Fix old variable usage. Patch from janeznemanic. Thanks!
This commit is contained in:
parent
d011bbde2c
commit
f7d56ff2b1
|
@ -3,12 +3,12 @@
|
|||
user: root
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- $private/vars.yml
|
||||
- $vars/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/cloud_setup_basic.yml
|
||||
- include: "{{ tasks }}/cloud_setup_basic.yml"
|
||||
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
|
|
@ -1,22 +1,21 @@
|
|||
DIE DIE DIE
|
||||
there is no way this could work so fail
|
||||
|
||||
|
||||
#DIE DIE DIE
|
||||
# there is no way this could work so fail
|
||||
#
|
||||
# only works with -e target=
|
||||
# requires --extra-vars="target=hostspec"
|
||||
|
||||
- name: destroy the cloud instance
|
||||
hosts: $target
|
||||
hosts: "{{ target }}"
|
||||
user: root
|
||||
gather_facts: false
|
||||
|
||||
tasks:
|
||||
- name: fail if the host/ip is not up
|
||||
local_action: wait_for host=${inventory_hostname} port=22 delay=0 timeout=10
|
||||
when_string: inventory_hostname not in result.list_vms
|
||||
local_action: wait_for host={{ inventory_hostname }} port=22 delay=0 timeout=10
|
||||
when: inventory_hostname not in result.list_vms
|
||||
|
||||
- name: pause for 30s before doing it
|
||||
pause: seconds=30 prompt="Destroying vm now $target, abort if this is wrong"
|
||||
pause: seconds=30 prompt="Destroying vm now {{ target }}, abort if this is wrong"
|
||||
|
||||
- name: find the instance id from the builder
|
||||
action: command curl -s http://169.254.169.254/latest/meta-data/instance-id
|
||||
|
|
|
@ -10,29 +10,29 @@
|
|||
# requires --extra-vars="target=hostspec"
|
||||
|
||||
- name: destroy and undefine vm
|
||||
hosts: $target
|
||||
hosts: "{{ target }}"
|
||||
user: root
|
||||
gather_facts: false
|
||||
|
||||
tasks:
|
||||
- name: get vm list on the vmhost
|
||||
delegate_to: $vmhost
|
||||
delegate_to: "{{ vmhost }}"
|
||||
virt: command=list_vms
|
||||
register: result
|
||||
|
||||
- name: fail if the host is not already defined/existent
|
||||
local_action: fail msg="host does not exist on $vmhost"
|
||||
local_action: fail msg="host does not exist on {{ vmhost }}"
|
||||
when: inventory_hostname not in result.list_vms
|
||||
|
||||
- name: pause for 30s before doing it
|
||||
pause: seconds=30 prompt="Destroying vm now $target, abort if this is wrong"
|
||||
pause: seconds=30 prompt="Destroying vm now {{ target }}, abort if this is wrong"
|
||||
|
||||
- name: destroy the vm
|
||||
action: virt name=${inventory_hostname} command=destroy
|
||||
delegate_to: $vmhost
|
||||
action: virt name={{ inventory_hostname }} command=destroy
|
||||
delegate_to: "{{ vmhost }}"
|
||||
|
||||
- name: undefine the vm
|
||||
action: virt name=${inventory_hostname} command=undefine
|
||||
delegate_to: $vmhost
|
||||
action: virt name={{ inventory_hostname }} command=undefine
|
||||
delegate_to: "{{ vmhost }}"
|
||||
|
||||
|
||||
|
|
|
@ -8,16 +8,16 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
|
||||
vars:
|
||||
- keypair: fedora-admin-20130801
|
||||
- image: $el6_qcow_id
|
||||
- image: "{{ el6_qcow_id }}"
|
||||
- instance_type: m1.small
|
||||
- security_group: default
|
||||
|
||||
tasks:
|
||||
- include: $tasks/transient_cloud.yml
|
||||
- include: "{{ tasks }}/transient_cloud.yml"
|
||||
|
||||
- name: provision instance
|
||||
hosts: tmp_just_created
|
||||
|
@ -26,13 +26,13 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/growroot_cloud.yml
|
||||
- include: $tasks/cloud_setup_basic.yml
|
||||
- include: "{{ tasks }}/growroot_cloud.yml"
|
||||
- include: "{{ tasks }}/cloud_setup_basic.yml"
|
||||
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
|
|
@ -8,15 +8,15 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
vars:
|
||||
- keypair: fedora-admin-20130801
|
||||
- image: $f19_qcow_id
|
||||
- image: "{{ f19_qcow_id }}"
|
||||
- instance_type: m1.small
|
||||
- security_group: default
|
||||
|
||||
tasks:
|
||||
- include: $tasks/transient_cloud.yml
|
||||
- include: "{{ tasks }}/transient_cloud.yml"
|
||||
|
||||
- name: provision instance
|
||||
hosts: tmp_just_created
|
||||
|
@ -25,8 +25,8 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
tasks:
|
||||
- name: growpart /dev/vda1 partition (/) to full size
|
||||
|
@ -36,14 +36,14 @@
|
|||
|
||||
- name: resize the /dev/vda 1 fs
|
||||
action: command resize2fs /dev/vda1
|
||||
when: ${growpart.rc} == 0
|
||||
when: "{{ growpart.rc }} == 0"
|
||||
|
||||
- name: put the mbr back - b/c the resize breaks booting otherwise
|
||||
action: shell cat /usr/share/syslinux/mbr.bin > /dev/vda
|
||||
when: ${growpart.rc} == 0
|
||||
when: "{{ growpart.rc }} == 0"
|
||||
|
||||
|
||||
- include: $tasks/cloud_setup_basic.yml
|
||||
- include: "{{ tasks }}/cloud_setup_basic.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
|
|
@ -8,15 +8,15 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
vars:
|
||||
- keypair: fedora-admin-20130801
|
||||
- image: $f18_qcow_id
|
||||
- image: "{{ f18_qcow_id }}"
|
||||
- instance_type: m1.small
|
||||
- security_group: default
|
||||
|
||||
tasks:
|
||||
- include: $tasks/transient_cloud.yml
|
||||
- include: "{{ tasks }}/transient_cloud.yml"
|
||||
|
||||
- name: provision instance
|
||||
hosts: tmp_just_created
|
||||
|
@ -25,12 +25,12 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/growroot_cloud.yml
|
||||
- include: $tasks/cloud_setup_basic.yml
|
||||
- include: "{{ tasks }}/growroot_cloud.yml"
|
||||
- include: "{{ tasks }}/cloud_setup_basic.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# requires --extra-vars "{'repos': ['yokan.git', 'yumex.git']}"
|
||||
|
||||
- name: Install the fedmsg hook into a number of fedrahosted git repos
|
||||
- name: Install the fedmsg hook into a number of fedorahosted git repos
|
||||
hosts: hosted03.fedoraproject.org
|
||||
user: root
|
||||
|
||||
|
@ -18,32 +18,32 @@
|
|||
# the command *if* that creates= file is already present. Its a hackaround to
|
||||
# make this task idempotent.
|
||||
- name: make sure the git repos exist in the first place
|
||||
command: /bin/ls ${prefix}${item} creates=${prefix}${item}
|
||||
with_items: ${repos}
|
||||
command: /bin/ls {{ prefix }}{{ item }} creates={{ prefix }}{{ item }}
|
||||
with_items: "{{ repos }}"
|
||||
|
||||
- name: ensure there is a post-receive-chained.d/ directory
|
||||
file: >
|
||||
state=directory
|
||||
path=${prefix}${item}${chained}/
|
||||
with_items: ${repos}
|
||||
path="{{ prefix }}{{ item }}{{ chained }}/"
|
||||
with_items: "{{ repos }}"
|
||||
|
||||
- name: move the old post-receive email hook into the chained dir
|
||||
command: >
|
||||
/bin/mv ${prefix}${item}/hooks/post-receive ${prefix}${item}${chained}/post-receive-email
|
||||
removes=${prefix}${item}/hooks/post-receive
|
||||
creates=${prefix}${item}${chained}/post-receive-email
|
||||
with_items: ${repos}
|
||||
/bin/mv "{{ prefix }}{{ item }}/hooks/post-receive" "{{ prefix }}{{ item }}{{ chained }}/post-receive-email"
|
||||
removes="{{ prefix }}{{ item }}/hooks/post-receive"
|
||||
creates="{{ prefix }}{{ item }}{{ chained }}/post-receive-email"
|
||||
with_items: "{{ repos }}"
|
||||
|
||||
- name: symlink the fedmsg hook into the chained dir
|
||||
file: >
|
||||
path=${prefix}${item}${chained}/post-receive-fedmsg
|
||||
src=${fedmsg_hook}
|
||||
path="{{ prefix }}{{ item }}{{ chained }}/post-receive-fedmsg"
|
||||
src={{ fedmsg_hook }}
|
||||
state=link
|
||||
with_items: ${repos}
|
||||
with_items: "{{ repos }}"
|
||||
|
||||
- name: symlink in the chained hook redirector
|
||||
file: >
|
||||
path=${prefix}${item}/hooks/post-receive
|
||||
src=${chained_hook}
|
||||
path="{{ prefix }}{{ item }}/hooks/post-receive"
|
||||
src={{ chained_hook }}
|
||||
state=link
|
||||
with_items: ${repos}
|
||||
with_items: "{{ repos }}"
|
||||
|
|
|
@ -8,8 +8,8 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
roles:
|
||||
- /srv/web/infra/ansible/roles/base
|
||||
|
@ -19,11 +19,11 @@
|
|||
|
||||
tasks:
|
||||
# this is how you include other task lists
|
||||
- include: $tasks/hosts.yml
|
||||
- include: $tasks/yumrepos.yml
|
||||
- include: $tasks/2fa_client.yml
|
||||
- include: $tasks/motd.yml
|
||||
- include: $tasks/sudo.yml
|
||||
- include: "{{ tasks }}/hosts.yml"
|
||||
- include: "{{ tasks }}/yumrepos.yml"
|
||||
- include: "{{ tasks }}/2fa_client.yml"
|
||||
- include: "{{ tasks }}/motd.yml"
|
||||
- include: "{{ tasks }}/sudo.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
|
|
@ -8,8 +8,8 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
roles:
|
||||
- /srv/web/infra/ansible/roles/base
|
||||
|
@ -19,11 +19,11 @@
|
|||
|
||||
tasks:
|
||||
# this is how you include other task lists
|
||||
- include: $tasks/hosts.yml
|
||||
- include: $tasks/yumrepos.yml
|
||||
- include: $tasks/2fa_client.yml
|
||||
- include: $tasks/motd.yml
|
||||
- include: $tasks/sudo.yml
|
||||
- include: "{{ tasks }}/hosts.yml"
|
||||
- include: "{{ tasks }}/yumrepos.yml"
|
||||
- include: "{{ tasks }}/2fa_client.yml"
|
||||
- include: "{{ tasks }}/motd.yml"
|
||||
- include: "{{ tasks }}/sudo.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
|
|
@ -8,8 +8,8 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
roles:
|
||||
- /srv/web/infra/ansible/roles/base
|
||||
|
@ -20,12 +20,12 @@
|
|||
|
||||
tasks:
|
||||
# this is how you include other task lists
|
||||
- include: $tasks/hosts.yml
|
||||
- include: $tasks/2fa_client.yml
|
||||
- include: $tasks/motd.yml
|
||||
- include: $tasks/common_scripts.yml
|
||||
- include: $tasks/sudo.yml
|
||||
- include: $tasks/koji/releng_config.yml
|
||||
- include: "{{ tasks }}/hosts.yml"
|
||||
- include: "{{ tasks }}/2fa_client.yml"
|
||||
- include: "{{ tasks }}/motd.yml"
|
||||
- include: "{{ tasks }}/common_scripts.yml"
|
||||
- include: "{{ tasks }}/sudo.yml"
|
||||
- include: "{{ tasks }}/koji/releng_config.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
|
|
@ -11,8 +11,8 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
roles:
|
||||
- /srv/web/infra/ansible/roles/base
|
||||
|
@ -22,13 +22,13 @@
|
|||
- /srv/web/infra/ansible/roles/fas_client
|
||||
|
||||
tasks:
|
||||
- include: $tasks/hosts.yml
|
||||
- include: $tasks/yumrepos.yml
|
||||
- include: $tasks/2fa_client.yml
|
||||
- include: $tasks/motd.yml
|
||||
- include: $tasks/sudo.yml
|
||||
- include: $tasks/mysql_server.yml
|
||||
- include: $tasks/rdiff_backup_server.yml
|
||||
- include: "{{ tasks }}/hosts.yml"
|
||||
- include: "{{ tasks }}/yumrepos.yml"
|
||||
- include: "{{ tasks }}/2fa_client.yml"
|
||||
- include: "{{ tasks }}/motd.yml"
|
||||
- include: "{{ tasks }}/sudo.yml"
|
||||
- include: "{{ tasks }}/mysql_server.yml"
|
||||
- include: "{{ tasks }}/rdiff_backup_server.yml"
|
||||
|
||||
- name: Create GNOME backup user
|
||||
user: name=gnomebackup state=present home=/fedora_backups/gnome/ createhome=yes shell=/sbin/nologin
|
||||
|
@ -40,10 +40,10 @@
|
|||
copy: src=$files/gnome/ssh_config dest=/usr/local/etc/gnome_ssh_config mode=0600 owner=gnomebackup
|
||||
|
||||
- name: Install GNOME backup key
|
||||
copy: src=${private}/files/gnome/backup_id.rsa dest=/usr/local/etc/gnome_backup_id.rsa mode=0600 owner=gnomebackup
|
||||
copy: src="{{ private }}/files/gnome/backup_id.rsa" dest=/usr/local/etc/gnome_backup_id.rsa mode=0600 owner=gnomebackup
|
||||
|
||||
- name: Install GNOME backup script
|
||||
copy: src=$files/gnome/backup.sh dest=/usr/local/bin/gnome_backup mode=0700 owner=gnomebackup
|
||||
copy: src="{{ files }}/gnome/backup.sh" dest=/usr/local/bin/gnome_backup mode=0700 owner=gnomebackup
|
||||
|
||||
- name: Schedule the GNOME backup script
|
||||
cron: name="Backup" hour=5 minute=0 job="(cd /fedora_backups/gnome/; /usr/local/bin/lock-wrapper gnomebackup /usr/local/bin/gnome_backup)" user=gnomebackup
|
||||
|
@ -77,4 +77,4 @@
|
|||
- expander.gnome.org
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
|
|
@ -10,15 +10,15 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/virt_instance_create.yml
|
||||
- include: $tasks/accelerate_prep.yml
|
||||
- include: "{{ tasks }}/virt_instance_create.yml"
|
||||
- include: "{{ tasks }}/accelerate_prep.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
- name: dole out the generic configuration
|
||||
hosts: badges-backend;badges-backend-stg
|
||||
|
@ -28,8 +28,8 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
roles:
|
||||
- /srv/web/infra/ansible/roles/base
|
||||
|
@ -40,16 +40,16 @@
|
|||
- /srv/web/infra/ansible/roles/fedmsg_base
|
||||
|
||||
tasks:
|
||||
- include: $tasks/hosts.yml
|
||||
- include: $tasks/yumrepos.yml
|
||||
- include: $tasks/2fa_client.yml
|
||||
- include: $tasks/motd.yml
|
||||
- include: $tasks/sudo.yml
|
||||
- include: $tasks/openvpn_client.yml
|
||||
- include: "{{ tasks }}/hosts.yml"
|
||||
- include: "{{ tasks }}/yumrepos.yml"
|
||||
- include: "{{ tasks }}/2fa_client.yml"
|
||||
- include: "{{ tasks }}/motd.yml"
|
||||
- include: "{{ tasks }}/sudo.yml"
|
||||
- include: "{{ tasks }}/openvpn_client.yml"
|
||||
when: env != "staging"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
- name: dole out the service-specific config
|
||||
hosts: badges-backend;badges-backend-stg
|
||||
|
@ -63,5 +63,5 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
|
|
@ -10,15 +10,15 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/virt_instance_create.yml
|
||||
- include: $tasks/accelerate_prep.yml
|
||||
- include: "{{ tasks }}/virt_instance_create.yml"
|
||||
- include: "{{ tasks }}/accelerate_prep.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
- name: make the box be real
|
||||
hosts: badges-web;badges-web-stg
|
||||
|
@ -28,8 +28,8 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
roles:
|
||||
- /srv/web/infra/ansible/roles/base
|
||||
|
@ -41,15 +41,15 @@
|
|||
- /srv/web/infra/ansible/roles/fedmsg_base
|
||||
|
||||
tasks:
|
||||
- include: $tasks/hosts.yml
|
||||
- include: $tasks/yumrepos.yml
|
||||
- include: $tasks/2fa_client.yml
|
||||
- include: $tasks/motd.yml
|
||||
- include: $tasks/sudo.yml
|
||||
- include: $tasks/openvpn_client.yml
|
||||
- include: "{{ tasks }}/hosts.yml"
|
||||
- include: "{{ tasks }}/yumrepos.yml"
|
||||
- include: "{{ tasks }}/2fa_client.yml"
|
||||
- include: "{{ tasks }}/motd.yml"
|
||||
- include: "{{ tasks }}/sudo.yml"
|
||||
- include: "{{ tasks }}/openvpn_client.yml"
|
||||
when: env != "staging"
|
||||
- include: $tasks/apache.yml
|
||||
- include: $tasks/mod_wsgi.yml
|
||||
- include: "{{ tasks }}/apache.yml"
|
||||
- include: "{{ tasks }}/mod_wsgi.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
|
|
@ -9,14 +9,14 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/virt_instance_create.yml
|
||||
- include: "{{ tasks }}/virt_instance_create.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
- name: make the box be real
|
||||
hosts: beaker
|
||||
|
@ -25,8 +25,8 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
roles:
|
||||
- /srv/web/infra/ansible/roles/base
|
||||
|
@ -37,12 +37,12 @@
|
|||
|
||||
tasks:
|
||||
# this is how you include other task lists
|
||||
- include: $tasks/hosts.yml
|
||||
- include: $tasks/yumrepos.yml
|
||||
- include: $tasks/2fa_client.yml
|
||||
- include: $tasks/collectd/client.yml
|
||||
- include: $tasks/motd.yml
|
||||
- include: $tasks/sudo.yml
|
||||
- include: "{{ tasks }}/hosts.yml"
|
||||
- include: "{{ tasks }}/yumrepos.yml"
|
||||
- include: "{{ tasks }}/2fa_client.yml"
|
||||
- include: "{{ tasks }}/collectd/client.yml"
|
||||
- include: "{{ tasks }}/motd.yml"
|
||||
- include: "{{ tasks }}/sudo.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
|
|
@ -9,19 +9,19 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
roles:
|
||||
- /srv/web/infra/ansible/roles/base
|
||||
|
||||
tasks:
|
||||
- include: $tasks/koji/base_builder.yml
|
||||
- include: $tasks/koji/builder_kernel_config.yml
|
||||
- include: $tasks/koji/bkernel-setup.yml
|
||||
- include: "{{ tasks }}/koji/base_builder.yml"
|
||||
- include: "{{ tasks }}/koji/builder_kernel_config.yml"
|
||||
- include: "{{ tasks }}/koji/bkernel-setup.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
- name: restart kojid
|
||||
action: service name=kojid state=restarted
|
||||
|
|
|
@ -9,19 +9,19 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
roles:
|
||||
- /srv/web/infra/ansible/roles/base
|
||||
|
||||
tasks:
|
||||
- include: $tasks/yumrepos.yml
|
||||
- include: $tasks/hosts.yml
|
||||
- include: $tasks/koji/base_builder.yml
|
||||
- include: "{{ tasks }}/yumrepos.yml"
|
||||
- include: "{{ tasks }}/hosts.yml"
|
||||
- include: "{{ tasks }}/koji/base_builder.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
- name: restart kojid
|
||||
action: service name=kojid state=restarted
|
||||
|
@ -35,18 +35,18 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
roles:
|
||||
- /srv/web/infra/ansible/roles/base
|
||||
|
||||
tasks:
|
||||
- include: $tasks/hosts.yml
|
||||
- include: $tasks/koji/builder_kernel_config.yml
|
||||
- include: "{{ tasks }}/hosts.yml"
|
||||
- include: "{{ tasks }}/koji/builder_kernel_config.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
- name: restart kojid
|
||||
action: service name=kojid state=restarted
|
||||
|
|
|
@ -11,14 +11,14 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/virt_instance_create.yml
|
||||
- include: "{{ tasks }}/virt_instance_create.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
- name: make koji builder(s)
|
||||
hosts: buildvm
|
||||
|
@ -28,19 +28,19 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
roles:
|
||||
- /srv/web/infra/ansible/roles/base
|
||||
|
||||
tasks:
|
||||
- include: $tasks/hosts.yml
|
||||
- include: $tasks/koji/base_builder.yml
|
||||
- include: $tasks/koji/builder_kernel_config.yml
|
||||
- include: "{{ tasks }}/hosts.yml"
|
||||
- include: "{{ tasks }}/koji/base_builder.yml"
|
||||
- include: "{{ tasks }}/koji/builder_kernel_config.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
- name: restart kojid
|
||||
action: service name=kojid state=restarted
|
||||
|
|
|
@ -5,14 +5,14 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/virt_instance_create.yml
|
||||
- include: "{{ tasks }}/virt_instance_create.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
- name: make the box be real
|
||||
hosts: docs-backend
|
||||
|
@ -21,8 +21,8 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
roles:
|
||||
- /srv/web/infra/ansible/roles/base
|
||||
|
@ -34,12 +34,12 @@
|
|||
|
||||
tasks:
|
||||
# this is how you include other task lists
|
||||
- include: $tasks/hosts.yml
|
||||
- include: $tasks/yumrepos.yml
|
||||
- include: $tasks/2fa_client.yml
|
||||
- include: $tasks/collectd/client.yml
|
||||
- include: $tasks/motd.yml
|
||||
- include: $tasks/sudo.yml
|
||||
- include: "{{ tasks }}/hosts.yml"
|
||||
- include: "{{ tasks }}/yumrepos.yml"
|
||||
- include: "{{ tasks }}/2fa_client.yml"
|
||||
- include: "{{ tasks }}/collectd/client.yml"
|
||||
- include: "{{ tasks }}/motd.yml"
|
||||
- include: "{{ tasks }}/sudo.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
|
|
@ -10,15 +10,15 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/virt_instance_create.yml
|
||||
- include: $tasks/accelerate_prep.yml
|
||||
- include: "{{ tasks }}/virt_instance_create.yml"
|
||||
- include: "{{ tasks }}/accelerate_prep.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
- name: make the box be real
|
||||
hosts: fedocal-stg;fedocal
|
||||
|
@ -28,8 +28,8 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
roles:
|
||||
- /srv/web/infra/ansible/roles/base
|
||||
|
@ -39,18 +39,18 @@
|
|||
- /srv/web/infra/ansible/roles/fas_client
|
||||
|
||||
tasks:
|
||||
- include: $tasks/hosts.yml
|
||||
- include: $tasks/yumrepos.yml
|
||||
- include: $tasks/2fa_client.yml
|
||||
- include: $tasks/motd.yml
|
||||
- include: $tasks/sudo.yml
|
||||
- include: $tasks/openvpn_client.yml
|
||||
- include: "{{ tasks }}/hosts.yml"
|
||||
- include: "{{ tasks }}/yumrepos.yml"
|
||||
- include: "{{ tasks }}/2fa_client.yml"
|
||||
- include: "{{ tasks }}/motd.yml"
|
||||
- include: "{{ tasks }}/sudo.yml"
|
||||
- include: "{{ tasks }}/openvpn_client.yml"
|
||||
when: env != "staging"
|
||||
- include: $tasks/apache.yml
|
||||
- include: $tasks/mod_wsgi.yml
|
||||
- include: "{{ tasks }}/apache.yml"
|
||||
- include: "{{ tasks }}/mod_wsgi.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
- name: set up fedmsg
|
||||
hosts: fedocal-stg;fedocal
|
||||
|
@ -60,14 +60,14 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
roles:
|
||||
- /srv/web/infra/ansible/roles/fedmsg_base
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
- name: deploy fedocal itself
|
||||
hosts: fedocal-stg;fedocal
|
||||
|
@ -77,11 +77,11 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
roles:
|
||||
- /srv/web/infra/ansible/roles/fedocal
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
|
|
@ -11,14 +11,14 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/virt_instance_create.yml
|
||||
- include: "{{ tasks }}/virt_instance_create.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
- name: make the box be real
|
||||
hosts: gallery-stg
|
||||
|
@ -28,8 +28,8 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
roles:
|
||||
- /srv/web/infra/ansible/roles/base
|
||||
|
@ -40,15 +40,15 @@
|
|||
- /srv/web/infra/ansible/roles/fedmsg_base
|
||||
|
||||
tasks:
|
||||
- include: $tasks/hosts.yml
|
||||
- include: $tasks/yumrepos.yml
|
||||
- include: $tasks/2fa_client.yml
|
||||
- include: $tasks/motd.yml
|
||||
- include: $tasks/sudo.yml
|
||||
- include: $tasks/apache.yml
|
||||
- include: "{{ tasks }}/hosts.yml"
|
||||
- include: "{{ tasks }}/yumrepos.yml"
|
||||
- include: "{{ tasks }}/2fa_client.yml"
|
||||
- include: "{{ tasks }}/motd.yml"
|
||||
- include: "{{ tasks }}/sudo.yml"
|
||||
- include: "{{ tasks }}/apache.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
- name: deploy gallery itself
|
||||
hosts: gallery-stg
|
||||
|
@ -58,11 +58,11 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
roles:
|
||||
- /srv/web/infra/ansible/roles/gallery
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
|
|
@ -7,11 +7,11 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/persistent_cloud.yml
|
||||
- include: $tasks/growroot_cloud.yml
|
||||
- include: "{{ tasks }}/persistent_cloud.yml"
|
||||
- include: "{{ tasks }}/growroot_cloud.yml"
|
||||
|
||||
- name: provision master
|
||||
hosts: 209.132.184.153
|
||||
|
@ -22,8 +22,8 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
vars:
|
||||
- resolvconf: resolv.conf/jenkins-cloud
|
||||
|
||||
|
@ -31,7 +31,7 @@
|
|||
- /srv/web/infra/ansible/roles/base
|
||||
|
||||
tasks:
|
||||
- include: $tasks/cloud_setup_basic.yml
|
||||
- include: "{{ tasks }}/cloud_setup_basic.yml"
|
||||
|
||||
- name: make the jenkins path
|
||||
action: file state=directory path=/var/lib/jenkins
|
||||
|
@ -40,14 +40,14 @@
|
|||
action: mount name=/var/lib/jenkins src='LABEL=jenkins' fstype=ext4 state=mounted
|
||||
|
||||
- name: poke firewall holes
|
||||
action: command lokkit $item
|
||||
action: command lokkit {{ item }}
|
||||
with_items:
|
||||
- --service=ssh
|
||||
- --service=https
|
||||
- --service=http
|
||||
|
||||
- name: install pkgs for jenkins
|
||||
action: yum state=installed pkg=$item
|
||||
action: yum state=installed pkg={{ item }}
|
||||
with_items:
|
||||
- vim
|
||||
- dejavu-s\*
|
||||
|
@ -60,7 +60,7 @@
|
|||
- packages
|
||||
|
||||
- name: add jenkins proxy config file for apache
|
||||
action: copy src=$files/jenkins/master/jenkins-apache.conf dest=/etc/httpd/conf.d/jenkins-apache.conf owner=root group=root mode=0644
|
||||
action: copy src="{{ files }}/jenkins/master/jenkins-apache.conf" dest=/etc/httpd/conf.d/jenkins-apache.conf owner=root group=root mode=0644
|
||||
notify:
|
||||
- restart httpd
|
||||
tags:
|
||||
|
@ -70,24 +70,24 @@
|
|||
action: service name=httpd state=running enabled=true
|
||||
|
||||
- name: add jenkins upstream repo
|
||||
action: copy src=$files/jenkins/master/jenkins.repo dest=/etc/yum.repos.d/jenkins.repo owner=root group=root
|
||||
action: copy src="{{ files }}/jenkins/master/jenkins.repo" dest=/etc/yum.repos.d/jenkins.repo owner=root group=root
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: import jenkins upstream gpg key
|
||||
action: copy src=$files/jenkins/master/jenkins-ci.org.key dest=/etc/pki/rpm-gpg/RPM-GPG-KEY-jenkins-ci.org owner=root group=root
|
||||
action: copy src="{{ files }}/jenkins/master/jenkins-ci.org.key" dest=/etc/pki/rpm-gpg/RPM-GPG-KEY-jenkins-ci.org owner=root group=root
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: install pkgs for jenkins
|
||||
action: yum state=installed pkg=$item
|
||||
action: yum state=installed pkg={{ item }}
|
||||
with_items:
|
||||
- jenkins
|
||||
tags:
|
||||
- packages
|
||||
|
||||
- name: set the hostname to jenkins-osversion
|
||||
action: command hostname jenkins-master-${dist_tag}
|
||||
action: command hostname jenkins-master-{{ dist_tag }}
|
||||
tags:
|
||||
- config
|
||||
|
||||
|
@ -101,19 +101,19 @@
|
|||
action: file state=directory path=/var/lib/jenkins/plugins/ owner=jenkins group=jenkins
|
||||
|
||||
- name: import jenkins plugins
|
||||
action: copy src=$item owner=jenkins group=jenkins dest=/var/lib/jenkins/plugins/
|
||||
with_fileglob: $files/jenkins/master/plugins/*.hpi
|
||||
action: copy src={{ item }} owner=jenkins group=jenkins dest=/var/lib/jenkins/plugins/
|
||||
with_fileglob: "{{ files }}/jenkins/master/plugins/*.hpi"
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: import jenkins configuration files
|
||||
action: copy src=$item owner=jenkins group=jenkins dest=/var/lib/jenkins/ backup=yes
|
||||
with_fileglob: $files/jenkins/master/*.xml
|
||||
action: copy src={{ item }} owner=jenkins group=jenkins dest=/var/lib/jenkins/ backup=yes
|
||||
with_fileglob: "{{ files }}/jenkins/master/*.xml"
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: add jenkins ssh priv key so it can connect to clients
|
||||
action: copy src=$private/files/jenkins/ssh/jenkins_master dest=/var/tmp/jenkins_master_id_rsa mode=600 owner=jenkins group=jenkins
|
||||
action: copy src="{{ private }}/files/jenkins/ssh/jenkins_master" dest=/var/tmp/jenkins_master_id_rsa mode=600 owner=jenkins group=jenkins
|
||||
tags:
|
||||
- config
|
||||
|
||||
|
@ -126,13 +126,13 @@
|
|||
poll: 20
|
||||
|
||||
- name: jenkins hotfix big file
|
||||
copy: src=$item dest=/var/lib/jenkins/plugins/openid/WEB-INF/lib/ group=jenkins mode=655
|
||||
with_fileglob: $bigfiles/hotfixes/jenkins/openid/*.jar
|
||||
copy: src={{ item }} dest=/var/lib/jenkins/plugins/openid/WEB-INF/lib/ group=jenkins mode=655
|
||||
with_fileglob: "{{ bigfiles }}/hotfixes/jenkins/openid/*.jar"
|
||||
notify:
|
||||
- restart jenkins
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
###################################################
|
||||
# jenkins slaves
|
||||
|
@ -146,14 +146,14 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
vars:
|
||||
- keypair: fedora-admin-20130801
|
||||
- security_group: default
|
||||
|
||||
tasks:
|
||||
- include: $tasks/persistent_cloud.yml
|
||||
- include: $tasks/growroot_cloud.yml
|
||||
- include: "{{ tasks }}/persistent_cloud.yml"
|
||||
- include: "{{ tasks }}/growroot_cloud.yml"
|
||||
|
||||
- name: provision workers
|
||||
hosts: jenkins-slaves
|
||||
|
@ -164,21 +164,21 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/cloud_setup_basic.yml
|
||||
- include: "{{ tasks }}/cloud_setup_basic.yml"
|
||||
|
||||
- name: add jenkins repos
|
||||
action: copy src=$item dest=/etc/yum.repos.d/ owner=root group=root
|
||||
with_fileglob: $files/jenkins/slaves/*.repo
|
||||
action: copy src={{ item }} dest=/etc/yum.repos.d/ owner=root group=root
|
||||
with_fileglob: "{{ files }}/jenkins/slaves/*.repo"
|
||||
tags:
|
||||
- config
|
||||
- packages
|
||||
|
||||
- name: install pkgs for jenkins
|
||||
action: yum state=installed pkg=$item
|
||||
action: yum state=installed pkg={{ item }}
|
||||
with_items:
|
||||
- vim
|
||||
- java-1.7.0-openjdk
|
||||
|
@ -219,7 +219,7 @@
|
|||
- packages
|
||||
|
||||
- name: install pkgs for jenkins for fedora systems
|
||||
action: yum state=installed pkg=$item
|
||||
action: yum state=installed pkg={{ item }}
|
||||
#when: is_fedora == 'True'
|
||||
with_items:
|
||||
- python3
|
||||
|
@ -303,7 +303,7 @@
|
|||
|
||||
- name: copy android SDK
|
||||
when: is_fedora == 'True'
|
||||
action: copy src=$bigfiles/jenkins/android-sdk-with-platform-17.tar.gz dest=/var/android/ owner=jenkins_slave group=jenkins_slave
|
||||
action: copy src="{{ bigfiles }}/jenkins/android-sdk-with-platform-17.tar.gz" dest=/var/android/ owner=jenkins_slave group=jenkins_slave
|
||||
|
||||
- name: extract android SDK
|
||||
when: is_fedora == 'True'
|
||||
|
@ -314,7 +314,7 @@
|
|||
action: file state=absent path=/var/android/android-sdk-with-platform-17.tar.gz
|
||||
|
||||
- name: set the hostname to jenkins-osversion
|
||||
action: command hostname jenkins-${dist_tag}
|
||||
action: command hostname jenkins-{{ dist_tag }}
|
||||
tags:
|
||||
- config
|
||||
|
||||
|
@ -326,21 +326,21 @@
|
|||
- name: setup jenkins_slave ssh key
|
||||
action: authorized_key user=jenkins_slave key="{{ item }}"
|
||||
with_file:
|
||||
- $private/files/jenkins/ssh/jenkins_master.pub
|
||||
- "{{ private }}/files/jenkins/ssh/jenkins_master.pub"
|
||||
|
||||
- name: jenkins_slave to mock group
|
||||
action: user name=jenkins_slave groups=mock
|
||||
|
||||
- name: add .gitconfig for jenkins_slave user
|
||||
action: copy src=$files/jenkins/gitconfig dest=/home/jenkins_slave/.gitconfig owner=jenkins_slave group=jenkins_slave mode=664
|
||||
action: copy src="{{ files }}/jenkins/gitconfig" dest=/home/jenkins_slave/.gitconfig owner=jenkins_slave group=jenkins_slave mode=664
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: template sshd_config
|
||||
action: copy src=$item dest=/etc/ssh/sshd_config mode=0600 owner=root group=root
|
||||
action: copy src={{ item }} dest=/etc/ssh/sshd_config mode=0600 owner=root group=root
|
||||
first_available_file:
|
||||
- $files/jenkins/sshd_config_slave.$ansible_distribution
|
||||
- $files/jenkins/sshd_config_slave
|
||||
- "{{ files }}/jenkins/sshd_config_slave.{{ ansible_distribution }}"
|
||||
- "{{ files }}/jenkins/sshd_config_slave"
|
||||
notify:
|
||||
- restart sshd
|
||||
tags:
|
||||
|
@ -350,5 +350,5 @@
|
|||
action: file state=directory path=/mnt/jenkins owner=jenkins_slave group=jenkins_slave
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
|
|
|
@ -9,8 +9,8 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
roles:
|
||||
- /srv/web/infra/ansible/roles/base
|
||||
|
@ -21,15 +21,15 @@
|
|||
|
||||
tasks:
|
||||
# this is how you include other task lists
|
||||
- include: $tasks/hosts.yml
|
||||
- include: $tasks/yumrepos.yml
|
||||
- include: $tasks/2fa_client.yml
|
||||
- include: $tasks/motd.yml
|
||||
- include: $tasks/sudo.yml
|
||||
- include: "{{ tasks }}/hosts.yml"
|
||||
- include: "{{ tasks }}/yumrepos.yml"
|
||||
- include: "{{ tasks }}/2fa_client.yml"
|
||||
- include: "{{ tasks }}/motd.yml"
|
||||
- include: "{{ tasks }}/sudo.yml"
|
||||
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -11,14 +11,14 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/virt_instance_create.yml
|
||||
- include: "{{ tasks }}/virt_instance_create.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
- name: make the box be real
|
||||
hosts: keys01.fedoraproject.org
|
||||
|
@ -28,8 +28,8 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
roles:
|
||||
- /srv/web/infra/ansible/roles/base
|
||||
|
@ -40,14 +40,14 @@
|
|||
- /srv/web/infra/ansible/roles/fedmsg_base
|
||||
|
||||
tasks:
|
||||
- include: $tasks/hosts.yml
|
||||
- include: $tasks/yumrepos.yml
|
||||
- include: $tasks/2fa_client.yml
|
||||
- include: $tasks/openvpn_client.yml
|
||||
- include: $tasks/motd.yml
|
||||
- include: $tasks/sudo.yml
|
||||
- include: $tasks/apache.yml
|
||||
- include: $tasks/keyserver.yml
|
||||
- include: "{{ tasks }}/hosts.yml"
|
||||
- include: "{{ tasks }}/yumrepos.yml"
|
||||
- include: "{{ tasks }}/2fa_client.yml"
|
||||
- include: "{{ tasks }}/openvpn_client.yml"
|
||||
- include: "{{ tasks }}/motd.yml"
|
||||
- include: "{{ tasks }}/sudo.yml"
|
||||
- include: "{{ tasks }}/apache.yml"
|
||||
- include: "{{ tasks }}/keyserver.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
|
|
@ -9,14 +9,14 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/virt_instance_create.yml
|
||||
- include: "{{ tasks }}/virt_instance_create.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
