Dustin C. Hatch
aed2776e27
The *kojira* role sets up the Koji repository agent to manage
repository metadata for build tags. It runs as a daemon, usually on the
same machine as the Koji hub. A client certificate is required for
authentication, and must be supplied by placing it in the
`certs/koji/{{ inventory_hostname }}` directory.
50 lines
1.1 KiB
YAML
50 lines
1.1 KiB
YAML
- name: ensure packages are installed
|
|
package:
|
|
name=koji-utils
|
|
state=present
|
|
tags:
|
|
- install
|
|
|
|
- name: ensure kojira certificate is installed
|
|
copy:
|
|
src={{ item }}
|
|
dest=/etc/kojira/kojira.pem
|
|
mode=0400
|
|
owner=root
|
|
group=root
|
|
with_fileglob:
|
|
- certs/koji/{{ inventory_hostname }}/kojira.pem
|
|
notify: restart kojira
|
|
- name: ensure kojira ca certificates are installed
|
|
copy:
|
|
src={{ item }}
|
|
dest=/etc/kojira/{{ item|basename }}
|
|
mode=0644
|
|
with_fileglob:
|
|
- certs/koji/{{ inventory_hostname }}/*.crt
|
|
- name: ensure koji hub server ca certificate is trusted
|
|
copy:
|
|
src={{ item }}
|
|
dest=/etc/pki/ca-trust/source/anchors/koji-hub.crt
|
|
mode=0644
|
|
with_fileglob:
|
|
- certs/koji/{{ inventory_hostname }}/serverca.crt
|
|
notify: update ca trust
|
|
- name: ensure kojira is configured
|
|
template:
|
|
src=kojira.conf.j2
|
|
dest=/etc/kojira/kojira.conf
|
|
notify: restart kojira
|
|
|
|
# TODO: It would be better if kojira did not run as root
|
|
|
|
- name: ensure kojira starts at boot
|
|
service:
|
|
name=kojira
|
|
enabled=yes
|
|
- meta: flush_handlers
|
|
- name: ensure kojira is running
|
|
service:
|
|
name=kojira
|
|
state=started
|