62NbBBIpIrIyBiMUaCnw=='
97
98- name: fingergw firewall
99 firewalld:
100 zone: public
101 permanent: yes
102 state: enabled
103 port: 79/tcp
104 immediate: yes
Jan Kundrát84eff462019-01-11 11:19:06 +0100[diff] [blame]105
106- name: Apache modules from SCL
107 package:
108 name: 'httpd24-{{ item }}'
109 state: present
110 with_items:
111 - mod_md
112 - mod_ssl
113 notify:
114 - restart apache
115
116- name: Apache firewall
117 firewalld:
118 zone: public
119 permanent: yes
120 immediate: yes
121 state: enabled
122 service: '{{ item }}'
123 with_items:
124 - http
125 - https
126
127- name: mpm_prefork disabled
128 lineinfile:
129 path: /opt/rh/httpd24/root/etc/httpd/conf.modules.d/00-mpm.conf
130 regexp: '^LoadModule mpm_prefork_module.*'
131 state: absent
132 notify:
133 - restart apache
134
135- name: mpm_event enabled
136 lineinfile:
137 path: /opt/rh/httpd24/root/etc/httpd/conf.modules.d/00-mpm.conf
138 line: 'LoadModule mpm_event_module modules/mod_mpm_event.so'
139 state: present
140 notify:
141 - restart apache
142
143- name: remove default Apache server admin
144 lineinfile:
145 path: /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf
146 regexp: '^ServerAdmin root.*'
147 state: absent
148 notify:
149 - restart apache
150
151- name: Apache server admin jan.kundrat@cesnet.cz
152 lineinfile:
153 path: /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf
154 line: 'ServerAdmin mailto:jan.kundrat@cesnet.cz'
155 state: present
156 notify:
157 - restart apache
158
159- name: Apache LetsEncrypt agreement
160 lineinfile:
161 path: /opt/rh/httpd24/root/etc/httpd/conf.d/00-letsencrypt.conf
162 create: yes
163 line: 'MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
164 state: present
165 notify:
166 - restart apache
167
168- name: Apache zuul vhost
169 copy:
170 dest: /opt/rh/httpd24/root/etc/httpd/conf.d/20-zuul.gerrit.cesnet.cz.conf
171 src: files/zuul/vhost.conf
172 mode: 0644
173 notify:
174 - restart apache
175
176- name: Apache service
177 systemd:
178 name: httpd24-httpd
179 state: started
180 enabled: yes