# Once the instance exists, configure it.
|
||||
|
||||
|
@ -27,8 +27,8 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
roles:
|
||||
- /srv/web/infra/ansible/roles/base
|
||||
|
@ -39,12 +39,12 @@
|
|||
- /srv/web/infra/ansible/roles/koji_hub
|
||||
|
||||
tasks:
|
||||
- include: $tasks/hosts.yml
|
||||
- include: $tasks/yumrepos.yml
|
||||
- include: $tasks/2fa_client.yml
|
||||
- include: $tasks/motd.yml
|
||||
- include: $tasks/sudo.yml
|
||||
- include: $tasks/collectd/client.yml
|
||||
- include: "{{ tasks }}/hosts.yml"
|
||||
- include: "{{ tasks }}/yumrepos.yml"
|
||||
- include: "{{ tasks }}/2fa_client.yml"
|
||||
- include: "{{ tasks }}/motd.yml"
|
||||
- include: "{{ tasks }}/sudo.yml"
|
||||
- include: "{{ tasks }}/collectd/client.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
|
|
@ -10,15 +10,15 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/virt_instance_create.yml
|
||||
- include: $tasks/accelerate_prep.yml
|
||||
- include: "{{ tasks }}/virt_instance_create.yml"
|
||||
- include: "{{ tasks }}/accelerate_prep.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
- name: make the box be real
|
||||
hosts: mailman-stg
|
||||
|
@ -28,8 +28,8 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
roles:
|
||||
- /srv/web/infra/ansible/roles/base
|
||||
|
@ -41,17 +41,17 @@
|
|||
|
||||
tasks:
|
||||
# this is how you include other task lists
|
||||
- include: $tasks/hosts.yml
|
||||
- include: $tasks/yumrepos.yml
|
||||
- include: $tasks/2fa_client.yml
|
||||
- include: $tasks/collectd/client.yml
|
||||
- include: $tasks/motd.yml
|
||||
- include: $tasks/sudo.yml
|
||||
- include: $tasks/apache.yml
|
||||
- include: $tasks/mod_wsgi.yml
|
||||
- include: "{{ tasks }}/hosts.yml"
|
||||
- include: "{{ tasks }}/yumrepos.yml"
|
||||
- include: "{{ tasks }}/2fa_client.yml"
|
||||
- include: "{{ tasks }}/collectd/client.yml"
|
||||
- include: "{{ tasks }}/motd.yml"
|
||||
- include: "{{ tasks }}/sudo.yml"
|
||||
- include: "{{ tasks }}/apache.yml"
|
||||
- include: "{{ tasks }}/mod_wsgi.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
|
||||
# Database setup
|
||||
|
@ -62,23 +62,23 @@
|
|||
sudo_user: postgres
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
tasks:
|
||||
# mailman auto-updates its schema, there can only be one admin user
|
||||
- name: mailman DB user
|
||||
postgresql_user: name=mailmanadmin password=$mailman_mm_db_pass
|
||||
postgresql_user: name=mailmanadmin password={{ mailman_mm_db_pass }}
|
||||
- name: hyperkitty DB admin user
|
||||
postgresql_user: name=hyperkittyadmin password=$mailman_hk_admin_db_pass
|
||||
postgresql_user: name=hyperkittyadmin password={{ mailman_hk_admin_db_pass }}
|
||||
- name: hyperkitty DB user
|
||||
postgresql_user: name=hyperkittyapp password=$mailman_hk_db_pass
|
||||
postgresql_user: name=hyperkittyapp password={{ mailman_hk_db_pass }}
|
||||
- name: kittystore DB admin user
|
||||
postgresql_user: name=kittystoreadmin password=$mailman_ks_admin_db_pass
|
||||
postgresql_user: name=kittystoreadmin password={{ mailman_ks_admin_db_pass }}
|
||||
- name: kittystore DB user
|
||||
postgresql_user: name=kittystoreapp password=$mailman_ks_db_pass
|
||||
postgresql_user: name=kittystoreapp password={{ mailman_ks_db_pass }}
|
||||
- name: databases creation
|
||||
postgresql_db: name=$item owner=${item}admin encoding=UTF-8
|
||||
postgresql_db: name={{ item }} owner="{{ item }}admin" encoding=UTF-8
|
||||
with_items:
|
||||
- mailman
|
||||
- hyperkitty
|
||||
|
@ -93,8 +93,8 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
roles:
|
||||
- /srv/web/infra/ansible/roles/mailman
|
||||
|
@ -102,7 +102,7 @@
|
|||
|
||||
tasks:
|
||||
- name: install more needed packages
|
||||
yum: pkg=$item state=installed
|
||||
yum: pkg={{ item }} state=installed
|
||||
with_items:
|
||||
- tar
|
||||
- mailman # transition from mailman2.1
|
||||
|
@ -114,11 +114,11 @@
|
|||
# owner=root group=root mode=0600
|
||||
|
||||
- name: start services
|
||||
service: state=started enabled=yes name=$item
|
||||
service: state=started enabled=yes name={{ item }}
|
||||
with_items:
|
||||
- httpd
|
||||
- mailman3
|
||||
- postfix
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
|
|
@ -11,14 +11,14 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/virt_instance_create.yml
|
||||
- include: "{{ tasks }}/virt_instance_create.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
- name: make the box be real
|
||||
hosts: mirrorlist
|
||||
|
@ -28,8 +28,8 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
roles:
|
||||
- /srv/web/infra/ansible/roles/base
|
||||
|
@ -42,16 +42,16 @@
|
|||
|
||||
tasks:
|
||||
# this is how you include other task lists
|
||||
- include: $tasks/hosts.yml
|
||||
- include: $tasks/yumrepos.yml
|
||||
- include: $tasks/2fa_client.yml
|
||||
- include: $tasks/collectd/client.yml
|
||||
- include: $tasks/openvpn_client.yml
|
||||
- include: $tasks/motd.yml
|
||||
- include: $tasks/sudo.yml
|
||||
- include: $tasks/apache.yml
|
||||
- include: $tasks/mod_wsgi.yml
|
||||
- include: "{{ tasks }}/hosts.yml"
|
||||
- include: "{{ tasks }}/yumrepos.yml"
|
||||
- include: "{{ tasks }}/2fa_client.yml"
|
||||
- include: "{{ tasks }}/collectd/client.yml"
|
||||
- include: "{{ tasks }}/openvpn_client.yml"
|
||||
- include: "{{ tasks }}/motd.yml"
|
||||
- include: "{{ tasks }}/sudo.yml"
|
||||
- include: "{{ tasks }}/apache.yml"
|
||||
- include: "{{ tasks }}/mod_wsgi.yml"
|
||||
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
|
|
@ -10,15 +10,15 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/virt_instance_create.yml
|
||||
- include: $tasks/accelerate_prep.yml
|
||||
- include: "{{ tasks }}/virt_instance_create.yml"
|
||||
- include: "{{ tasks }}/accelerate_prep.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
- name: dole out the generic configuration
|
||||
hosts: notifs-backend;notifs-backend-stg
|
||||
|
@ -28,8 +28,8 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
roles:
|
||||
- /srv/web/infra/ansible/roles/base
|
||||
|
@ -40,16 +40,16 @@
|
|||
- /srv/web/infra/ansible/roles/fedmsg_base
|
||||
|
||||
tasks:
|
||||
- include: $tasks/hosts.yml
|
||||
- include: $tasks/yumrepos.yml
|
||||
- include: $tasks/2fa_client.yml
|
||||
- include: $tasks/motd.yml
|
||||
- include: $tasks/sudo.yml
|
||||
- include: $tasks/openvpn_client.yml
|
||||
- include: "{{ tasks }}/hosts.yml"
|
||||
- include: "{{ tasks }}/yumrepos.yml"
|
||||
- include: "{{ tasks }}/2fa_client.yml"
|
||||
- include: "{{ tasks }}/motd.yml"
|
||||
- include: "{{ tasks }}/sudo.yml"
|
||||
- include: "{{ tasks }}/openvpn_client.yml"
|
||||
when: env != "staging"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
- name: dole out the service-specific config
|
||||
hosts: notifs-backend;notifs-backend-stg
|
||||
|
@ -63,5 +63,5 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
|
|
@ -10,15 +10,15 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/virt_instance_create.yml
|
||||
- include: $tasks/accelerate_prep.yml
|
||||
- include: "{{ tasks }}/virt_instance_create.yml"
|
||||
- include: "{{ tasks }}/accelerate_prep.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
- name: make the box be real
|
||||
hosts: notifs-web;notifs-web-stg
|
||||
|
@ -28,8 +28,8 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
roles:
|
||||
- /srv/web/infra/ansible/roles/base
|
||||
|
@ -41,15 +41,15 @@
|
|||
- /srv/web/infra/ansible/roles/notifs-frontend
|
||||
|
||||
tasks:
|
||||
- include: $tasks/hosts.yml
|
||||
- include: $tasks/yumrepos.yml
|
||||
- include: $tasks/2fa_client.yml
|
||||
- include: $tasks/motd.yml
|
||||
- include: $tasks/sudo.yml
|
||||
- include: $tasks/openvpn_client.yml
|
||||
- include: "{{ tasks }}/hosts.yml"
|
||||
- include: "{{ tasks }}/yumrepos.yml"
|
||||
- include: "{{ tasks }}/2fa_client.yml"
|
||||
- include: "{{ tasks }}/motd.yml"
|
||||
- include: "{{ tasks }}/sudo.yml"
|
||||
- include: "{{ tasks }}/openvpn_client.yml"
|
||||
when: env != "staging"
|
||||
- include: $tasks/apache.yml
|
||||
- include: $tasks/mod_wsgi.yml
|
||||
- include: "{{ tasks }}/apache.yml"
|
||||
- include: "{{ tasks }}/mod_wsgi.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
|
|
@ -10,15 +10,15 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/virt_instance_create.yml
|
||||
- include: $tasks/accelerate_prep.yml
|
||||
- include: "{{ tasks }}/virt_instance_create.yml"
|
||||
- include: "{{ tasks }}/accelerate_prep.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
- name: make the box be real
|
||||
hosts: nuancier;nuancier-stg
|
||||
|
@ -28,8 +28,8 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
roles:
|
||||
- /srv/web/infra/ansible/roles/base
|
||||
|
@ -39,18 +39,18 @@
|
|||
- /srv/web/infra/ansible/roles/fas_client
|
||||
|
||||
tasks:
|
||||
- include: $tasks/hosts.yml
|
||||
- include: $tasks/yumrepos.yml
|
||||
- include: $tasks/2fa_client.yml
|
||||
- include: $tasks/motd.yml
|
||||
- include: $tasks/sudo.yml
|
||||
- include: $tasks/openvpn_client.yml
|
||||
- include: "{{ tasks }}/hosts.yml"
|
||||
- include: "{{ tasks }}/yumrepos.yml"
|
||||
- include: "{{ tasks }}/2fa_client.yml"
|
||||
- include: "{{ tasks }}/motd.yml"
|
||||
- include: "{{ tasks }}/sudo.yml"
|
||||
- include: "{{ tasks }}/openvpn_client.yml"
|
||||
when: env != "staging"
|
||||
- include: $tasks/apache.yml
|
||||
- include: $tasks/mod_wsgi.yml
|
||||
- include: "{{ tasks }}/apache.yml"
|
||||
- include: "{{ tasks }}/mod_wsgi.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
- name: set up fedmsg
|
||||
hosts: nuancier;nuancier-stg
|
||||
|
|
|
@ -9,14 +9,14 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/virt_instance_create.yml
|
||||
- include: "{{ tasks }}/virt_instance_create.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
# Once the instance exists, configure it.
|
||||
|
||||
|
@ -27,8 +27,8 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
roles:
|
||||
- /srv/web/infra/ansible/roles/base
|
||||
|
@ -39,12 +39,12 @@
|
|||
- /srv/web/infra/ansible/roles/postgresql_server
|
||||
|
||||
tasks:
|
||||
- include: $tasks/hosts.yml
|
||||
- include: $tasks/yumrepos.yml
|
||||
- include: $tasks/2fa_client.yml
|
||||
- include: $tasks/motd.yml
|
||||
- include: $tasks/sudo.yml
|
||||
- include: $tasks/collectd/client.yml
|
||||
- include: "{{ tasks }}/hosts.yml"
|
||||
- include: "{{ tasks }}/yumrepos.yml"
|
||||
- include: "{{ tasks }}/2fa_client.yml"
|
||||
- include: "{{ tasks }}/motd.yml"
|
||||
- include: "{{ tasks }}/sudo.yml"
|
||||
- include: "{{ tasks }}/collectd/client.yml"
|
||||
|
||||
- name: make koji db
|
||||
hosts: dbserver-secondary
|
||||
|
@ -54,8 +54,8 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
roles:
|
||||
- /srv/web/infra/ansible/roles/koji_db
|
||||
|
@ -63,4 +63,4 @@
|
|||
# TODO: add iscsi task
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
|
|
@ -11,14 +11,14 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/virt_instance_create.yml
|
||||
- include: "{{ tasks }}/virt_instance_create.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
