roles/koji-gc: Deploy the Koji garbage collector
The *koji-gc* role sets up the Koji garbage collector utility to run
periodically. It uses cron for scheduling. A client certificate is
required for authentication, and must be supplied by placing it in the
`certs/koji/{{ inventory_hostname }}` directory.
This commit is contained in:
47
roles/koji-gc/tasks/main.yml
Normal file
47
roles/koji-gc/tasks/main.yml
Normal file
@@ -0,0 +1,47 @@
|
||||
- name: ensure packages are installed
|
||||
package:
|
||||
name=koji-utils
|
||||
state=present
|
||||
tags:
|
||||
- install
|
||||
|
||||
- name: ensure koji-gc certificate is installed
|
||||
copy:
|
||||
src={{ item }}
|
||||
dest=/etc/koji-gc/koji-gc.pem
|
||||
mode=0400
|
||||
owner=root
|
||||
group=root
|
||||
with_fileglob:
|
||||
- certs/koji/{{ inventory_hostname }}/koji-gc.pem
|
||||
- name: ensure koji-gc ca certificates are installed
|
||||
copy:
|
||||
src={{ item }}
|
||||
dest=/etc/koji-gc/{{ item|basename }}
|
||||
mode=0644
|
||||
with_fileglob:
|
||||
- certs/koji/{{ inventory_hostname }}/*.crt
|
||||
- name: ensure koji hub server ca certificate is trusted
|
||||
copy:
|
||||
src={{ item }}
|
||||
dest=/etc/pki/ca-trust/source/anchors/koji-hub.crt
|
||||
mode=0644
|
||||
with_fileglob:
|
||||
- certs/koji/{{ inventory_hostname }}/serverca.crt
|
||||
notify: update ca trust
|
||||
- name: ensure koji-gc is configured
|
||||
template:
|
||||
src=koji-gc.conf.j2
|
||||
dest=/etc/koji-gc/koji-gc.conf
|
||||
mode=0644
|
||||
|
||||
- name: ensure koji-gc cron script is installed
|
||||
copy:
|
||||
src=koji-gc-cron.sh
|
||||
dest=/usr/local/libexec/koji-gc-cron
|
||||
mode=0755
|
||||
- name: ensure koji-gc is scheduled
|
||||
template:
|
||||
src=koji-gc.crond.j2
|
||||
dest=/etc/cron.d/koji-gc
|
||||
mode=0644
|
||||
Reference in New Issue
Block a user