update repopool playbooks

2023-08-27 18:17:49 -07:00 · 2023-08-27 18:17:49 -07:00 · 3761820147
commit 3761820147
parent d4a586262f
7 changed files with 136 additions and 4 deletions
--- a/role-rocky-repopool-http.yml
+++ b/role-rocky-repopool-http.yml
@ -1,8 +1,12 @@
 ---
 # Preps a system to be a repository
- name: Configure repository system
+- name: Configure Repo Pool hosts (http)
  hosts: all
  become: true
+  vars_files:
+    - vars/common.yml
+    - vars/repopool.yml
+    - vars/mounts/repopool.yml

  handlers:
    - import_tasks: handlers/main.yml
@ -21,8 +25,17 @@
        fail_msg: "/etc/no-ansible exists - skipping run on this node"

  tasks:
+    - name: "Setup shared filesystem mount"
+      include_tasks: tasks/efs_mount.yml
+      with_items: "{{ mounts }}"
+      tags:
+        - koji_efs_mount
+
    - name: Configure repository system
      import_tasks: tasks/repository.yml
+      tags:
+        - nginx
+        - httpd

  post_tasks:
    - name: Touching run file that ansible has ran here
--- a/role-rocky-repopool-rsync.yml
+++ b/role-rocky-repopool-rsync.yml
@ -6,6 +6,7 @@
  vars_files:
    # vars/vaults/encpass.yml
    - vars/common.yml
+    - vars/repopool.yml
    - vars/mounts/repopool.yml

  # This is to try to avoid the handler issue in pre/post tasks
@ -29,11 +30,13 @@
    - name: "Setup shared filesystem mount"
      include_tasks: tasks/efs_mount.yml
      with_items: "{{ mounts }}"
-      tags: ["koji_efs_mount"]
+      tags:
+        - koji_efs_mount

    - name: "Setup rsyncd"
      include_tasks: tasks/rsyncd.yml
-      tags: ["rsyncd"]
+      tags: 
+        - rsyncd

  post_tasks:
    - name: Touching run file that ansible has ran here
--- a/tasks/efs_mount.yml
+++ b/tasks/efs_mount.yml
@ -1,6 +1,13 @@
 ---
 # Requires amazon-efs-utils; included, but should probably be split out?
 #
+- name: "Create directories"
+  ansible.builtin.file:
+    name: "{{ item.mount_point }}"
+    mode: '0755'
+    owner: root
+    group: root
+    state: directory

 - name: "Installing amazon-efs-utils"
  become: true
--- a/tasks/repository.yml
+++ b/tasks/repository.yml
@ -1,3 +1,25 @@
 ---
 # no tasks yet
+- name: Configure seboolean
+  ansible.posix.seboolean:
+    name: "{{ item }}"
+    persistent: true
+    state: true
+  notify: restart_nginx
+  with_items: "{{ repopool_http_booleans }}"
+
+- name: Install http packages
+  ansible.builtin.dnf:
+    name: "{{ repopool_http_packages }}"
+    state: present
+
+- name: Deploy nginx config
+  ansible.builtin.template:
+    src: "etc/nginx/conf.d/repopool-http-production.conf.j2"
+    dest: "/etc/nginx/conf.d/repopool-http-production.conf"
+    owner: root
+    group: root
+    mode: '0644'
+    backup: true
+  notify: restart_nginx
 ...
--- a/tasks/rsyncd.yml
+++ b/tasks/rsyncd.yml
@ -19,10 +19,11 @@

 - name: Configure seboolean
  ansible.posix.seboolean:
-    name: rsync_export_all_ro
+    name: "{{ item }}"
    persistent: true
    state: true
  notify: restart_rsyncd
+  with_items: "{{ repopool_rsync_booleans }}"

 - name: Ensure postfix is running and enabled
  ansible.builtin.service:
--- a/templates/etc/nginx/conf.d/repopool-http-production.conf.j2
+++ b/templates/etc/nginx/conf.d/repopool-http-production.conf.j2
@ -0,0 +1,68 @@
+    server {
+        listen       80 default_server backlog=4096;
+        server_name  _;
+        root         /mnt/repos-production/mirror;
+
+        location / {
+                autoindex on;
+        }
+
+        location /stg {
+                autoindex on;
+                alias /mnt/repos-staging/mirror/pub;
+        }
+
+        location ~* .*(\.manifest|CHECKSUM|COMMUNITY-CHARTER|COMPOSE_ID|Contributors|EULA|LICENSE|\.yaml|\.json|README|fullfile.*)$ {
+                #add_header Content-Type text/plain;
+                types { } default_type "text/plain; charset=utf-8";
+        }
+
+        location ~* RPM-GPG-KEY-.*$ {
+        #        add_header Content-Type text/plain;
+                types { } default_type "text/plain; charset=utf-8";
+        }
+
+        error_page 404 /404.html;
+            location = /40x.html {
+        }
+
+        error_page 500 502 503 504 /50x.html;
+            location = /50x.html {
+        }
+    }
+
+    server {
+        listen       443 ssl;
+        server_name  _;
+        root         /mnt/repos-production/mirror;
+        ssl_certificate /etc/pki/tls/certs/dl.rockylinux.org.crt;
+        ssl_certificate_key /etc/pki/tls/private/dl.rockylinux.org.key;
+        ssl_ciphers  HIGH:!aNULL:!MD5;
+
+        location / {
+                autoindex on;
+        }
+
+        location /stg {
+                autoindex on;
+                alias /mnt/repos-staging/mirror/pub;
+        }
+
+        location ~* .*(\.manifest|CHECKSUM|COMMUNITY-CHARTER|COMPOSE_ID|Contributors|EULA|LICENSE|\.yaml|\.json|README|fullfile.*)$ {
+                #add_header Content-Type text/plain;
+                types { } default_type "text/plain; charset=utf-8";
+        }
+
+        location ~* RPM-GPG-KEY-.*$ {
+        #        add_header Content-Type text/plain;
+                types { } default_type "text/plain; charset=utf-8";
+        }
+
+        error_page 404 /404.html;
+            location = /40x.html {
+        }
+
+        error_page 500 502 503 504 /50x.html;
+            location = /50x.html {
+        }
+    }
--- a/vars/repopool.yml
+++ b/vars/repopool.yml
@ -0,0 +1,18 @@
+---
+repopool_http_packages:
+  - nginx
+  - nginx-all-modules
+  - nginx-mod-http-image-filter
+  - nginx-mod-mail
+  - nginx-mod-perl
+  - nginx-mod-stream
+repopool_rsync_booleans:
+  - use_nfs_home_dirs
+  - rsync_export_all_ro
+repopool_http_booleans:
+  - httpd_use_nfs
+  - git_system_use_nfs
+  - use_nfs_home_dirs
+repopool_http_domain: dl.rockylinux.org
+repopool_rsync_domain: msync.rockylinux.org
+...