forked from ansible/ansible
-
Notifications
You must be signed in to change notification settings - Fork 0
/
setup.yml
133 lines (118 loc) · 3.98 KB
/
setup.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
---
- name: clean out the checkout dir
file:
path: '{{ subversion_test_dir }}'
state: '{{ item }}'
loop:
- absent
- directory
- name: install SVN pre-reqs
package:
name: '{{ subversion_packages }}'
state: present
when: ansible_distribution != 'Alpine'
- name: install SVN pre-reqs - Alpine
command: 'apk add -U -u {{ subversion_packages|join(" ") }}'
when: ansible_distribution == 'Alpine'
- name: upgrade SVN pre-reqs
package:
name: '{{ upgrade_packages }}'
state: latest
when:
- upgrade_packages | default([])
- name: create SVN home folder
file:
path: '{{ subversion_server_dir }}'
state: directory
- name: setup selinux when enabled
include_tasks: setup_selinux.yml
when: ansible_selinux.status == "enabled"
- name: Generate CA and TLS certificates via trustme
vars:
venv_path: >-
{{ subversion_server_dir }}/.venv
venv_python: >-
{{ subversion_server_dir }}/.venv/bin/python
block:
- name: trustme -- provision a venv
command: >-
{{ ansible_python_interpreter }}
-{% if ansible_python.version.major != 2 %}I{% endif %}m
{% if ansible_python.version.major != 2 %}venv{%
else %}virtualenv{% endif %}
{{ venv_path }}
- name: trustme -- upgrade pip in venv | RHEL 7.9 & 8.8+py36
when: >- # these don't know how to notice `cryptography` wheels
ansible_distribution == 'RedHat'
and ansible_distribution_major_version | int < 9
pip:
name: pip
state: latest
virtualenv: >-
{{ venv_path }}
- name: trustme -- install tool
pip:
name: trustme
virtualenv: >-
{{ venv_path }}
- name: trustme -- generate CA and TLS certs
command:
argv:
- >-
{{ venv_python }}
- -{%- if ansible_python.version.major != 2 -%}I{%- endif -%}m
- trustme
- --dir={{ subversion_server_dir }}
- name: symlink trustme certificates into apache config dir - Red Hat
when: ansible_os_family in ['RedHat']
# when: ansible_distribution in ['Fedora', 'RedHat']
file:
src: /tmp/ansible-svn/server.{{ item.trustme_filetype }}
dest: /etc/pki/tls/{{ item.apache_target_path }}
state: link
force: yes # Othewise Apache on CentOS 7 uses its own fake certificate
loop:
- apache_target_path: certs/localhost.crt
trustme_filetype: pem
- apache_target_path: certs/server-chain.crt
trustme_filetype: pem
- apache_target_path: private/localhost.key
trustme_filetype: key
- name: template out configuration file
template:
src: subversion.conf.j2
dest: '{{ subversion_server_dir }}/subversion.conf'
- name: create a test repository
script: create_repo.sh {{ subversion_repo_name }}
args:
chdir: '{{ subversion_server_dir }}'
creates: '{{ subversion_server_dir }}/{{ subversion_repo_name }}'
- name: add test user to htpasswd for Subversion site
command: htpasswd -bc {{ subversion_server_dir + '/svn-auth-users' | quote }} {{ subversion_username | quote }} {{ subversion_password | quote }}
- name: apply ownership for all SVN directories
file:
path: '{{ subversion_server_dir }}'
owner: '{{ apache_user }}'
group: '{{ apache_group }}'
recurse: True
- name: start test Apache SVN site - non Red Hat
command: apachectl -k start -f {{ subversion_server_dir }}/subversion.conf
async: 3600 # We kill apache manually in the clean up phase
poll: 0
when: ansible_os_family not in ['RedHat']
# On Red Hat based OS', we can't use apachectl to start up own instance, just use the raw httpd
- name: start test Apache SVN site - Red Hat
command: httpd -k start -f {{ subversion_server_dir }}/subversion.conf
async: 3600 # We kill apache manually in the clean up phase
poll: 0
when: ansible_os_family in ['RedHat']
- lineinfile:
dest: >-
{{ ansible_env.HOME }}/.subversion/servers
regexp: >-
^#\s*ssl-authority-files\s*=\s*
line: >-
ssl-authority-files = {{ subversion_server_dir }}/client.pem
insertafter: >-
^\[global\]
state: present