mirror of
https://github.com/rocky-linux/infrastructure
synced 2024-11-22 13:11:29 +00:00
commit
ff9d39342a
40
ansible/playbooks/adhoc-gitlab-creategroup.yml
Normal file
40
ansible/playbooks/adhoc-gitlab-creategroup.yml
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
---
|
||||||
|
# This playbook is meant to be used with callable variables, like adhoc or AWX.
|
||||||
|
# What: Creates a group in gitlab. Use this to create a group that may not
|
||||||
|
# exist and wish to have projects in.
|
||||||
|
# What is expected:
|
||||||
|
# -> gitlab_api_token: You must provide an API token to perform this.
|
||||||
|
# -> gitlab_group_name: Name of the group you wish to create.
|
||||||
|
# -> gitlab_parent_group: Id or full path of parent group if required.
|
||||||
|
# For example: "infrastructure/Public"
|
||||||
|
# -> gitlab_description: Description of your group
|
||||||
|
# -> gitlab_visibility: public, internal, private. Default is private.
|
||||||
|
|
||||||
|
- name: Create a gitlab group
|
||||||
|
hosts: localhost
|
||||||
|
become: false
|
||||||
|
gather_facts: false
|
||||||
|
vars:
|
||||||
|
gitlab_endpoint: "https://git.rockylinux.org/"
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: "Checking for user variables"
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- gitlab_api_token | mandatory
|
||||||
|
- gitlab_group_name | mandatory
|
||||||
|
success_msg: "Required variables provided"
|
||||||
|
fail_msg: "We are missing our required variables"
|
||||||
|
|
||||||
|
- name: "Creating GitLab Group"
|
||||||
|
community.general.gitlab_group:
|
||||||
|
api_token: "{{ gitlab_api_token }}"
|
||||||
|
api_url: "{{ gitlab_endpoint }}"
|
||||||
|
name: "{{ gitlab_group_name }}"
|
||||||
|
description: "{{ gitlab_description|default(omit) }}"
|
||||||
|
parent: "{{ gitlab_parent_group|default(omit) }}"
|
||||||
|
state: present
|
||||||
|
validate_certs: true
|
||||||
|
visibility: "{{ gitlab_visibility|default('private') }}"
|
||||||
|
delegate_to: localhost
|
||||||
|
register: gitlab_group_return
|
43
ansible/playbooks/adhoc-gitlab-createproject.yml
Normal file
43
ansible/playbooks/adhoc-gitlab-createproject.yml
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
---
|
||||||
|
# This playbook is meant to be used with callable variables, like adhoc or AWX.
|
||||||
|
# What: Creates a project in gitlab. Use this to create a project that may not
|
||||||
|
# exist. YOU MUST HAVE A GROUP THAT IT CAN BE PLACED IN.
|
||||||
|
# What is expected:
|
||||||
|
# -> gitlab_api_token: You must provide an API token to perform this.
|
||||||
|
# -> gitlab_project_name: Name of the project
|
||||||
|
# -> gitlab_group_name: Id or Path to the group in which the project is
|
||||||
|
# is placed. This is not optional.
|
||||||
|
# -> gitlab_description: Description of your project
|
||||||
|
# -> gitlab_import_url: If you are importing from github or another git repo,
|
||||||
|
# put the URL here.
|
||||||
|
# -> gitlab_visibility: public, internal, private. Default is private.
|
||||||
|
|
||||||
|
- name: Create a gitlab project
|
||||||
|
hosts: localhost
|
||||||
|
become: false
|
||||||
|
gather_facts: false
|
||||||
|
vars:
|
||||||
|
gitlab_endpoint: "https://git.rockylinux.org/"
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: "Checking for user variables"
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- gitlab_api_token | mandatory
|
||||||
|
- gitlab_project_name | mandatory
|
||||||
|
- gitlab_group_name | mandatory
|
||||||
|
success_msg: "Required variables provided"
|
||||||
|
fail_msg: "We are missing our required variables"
|
||||||
|
|
||||||
|
- name: "Creating GitLab Project"
|
||||||
|
community.general.gitlab_project:
|
||||||
|
api_url: "{{ gitlab_endpoint }}"
|
||||||
|
api_token: "{{ gitlab_api_token }}"
|
||||||
|
name: "{{ gitlab_project_name }}"
|
||||||
|
description: "{{ gitlab_description|default(omit) }}"
|
||||||
|
group: "{{ gitlab_group_name }}"
|
||||||
|
import_url: "{{ gitlab_import_url|default(omit) }}"
|
||||||
|
state: present
|
||||||
|
validate_certs: true
|
||||||
|
visibility: "{{ gitlab_visibility|default('private') }}"
