blob: a2a11eed046977b7c93cafeac44aeeacf193170f [file] [log] [blame]
Jan Kundrát1c2bb582019-01-10 19:30:43 +01001- name: Prepeare Python env
2 include_role:
3 name: el7_centos_python_env
4
Jan Kundrát031422b2019-01-14 17:11:03 +01005
6# PostgreSQL reporter from Zuul
7- name: PostgreSQL 10 packages and Python bindings
8 package:
9 name: '{{ item }}'
10 state: present
11 with_items:
12 - rh-python36-python-psycopg2
13 - rh-postgresql10-postgresql-syspaths
14 - python-psycopg2
15
16- name: PostgreSQL 10 server package
17 package:
18 name: rh-postgresql10-postgresql-server
19 state: present
20
21- name: postgresql 10 initdb
22 command: '/opt/rh/rh-postgresql10/root/usr/bin/postgresql-setup --initdb'
23 args:
24 creates: /var/opt/rh/rh-postgresql10/lib/pgsql/data/PG_VERSION
25 become: true
26 become_user: postgres
27
28- name: PostgreSQL 10 server service
29 systemd:
30 name: rh-postgresql10-postgresql
31 state: started
32 enabled: yes
33
34- name: PostgreSQL Zuul DB
35 become: yes
36 become_user: postgres
37 postgresql_db:
38 name: zuul
39 state: present
40
41- name: PostgreSQL Zuul role
42 become: yes
43 become_user: postgres
44 postgresql_user:
45 db: zuul
46 name: zuul
47 priv: "ALL"
48
Jan Kundrát59b00842019-01-22 20:06:15 +010049- name: script for retrieving Zuul tenant configuration from Gerrit
50 copy:
51 dest: /usr/local/bin/zuul-fetch-tenants-from-gerrit.sh
52 src: files/zuul/zuul-fetch-tenants-from-gerrit.sh
53 owner: root
54 group: root
55 mode: 0755
56
Jan Kundrátecaf7a32019-01-11 13:00:14 +010057# TODO: this is always marked as 'changed' for some reason...
Jan Kundrát1c2bb582019-01-10 19:30:43 +010058- name: Install Zuul
59 include_role:
60 name: openstack.zuul
61 vars:
Jan Kundrát9ada9b52019-01-11 12:20:28 +010062 zuul_install_method: pip
Jan Kundrátb4be92b2019-01-16 15:46:08 +010063 zuul_git_version: '3.4.0'
Jan Kundrát1c2bb582019-01-10 19:30:43 +010064 zuul_pip_executable: /opt/rh/rh-python36/root/bin/pip
65 zuul_pip_extra_args: "--install-option='--install-scripts=/usr/local/bin'"
66 zuul_file_zuul_conf_src: files/zuul/zuul.conf
Jan Kundrát59b00842019-01-22 20:06:15 +010067 zuul_file_main_yaml_manage: false
Jan Kundrát1c2bb582019-01-10 19:30:43 +010068
69- name: Provision Zuul SSH directory
70 file:
71 path: /var/lib/zuul/.ssh
72 state: directory
73 owner: zuul
74 group: zuul
75 mode: 0700
76
77- name: Provision Zuul SSH private key
78 copy:
79 src: ../ansible-cesnet-secrets/zuul/id_rsa
80 dest: /var/lib/zuul/.ssh/id_rsa
81 owner: zuul
82 group: zuul
83 mode: 0600
84
Jan Kundrátecaf7a32019-01-11 13:00:14 +010085# TODO: this is buggy, `touch` always updates...
