Merge pull request #14987 from rocky-linux/develop

Bugzilla
This commit is contained in:
Louis Abel 2021-04-24 01:19:59 -07:00 committed by GitHub
commit ff9d39342a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
16 changed files with 618 additions and 4 deletions

View File

@ -0,0 +1,40 @@
---
# This playbook is meant to be used with callable variables, like adhoc or AWX.
# What: Creates a group in gitlab. Use this to create a group that may not
# exist and wish to have projects in.
# What is expected:
# -> gitlab_api_token: You must provide an API token to perform this.
# -> gitlab_group_name: Name of the group you wish to create.
# -> gitlab_parent_group: Id or full path of parent group if required.
# For example: "infrastructure/Public"
# -> gitlab_description: Description of your group
# -> gitlab_visibility: public, internal, private. Default is private.
- name: Create a gitlab group
hosts: localhost
become: false
gather_facts: false
vars:
gitlab_endpoint: "https://git.rockylinux.org/"
tasks:
- name: "Checking for user variables"
assert:
that:
- gitlab_api_token | mandatory
- gitlab_group_name | mandatory
success_msg: "Required variables provided"
fail_msg: "We are missing our required variables"
- name: "Creating GitLab Group"
community.general.gitlab_group:
api_token: "{{ gitlab_api_token }}"
api_url: "{{ gitlab_endpoint }}"
name: "{{ gitlab_group_name }}"
description: "{{ gitlab_description|default(omit) }}"
parent: "{{ gitlab_parent_group|default(omit) }}"
state: present
validate_certs: true
visibility: "{{ gitlab_visibility|default('private') }}"
delegate_to: localhost
register: gitlab_group_return

View File

@ -0,0 +1,43 @@
---
# This playbook is meant to be used with callable variables, like adhoc or AWX.
# What: Creates a project in gitlab. Use this to create a project that may not
# exist. YOU MUST HAVE A GROUP THAT IT CAN BE PLACED IN.
# What is expected:
# -> gitlab_api_token: You must provide an API token to perform this.
# -> gitlab_project_name: Name of the project
# -> gitlab_group_name: Id or Path to the group in which the project is
# is placed. This is not optional.
# -> gitlab_description: Description of your project
# -> gitlab_import_url: If you are importing from github or another git repo,
# put the URL here.
# -> gitlab_visibility: public, internal, private. Default is private.
- name: Create a gitlab project
hosts: localhost
become: false
gather_facts: false
vars:
gitlab_endpoint: "https://git.rockylinux.org/"
tasks:
- name: "Checking for user variables"
assert:
that:
- gitlab_api_token | mandatory
- gitlab_project_name | mandatory
- gitlab_group_name | mandatory
success_msg: "Required variables provided"
fail_msg: "We are missing our required variables"
- name: "Creating GitLab Project"
community.general.gitlab_project:
api_url: "{{ gitlab_endpoint }}"
api_token: "{{ gitlab_api_token }}"
name: "{{ gitlab_project_name }}"
description: "{{ gitlab_description|default(omit) }}"
group: "{{ gitlab_group_name }}"
import_url: "{{ gitlab_import_url|default(omit) }}"
state: present
validate_certs: true
visibility: "{{ gitlab_visibility|default('private') }}"
delegate_to: localhost

View File

@ -0,0 +1,37 @@
---
# This playbook is meant to be used with callable variables, like adhoc or AWX.
# What: Deletes a group in gitlab. THERE MUST BE A REASON FOR YOU TO PERFORM
# THIS OPERATION.
# What is expected:
# -> gitlab_api_token: You must provide an API token to perform this.
# -> gitlab_group_name: Name of the group you wish to create.
# -> gitlab_parent_group: Id or full path of parent group if required.
# For example: "infrastructure/Public"
# -> gitlab_description: Description of your group
# -> gitlab_visibility: public, internal, private. Default is private.
- name: Delete a gitlab group
hosts: localhost
become: false
gather_facts: false
vars:
gitlab_endpoint: "https://git.rockylinux.org/"
tasks:
- name: "Checking for user variables"
assert:
that:
- gitlab_api_token | mandatory
- gitlab_group_name | mandatory
success_msg: "Required variables provided"
fail_msg: "We are missing our required variables"
- name: "Deleting GitLab Group"
community.general.gitlab_group:
api_token: "{{ gitlab_api_token }}"
api_url: "{{ gitlab_endpoint }}"
name: "{{ gitlab_group_name }}"
parent: "{{ gitlab_parent_group|default(omit) }}"
state: absent
validate_certs: true
delegate_to: localhost