|
||||||
|
delegate_to: localhost
|
37
ansible/playbooks/adhoc-gitlab-deletegroup.yml
Normal file
37
ansible/playbooks/adhoc-gitlab-deletegroup.yml
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
---
|
||||||
|
# This playbook is meant to be used with callable variables, like adhoc or AWX.
|
||||||
|
# What: Deletes a group in gitlab. THERE MUST BE A REASON FOR YOU TO PERFORM
|
||||||
|
# THIS OPERATION.
|
||||||
|
# What is expected:
|
||||||
|
# -> gitlab_api_token: You must provide an API token to perform this.
|
||||||
|
# -> gitlab_group_name: Name of the group you wish to create.
|
||||||
|
# -> gitlab_parent_group: Id or full path of parent group if required.
|
||||||
|
# For example: "infrastructure/Public"
|
||||||
|
# -> gitlab_description: Description of your group
|
||||||
|
# -> gitlab_visibility: public, internal, private. Default is private.
|
||||||
|
|
||||||
|
- name: Delete a gitlab group
|
||||||
|
hosts: localhost
|
||||||
|
become: false
|
||||||
|
gather_facts: false
|
||||||
|
vars:
|
||||||
|
gitlab_endpoint: "https://git.rockylinux.org/"
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: "Checking for user variables"
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- gitlab_api_token | mandatory
|
||||||
|
- gitlab_group_name | mandatory
|
||||||
|
success_msg: "Required variables provided"
|
||||||
|
fail_msg: "We are missing our required variables"
|
||||||
|
|
||||||
|
- name: "Deleting GitLab Group"
|
||||||
|
community.general.gitlab_group:
|
||||||
|
api_token: "{{ gitlab_api_token }}"
|
||||||
|
api_url: "{{ gitlab_endpoint }}"
|
||||||
|
name: "{{ gitlab_group_name }}"
|
||||||
|
parent: "{{ gitlab_parent_group|default(omit) }}"
|
||||||
|
state: absent
|
||||||
|
validate_certs: true
|
||||||
|
delegate_to: localhost
|
37
ansible/playbooks/adhoc-gitlab-deleteproject.yml
Normal file
37
ansible/playbooks/adhoc-gitlab-deleteproject.yml
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
---
|
||||||
|
# This playbook is meant to be used with callable variables, like adhoc or AWX.
|
||||||
|
# What: Deletes a project in gitlab. THERE MUST BE A GOOD REASON FOR YOU TO
|
||||||
|
# RUN THIS. THIS IS NOT REVERSIBLE.
|
||||||
|
# What is expected:
|
||||||
|
# -> gitlab_api_token: You must provide an API token to perform this.
|
||||||
|
# -> gitlab_project_name: Name of the project
|
||||||
|
# -> gitlab_group_name: Id or Path to the group in which the project is
|
||||||
|
# is placed. This is not optional.
|
||||||
|
# -> gitlab_description: Description of your project
|
||||||
|
# -> gitlab_visibility: public, internal, private. Default is private.
|
||||||
|
|
||||||
|
- name: Delete a gitlab project
|
||||||
|
hosts: localhost
|
||||||
|
become: false
|
||||||
|
gather_facts: false
|
||||||
|
vars:
|
||||||
|
gitlab_endpoint: "https://git.rockylinux.org/"
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: "Checking for user variables"
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- gitlab_api_token | mandatory
|
||||||
|
- gitlab_project_name | mandatory
|
||||||
|
- gitlab_group_name | mandatory
|
||||||
|
success_msg: "Required variables provided"
|
||||||
|
fail_msg: "We are missing our required variables"
|
||||||
|
|
||||||
|
- name: "Deleting GitLab Project"
|
||||||
|
community.general.gitlab_project:
|
||||||
|
api_url: "{{ gitlab_endpoint }}"
|
||||||
|
api_token: "{{ gitlab_api_token }}"
|
||||||
|
name: "{{ gitlab_project_name }}"