Jan Kundrát1c2bb582019-01-10 19:30:43 +010086- name: Gerrit's SSH server pubkey
87 file:
88 path: /var/lib/zuul/.ssh/known_hosts
89 state: touch
90 owner: zuul
91 group: zuul
92 mode: 0600
93
94- name: Gerrit's SSH server pubkey content
95 known_hosts:
96 path: /var/lib/zuul/.ssh/known_hosts
97 name: '[gerrit.cesnet.cz]:29418'
98 key: '[gerrit.cesnet.cz]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCbNpJXucXZHmjFeAVQwc87AeUtyYDULfW/AVfkXbJ86JSzoMfV19GSfPf2v+lVVaEJKrHN4I4X2p2vuTiibFHHXRFuquxltQeAY1wMUthL+x67EfcvptPEslwR134HtNX+fJOrrBx2K2Qvj2/BT9JXQm62NbBBIpIrIyBiMUaCnw=='
99
100- name: Gerrit's SSH server pubkey content (IPv6 address)
101 known_hosts:
102 path: /var/lib/zuul/.ssh/known_hosts
103 name: '[2001:718:1:1f:50:56ff:feee:163]:29418'
104 key: '[2001:718:1:1f:50:56ff:feee:163]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCbNpJXucXZHmjFeAVQwc87AeUtyYDULfW/AVfkXbJ86JSzoMfV19GSfPf2v+lVVaEJKrHN4I4X2p2vuTiibFHHXRFuquxltQeAY1wMUthL+x67EfcvptPEslwR134HtNX+fJOrrBx2K2Qvj2/BT9JXQm62NbBBIpIrIyBiMUaCnw=='
105
106- name: fingergw firewall
107 firewalld:
108 zone: public
109 permanent: yes
110 state: enabled
111 port: 79/tcp
112 immediate: yes
Jan Kundrát84eff462019-01-11 11:19:06 +0100113
114- name: Apache modules from SCL
115 package:
116 name: 'httpd24-{{ item }}'
117 state: present
118 with_items:
119 - mod_md
120 - mod_ssl
121 notify:
122 - restart apache
123
124- name: Apache firewall
125 firewalld:
126 zone: public
127 permanent: yes
128 immediate: yes
129 state: enabled
130 service: '{{ item }}'
131 with_items:
132 - http
133 - https
134
135- name: mpm_prefork disabled
136 lineinfile:
137 path: /opt/rh/httpd24/root/etc/httpd/conf.modules.d/00-mpm.conf
138 regexp: '^LoadModule mpm_prefork_module.*'
139 state: absent
140 notify:
141 - restart apache
142
143- name: mpm_event enabled
144 lineinfile:
145 path: /opt/rh/httpd24/root/etc/httpd/conf.modules.d/00-mpm.conf
146 line: 'LoadModule mpm_event_module modules/mod_mpm_event.so'
147 state: present
148 notify:
149 - restart apache
150
151- name: remove default Apache server admin
152 lineinfile:
153 path: /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf
154 regexp: '^ServerAdmin root.*'
155 state: absent
156 notify:
157 - restart apache
158
159- name: Apache server admin jan.kundrat@cesnet.cz
160 lineinfile:
161 path: /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf
162 line: 'ServerAdmin mailto:jan.kundrat@cesnet.cz'
163 state: present
164 notify:
165 - restart apache
166
167- name: Apache LetsEncrypt agreement
168 lineinfile:
169 path: /opt/rh/httpd24/root/etc/httpd/conf.d/00-letsencrypt.conf
170 create: yes
171 line: 'MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
172 state: present
173 notify:
174 - restart apache
175
176- name: Apache zuul vhost
177 copy:
178 dest: /opt/rh/httpd24/root/etc/httpd/conf.d/20-zuul.gerrit.cesnet.cz.conf
179 src: files/zuul/vhost.conf
180 mode: 0644
181 notify:
182 - restart apache
183
184- name: Apache service
185 systemd:
186 name: httpd24-httpd
187 state: started
188 enabled: yes
Jan Kundrátd920d8c2019-01-22 22:35:19 +0100189
190- name: bubblewrap for Zuul executor
191 package:
192 name: bubblewrap
193 state: present