ansible-playbooks/general#19 Set role header

a90a191a · jurgenhaas · 8da3658c · a90a191a
Commit a90a191a authored 8 years ago by jurgenhaas
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -3,177 +3,185 @@
 #
 # see: http://zeroset.mnim.org/2012/08/14/svn-over-ssh-with-multiple-svn-users-and-a-single-unix-account-without-shell-access/

- name: 'Subversion | Install packages'
-  apt: pkg={{item}} state=installed update_cache=yes
-  tags: UpdateSVN
-  with_items:
-    - subversion
-
- name: 'Subversion | Create main tunnel user'
-  user: name=sshsvn
-        group=root
-        home=/home/sshsvn
-        shell=/bin/bash
-        generate_ssh_key=yes
-        ssh_key_bits=2048
-  tags: UpdateSVN
-  notify:
-    - 'Subversion | Lock the main tunnel user'
-
- name: 'Subversion | Create directory'
-  file: dest={{item}}
-        state=directory
-        owner=sshsvn
-        group=root
-        mode=775
-  tags: UpdateSVN
-  with_items:
-    - '/var/svn'
-    - '/etc/ansible/facts.d'
-
- name: 'Subversion | Copy Ansible Facts Script'
-  template: src=revision_deployment_fact
-            dest=/etc/ansible/facts.d/revision_deployment.fact
-            owner=root
-            group=root
-            mode=0755
-  tags: UpdateSVN
-
- name: 'Subversion | Copy SVN Hook Config'
-  template: src=hooks_conf
-            dest=/var/svn/hooks.conf
-            owner=root
-            group=root
-            mode=0644
-  tags: UpdateSVN
-
- name: 'Subversion | Copy init script'
-  copy: src=etc_init_d_svnserve
-        dest=/etc/init.d/svnserve
-        owner=root
-        group=root
-        mode=755
-  tags: UpdateSVN
-  notify:
-    - 'Subversion | Include Svnserve to Boot-List'
-    - 'Subversion | Restart Subversion'
-
- name: 'Subversion | Copy svnserve script'
-  copy: src=usr_local_bin_svnserve
-        dest=/usr/local/bin/svnserve
-        owner=root
-        group=root
-        mode=755
-  tags: UpdateSVN
-
- name: 'Subversion | Copy Svnserve Config File'
-  template: src=svnserve_conf
-            dest=/etc/subversion/svnserve.conf
-            owner=root
-            group=root
-            mode=0644
-  tags: UpdateSVN
-
- name: 'Subversion | Reset user authentication'
-  file:
-    path=/home/sshsvn/.ssh/authorized_keys
-    state=absent
-  tags:
-    - ResetSVNUser
-  ignore_errors: yes
-
- name: 'Subversion | Install SSH user public keys'
-  authorized_key: user=sshsvn
-                  key="{{lookup('file', inventory_dir + '/files/keys/' + item + '.svn.pub')}}"
-                  key_options='command="/usr/local/bin/svnserve -t --tunnel-user={{item}}",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty'
-  tags:
-    - UpdateSVN
-    - UpdateSVNUser
-    - ResetSVNUser
-  with_items: '{{ svn_user }}'
-
- name: 'Subversion | Read public key of svn tunnel user'
-  shell: cat /home/sshsvn/.ssh/id_rsa.pub
-  register: sshsvnpubkey
-  tags:
-    - ResetSVNUser
-
- name: 'Subversion | Distribute public key of svn tunnel user'
-  authorized_key: user=sshsvn
-                  key={{sshsvnpubkey.stdout}} {{inventory_hostname}}
-  delegate_to: '{{item}}'
-  with_items: '{{ groups.svnserver }}'
-  tags:
-    - ResetSVNUser
-
- name: 'Subversion | Copy Svnserve Auth File'
-  template: src=svn_auth
-            dest=/etc/subversion/svn.auth
-            owner=root
-            group=root
-            mode=0644
-  tags:
-    - UpdateSVN
-    - UpdateSVNAuth
-  when: svnadmin_by_ansible
-
- name: 'Subversion | Create missing repositories'
