infrastructure/mono-infrastructure
7
0
Fork 0
mirror of https://github.com/rocky-linux/infrastructure synced 2024-12-22 10:58:29 +00:00
Code Issues Projects Releases Wiki Activity

mantis changes

Browse Source
This commit is contained in:
nazunalika 2021-04-02 17:30:42 -07:00
parent 1657af57cf
commit 33d513abdb
Signed by: label
GPG Key ID: CB6D9706D138D190
7 changed files with 125 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
ansible/playbooks/init-rocky-bugzilla.yml
View File

@ -3,6 +3,11 @@
- name: Configure MantisBT - name: Configure MantisBT
hosts: "bugtracker" hosts: "bugtracker"
become: true become: true
vars_files:
- vars/common.yml
- vars/vaults/encpass.yml
- vars/vaults/mantis.yml
- vars/mantis.yml
handlers: handlers:
- import_tasks: handlers/main.yml - import_tasks: handlers/main.yml
@ -20,11 +25,31 @@
success_msg: "We are not able to run on this node" success_msg: "We are not able to run on this node"
fail_msg: "/etc/no-ansible exists - skipping run on this node" fail_msg: "/etc/no-ansible exists - skipping run on this node"
roles:
- role: rockylinux.ipagetcert
state: present
tasks: tasks:
- name: Deploy Mantis - name: Deploy Mantis
import_tasks: tasks/mantis.yml import_tasks: tasks/mantis.yml
post_tasks: post_tasks:
- name: Open firewalld ports
ansible.posix.firewalld:
service: "{{ item }}"
permanent: true
immediate: true
state: enabled
with_items:
- http
- https
- name: Ensure httpd is enabled and running
service:
name: httpd
enabled: true
state: started
- name: Touching run file that ansible has ran here - name: Touching run file that ansible has ran here
file: file:
path: /var/log/ansible.run path: /var/log/ansible.run

43
ansible/playbooks/tasks/mantis.yml
View File

@ -32,6 +32,11 @@
mode: '0644' mode: '0644'
remote_src: true remote_src: true
- name: Generate crypto salt
shell: "cat /dev/urandom | head -c 64 | base64 --wrap=0"
changed_when: "1 != 1"
register: cryptosalt_string
- name: Configure mantis - name: Configure mantis
template: template:
src: "var/www/mantis/config/config_inc.php.j2" src: "var/www/mantis/config/config_inc.php.j2"
@ -40,6 +45,22 @@
group: apache group: apache
mode: '0640' mode: '0640'
- name: Deploy plugins from Mantis GitHub
git:
repo: "https://github.com/mantisbt-plugins/{{ item }}.git"
dest: "/var/www/mantisbt-{{ mantis_version }}/plugins/{{ item }}"
update: true
version: master
with_items:
- Snippets
- name: Deploy custom libravatar plugin
git:
repo: "https://github.com/nazunalika/mantisbt-libravatar.git"
dest: "/var/www/mantisbt-{{ mantis_version }}/plugins/Libravatar"
update: true
version: main
- name: Configure httpd - name: Configure httpd
template: template:
src: "etc/httpd/conf.d/mantis.conf.j2" src: "etc/httpd/conf.d/mantis.conf.j2"
@ -47,3 +68,25 @@
owner: root owner: root
group: root group: root
mode: '0644' mode: '0644'
- name: Database import template
template:
src: "tmp/mantis_import.sql.j2"
dest: "/tmp/mantis_import.sql.j2"
owner: root
group: root
mode: '0600'
# We will need to generate this
# name: Import database if required
# community.general.postgresql_db:
# name: "{{ mantis_db_name }}"
# target: /tmp/mantis_import.sql
# owner: "{{ mantis_db_user }}"
# state: restore
# login_host: "{{ mantis_db_host }}"
# login_user: "{{ mantis_db_user }}"
# login_password: "{{ mantis_db_pass }}"
- name: Patch up some pages
import_tasks: mantispatch.yml

25
ansible/playbooks/tasks/mantispatch.yml Normal file
View File

@ -0,0 +1,25 @@
---
# Patch up various pieces of mantis to customize it. We do not rely on local
# bug tracker accounts. We are doing regex instead of just replacing the
# file as a whole. Should make it easier to deal with upgrades in theory.
- name: Change signup_page.php to Account Services
replace:
path: "/var/www/mantisbt-{{ mantis_version }}/{{ item }}"
regexp: 'signup_page.php'
replace: 'https://accounts.rockylinux.org'
with_items:
- core/print_api.php
- lost_pwd_page.php
- login_page.php
- name: Change special signup_page.php reference
replace:
path: "/var/www/mantisbt-{{ mantis_version }}/core/layout_api.php"
regexp: "' . helper_mantis_url( 'signup_page.php' ) . '"
replace: 'https://accounts.rockylinux.org'
- name: Remove LDAP from checks for signup button
lineinfile:
path: "/var/www/mantisbt-{{ mantis_version }}/login_page.php"
state: absent
regex: 'LDAP != config_get_global'

