mirror of
https://github.com/rocky-linux/infrastructure
synced 2024-11-24 22:21:26 +00:00
bugzilla
This commit is contained in:
parent
3d32fa1988
commit
d532f6a28d
@ -1,13 +1,13 @@
|
||||
---
|
||||
# Installs the mantis bug tracker
|
||||
- name: Configure MantisBT
|
||||
# Installs Bugzilla
|
||||
- name: Configure Bugzilla
|
||||
hosts: "bugtracker"
|
||||
become: true
|
||||
vars_files:
|
||||
- vars/common.yml
|
||||
- vars/vaults/encpass.yml
|
||||
- vars/vaults/mantis.yml
|
||||
- vars/mantis.yml
|
||||
- vars/bugzilla.yml
|
||||
|
||||
handlers:
|
||||
- import_tasks: handlers/main.yml
|
||||
@ -31,7 +31,7 @@
|
||||
|
||||
tasks:
|
||||
- name: Deploy Mantis
|
||||
import_tasks: tasks/mantis.yml
|
||||
import_tasks: tasks/bugzilla.yml
|
||||
|
||||
post_tasks:
|
||||
- name: Open firewalld ports
|
||||
|
59
ansible/playbooks/init-rocky-mantisbt.yml
Normal file
59
ansible/playbooks/init-rocky-mantisbt.yml
Normal file
@ -0,0 +1,59 @@
|
||||
---
|
||||
# Installs the mantis bug tracker
|
||||
- name: Configure MantisBT
|
||||
hosts: "bugtracker"
|
||||
become: true
|
||||
vars_files:
|
||||
- vars/common.yml
|
||||
- vars/vaults/encpass.yml
|
||||
- vars/vaults/mantis.yml
|
||||
- vars/mantis.yml
|
||||
|
||||
handlers:
|
||||
- import_tasks: handlers/main.yml
|
||||
|
||||
pre_tasks:
|
||||
- name: Check if ansible cannot be run here
|
||||
stat:
|
||||
path: /etc/no-ansible
|
||||
register: no_ansible
|
||||
|
||||
- name: Verify if we can run ansible
|
||||
assert:
|
||||
that:
|
||||
- "not no_ansible.stat.exists"
|
||||
success_msg: "We are not able to run on this node"
|
||||
fail_msg: "/etc/no-ansible exists - skipping run on this node"
|
||||
|
||||
roles:
|
||||
- role: rockylinux.ipagetcert
|
||||
state: present
|
||||
|
||||
tasks:
|
||||
- name: Deploy Mantis
|
||||
import_tasks: tasks/mantis.yml
|
||||
|
||||
post_tasks:
|
||||
- name: Open firewalld ports
|
||||
ansible.posix.firewalld:
|
||||
service: "{{ item }}"
|
||||
permanent: true
|
||||
immediate: true
|
||||
state: enabled
|
||||
with_items:
|
||||
- http
|
||||
- https
|
||||
|
||||
- name: Ensure httpd is enabled and running
|
||||
service:
|
||||
name: httpd
|
||||
enabled: true
|
||||
state: started
|
||||
|
||||
- name: Touching run file that ansible has ran here
|
||||
file:
|
||||
path: /var/log/ansible.run
|
||||
state: touch
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
54
ansible/playbooks/tasks/bugzilla.yml
Normal file
54
ansible/playbooks/tasks/bugzilla.yml
Normal file
@ -0,0 +1,54 @@
|
||||
---
|
||||
# Configure Bugzilla
|
||||
- name: Configure SELinux booleans
|
||||
ansible.posix.seboolean:
|
||||
name: "{{ item }}"
|
||||
persistent: true
|
||||
state: true
|
||||
with_items:
|
||||
- httpd_can_network_connect_db
|
||||
- httpd_can_network_connect
|
||||
- httpd_can_sendmail
|
||||
|
||||
- name: Install necessary packages
|
||||
yum:
|
||||
name: "{{ bugzilla_pkg }}"
|
||||
state: present
|
||||
tags:
|
||||
- packages
|
||||
|
||||
- name: Download the bugtracker
|
||||
get_url:
|
||||
url: "https://ftp.mozilla.org/pub/mozilla.org/webtools/bugzilla-{{ bugzilla_version }}.tar.gz"
|
||||
dest: "/tmp/bugzilla-{{ bugzilla_version }}.tar.gz"
|
||||
checksum: "{{ bugzilla_checksum }}"
|
||||
|
||||
- name: Create initial directory
|
||||
file:
|
||||
path: "/var/www/bugzilla"
|
||||
state: directory
|
||||
mode: '0750'
|
||||
owner: root
|
||||
group: apache
|
||||
|
||||
- name: Extract bugzilla
|
||||
unarchive:
|
||||
src: "/tmp/bugzilla-{{ bugzilla_version }}.tar.gz"
|
||||
dest: "/var/www/bugzilla"
|
||||
owner: root
|
||||
group: apache
|
||||
mode: '0640'
|
||||
remote_src: true
|
||||
extra_opts:
|
||||
- '--strip-components=1'
|
||||
|
||||
- name: Configure httpd
|
||||
template:
|
||||
src: "etc/httpd/conf.d/bugzilla.conf.j2"
|
||||
dest: "/etc/httpd/conf.d/bugzilla.conf"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
|
||||
- name: Install necessary pieces
|
||||
import_tasks: bugzilla_install.yml
|
54
ansible/playbooks/tasks/bugzilla_install.yml
Normal file
54
ansible/playbooks/tasks/bugzilla_install.yml
Normal file
@ -0,0 +1,54 @@
|
||||
---
|
||||
# Install bugzilla properly, including modules and stuff
|
||||
|
||||
- name: Check for a localconfig file
|
||||
stat:
|
||||
path: "/var/www/bugzilla/localconfig"
|
||||
register: conf_result
|
||||
|
||||
- name: Deploy answer file
|
||||
template:
|
||||
src: "var/www/bugzilla/answer"
|
||||
dest: "/var/www/bugzilla/answer"
|
||||
owner: root
|
||||
group: apache
|
||||
mode: "0640"
|
||||
when: not conf_result.stat.exists
|
||||
|
||||
- name: Run checksetup.pl
|
||||
shell: "set -o pipefail && /usr/bin/perl checksetup.pl /var/www/bugzilla/answer"
|
||||
chdir: "/var/www/bugzilla"
|
||||
changed_when: "1 != 1"
|
||||
when: not conf_result.stat.exists
|
||||
|
||||
- name: Deploy proper configuration
|
||||
template:
|
||||
src: "var/www/bugzilla/localconfig.j2"
|
||||
dest: "/var/www/bugzilla/localconfig"
|
||||
owner: root
|
||||
group: apache
|
||||
mode: '0640'
|
||||
|
||||
- name: Install the proper modules
|
||||
shell: "set -o pipefail && /usr/bin/perl install-module.pl {{ item }}"
|
||||
chdir: "/var/www/bugzilla"
|
||||
changed_when: "1 != 1"
|
||||
with_items:
|
||||
- 'Net::SAML2'
|
||||
- 'HTML::FormatText::WithLinks'
|
||||
- 'PatchReader'
|
||||
- 'Crypt::OpenSSL::Verify'
|
||||
- 'Crypt::OpenSSL::RSA'
|
||||
- 'JSON::RPC'
|
||||
- 'XML::Twig'
|
||||
- 'Template::Plugin::GD::Image'
|
||||
|
||||
- name: Re-run checksetup.pl
|
||||
shell: "set -o pipefail && /usr/bin/perl checksetup.pl"
|
||||
chdir: "/var/www/bugzilla"
|
||||
changed_when: "1 != 1"
|
||||
|
||||
- name: Remove answer file
|
||||
file:
|
||||
path: "/var/www/bugzilla/answer"
|
||||
state: absent
|
@ -0,0 +1,37 @@
|
||||
<VirtualHost *:80>
|
||||
ServerAdmin infrastructure@rockylinux.org
|
||||
DocumentRoot "{{ bugzilla_dir }}"
|
||||
ServerName bugs.rockylinux.org
|
||||
TransferLog /var/log/httpd/bugzilla_access.log
|
||||
ErrorLog /var/log/httpd/bugzilla_error.log
|
||||
<Directory "{{ bugzilla_dir }}/">
|
||||
AddHandler cgi-script .cgi
|
||||
DirectoryIndex index.cgi
|
||||
Options MultiViews FollowSymlinks ExecCGI FollowSymLinks
|
||||
AllowOverride All
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
</Directory>
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost *:443>
|
||||
SSLEngine on
|
||||
SSLHonorCipherOrder on
|
||||
SSLCipherSuite PROFILE=SYSTEM
|
||||
SSLProxyCipherSuite PROFILE=SYSTEM
|
||||
SSLCertificateFile /etc/pki/tls/certs/bugs.rockylinux.org.crt
|
||||
SSLCertificateKeyFile /etc/pki/tls/private/bugs.rockylinux.org.key
|
||||
ServerAdmin infrastructure@rockylinux.org
|
||||
DocumentRoot "{{ bugzilla_dir }}"
|
||||
ServerName bugs.rockylinux.org
|
||||
TransferLog /var/log/httpd/bugzilla_access.log
|
||||
ErrorLog /var/log/httpd/bugzilla_error.log
|
||||
