github.com/cvmfs/docker-graphdriver@v0.0.0-20181206110523-155ec6df0521/provision/roles/docker-registry/tasks/main.yml (about) 1 --- 2 - name: Install docker registry (Ubuntu) 3 package: name=docker-registry state=present 4 when: ansible_distribution == "Ubuntu" 5 6 - name: Install docker registry (CentOS) 7 package: name=docker-distribution state=present 8 when: ansible_distribution == "CentOS" 9 10 - name: Install apache2 (Ubuntu) 11 package: name=apache2 state=present 12 when: ansible_distribution == "Ubuntu" 13 14 - name: Install httpd (CentOS) 15 yum: name=httpd state=present 16 when: ansible_distribution == "CentOS" 17 18 - name: Install mod_ssl on CentOS 19 package: name=mod_ssl state=present 20 when: ansible_distribution == "CentOS" 21 22 - name: Start registry (Ubuntu) 23 service: name=docker-registry state=started 24 when: ansible_distribution == "Ubuntu" 25 26 - name: Start registry (CentOS) 27 service: name=docker-distribution state=started 28 when: ansible_distribution == "CentOS" 29 30 - name: Enable httpd SELinux 31 seboolean: 32 name: httpd_can_network_connect 33 state: yes 34 persistent: yes 35 when: ansible_distribution == "CentOS" 36 37 - name: Deploy SSL keys (Ubuntu) 38 copy: src="{{ item }}" dest="/etc/ssl/{{ item }}" 39 with_items: 40 - "private/{{ ansible_fqdn }}.key" 41 - "certs/{{ ansible_fqdn }}.crt" 42 when: ansible_distribution == "Ubuntu" 43 44 - name: Deploy SSL keys (CentOS) 45 copy: src="{{ item }}" dest="/etc/pki/tls/{{ item }}" 46 with_items: 47 - "private/{{ ansible_fqdn }}.key" 48 - "certs/{{ ansible_fqdn }}.crt" 49 when: ansible_distribution == "CentOS" 50 51 - name: Enable apache2 modules 52 apache2_module: name="{{ item }}" state=present 53 with_items: 54 - proxy 55 - proxy_http 56 - ssl 57 58 - name: Upload the apache conf (Ubuntu) 59 template: 60 src: ubuntu-apache-registry.conf.j2 61 dest: /etc/apache2/conf-available/registry.conf 62 force: yes 63 when: ansible_distribution == "Ubuntu" 64 65 - name: Enable apache config (Ubuntu) 66 file: 67 dest: /etc/apache2/conf-enabled/registry.conf 68 src: /etc/apache2/conf-available/registry.conf 69 state: link 70 when: ansible_distribution == "Ubuntu" 71 72 - name: Upload the apache conf (CentOS) 73 template: 74 src: centos-apache-registry.conf.j2 75 dest: /etc/httpd/conf.d/registry.conf 76 force: yes 77 when: ansible_distribution == "CentOS" 78 79 - name: Restart apache (CentOS) 80 service: name=httpd state=restarted 81 when: ansible_distribution == "CentOS" 82 83 - name: Restart apache (Ubuntu) 84 service: name=apache2 state=restarted 85 when: ansible_distribution == "Ubuntu" 86 87 - name: Install httpasswd (CentOS) 88 package: name=httpd-tools state=present 89 when: ansible_distribution == "CentOS" 90 91 - name: Install httpasswd (Ubuntu) 92 package: name=apache2-utils state=present 93 when: ansible_distribution == "Ubuntu" 94 95 - name: install pip 96 package: name=python-pip state=present 97 98 - name: install passlib 99 pip: name=passlib state=present 100 101 - name: fill-in htpasswd file 102 htpasswd: 103 name: cernvm 104 password: cernvm 105 path: "{{ workdir }}/registry.htpasswd" 106 state: present 107 mode: 0644 108 109 - name: Create bin directory 110 file: name="{{ workdir }}/bin" state=directory 111 112 - name: Get minio binary 113 get_url: 114 url: https://dl.minio.io/server/minio/release/linux-amd64/minio 115 dest: "{{ workdir }}/bin/minio" 116 mode: 0755 117 118 - name: Install systemd units 119 template: 120 src: "{{ item }}.j2" 121 dest: "/etc/systemd/system/{{ item }}" 122 force: yes 123 with_items: 124 - minio.service 125 - publisher.service 126 127 - name: Temporarily stop publisher service 128 service: name="publisher" state="stopped" 129 130 - name: Get publisher binary 131 get_url: 132 url: https://cernbox.cern.ch/index.php/s/m6gFtvCL1V0WIt9/download 133 dest: "{{ workdir }}/bin/publisher" 134 mode: 0755 135 force: yes 136 137 - name: Start publisher service 138 service: name="publisher.service" state="started" 139 140 - name: Prepare minio directories 141 file: name="{{ workdir}}/{{ item }}" state=directory 142 with_items: 143 - minio_data 144 - minio_config 145 146 - name: Deploy publisher configuration 147 template: 148 src: "publisher.json.j2" 149 dest: "{{ workdir }}/minio_config/publisher.json" 150 force: yes 151 152 - name: Enable systemd units 153 systemd: 154 name: "{{ item }}" 155 state: started 156 enabled: yes 157 daemon-reload: yes 158 with_items: 159 - minio.service 160 - publisher.service 161 162 - name: Fetch minio credentials 163 fetch: 164 src: "{{ workdir }}/minio_config/config.json" 165 dest: "secrets" 166 167 - name: Fetch cvmfs key 168 fetch: 169 src: "/etc/cvmfs/keys/{{ ansible_fqdn }}.pub" 170 dest: "secrets" 171 172 - name: Enable minio webhook 173 patch: 174 src: "minio-config.json.patch" 175 dest: "{{ workdir }}/minio_config/config.json" 176 notify: restart minio 177 178 - name: Get minio client binary 179 get_url: 180 url: https://dl.minio.io/client/mc/release/linux-amd64/mc 181 dest: "{{ workdir }}/bin/mc" 182 mode: 0755 183 184 - name: Setup bucket and event handler 185 script: setup_minio_webhook.sh "{{ workdir }}/minio_config/config.json" 186 environment: 187 PATH: "{{ workdir }}/bin:{{ ansible_env.PATH }}" 188 189 - name: Open firewall 190 firewalld: 191 port: "{{ item }}" 192 permanent: true 193 state: disabled 194 immediate: true 195 with_items: 196 - 80/tcp 197 - 443/tcp 198 - 5000/tcp 199 - 9000/tcp