|
||||||
|
state: absent
|
||||||
|
validate_certs: true
|
||||||
|
delegate_to: localhost
|
84
ansible/playbooks/adhoc-ipauser-disable-pdr.yml
Normal file
84
ansible/playbooks/adhoc-ipauser-disable-pdr.yml
Normal file
@ -0,0 +1,84 @@
|
|||||||
|
---
|
||||||
|
# This playbook is meant to be used with callable variables, like adhoc or AWX.
|
||||||
|
# What: Disables users in the idm infrastructure based on the variables provided.
|
||||||
|
# This is primarily used in the event a user wishes to have their personal
|
||||||
|
# information removed from the project. However, signing of the agreements
|
||||||
|
# in Account Services cannot be removed and should still be available
|
||||||
|
# for the RESF to query.
|
||||||
|
|
||||||
|
- name: Disable a User - PDR
|
||||||
|
hosts: ipaserver
|
||||||
|
become: false
|
||||||
|
gather_facts: false
|
||||||
|
vars_files:
|
||||||
|
- vars/vaults/userman.yml
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: "Checking for user variables"
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- ipa_admin | mandatory
|
||||||
|
- ipaadmin_password | mandatory
|
||||||
|
- ipa_name | mandatory
|
||||||
|
- ticket_id | mandatory
|
||||||
|
success_msg: "Required variables provided"
|
||||||
|
fail_msg: "We are missing user information or ipa admin password"
|
||||||
|
|
||||||
|
- name: "Disabling User Account"
|
||||||
|
freeipa.ansible_freeipa.ipauser:
|
||||||
|
ipaadmin_principal: "{{ ipa_admin }}"
|
||||||
|
ipaadmin_password: "{{ ipaadmin_password }}"
|
||||||
|
name: "{{ ipa_name }}"
|
||||||
|
state: disabled
|
||||||
|
tags:
|
||||||
|
- users
|
||||||
|
|
||||||
|
- name: "Remove personal information attributes"
|
||||||
|
community.general.ldap_attr:
|
||||||
|
dn: "uid={{ ipa_name }},cn=users,cn=accounts,dc=rockylinux,dc=org"
|
||||||
|
name: "{{ item }}"
|
||||||
|
values: []
|
||||||
|
state: exact
|
||||||
|
server_uri: ldap://localhost/
|
||||||
|
bind_dn: "uid={{ ipa_admin }},cn=users,cn=accounts,dc=rockylinux,dc=org"
|
||||||
|
bind_pw: "{{ ipaadmin_password }}"
|
||||||
|
with_items:
|
||||||
|
- fasGPGKeyId
|
||||||
|
- fasGitHubUsername
|
||||||
|
- fasGitLabUsername
|
||||||
|
- fasIRCNick
|
||||||
|
- fasRHBZEmail
|
||||||
|
- fasWebsiteURL
|
||||||
|
- fasgpgkeyid
|
||||||
|
- fasLocale
|
||||||
|
- fasTimezone
|
||||||
|
- homePhone
|
||||||
|
- homePostalAddress
|
||||||
|
- postalAddress
|
||||||
|
- postalCode
|
||||||
|
- postOfficeBox
|
||||||
|
- st
|
||||||
|
- street
|
||||||
|
- ipaSshPubKey
|
||||||
|
- telephoneNumber
|
||||||
|
- homePhone
|
||||||
|
|
||||||
|
- name: "Set FAS Status Note"
|
||||||
|
community.general.ldap_attr:
|
||||||
|
dn: "uid={{ ipa_name }},cn=users,cn=accounts,dc=rockylinux,dc=org"
|
||||||
|
name: "fasStatusNote"
|
||||||
|
values: "Account Disabled: {{ ticket_id }}"
|
||||||
|
state: exact
|
||||||
|
server_uri: ldap://localhost/
|
||||||
|
bind_dn: "uid={{ ipa_admin }},cn=users,cn=accounts,dc=rockylinux,dc=org"
|
||||||
|
bind_pw: "{{ ipaadmin_password }}"
|
||||||
|
|
||||||
|
- name: "Set FAS Account Information to Private"
|
||||||
|
community.general.ldap_attr:
|
||||||
|
dn: "uid={{ ipa_name }},cn=users,cn=accounts,dc=rockylinux,dc=org"
|
||||||
|
name: "fasisprivate"
|
||||||
|
values: "TRUE"
|
||||||
|
state: exact
|
||||||
|
server_uri: ldap://localhost/
|
||||||
|
bind_dn: "uid={{ ipa_admin }},cn=users,cn=accounts,dc=rockylinux,dc=org"
|
||||||
|
bind_pw: "{{ ipaadmin_password }}"
|
@ -1,13 +1,13 @@
|
|||||||
---
|
---
|
||||||
# Installs the mantis bug tracker
|
# Installs Bugzilla
|
||||||
- name: Configure MantisBT
|
- name: Configure Bugzilla
|
||||||
hosts: "bugtracker"
|
hosts: "bugtracker"
|
||||||
become: true
|
become: true
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/common.yml
|
- vars/common.yml
|
||||||
- vars/vaults/encpass.yml
|
- vars/vaults/encpass.yml
|
||||||
- vars/vaults/mantis.yml
|
- vars/vaults/mantis.yml
|
||||||
- vars/mantis.yml
|
- vars/bugzilla.yml
|
||||||
|
|
||||||
handlers:
|
handlers:
|
||||||
- import_tasks: handlers/main.yml
|
- import_tasks: handlers/main.yml
|
||||||
@ -31,7 +31,7 @@
|
|||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: Deploy Mantis
|
- name: Deploy Mantis
|
||||||
import_tasks: tasks/mantis.yml
|
import_tasks: tasks/bugzilla.yml
|
||||||
|
|
||||||
post_tasks:
|
post_tasks:
|
||||||
- name: Open firewalld ports
|
- name: Open firewalld ports
|
||||||
|
59
ansible/playbooks/init-rocky-mantisbt.yml
Normal file
59
ansible/playbooks/init-rocky-mantisbt.yml
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
---
|
||||||
|
# Installs the mantis bug tracker
|
||||||
|
- name: Configure MantisBT
|
||||||
|
hosts: "bugtracker"
|
||||||
|
become: true
|
||||||
|
vars_files:
|
||||||
|
- vars/common.yml
|
||||||
|
- vars/vaults/encpass.yml
|
||||||
|
- vars/vaults/mantis.yml
|
||||||
|
- vars/mantis.yml
|
||||||
|
|
||||||
|
handlers:
|
||||||
|
- import_tasks: handlers/main.yml
|
||||||
|
|
||||||
|
pre_tasks:
|
||||||
|
- name: Check if ansible cannot be run here
|
||||||
|
stat:
|
||||||
|
path: /etc/no-ansible
|
||||||
|
register: no_ansible
|
||||||
|
|
||||||
|
- name: Verify if we can run ansible
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- "not no_ansible.stat.exists"
|
||||||
|
success_msg: "We are not able to run on this node"
|
||||||
|
fail_msg: "/etc/no-ansible exists - skipping run on this node"
|
||||||
|
|
||||||
|
roles:
|
||||||
|
- role: rockylinux.ipagetcert
|
||||||
|
state: present
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: Deploy Mantis
|
||||||
|
import_tasks: tasks/mantis.yml
|
||||||
|
|
||||||
|
post_tasks:
|
||||||
|
- name: Open firewalld ports
|
||||||
|
ansible.posix.firewalld:
|
||||||
|
service: "{{ item }}"
|
||||||
|
permanent: true
|
||||||
|
immediate: true
|
||||||
|
state: enabled
|
||||||
|
with_items:
|
||||||
|
- http
|
||||||
|
- https
|
||||||
|
|
||||||
|
- name: Ensure httpd is enabled and running
|
||||||
|
service:
|
||||||
|
name: httpd
|
||||||
|
enabled: true
|
||||||
|
state: started
|
||||||
|
|
||||||
|
- name: Touching run file that ansible has ran here
|
||||||
|
file:
|
||||||
|
path: /var/log/ansible.run
|
||||||
|
state: touch
|
||||||
|
mode: '0644'
