You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
121 lines
2.7 KiB
121 lines
2.7 KiB
---
|
|
- name: Install koji-hub and dependencies
|
|
ansible.builtin.dnf:
|
|
name:
|
|
- koji-hub
|
|
- koji-hub-plugins
|
|
- mod_ssl
|
|
# NOTE: python3-libsemanage is the ansible.posix.seboolean dependency
|
|
- python3-libsemanage
|
|
state: installed
|
|
|
|
# TODO: add FreeIPA support
|
|
- name: Generate koji-hub HTTP principal keytab
|
|
ansible.builtin.include_role:
|
|
name: msvsphere.ci.kerberos_principal
|
|
vars:
|
|
kerberos_principal_name: "{{ koji_hub_principal }}"
|
|
kerberos_principal_keytab_path: "{{ koji_hub_keytab }}"
|
|
|
|
- name: Grant httpd read access to koji-hub keytab
|
|
ansible.builtin.file:
|
|
path: "{{ koji_hub_keytab }}"
|
|
owner: root
|
|
group: apache
|
|
mode: 0o640
|
|
setype: httpd_config_t
|
|
notify:
|
|
- restart httpd
|
|
|
|
- name: Configure koji-hub
|
|
ansible.builtin.template:
|
|
src: etc/koji-hub/hub.conf.j2
|
|
dest: /etc/koji-hub/hub.conf
|
|
owner: root
|
|
group: apache
|
|
mode: 0o640
|
|
notify:
|
|
- restart httpd
|
|
|
|
- name: Configure koji-hub httpd
|
|
ansible.builtin.template:
|
|
src: etc/httpd/conf.d/kojihub.conf.j2
|
|
dest: /etc/httpd/conf.d/kojihub.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0o644
|
|
notify:
|
|
- restart httpd
|
|
|
|
- name: Configure SSL in httpd
|
|
ansible.builtin.template:
|
|
src: etc/httpd/conf.d/ssl.conf.j2
|
|
dest: /etc/httpd/conf.d/ssl.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0o644
|
|
notify:
|
|
- restart httpd
|
|
|
|
- name: Enable httpd database connections in SELinux
|
|
ansible.posix.seboolean:
|
|
name: httpd_can_network_connect_db
|
|
state: true
|
|
persistent: true
|
|
|
|
- name: Allow httpd writing files in SELinux
|
|
ansible.posix.seboolean:
|
|
name: allow_httpd_anon_write
|
|
state: true
|
|
persistent: true
|
|
|
|
- name: Create /mnt/koji directory
|
|
ansible.builtin.file:
|
|
path: /mnt/koji
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: 0o755
|
|
setype: public_content_rw_t
|
|
|
|
- name: Create Koji working directories
|
|
ansible.builtin.file:
|
|
path: "/mnt/koji/{{ item }}"
|
|
state: directory
|
|
owner: apache
|
|
group: apache
|
|
mode: 0o755
|
|
setype: public_content_rw_t
|
|
with_items:
|
|
- packages
|
|
- repos
|
|
- work
|
|
- scratch
|
|
- repos-dist
|
|
|
|
- name: Copy Koji CA certificate to /mnt/koji
|
|
ansible.builtin.copy:
|
|
src: /etc/pki/koji/koji-ca.crt
|
|
dest: /mnt/koji/koji-ca.crt
|
|
remote_src: yes
|
|
|
|
- name: Enable and start httpd service
|
|
ansible.builtin.service:
|
|
name: httpd
|
|
enabled: true
|
|
state: started
|
|
|
|
- name: Get firewalld service status
|
|
ansible.builtin.systemd:
|
|
name: firewalld
|
|
register: firewalld_service_status
|
|
|
|
- name: Open HTTPs port on firewall
|
|
ansible.posix.firewalld:
|
|
zone: public
|
|
service: https
|
|
immediate: true
|
|
permanent: true
|
|
state: enabled
|
|
when: firewalld_service_status.status.ActiveState == 'active'
|