This commit is contained in:
nazunalika 2021-04-01 19:35:17 -07:00
parent 2e612242cb
commit ad5f13a85a
Signed by: label
GPG Key ID: CB6D9706D138D190
7 changed files with 171 additions and 0 deletions

View File

@ -0,0 +1,16 @@
[Unit]
Description=noggin
After=network-online.target
Wants=network-online.target
[Service]
Environment=FLASK_APP=/opt/noggin/noggin/noggin/app.py
Environment=NOGGIN_CONFIG_PATH=/opt/noggin/noggin.cfg
Environment=FLASK_DEBUG=1
User=noggin
WorkingDirectory=/opt/noggin/noggin
ExecStart=/bin/bash /opt/noggin/start_noggin.sh
PrivateTmp=true
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,34 @@
---
# (Re)deploys the noggin theme
- name: Deploy Noggin
hosts: "idp"
become: true
handlers:
- import_tasks: handlers/main.yml
pre_tasks:
- name: Check if ansible cannot be run here
stat:
path: /etc/no-ansible
register: no_ansible
- name: Verify if we can run ansible
assert:
that:
- "not no_ansible.stat.exists"
success_msg: "We are not able to run on this node"
fail_msg: "/etc/no-ansible exists - skipping run on this node"
tasks:
- name: Deploy Noggin
import_tasks: "tasks/noggin.yml"
post_tasks:
- name: Touching run file that ansible has ran here
file:
path: /var/log/ansible.run
state: touch
mode: '0644'
owner: root
group: root

View File

@ -0,0 +1,79 @@
---
- name: Ensure python is installed
yum:
name:
- python3
- python3-pip
- name: Ensure noggin user exists
user:
name: noggin
comment: "Noggin FAS"
- name: Create noggin directory
file:
path: /opt/noggin
state: directory
mode: '0700'
owner: noggin
group: noggin
- name: Deploy noggin
git:
repo: https://github.com/fedora-infra/noggin.git
dest: /opt/noggin/noggin
update: true
version: main
become: true
become_user: noggin
- name: Noggin user must install poetry
pip:
name: poetry
executable: pip3
become: true
become_user: noggin
- name: Remove any pycache
file:
path: "/home/noggin/.cache/pypoetry"
state: absent
- name: Noggin installation
shell:
cmd: "/home/noggin/.local/bin/poetry install --no-dev --extras deploy"
chdir: "/opt/noggin/noggin"
become: true
become_user: noggin
- name: Get the noggin poetry virtualenv
shell:
cmd: "poetry env list | awk '{print $1}'"
chdir: "/opt/noggin/noggin"
become: true
become_user: noggin
register: virtualenv_location
- name: Deploy start up script
template:
src: "opt/noggin/start_noggin.sh.j2"
dest: "/opt/noggin/start_noggin.sh"
mode: '0750'
user: noggin
group: noggin
- name: Deploy systemd unit
copy:
src: "etc/systemd/system/noggin.service"
dest: "/etc/systemd/system/noggin.service"
owner: root
group: root
mode: '0644'
- name: Deploy noggin configuration
template:
src: "opt/noggin/noggin.cfg.j2"
dest: "/opt/noggin/noggin.cfg"
owner: noggin
group: noggin
mode: '0600'

View File

@ -136,3 +136,6 @@ gitlab_rails['db_password'] = '{{ gitlab_external_db_password }}'
{% if gitlab_trusted_proxies %} {% if gitlab_trusted_proxies %}
gitlab_rails['trusted_proxies'] = '{{ gitlab_trusted_proxies | map("to_json") | join(", ") }}' gitlab_rails['trusted_proxies'] = '{{ gitlab_trusted_proxies | map("to_json") | join(", ") }}'
{% endif %} {% endif %}
gitlab_rails['gravatar_enabled'] = true
gitlab_rails['gravatar_ssl_url'] = "https://seccdn.libravatar.org/avatar/%{hash}?s=%{size}&d=retro"

View File

@ -0,0 +1,23 @@
TEMPLATES_AUTO_RELOAD = False
FREEIPA_SERVERS = []
FREEIPA_CACERT = '/etc/ipa/ca.crt'
FREEIPA_ADMIN_USER = 'userman'
FREEIPA_ADMIN_PASSWORD = '{{ rocky_ldap_userman_pw }}'
THEME = "rocky"
FERNET_SECRET = b'NOTASECRET='
SECRET_KEY = b'NOTASECRET='
SESSION_COOKIE_HTTPONLY = True
SESSION_COOKIE_SECURE = True
USER_DEFAULTS = {
"locale": "en-US",
"timezone": "UTC",
"status_note": "active",
}
REGISTRATION_OPEN = True
ACTIVATION_TOKEN_EXPIRATION = 30
PASSWORD_RESET_EXPIRATION = 10
MAIL_DEFAULT_SENDER = "Account Services <identitymanagement@rockylinux.org>"
MAIL_SUPPRESS_SEND = False
AVATAR_SERVICE_URL = "https://seccdn.libravatar.org/"
AVATAR_DEFAULT_TYPE = "retro"
FEDORA_MESSAGING_ENABLED = False

View File

@ -0,0 +1,14 @@
#!/bin/bash
export PATH=/home/noggin/.local/bin:/home/noggin/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin
export NOGGIN_CONFIG_PATH=/opt/noggin/noggin.cfg
export FLASK_DEBUG=1
export FLASK_APP=/opt/noggin/noggin/noggin/app.py
source /home/noggin/.cache/pypoetry/virtualenvs/{{ virtualenv_location.stdout }}/bin/activate
cd /opt/noggin/noggin
#/home/noggin/.local/bin/poetry run flask run -h 0.0.0.0
# --certfile=/etc/pki/tls/certs/noggin.crt \
# --keyfile=/etc/pki/tls/private/noggin.key \
gunicorn -w 3 \
--env NOGGIN_CONFIG_PATH=/opt/noggin/noggin.cfg \
--bind tcp://0.0.0.0:5000 \
noggin.app:app

View File

@ -9,3 +9,5 @@ rocky_ipaserver_list: "{{ groups['ipaserver'] + groups['ipareplicas'] }}"
rocky_ipaserver_lb: "ipa-lb.rockylinux.org" rocky_ipaserver_lb: "ipa-lb.rockylinux.org"
# This will need to be vaulted # This will need to be vaulted
rocky_ldap_bind_pw: "{{ ipa_binder_password }}" rocky_ldap_bind_pw: "{{ ipa_binder_password }}"
rocky_ldap_userman_dn: "uid=userman,cn=users,cn=accounts,dc=rockylinux,dc=org"
rocky_ldap_userman_pw: "{{ ipa_userman_password }}"