|
||||||
|
owner: root
|
||||||
|
group: root
|
48
ansible/playbooks/role-rocky-gitlab-runner.yml
Normal file
48
ansible/playbooks/role-rocky-gitlab-runner.yml
Normal file
@ -0,0 +1,48 @@
|
|||||||
|
---
|
||||||
|
# Creates a Gitlab runner and registers it w/ tags
|
||||||
|
- name: Install and Provision Gitlab Runner
|
||||||
|
hosts: gitlab_runners
|
||||||
|
become: true
|
||||||
|
vars_files:
|
||||||
|
- vars/common.yml
|
||||||
|
- vars/gitlab_runner.yml
|
||||||
|
- vars/vaults/encpass.yml
|
||||||
|
|
||||||
|
# This is to try to avoid the handler issue in pre/post tasks
|
||||||
|
handlers:
|
||||||
|
- import_tasks: handlers/main.yml
|
||||||
|
|
||||||
|
pre_tasks:
|
||||||
|
- name: Check if ansible cannot be run here
|
||||||
|
stat:
|
||||||
|
path: /etc/no-ansible
|
||||||
|
register: no_ansible
|
||||||
|
|
||||||
|
- name: Verify if we can run ansible
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- "not no_ansible.stat.exists"
|
||||||
|
success_msg: "We are able to run on this node"
|
||||||
|
fail_msg: "/etc/no-ansible exists - skipping un on this node"
|
||||||
|
|
||||||
|
- name: Install SELinux packages
|
||||||
|
package:
|
||||||
|
name: python3-policycoreutils.noarch
|
||||||
|
state: present
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: Install and configure runner
|
||||||
|
import_tasks: tasks/gitlab-runner.yml
|
||||||
|
|
||||||
|
roles:
|
||||||
|
- role: riemers.gitlab-runner
|
||||||
|
state: present
|
||||||
|
|
||||||
|
post_tasks:
|
||||||
|
- name: Touching run file that ansible has ran here
|
||||||
|
file:
|
||||||
|
path: /var/log/ansible.run
|
||||||
|
state: touch
|
||||||
|
mode: '0644'
|
||||||
|
owner: root
|
||||||
|
group: root
|
54
ansible/playbooks/tasks/bugzilla.yml
Normal file
54
ansible/playbooks/tasks/bugzilla.yml
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
---
|
||||||
|
# Configure Bugzilla
|
||||||
|
- name: Configure SELinux booleans
|
||||||
|
ansible.posix.seboolean:
|
||||||
|
name: "{{ item }}"
|
||||||
|
persistent: true
|
||||||
|
state: true
|
||||||
|
with_items:
|
||||||
|
- httpd_can_network_connect_db
|
||||||
|
- httpd_can_network_connect
|
||||||
|
- httpd_can_sendmail
|
||||||
|
|
||||||
|
- name: Install necessary packages
|
||||||
|
yum:
|
||||||
|
name: "{{ bugzilla_pkg }}"
|
||||||
|
state: present
|
||||||
|
tags:
|
||||||
|
- packages
|
||||||
|
|
||||||
|
- name: Download the bugtracker
|
||||||
|
get_url:
|
||||||
|
url: "https://ftp.mozilla.org/pub/mozilla.org/webtools/bugzilla-{{ bugzilla_version }}.tar.gz"
|
||||||
|
dest: "/tmp/bugzilla-{{ bugzilla_version }}.tar.gz"
|
||||||
|
checksum: "{{ bugzilla_checksum }}"
|
||||||
|
|
||||||
|
- name: Create initial directory
|
||||||
|
file:
|
||||||
|
path: "{{ bugzilla_dir }}"
|
||||||
|
state: directory
|
||||||
|
mode: '0750'
|
||||||
|
owner: root
|
||||||
|
group: apache
|
||||||
|
|
||||||
|
- name: Extract bugzilla
|
||||||
|
unarchive:
|
||||||
|
src: "/tmp/bugzilla-{{ bugzilla_version }}.tar.gz"
|
||||||
|
dest: "{{ bugzilla_dir }}"
|
||||||
|
owner: root
|
||||||
|
group: apache
|
||||||
|
