This commit is contained in:
nazunalika 2021-04-24 01:15:27 -07:00
parent 3d32fa1988
commit d532f6a28d
Signed by: label
GPG Key ID: 6735C0E1BD65D048
8 changed files with 290 additions and 4 deletions

View File

@ -1,13 +1,13 @@
--- ---
# Installs the mantis bug tracker # Installs Bugzilla
- name: Configure MantisBT - name: Configure Bugzilla
hosts: "bugtracker" hosts: "bugtracker"
become: true become: true
vars_files: vars_files:
- vars/common.yml - vars/common.yml
- vars/vaults/encpass.yml - vars/vaults/encpass.yml
- vars/vaults/mantis.yml - vars/vaults/mantis.yml
- vars/mantis.yml - vars/bugzilla.yml
handlers: handlers:
- import_tasks: handlers/main.yml - import_tasks: handlers/main.yml
@ -31,7 +31,7 @@
tasks: tasks:
- name: Deploy Mantis - name: Deploy Mantis
import_tasks: tasks/mantis.yml import_tasks: tasks/bugzilla.yml
post_tasks: post_tasks:
- name: Open firewalld ports - name: Open firewalld ports

View File

@ -0,0 +1,59 @@
---
# Installs the mantis bug tracker
- name: Configure MantisBT
hosts: "bugtracker"
become: true
vars_files:
- vars/common.yml
- vars/vaults/encpass.yml
- vars/vaults/mantis.yml
- vars/mantis.yml
handlers:
- import_tasks: handlers/main.yml
pre_tasks:
- name: Check if ansible cannot be run here
stat:
path: /etc/no-ansible
register: no_ansible
- name: Verify if we can run ansible
assert:
that:
- "not no_ansible.stat.exists"
success_msg: "We are not able to run on this node"
fail_msg: "/etc/no-ansible exists - skipping run on this node"
roles:
- role: rockylinux.ipagetcert
state: present
tasks:
- name: Deploy Mantis
import_tasks: tasks/mantis.yml
post_tasks:
- name: Open firewalld ports
ansible.posix.firewalld:
service: "{{ item }}"
permanent: true
immediate: true
state: enabled
with_items:
- http
- https
- name: Ensure httpd is enabled and running
service:
name: httpd
enabled: true
state: started
- name: Touching run file that ansible has ran here
file:
path: /var/log/ansible.run
state: touch
mode: '0644'
owner: root
group: root

View File

@ -0,0 +1,54 @@
---
# Configure Bugzilla
- name: Configure SELinux booleans
ansible.posix.seboolean:
name: "{{ item }}"
persistent: true
state: true
with_items:
- httpd_can_network_connect_db
- httpd_can_network_connect
- httpd_can_sendmail
- name: Install necessary packages
yum:
name: "{{ bugzilla_pkg }}"
state: present
tags:
- packages
- name: Download the bugtracker
get_url:
url: "https://ftp.mozilla.org/pub/mozilla.org/webtools/bugzilla-{{ bugzilla_version }}.tar.gz"
dest: "/tmp/bugzilla-{{ bugzilla_version }}.tar.gz"
checksum: "{{ bugzilla_checksum }}"
- name: Create initial directory
file:
path: "/var/www/bugzilla"
state: directory
mode: '0750'
owner: root
group: apache
- name: Extract bugzilla
unarchive:
src: "/tmp/bugzilla-{{ bugzilla_version }}.tar.gz"
dest: "/var/www/bugzilla"
owner: root
group: apache
mode: '0640'
remote_src: true
extra_opts:
- '--strip-components=1'
- name: Configure httpd
template:
src: "etc/httpd/conf.d/bugzilla.conf.j2"
dest: "/etc/httpd/conf.d/bugzilla.conf"
owner: root
group: root
mode: '0644'
- name: Install necessary pieces
import_tasks: bugzilla_install.yml

View File

@ -0,0 +1,54 @@
---
# Install bugzilla properly, including modules and stuff
- name: Check for a localconfig file
stat:
path: "/var/www/bugzilla/localconfig"
register: conf_result
- name: Deploy answer file
template:
src: "var/www/bugzilla/answer"
dest: "/var/www/bugzilla/answer"
owner: root
group: apache
mode: "0640"
when: not conf_result.stat.exists
- name: Run checksetup.pl
shell: "set -o pipefail && /usr/bin/perl checksetup.pl /var/www/bugzilla/answer"
chdir: "/var/www/bugzilla"
changed_when: "1 != 1"
when: not conf_result.stat.exists
- name: Deploy proper configuration
template:
src: "var/www/bugzilla/localconfig.j2"
dest: "/var/www/bugzilla/localconfig"
owner: root
group: apache
mode: '0640'
- name: Install the proper modules
shell: "set -o pipefail && /usr/bin/perl install-module.pl {{ item }}"
chdir: "/var/www/bugzilla"
changed_when: "1 != 1"
with_items:
- 'Net::SAML2'
- 'HTML::FormatText::WithLinks'
- 'PatchReader'
- 'Crypt::OpenSSL::Verify'
- 'Crypt::OpenSSL::RSA'
- 'JSON::RPC'
- 'XML::Twig'
- 'Template::Plugin::GD::Image'
- name: Re-run checksetup.pl
shell: "set -o pipefail && /usr/bin/perl checksetup.pl"
chdir: "/var/www/bugzilla"
changed_when: "1 != 1"
- name: Remove answer file
file:
path: "/var/www/bugzilla/answer"
state: absent

