mirror of
https://github.com/rocky-linux/infrastructure
synced 2024-12-22 02:58:28 +00:00
fix cdn
This commit is contained in:
parent
2e612242cb
commit
ad5f13a85a
16
ansible/playbooks/files/etc/systemd/system/noggin.service
Normal file
16
ansible/playbooks/files/etc/systemd/system/noggin.service
Normal file
@ -0,0 +1,16 @@
|
||||
[Unit]
|
||||
Description=noggin
|
||||
After=network-online.target
|
||||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
Environment=FLASK_APP=/opt/noggin/noggin/noggin/app.py
|
||||
Environment=NOGGIN_CONFIG_PATH=/opt/noggin/noggin.cfg
|
||||
Environment=FLASK_DEBUG=1
|
||||
User=noggin
|
||||
WorkingDirectory=/opt/noggin/noggin
|
||||
ExecStart=/bin/bash /opt/noggin/start_noggin.sh
|
||||
PrivateTmp=true
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
34
ansible/playbooks/init-rocky-noggin.yml
Normal file
34
ansible/playbooks/init-rocky-noggin.yml
Normal file
@ -0,0 +1,34 @@
|
||||
---
|
||||
# (Re)deploys the noggin theme
|
||||
- name: Deploy Noggin
|
||||
hosts: "idp"
|
||||
become: true
|
||||
|
||||
handlers:
|
||||
- import_tasks: handlers/main.yml
|
||||
|
||||
pre_tasks:
|
||||
- name: Check if ansible cannot be run here
|
||||
stat:
|
||||
path: /etc/no-ansible
|
||||
register: no_ansible
|
||||
|
||||
- name: Verify if we can run ansible
|
||||
assert:
|
||||
that:
|
||||
- "not no_ansible.stat.exists"
|
||||
success_msg: "We are not able to run on this node"
|
||||
fail_msg: "/etc/no-ansible exists - skipping run on this node"
|
||||
|
||||
tasks:
|
||||
- name: Deploy Noggin
|
||||
import_tasks: "tasks/noggin.yml"
|
||||
|
||||
post_tasks:
|
||||
- name: Touching run file that ansible has ran here
|
||||
file:
|
||||
path: /var/log/ansible.run
|
||||
state: touch
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
79
ansible/playbooks/tasks/noggin.yml
Normal file
79
ansible/playbooks/tasks/noggin.yml
Normal file
@ -0,0 +1,79 @@
|
||||
---
|
||||
- name: Ensure python is installed
|
||||
yum:
|
||||
name:
|
||||
- python3
|
||||
- python3-pip
|
||||
|
||||
- name: Ensure noggin user exists
|
||||
user:
|
||||
name: noggin
|
||||
comment: "Noggin FAS"
|
||||
|
||||
- name: Create noggin directory
|
||||
file:
|
||||
path: /opt/noggin
|
||||
state: directory
|
||||
mode: '0700'
|
||||
owner: noggin
|
||||
group: noggin
|
||||
|
||||
- name: Deploy noggin
|
||||
git:
|
||||
repo: https://github.com/fedora-infra/noggin.git
|
||||
dest: /opt/noggin/noggin
|
||||
update: true
|
||||
version: main
|
||||
become: true
|
||||
become_user: noggin
|
||||
|
||||
- name: Noggin user must install poetry
|
||||
pip:
|
||||
name: poetry
|
||||
executable: pip3
|
||||
become: true
|
||||
become_user: noggin
|
||||
|
||||
- name: Remove any pycache
|
||||
file:
|
||||
path: "/home/noggin/.cache/pypoetry"
|
||||
state: absent
|
||||
|
||||
- name: Noggin installation
|
||||
shell:
|
||||
cmd: "/home/noggin/.local/bin/poetry install --no-dev --extras deploy"
|
||||
chdir: "/opt/noggin/noggin"
|
||||
become: true
|
||||
become_user: noggin
|
||||
|
||||
- name: Get the noggin poetry virtualenv
|
||||
shell:
|
||||
cmd: "poetry env list | awk '{print $1}'"
|
||||
chdir: "/opt/noggin/noggin"
|
||||
become: true
|
||||
become_user: noggin
|
||||
register: virtualenv_location
|
||||
|
||||
- name: Deploy start up script
