diff --git a/ansible/playbooks/role-rocky-mqtt.yml b/ansible/playbooks/role-rocky-mqtt.yml new file mode 100644 index 0000000..bba8629 --- /dev/null +++ b/ansible/playbooks/role-rocky-mqtt.yml @@ -0,0 +1,60 @@ +--- +# Stands up an mqtt instance +- name: Configure mqtt + hosts: kojihub + become: true + vars_files: + - vars/encpass.yml + - vars/mqtt.yml + + # This is to try to avoid the handler issue in pre/post tasks + handlers: + - import_tasks: handlers/main.yml + + pre_tasks: + - name: Check if ansible cannot be run here + stat: + path: /etc/no-ansible + register: no_ansible + + - name: Verify if we can run ansible + assert: + that: + - "not no_ansible.stat.exists" + msg: "/etc/no-ansible exists - skipping run on this node" + + # EPEL and PowerTools are required for ipsilon to function + # I also couldn't find an ansible built-in to do this + - name: Enable the PowerTools repository + ini_file: + dest: /etc/yum.repos.d/CentOS-Linux-PowerTools.repo + section: powertools + option: enabled + value: 1 + owner: root + group: root + mode: '0644' + + # The CentOS extras repos has epel-release provided + - name: Enable the EPEL repository + yum: + name: epel-release + state: present + tags: + - packages + + roles: + - role: rockylinux.ipagetcert + state: present + + - role: rockylinux.mqtt + state: present + + post_tasks: + - name: Touching run file that ansible has ran here + file: + path: /var/log/ansible.run + state: touch + mode: '0644' + owner: root + group: root diff --git a/ansible/playbooks/vars/kojihub.yml b/ansible/playbooks/vars/kojihub.yml index 3cfff99..ec3cdb2 100644 --- a/ansible/playbooks/vars/kojihub.yml +++ b/ansible/playbooks/vars/kojihub.yml @@ -10,7 +10,6 @@ koji_postgresql_vm: true # Database settings koji_db_name: koji koji_db_user: koji -koji_db_pass: ThisIsNotThePassword! # This will need to change when koji_postgresql_vm is false koji_db_host: "{{ ansible_fqdn }}" @@ -53,7 +52,7 @@ koji_hub_plugin_mqtt_host: mqtt.rockylinux.org koji_hub_plugin_mqtt_topic: koji koji_hub_plugin_mqtt_ca: "{{ koji_hub_ca }}" koji_hub_plugin_mqtt_tls_cert: /etc/pki/tls/certs/mqtt.pem -koji_hub_plugin_mqtt_tls_key: /etc/pki/tls/certs/mqtt.pem +koji_hub_plugin_mqtt_tls_key: /etc/pki/tls/certs/mqtt.key koji_hub_plugin_mqtt_excluded_tags: - testing-tag @@ -61,6 +60,9 @@ koji_hub_plugin_mqtt_excluded_tags: ipa_getcert_requested_hostnames: - name: "{{ ansible_fqdn }}" owner: apache + key_location: "{{ koji_web_tls_key }}" + cert_location: "{{ koji_web_tls_cert }}" + postcmd: "/bin/systemctl reload httpd" # postgresql vars postgresql_restarted_state: "restarted" diff --git a/ansible/playbooks/vars/mqtt.yml b/ansible/playbooks/vars/mqtt.yml new file mode 100644 index 0000000..48a8ffb --- /dev/null +++ b/ansible/playbooks/vars/mqtt.yml @@ -0,0 +1,5 @@ +--- +# mqtt settings +mqtt_tls_ca_cert: "/etc/pki/tls/certs/ca-bundle.crt" +mqtt_tls_cert: "/etc/pki/tls/certs/{{ ansible_fqdn }}.crt" +mqtt_tls_key: "/etc/pki/tls/private/{{ ansible_fqdn }}.key" diff --git a/ansible/roles/requirements.yml b/ansible/roles/requirements.yml index 4223cfd..b72a768 100644 --- a/ansible/roles/requirements.yml +++ b/ansible/roles/requirements.yml @@ -16,6 +16,9 @@ roles: - name: rockylinux.kojihub src: https://github.com/rocky-linux/ansible-role-kojihub version: main + - name: rockylinux.mqtt + src: https://github.com/rocky-linux/ansible-role-mqtt + version: main collections: # freeipa