update repopool playbooks

This commit is contained in:
Louis Abel 2023-08-27 18:17:49 -07:00
parent d4a586262f
commit 3761820147
Signed by: label
GPG key ID: 3331F061D1D9990E
7 changed files with 136 additions and 4 deletions

View file

@ -1,8 +1,12 @@
--- ---
# Preps a system to be a repository # Preps a system to be a repository
- name: Configure repository system - name: Configure Repo Pool hosts (http)
hosts: all hosts: all
become: true become: true
vars_files:
- vars/common.yml
- vars/repopool.yml
- vars/mounts/repopool.yml
handlers: handlers:
- import_tasks: handlers/main.yml - import_tasks: handlers/main.yml
@ -21,8 +25,17 @@
fail_msg: "/etc/no-ansible exists - skipping run on this node" fail_msg: "/etc/no-ansible exists - skipping run on this node"
tasks: tasks:
- name: "Setup shared filesystem mount"
include_tasks: tasks/efs_mount.yml
with_items: "{{ mounts }}"
tags:
- koji_efs_mount
- name: Configure repository system - name: Configure repository system
import_tasks: tasks/repository.yml import_tasks: tasks/repository.yml
tags:
- nginx
- httpd
post_tasks: post_tasks:
- name: Touching run file that ansible has ran here - name: Touching run file that ansible has ran here

View file

@ -6,6 +6,7 @@
vars_files: vars_files:
# vars/vaults/encpass.yml # vars/vaults/encpass.yml
- vars/common.yml - vars/common.yml
- vars/repopool.yml
- vars/mounts/repopool.yml - vars/mounts/repopool.yml
# This is to try to avoid the handler issue in pre/post tasks # This is to try to avoid the handler issue in pre/post tasks
@ -29,11 +30,13 @@
- name: "Setup shared filesystem mount" - name: "Setup shared filesystem mount"
include_tasks: tasks/efs_mount.yml include_tasks: tasks/efs_mount.yml
with_items: "{{ mounts }}" with_items: "{{ mounts }}"
tags: ["koji_efs_mount"] tags:
- koji_efs_mount
- name: "Setup rsyncd" - name: "Setup rsyncd"
include_tasks: tasks/rsyncd.yml include_tasks: tasks/rsyncd.yml
tags: ["rsyncd"] tags:
- rsyncd
post_tasks: post_tasks:
- name: Touching run file that ansible has ran here - name: Touching run file that ansible has ran here

View file

@ -1,6 +1,13 @@
--- ---
# Requires amazon-efs-utils; included, but should probably be split out? # Requires amazon-efs-utils; included, but should probably be split out?
# #
- name: "Create directories"
ansible.builtin.file:
name: "{{ item.mount_point }}"
mode: '0755'
owner: root
group: root
state: directory
- name: "Installing amazon-efs-utils" - name: "Installing amazon-efs-utils"
become: true become: true

View file

@ -1,3 +1,25 @@
--- ---
# no tasks yet # no tasks yet
- name: Configure seboolean
ansible.posix.seboolean:
name: "{{ item }}"
persistent: true
state: true
notify: restart_nginx
with_items: "{{ repopool_http_booleans }}"
- name: Install http packages
ansible.builtin.dnf:
name: "{{ repopool_http_packages }}"
state: present
- name: Deploy nginx config
ansible.builtin.template:
src: "etc/nginx/conf.d/repopool-http-production.conf.j2"
dest: "/etc/nginx/conf.d/repopool-http-production.conf"
owner: root
group: root
mode: '0644'
backup: true
notify: restart_nginx
... ...

View file

@ -19,10 +19,11 @@
- name: Configure seboolean - name: Configure seboolean
ansible.posix.seboolean: ansible.posix.seboolean:
name: rsync_export_all_ro name: "{{ item }}"
persistent: true persistent: true
state: true state: true
notify: restart_rsyncd notify: restart_rsyncd
with_items: "{{ repopool_rsync_booleans }}"
- name: Ensure postfix is running and enabled - name: Ensure postfix is running and enabled
ansible.builtin.service: ansible.builtin.service:

View file

@ -0,0 +1,68 @@
server {
listen 80 default_server backlog=4096;
server_name _;
root /mnt/repos-production/mirror;
location / {
autoindex on;
}
location /stg {
autoindex on;
alias /mnt/repos-staging/mirror/pub;
}
location ~* .*(\.manifest|CHECKSUM|COMMUNITY-CHARTER|COMPOSE_ID|Contributors|EULA|LICENSE|\.yaml|\.json|README|fullfile.*)$ {
#add_header Content-Type text/plain;
types { } default_type "text/plain; charset=utf-8";
}
location ~* RPM-GPG-KEY-.*$ {
# add_header Content-Type text/plain;
types { } default_type "text/plain; charset=utf-8";
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
server {
listen 443 ssl;
server_name _;
root /mnt/repos-production/mirror;
ssl_certificate /etc/pki/tls/certs/dl.rockylinux.org.crt;
ssl_certificate_key /etc/pki/tls/private/dl.rockylinux.org.key;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
autoindex on;
}
location /stg {
autoindex on;
alias /mnt/repos-staging/mirror/pub;
}
location ~* .*(\.manifest|CHECKSUM|COMMUNITY-CHARTER|COMPOSE_ID|Contributors|EULA|LICENSE|\.yaml|\.json|README|fullfile.*)$ {
#add_header Content-Type text/plain;
types { } default_type "text/plain; charset=utf-8";
}
location ~* RPM-GPG-KEY-.*$ {
# add_header Content-Type text/plain;
types { } default_type "text/plain; charset=utf-8";
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}

18
vars/repopool.yml Normal file
View file

@ -0,0 +1,18 @@
---
repopool_http_packages:
- nginx
- nginx-all-modules
- nginx-mod-http-image-filter
- nginx-mod-mail
- nginx-mod-perl
- nginx-mod-stream
repopool_rsync_booleans:
- use_nfs_home_dirs
- rsync_export_all_ro
repopool_http_booleans:
- httpd_use_nfs
- git_system_use_nfs
- use_nfs_home_dirs
repopool_http_domain: dl.rockylinux.org
repopool_rsync_domain: msync.rockylinux.org
...