diff --git a/inventory/inventory b/inventory/inventory index 691d13647b..ac4bedd152 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -187,9 +187,6 @@ mdapi01.phx2.fedoraproject.org [mdapi_stg] mdapi01.stg.phx2.fedoraproject.org -# [minimal] -# bkernel04.phx2.fedoraproject.org - [bodhi_backend] # This one handles the mashing/releng stuff bodhi-backend01.phx2.fedoraproject.org diff --git a/master.yml b/master.yml index 67c781ecdb..1f8cbe872b 100644 --- a/master.yml +++ b/master.yml @@ -16,6 +16,7 @@ - import_playbook: /srv/web/infra/ansible/playbooks/groups/badges-backend.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/badges-web.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/basset.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/bastion_stg.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/bastion.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/batcave.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/blockerbugs.yml @@ -25,17 +26,16 @@ - import_playbook: /srv/web/infra/ansible/playbooks/groups/buildvm.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/busgateway.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/certgetter.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/copr-backend.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/copr-aarch64-hypervisors.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/copr-backend.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/copr-dist-git.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/copr-frontend-cloud.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/copr-keygen.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/datagrepper.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/dbgserver.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/oci-registry.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/dns.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/download.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/elections.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/fas.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/fedimg.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/fedocal.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/github2fedmsg.yml @@ -46,19 +46,21 @@ - import_playbook: /srv/web/infra/ansible/playbooks/groups/kojipkgs.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/logserver.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/loopabull.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/mbs.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/mailman.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/maintainer-test.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/mariadb-server.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/mirrormanager.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/mbs.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/memcached.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/mirrormanager.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/nfs-servers.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/noc.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/notifs-backend.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/notifs-web.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/nuancier.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/oci-registry.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/odcs.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/openqa.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/openqa-workers.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/openqa.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/osbs-cluster.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/os-cluster.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/os-proxies.yml @@ -67,21 +69,22 @@ - import_playbook: /srv/web/infra/ansible/playbooks/groups/pdc.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/people.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/pkgs.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/postgresql-server.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/postgresql-server-bdr.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/postgresql-server.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/proxies.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/resultsdb.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/rabbitmq.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/retrace.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/releng-compose.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/resultsdb.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/retrace.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/secondary.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/smtp-mm.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/sign-bridge.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/simple-koji-ci.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/smtp-mm.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/sundries.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/tang.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/taskotron.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/taskotron-client-hosts.yml +- import_playbook: /srv/web/infra/ansible/playbooks/groups/taskotron.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/torrent.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/unbound.