iad2: adjust a bunch of things that were delegating directly to phx2 hosts
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
parent
bed9f28de9
commit
2f81e76657
|
@ -85,7 +85,7 @@
|
|||
candidate_registry_osbs_username: "{{candidate_registry_osbs_stg_username}}",
|
||||
candidate_registry_osbs_password: "{{candidate_registry_osbs_stg_password}}",
|
||||
when: env == "staging",
|
||||
delegate_to: compose-x86-01.phx2.fedoraproject.org
|
||||
delegate_to: compose-x86-01.{{ datacenter }}.fedoraproject.org
|
||||
}
|
||||
- {
|
||||
role: login-registry,
|
||||
|
@ -93,5 +93,5 @@
|
|||
candidate_registry_osbs_username: "{{candidate_registry_osbs_prod_username}}",
|
||||
candidate_registry_osbs_password: "{{candidate_registry_osbs_prod_password}}",
|
||||
when: env == "production",
|
||||
delegate_to: compose-x86-01.phx2.fedoraproject.org
|
||||
delegate_to: compose-x86-01.{{ datacenter }}.fedoraproject.org
|
||||
}
|
||||
|
|
|
@ -37,7 +37,7 @@
|
|||
|
||||
- name: Configure the bodhi virtual host
|
||||
run_once: true
|
||||
delegate_to: "rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org"
|
||||
delegate_to: "rabbitmq01{{ env_suffix }}.{{ datacenter }}.fedoraproject.org"
|
||||
rabbitmq_vhost:
|
||||
name: /bodhi
|
||||
state: present
|
||||
|
@ -48,7 +48,7 @@
|
|||
|
||||
- name: Configure the HA policy for the bodhi queues
|
||||
run_once: true
|
||||
delegate_to: "rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org"
|
||||
delegate_to: "rabbitmq01{{ env_suffix }}.{{ datacenter }}.fedoraproject.org"
|
||||
rabbitmq_policy:
|
||||
name: HA
|
||||
apply_to: queues
|
||||
|
@ -65,7 +65,7 @@
|
|||
|
||||
- name: Grant the admin user access to the bodhi vhost
|
||||
run_once: true
|
||||
delegate_to: "rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org"
|
||||
delegate_to: "rabbitmq01{{ env_suffix }}.{{ datacenter }}.fedoraproject.org"
|
||||
rabbitmq_user:
|
||||
user: admin
|
||||
vhost: /bodhi
|
||||
|
@ -80,7 +80,7 @@
|
|||
|
||||
- name: Grant the nagios-monitoring user access to the bodhi vhost
|
||||
run_once: true
|
||||
delegate_to: "rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org"
|
||||
delegate_to: "rabbitmq01{{ env_suffix }}.{{ datacenter }}.fedoraproject.org"
|
||||
rabbitmq_user:
|
||||
user: nagios-monitoring
|
||||
vhost: /bodhi
|
||||
|
@ -96,7 +96,7 @@
|
|||
# Create a user for Celery
|
||||
# - name: Create a user for Celery usage
|
||||
# run_once: true
|
||||
# delegate_to: "rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org"
|
||||
# delegate_to: "rabbitmq01{{ env_suffix }}.{{ datacenter }}.fedoraproject.org"
|
||||
# rabbitmq_user:
|
||||
# user: "bodhi-celery{{ env_suffix }}"
|
||||
# vhost: /bodhi
|
||||
|
@ -111,7 +111,7 @@
|
|||
|
||||
- name: Grant the bodhi user access to the bodhi vhost
|
||||
run_once: true
|
||||
delegate_to: "rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org"
|
||||
delegate_to: "rabbitmq01{{ env_suffix }}.{{ datacenter }}.fedoraproject.org"
|
||||
rabbitmq_user:
|
||||
user: "bodhi{{ env_suffix }}"
|
||||
vhost: /bodhi
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
- name: Generate (or renew) the certificate
|
||||
delegate_to: certgetter01.phx2.fedoraproject.org
|
||||
delegate_to: certgetter01.{{ datacenter }}.fedoraproject.org
|
||||
command: certbot certonly --expand --keep -n --webroot --webroot-path /var/www/html/ -d {{','.join([site_name] + server_aliases)}}
|
||||
run_once: true
|
||||
register: certbot_output
|
||||
|
@ -10,7 +10,7 @@
|
|||
|
||||
# Find the directory to use
|
||||
- name: Get the directory to use
|
||||
delegate_to: certgetter01.phx2.fedoraproject.org
|
||||
delegate_to: certgetter01.{{ datacenter }}.fedoraproject.org
|
||||
# Sometimes we get directories like site-0001, site-0002, etc. We want the latest
|
||||
shell: "file /etc/letsencrypt/live/{{site_name}}* | tail -1 | sed -e 's/: directory//' | tr -d '\n'"