1
ansible/playbooks/templates/tmp/mantis_import.sql.j2 Normal file
View File

@ -0,0 +1 @@
# Empty

16
ansible/playbooks/templates/var/www/mantis/config/config_inc.php.j2
View File

@ -1,5 +1,5 @@
<?php <?php
$g_hostname = 'build-a-box.labs.angelsofclockwork.net'; $g_hostname = '{{ mantis_db_host }}';
$g_db_type = 'pgsql'; $g_db_type = 'pgsql';
$g_database_name = '{{ mantis_db_name }}'; $g_database_name = '{{ mantis_db_name }}';
$g_db_username = '{{ mantis_db_user }}'; $g_db_username = '{{ mantis_db_user }}';
@ -7,13 +7,14 @@ $g_db_password = '{{ mantis_db_pass }}';
$g_default_timezone = 'UTC'; $g_default_timezone = 'UTC';
$g_crypto_master_salt = 'DDQF2sdgdPycpzfWNSOt4KelQlz7h0kb9HHxaUFpYXk='; $g_crypto_master_salt = '{{ cryptosalt_string.stdout }}';
# Added # Added
$g_login_method = 'LDAP'; $g_login_method = 'LDAP';
$g_ldap_server = '{{ rocky_ipaserver_lb }}'; $g_ldap_server = '{{ rocky_ipaserver_lb }}';
$g_ldap_port = '389';
$g_ldap_root_dn = '{{ rocky_ldap_user_basedn }}'; $g_ldap_root_dn = '{{ rocky_ldap_user_basedn }}';
$g_ldap_organization = '(objectClass=posixAccount)'; #$g_ldap_organization = '(objectClass=posixAccount)';
$g_ldap_protocol_version = 3; $g_ldap_protocol_version = 3;
$g_ldap_network_timeout = 30; $g_ldap_network_timeout = 30;
$g_ldap_follow_referrals = ON; $g_ldap_follow_referrals = ON;
@ -32,9 +33,14 @@ $g_allow_file_upload = ON;
$g_file_upload_method = DATABASE; # or DISK $g_file_upload_method = DATABASE; # or DISK
$g_dropzone_enabled = ON; $g_dropzone_enabled = ON;
$g_show_realname = ON; $g_show_realname = ON;
$g_show_avatar = ON;
$g_allowed_files = 'log,patch,txt'; $g_allowed_files = 'log,patch,txt';
$g_disallowed_files = 'exe,tar,tgz,tar.gz,pl,sh'; $g_disallowed_files = 'exe,pl,sh,py,c,cpp,rar,zip,rpm';
$g_window_title = 'Rocky Bugzilla'; $g_window_title = 'Rocky Bugzilla';
$g_allow_signup = OFF; $g_allow_signup = ON;
$g_allow_anonymous_login = ON; $g_allow_anonymous_login = ON;
$g_anonymous_account = 'anonymous'; $g_anonymous_account = 'anonymous';
$g_enable_email_notification = ON;
# Cookie problems
$g_allow_permanent_cookie = OFF;

23
ansible/playbooks/vars/mantis.yml
View File

@ -1,7 +1,7 @@
--- ---
# mantis vars # mantis vars
mantis_version: 2.24.2 mantis_version: 2.25.0
mantis_checksum: "sha256:c1b483c8395a0fb1249bcc50ada203db584d819f4f6f606b1d1eec42c5205cb8" mantis_checksum: "sha256:d8973d3677ecb2ccbfee95e2267b3128049fbdcc59aa1f007686a342d93a4c0a"
mantis_pkg: mantis_pkg:
- php - php
- php-ldap - php-ldap
@ -11,8 +11,21 @@ mantis_pkg:
- php-mbstring - php-mbstring
- php-curl - php-curl
- openldap - openldap
mantis_db_name: mantis - php-json
mantis_db_host: db.rockylinux.org
mantis_db_name: mantisdb
mantis_db_user: mantis mantis_db_user: mantis
mantis_binder_user: "{{ rocky_ldap_bind_dn }}"
mantis_binder_pass: "{{ rocky_ldap_bind_pw }}"
# Vault
# mantis_db_pass: ThisIsNotThePassword! # mantis_db_pass: ThisIsNotThePassword!
mantis_binder_user: "uid=mantis_binder,cn=sysaccounts,cn=etc,dc=rockylinux,dc=org"
#mantis_binder_pass: ThisIsNotThePassword! ipa_getcert_requested_hostnames:
- name: "{{ ansible_fqdn }}"
owner: apache
key_location: "/etc/pki/tls/private/bugs.rockylinux.org.key"
cert_location: "/etc/pki/tls/certs/bugs.rockylinux.org.crt"
postcmd: "/bin/systemctl reload httpd"
cnames:
- "bugs.rockylinux.org"

1
ansible/roles/requirements.yml
View File

@ -34,6 +34,7 @@ roles:
src: https://git.rockylinux.org/infrastructure/public/ansible/ansible-role-wikijs.git src: https://git.rockylinux.org/infrastructure/public/ansible/ansible-role-wikijs.git
scm: git scm: git
version: develop version: develop
- name: riemers.gitlab-runner
collections: collections:
# freeipa # freeipa