|
||||
template:
|
||||
src: "opt/noggin/start_noggin.sh.j2"
|
||||
dest: "/opt/noggin/start_noggin.sh"
|
||||
mode: '0750'
|
||||
user: noggin
|
||||
group: noggin
|
||||
|
||||
- name: Deploy systemd unit
|
||||
copy:
|
||||
src: "etc/systemd/system/noggin.service"
|
||||
dest: "/etc/systemd/system/noggin.service"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
|
||||
- name: Deploy noggin configuration
|
||||
template:
|
||||
src: "opt/noggin/noggin.cfg.j2"
|
||||
dest: "/opt/noggin/noggin.cfg"
|
||||
owner: noggin
|
||||
group: noggin
|
||||
mode: '0600'
|
@ -136,3 +136,6 @@ gitlab_rails['db_password'] = '{{ gitlab_external_db_password }}'
|
||||
{% if gitlab_trusted_proxies %}
|
||||
gitlab_rails['trusted_proxies'] = '{{ gitlab_trusted_proxies | map("to_json") | join(", ") }}'
|
||||
{% endif %}
|
||||
|
||||
gitlab_rails['gravatar_enabled'] = true
|
||||
gitlab_rails['gravatar_ssl_url'] = "https://seccdn.libravatar.org/avatar/%{hash}?s=%{size}&d=retro"
|
||||
|
23
ansible/playbooks/templates/opt/noggin/noggin.cfg
Normal file
23
ansible/playbooks/templates/opt/noggin/noggin.cfg
Normal file
@ -0,0 +1,23 @@
|
||||
TEMPLATES_AUTO_RELOAD = False
|
||||
FREEIPA_SERVERS = []
|
||||
FREEIPA_CACERT = '/etc/ipa/ca.crt'
|
||||
FREEIPA_ADMIN_USER = 'userman'
|
||||
FREEIPA_ADMIN_PASSWORD = '{{ rocky_ldap_userman_pw }}'
|
||||
THEME = "rocky"
|
||||
FERNET_SECRET = b'NOTASECRET='
|
||||
SECRET_KEY = b'NOTASECRET='
|
||||
SESSION_COOKIE_HTTPONLY = True
|
||||
SESSION_COOKIE_SECURE = True
|
||||
USER_DEFAULTS = {
|
||||
"locale": "en-US",
|
||||
"timezone": "UTC",
|
||||
"status_note": "active",
|
||||
}
|
||||
REGISTRATION_OPEN = True
|
||||
ACTIVATION_TOKEN_EXPIRATION = 30
|
||||
PASSWORD_RESET_EXPIRATION = 10
|
||||
MAIL_DEFAULT_SENDER = "Account Services <identitymanagement@rockylinux.org>"
|
||||
MAIL_SUPPRESS_SEND = False
|
||||
AVATAR_SERVICE_URL = "https://seccdn.libravatar.org/"
|
||||
AVATAR_DEFAULT_TYPE = "retro"
|
||||
FEDORA_MESSAGING_ENABLED = False
|
14
ansible/playbooks/templates/opt/noggin/start_noggin.sh.j2
Normal file
14
ansible/playbooks/templates/opt/noggin/start_noggin.sh.j2
Normal file
@ -0,0 +1,14 @@
|
||||
#!/bin/bash
|
||||
export PATH=/home/noggin/.local/bin:/home/noggin/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin
|
||||
export NOGGIN_CONFIG_PATH=/opt/noggin/noggin.cfg
|
||||
export FLASK_DEBUG=1
|
||||
export FLASK_APP=/opt/noggin/noggin/noggin/app.py
|
||||
source /home/noggin/.cache/pypoetry/virtualenvs/{{ virtualenv_location.stdout }}/bin/activate
|
||||
cd /opt/noggin/noggin
|
||||
#/home/noggin/.local/bin/poetry run flask run -h 0.0.0.0
|
||||
# --certfile=/etc/pki/tls/certs/noggin.crt \
|
||||
# --keyfile=/etc/pki/tls/private/noggin.key \
|
||||
gunicorn -w 3 \
|
||||
--env NOGGIN_CONFIG_PATH=/opt/noggin/noggin.cfg \
|
||||
--bind tcp://0.0.0.0:5000 \
|
||||
noggin.app:app
|
@ -9,3 +9,5 @@ rocky_ipaserver_list: "{{ groups['ipaserver'] + groups['ipareplicas'] }}"
|
||||
rocky_ipaserver_lb: "ipa-lb.rockylinux.org"
|
||||
# This will need to be vaulted
|
||||
rocky_ldap_bind_pw: "{{ ipa_binder_password }}"
|
||||
rocky_ldap_userman_dn: "uid=userman,cn=users,cn=accounts,dc=rockylinux,dc=org"
|
||||
rocky_ldap_userman_pw: "{{ ipa_userman_password }}"
|
||||
|
Loading…
Reference in New Issue
Block a user