|
||||
register: certbot_dir
|
||||
|
@ -21,7 +21,7 @@
|
|||
|
||||
# And once we do that, we need to copy some things.
|
||||
- name: Obtain the certificate
|
||||
delegate_to: certgetter01.phx2.fedoraproject.org
|
||||
delegate_to: certgetter01.{{ datacenter }}.fedoraproject.org
|
||||
command: "cat {{certbot_dir.stdout}}/cert.pem"
|
||||
register: certbot_certificate
|
||||
changed_when: 'false'
|
||||
|
@ -30,7 +30,7 @@
|
|||
- letsencrypt
|
||||
|
||||
- name: Obtain the intermediate certificate
|
||||
delegate_to: certgetter01.phx2.fedoraproject.org
|
||||
delegate_to: certgetter01.{{ datacenter }}.fedoraproject.org
|
||||
command: cat {{certbot_dir.stdout}}/chain.pem
|
||||
register: certbot_chain
|
||||
changed_when: 'false'
|
||||
|
@ -39,7 +39,7 @@
|
|||
- letsencrypt
|
||||
|
||||
- name: Obtain the key
|
||||
delegate_to: certgetter01.phx2.fedoraproject.org
|
||||
delegate_to: certgetter01.{{ datacenter }}.fedoraproject.org
|
||||
command: cat {{certbot_dir.stdout}}/privkey.pem
|
||||
register: certbot_key
|
||||
changed_when: 'false'
|
||||
|
|
|
@ -226,7 +226,7 @@
|
|||
command: "rsync -az --delete-delay --delay-updates --delete /var/lib/mirrormanager/mirrorlist_cache.proto /usr/share/mirrormanager2/country_continent.csv /var/lib/mirrormanager/global_netblocks.txt /var/lib/mirrormanager/i2_netblocks.txt {{ inventory_hostname }}:/srv/mirrorlist/data/mirrorlist1/"
|
||||
become: yes
|
||||
become_user: mirrormanager
|
||||
delegate_to: "mm-backend01.phx2.fedoraproject.org"
|
||||
delegate_to: "mm-backend01.{{ datacenter }}.fedoraproject.org"
|
||||
when: env == "production" and not mirrorlist_cache_status.stat.exists
|
||||
tags:
|
||||
- mirrorlist_proxy
|
||||
|
|
|
@ -81,7 +81,7 @@
|
|||
|
||||
- name: Configure the odcs virtual host
|
||||
run_once: true
|
||||
delegate_to: "rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org"
|
||||
delegate_to: "rabbitmq01{{ env_suffix }}.{{ datacenter }}.fedoraproject.org"
|
||||
rabbitmq_vhost:
|
||||
name: /odcs
|
||||
state: present
|
||||
|
@ -93,7 +93,7 @@
|
|||
|
||||
- name: Configure the HA policy for the odcs queues
|
||||
run_once: true
|
||||
delegate_to: "rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org"
|
||||
delegate_to: "rabbitmq01{{ env_suffix }}.{{ datacenter }}.fedoraproject.org"
|
||||
rabbitmq_policy:
|
||||
name: HA
|
||||
apply_to: queues
|
||||
|
@ -111,7 +111,7 @@
|
|||
|
||||
- name: Add a policy to limit queues to 1GB and remove after a month of no use
|
||||
run_once: true
|
||||
delegate_to: "rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org"
|
||||
delegate_to: "rabbitmq01{{ env_suffix }}.{{ datacenter }}.fedoraproject.org"
|
||||
rabbitmq_policy:
|
||||
apply_to: queues
|
||||
name: pubsub_sweeper
|
||||
|
@ -131,7 +131,7 @@
|
|||
|
||||
- name: Create the odcs-admin user for the odcs vhost (prod)
|
||||
run_once: true
|
||||
delegate_to: "rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org"
|
||||
delegate_to: "rabbitmq01{{ env_suffix }}.{{ datacenter }}.fedoraproject.org"
|
||||
rabbitmq_user:
|
||||
user: odcs-admin
|
||||
password: "{{ (env == 'production')|ternary(rabbitmq_odcs_admin_password_production, rabbitmq_odcs_admin_password_staging) }}"
|
||||
|
@ -147,7 +147,7 @@
|
|||
|
||||
- name: Dump the admin password in a file for administrative operations
|
||||
run_once: true
|
||||
delegate_to: "rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org"