# Once the instance exists, configure it.
|
||||
|
||||
|
@ -30,18 +30,18 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
roles:
|
||||
- /srv/web/infra/ansible/roles/base
|
||||
- /srv/web/infra/ansible/roles/nagios_client
|
||||
|
||||
tasks:
|
||||
- include: $tasks/koji/releng_config.yml
|
||||
- include: $tasks/hosts.yml
|
||||
- include: $tasks/motd.yml
|
||||
- include: "{{ tasks }}/koji/releng_config.yml"
|
||||
- include: "{{ tasks }}/hosts.yml"
|
||||
- include: "{{ tasks }}/motd.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
|
|
|
@ -13,17 +13,17 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
roles:
|
||||
- /srv/web/infra/ansible/roles/base
|
||||
- /srv/web/infra/ansible/roles/rkhunter
|
||||
|
||||
tasks:
|
||||
- include: $tasks/serialgetty.yml
|
||||
- include: $tasks/motd.yml
|
||||
- include: $tasks/sign_setup.yml
|
||||
- include: "{{ tasks }}/serialgetty.yml"
|
||||
- include: "{{ tasks }}/motd.yml"
|
||||
- include: "{{ tasks }}/sign_setup.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
|
|
@ -9,14 +9,14 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/virt_instance_create.yml
|
||||
- include: "{{ tasks }}/virt_instance_create.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
- name: make the box be real
|
||||
hosts: taskbot
|
||||
|
@ -25,8 +25,8 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
roles:
|
||||
- /srv/web/infra/ansible/roles/base
|
||||
|
@ -38,12 +38,12 @@
|
|||
|
||||
tasks:
|
||||
# this is how you include other task lists
|
||||
- include: $tasks/hosts.yml
|
||||
- include: $tasks/yumrepos.yml
|
||||
- include: $tasks/2fa_client.yml
|
||||
- include: $tasks/collectd/client.yml
|
||||
- include: $tasks/motd.yml
|
||||
- include: $tasks/sudo.yml
|
||||
- include: "{{ tasks }}/hosts.yml"
|
||||
- include: "{{ tasks }}/yumrepos.yml"
|
||||
- include: "{{ tasks }}/2fa_client.yml"
|
||||
- include: "{{ tasks }}/collectd/client.yml"
|
||||
- include: "{{ tasks }}/motd.yml"
|
||||
- include: "{{ tasks }}/sudo.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
|
|
@ -10,8 +10,8 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
roles:
|
||||
- /srv/web/infra/ansible/roles/base
|
||||
|
@ -22,13 +22,13 @@
|
|||
- /srv/web/infra/ansible/roles/iscsi_client
|
||||
|
||||
tasks:
|
||||
- include: $tasks/hosts.yml
|
||||
- include: $tasks/yumrepos.yml
|
||||
- include: $tasks/2fa_client.yml
|
||||
- include: $tasks/motd.yml
|
||||
- include: $tasks/sudo.yml
|
||||
- include: $tasks/collectd/client.yml
|
||||
- include: $tasks/virthost.yml
|
||||
- include: "{{ tasks }}/hosts.yml"
|
||||
- include: "{{ tasks }}/yumrepos.yml"
|
||||
- include: "{{ tasks }}/2fa_client.yml"
|
||||
- include: "{{ tasks }}/motd.yml"
|
||||
- include: "{{ tasks }}/sudo.yml"
|
||||
- include: "{{ tasks }}/collectd/client.yml"
|
||||
- include: "{{ tasks }}/virthost.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
|
|
@ -5,11 +5,11 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/persistent_cloud.yml
|
||||
- include: $tasks/growroot_cloud.yml
|
||||
- include: "{{ tasks }}/persistent_cloud.yml"
|
||||
- include: "{{ tasks }}/growroot_cloud.yml"
|
||||
|
||||
- name: provision instance
|
||||
hosts: 209.132.184.143
|
||||
|
@ -18,19 +18,19 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/cloud_setup_basic.yml
|
||||
- include: $tasks/postfix_basic.yml
|
||||
- include: "{{ tasks }}/cloud_setup_basic.yml"
|
||||
- include: "{{ tasks }}/postfix_basic.yml"
|
||||
|
||||
- name: mount up disk of persistent storage
|
||||
action: mount name=/srv/persist src='LABEL=artboard' fstype=ext4 state=mounted
|
||||
|
||||
# open up ports (22, 80, 443)
|
||||
- name: poke holes in the firewall
|
||||
action: command lokkit $item
|
||||
action: command lokkit {{ item }}
|
||||
with_items:
|
||||
- --service=ssh
|
||||
- --service=https
|
||||
|
@ -38,7 +38,7 @@
|
|||
|
||||
# packages needed
|
||||
- name: add packages
|
||||
action: yum state=present name=$item
|
||||
action: yum state=present name={{ item }}
|
||||
with_items:
|
||||
- rsync
|
||||
- openssh-clients
|
||||
|
@ -51,12 +51,12 @@
|
|||
|
||||
# packages needed to be gone
|
||||
- name: erase packages
|
||||
action: yum state=absent name=$item
|
||||
action: yum state=absent name={{ item }}
|
||||
with_items:
|
||||
- cronie-anacron
|
||||
|
||||
- name: artboard backup thing
|
||||
action: copy src=$files/artboard/artboard-backup dest=/etc/cron.daily/artboard-backup mode=0755
|
||||
action: copy src="{{ files }}/artboard/artboard-backup" dest=/etc/cron.daily/artboard-backup mode=0755
|
||||
|
||||
- name: make artboard subdir
|
||||
action: file path=/srv/persist/artboard mode=0755 state=directory
|
||||
|
@ -65,7 +65,7 @@
|
|||
action: file state=link src=/srv/persist/artboard path=/var/www/html/artboard
|
||||
|
||||
- name: add apache confs
|
||||
action: copy src=$files/artboard/$item dest=/etc/httpd/conf.d/$item backup=true
|
||||
action: copy src="{{ files }}/artboard/{{ item }}" dest="/etc/httpd/conf.d/{{ item }}" backup=true
|
||||
with_items:
|
||||
- artboard.conf
|
||||
- redirect.conf
|
||||
|
@ -75,4 +75,4 @@
|
|||
action: service name=httpd state=started
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
|
|
@ -5,11 +5,11 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/persistent_cloud.yml
|
||||
- include: $tasks/growroot_cloud.yml
|
||||
- include: "{{ tasks }}/persistent_cloud.yml"
|
||||
- include: "{{ tasks }}/growroot_cloud.yml"
|
||||
|
||||
- name: provision instance
|
||||
hosts: blockerbugs-dev.cloud.fedoraproject.org
|
||||
|
@ -21,14 +21,14 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/cloud_setup_basic.yml
|
||||
- include: $tasks/iptables.yml
|
||||
- include: "{{ tasks }}/cloud_setup_basic.yml"
|
||||
- include: "{{ tasks }}/iptables.yml"
|
||||
- name: mount up blockerbugs-dev to /srv/persistent
|
||||
mount: name=/srv/persistent src='LABEL=blockerbugs-dev' fstype=ext4 state=mounted
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
|
|
@ -5,11 +5,11 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/persistent_cloud.yml
|
||||
- include: $tasks/growroot_cloud.yml
|
||||
- include: "{{ tasks }}/persistent_cloud.yml"
|
||||
- include: "{{ tasks }}/growroot_cloud.yml"
|
||||
|
||||
- name: provision instance
|
||||
hosts: copr-be-dev.cloud.fedoraproject.org
|
||||
|
@ -18,19 +18,19 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/cloud_setup_basic.yml
|
||||
- include: $tasks/iptables.yml
|
||||
- include: "{{ tasks }}/cloud_setup_basic.yml"
|
||||
- include: "{{ tasks }}/iptables.yml"
|
||||
|
||||
- name: copy copr.repo
|
||||
action: copy src=$files/copr/fe/yum/copr.repo dest=/etc/yum.repos.d/copr.repo
|
||||
action: copy src="{{ files }}/copr/fe/yum/copr.repo" dest=/etc/yum.repos.d/copr.repo
|
||||
|
||||
# packages needed
|
||||
- name: add packages for copr-be
|
||||
action: yum state=present name=$item
|
||||
action: yum state=present name= {{ item }}
|
||||
with_items:
|
||||
- copr-selinux
|
||||
- copr-backend
|
||||
|
@ -39,7 +39,7 @@
|
|||
|
||||
|
||||
- name: make copr dirs
|
||||
file: state=directory path=$item
|
||||
file: state=directory path= {{ item }}
|
||||
with_items:
|
||||
- /var/lib/copr/jobs
|
||||
- /var/lib/copr/public_html/results
|
||||
|
@ -49,44 +49,44 @@
|
|||
chdir: /var/lib/copr/public_html/results
|
||||
|
||||
- name: setup dirs there
|
||||
action: file state=directory path=/home/copr/$item owner=copr group=copr mode=0700
|
||||
action: file state=directory path="/home/copr/{{ item }}" owner=copr group=copr mode=0700
|
||||
with_items:
|
||||
- cloud
|
||||
- .ssh
|
||||
|
||||
- name: add copr-buildsys keys to copr user path
|
||||
action: copy src=$item dest=/home/copr/cloud/ owner=copr group=copr mode=0600
|
||||
with_fileglob: $private/files/openstack/copr-copr/*
|
||||
action: copy src={{ item }} dest=/home/copr/cloud/ owner=copr group=copr mode=0600
|
||||
with_fileglob: "{{ private }}/files/openstack/copr-copr/*"
|
||||
|
||||
- name: setup privkey for copr user
|
||||
action: copy src=$private/files/copr/buildsys.priv dest=/home/copr/.ssh/id_rsa owner=copr group=copr mode=600
|
||||
action: copy src="{{ private }}/files/copr/buildsys.priv" dest=/home/copr/.ssh/id_rsa owner=copr group=copr mode=600
|
||||
|
||||
- name: setup copr user ssh config file
|
||||
action: copy src=$files/copr/ssh_config dest=/home/copr/.ssh/config owner=copr group=copr mode=600
|
||||
action: copy src="{{ files }}/copr/ssh_config" dest=/home/copr/.ssh/config owner=copr group=copr mode=600
|
||||
|
||||
- name: create empty known_hosts
|
||||
action: copy src=/dev/null dest=/home/copr/.ssh/known_hosts owner=copr group=copr mode=600
|
||||
|
||||
- name: replace bashrc for copr user
|
||||
action: copy src=$files/copr/copr_bashrc dest=/home/copr/.bashrc owner=copr group=copr mode=600
|
||||
action: copy src="{{ files }}/copr/copr_bashrc" dest=/home/copr/.bashrc owner=copr group=copr mode=600
|
||||
|
||||
- name: auth_key so we can login to localhost as the copr user from the copr user
|
||||
action: authorized_key user=copr key="{{ item }}"
|
||||
with_file:
|
||||
- ${files}/copr/provision/files/buildsys.pub
|
||||
- "{{ files }}/copr/provision/files/buildsys.pub"
|
||||
|
||||
- name: copy .boto file
|
||||
action: copy src=$files/copr/boto dest=/home/copr/.boto owner=copr group=copr
|
||||
action: copy src="{{ files }}/copr/boto" dest=/home/copr/.boto owner=copr group=copr
|
||||
|
||||
# setup webserver
|
||||
- name: add config for copr-repo path
|
||||
action: copy src=$files/copr/lighttpd/lighttpd.conf dest=/etc/lighttpd/lighttpd.conf owner=root group=root mode=0644
|
||||
action: copy src="{{ files }}/copr/lighttpd/lighttpd.conf" dest=/etc/lighttpd/lighttpd.conf owner=root group=root mode=0644
|
||||
notify:
|
||||
- restart lighttpd
|
||||
|
||||
# mime default to text/plain and enable dirlisting for indexes
|
||||
- name: update lighttpd configs
|
||||
action: copy src=$files/copr/lighttpd/$item dest=/etc/lighttpd/conf.d/$item owner=root group=root mode=0644
|
||||
action: copy src="{{ files }}/copr/lighttpd/{{ item }}" dest="/etc/lighttpd/conf.d/{{ item }}" owner=root group=root mode=0644
|
||||
with_items:
|
||||
- dirlisting.conf
|
||||
- mime.conf
|
||||
|
@ -98,7 +98,7 @@
|
|||
|
||||
# setup dirs for the ansible execution off of provisioning
|
||||
- name: dirs from provision
|
||||
action: file state=directory path=/home/copr/provision/$item owner=copr group=copr
|
||||
action: file state=directory path="/home/copr/provision/{{ item }}" owner=copr group=copr
|
||||
with_items:
|
||||
- action_plugins
|
||||
- library
|
||||
|
@ -108,13 +108,12 @@
|
|||
- provision_config
|
||||
|
||||
- name: put ansible.cfg for all this into /etc/ansible/ on the system
|
||||
action: copy src=$files/copr/provision/ansible.cfg dest=/etc/ansible/ansible.cfg
|
||||
action: copy src="{{ files }}/copr/provision/ansible.cfg" dest=/etc/ansible/ansible.cfg
|
||||
tags:
|
||||
- provision_config
|
||||
|
||||
|
||||
- name: put some files into the provision subdir
|
||||
action: copy src=$files/copr/provision/$item dest=/home/copr/provision/$item
|
||||
action: copy src="{{ files }}/copr/provision/{{ item }}" dest="/home/copr/provision/{{ item }}"
|
||||
with_items:
|
||||
- inventory
|
||||
- builderpb.yml
|
||||
|
@ -123,21 +122,21 @@
|
|||
- provision_config
|
||||
|
||||
- name: put files into the files subdir off of provisioning
|
||||
action: copy src=$item dest=/home/copr/provision/files/
|
||||
with_fileglob: $files/copr/provision/files/*
|
||||
action: copy src={{ item }} dest=/home/copr/provision/files/
|
||||
with_fileglob: "{{ files }}/copr/provision/files/*"
|
||||
tags:
|
||||
- provision_config
|
||||
|
||||
# ansible lacks a recurse - so we need this until then
|
||||
- name: put files into the files/mock subdir off of provisioning
|
||||
action: copy src=$item dest=/home/copr/provision/files/mock
|
||||
with_fileglob: $files/copr/provision/files/mock/*
|
||||
action: copy src={{ item }} dest=/home/copr/provision/files/mock
|
||||
with_fileglob: "{{ files }}/copr/provision/files/mock/*"
|
||||
tags:
|
||||
- provision_config
|
||||
|
||||
- name: copy copr-be.conf
|
||||
action: copy src=$files/copr/copr-be.conf-dev dest=/etc/copr/copr-be.conf
|
||||
action: copy src="{{ files }}/copr/copr-be.conf-dev" dest=/etc/copr/copr-be.conf
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
|
|
|
@ -5,11 +5,11 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/persistent_cloud.yml
|
||||
- include: $tasks/growroot_cloud.yml
|
||||
- include: "{{ tasks }}/persistent_cloud.yml"
|
||||
- include: "{{ tasks }}/growroot_cloud.yml"
|
||||
|
||||
- name: provision instance
|
||||
hosts: 209.132.184.142
|
||||
|
@ -18,16 +18,16 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
# Roles are run first, before tasks, regardless of where you place them here.
|
||||
roles:
|
||||
- /srv/web/infra/ansible/roles/fedmsg_base
|
||||
|
||||
tasks:
|
||||
- include: $tasks/cloud_setup_basic.yml
|
||||
- include: $tasks/iptables.yml
|
||||
- include: "{{ tasks }}/cloud_setup_basic.yml"
|
||||
- include: "{{ tasks }}/iptables.yml"
|
||||
|
||||
- name: prepare mount point
|
||||
action: file state=directory path=/var/lib/copr/public_html
|
||||
|
@ -39,15 +39,15 @@
|
|||
#- name: copy copr.repo
|
||||
# action: copy src=$files/copr/fe/yum/copr.repo dest=/etc/yum.repos.d/copr.repo
|
||||
|
||||
- Set the hostname
|
||||
- name: set the hostname
|
||||
shell: hostname copr-be.cloud.fedoraproject.org
|
||||
|
||||
- name: copy .forward file
|
||||
action: copy src=$files/copr/forward dest=/root/.forward owner=root group=root
|
||||
action: copy src="{{ files }}/copr/forward" dest=/root/.forward owner=root group=root
|
||||
|
||||
# packages needed
|
||||
- name: add packages for copr-be
|
||||
action: yum state=present name=$item
|
||||
action: yum state=present name={{ item }}
|
||||
with_items:
|
||||
- copr-selinux
|
||||
- copr-backend
|
||||
|
@ -57,7 +57,7 @@
|
|||
|
||||
|
||||
- name: make copr dirs
|
||||
file: state=directory path=$item
|
||||
file: state=directory path={{ item }}
|
||||
with_items:
|
||||
- /var/lib/copr/jobs
|
||||
- /var/lib/copr/public_html/results
|
||||
|
@ -66,44 +66,44 @@
|
|||
action: command /usr/bin/umask 0000 chdir=/var/lib/copr/public_html/results
|
||||
|
||||
- name: setup dirs there
|
||||
action: file state=directory path=/home/copr/$item owner=copr group=copr mode=0700
|
||||
action: file state=directory path="/home/copr/{{ item }}" owner=copr group=copr mode=0700
|
||||
with_items:
|
||||
- cloud
|
||||
- .ssh
|
||||
|
||||
- name: add copr-buildsys keys to copr user path
|
||||
action: copy src=$item dest=/home/copr/cloud/ owner=copr group=copr mode=0600
|
||||
with_fileglob: $private/files/openstack/copr-copr/*
|
||||
action: copy src={{ item }} dest=/home/copr/cloud/ owner=copr group=copr mode=0600
|
||||
with_fileglob: "{{ private }}/files/openstack/copr-copr/*"
|
||||
|
||||
- name: setup privkey for copr user
|
||||
action: copy src=$private/files/copr/buildsys.priv dest=/home/copr/.ssh/id_rsa owner=copr group=copr mode=600
|
||||
action: copy src="{{ private }}/files/copr/buildsys.priv" dest=/home/copr/.ssh/id_rsa owner=copr group=copr mode=600
|
||||
|
||||
- name: setup copr user ssh config file
|
||||
action: copy src=$files/copr/ssh_config dest=/home/copr/.ssh/config owner=copr group=copr mode=600
|
||||
action: copy src="{{ files }}/copr/ssh_config" dest=/home/copr/.ssh/config owner=copr group=copr mode=600
|
||||
|
||||
- name: create empty known_hosts
|
||||
action: copy src=/dev/null dest=/home/copr/.ssh/known_hosts owner=copr group=copr mode=600
|
||||
|
||||
- name: replace bashrc for copr user
|
||||
action: copy src=$files/copr/copr_bashrc dest=/home/copr/.bashrc owner=copr group=copr mode=600
|
||||
action: copy src="{{ files }}/copr/copr_bashrc" dest=/home/copr/.bashrc owner=copr group=copr mode=600
|
||||
|
||||
- name: auth_key so we can login to localhost as the copr user from the copr user
|
||||
action: authorized_key user=copr key="{{ item }}"
|
||||
with_file:
|
||||
- ${files}/copr/provision/files/buildsys.pub
|
||||
- "{{ files }}/copr/provision/files/buildsys.pub"
|
||||
|
||||
- name: copy .boto file
|
||||
action: copy src=$files/copr/boto dest=/home/copr/.boto owner=copr group=copr
|
||||
action: copy src="{{ files }}/copr/boto" dest=/home/copr/.boto owner=copr group=copr
|
||||
|
||||
# setup webserver
|
||||
- name: add config for copr-repo path
|
||||