<Directory "{{ bugzilla_dir }}/">
|
||||
AddHandler cgi-script .cgi
|
||||
DirectoryIndex index.cgi
|
||||
Options MultiViews FollowSymlinks ExecCGI FollowSymLinks
|
||||
AllowOverride All
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
</Directory>
|
||||
</VirtualHost>
|
11
ansible/playbooks/templates/var/www/bugzilla/answer
Normal file
11
ansible/playbooks/templates/var/www/bugzilla/answer
Normal file
@ -0,0 +1,11 @@
|
||||
$answer{'db_host'} = '{{ bugzilla_db_host }}';
|
||||
$answer{'db_driver'} = 'pg';
|
||||
$answer{'db_port'} = 0;
|
||||
$answer{'db_name'} = '{{ bugzilla_db_name }}';
|
||||
$answer{'db_user'} = '{{ bugzilla_db_user }}';
|
||||
$answer{'db_pass'} = '{{ bugzilla_db_pass }}';
|
||||
$answer{'urlbase'} = 'https://bugs.rockylinux.org/';
|
||||
$answer{'ADMIN_EMAIL'} = 'infrastructure@rockylinux.org';
|
||||
$answer{'ADMIN_PASSWORD'} = '{{ bugzilla_admin_password }}';
|
||||
$answer{'ADMIN_REALNAME'} = 'Infrastructure';
|
||||
$answer{'NO_PAUSE'} = 1
|
19
ansible/playbooks/templates/var/www/bugzilla/localconfig.j2
Normal file
19
ansible/playbooks/templates/var/www/bugzilla/localconfig.j2
Normal file
@ -0,0 +1,19 @@
|
||||
$create_htaccess = 1;
|
||||
$webservergroup = 'apache';
|
||||
$use_suexec = 0;
|
||||
$db_driver = 'pg';
|
||||
$db_host = '{{ bugzilla_db_host }}';
|
||||
$db_name = '{{ bugzilla_db_name }}';
|
||||
$db_user = '{{ bugzilla_db_user }}';
|
||||
$db_pass = '{{ bugzilla_db_pass }}';
|
||||
$db_port = 0;
|
||||
$db_sock = '';
|
||||
$db_check = 1;
|
||||
$db_mysql_ssl_ca_file = '';
|
||||
$db_mysql_ssl_ca_path = '';
|
||||
$db_mysql_ssl_client_cert = '';
|
||||
$db_mysql_ssl_client_key = '';
|
||||
$index_html = 0;
|
||||
$interdiffbin = '/usr/bin/interdiff';
|
||||
$diffpath = '/usr/bin';
|
||||
$site_wide_secret = '{{ lookup('password', '/dev/null length=54 chars=ascii_letters') }}';
|
52
ansible/playbooks/vars/bugzilla.yml
Normal file
52
ansible/playbooks/vars/bugzilla.yml
Normal file
@ -0,0 +1,52 @@
|
||||
---
|
||||
# bugzilla vars
|
||||
bugzilla_version: 5.0.6
|
||||
bugzilla_checksum: "sha256:dd41a4b0a3a1df0d193bc056f2e3711d7b5605718a00bf6e5d4177bf1be86f77"
|
||||
bugzilla_dir: "/var/www/bugzilla"
|
||||
bugzilla_pkg:
|
||||
- perl
|
||||
- perl-CPAN
|
||||
- perl-DBD-Pg
|
||||
- perl-LDAP
|
||||
- perl-JSON-RPC-CGI
|
||||
- perl-JSON-RPC-Daemon
|
||||
- perl-JSON-RPC-Apache2
|
||||
- perl-JSON-XS
|
||||
- perl-XMLRPC-Lite
|
||||
- perl-CGI
|
||||
- perl-DateTime
|
||||
- perl-DateTime-TimeZone
|
||||
- perl-Template-Toolkit
|
||||
- perl-Email-Sender
|
||||
- perl-Email-MIME
|
||||
- perl-List-MoreUtils
|
||||
- perl-Math-Random-ISAAC
|
||||
- perl-GD
|
||||
- patchutils
|
||||
- httpd
|
||||
- mod_ssl
|
||||
- mod_perl
|
||||
- mod_perl-devel
|
||||
- httpd-devel
|
||||
- gd-devel
|
||||
- graphviz
|
||||
- patchutils
|
||||
- gcc
|
||||
- openssl-devel
|
||||
- wget
|
||||
- curl
|
||||
bugzilla_db_host: db.rockylinux.org
|
||||
bugzilla_db_name: bugzilla_db
|
||||
bugzilla_db_user: bugzilla
|
||||
|
||||
# Vault
|
||||
# bugzilla_db_pass: ThisIsNotThePassword!
|
||||
|
||||
ipa_getcert_requested_hostnames:
|
||||
- name: "{{ ansible_fqdn }}"
|
||||
owner: apache
|
||||
key_location: "/etc/pki/tls/private/bugs.rockylinux.org.key"
|
||||
cert_location: "/etc/pki/tls/certs/bugs.rockylinux.org.crt"
|
||||
postcmd: "/bin/systemctl reload httpd"
|
||||
cnames:
|
||||
- "bugs.rockylinux.org"
|
Loading…
Reference in New Issue
Block a user