Gitiles
Code Review Sign In
gerrit.cesnet.cz / ci / ansible-cesnet / 84eff4655a442cafa83dca70c4ba8895bd42768e / . / roles / zuul_server / tasks / main.yaml
blob: 4bc37b7eedbfe6d4724d1afec32f1684583b5295 [file] [log] [blame]
Jan Kundrát1c2bb582019-01-10 19:30:43 +0100[diff] [blame]1- name: Prepeare Python env
2 include_role:
3 name: el7_centos_python_env
4
5- name: Install Zuul
6 include_role:
7 name: openstack.zuul
8 vars:
9 zuul_install_method: git
10 zuul_git_version: 5fbc185236c6d66ab2e4c2a5fd53ea0202070273
11 zuul_pip_executable: /opt/rh/rh-python36/root/bin/pip
12 zuul_pip_extra_args: "--install-option='--install-scripts=/usr/local/bin'"
13 zuul_file_zuul_conf_src: files/zuul/zuul.conf
14
15- name: Provision Zuul SSH directory
16 file:
17 path: /var/lib/zuul/.ssh
18 state: directory
19 owner: zuul
20 group: zuul
21 mode: 0700
22
23- name: Provision Zuul SSH private key
24 copy:
25 src: ../ansible-cesnet-secrets/zuul/id_rsa
26 dest: /var/lib/zuul/.ssh/id_rsa
27 owner: zuul
28 group: zuul
29 mode: 0600
30
31- name: Gerrit's SSH server pubkey
32 file:
33 path: /var/lib/zuul/.ssh/known_hosts
34 state: touch
35 owner: zuul
36 group: zuul
37 mode: 0600
38
39- name: Gerrit's SSH server pubkey content
40 known_hosts:
41 path: /var/lib/zuul/.ssh/known_hosts
42 name: '[gerrit.cesnet.cz]:29418'
43 key: '[gerrit.cesnet.cz]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCbNpJXucXZHmjFeAVQwc87AeUtyYDULfW/AVfkXbJ86JSzoMfV19GSfPf2v+lVVaEJKrHN4I4X2p2vuTiibFHHXRFuquxltQeAY1wMUthL+x67EfcvptPEslwR134HtNX+fJOrrBx2K2Qvj2/BT9JXQm62NbBBIpIrIyBiMUaCnw=='
44
45- name: Gerrit's SSH server pubkey content (IPv6 address)
46 known_hosts:
47 path: /var/lib/zuul/.ssh/known_hosts
48 name: '[2001:718:1:1f:50:56ff:feee:163]:29418'
49 key: '[2001:718:1:1f:50:56ff:feee:163]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCbNpJXucXZHmjFeAVQwc87AeUtyYDULfW/AVfkXbJ86JSzoMfV19GSfPf2v+lVVaEJKrHN4I4X2p2vuTiibFHHXRFuquxltQeAY1wMUthL+x67EfcvptPEslwR134HtNX+fJOrrBx2K2Qvj2/BT9JXQm62NbBBIpIrIyBiMUaCnw=='
50
51- name: fingergw firewall
52 firewalld:
53 zone: public
54 permanent: yes
55 state: enabled
56 port: 79/tcp
57 immediate: yes
Jan Kundrát84eff462019-01-11 11:19:06 +0100[diff] [blame^]58
59- name: Apache modules from SCL
60 package:
61 name: 'httpd24-{{ item }}'
62 state: present
63 with_items:
64 - mod_md
65 - mod_ssl
66 notify:
67 - restart apache
68
69- name: Apache firewall
70 firewalld:
71 zone: public
72 permanent: yes
73 immediate: yes
74 state: enabled
75 service: '{{ item }}'
76 with_items:
77 - http
78 - https
79
80- name: mpm_prefork disabled
81 lineinfile:
82 path: /opt/rh/httpd24/root/etc/httpd/conf.modules.d/00-mpm.conf
83 regexp: '^LoadModule mpm_prefork_module.*'
84 state: absent
85 notify:
86 - restart apache
87
88- name: mpm_event enabled
89 lineinfile:
90 path: /opt/rh/httpd24/root/etc/httpd/conf.modules.d/00-mpm.conf
91 line: 'LoadModule mpm_event_module modules/mod_mpm_event.so'
92 state: present
93 notify:
94 - restart apache
95
96- name: remove default Apache server admin
97 lineinfile:
98 path: /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf
99 regexp: '^ServerAdmin root.*'
100 state: absent
101 notify:
102 - restart apache
103
104- name: Apache server admin jan.kundrat@cesnet.cz
105 lineinfile:
106 path: /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf
107 line: 'ServerAdmin mailto:jan.kundrat@cesnet.cz'
108 state: present
109 notify:
110 - restart apache
111
112- name: Apache LetsEncrypt agreement
113 lineinfile:
114 path: /opt/rh/httpd24/root/etc/httpd/conf.d/00-letsencrypt.conf
115 create: yes
116 line: 'MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
117 state: present
118 notify:
119 - restart apache
120
121- name: Apache zuul vhost
122 copy:
123 dest: /opt/rh/httpd24/root/etc/httpd/conf.d/20-zuul.gerrit.cesnet.cz.conf
124 src: files/zuul/vhost.conf
125 mode: 0644
126 notify:
127 - restart apache
128
129- name: Apache service
130 systemd:
131 name: httpd24-httpd
132 state: started
133 enabled: yes