opendev/system-config
Code Issues Proposed changes
92d2bb7f6b
system-config/playbooks/roles/refstack/tasks/main.yaml
Ian Wienand 88c984694e refstack: don't chown db directory 
See I8d8ce5c62c660875d5c6eed54c686996576ec9df; mariadb containers
chown this to their internal user, we don't want to reset it.

Change-Id: If33a26438c6aa63d0ef0e02bdad6a643070be922
2021-11-05 09:39:29 +11:00

156 lines
3.6 KiB
YAML
Raw Blame History

- name: Ensure docker-compose directory exists
file:
state: directory
path: /etc/refstack-docker
mode: 0700
- name: Write docker-compose file
template:
src: docker-compose.yaml.j2
dest: /etc/refstack-docker/docker-compose.yaml
mode: 0600
- name: Install apache2
apt:
name:
- apache2
- apache2-utils
state: present
- name: Apache modules
apache2_module:
state: present
name: "{{ item }}"
loop:
- rewrite
- proxy
- proxy_http
- ssl
- headers
- proxy_wstunnel
- name: Copy apache config
template:
src: refstack.vhost.j2
dest: /etc/apache2/sites-enabled/000-default.conf
owner: root
group: root
mode: 0644
notify: refstack Reload apache2
- name: Create refstack storage
file:
state: directory
path: /var/lib/refstack/
owner: root
group: root
mode: 0755
- name: Create refstack config storage area
file:
state: directory
path: /var/lib/refstack/etc
owner: root
group: root
mode: 0755
- name: Create refstack data storage area
file:
state: directory
path: /var/lib/refstack/data
owner: root
group: root
mode: 0755
- name: Create refstack www storage area
file:
state: directory
path: /var/lib/refstack/www
owner: root
group: root
mode: 0755
# NOTE(ianw) This deliberately does not set owner/group/mode, as the
# mariadb container chowns this directory to be owned by a
# container-internal user and drops root privileges. We don't want to
# reset this from outside the container.
- name: Create refstack db storage area
file:
state: directory
path: /var/lib/refstack/db
- name: Copy hound robots.txt
copy:
src: robots.txt
dest: /var/lib/refstack/www/robots.txt
- name: Write refstack.conf
template:
src: refstack.conf.j2
dest: /var/lib/refstack/etc/refstack.conf
- name: Write config.json
template:
src: config.json.j2
dest: /var/lib/refstack/etc/config.json
- name: Install distro packages
package:
name:
- docker-compose
state: present
- name: Run docker-compose pull
shell:
cmd: docker-compose pull
chdir: /etc/refstack-docker/
- name: Run docker-compose up
shell:
cmd: docker-compose up -d --timeout 60
chdir: /etc/refstack-docker/
- name: Run docker prune to cleanup unneeded images
shell:
cmd: docker image prune -f
- name: Create db backup dest
file:
state: directory
path: /var/backups/refstack-mariadb
mode: 0700
owner: root
group: root
- name: Set up cron job to backup the database
cron:
name: refstack-db-backup
state: present
user: root
job: >
/usr/bin/docker-compose -f /etc/refstack-docker/docker-compose.yaml exec -T mariadb
bash -c '/usr/bin/mysqldump --opt --databases refstack --single-transaction -uroot -p"$MYSQL_ROOT_PASSWORD"' |
gzip -9 > /var/backups/refstack-mariadb/refstack-mariadb.sql.gz
minute: "42"
hour: "4"
- name: Rotate db backups
include_role:
name: logrotate
vars:
logrotate_file_name: /var/backups/refstack-mariadb/refstack-mariadb.sql.gz
- name: Setup db backup streaming job
block:
- name: Create backup streaming config dir
file:
path: /etc/borg-streams
state: directory
- name: Create db streaming file
copy:
content: >-
/usr/local/bin/docker-compose -f /etc/refstack-docker/docker-compose.yaml exec -T mariadb
bash -c '/usr/bin/mysqldump --skip-extended-insert --databases refstack --single-transaction -uroot -p"$MYSQL_ROOT_PASSWORD"'
dest: /etc/borg-streams/mysql
View Git Blame Copy Permalink