mode: '0640'
|
||||||
|
remote_src: true
|
||||||
|
extra_opts:
|
||||||
|
- '--strip-components=1'
|
||||||
|
|
||||||
|
- name: Configure httpd
|
||||||
|
template:
|
||||||
|
src: "etc/httpd/conf.d/bugzilla.conf.j2"
|
||||||
|
dest: "/etc/httpd/conf.d/bugzilla.conf"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0644'
|
||||||
|
|
||||||
|
- name: Install necessary pieces
|
||||||
|
import_tasks: bugzilla_install.yml
|
54
ansible/playbooks/tasks/bugzilla_install.yml
Normal file
54
ansible/playbooks/tasks/bugzilla_install.yml
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
---
|
||||||
|
# Install bugzilla properly, including modules and stuff
|
||||||
|
|
||||||
|
- name: Check for a localconfig file
|
||||||
|
stat:
|
||||||
|
path: "{{ bugzilla_dir }}/localconfig"
|
||||||
|
register: conf_result
|
||||||
|
|
||||||
|
- name: Deploy answer file
|
||||||
|
template:
|
||||||
|
src: "var/www/bugzilla/answer"
|
||||||
|
dest: "{{ bugzilla_dir }}/answer"
|
||||||
|
owner: root
|
||||||
|
group: apache
|
||||||
|
mode: "0640"
|
||||||
|
when: not conf_result.stat.exists
|
||||||
|
|
||||||
|
- name: Run checksetup.pl
|
||||||
|
shell: "set -o pipefail && /usr/bin/perl checksetup.pl /var/www/bugzilla/answer"
|
||||||
|
chdir: "{{ bugzilla_dir }}"
|
||||||
|
changed_when: "1 != 1"
|
||||||
|
when: not conf_result.stat.exists
|
||||||
|
|
||||||
|
- name: Deploy proper configuration
|
||||||
|
template:
|
||||||
|
src: "var/www/bugzilla/localconfig.j2"
|
||||||
|
dest: "{{ bugzilla_dir }}/localconfig"
|
||||||
|
owner: root
|
||||||
|
group: apache
|
||||||
|
mode: '0640'
|
||||||
|
|
||||||
|
- name: Install the proper modules
|
||||||
|
shell: "set -o pipefail && /usr/bin/perl install-module.pl {{ item }}"
|
||||||
|
chdir: "{{ bugzilla_dir }}"
|
||||||
|
changed_when: "1 != 1"
|
||||||
|
with_items:
|
||||||
|
- 'Net::SAML2'
|
||||||
|
- 'HTML::FormatText::WithLinks'
|
||||||
|
- 'PatchReader'
|
||||||
|
- 'Crypt::OpenSSL::Verify'
|
||||||
|
- 'Crypt::OpenSSL::RSA'
|
||||||
|
- 'JSON::RPC'
|
||||||
|
- 'XML::Twig'
|
||||||
|
- 'Template::Plugin::GD::Image'
|
||||||
|
|
||||||
|
- name: Re-run checksetup.pl
|
||||||
|
shell: "set -o pipefail && /usr/bin/perl checksetup.pl"
|
||||||
|
chdir: "{{ bugzilla_dir }}"
|
||||||
|
changed_when: "1 != 1"
|
||||||
|
|
||||||
|
- name: Remove answer file
|
||||||
|
file:
|
||||||
|
path: "{{ bugzilla_dir }}/answer"
|
||||||
|
state: absent
|
30
ansible/playbooks/tasks/gitlab-runner.yml
Normal file
30
ansible/playbooks/tasks/gitlab-runner.yml
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
# included tasks from role-rocky-gitlab-runner
|
||||||
|
---
|
||||||
|
- name: Download and install gitlab runner rpm
|
||||||
|
block:
|
||||||
|
- name: Install gitlab gpg key
|
||||||
|
ansible.builtin.rpm_key:
|
||||||
|
state: present
|
||||||
|
key: https://packages.gitlab.com/runner/gitlab-runner/gpgkey/runner-gitlab-runner-366915F31B487241.pub.gpg
|
||||||
|
fingerprint: "3018 3AC2 C4E2 3A40 9EFB E705 9CE4 5ABC 8807 21D4"
|
||||||
|
|
||||||
|
- name: Download gitlab runner RPM
|
||||||
|
get_url:
|
||||||