View File

@ -0,0 +1,37 @@
<VirtualHost *:80>
ServerAdmin infrastructure@rockylinux.org
DocumentRoot "{{ bugzilla_dir }}"
ServerName bugs.rockylinux.org
TransferLog /var/log/httpd/bugzilla_access.log
ErrorLog /var/log/httpd/bugzilla_error.log
<Directory "{{ bugzilla_dir }}/">
AddHandler cgi-script .cgi
DirectoryIndex index.cgi
Options MultiViews FollowSymlinks ExecCGI FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLHonorCipherOrder on
SSLCipherSuite PROFILE=SYSTEM
SSLProxyCipherSuite PROFILE=SYSTEM
SSLCertificateFile /etc/pki/tls/certs/bugs.rockylinux.org.crt
SSLCertificateKeyFile /etc/pki/tls/private/bugs.rockylinux.org.key
ServerAdmin infrastructure@rockylinux.org
DocumentRoot "{{ bugzilla_dir }}"
ServerName bugs.rockylinux.org
TransferLog /var/log/httpd/bugzilla_access.log
ErrorLog /var/log/httpd/bugzilla_error.log
<Directory "{{ bugzilla_dir }}/">
AddHandler cgi-script .cgi
DirectoryIndex index.cgi
Options MultiViews FollowSymlinks ExecCGI FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>

View File

@ -0,0 +1,11 @@
$answer{'db_host'} = '{{ bugzilla_db_host }}';
$answer{'db_driver'} = 'pg';
$answer{'db_port'} = 0;
$answer{'db_name'} = '{{ bugzilla_db_name }}';
$answer{'db_user'} = '{{ bugzilla_db_user }}';
$answer{'db_pass'} = '{{ bugzilla_db_pass }}';
$answer{'urlbase'} = 'https://bugs.rockylinux.org/';
$answer{'ADMIN_EMAIL'} = 'infrastructure@rockylinux.org';
$answer{'ADMIN_PASSWORD'} = '{{ bugzilla_admin_password }}';
$answer{'ADMIN_REALNAME'} = 'Infrastructure';
$answer{'NO_PAUSE'} = 1

View File

@ -0,0 +1,19 @@
$create_htaccess = 1;
$webservergroup = 'apache';
$use_suexec = 0;
$db_driver = 'pg';
$db_host = '{{ bugzilla_db_host }}';
$db_name = '{{ bugzilla_db_name }}';
$db_user = '{{ bugzilla_db_user }}';
$db_pass = '{{ bugzilla_db_pass }}';
$db_port = 0;
$db_sock = '';
$db_check = 1;
$db_mysql_ssl_ca_file = '';
$db_mysql_ssl_ca_path = '';
$db_mysql_ssl_client_cert = '';
$db_mysql_ssl_client_key = '';
$index_html = 0;
$interdiffbin = '/usr/bin/interdiff';
$diffpath = '/usr/bin';
$site_wide_secret = '{{ lookup('password', '/dev/null length=54 chars=ascii_letters') }}';

View File

@ -0,0 +1,52 @@
---
# bugzilla vars
bugzilla_version: 5.0.6
bugzilla_checksum: "sha256:dd41a4b0a3a1df0d193bc056f2e3711d7b5605718a00bf6e5d4177bf1be86f77"
bugzilla_dir: "/var/www/bugzilla"
bugzilla_pkg:
- perl
- perl-CPAN
- perl-DBD-Pg
- perl-LDAP
- perl-JSON-RPC-CGI
- perl-JSON-RPC-Daemon
- perl-JSON-RPC-Apache2
- perl-JSON-XS
- perl-XMLRPC-Lite
- perl-CGI
- perl-DateTime
- perl-DateTime-TimeZone
- perl-Template-Toolkit
- perl-Email-Sender
- perl-Email-MIME
- perl-List-MoreUtils
- perl-Math-Random-ISAAC
- perl-GD
- patchutils
- httpd
- mod_ssl
- mod_perl
- mod_perl-devel
- httpd-devel
- gd-devel
- graphviz
- patchutils
- gcc
- openssl-devel
- wget
- curl
bugzilla_db_host: db.rockylinux.org
bugzilla_db_name: bugzilla_db
bugzilla_db_user: bugzilla
# Vault
# bugzilla_db_pass: ThisIsNotThePassword!
ipa_getcert_requested_hostnames:
- name: "{{ ansible_fqdn }}"
owner: apache
key_location: "/etc/pki/tls/private/bugs.rockylinux.org.key"
cert_location: "/etc/pki/tls/certs/bugs.rockylinux.org.crt"
postcmd: "/bin/systemctl reload httpd"
cnames:
- "bugs.rockylinux.org"