action: copy src=$files/copr/lighttpd/lighttpd.conf dest=/etc/lighttpd/lighttpd.conf owner=root group=root mode=0644
|
||||
action: copy src="{{ files }}/copr/lighttpd/lighttpd.conf" dest=/etc/lighttpd/lighttpd.conf owner=root group=root mode=0644
|
||||
notify:
|
||||
- restart lighttpd
|
||||
|
||||
# mime default to text/plain and enable dirlisting for indexes
|
||||
- name: update lighttpd configs
|
||||
action: copy src=$files/copr/lighttpd/$item dest=/etc/lighttpd/conf.d/$item owner=root group=root mode=0644
|
||||
action: copy src="{{ files }}/copr/lighttpd/{{ item }}" dest="/etc/lighttpd/conf.d/{{ item }}" owner=root group=root mode=0644
|
||||
with_items:
|
||||
- dirlisting.conf
|
||||
- mime.conf
|
||||
|
@ -118,7 +118,7 @@
|
|||
|
||||
# setup dirs for the ansible execution off of provisioning
|
||||
- name: dirs from provision
|
||||
action: file state=directory path=/home/copr/provision/$item owner=copr group=copr
|
||||
action: file state=directory path="/home/copr/provision/{{ item }}" owner=copr group=copr
|
||||
with_items:
|
||||
- action_plugins
|
||||
- library
|
||||
|
@ -128,13 +128,13 @@
|
|||
- provision_config
|
||||
|
||||
- name: put ansible.cfg for all this into /etc/ansible/ on the system
|
||||
action: copy src=$files/copr/provision/ansible.cfg dest=/etc/ansible/ansible.cfg
|
||||
action: copy src="{{ files }}/copr/provision/ansible.cfg" dest=/etc/ansible/ansible.cfg
|
||||
tags:
|
||||
- provision_config
|
||||
|
||||
|
||||
- name: put some files into the provision subdir
|
||||
action: copy src=$files/copr/provision/$item dest=/home/copr/provision/$item
|
||||
action: copy src="{{ files }}/copr/provision/{{ item }}" dest="/home/copr/provision/{{ item }}"
|
||||
with_items:
|
||||
- inventory
|
||||
- builderpb.yml
|
||||
|
@ -143,20 +143,20 @@
|
|||
- provision_config
|
||||
|
||||
- name: put files into the files subdir off of provisioning
|
||||
action: copy src=$item dest=/home/copr/provision/files/
|
||||
with_fileglob: $files/copr/provision/files/*
|
||||
action: copy src={{ item }} dest=/home/copr/provision/files/
|
||||
with_fileglob: "{{ files }}/copr/provision/files/*"
|
||||
tags:
|
||||
- provision_config
|
||||
|
||||
# ansible lacks a recurse - so we need this until then
|
||||
- name: put files into the files/mock subdir off of provisioning
|
||||
action: copy src=$item dest=/home/copr/provision/files/mock
|
||||
with_fileglob: $files/copr/provision/files/mock/*
|
||||
action: copy src={{ item }} dest=/home/copr/provision/files/mock
|
||||
with_fileglob: "{{ files }}/copr/provision/files/mock/*"
|
||||
tags:
|
||||
- provision_config
|
||||
|
||||
- name: copy copr-be.conf
|
||||
template: src=$files/copr/copr-be.conf dest=/etc/copr/copr-be.conf mode=640
|
||||
template: src="{{ files }}/copr/copr-be.conf" dest=/etc/copr/copr-be.conf mode=640
|
||||
notify:
|
||||
- restart copr-backend
|
||||
tags:
|
||||
|
@ -164,7 +164,7 @@
|
|||
|
||||
- name: fedmsg certs
|
||||
copy: >
|
||||
src=$private/files/fedmsg-certs/keys/copr-copr-be.cloud.fedoraproject.org.crt
|
||||
src="{{ private }}/files/fedmsg-certs/keys/copr-copr-be.cloud.fedoraproject.org.crt"
|
||||
dest=/etc/pki/fedmsg/
|
||||
mode=644
|
||||
owner=root
|
||||
|
@ -172,7 +172,7 @@
|
|||
|
||||
- name: fedmsg keys
|
||||
copy: >
|
||||
src=$private/files/fedmsg-certs/keys/copr-copr-be.cloud.fedoraproject.org.key
|
||||
src="{{ private }}/files/fedmsg-certs/keys/copr-copr-be.cloud.fedoraproject.org.key"
|
||||
dest=/etc/pki/fedmsg/
|
||||
mode=0640
|
||||
owner=root
|
||||
|
@ -180,11 +180,11 @@
|
|||
|
||||
# open up ports (22, 80, 443)
|
||||
- name: poke holes in the firewall
|
||||
action: command lokkit $item
|
||||
action: command lokkit {{ item }}
|
||||
with_items:
|
||||
- --service=ssh
|
||||
- --service=https
|
||||
- --service=http
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
|
|
@ -5,11 +5,11 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/persistent_cloud.yml
|
||||
- include: $tasks/growroot_cloud.yml
|
||||
- include: "{{ tasks }}/persistent_cloud.yml"
|
||||
- include: "{{ tasks }}/growroot_cloud.yml"
|
||||
|
||||
- name: provision instance
|
||||
hosts: copr-fe-dev.cloud.fedoraproject.org
|
||||
|
@ -18,18 +18,18 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/cloud_setup_basic.yml
|
||||
- include: $tasks/iptables.yml
|
||||
- include: "{{ tasks }}/cloud_setup_basic.yml"
|
||||
- include: "{{ tasks }}/iptables.yml"
|
||||
|
||||
- name: copy copr.repo
|
||||
action: copy src=$files/copr/fe/yum/copr.repo dest=/etc/yum.repos.d/copr.repo
|
||||
action: copy src="{{ files }}/copr/fe/yum/copr.repo" dest=/etc/yum.repos.d/copr.repo
|
||||
|
||||
- name: install copr-fe pkgs
|
||||
action: yum state=installed pkg=$item
|
||||
action: yum state=installed pkg={{ item }}
|
||||
with_items:
|
||||
- copr-frontend
|
||||
- copr-selinux
|
||||
|
@ -39,19 +39,19 @@
|
|||
- packages
|
||||
|
||||
- name: copy apache files to conf.d
|
||||
action: copy src=$files/copr/fe/httpd/$item dest=/etc/httpd/conf.d/$item
|
||||
action: copy src="{{ files }}/copr/fe/httpd/{{ item }}" dest="/etc/httpd/conf.d/{{ item }}"
|
||||
with_items:
|
||||
- coprs.conf
|
||||
- welcome.conf
|
||||
|
||||
- name: copy pg_hba.conf
|
||||
action: copy src=$files/copr/fe/pg/pg_hba.conf dest=/var/lib/pgsql/data/pg_hba.conf owner=postgres group=postgres mode=0600
|
||||
action: copy src="{{ files }}/copr/fe/pg/pg_hba.conf" dest=/var/lib/pgsql/data/pg_hba.conf owner=postgres group=postgres mode=0600
|
||||
|
||||
- name: enable services
|
||||
action: service state=running enabled=yes name=$item
|
||||
action: service state=running enabled=yes name={{ item }}
|
||||
with_items:
|
||||
- httpd
|
||||
- postgresql
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
|
|
@ -5,11 +5,11 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/persistent_cloud.yml
|
||||
- include: $tasks/growroot_cloud.yml
|
||||
- include: "{{ tasks }}/persistent_cloud.yml"
|
||||
- include: "{{ tasks }}/growroot_cloud.yml"
|
||||
|
||||
- name: provision instance
|
||||
hosts: 209.132.184.144
|
||||
|
@ -18,14 +18,14 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/cloud_setup_basic.yml
|
||||
- include: "{{ tasks }}/cloud_setup_basic.yml"
|
||||
- name: mount up disk of copr fe
|
||||
action: mount name=/srv/copr-fe src='LABEL=copr-fe' fstype=ext4 state=mounted
|
||||
- include: $tasks/iptables.yml
|
||||
- include: "{{ tasks }}/iptables.yml"
|
||||
|
||||
- name: mount up bind mount for postgres
|
||||
action: mount src=/srv/copr-fe/pgsqldb name=/var/lib/pgsql fstype=auto opts=bind state=mounted
|
||||
|
@ -33,14 +33,14 @@
|
|||
#- name: copy copr.repo
|
||||
# action: copy src=$files/copr/fe/yum/copr.repo dest=/etc/yum.repos.d/copr.repo
|
||||
|
||||
- Set the hostname
|
||||
- name: set the hostname
|
||||
shell: hostname copr-fe.cloud.fedoraproject.org
|
||||
|
||||
- name: copy .forward file
|
||||
action: copy src=$files/copr/forward dest=/root/.forward owner=root group=root
|
||||
action: copy src="{{ files }}/copr/forward" dest=/root/.forward owner=root group=root
|
||||
|
||||
- name: install copr-fe pkgs
|
||||
action: yum state=installed pkg=$item
|
||||
action: yum state=installed pkg={{ item }}
|
||||
with_items:
|
||||
- copr-frontend
|
||||
- copr-selinux
|
||||
|
@ -51,35 +51,35 @@
|
|||
- packages
|
||||
|
||||
- name: install copr configs
|
||||
template: src=$files/copr/copr.conf dest=/etc/copr/copr.conf mode=600
|
||||
template: src="{{ files }}/copr/copr.conf" dest=/etc/copr/copr.conf mode=600
|
||||
notify:
|
||||
- restart httpd
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: copy apache files to conf.d
|
||||
action: copy src=$files/copr/fe/httpd/$item dest=/etc/httpd/conf.d/$item
|
||||
action: copy src="{{ files }}/copr/fe/httpd/{{ item }}" dest="/etc/httpd/conf.d/{{ item }}"
|
||||
with_items:
|
||||
- coprs.conf
|
||||
- welcome.conf
|
||||
|
||||
- name: copy pg_hba.conf
|
||||
action: copy src=$files/copr/fe/pg/pg_hba.conf dest=/var/lib/pgsql/data/pg_hba.conf owner=postgres group=postgres mode=0600
|
||||
action: copy src="{{ files }}/copr/fe/pg/pg_hba.conf" dest=/var/lib/pgsql/data/pg_hba.conf owner=postgres group=postgres mode=0600
|
||||
|
||||
# open up ports (22, 80, 443)
|
||||
- name: poke holes in the firewall
|
||||
action: command lokkit $item
|
||||
action: command lokkit {{ item }}
|
||||
with_items:
|
||||
- --service=ssh
|
||||
- --service=https
|
||||
- --service=http
|
||||
|
||||
- name: enable services
|
||||
action: service state=running enabled=yes name=$item
|
||||
action: service state=running enabled=yes name={{ item }}
|
||||
with_items:
|
||||
- httpd
|
||||
- postgresql
|
||||
- fail2ban
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
|
|
@ -5,11 +5,11 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/persistent_cloud.yml
|
||||
- include: $tasks/growroot_cloud.yml
|
||||
- include: "{{ tasks }}/persistent_cloud.yml"
|
||||
- include: "{{ tasks }}/growroot_cloud.yml"
|
||||
|
||||
- name: provision instance
|
||||
hosts: 209.132.184.162
|
||||
|
@ -18,18 +18,18 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/cloud_setup_basic.yml
|
||||
- include: "{{ tasks }}/cloud_setup_basic.yml"
|
||||
|
||||
- name: mount up disk of persistent storage
|
||||
action: mount name=/srv/persist src='LABEL=elections' fstype=ext4 state=mounted
|
||||
|
||||
# open up ports (22, 80, 443)
|
||||
- name: poke holes in the firewall
|
||||
action: command lokkit $item
|
||||
action: command lokkit {{ item }}
|
||||
with_items:
|
||||
- --service=ssh
|
||||
- --service=https
|
||||
|
@ -37,7 +37,7 @@
|
|||
|
||||
# packages needed
|
||||
- name: add packages for repo
|
||||
action: yum state=present name=$item
|
||||
action: yum state=present name={{ item }}
|
||||
with_items:
|
||||
- rsync
|
||||
- openssh-clients
|
||||
|
@ -53,4 +53,4 @@
|
|||
action: service name=httpd state=started
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
|
|
@ -5,11 +5,11 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/persistent_cloud.yml
|
||||
- include: $tasks/growroot_cloud.yml
|
||||
- include: "{{ tasks }}/persistent_cloud.yml"
|
||||
- include: "{{ tasks }}/growroot_cloud.yml"
|
||||
|
||||
- name: provision instance
|
||||
hosts: 209.132.184.147
|
||||
|
@ -21,16 +21,16 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/cloud_setup_basic.yml
|
||||
- include: $tasks/postfix_basic.yml
|
||||
- include: "{{ tasks }}/cloud_setup_basic.yml"
|
||||
- include: "{{ tasks }}/postfix_basic.yml"
|
||||
|
||||
# packages needed
|
||||
- name: add packages for repo
|
||||
action: yum state=present name=$item
|
||||
action: yum state=present name={{ item }}
|
||||
with_items:
|
||||
- euca2ools
|
||||
- rsync
|
||||
|
@ -38,7 +38,7 @@
|
|||
- system-config-firewall-base
|
||||
|
||||
- name: install dependencies of fedocal
|
||||
action: yum state=installed pkg=$item
|
||||
action: yum state=installed pkg={{ item }}
|
||||
with_items:
|
||||
- mod_wsgi
|
||||
- mod_ssl
|
||||
|
@ -61,9 +61,9 @@
|
|||
|
||||
# open up tcp ports
|
||||
- name: poke holes in the firewall
|
||||
action: command lokkit -p '${item}:tcp'
|
||||
with_items: $tcp_ports
|
||||
action: command lokkit -p '{{ item }}:tcp'
|
||||
with_items: "{{ tcp_ports }}"
|
||||
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
|
|
@ -5,10 +5,10 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/persistent_cloud.yml
|
||||
- include: "{{ tasks }}/persistent_cloud.yml"
|
||||
|
||||
- name: provision instance
|
||||
hosts: hrf.cloud.fedoraproject.org
|
||||
|
@ -17,14 +17,14 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/cloud_setup_basic.yml
|
||||
- include: "{{ tasks }}/cloud_setup_basic.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
- name: deploy hrf
|
||||
hosts: hrf.cloud.fedoraproject.org
|
||||
|
@ -33,12 +33,12 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
tasks:
|
||||
- name: install deps
|
||||
yum: state=present name=$item
|
||||
yum: state=present name={{ item }}
|
||||
with_items:
|
||||
- httpd
|
||||
- python-flask
|
||||
|
|
|
@ -5,10 +5,10 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/persistent_cloud.yml
|
||||
- include: "{{ tasks }}/persistent_cloud.yml"
|
||||
|
||||
- name: provisions basics onto system/setup paths
|
||||
hosts: lists-dev.cloud.fedoraproject.org
|
||||
|
@ -17,14 +17,14 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
vars:
|
||||
- mailman_vardir: /srv/persist/mailman
|
||||
|
||||
tasks:
|
||||
- include: $tasks/cloud_setup_basic.yml
|
||||
- include: $tasks/postfix_basic.yml
|
||||
- include: "{{ tasks }}/cloud_setup_basic.yml"
|
||||
- include: "{{ tasks }}/postfix_basic.yml"
|
||||
|
||||
- name: mount up disk of persistent storage
|
||||
action: mount name=/srv/persist src='LABEL=lists-dev' fstype=ext4 state=mounted
|
||||
|
@ -43,7 +43,7 @@
|
|||
dest=/etc/yum.repos.d/fedora-hyperkitty.repo mode=0444
|
||||
|
||||
- name: install packages
|
||||
yum: state=installed name=$item
|
||||
yum: state=installed name={{ item }}
|
||||
with_items:
|
||||
- httpd
|
||||
- mod_ssl
|
||||
|
@ -72,7 +72,7 @@
|
|||
command: /usr/bin/postgresql-setup initdb
|
||||
creates=/var/lib/pgsql/data/postgresql.conf
|
||||
- name: copy pg_hba.conf
|
||||
copy: src=$files/lists-dev/pg_hba.conf dest=/var/lib/pgsql/data/pg_hba.conf
|
||||
copy: src="{{ files }}/lists-dev/pg_hba.conf" dest=/var/lib/pgsql/data/pg_hba.conf
|
||||
notify:
|
||||
- restart postgresql
|
||||
- name: start postgresql
|
||||
|
@ -80,7 +80,7 @@
|
|||
|
||||
# open up ports (22, 80, 443, 25)
|
||||
- name: poke holes in the firewall
|
||||
command: lokkit $item
|
||||
command: lokkit {{ item }}
|
||||
with_items:
|
||||
- --service=ssh
|
||||
- --service=https
|
||||
|
@ -89,12 +89,12 @@
|
|||
|
||||
# packages needed to be gone
|
||||
- name: erase packages
|
||||
action: yum state=absent name=$item
|
||||
action: yum state=absent name={{ item }}
|
||||
with_items:
|
||||
- cronie-anacron
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
|
||||
|
||||
|
@ -105,23 +105,23 @@
|
|||
sudo_user: postgres
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
vars:
|
||||
- mailman_vardir: /srv/persist/mailman
|
||||
|
||||
|
||||
tasks:
|
||||
- name: mailman DB user
|
||||
postgresql_user: name=mailman password=$lists_dev_mm_db_pass
|
||||
postgresql_user: name=mailman password={{ lists_dev_mm_db_pass }}
|
||||
- name: hyperkitty DB user
|
||||
postgresql_user: name=hyperkitty password=$lists_dev_hk_db_pass
|
||||
postgresql_user: name=hyperkitty password={{ lists_dev_hk_db_pass }}
|
||||
- name: kittystore DB user
|
||||
postgresql_user: name=kittystore password=$lists_dev_ks_db_pass
|
||||
postgresql_user: name=kittystore password={{ lists_dev_ks_db_pass }}
|
||||
- name: postorius DB user
|
||||
postgresql_user: name=postorius password=$lists_dev_ps_db_pass
|
||||
postgresql_user: name=postorius password={{ lists_dev_ps_db_pass }}
|
||||
- name: databases creation
|
||||
postgresql_db: name=$item owner=$item encoding=UTF-8
|
||||
postgresql_db: name={{ item }} owner={{ item }} encoding=UTF-8
|
||||
with_items:
|
||||
- mailman
|
||||
- hyperkitty
|
||||
|
@ -133,8 +133,8 @@
|
|||
gather_facts: no
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
vars:
|
||||
- mailman_vardir: /srv/persist/mailman
|
||||
|
||||
|
@ -147,12 +147,12 @@
|
|||
- restart mailman
|
||||
|
||||
- name: set the mailman conffile
|
||||
template: src=$files/lists-dev/mailman.cfg.j2 dest=/etc/mailman.cfg
|
||||
template: src="{{ files }}/lists-dev/mailman.cfg.j2" dest=/etc/mailman.cfg
|
||||
notify:
|
||||
- restart mailman
|
||||
|
||||
- name: install kittystore and hyperkitty
|
||||
yum: state=installed name=$item
|
||||
yum: state=installed name={{ item }}
|
||||
with_items:
|
||||
- kittystore
|
||||
- hyperkitty
|
||||
|
@ -169,13 +169,13 @@
|
|||
file: path=/var/log/hyperkitty/hyperkitty.log state=file
|
||||
owner=root group=apache mode=664
|
||||
- name: hyperkitty logging -- rotation
|
||||
copy: src=$files/lists-dev/hyperkitty.logrotate.conf
|
||||
copy: src="{{ files }}/lists-dev/hyperkitty.logrotate.conf"
|
||||
dest=/etc/logrotate.d/hyperkitty
|
||||
|
||||
# settings / conf
|
||||
- name: install the hyperkitty/postorius settings file
|
||||
template: src=$files/lists-dev/$item.settings_local.py.j2
|
||||
dest=/etc/$item/sites/default/settings_local.py
|
||||
template: src="{{ files }}/lists-dev/{{ item.settings_local.py.j2 }}"
|
||||
dest="/etc/{{ item }}/sites/default/settings_local.py"
|
||||
owner=root group=apache mode=0640