-  shell: bash -c "[ -d /var/svn/{{item.name}} ] && echo OK || svnadmin create /var/svn/{{item.name}}"
-  tags:
-    - UpdateSVN
-    - UpdateSVNRepos
-  register: svn_result
-  with_items: '{{ svn_repositories }}'
-  changed_when: svn_result.stdout != 'OK'
-  when: svnserver_master == inventory_hostname
-
- name: 'Subversion | Copy Hook Scripts'
-  copy: src={{item.0}}
-        dest=/var/svn/{{item.1.name}}/hooks/{{item.0}}
-        owner=root
-        group=root
-        mode=755
-  tags:
-    - UpdateSVN
-    - UpdateSVNRepos
-  with_nested:
-    - ['post-commit', 'pre-commit']
-    - '{{ svn_repositories }}'
-  when: svnserver_master == inventory_hostname and (item.1.hooks is not defined or item.1.hooks)
-
- name: 'Subversion | Set permissions'
-  file:
-    path="/var/svn"
-    owner="sshsvn"
-    group="root"
-    recurse=yes
-  tags:
-    - UpdateSVN
-    - UpdateSVNRepos
-  changed_when: false
-
- name: 'Subversion | Set ownership'
-  file:
-    path=/var/svn
-    mode=g+w
-    recurse=yes
-  tags:
-    - UpdateSVN
-    - UpdateSVNRepos
-  changed_when: false
-
- include: svnadmin.yml
-  when: svnadmin
-
- name: 'Subversion | Install cron job to sync slave with master'
-  cron:
-    name='Sync SVN data with {{svnserver_master}}'
-    month='{{ svnserver_cron_sync.month|default(omit) }}'
-    day='{{ svnserver_cron_sync.day|default(omit) }}'
-    weekday='{{ svnserver_cron_sync.weekday|default(omit) }}'
-    hour='{{ svnserver_cron_sync.hour|default(omit) }}'
-    minute='{{ svnserver_cron_sync.minute|default(omit) }}'
-    job='rsync -av --delete --log-file=/tmp/svnsync.log {{svnserver_master}}:/var/svn/ /var/svn >/dev/null 2>&1'
-    user='sshsvn'
-  when: svnserver_slave and svnserver_cron_sync.active
-  tags: 'cron'
+- name: "SVN-Server Role"
+  set_fact: role_svnserver_started=true
+  tags: always
+
+- block:
+
+  - name: 'Subversion | Install packages'
+    apt: pkg={{item}} state=installed update_cache=yes
+    tags: UpdateSVN
+    with_items:
+      - subversion
+
+  - name: 'Subversion | Create main tunnel user'
+    user: name=sshsvn
+          group=root
+          home=/home/sshsvn
+          shell=/bin/bash
+          generate_ssh_key=yes
+          ssh_key_bits=2048
+    tags: UpdateSVN
+    notify:
+      - 'Subversion | Lock the main tunnel user'
+
+  - name: 'Subversion | Create directory'
+    file: dest={{item}}
+          state=directory
+          owner=sshsvn
+          group=root
+          mode=775
+    tags: UpdateSVN
+    with_items:
+      - '/var/svn'
+      - '/etc/ansible/facts.d'
+
+  - name: 'Subversion | Copy Ansible Facts Script'
+    template: src=revision_deployment_fact
+              dest=/etc/ansible/facts.d/revision_deployment.fact
+              owner=root
+              group=root
+              mode=0755
+    tags: UpdateSVN
+
+  - name: 'Subversion | Copy SVN Hook Config'
+    template: src=hooks_conf
+              dest=/var/svn/hooks.conf
+              owner=root
+              group=root
+              mode=0644
+    tags: UpdateSVN
+
+  - name: 'Subversion | Copy init script'
+    copy: src=etc_init_d_svnserve
+          dest=/etc/init.d/svnserve
+          owner=root
+          group=root
+          mode=755
+    tags: UpdateSVN
+    notify:
+      - 'Subversion | Include Svnserve to Boot-List'
+      - 'Subversion | Restart Subversion'
+
+  - name: 'Subversion | Copy svnserve script'
+    copy: src=usr_local_bin_svnserve
+          dest=/usr/local/bin/svnserve
+          owner=root
+          group=root
+          mode=755
+    tags: UpdateSVN
+
+  - name: 'Subversion | Copy Svnserve Config File'
