From 19b3b935cd13404b58691a8419e20bc88c5ca6fe Mon Sep 17 00:00:00 2001 From: Patrick Toal Date: Tue, 10 Mar 2020 11:55:57 -0400 Subject: [PATCH] Gitea and rhv updates --- rhv_setup.yml | 27 ++++++++++++++------------- site.yml | 41 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+), 13 deletions(-) diff --git a/rhv_setup.yml b/rhv_setup.yml index 29e7ee5..41af3a5 100644 --- a/rhv_setup.yml +++ b/rhv_setup.yml @@ -12,6 +12,8 @@ root_certificate: https://letsencrypt.org/certs/trustid-x3-root.pem.txt domains: - rhv.mgmt.toal.ca + vars_files: + - /users/ptoal/.ansible/inventories/toallab/secrets.yml pre_tasks: - name: Ensure Let's Encrypt Account Exists @@ -20,21 +22,21 @@ acme_directory: "{{ acme_directory }}" terms_agreed: true allow_creation: true - contact: - - mailto:ptoal@takeflight.ca + contact: + - mailto:ptoal@takeflight.ca account_key_content: "{{ acme_key }}" acme_version: 2 roles: - acme-certificate - + - name: Install custom CA Certificate in RHV-M hosts: rhv.mgmt.toal.ca become: true - + tasks: - name: Certificate trust in store - copy: + copy: src: "{{ acme_rootchain_file }}" dest: /etc/pki/ca-trust/source/anchors/ register: rootchain_result @@ -44,9 +46,9 @@ command: /usr/bin/update-ca-trust when: rootchain_result.changed notify: restart httpd - + - name: CA Rootchain in Apache config - copy: + copy: src: "{{ acme_rootchain_file }}" dest: /etc/pki/ovirt-engine/apache-ca.pem backup: yes @@ -58,7 +60,7 @@ dest: /etc/pki/ovirt-engine/keys/apache.key.nopass backup: yes notify: restart httpd - + - name: Certificate installed copy: src: "{{ acme_cert_file }}" @@ -75,7 +77,7 @@ notify: - restart ovn - restart ovirt-engine - + - name: Websocket Proxy configuration lineinfile: path: /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf @@ -88,7 +90,7 @@ notify: - restart ovn - restart ovirt-engine - + handlers: - name: restart httpd service: @@ -96,12 +98,12 @@ state: restarted - name: restart ovn - service: + service: name: ovirt-provider-ovn state: restarted - name: restart ovirt-engine - service: + service: name: ovirt-engine state: restarted @@ -126,4 +128,3 @@ register: networkinfo - debug: msg="{{networkinfo}}" - \ No newline at end of file diff --git a/site.yml b/site.yml index a5c8d9c..9d84f04 100644 --- a/site.yml +++ b/site.yml @@ -46,3 +46,44 @@ - sage905.mark2 - sage905.waterfall +- name: Ensure Gitea is running on Zenyatta + become: yes + hosts: zenyatta.lab.toal.ca + vars: + container_state: running + container_name: gitea + container_image: gitea/gitea:latest + gitea_nfs_mountpoint: /mnt/gitea + gitea_nfs_src: nas.lab.toal.ca:/mnt/BIGPOOL/BackedUp/git + gitea_dir_owner: ptoal + gitea_dir_group: ptoal + container_run_args: >- + --rm + -p 3000:3000/tcp -p 3222:22/tcp + -v "{{ gitea_nfs_mountpoint }}:/data" + --hostname=gitea.mgmt.toal.ca + --memory=1024M + container_firewall_ports: + - 3000/tcp + - 3222/tcp + + tasks: + - name: Ensure container data mount points + tags: mount + file: + path: "{{ gitea_nfs_mountpoint }}" + state: directory + + - name: ensure container NFS mounts from NAS + tags: [ mount, nfs ] + mount: + src: "{{ gitea_nfs_src }}" + path: "{{ gitea_nfs_mountpoint }}" + fstype: nfs + opts: rw,rsize=8192,wsize=8192,timeo=14,intr,vers=3 + state: mounted + + - name: ensure container state + tags: container + import_role: + name: ikke_t.podman_container_systemd \ No newline at end of file