Update ansible for rpm with correct permissions for CentOS

data/ansible/rpm_packages/main.yaml

@@ -69,11 +69,13 @@
           - git
           - nginx
           - rpm
+          - rpm-build
           - rpm-sign
           - createrepo
           - wget
           - gnupg2
           - sshpass
+          - tar
         state: present
 ###########################################################################################################################
 ###########################################################################################################################
@@ -90,17 +92,25 @@
         state: directory
 
     - name: Check if /var/packages/yum/{{ cgrates_distribution }} directory exists
+        become: true
+        file:
+          path: /var/packages/yum/{{ cgrates_distribution }}
+          state: directory
+
+    - name: Nginx on CentOS needs additional permissions
       become: true
-      file:
-        path: /var/packages/yum/{{ cgrates_distribution }}
-        state: directory
+      shell: "sudo chcon -t httpd_sys_content_t /var/packages/ -R"
+
+    - name: Nginx on CentOS needs additional permissions2
+      become: true
+      shell: "sudo chcon -t httpd_sys_rw_content_t /var/packages/ -R"
         
     - name: Generate GPG Key
       include: gpg.yaml
 
     - name: Check if NGINX needs to be configured
       become: true
-      shell: "ls /etc/nginx/conf.d/ | grep 'yum.cgrates.org.vhost.conf'"
+      shell: "ls /etc/nginx/ | grep 'nginx.conf.original'"
       ignore_errors: true
       register: nginxConfig
 
@@ -328,7 +338,7 @@
       become: yes
       file:
         src: /var/packages/rpm/{{ cgrates_distribution }}/{{ item }}
-        dest: /var/packages/rpm/{{ cgrates_distribution }}/cgrates_current.rpm"
+        dest: /var/packages/rpm/{{ cgrates_distribution }}/cgrates_current.rpm
         state: link
       with_items: "{{ hostvars['yum']['rmpFileName']['stdout_lines'] }}"
       when : cgrates_distribution == "nightly" or hostvars['yum']['gitTagVar'].stdout_lines|length > 0

data/ansible/rpm_packages/nginx.conf.j2

@@ -1,21 +1,29 @@
-server {
-  listen 80;
-  server_name yum.cgrates.org;
+user nginx nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log;
+pid /run/nginx.pid;
 
-  access_log /var/log/nginx/packages-error.log;
-  error_log /var/log/nginx/packages-error.log;
-
-  location / {
-    root /var/packages;
-    index index.html;
-    autoindex on;
-  }
-
-  location ~ /(.*)/conf {
-    deny all;
-  }
-
-  location ~ /(.*)/db {
-    deny all;
-  }
+events {
+    worker_connections 1024;
+}
+
+http {
+    include             /etc/nginx/mime.types;
+    default_type        application/octet-stream;
+
+    server {
+      listen 80;
+      server_name yum.cgrates.org;
+
+      access_log /var/log/nginx/yum.cgrates.org_access.log;
+      error_log /var/log/nginx/yum.cgrates.org_error.log;
+
+      root /var/packages;
+
+      location / {
+        root /var/packages;
+        index index.html;
+        autoindex on;
+      }
+    }
 }

data/ansible/rpm_packages/nginx.yaml

@@ -1,13 +1,23 @@
 ---
-- name: Add yum.cgrates.vhost in nginx
+- name: Rename the default nginx.conf to nginx.conf.original
+  become: true
+  shell: "sudo mv -v /etc/nginx/nginx.conf /etc/nginx/nginx.conf.original"
+
+- name: Add nginx.conf in nginx
   become: true
   template:
     src: nginx.conf.j2
-    dest: "/etc/nginx/conf.d/yum.cgrates.org.vhost.conf"
-    mode: '0600'
+    dest: "/etc/nginx/nginx.conf"
+    mode: '0666'
     owner: "{{ rootUser }}"
 
+- name: Allow nginx in firewall
+  become: true
+  shell: "sudo firewall-cmd --permanent --zone=public --add-service=https --add-service=http"
 
+- name: Restart the firewall
+  become: true
+  shell: "sudo firewall-cmd --reload"
 
 - name: Restart the nginx so the change take effects
   become: true