|
url: "https://packages.gitlab.com/runner/gitlab-runner/packages/el/8/gitlab-runner-13.10.0-1.x86_64.rpm/download.rpm"
|
||||||
|
checksum: "sha256:3baa809dced03e9fbec615b378c85d0224306ca270ef5cb9ed64de982857ea5d"
|
||||||
|
dest: /tmp/gitlab-runner.rpm
|
||||||
|
register: download_rpm
|
||||||
|
|
||||||
|
- name: Install downloaded RPM
|
||||||
|
dnf:
|
||||||
|
name: /tmp/gitlab-runner.rpm
|
||||||
|
when: download_rpm.changed != 0
|
||||||
|
when: do_install == 'true'
|
||||||
|
become: true
|
||||||
|
|
||||||
|
- name: Create gitlab-runner user
|
||||||
|
become: yes
|
||||||
|
user:
|
||||||
|
name: gitlab-runner
|
||||||
|
shell: /bin/bash
|
||||||
|
system: yes
|
@ -0,0 +1,37 @@
|
|||||||
|
<VirtualHost *:80>
|
||||||
|
ServerAdmin infrastructure@rockylinux.org
|
||||||
|
DocumentRoot "{{ bugzilla_dir }}"
|
||||||
|
ServerName bugs.rockylinux.org
|
||||||
|
TransferLog /var/log/httpd/bugzilla_access.log
|
||||||
|
ErrorLog /var/log/httpd/bugzilla_error.log
|
||||||
|
<Directory "{{ bugzilla_dir }}/">
|
||||||
|
AddHandler cgi-script .cgi
|
||||||
|
DirectoryIndex index.cgi
|
||||||
|
Options MultiViews FollowSymlinks ExecCGI FollowSymLinks
|
||||||
|
AllowOverride All
|
||||||
|
Order allow,deny
|
||||||
|
Allow from all
|
||||||
|
</Directory>
|
||||||
|
</VirtualHost>
|
||||||
|
|
||||||
|
<VirtualHost *:443>
|
||||||
|
SSLEngine on
|
||||||
|
SSLHonorCipherOrder on
|
||||||
|
SSLCipherSuite PROFILE=SYSTEM
|
||||||
|
SSLProxyCipherSuite PROFILE=SYSTEM
|
||||||
|
SSLCertificateFile /etc/pki/tls/certs/bugs.rockylinux.org.crt
|
||||||
|
SSLCertificateKeyFile /etc/pki/tls/private/bugs.rockylinux.org.key
|
||||||
|
ServerAdmin infrastructure@rockylinux.org
|
||||||
|
DocumentRoot "{{ bugzilla_dir }}"
|
||||||
|
ServerName bugs.rockylinux.org
|
||||||
|
TransferLog /var/log/httpd/bugzilla_access.log
|
||||||
|
ErrorLog /var/log/httpd/bugzilla_error.log
|
||||||
|
<Directory "{{ bugzilla_dir }}/">
|
||||||
|
AddHandler cgi-script .cgi
|
||||||
|
DirectoryIndex index.cgi
|
||||||
|
Options MultiViews FollowSymlinks ExecCGI FollowSymLinks
|
||||||
|
AllowOverride All
|
||||||
|
Order allow,deny
|
||||||
|
Allow from all
|
||||||
|
</Directory>
|
||||||
|
</VirtualHost>
|
11
ansible/playbooks/templates/var/www/bugzilla/answer
Normal file
11
ansible/playbooks/templates/var/www/bugzilla/answer
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
$answer{'db_host'} = '{{ bugzilla_db_host }}';
|
||||||
|
$answer{'db_driver'} = 'pg';
|
||||||
|
$answer{'db_port'} = 0;
|
||||||
|
$answer{'db_name'} = '{{ bugzilla_db_name }}';
|
||||||
|
$answer{'db_user'} = '{{ bugzilla_db_user }}';
|
||||||
|
$answer{'db_pass'} = '{{ bugzilla_db_pass }}';
|
||||||
|
$answer{'urlbase'} = 'https://bugs.rockylinux.org/';
|
||||||
|
$answer{'ADMIN_EMAIL'} = 'infrastructure@rockylinux.org';
|
||||||
|
$answer{'ADMIN_PASSWORD'} = '{{ bugzilla_admin_password }}';
|
||||||
|
$answer{'ADMIN_REALNAME'} = 'Infrastructure';
|
||||||
|
$answer{'NO_PAUSE'} = 1
|
19
ansible/playbooks/templates/var/www/bugzilla/localconfig.j2
Normal file
19
ansible/playbooks/templates/var/www/bugzilla/localconfig.j2