+    template: src=svnserve_conf
+              dest=/etc/subversion/svnserve.conf
+              owner=root
+              group=root
+              mode=0644
+    tags: UpdateSVN
+
+  - name: 'Subversion | Reset user authentication'
+    file:
+      path=/home/sshsvn/.ssh/authorized_keys
+      state=absent
+    tags:
+      - ResetSVNUser
+    ignore_errors: yes
+
+  - name: 'Subversion | Install SSH user public keys'
+    authorized_key: user=sshsvn
+                    key="{{lookup('file', inventory_dir + '/files/keys/' + item + '.svn.pub')}}"
+                    key_options='command="/usr/local/bin/svnserve -t --tunnel-user={{item}}",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty'
+    tags:
+      - UpdateSVN
+      - UpdateSVNUser
+      - ResetSVNUser
+    with_items: '{{ svn_user }}'
+
+  - name: 'Subversion | Read public key of svn tunnel user'
+    shell: cat /home/sshsvn/.ssh/id_rsa.pub
+    register: sshsvnpubkey
+    tags:
+      - ResetSVNUser
+
+  - name: 'Subversion | Distribute public key of svn tunnel user'
+    authorized_key: user=sshsvn
+                    key={{sshsvnpubkey.stdout}} {{inventory_hostname}}
+    delegate_to: '{{item}}'
+    with_items: '{{ groups.svnserver }}'
+    tags:
+      - ResetSVNUser
+
+  - name: 'Subversion | Copy Svnserve Auth File'
+    template: src=svn_auth
+              dest=/etc/subversion/svn.auth
+              owner=root
+              group=root
+              mode=0644
+    tags:
+      - UpdateSVN
+      - UpdateSVNAuth
+    when: svnadmin_by_ansible
+
+  - name: 'Subversion | Create missing repositories'
+    shell: bash -c "[ -d /var/svn/{{item.name}} ] && echo OK || svnadmin create /var/svn/{{item.name}}"
+    tags:
+      - UpdateSVN
+      - UpdateSVNRepos
+    register: svn_result
+    with_items: '{{ svn_repositories }}'
+    changed_when: svn_result.stdout != 'OK'
+    when: svnserver_master == inventory_hostname
+
+  - name: 'Subversion | Copy Hook Scripts'
+    copy: src={{item.0}}
+          dest=/var/svn/{{item.1.name}}/hooks/{{item.0}}
+          owner=root
+          group=root
+          mode=755
+    tags:
+      - UpdateSVN
+      - UpdateSVNRepos
+    with_nested:
+      - ['post-commit', 'pre-commit']
+      - '{{ svn_repositories }}'
+    when: svnserver_master == inventory_hostname and (item.1.hooks is not defined or item.1.hooks)
+
+  - name: 'Subversion | Set permissions'
+    file:
+      path="/var/svn"
+      owner="sshsvn"
+      group="root"
+      recurse=yes
+    tags:
+      - UpdateSVN
+      - UpdateSVNRepos
+    changed_when: false
+
+  - name: 'Subversion | Set ownership'
+    file:
+      path=/var/svn
+      mode=g+w
+      recurse=yes
+    tags:
+      - UpdateSVN
+      - UpdateSVNRepos
+    changed_when: false
+
+  - include: svnadmin.yml
+    when: svnadmin
+
+  - name: 'Subversion | Install cron job to sync slave with master'
+    cron:
+      name='Sync SVN data with {{svnserver_master}}'
+      month='{{ svnserver_cron_sync.month|default(omit) }}'
+      day='{{ svnserver_cron_sync.day|default(omit) }}'
+      weekday='{{ svnserver_cron_sync.weekday|default(omit) }}'
+      hour='{{ svnserver_cron_sync.hour|default(omit) }}'
+      minute='{{ svnserver_cron_sync.minute|default(omit) }}'
+      job='rsync -av --delete --log-file=/tmp/svnsync.log {{svnserver_master}}:/var/svn/ /var/svn >/dev/null 2>&1'
+      user='sshsvn'
+    when: svnserver_slave and svnserver_cron_sync.active
+    tags: 'cron'
+
+  when: '"svnserver" not in excluded_roles'