View File

@ -0,0 +1,37 @@
---
# This playbook is meant to be used with callable variables, like adhoc or AWX.
# What: Deletes a project in gitlab. THERE MUST BE A GOOD REASON FOR YOU TO
# RUN THIS. THIS IS NOT REVERSIBLE.
# What is expected:
# -> gitlab_api_token: You must provide an API token to perform this.
# -> gitlab_project_name: Name of the project
# -> gitlab_group_name: Id or Path to the group in which the project is
# is placed. This is not optional.
# -> gitlab_description: Description of your project
# -> gitlab_visibility: public, internal, private. Default is private.
- name: Delete a gitlab project
hosts: localhost
become: false
gather_facts: false
vars:
gitlab_endpoint: "https://git.rockylinux.org/"
tasks:
- name: "Checking for user variables"
assert:
that:
- gitlab_api_token | mandatory
- gitlab_project_name | mandatory
- gitlab_group_name | mandatory
success_msg: "Required variables provided"
fail_msg: "We are missing our required variables"
- name: "Deleting GitLab Project"
community.general.gitlab_project:
api_url: "{{ gitlab_endpoint }}"
api_token: "{{ gitlab_api_token }}"
name: "{{ gitlab_project_name }}"
state: absent
validate_certs: true
delegate_to: localhost

View File

@ -0,0 +1,84 @@
---
# This playbook is meant to be used with callable variables, like adhoc or AWX.
# What: Disables users in the idm infrastructure based on the variables provided.
# This is primarily used in the event a user wishes to have their personal
# information removed from the project. However, signing of the agreements
# in Account Services cannot be removed and should still be available
# for the RESF to query.
- name: Disable a User - PDR
hosts: ipaserver
become: false
gather_facts: false
vars_files:
- vars/vaults/userman.yml
tasks:
- name: "Checking for user variables"
assert:
that:
- ipa_admin | mandatory
- ipaadmin_password | mandatory
- ipa_name | mandatory
- ticket_id | mandatory
success_msg: "Required variables provided"
fail_msg: "We are missing user information or ipa admin password"
- name: "Disabling User Account"
freeipa.ansible_freeipa.ipauser:
ipaadmin_principal: "{{ ipa_admin }}"
ipaadmin_password: "{{ ipaadmin_password }}"
name: "{{ ipa_name }}"
state: disabled
tags:
- users
- name: "Remove personal information attributes"
community.general.ldap_attr:
dn: "uid={{ ipa_name }},cn=users,cn=accounts,dc=rockylinux,dc=org"
name: "{{ item }}"
values: []
state: exact
server_uri: ldap://localhost/
bind_dn: "uid={{ ipa_admin }},cn=users,cn=accounts,dc=rockylinux,dc=org"
bind_pw: "{{ ipaadmin_password }}"
with_items:
- fasGPGKeyId
- fasGitHubUsername
- fasGitLabUsername
- fasIRCNick
- fasRHBZEmail
- fasWebsiteURL
- fasgpgkeyid
- fasLocale
- fasTimezone
- homePhone
- homePostalAddress
- postalAddress
- postalCode
- postOfficeBox
- st
- street
- ipaSshPubKey
- telephoneNumber
- homePhone
- name: "Set FAS Status Note"
community.general.ldap_attr:
dn: "uid={{ ipa_name }},cn=users,cn=accounts,dc=rockylinux,dc=org"
name: "fasStatusNote"
values: "Account Disabled: {{ ticket_id }}"
state: exact
server_uri: ldap://localhost/
bind_dn: "uid={{ ipa_admin }},cn=users,cn=accounts,dc=rockylinux,dc=org"
bind_pw: "{{ ipaadmin_password }}"
- name: "Set FAS Account Information to Private"
community.general.ldap_attr:
dn: "uid={{ ipa_name }},cn=users,cn=accounts,dc=rockylinux,dc=org"
name: "fasisprivate"
values: "TRUE"
state: exact
server_uri: ldap://localhost/
bind_dn: "uid={{ ipa_admin }},cn=users,cn=accounts,dc=rockylinux,dc=org"
bind_pw: "{{ ipaadmin_password }}"

View File

@ -1,13 +1,13 @@
---
# Installs the mantis bug tracker
- name: Configure MantisBT
# Installs Bugzilla
- name: Configure Bugzilla
hosts: "bugtracker"
become: true
vars_files:
- vars/common.yml
- vars/vaults/encpass.yml
- vars/vaults/mantis.yml
- vars/mantis.yml
- vars/bugzilla.yml
handlers:
- import_tasks: handlers/main.yml
@ -31,7 +31,7 @@
tasks:
- name: Deploy Mantis
import_tasks: tasks/mantis.yml
import_tasks: tasks/bugzilla.yml
post_tasks:
- name: Open firewalld ports

View File

@ -0,0 +1,59 @@
---
# Installs the mantis bug tracker
- name: Configure MantisBT
hosts: "bugtracker"
become: true
vars_files:
- vars/common.yml
- vars/vaults/encpass.yml
- vars/vaults/mantis.yml
- vars/mantis.yml
handlers:
- import_tasks: handlers/main.yml
pre_tasks:
- name: Check if ansible cannot be run here
stat:
path: /etc/no-ansible
register: no_ansible
- name: Verify if we can run ansible
assert:
that:
- "not no_ansible.stat.exists"
success_msg: "We are not able to run on this node"
fail_msg: "/etc/no-ansible exists - skipping run on this node"
roles:
- role: rockylinux.ipagetcert
state: present
tasks:
- name: Deploy Mantis
import_tasks: tasks/mantis.yml
post_tasks:
- name: Open firewalld ports
ansible.posix.firewalld:
service: "{{ item }}"
permanent: true
immediate: true
state: enabled
with_items:
- http
- https
- name: Ensure httpd is enabled and running
service:
name: httpd
enabled: true
state: started
- name: Touching run file that ansible has ran here
file:
path: /var/log/ansible.run
state: touch
mode: '0644'
owner: root
group: root

View File

@ -0,0 +1,48 @@
---
# Creates a Gitlab runner and registers it w/ tags
- name: Install and Provision Gitlab Runner
hosts: gitlab_runners
become: true
vars_files:
- vars/common.yml
- vars/gitlab_runner.yml
- vars/vaults/encpass.yml
# This is to try to avoid the handler issue in pre/post tasks
handlers:
- import_tasks: handlers/main.yml
pre_tasks:
- name: Check if ansible cannot be run here
stat:
path: /etc/no-ansible
register: no_ansible
- name: Verify if we can run ansible
assert:
that:
- "not no_ansible.stat.exists"
success_msg: "We are able to run on this node"
fail_msg: "/etc/no-ansible exists - skipping un on this node"
- name: Install SELinux packages
package:
name: python3-policycoreutils.noarch
state: present
tasks:
- name: Install and configure runner
import_tasks: tasks/gitlab-runner.yml
roles:
- role: riemers.gitlab-runner
state: present
post_tasks:
- name: Touching run file that ansible has ran here
file:
path: /var/log/ansible.run
state: touch
mode: '0644'
owner: root
group: root

View File

@ -0,0 +1,54 @@
---
# Configure Bugzilla
- name: Configure SELinux booleans
ansible.posix.seboolean:
name: "{{ item }}"
persistent: true
state: true
with_items:
- httpd_can_network_connect_db
- httpd_can_network_connect
- httpd_can_sendmail
- name: Install necessary packages
yum:
name: "{{ bugzilla_pkg }}"
state: present
tags:
- packages
- name: Download the bugtracker
get_url:
url: "https://ftp.mozilla.org/pub/mozilla.org/webtools/bugzilla-{{ bugzilla_version }}.tar.gz"
dest: "/tmp/bugzilla-{{ bugzilla_version }}.tar.gz"
checksum: "{{ bugzilla_checksum }}"
- name: Create initial directory
file:
path: "{{ bugzilla_dir }}"
state: directory
mode: '0750'
owner: root
group: apache
- name: Extract bugzilla
unarchive:
src: "/tmp/bugzilla-{{ bugzilla_version }}.tar.gz"
dest: "{{ bugzilla_dir }}"
owner: root
group: apache
mode: '0640'
remote_src: true
extra_opts:
- '--strip-components=1'
- name: Configure httpd
template:
src: "etc/httpd/conf.d/bugzilla.conf.j2"
dest: "/etc/httpd/conf.d/bugzilla.conf"
owner: root
group: root
mode: '0644'
- name: Install necessary pieces
import_tasks: bugzilla_install.yml

View File

@ -0,0 +1,54 @@
---
# Install bugzilla properly, including modules and stuff
- name: Check for a localconfig file
stat:
path: "{{ bugzilla_dir }}/localconfig"
register: conf_result
- name: Deploy answer file
template:
src: "var/www/bugzilla/answer"
dest: "{{ bugzilla_dir }}/answer"
owner: root
group: apache
mode: "0640"
when: not conf_result.stat.exists
- name: Run checksetup.pl
shell: "set -o pipefail && /usr/bin/perl checksetup.pl /var/www/bugzilla/answer"
chdir: "{{ bugzilla_dir }}"
changed_when: "1 != 1"
when: not conf_result.stat.exists
- name: Deploy proper configuration
template:
src: "var/www/bugzilla/localconfig.j2"
dest: "{{ bugzilla_dir }}/localconfig"
owner: root
group: apache
mode: '0640'
- name: Install the proper modules
shell: "set -o pipefail && /usr/bin/perl install-module.pl {{ item }}"
chdir: "{{ bugzilla_dir }}"
changed_when: "1 != 1"
with_items:
- 'Net::SAML2'
- 'HTML::FormatText::WithLinks'
- 'PatchReader'
- 'Crypt::OpenSSL::Verify'
- 'Crypt::OpenSSL::RSA'
- 'JSON::RPC'
- 'XML::Twig'
- 'Template::Plugin::GD::Image'
- name: Re-run checksetup.pl
shell: "set -o pipefail && /usr/bin/perl checksetup.pl"
chdir: "{{ bugzilla_dir }}"
changed_when: "1 != 1"
- name: Remove answer file
file:
path: "{{ bugzilla_dir }}/answer"
state: absent

View File

@ -0,0 +1,30 @@
# included tasks from role-rocky-gitlab-runner
---
- name: Download and install gitlab runner rpm
block:
- name: Install gitlab gpg key
ansible.builtin.rpm_key:
state: present
key: https://packages.gitlab.com/runner/gitlab-runner/gpgkey/runner-gitlab-runner-366915F31B487241.pub.gpg
fingerprint: "3018 3AC2 C4E2 3A40 9EFB E705 9CE4 5ABC 8807 21D4"
- name: Download gitlab runner RPM
get_url:
url: "https://packages.gitlab.com/runner/gitlab-runner/packages/el/8/gitlab-runner-13.10.0-1.x86_64.rpm/download.rpm"
checksum: "sha256:3baa809dced03e9fbec615b378c85d0224306ca270ef5cb9ed64de982857ea5d"
dest: /tmp/gitlab-runner.rpm
register: download_rpm
- name: Install downloaded RPM
dnf:
name: /tmp/gitlab-runner.rpm
when: download_rpm.changed != 0
when: do_install == 'true'
become: true
- name: Create gitlab-runner user
become: yes
user:
name: gitlab-runner
shell: /bin/bash
system: yes

View File

@ -0,0 +1,37 @@
<VirtualHost *:80>
ServerAdmin infrastructure@rockylinux.org
DocumentRoot "{{ bugzilla_dir }}"
ServerName bugs.rockylinux.org
TransferLog /var/log/httpd/bugzilla_access.log
ErrorLog /var/log/httpd/bugzilla_error.log
<Directory "{{ bugzilla_dir }}/">
AddHandler cgi-script .cgi
DirectoryIndex index.cgi
Options MultiViews FollowSymlinks ExecCGI FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLHonorCipherOrder on
SSLCipherSuite PROFILE=SYSTEM
SSLProxyCipherSuite PROFILE=SYSTEM
SSLCertificateFile /etc/pki/tls/certs/bugs.rockylinux.org.crt
SSLCertificateKeyFile /etc/pki/tls/private/bugs.rockylinux.org.key
ServerAdmin infrastructure@rockylinux.org
DocumentRoot "{{ bugzilla_dir }}"
ServerName bugs.rockylinux.org
TransferLog /var/log/httpd/bugzilla_access.log
ErrorLog /var/log/httpd/bugzilla_error.log
<Directory "{{ bugzilla_dir }}/">
AddHandler cgi-script .cgi
DirectoryIndex index.cgi
Options MultiViews FollowSymlinks ExecCGI FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>

View File

@ -0,0 +1,11 @@
$answer{'db_host'} = '{{ bugzilla_db_host }}';
$answer{'db_driver'} = 'pg';
$answer{'db_port'} = 0;
$answer{'db_name'} = '{{ bugzilla_db_name }}';
$answer{'db_user'} = '{{ bugzilla_db_user }}';
$answer{'db_pass'} = '{{ bugzilla_db_pass }}';
$answer{'urlbase'} = 'https://bugs.rockylinux.org/';
$answer{'ADMIN_EMAIL'} = 'infrastructure@rockylinux.org';
$answer{'ADMIN_PASSWORD'} = '{{ bugzilla_admin_password }}';
$answer{'ADMIN_REALNAME'} = 'Infrastructure';
$answer{'NO_PAUSE'} = 1

View File

@ -0,0 +1,19 @@
$create_htaccess = 1;
$webservergroup = 'apache';
$use_suexec = 0;
$db_driver = 'pg';
$db_host = '{{ bugzilla_db_host }}';
$db_name = '{{ bugzilla_db_name }}';
$db_user = '{{ bugzilla_db_user }}';
$db_pass = '{{ bugzilla_db_pass }}';
$db_port = 0;
$db_sock = '';
$db_check = 1;
$db_mysql_ssl_ca_file = '';
$db_mysql_ssl_ca_path = '';
$db_mysql_ssl_client_cert = '';
$db_mysql_ssl_client_key = '';
$index_html = 0;
$interdiffbin = '/usr/bin/interdiff';
$diffpath = '/usr/bin';
$site_wide_secret = '{{ lookup('password', '/dev/null length=54 chars=ascii_letters') }}';

View File

@ -0,0 +1,52 @@
---
# bugzilla vars
bugzilla_version: 5.0.6
bugzilla_checksum: "sha256:dd41a4b0a3a1df0d193bc056f2e3711d7b5605718a00bf6e5d4177bf1be86f77"
bugzilla_dir: "/var/www/bugzilla"
bugzilla_pkg:
- perl
- perl-CPAN
- perl-DBD-Pg
- perl-LDAP
- perl-JSON-RPC-CGI
- perl-JSON-RPC-Daemon
- perl-JSON-RPC-Apache2
- perl-JSON-XS
- perl-XMLRPC-Lite
- perl-CGI
- perl-DateTime
- perl-DateTime-TimeZone
- perl-Template-Toolkit
- perl-Email-Sender
- perl-Email-MIME
- perl-List-MoreUtils
- perl-Math-Random-ISAAC
- perl-GD
- patchutils
- httpd
- mod_ssl
- mod_perl
- mod_perl-devel
- httpd-devel
- gd-devel
- graphviz
- patchutils
- gcc
- openssl-devel
- wget
- curl
bugzilla_db_host: db.rockylinux.org
bugzilla_db_name: bugzilla_db
bugzilla_db_user: bugzilla
# Vault
# bugzilla_db_pass: ThisIsNotThePassword!
ipa_getcert_requested_hostnames:
- name: "{{ ansible_fqdn }}"
owner: apache
key_location: "/etc/pki/tls/private/bugs.rockylinux.org.key"
cert_location: "/etc/pki/tls/certs/bugs.rockylinux.org.crt"
postcmd: "/bin/systemctl reload httpd"
cnames:
- "bugs.rockylinux.org"

View File

@ -0,0 +1,9 @@
---
gitlab_runner_coordinator_url: https://git.rockylinux.org
gitlab_runner_registration_token: "{{ _reg_token }}"
gitlab_runner_runners:
- name: "{{ ansible_fqdn }}"
executor: shell
tags: []
gitlab_runner_timeout_stop_seconds: 60