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
$create_htaccess = 1;
|
||||||
|
$webservergroup = 'apache';
|
||||||
|
$use_suexec = 0;
|
||||||
|
$db_driver = 'pg';
|
||||||
|
$db_host = '{{ bugzilla_db_host }}';
|
||||||
|
$db_name = '{{ bugzilla_db_name }}';
|
||||||
|
$db_user = '{{ bugzilla_db_user }}';
|
||||||
|
$db_pass = '{{ bugzilla_db_pass }}';
|
||||||
|
$db_port = 0;
|
||||||
|
$db_sock = '';
|
||||||
|
$db_check = 1;
|
||||||
|
$db_mysql_ssl_ca_file = '';
|
||||||
|
$db_mysql_ssl_ca_path = '';
|
||||||
|
$db_mysql_ssl_client_cert = '';
|
||||||
|
$db_mysql_ssl_client_key = '';
|
||||||
|
$index_html = 0;
|
||||||
|
$interdiffbin = '/usr/bin/interdiff';
|
||||||
|
$diffpath = '/usr/bin';
|
||||||
|
$site_wide_secret = '{{ lookup('password', '/dev/null length=54 chars=ascii_letters') }}';
|
52
ansible/playbooks/vars/bugzilla.yml
Normal file
52
ansible/playbooks/vars/bugzilla.yml
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
---
|
||||||
|
# bugzilla vars
|
||||||
|
bugzilla_version: 5.0.6
|
||||||
|
bugzilla_checksum: "sha256:dd41a4b0a3a1df0d193bc056f2e3711d7b5605718a00bf6e5d4177bf1be86f77"
|
||||||
|
bugzilla_dir: "/var/www/bugzilla"
|
||||||
|
bugzilla_pkg:
|
||||||
|
- perl
|
||||||
|
- perl-CPAN
|
||||||
|
- perl-DBD-Pg
|
||||||
|
- perl-LDAP
|
||||||
|
- perl-JSON-RPC-CGI
|
||||||
|
- perl-JSON-RPC-Daemon
|
||||||
|
- perl-JSON-RPC-Apache2
|
||||||
|
- perl-JSON-XS
|
||||||
|
- perl-XMLRPC-Lite
|
||||||
|
- perl-CGI
|
||||||
|
- perl-DateTime
|
||||||
|
- perl-DateTime-TimeZone
|
||||||
|
- perl-Template-Toolkit
|
||||||
|
- perl-Email-Sender
|
||||||
|
- perl-Email-MIME
|
||||||
|
- perl-List-MoreUtils
|
||||||
|
- perl-Math-Random-ISAAC
|
||||||
|
- perl-GD
|
||||||
|
- patchutils
|
||||||
|
- httpd
|
||||||
|
- mod_ssl
|
||||||
|
- mod_perl
|
||||||
|
- mod_perl-devel
|
||||||
|
- httpd-devel
|
||||||
|
- gd-devel
|
||||||
|
- graphviz
|
||||||
|
- patchutils
|
||||||
|
- gcc
|
||||||
|
- openssl-devel
|
||||||
|
- wget
|
||||||
|
- curl
|
||||||
|
bugzilla_db_host: db.rockylinux.org
|
||||||
|
bugzilla_db_name: bugzilla_db
|
||||||
|
bugzilla_db_user: bugzilla
|
||||||
|
|
||||||
|
# Vault
|
||||||
|
# bugzilla_db_pass: ThisIsNotThePassword!
|
||||||
|
|
||||||
|
ipa_getcert_requested_hostnames:
|
||||||
|
- name: "{{ ansible_fqdn }}"
|
||||||
|
owner: apache
|
||||||
|
key_location: "/etc/pki/tls/private/bugs.rockylinux.org.key"
|
||||||
|
cert_location: "/etc/pki/tls/certs/bugs.rockylinux.org.crt"
|
||||||
|
postcmd: "/bin/systemctl reload httpd"
|
||||||
|
cnames:
|
||||||
|
- "bugs.rockylinux.org"
|
9
ansible/playbooks/vars/gitlab_runner.yml
Normal file
9
ansible/playbooks/vars/gitlab_runner.yml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
---
|
||||||
|
gitlab_runner_coordinator_url: https://git.rockylinux.org
|
||||||
|
gitlab_runner_registration_token: "{{ _reg_token }}"
|
||||||
|
gitlab_runner_runners:
|
||||||
|
- name: "{{ ansible_fqdn }}"
|
||||||
|
executor: shell
|
||||||
|
tags: []
|
||||||
|
|
||||||
|
gitlab_runner_timeout_stop_seconds: 60
|
Loading…
Reference in New Issue
Block a user