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/value.yml diff --git a/playbooks/groups/batcomputer.yml b/playbooks/groups/batcomputer.yml deleted file mode 100644 index b615d993df..0000000000 --- a/playbooks/groups/batcomputer.yml +++ /dev/null @@ -1,31 +0,0 @@ -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=batcomputer" - -- name: make the box be real - hosts: batcomputer - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - rkhunter - - nagios_client - - hosts - - fas_client - - sudo - - collectd/base - - ansible-ansible-awx - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - tasks: - - import_tasks: "{{ tasks_path }}/2fa_client.yml" - - import_tasks: "{{ tasks_path }}/motd.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/beaker-virthosts.yml b/playbooks/groups/beaker-virthosts.yml deleted file mode 100644 index 75180be7c3..0000000000 --- a/playbooks/groups/beaker-virthosts.yml +++ /dev/null @@ -1,37 +0,0 @@ -# create a new beaker virthost server system -# NOTE: should be used with --limit most of the time -# NOTE: most of these vars_path come from group_vars/backup_server or from hostvars -# This has an extra role that configures the virthost to be used with beaker for -# virtual machine clients - -- name: make virthost server system - hosts: beaker_virthosts - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - rkhunter - - nagios_client - - hosts - - fas_client - - collectd/base - - { role: iscsi_client, when: datacenter == "phx2" } - - sudo - - { role: openvpn/client, when: datacenter != "phx2" } - - { role: beaker/virthost, tags: ['beakervirthost'] } - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - tasks: - - import_tasks: "{{ tasks_path }}/2fa_client.yml" - - import_tasks: "{{ tasks_path }}/motd.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/beaker.yml b/playbooks/groups/beaker.yml deleted file mode 100644 index 12b4d1ac83..0000000000 --- a/playbooks/groups/beaker.yml +++ /dev/null @@ -1,58 +0,0 @@ -# create a new beaker server -# NOTE: make sure there is room/space for this server on the vmhost -# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars - -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=beaker:beaker_stg" - -- name: make the box be real - hosts: beaker:beaker_stg - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - rkhunter - - nagios_client - - hosts - - fas_client - - collectd/base - - sudo - - apache - - { role: openvpn/client, - when: env != "staging", tags: ['openvpn_client'] } - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - tasks: - # this is how you include other task lists - - import_tasks: "{{ tasks_path }}/2fa_client.yml" - - import_tasks: "{{ tasks_path }}/motd.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - -- name: configure beaker and required services - hosts: beaker:beaker_stg - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - { role: mariadb_server, tags: ['mariadb'] } - - { role: beaker/base, tags: ['beakerbase'] } - - { role: beaker/server, tags: ['beakerserver'] } - - { role: beaker/labcontroller, tags: ['beakerlabcontroller'] } - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - diff --git a/playbooks/groups/dhcp.yml b/playbooks/groups/dhcp.yml deleted file mode 100644 index da2929ff83..0000000000 --- a/playbooks/groups/dhcp.yml +++ /dev/null @@ -1,32 +0,0 @@ -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=dhcp" - -- name: make the box be real - hosts: dhcp - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - rkhunter - - nagios_client - - hosts - - fas_client - - collectd/base - - sudo - - dhcp_server - - tftp_server - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - tasks: - - import_tasks: "{{ tasks_path }}/2fa_client.yml" - - import_tasks: "{{ tasks_path }}/motd.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/hubs.yml b/playbooks/groups/hubs.yml deleted file mode 100644 index d1d9622281..0000000000 --- a/playbooks/groups/hubs.yml +++ /dev/null @@ -1,115 +0,0 @@ -# create the hubs server -# NOTE: should be used with --limit most of the time -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=hubs_stg" - -- name: make the box be real - hosts: hubs_stg - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - roles: - - base - - rkhunter - - nagios_client - - hosts - - fas_client - - collectd/base - - sudo - - { role: openvpn/client, - when: env != "staging" } - - tasks: - - import_tasks: "{{ tasks_path }}/2fa_client.yml" - - import_tasks: "{{ tasks_path }}/motd.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - -# -# Database setup -# - -- name: prepare setting up the database - hosts: db01.stg.phx2.fedoraproject.org - gather_facts: no - user: root - - tasks: - - name: install psycopg2 for the postgresql ansible modules - package: name=python-psycopg2 state=present - tags: - - packages - -- name: setup the database - hosts: db01.stg.phx2.fedoraproject.org - gather_facts: no - become: yes - become_user: postgres - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml" - - tasks: - #- name: hubs DB admin user - # postgresql_user: name=hubsadmin password={{ hubs_admin_db_pass }} - #- name: databases creation - # postgresql_db: name=hubs owner=hubsadmin encoding=UTF-8 - - name: hubs DB user - postgresql_user: name=hubsapp password={{ hubs_db_pass }} - - name: databases creation - postgresql_db: name=hubs owner=hubsapp encoding=UTF-8 - - - -# -# Real Hubs-specific work -# - -- name: setup Hubs - hosts: hubs_stg - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml" - - roles: - - fedmsg/base - - role: hubs - main_user: hubs - hubs_secret_key: "{{ hubs_session_secret }}" - hubs_db_type: postgresql - hubs_db_user: hubsapp - hubs_db_password: "{{ hubs_db_pass }}" - hubs_dev_mode: false - hubs_conf_dir: /etc/fedora-hubs - hubs_var_dir: /var/lib/fedora-hubs - # Set the SSL files to null because we use a SSL proxy - hubs_ssl_cert: null - hubs_ssl_key: null - hubs_fas_username: "{{ fedoraDummyUser }}" - hubs_fas_password: "{{ fedoraDummyUserPassword }}" - - tasks: - - name: add more hubs workers - service: name={{item}} enabled=yes state=started - with_items: - - fedora-hubs-triage@3 - - fedora-hubs-triage@4 - - fedora-hubs-worker@3 - - fedora-hubs-worker@4 - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/minimal.yml b/playbooks/groups/minimal.yml deleted file mode 100644 index c6b50cdf21..0000000000 --- a/playbooks/groups/minimal.yml +++ /dev/null @@ -1,30 +0,0 @@ -# This is a basic playbook - -- name: dole out the generic configuration - hosts: minimal - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - roles: - - base - - rkhunter - - hosts - - fas_client - - nagios_client - - collectd/base - - sudo - - tasks: - - import_tasks: "{{ tasks_path }}/2fa_client.yml" - - import_tasks: "{{ tasks_path }}/motd.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/newcloud-undercloud.yml b/playbooks/groups/newcloud-undercloud.yml deleted file mode 100644 index d79c5def24..0000000000 --- a/playbooks/groups/newcloud-undercloud.yml +++ /dev/null @@ -1,43 +0,0 @@ -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=newcloud_undercloud" - -- name: make the box be real - hosts: newcloud_undercloud - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - hosts - - sudo - - undercloud - - apache - - - role: httpd/mod_ssl - - - role: httpd/website - site_name: controller.fedorainfracloud.org - ssl: true - sslonly: true - certbot: true - - - role: httpd/reverseproxy - website: controller.fedorainfracloud.org - destname: overcloud - balancer_name: controller.fedorainfracloud.org - balancer_members: ['192.168.20.51:80'] - certbot_addhost: undercloud01.fedorainfracloud.org - http_not_https_yes_this_is_insecure_and_i_feel_bad: true - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/qa.yml b/playbooks/groups/qa.yml deleted file mode 100644 index 4ca9874299..0000000000 --- a/playbooks/groups/qa.yml +++ /dev/null @@ -1,100 +0,0 @@ ---- -# create a new taskotron CI stg server -# NOTE: make sure there is room/space for this server on the vmhost -# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars - -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=qa_prod:qa_stg" - -- name: make the box be real - hosts: qa_prod:qa_stg - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - { role: base, tags: ['base'] } - - { role: rkhunter, tags: ['rkhunter'] } - - { role: nagios_client, tags: ['nagios_client'] } - - hosts - - { role: fas_client, tags: ['fas_client'] } - - { role: collectd/base, tags: ['collectd_base'] } - - { role: sudo, tags: ['sudo'] } - - { role: openvpn/client, - when: deployment_type != "qa-stg", tags: ['openvpn_client'] } - - apache - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - tasks: - # this is how you include other task lists - - import_tasks: "{{ tasks_path }}/2fa_client.yml" - - import_tasks: "{{ tasks_path }}/motd.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - -- name: configure qa buildbot CI - hosts: qa_stg - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - { role: taskotron/buildmaster, tags: ['buildmaster'] } - - { role: taskotron/buildmaster-configure, tags: ['buildmasterconfig'] } - - { role: taskotron/buildslave, tags: ['buildslave'] } - - { role: taskotron/buildslave-configure, tags: ['buildslaveconfig'] } - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - -- name: configure static sites for qa-stg - hosts: qa_prod:qa_stg - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: ensure ServerName is set in httpd.conf - replace: dest=/etc/httpd/conf/httpd.conf regexp='^#ServerName .*$' replace='ServerName {{ external_hostname }}:443' - notify: - - reload httpd - tags: - - qastaticsites - - - name: create dirs for static sites - file: path={{ item.document_root }} state=directory owner=apache group=apache mode=1755 setype=httpd_sys_content_t - with_items: "{{ static_sites }}" - tags: - - qastaticsites - - - name: generate virtualhosts for static sites - template: src={{ files }}/httpd/qadevel-virtualhost.conf.j2 dest=/etc/httpd/conf.d/{{ item.name }}.conf owner=root group=root mode=0644 - with_items: "{{ static_sites }}" - notify: - - reload httpd - tags: - - qastaticsites - -# don't need this if buildbot is not enabled -# roles: -# - { role: taskotron/imagefactory-client, -# when: deployment_type != "qa-stg", tags: ['imagefactoryclient'] } -# - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - diff --git a/playbooks/groups/rhel8beta.yml b/playbooks/groups/rhel8beta.yml deleted file mode 100644 index 25a8028528..0000000000 --- a/playbooks/groups/rhel8beta.yml +++ /dev/null @@ -1,30 +0,0 @@ -# create a new rhel8 beta test server - -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=rhel8beta" - -- name: dole out the generic configuration - hosts: rhel8beta - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - rkhunter - - hosts - - fas_client - - sudo - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - tasks: - - import_tasks: "{{ tasks_path }}/2fa_client.yml" - - import_tasks: "{{ tasks_path }}/motd.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml"