From faf30d36e0e60253770ab92a79b2971df112276b Mon Sep 17 00:00:00 2001
From: Pedro Alvarez <pedro.alvarez@codethink.co.uk>
Date: Wed, 18 Aug 2021 12:30:45 +0200
Subject: baserock_frontend: Move to Ubuntu

---
 baserock_frontend/haproxy.cfg         |  2 +-
 baserock_frontend/image-config.yml    | 33 ++++++++-------------------------
 baserock_frontend/instance-config.yml |  2 +-
 3 files changed, 10 insertions(+), 27 deletions(-)

diff --git a/baserock_frontend/haproxy.cfg b/baserock_frontend/haproxy.cfg
index 1217e957..8a638e57 100644
--- a/baserock_frontend/haproxy.cfg
+++ b/baserock_frontend/haproxy.cfg
@@ -49,7 +49,7 @@ frontend https-in
     # This means we only need to have the certificate in one place, and the
     # configuration of the other instances is simpler. It does mean that we
     # need to avoid having any insecure machines in the cloud.
-    bind *:443 ssl no-sslv3 crt /etc/pki/tls/private/baserock.pem
+    bind *:443 ssl no-sslv3 crt /etc/ssl/private/baserock.pem
     reqadd X-Forwarded-Proto:\ https
 
     # Rules below here implement the URL-based forwarding to the
diff --git a/baserock_frontend/image-config.yml b/baserock_frontend/image-config.yml
index 08a9b64a..a8ee88d2 100644
--- a/baserock_frontend/image-config.yml
+++ b/baserock_frontend/image-config.yml
@@ -1,34 +1,17 @@
 # System configuration for Baserock HAProxy instance.
 ---
 - hosts: frontend-haproxy
-  gather_facts: false
-  sudo: yes
+  become: yes
   tasks:
-  # See: https://fedoramagazine.org/getting-ansible-working-fedora-23/
-  - name: install Python2 and required deps for Ansible modules
-    raw: dnf install -y python2 python2-dnf
-
-  - name: enable persistant journal
-    shell: mkdir /var/log/journal
-    args:
-      creates: /var/log/journal
-
   - name: ensure system up to date
-    dnf: name=* state=latest
+    apt:
+      upgrade: yes
+      update_cache: yes
 
   - name: HAProxy installed
-    dnf: name=haproxy state=latest
+    apt:
+      name: haproxy
 
   - name: netcat installed
-    dnf: name=nc state=latest
-
-  # Yes, SELinux prevents HAProxy from working. In this case I think it's
-  # because we ask it to listen on port 29418 for Gerrit's SSH connections.
-  - name: install libselinux-python, so Ansible can control selinux
-    dnf: name=libselinux-python state=latest
-
-  - name: disable SELinux on subsequent boots
-    selinux: state=disabled
-
-  - name: disable SELinux on current boot
-    command: setenforce 0
+    apt:
+      name: netcat
diff --git a/baserock_frontend/instance-config.yml b/baserock_frontend/instance-config.yml
index 1cebce31..491ee535 100644
--- a/baserock_frontend/instance-config.yml
+++ b/baserock_frontend/instance-config.yml
@@ -10,7 +10,7 @@
   - name: install SSL certificate
     copy:
       content: "{{ lookup('file', '../private/frontend-with-key.pem') }}"
-      dest: /etc/pki/tls/private/baserock.pem
+      dest: /etc/ssl/private/baserock.pem
       owner: haproxy
       mode: 400
     notify:
-- 
cgit v1.2.1