|
||||
delegate_to: "rabbitmq01{{ env_suffix }}.{{ datacenter }}.fedoraproject.org"
|
||||
copy:
|
||||
dest: /root/.odcs-rabbitmqpass
|
||||
content: "{{ (env == 'production')|ternary(rabbitmq_odcs_admin_password_production, rabbitmq_odcs_admin_password_staging) }}"
|
||||
|
@ -162,7 +162,7 @@
|
|||
|
||||
- name: Grant the admin user access to the odcs vhost
|
||||
run_once: true
|
||||
delegate_to: "rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org"
|
||||
delegate_to: "rabbitmq01{{ env_suffix }}.{{ datacenter }}.fedoraproject.org"
|
||||
rabbitmq_user:
|
||||
user: admin
|
||||
vhost: /odcs
|
||||
|
@ -178,7 +178,7 @@
|
|||
|
||||
- name: Grant the nagios-monitoring user access to the odcs vhost
|
||||
run_once: true
|
||||
delegate_to: "rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org"
|
||||
delegate_to: "rabbitmq01{{ env_suffix }}.{{ datacenter }}.fedoraproject.org"
|
||||
rabbitmq_user:
|
||||
user: nagios-monitoring
|
||||
vhost: /odcs
|
||||
|
@ -195,7 +195,7 @@
|
|||
# Create a user with:
|
||||
- name: Create a user for odcs access
|
||||
run_once: true
|
||||
delegate_to: "rabbitmq01{{ env_suffix }}.phx2.fedoraproject.org"
|
||||
delegate_to: "rabbitmq01{{ env_suffix }}.{{ datacenter }}.fedoraproject.org"
|
||||
rabbitmq_user:
|
||||
user: "odcs-private-queue{{ env_suffix }}"
|
||||
vhost: /odcs
|
||||
|
|
|
@ -102,7 +102,7 @@
|
|||
- /root/.ssh/known_hosts
|
||||
- /etc/ssh/ssh_known_hosts
|
||||
when: inventory_hostname not in result.list_vms and inventory_hostname in groups['osbs_masters_stg']+groups['osbs_nodes_stg']
|
||||
delegate_to: osbs-control01.stg.phx2.fedoraproject.org
|
||||
delegate_to: osbs-control01.stg.{{ datacenter }}.fedoraproject.org
|
||||
|
||||
- name: (osbs-control01) make sure there is no old ssh host key for the host still around
|
||||
known_hosts: path={{item}} host={{ inventory_hostname }} state=absent
|
||||
|
@ -111,7 +111,7 @@
|
|||
- /root/.ssh/known_hosts
|
||||
- /etc/ssh/ssh_known_hosts
|
||||
when: inventory_hostname not in result.list_vms and inventory_hostname in groups['osbs_masters']+groups['osbs_nodes']
|
||||
delegate_to: osbs-control01.phx2.fedoraproject.org
|
||||
delegate_to: osbs-control01.{{ datacenter }}.fedoraproject.org
|
||||
|
||||
- name: wait for ssh on the vm to start back
|
||||
local_action: wait_for delay=10 host={{ inventory_hostname }} port=22 state=started timeout=1200
|
||||
|
@ -137,7 +137,7 @@
|
|||
- /root/.ssh/known_hosts
|
||||
- /etc/ssh/ssh_known_hosts
|
||||
when: inventory_hostname not in result.list_vms and inventory_hostname in groups['osbs_masters_stg']+groups['osbs_nodes_stg']
|
||||
delegate_to: osbs-control01.stg.phx2.fedoraproject.org
|
||||
delegate_to: osbs-control01.stg.{{ datacenter }}.fedoraproject.org
|
||||
|
||||
- name: (osbs-control01) add new ssh host key
|
||||
known_hosts: path={{item}} key="{{ hostkey.stdout }}" host={{ inventory_hostname }} state=present
|
||||
|
@ -146,7 +146,7 @@
|
|||
- /root/.ssh/known_hosts
|
||||
- /etc/ssh/ssh_known_hosts
|
||||
when: inventory_hostname not in result.list_vms and inventory_hostname in groups['osbs_masters']+groups['osbs_nodes']
|
||||
delegate_to: osbs-control01.phx2.fedoraproject.org
|
||||
delegate_to: osbs-control01.{{ datacenter }}.fedoraproject.org
|
||||
|
||||
- name: gather facts
|
||||
setup:
|
||||
|
|
Loading…
Reference in New Issue