|
||||
with_items:
|
||||
- hyperkitty
|
||||
|
@ -185,8 +185,8 @@
|
|||
- restart mailman
|
||||
|
||||
- name: install the hyperkitty/postorius urls file
|
||||
copy: src=$files/lists-dev/$item.urls.py
|
||||
dest=/etc/$item/sites/default/urls.py
|
||||
copy: src="files/lists-dev/{{ item }}.urls.py"
|
||||
dest="/etc/{{ item }}/sites/default/urls.py"
|
||||
owner=root group=root mode=0644
|
||||
with_items:
|
||||
- hyperkitty
|
||||
|
@ -196,8 +196,8 @@
|
|||
- restart mailman
|
||||
|
||||
- name: install the hyperkitty/postorius httpd conf file
|
||||
copy: src=$files/lists-dev/$item.apache.conf
|
||||
dest=/etc/httpd/conf.d/$item.conf
|
||||
copy: src="{{ files }}/lists-dev/{{ item }}.apache.conf"
|
||||
dest="/etc/httpd/conf.d/{{ item }}.conf"
|
||||
with_items:
|
||||
- hyperkitty
|
||||
- postorius
|
||||
|
@ -205,22 +205,22 @@
|
|||
- reload apache
|
||||
|
||||
- name: set the hyperkitty conffile in mailman
|
||||
copy: src=$files/lists-dev/hyperkitty.cfg dest=/etc/mailman.d/hyperkitty.cfg
|
||||
copy: src="{{ files }}/lists-dev/hyperkitty.cfg" dest=/etc/mailman.d/hyperkitty.cfg
|
||||
notify:
|
||||
- restart mailman
|
||||
|
||||
- name: set the postfix conffile
|
||||
template: src=$files/lists-dev/postfix-main.cf.j2 dest=/etc/postfix/main.cf
|
||||
template: src="{{ files }}/lists-dev/postfix-main.cf.j2" dest=/etc/postfix/main.cf
|
||||
notify:
|
||||
- restart postfix
|
||||
|
||||
- name: set the mail aliases
|
||||
copy: src=$files/lists-dev/aliases dest=/etc/aliases
|
||||
copy: src="{{ files }}/lists-dev/aliases" dest=/etc/aliases
|
||||
notify:
|
||||
- reload aliases
|
||||
|
||||
- name: easy access to the postgresql databases
|
||||
template: src=$files/lists-dev/pgpass.j2 dest=/root/.pgpass
|
||||
template: src="{{ files }}/lists-dev/pgpass.j2" dest=/root/.pgpass
|
||||
owner=root group=root mode=0600
|
||||
|
||||
|
||||
|
@ -231,17 +231,17 @@
|
|||
# so no matter when it is run the right thing happens
|
||||
|
||||
- name: run django syncdb
|
||||
command: /usr/bin/django-admin syncdb --pythonpath=/etc/$item/sites/default --settings=settings
|
||||
command: /usr/bin/django-admin syncdb --pythonpath="/etc/{{ item }}/sites/default" --settings=settings
|
||||
with_items:
|
||||
- hyperkitty
|
||||
- postorius
|
||||
- name: run django migrate
|
||||
command: /usr/bin/django-admin migrate --pythonpath=/etc/hyperkitty/sites/default --settings=settings hyperkitty
|
||||
- name: kittystore schema update
|
||||
command: /usr/bin/kittystore-updatedb -s postgres://kittystore:${lists_dev_ks_db_pass}@localhost/kittystore
|
||||
command: /usr/bin/kittystore-updatedb -s postgres://kittystore:{{ lists_dev_ks_db_pass }}@localhost/kittystore
|
||||
|
||||
- name: copy the initial user fixture
|
||||
copy: src=$files/lists-dev/postorius.initial-user.json
|
||||
copy: src="{{ files }}/lists-dev/postorius.initial-user.json"
|
||||
dest=/etc/postorius/sites/default/initial-user.json
|
||||
owner=root group=apache mode=0640
|
||||
|
||||
|
@ -249,11 +249,11 @@
|
|||
command: /usr/bin/django-admin loaddata --pythonpath=/etc/postorius/sites/default --settings=settings /etc/postorius/sites/default/initial-user.json
|
||||
|
||||
- name: html index
|
||||
copy: src=$files/lists-dev/index.html dest=/var/www/html/index.html
|
||||
copy: src="{{ files }}/lists-dev/index.html" dest=/var/www/html/index.html
|
||||
|
||||
# Start services
|
||||
- name: start services
|
||||
service: state=started enabled=yes name=$item
|
||||
service: state=started enabled=yes name={{ item }}
|
||||
with_items:
|
||||
- httpd
|
||||
- postgresql
|
||||
|
@ -262,6 +262,6 @@
|
|||
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
- name: reload aliases
|
||||
command: newaliases
|
||||
|
|
|
@ -5,11 +5,11 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/persistent_cloud.yml
|
||||
- include: $tasks/growroot_cloud.yml
|
||||
- include: "{{ tasks }}/persistent_cloud.yml"
|
||||
- include: "{{ tasks }}/growroot_cloud.yml"
|
||||
|
||||
- name: provision instance
|
||||
hosts: 209.132.184.146
|
||||
|
@ -18,15 +18,15 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/cloud_setup_basic.yml
|
||||
- include: "{{ tasks }}/cloud_setup_basic.yml"
|
||||
|
||||
# packages needed
|
||||
- name: add packages for repo
|
||||
action: yum state=present name=$item
|
||||
action: yum state=present name={{ item }}
|
||||
with_items:
|
||||
- rsync
|
||||
- openssh-clients
|
||||
|
@ -41,4 +41,4 @@
|
|||
- mount_disk
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
|
|
@ -5,11 +5,11 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/persistent_cloud.yml
|
||||
- include: $tasks/growroot_cloud.yml
|
||||
- include: "{{ tasks }}/persistent_cloud.yml"
|
||||
- include: "{{ tasks }}/growroot_cloud.yml"
|
||||
|
||||
- name: provision instance
|
||||
hosts: 209.132.184.157
|
||||
|
@ -18,12 +18,12 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/cloud_setup_basic.yml
|
||||
- include: $tasks/postfix_basic.yml
|
||||
- include: "{{ tasks }}/cloud_setup_basic.yml"
|
||||
- include: "{{ tasks }}/postfix_basic.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
|
|
@ -20,11 +20,11 @@
|
|||
|
||||
tasks:
|
||||
- name: run rdiff-backup hitting all the global targets
|
||||
local_action: "shell rdiff-backup --create-full-path --print-statistics ${inventory_hostname}::${item} /fedora_backups/${inventory_hostname}/`basename ${item}` | mail -r sysadmin-backup-members@fedoraproject.org -s 'rdiff-backup: ${inventory_hostname}:${item}' sysadmin-backup-members@fedoraproject.org"
|
||||
with_items: $global_backup_targets
|
||||
local_action: "shell rdiff-backup --create-full-path --print-statistics {{ inventory_hostname }}::{{ item }} /fedora_backups/{{ inventory_hostname }}/`basename {{ item }}` | mail -r sysadmin-backup-members@fedoraproject.org -s 'rdiff-backup: {{ inventory_hostname }}:{{ item }}' sysadmin-backup-members@fedoraproject.org"
|
||||
with_items: global_backup_targets
|
||||
when: global_backup_targets is defined
|
||||
|
||||
- name: run rdiff-backup hitting all the host targets
|
||||
local_action: "shell rdiff-backup --exclude='**.snapshot' --create-full-path --print-statistics ${inventory_hostname}::${item} /fedora_backups/${inventory_hostname}/`basename ${item}` | mail -r sysadmin-backup-members@fedoraproject.org -s 'rdiff-backup: ${inventory_hostname}:${item}' sysadmin-backup-members@fedoraproject.org"
|
||||
with_items: $host_backup_targets
|
||||
local_action: "shell rdiff-backup --exclude='**.snapshot' --create-full-path --print-statistics {{ inventory_hostname }}::{{ item }} /fedora_backups/{{ inventory_hostname }}/`basename {{ item }}` | mail -r sysadmin-backup-members@fedoraproject.org -s 'rdiff-backup: {{ inventory_hostname }}:{{ item }}' sysadmin-backup-members@fedoraproject.org"
|
||||
with_items: host_backup_targets
|
||||
when: host_backup_targets is defined
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
# requires --extra-vars="target='host1;host2;group etc' yumcommand=update'"
|
||||
|
||||
- name: update all run rkhunter if installed
|
||||
hosts: $target
|
||||
hosts: "{{ target }}"
|
||||
user: root
|
||||
|
||||
tasks:
|
||||
- name: expire-caches
|
||||
command: yum clean expire-cache
|
||||
|
||||
- name: yum -y ${yumcommand}
|
||||
command: yum -y ${yumcommand}
|
||||
- name: yum -y {{ yumcommand }}
|
||||
command: yum -y {{ yumcommand }}
|
||||
async: 7200
|
||||
poll: 15
|
||||
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
# optionally can take --extra-vars="hostbase=hostnamebase root_auth_users='user1 user2 user3'"
|
||||
- name: set auth keys
|
||||
hosts: $target
|
||||
hosts: "{{ target }}"
|
||||
user: root
|
||||
gather_facts: False
|
||||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
vars:
|
||||
- root_auth_users: ''
|
||||
|
||||
|
@ -15,6 +15,6 @@
|
|||
- name: add root keys for sysadmin-main and other allowed users
|
||||
action: authorized_key user=root key="{{ item }}"
|
||||
with_pipe:
|
||||
- "${auth_keys_from_fas} @sysadmin-main ${root_auth_users}"
|
||||
- "{{ auth_keys_from_fas }} @sysadmin-main {{ root_auth_users }}"
|
||||
|
||||
|
||||
|
|
|
@ -27,10 +27,10 @@
|
|||
# TODO -- I'd also like to fail if there are no *.rpm files in there.
|
||||
|
||||
- name: sign all the rpms with our gpg key
|
||||
shell: /bin/rpm --resign ${rpmdir}/*.rpm
|
||||
shell: /bin/rpm --resign "{{ rpmdir }}/*.rpm"
|
||||
|
||||
- name: make a directory where we store the rpms afterwards
|
||||
file: path=${rpmdir}-old state=directory
|
||||
file: path={{ rpmdir }}-old state=directory
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
|
||||
tasks:
|
||||
- name: add it to the special group
|
||||
local_action: add_host hostname=$target groupname=tmp_just_created
|
||||
local_action: add_host hostname={{ target }} groupname=tmp_just_created
|
||||
|
||||
- name: provision instance
|
||||
hosts: tmp_just_created
|
||||
|
@ -14,12 +14,12 @@
|
|||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- ${private}/vars.yml
|
||||
- ${vars}/${ansible_distribution}.yml
|
||||
- "{{ private }}/vars.yml"
|
||||
- "{{ vars }}/{{ ansible_distribution }}.yml"
|
||||
|
||||
tasks:
|
||||
- include: $tasks/growroot_cloud.yml
|
||||
- include: $tasks/cloud_setup_basic.yml
|
||||
- include: "{{ tasks }}/growroot_cloud.yml"
|
||||
- include: "{{ tasks }}/cloud_setup_basic.yml"
|
||||
|
||||
handlers:
|
||||
- include: $handlers/restart_services.yml
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
# TODO -- how do make it easy to select the infra-testing repo?
|
||||
|
||||
- name: push packages out
|
||||
hosts: $target
|
||||
hosts: "{{ target }}"
|
||||
user: root
|
||||
|
||||
tasks:
|
||||
|
@ -14,5 +14,5 @@
|
|||
- name: expire-caches
|
||||
command: yum clean expire-cache
|
||||
|
||||
- name: yum update ${package}
|
||||
yum: name=${package} state=latest
|
||||
- name: yum update {{ package }}
|
||||
yum: name={{ package }} state=latest
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
|
||||
|
||||
- name: find instances
|
||||
hosts: $vhost
|
||||
hosts: "{{ vhost }}"
|
||||
user: root
|
||||
|
||||
tasks:
|
||||
|
@ -29,8 +29,8 @@
|
|||
register: vmlist
|
||||
|
||||
- name: add them to myvms_new group
|
||||
local_action: add_host hostname=$item groupname=myvms_new
|
||||
with_items: ${vmlist.list_vms}
|
||||
local_action: add_host hostname={{ item }} groupname=myvms_new
|
||||
with_items: "{{ vmlist.list_vms }}"
|
||||
|
||||
|
||||
- name: halt instances
|
||||
|
@ -40,7 +40,7 @@
|
|||
|
||||
tasks:
|
||||
- name: tell nagios to shush
|
||||
action: nagios action=silence host=${inventory_hostname_short}
|
||||
action: nagios action=silence host={{ inventory_hostname_short }}
|
||||
delegate_to: noc01.phx2.fedoraproject.org
|
||||
|
||||
- name: echo-y
|
||||
|
@ -49,4 +49,4 @@
|
|||
# if one of them is down we don't care
|
||||
|
||||
- name: wait for them to die
|
||||
local_action: wait_for port=22 delay=30 timeout=300 state=stopped host=${inventory_hostname}
|
||||
local_action: wait_for port=22 delay=30 timeout=300 state=stopped host={{ inventory_hostname }}
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
# Configuration for the fedbadges consumer
|
||||
|
||||
- name: install needed packages
|
||||
yum: pkg=$item state=installed
|
||||
yum: pkg={{ item }} state=installed
|
||||
with_items:
|
||||
- python-fedbadges
|
||||
- python-psycopg2
|
||||
|
@ -12,7 +12,7 @@
|
|||
|
||||
- name: copy database configuration
|
||||
template: >
|
||||
src=$item dest=/etc/fedmsg.d/$item
|
||||
src={{ item }} dest="/etc/fedmsg.d/{{ item }}"
|
||||
owner=fedmsg group=fedmsg mode=0600
|
||||
with_items:
|
||||
- datanommer.py
|
||||
|
@ -45,7 +45,7 @@
|
|||
|
||||
- name: copy over all our badge definitions
|
||||
copy: >
|
||||
src=$item
|
||||
src={{ item }}
|
||||
dest=/usr/share/badges/rules/
|
||||
owner=fedmsg group=fedmsg mode=0644
|
||||
with_fileglob:
|
||||
|
@ -71,7 +71,7 @@
|
|||
- name: ensure badges cron directories exist
|
||||
file: >
|
||||
state=directory
|
||||
path=$item
|
||||
path={{ item }}
|
||||
mode=755
|
||||
owner=root
|
||||
when: env != "staging"
|
||||
|
@ -84,8 +84,8 @@
|
|||
|
||||
- name: oldschool badge award scripts
|
||||
copy: >
|
||||
src=cron/$item
|
||||
dest=/usr/share/badges/cronjobs/$item
|
||||
src="cron/{{ item }}"
|
||||
dest="/usr/share/badges/cronjobs/{{ item }}"
|
||||
owner=fedmsg
|
||||
mode=744
|
||||
when: env != "staging"
|
||||
|
@ -100,8 +100,8 @@
|
|||
|
||||
- name: oldschool badge award cronjobs
|
||||
copy: >
|
||||
src=cron/$item.cron
|
||||
dest=/etc/cron.d/$item
|
||||
src="cron/{{ item }}.cron"
|
||||
dest="/etc/cron.d/{{ item }}"
|
||||
owner=root
|
||||
mode=644
|
||||
when: env != "staging"
|
||||
|
@ -135,8 +135,8 @@
|
|||
|
||||
- name: copy over the badge-admin one-off scripts
|
||||
copy: >
|
||||
src=$item
|
||||
dest=/usr/local/bin/$item
|
||||
src={{ item }}
|
||||
dest="/usr/local/bin/{{ item }}"
|
||||
owner=root
|
||||
group=sysadmin-badges
|
||||
mode=750
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
# Configuration for the tahrir webapp
|
||||
|
||||
- name: install needed packages
|
||||
yum: pkg=$item state=installed
|
||||
yum: pkg={{ item }} state=installed
|
||||
with_items:
|
||||
- python-tahrir
|
||||
- python-psycopg2
|
||||
|
@ -15,7 +15,7 @@
|
|||
|
||||
- name: copy tahrir app configuration
|
||||
template: >
|
||||
src=$item dest=/etc/tahrir/$item
|
||||
src={{ item }} dest="/etc/tahrir/{{ item }}"
|
||||
owner=tahrir group=tahrir mode=0600
|
||||
with_items:
|
||||
- tahrir.ini
|
||||
|
@ -26,7 +26,7 @@
|
|||
|
||||
- name: copy tahrir wsgi script
|
||||
copy: >
|
||||
src=$item dest=/usr/share/tahrir/$item
|
||||
src={{ item }} dest="/usr/share/tahrir/{{ item }}"
|
||||
owner=apache group=apache mode=0644
|
||||
with_items:
|
||||
- tahrir.wsgi
|
||||
|
@ -37,7 +37,7 @@
|
|||
|
||||
- name: copy tahrir httpd config
|
||||
copy: >
|
||||
src=$item dest=/etc/httpd/conf.d/$item
|
||||
src={{ item }} dest="/etc/httpd/conf.d/{{ item }}"
|
||||
owner=apache group=apache mode=0644
|
||||
with_items:
|
||||
- tahrir.conf
|
||||
|
@ -67,7 +67,7 @@
|
|||
|
||||
- name: copy over all our .rst site docs
|
||||
copy: >
|
||||
src=$item
|
||||
src={{ item }}
|
||||
dest=/usr/share/badges/sitedocs
|
||||
owner=root group=root mode=0644
|
||||
with_fileglob:
|
||||
|
@ -86,7 +86,7 @@
|
|||
|
||||
- name: copy over all our badge images
|
||||
copy: >
|
||||
src=$item
|
||||
src={{ item }}
|
||||
dest=/usr/share/badges/pngs/
|
||||
owner=root group=root mode=0644
|
||||
with_fileglob:
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
- name: sshd_config
|
||||
copy: src={{ item }} dest=/etc/ssh/sshd_config mode=600
|
||||
first_available_file:
|
||||
- ${sshd_config}
|
||||
- "{{ sshd_config }}"
|
||||
- ssh/sshd_config.{{ ansible_fqdn }}
|
||||
- ssh/sshd_config.{{ host_group }}
|
||||
- ssh/sshd_config.{{ dist_tag }}
|
||||
|
@ -73,7 +73,7 @@
|
|||
- name: iptables
|
||||
template: src={{ item }} dest=/etc/sysconfig/iptables mode=600 backup=yes
|
||||
first_available_file:
|
||||
- $iptables
|
||||
- "{{ iptables }}"
|
||||
- iptables/iptables.{{ ansible_fqdn }}
|
||||
- iptables/iptables.{{ host_group }}
|
||||
- iptables/iptables.{{ env }}
|
||||
|
@ -88,7 +88,7 @@
|
|||
- name: /etc/resolv.conf
|
||||
copy: src={{ item }} dest=/etc/resolv.conf
|
||||
first_available_file:
|
||||
- ${resolvconf}
|
||||
- "{{ resolvconf }}"
|
||||
- resolv.conf/{{ ansible_fqdn }}
|
||||
- resolv.conf/{{ host_group }}
|
||||
- resolv.conf/{{ datacenter }}
|
||||
|
@ -100,7 +100,7 @@
|
|||
- name: rsyslog.conf
|
||||
copy: src={{ item }} dest=/etc/rsyslog.conf mode=644
|
||||
first_available_file:
|
||||
- $rsyslogconf
|
||||
- "{{ rsyslogconf }}"
|
||||
- rsyslog/rsyslog.conf.{{ ansible_fqdn }}
|
||||
- rsyslog/rsyslog.conf.{{ host_group }}
|
||||
- rsyslog/rsyslog.conf.{{ datacenter }}
|
||||
|
@ -115,7 +115,7 @@
|
|||
- name: /etc/postfix/main.cf
|
||||
copy: src={{ item }} dest=/etc/postfix/main.cf
|
||||
first_available_file:
|
||||
- $postfix_maincf
|
||||
- "{{ postfix_maincf }}"
|
||||
- postfix/main.cf.{{ ansible_fqdn }}
|
||||
- postfix/main.cf.{{ host_group }}
|
||||
- postfix/main.cf.{{ postfix_group }}
|
||||
|
@ -137,7 +137,7 @@
|
|||
#
|
||||
|
||||
- name: Install common scripts
|
||||
copy: src=$item dest=/usr/local/bin/ owner=root group=root mode=0755
|
||||
copy: src={{ item }} dest=/usr/local/bin/ owner=root group=root mode=0755
|
||||
with_fileglob: common-scripts/*
|
||||
tags:
|
||||
- config
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
# nss_db is needed to store user/group info.
|
||||
#
|
||||
- name: install package needed for fas-client
|
||||
yum: state=installed name=$item
|
||||
yum: state=installed name={{ item }}
|
||||
with_items:
|
||||
- fas-clients
|
||||
- cronie
|
||||
|
@ -18,7 +18,7 @@
|
|||
|
||||
- name: hotfix - python-fedora proxyclient.py
|
||||
copy: >
|
||||
src=$files/hotfix/python-fedora/proxyclient.py
|
||||
src="{{ files }}/hotfix/python-fedora/proxyclient.py"
|
||||
dest=/usr/lib/python2.6/site-packages/fedora/client/proxyclient.py
|
||||
owner=root mode=644
|
||||
when: is_rhel == 'True'
|
||||
|
@ -54,11 +54,11 @@
|
|||
# Currently the default template is used, but could be modified on a host basis.
|
||||
#
|
||||
- name: setup /etc/fas.conf for client use
|
||||
template: src=$item dest=/etc/fas.conf owner=root mode=600
|
||||
template: src={{ item }} dest=/etc/fas.conf owner=root mode=600
|
||||
first_available_file:
|
||||
- ${ansible_fqdn}.fas.conf.j2
|
||||
- ${ansible_hostname}.fas.conf.j2
|
||||
- ${ansible_hostname}.fas.conf.j2
|
||||
- "{{ ansible_fqdn }}.fas.conf.j2"
|
||||
- "{{ ansible_hostname }}.fas.conf.j2"
|
||||
- "{{ ansible_hostname }}.fas.conf.j2"
|
||||
- fas.conf.j2
|
||||
tags:
|
||||
- config
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
# Setup a fedmsg-hub
|
||||
|
||||
- name: install needed packages
|
||||
yum: pkg=$item state=installed
|
||||
yum: pkg={{ item }} state=installed
|
||||
with_items:
|
||||
- fedmsg-hub
|
||||
tags:
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
# This is the base set of files needed for fedmsg
|
||||
|
||||
- name: install needed packages
|
||||
yum: pkg=$item state=installed
|
||||
yum: pkg={{ item }} state=installed
|
||||
with_items:
|
||||
- fedmsg
|
||||
tags:
|
||||
|
@ -15,7 +15,7 @@
|
|||
- config
|
||||
|
||||
- name: setup basic /etc/fedmsg.d/ contents
|
||||
template: src=$item.j2 dest=/etc/fedmsg.d/$item owner=root group=root mode=644
|
||||
template: src="{{ item }}.j2" dest="/etc/fedmsg.d/{{ item }}" owner=root group=root mode=644
|
||||
with_items:
|
||||
- ssl.py
|
||||
- endpoints.py
|
||||
|
@ -36,7 +36,7 @@
|
|||
|
||||
- name: install fedmsg ca.cert
|
||||
copy: >
|
||||
src=$puppet_private/fedmsg-certs/keys/ca.crt
|
||||
src="{{ puppet_private }}/fedmsg-certs/keys/ca.crt"
|
||||
dest=/etc/pki/fedmsg/ca.crt
|
||||
owner=root
|
||||
group=root
|
||||
|
@ -46,24 +46,24 @@
|
|||
|
||||
- name: fedmsg certs
|
||||
copy: >
|
||||
src=$private/files/fedmsg-certs/keys/{{item['service']}}-{{ansible_fqdn}}.crt
|
||||
src="{{ private }}/files/fedmsg-certs/keys/{{item['service']}}-{{ansible_fqdn}}.crt"
|
||||
dest=/etc/pki/fedmsg/
|
||||
mode=644
|
||||
owner={{item['owner']}}
|
||||
group={{item['group']}}
|
||||
with_items: ${fedmsg_certs}
|
||||
with_items: "{{ fedmsg_certs }}"
|
||||
when: fedmsg_certs != []
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: fedmsg keys
|
||||
copy: >
|
||||
src=$private/files/fedmsg-certs/keys/{{item['service']}}-{{ansible_fqdn}}.key
|
||||
src="{{ private }}/files/fedmsg-certs/keys/{{item['service']}}-{{ansible_fqdn}}.key"
|
||||
dest=/etc/pki/fedmsg/
|
||||
mode=0640
|
||||
owner={{item['owner']}}
|
||||
group={{item['group']}}
|
||||
with_items: ${fedmsg_certs}
|
||||
with_items: "{{ fedmsg_certs }}"
|
||||
when: fedmsg_certs != []
|
||||
tags:
|
||||
- config
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
- packages
|
||||
|
||||
- name: install needed packages
|
||||
yum: pkg=$item state=installed
|
||||
yum: pkg={{ item }} state=installed
|
||||
with_items:
|
||||
- fedocal
|
||||
- python-psycopg2
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
- packages
|
||||
|
||||
- name: install needed packages
|
||||
yum: pkg=$item state=installed
|
||||
yum: pkg={{ item }} state=installed
|
||||
with_items:
|
||||
- gallery3
|
||||
- gallery3-openid
|
||||
|
|
|
@ -6,8 +6,8 @@
|
|||
- packages
|
||||
|
||||
- name: push over the geoip db once
|
||||
copy: src=$item dest=/usr/share/GeoIP/
|
||||
with_fileglob: $bigfiles/geoip/*.dat
|
||||
copy: src={{ item }} dest=/usr/share/GeoIP/
|
||||
with_fileglob: "{{ bigfiles }}/geoip/*.dat"
|
||||
|
||||
- name: geoip syncing script via cron
|
||||
copy: src=geoip_sync dest=/etc/cron.d/geoip_sync mode=0644
|
||||
|
|
|
@ -2,10 +2,9 @@
|
|||
#
|
||||
# This task sets up iscsid and mpathd on a machine.
|
||||
#
|
||||
|
||||
#
|
||||
- name: install packages needed for iscsi_client
|
||||
yum: state=installed name=$item
|
||||
yum: state=installed name={{ item }}
|
||||
with_items:
|
||||
- iscsi-initiator-utils
|
||||
- device-mapper-multipath
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
# create a koji db user to own the db with the kojidatabasepassword from private
|
||||
#
|
||||
- name: koji db user
|
||||
postgresql_user: name=koji password=$aarch64kojidatabasepassword
|
||||
postgresql_user: name=koji password={{ aarch64kojidatabasepassword }}
|
||||
tags:
|
||||
- db
|
||||
when: is_kojidb == "True"
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
# Setup koji hub server.
|
||||
#
|
||||
- name: install koji hub server packages
|
||||
yum: name=$item state=installed
|
||||
yum: name={{ item }} state=installed
|
||||
with_items:
|
||||
- koji-hub
|
||||
- koji-web
|
||||
|
|
|
@ -35,7 +35,7 @@
|
|||
# Packages
|
||||
#
|
||||
- name: install needed packages
|
||||
yum: pkg=$item state=installed
|
||||
yum: pkg={{ item }} state=installed
|
||||
with_items:
|
||||
- mailman3
|
||||
- mailman3-selinux
|
||||
|
@ -93,11 +93,11 @@
|
|||
#
|
||||
|
||||
- name: create the configuration directory
|
||||
file: path=${mailman_webui_confdir} state=directory
|
||||
file: path={{ mailman_webui_confdir }} state=directory
|
||||
|
||||
- name: install the hyperkitty settings file
|
||||
template: src=settings.py.j2
|
||||
dest=${mailman_webui_confdir}/settings.py
|
||||
dest="{{ mailman_webui_confdir }}/settings.py"
|
||||
owner=root group=apache mode=0640
|
||||
tags:
|
||||
- config
|
||||
|
@ -107,14 +107,14 @@
|
|||
|
||||
- name: install the hyperkitty settings admin file
|
||||
template: src=settings_admin.py.j2
|
||||
dest=${mailman_webui_confdir}/settings_admin.py
|
||||
dest="{{ mailman_webui_confdir }}/settings_admin.py"
|
||||
owner=root group=root mode=0600
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: install the hyperkitty urls file
|
||||
copy: src=urls.py
|
||||
dest=${mailman_webui_confdir}/urls.py
|
||||
dest="{{ mailman_webui_confdir }}/urls.py"
|
||||
owner=root group=root mode=0644
|
||||
tags:
|
||||
- config
|
||||
|
@ -124,7 +124,7 @@
|
|||
|
||||
- name: install the hyperkitty wsgi file
|
||||
copy: src=webui.wsgi
|
||||
dest=${mailman_webui_confdir}/webui.wsgi
|
||||
dest="{{ mailman_webui_confdir }/webui.wsgi"
|
||||
owner=root group=root mode=0644
|
||||
tags:
|
||||
- config
|
||||
|
@ -133,7 +133,7 @@
|
|||
|
||||
- name: install the hyperkitty/postorius dummy httpd conf file
|
||||
template: src=apache-dummy.conf.j2
|
||||
dest=/etc/httpd/conf.d/$item.conf
|
||||
dest=/etc/httpd/conf.d/{{ item }}.conf
|
||||
with_items:
|
||||
- hyperkitty
|
||||
- postorius
|
||||
|
@ -151,15 +151,15 @@
|
|||
- reload apache
|
||||
|
||||
- name: copy the manage.py script
|
||||
command: /bin/cp /etc/hyperkitty/sites/default/manage.py ${mailman_webui_confdir}/manage.py
|
||||
creates=${mailman_webui_confdir}/manage.py
|
||||
command: /bin/cp /etc/hyperkitty/sites/default/manage.py "{{ mailman_webui_confdir }}/manage.py"
|
||||
creates="{{ mailman_webui_confdir }}/manage.py"
|
||||
|
||||
- name: create the kittystore plain text index dir
|
||||
file: path=${mailman_webui_basedir}/kittystore_search_index
|
||||
file: path="{{ mailman_webui_basedir }}/kittystore_search_index"
|
||||
state=directory owner=mailman group=mailman mode=0755
|
||||
|
||||
- name: create the hyperkitty static files dir
|
||||
file: path=${mailman_webui_basedir}/static
|
||||
file: path="{{ mailman_webui_basedir }}/static"
|
||||
state=directory owner=root group=root mode=0755
|
||||
|
||||
- name: install the kittystore cache cronjob
|
||||
|
@ -172,14 +172,14 @@
|
|||
#
|
||||
- name: copy the mailman-hyperkitty conffile
|
||||
template: src=mailman-hyperkitty.cfg.j2
|
||||
dest=${mailman_webui_confdir}/mailman-hyperkitty.cfg
|
||||
dest="{{ mailman_webui_confdir }}/mailman-hyperkitty.cfg"
|
||||
tags:
|
||||
- config
|
||||
notify:
|
||||
- restart mailman3
|
||||
|
||||
- name: symlink the hyperkitty conffile in mailman directory
|
||||
file: src=${mailman_webui_confdir}/mailman-hyperkitty.cfg
|
||||
file: src="{{ mailman_webui_confdir }}/mailman-hyperkitty.cfg"
|
||||
dest=/etc/mailman3.d/hyperkitty.cfg state=link
|
||||
tags:
|
||||
- config
|
||||
|
@ -196,7 +196,7 @@
|
|||
owner=root group=root mode=0644
|
||||
|
||||
- name: create the scripts dir
|
||||
file: path=${mailman_webui_basedir}/bin
|
||||
file: path="{{ mailman_webui_basedir }}/bin"
|
||||
state=directory owner=root group=root mode=0755
|
||||
|
||||
- name: install the migration environment
|
||||
|
@ -205,7 +205,7 @@
|
|||
owner=root group=root mode=0644
|
||||
|
||||
- name: install the scripts
|
||||
copy: src=${item} dest=${mailman_webui_basedir}/bin/${item}
|
||||
copy: src={{ item }} dest="{{ mailman_webui_basedir }}/bin/{{ item }}"
|
||||
owner=root group=root mode=0755
|
||||
with_items:
|
||||
- yamlget
|
||||
|
@ -224,7 +224,7 @@
|
|||
template: src=post-transaction.action.j2
|
||||
dest=/etc/yum/post-actions/hyperkitty.action
|
||||
- name: run the post-update script
|
||||
command: ${mailman_webui_basedir}/bin/post-update.sh
|
||||
command: "{{ mailman_webui_basedir }}/bin/post-update.sh"
|
||||
|
||||
|
||||
# Postfix
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
user: name=mirrormanager uid=441 state=present home=/home/mirrormanager createhome=yes
|
||||
|
||||
- name: install supervisor and mirrormanager
|
||||
yum: pkg=$item state=installed
|
||||
yum: pkg={{ item }} state=installed
|
||||
with_items:
|
||||
- supervisor
|
||||
- mirrormanager
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
---
|
||||
# install pkgs:
|
||||
- name: install nagios client pkgs
|
||||
yum: name=$item state=installed
|
||||
yum: name={{ item }} state=installed
|
||||
with_items:
|
||||
- nrpe
|
||||
- nagios-plugins
|
||||
|
@ -18,7 +18,7 @@
|
|||
- packages
|
||||
|
||||
- name: install local nrpe check scripts that are not packaged
|
||||
copy: src=scripts/$item dest={{ libdir }}/nagios/plugins/$item mode=0755 owner=nagios group=nagios
|
||||
copy: src="scripts/{{ item }}" dest="{{ libdir }}/nagios/plugins/{{ item }}" mode=0755 owner=nagios group=nagios
|
||||
with_items:
|
||||
- check_postfix_queue
|
||||
- check_raid.py
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
# Configuration for the notifications consumer
|
||||
|
||||
- name: install needed packages
|
||||
yum: pkg=$item state=installed
|
||||
yum: pkg={{ item }} state=installed
|
||||
with_items:
|
||||
- python-fmn-consumer
|
||||
- python-psycopg2
|
||||
|
@ -10,7 +10,7 @@
|
|||
|
||||
- name: copy database configuration
|
||||
template: >
|
||||
src=$item dest=/etc/fedmsg.d/$item
|
||||
src={{ item }} dest=/etc/fedmsg.d/{{ item }}
|
||||
owner=fedmsg group=fedmsg mode=0600
|
||||
with_items:
|
||||
- fmn.consumer.py
|
||||
|
|
|
@ -42,7 +42,7 @@
|
|||
state=directory
|
||||
|
||||
- name: copy live docs
|
||||
copy: src=$item dest=/usr/lib/python2.6/site-packages/fmn/web/docs
|
||||
copy: src={{ item }} dest=/usr/lib/python2.6/site-packages/fmn/web/docs
|
||||
with_fileglob: fedora-sitedocs/*.rst
|
||||
|
||||
- name: apply selinux type to static files
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
- packages
|
||||
|
||||
- name: install needed packages
|
||||
yum: pkg=$item state=installed
|
||||
yum: pkg={{ item }} state=installed
|
||||
with_items:
|
||||
- nuancier-lite
|
||||
- python-psycopg2
|
||||
|
@ -20,7 +20,7 @@
|
|||
|
||||
- name: copy sundry nuancier configuration
|
||||
template: src={{ item.file }}
|
||||
dest={{ item.location }}/{{ item.dest }}
|
||||
dest="{{ item.location }}/{{ item.dest }}"
|
||||
owner=apache group=apache mode=0600
|
||||
with_items:
|
||||
- { file: nuancier_admin.cfg, location: /etc/nuancier, dest: nuancier-lite.cfg }
|
||||
|
@ -49,7 +49,7 @@
|
|||
|
||||
- name: replace the nuancier configuration file by the one with the normal user
|
||||
template: src={{ item.file }}
|
||||
dest={{ item.location }}/{{ item.file }}
|
||||
dest="{{ item.location }}/{{ item.file }}"
|
||||
owner=apache group=apache mode=0600
|
||||
with_items:
|
||||
- { file: nuancier-lite.cfg, location: /etc/nuancier }
|
||||
|
@ -79,7 +79,7 @@
|
|||
|
||||
- name: hotfix python-fedora-flask to include latest flask_fas_openid
|
||||
template: src={{ item.file }}
|
||||
dest={{ item.location }}/{{ item.file }}
|
||||
dest="{{ item.location }}/{{ item.file }}"
|
||||
owner=apache group=apache mode=0600
|
||||
with_items:
|
||||
- { file: flask_fas_openid.py, location: /usr/lib/python2.6/site-packages/ }
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
# Setup postgresql server.
|
||||
#
|
||||
- name: install postgresql server packages
|
||||
yum: name=$item state=installed
|
||||
yum: name={{ item }} state=installed
|
||||
with_items:
|
||||
- postgresql-server
|
||||
- postgresql-contrib
|
||||
|
|
|
@ -5,30 +5,30 @@
|
|||
- packages
|
||||
|
||||
- name: /etc/pki/tls/private/totpcgi.pem
|
||||
copy: src=$puppet_private/2fa-certs/keys/${inventory_hostname}.pem dest=/etc/pki/tls/private/totpcgi.pem mode=0400
|
||||
copy: src="{{ puppet_private }}/2fa-certs/keys/{{ inventory_hostname }}.pem" dest=/etc/pki/tls/private/totpcgi.pem mode=0400
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: /etc/pki/tls/private/totpcgi-ca.cert
|
||||
copy: src=$puppet_private/2fa-certs/keys/ca.crt dest=/etc/pki/tls/private/totpcgi-ca.cert mode=0400
|
||||
copy: src="{{ puppet_private }}/2fa-certs/keys/ca.crt" dest=/etc/pki/tls/private/totpcgi-ca.cert mode=0400
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: /etc/pam_url.conf - split for staging/phx2/everyone else
|
||||
template: src=$item dest=/etc/pam_url.conf mode=0644
|
||||
template: src={{ item }} dest=/etc/pam_url.conf mode=0644
|
||||
with_first_found:
|
||||
- $files/2fa/pam_url.conf.${inventory_hostname}
|
||||
- $files/2fa/pam_url.conf.${ansible_domain}
|
||||
- $files/2fa/pam_url.conf.j2
|
||||
- "{{ files }}/2fa/pam_url.conf.{{ inventory_hostname }}"
|
||||
- "{{ files }}/2fa/pam_url.conf.{{ ansible_domain }}"
|
||||
- "{{ files }}/2fa/pam_url.conf.j2"
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: /etc/pam.d/sudo
|
||||
copy: src=$item dest=/etc/pam.d/sudo mode=0644
|
||||
copy: src={{ item }} dest=/etc/pam.d/sudo mode=0644
|
||||
with_first_found:
|
||||
- $files/2fa/sudo.pam.${inventory_hostname}
|
||||
- $files/2fa/sudo.pam.${ansible_domain}
|
||||
- $files/2fa/sudo.pam
|
||||
- "{{ files }}/2fa/sudo.pam.{{ inventory_hostname }}"
|
||||
- "{{ files }}/2fa/sudo.pam.{{ ansible_domain }}"
|
||||
- "{{ files }}/2fa/sudo.pam"
|
||||
tags:
|
||||
- config
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
- name: install needed packages for accelerated mode
|
||||
yum: pkg=$item state=installed
|
||||
yum: pkg={{ item }} state=installed
|
||||
with_items:
|
||||
- python-keyczar
|
||||
tags:
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
# install apache(httpd)
|
||||
- name: install apache
|
||||
yum: name=$item state=installed
|
||||
yum: name={{ item }} state=installed
|
||||
with_items:
|
||||
- httpd
|
||||
- httpd-tools
|
||||
|
@ -20,7 +20,7 @@
|
|||
|
||||
# install hash randomization hotfix
|
||||
- name: hotfix - copy over new httpd init script
|
||||
copy: src=$files/hotfix/httpd/httpd.init dest=/etc/init.d/httpd
|
||||
copy: src="{{ files }}/hotfix/httpd/httpd.init" dest=/etc/init.d/httpd
|
||||
owner=root group=root mode=0755
|
||||
notify:
|
||||
- restart apache
|
||||
|
@ -30,7 +30,7 @@
|
|||
- apache
|
||||
|
||||
- name: hotfix - copy over new httpd sysconfig
|
||||
copy: src=$files/hotfix/httpd/httpd.sysconfig dest=/etc/sysconfig/httpd
|
||||
copy: src="{{ files }}/hotfix/httpd/httpd.sysconfig" dest=/etc/sysconfig/httpd
|
||||
notify:
|
||||
- restart apache
|
||||
tags:
|
||||
|
@ -39,7 +39,7 @@
|
|||
- apache
|
||||
|
||||
- name: add appserver headers.conf
|
||||
template: src=$files/httpd/headers.conf.j2 dest=/etc/httpd/conf.d/headers.conf
|
||||
template: src="{{ files }}/httpd/headers.conf.j2" dest=/etc/httpd/conf.d/headers.conf
|
||||
notify:
|
||||
- restart apache
|
||||
tags:
|
||||
|
@ -47,10 +47,10 @@
|
|||
- apache
|
||||
|
||||
- name: add apache_status location for collectd
|
||||
template: src=$files/httpd/apachestatus.conf dest=/etc/httpd/conf.d/apachestatus.conf
|
||||
template: src="{{ files }}/httpd/apachestatus.conf" dest=/etc/httpd/conf.d/apachestatus.conf
|
||||
notify:
|
||||
- restart apache
|
||||
tags:
|
||||
- config
|
||||
- apache
|
||||
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
- packages
|
||||
|
||||
- name: ntp pkgs
|
||||
action: yum state=installed pkg=$item
|
||||
action: yum state=installed pkg={{ item }}
|
||||
with_items:
|
||||
- ntpdate
|
||||
- ntp
|
||||
|
@ -22,13 +22,13 @@
|
|||
- packages
|
||||
|
||||
- name: put step-tickers in place
|
||||
action: copy src=$files/common/step-tickers dest=/etc/ntp/step-tickers
|
||||
action: copy src="{{ files }}/common/step-tickers" dest=/etc/ntp/step-tickers
|
||||
|
||||
- name: enable the service
|
||||
action: service name=ntpd state=running enabled=true
|
||||
|
||||
- name: edit hostname to be instance name - prefix hostbase var if it exists
|
||||
action: shell hostname ${hostbase}`curl -s http://169.254.169.254/latest/meta-data/instance-id`
|
||||
action: shell hostname {{ hostbase }}`curl -s http://169.254.169.254/latest/meta-data/instance-id`
|
||||
tags:
|
||||
- config
|
||||
|
||||
|
@ -42,7 +42,7 @@
|
|||
- name: add root keys for sysadmin-main and other allowed users
|
||||
action: authorized_key user=root key="{{ item }}"
|
||||
with_pipe:
|
||||
- "${auth_keys_from_fas} @sysadmin-main ${root_auth_users}"
|
||||
- "{{ auth_keys_from_fas }} @sysadmin-main {{ root_auth_users }}"
|
||||
tags:
|
||||
- config
|
||||
ignore_errors: true
|
||||
|
|
|
@ -11,13 +11,13 @@
|
|||
|
||||
# install collected.conf
|
||||
- name: /etc/collectd.conf
|
||||
template: src=$files/collectd/collectd.conf.j2 dest=/etc/collectd.conf
|
||||
template: src="{{ files }}/collectd/collectd.conf.j2" dest=/etc/collectd.conf
|
||||
notify:
|
||||
- restart collectd
|
||||
|
||||
# install collectd-network config
|
||||
- name: /etc/collectd.d/network.conf
|
||||
copy: src=$files/collectd/network-client.conf dest=/etc/collectd.d/network.conf
|
||||
copy: src="{{ files }}/collectd/network-client.conf" dest=/etc/collectd.d/network.conf
|
||||
notify:
|
||||
- restart collectd
|
||||
|
||||
|
@ -26,13 +26,13 @@
|
|||
yum: state=installed name=collectd-apache
|
||||
notify:
|
||||
- restart collectd
|
||||
when_set: $collectd_apache
|
||||
when_set: {{ collectd_apache }}
|
||||
|
||||
- name: /etc/collectd/apache.conf
|
||||
copy: src=$files/collectd/apache.conf dest=/etc/collectd.d/apache.conf
|
||||
copy: src="{{ files }}/collectd/apache.conf" dest=/etc/collectd.d/apache.conf
|
||||
notify:
|
||||
- restart collectd
|
||||
when_set: $collectd_apache
|
||||
when_set: {{ collectd_apache }}
|
||||
|
||||
|
||||
# each of the below should move to a separate task list
|
||||
|
@ -60,4 +60,4 @@
|
|||
|
||||
# webproxy
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
#
|
||||
|
||||
- name: Install common scripts
|
||||
action: copy src=$item dest=/usr/local/bin/ owner=root group=root mode=0755
|
||||
with_fileglob: $files/common-scripts/*
|
||||
action: copy src={{ item }} dest=/usr/local/bin/ owner=root group=root mode=0755
|
||||
with_fileglob: "{{ files }}/common-scripts/*"
|
||||
tags:
|
||||
- config
|
||||
|
|
|
@ -17,13 +17,13 @@
|
|||
|
||||
- name: reboot the box
|
||||
action: command /sbin/reboot
|
||||
when: ${growpart.rc} == 0
|
||||
when: "{{ growpart.rc }} == 0"
|
||||
ignore_errors: true
|
||||
|
||||
- name: wait for it to come back (should be quick)
|
||||
local_action: wait_for host=${inventory_hostname} port=22 delay=10 timeout=120
|
||||
when: ${growpart.rc} == 0
|
||||
local_action: wait_for host={{ inventory_hostname }} port=22 delay=10 timeout=120
|
||||
when: "{{ growpart.rc }} == 0"
|
||||
|
||||
- name: resize the /dev/vda 2 fs
|
||||
action: command resize2fs /dev/vda2
|
||||
when: ${growpart.rc} == 0
|
||||
when: "{{ growpart.rc }} == 0"
|
||||
|
|
|
@ -10,9 +10,9 @@
|
|||
# Note that if it's not set it will just skip this play and do nothing.
|
||||
#
|
||||
- name: setup /etc/hosts for some clients
|
||||
action: copy src=$item dest=/etc/hosts
|
||||
action: copy src={{ item }} dest=/etc/hosts
|
||||
with_first_found:
|
||||
- files: $files/hosts/${ansible_fqdn}-hosts $files/hosts/${ansible_hostname}-hosts $files/hosts/${ansible_domain}-hosts $files/hosts/${host_group}-hosts
|
||||
- files: "{{ files }}/hosts/{{ ansible_fqdn }}-hosts" "{{ files }}/hosts/{{ ansible_hostname }}-hosts" "{{ files }}/hosts/{{ ansible_domain }}-hosts" "{{ files }}/hosts/{{ host_group }}-hosts"
|
||||
skip: true
|
||||
tags:
|
||||
- config
|
||||
|
|
|
@ -22,13 +22,13 @@
|
|||
- service
|
||||
|
||||
- name: iptables
|
||||
action: template src=$item dest=/etc/sysconfig/iptables mode=600 backup=yes
|
||||
action: template src={{ item }} dest=/etc/sysconfig/iptables mode=600 backup=yes
|
||||
with_first_found:
|
||||
- $iptables
|
||||
- $files/iptables/iptables.${ansible_fqdn}
|
||||
- $files/iptables/iptables.${host_group}
|
||||
- $files/iptables/iptables.${env}
|
||||
- $files/iptables/iptables
|
||||
- "{{ iptables }}"
|
||||
- "{{ files }}/iptables/iptables.{{ ansible_fqdn }}"
|
||||
- "{{ files }}/iptables/iptables.{{ host_group }}"
|
||||
- "{{ files }}/iptables/iptables.{{ env }}"
|
||||
- "{{ files }}/iptables/iptables"
|
||||
notify:
|
||||
- restart iptables
|
||||
tags:
|
||||
|
|
|
@ -16,12 +16,12 @@
|
|||
owner=sks group=sks mode=0755
|
||||
|
||||
- name: /srv/sks/membership
|
||||
copy: src=$files/keyserver/membership dest=/srv/sks/membership owner=sks group=sks mode=0644
|
||||
copy: src="{{ files }}/keyserver/membership" dest=/srv/sks/membership owner=sks group=sks mode=0644
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: /srv/sks/sksconf
|
||||
copy: src=$files/keyserver/sksconf dest=/srv/sks/sksconf owner=sks group=sks mode=0644
|
||||
copy: src="{{ files }}/keyserver/sksconf" dest=/srv/sks/sksconf owner=sks group=sks mode=0644
|
||||
tags:
|
||||
- config
|
||||
|
||||
|
@ -32,47 +32,47 @@
|
|||
owner=sks group=sks mode=0755
|
||||
|
||||
- name: /srv/sks/web/index.html
|
||||
copy: src=$files/keyserver/index.html dest=/srv/sks/web/index.html owner=sks group=sks mode=0644
|
||||
copy: src="{{ files }}/keyserver/index.html" dest=/srv/sks/web/index.html owner=sks group=sks mode=0644
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: /srv/sks/web/css.css
|
||||
copy: src=$files/keyserver/css.css dest=/srv/sks/web/css.css owner=sks group=sks mode=0644
|
||||
copy: src="{{ files }}/keyserver/css.css" dest=/srv/sks/web/css.css owner=sks group=sks mode=0644
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: /etc/httpd/conf.d/sks.conf
|
||||
copy: src=$files/keyserver/sks.conf dest=/etc/httpd/conf.d/sks.conf owner=root group=root mode=0644
|
||||
copy: src="{{ files }}/keyserver/sks.conf" dest=/etc/httpd/conf.d/sks.conf owner=root group=root mode=0644
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: /etc/httpd/conf.d/ssl.conf
|
||||
copy: src=$files/keyserver/ssl.conf dest=/etc/httpd/conf.d/ssl.conf owner=root group=root mode=0644
|
||||
copy: src="{{ files }}/keyserver/ssl.conf" dest=/etc/httpd/conf.d/ssl.conf owner=root group=root mode=0644
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: /etc/pki/tls/wildcard-2013.fedoraproject.org.cert
|
||||
copy: src=$puppet_private/httpd/wildcard-2013.fedoraproject.org.cert dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.cert owner=root group=root mode=0600
|
||||
copy: src="{{ puppet_private }}/httpd/wildcard-2013.fedoraproject.org.cert" dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.cert owner=root group=root mode=0600
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: /etc/pki/tls/wildcard-2013.fedoraproject.org.key
|
||||
copy: src=$puppet_private/httpd/wildcard-2013.fedoraproject.org.key dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.key owner=root group=root mode=0600
|
||||
copy: src="{{ puppet_private }}/httpd/wildcard-2013.fedoraproject.org.key" dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.key owner=root group=root mode=0600
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: /etc/pki/tls/wildcard-2013.fedoraproject.org.intermediate.cert
|
||||
copy: src=$puppet_private/httpd/wildcard-2013.fedoraproject.org.intermediate.cert dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.intermediate.cert owner=root group=root mode=0600
|
||||
copy: src="{{ puppet_private }}/httpd/wildcard-2013.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.intermediate.cert owner=root group=root mode=0600
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: /etc/pki/tls/keys_fedoraproject_org.crt.pem
|
||||
copy: src=$puppet_private/keys_fedoraproject_org.crt.pem dest=/etc/pki/tls/keys_fedoraproject_org.crt.pem owner=root group=root mode=0600
|
||||
copy: src="{{ puppet_private }}/keys_fedoraproject_org.crt.pem" dest=/etc/pki/tls/keys_fedoraproject_org.crt.pem owner=root group=root mode=0600
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: /etc/pki/tls/keys_fedoraproject_org.key
|
||||
copy: src=$puppet_private/keys_fedoraproject_org.key dest=/etc/pki/tls/keys_fedoraproject_org.key owner=root group=root mode=0600
|
||||
copy: src="{{ puppet_private }}/keys_fedoraproject_org.key" dest=/etc/pki/tls/keys_fedoraproject_org.key owner=root group=root mode=0600
|
||||
tags:
|
||||
- config
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
- name: set root passwd
|
||||
action: user name=root password=$builder_rootpw state=present
|
||||
action: user name=root password={{ builder_rootpw }} state=present
|
||||
|
||||
- name: add mock user as 425
|
||||
action: user name=mock uid=425 state=present home=/var/lib/mock createhome=yes system=yes
|
||||
|
@ -11,7 +11,7 @@
|
|||
action: file state=directory path=/var/lib/mock/.ssh mode=700 owner=mock group=mock
|
||||
|
||||
- name: add mock ssh keys
|
||||
action: copy src=$files/kojibuilder/mock_auth_keys dest=/var/lib/mock/.ssh/authorized_keys mode=640 owner=mock group=mock
|
||||
action: copy src="{{ files }}/kojibuilder/mock_auth_keys" dest=/var/lib/mock/.ssh/authorized_keys mode=640 owner=mock group=mock
|
||||
|
||||
- name: add kojibuilder
|
||||
action: user name=kojibuilder groups=mock
|
||||
|
@ -23,10 +23,10 @@
|
|||
action: file state=directory path=/home/mockbuilder/.ssh mode=700 owner=mockbuilder group=mockbuilder
|
||||
|
||||
- name: mockbuilder ssh key
|
||||
action: copy src=$files/kojibuilder/ftbfs_auth_keys dest=/home/mockbuilder/.ssh/authorized_keys mode=644 owner=mockbuilder group=mockbuilder
|
||||
action: copy src="{{ files }}/kojibuilder/ftbfs_auth_keys" dest=/home/mockbuilder/.ssh/authorized_keys mode=644 owner=mockbuilder group=mockbuilder
|
||||
|
||||
- name: make a bunch of dirs
|
||||
action: file state=directory path=$item
|
||||
action: file state=directory path={{ item }}
|
||||
with_items:
|
||||
- /pub
|
||||
- /mnt/fedora_koji
|
||||
|
@ -35,16 +35,16 @@
|
|||
- /var/spool/rsyslog
|
||||
|
||||
- name: add builder infra yum repo
|
||||
action: copy src=$files/kojibuilder/builder-infrastructure.repo dest=/etc/yum.repos.d/builder-infrastructure.repo
|
||||
action: copy src="{{ files }}/kojibuilder/builder-infrastructure.repo" dest=/etc/yum.repos.d/builder-infrastructure.repo
|
||||
|
||||
- name: clean up packages we do not need
|
||||
action: yum state=removed pkg=$item
|
||||
action: yum state=removed pkg={{ item }}
|
||||
with_items:
|
||||
- audit
|
||||
- 'cronie\*'
|
||||
|
||||
- name: add pkgs
|
||||
action: yum state=installed pkg=$item
|
||||
action: yum state=installed pkg={{ item }}
|
||||
with_items:
|
||||
- yum-utils
|
||||
- koji-builder
|
||||
|
@ -56,49 +56,49 @@
|
|||
- ntpdate
|
||||
|
||||
- name: /etc/kojid/kojid.conf
|
||||
action: copy src=$files/kojibuilder/kojid.conf dest=/etc/kojid/kojid.conf
|
||||
action: copy src="{{ files }}/kojibuilder/kojid.conf" dest=/etc/kojid/kojid.conf
|
||||
when: not inventory_hostname.startswith(('arm01','arm03'))
|
||||
notify:
|
||||
- restart kojid
|
||||
|
||||
|
||||
- name: arm /etc/kojid/kojid.conf
|
||||
action: copy src=$files/kojibuilder/arm-kojid.conf dest=/etc/kojid/kojid.conf
|
||||
action: copy src="{{ files }}/kojibuilder/arm-kojid.conf" dest=/etc/kojid/kojid.conf
|
||||
when: inventory_hostname.startswith(('arm01','arm03'))
|
||||
notify:
|
||||
- restart kojid
|
||||
|
||||
- name: /etc/koji/koji.conf
|
||||
action: copy src=$files/kojibuilder/koji.conf dest=/etc/koji.conf
|
||||
action: copy src="{{ files }}/kojibuilder/koji.conf" dest=/etc/koji.conf
|
||||
when: not inventory_hostname.startswith(('arm01','arm03'))
|
||||
|
||||
- name: /etc/koji/koji.conf
|
||||
action: copy src=$files/kojibuilder/arm-koji.conf dest=/etc/koji.conf
|
||||
action: copy src="{{ files }}/kojibuilder/arm-koji.conf" dest=/etc/koji.conf
|
||||
when: inventory_hostname.startswith(('arm01','arm03'))
|
||||
|
||||
- name: copy over koji ca cert
|
||||
action: copy src=$private/files/koji/buildercerts/fedora-ca.cert dest=/etc/kojid/cacert.pem
|
||||
action: copy src="{{ private }}/files/koji/buildercerts/fedora-ca.cert" dest=/etc/kojid/cacert.pem
|
||||
|
||||
- name: copy over /etc/security/limits.conf
|
||||
action: copy src=$files/kojibuilder/limits.conf dest=/etc/security/limits.conf
|
||||
action: copy src="{{ files }}/kojibuilder/limits.conf" dest=/etc/security/limits.conf
|
||||
|
||||
- name: copy over builder cert to /etc/kojid/kojibuilder.pem
|
||||
action: copy src=$private/files/koji/buildercerts/${inventory_hostname}.pem dest=/etc/kojid/kojibuilder.pem mode=600
|
||||
action: copy src="{{ private }}/files/koji/buildercerts/{{ inventory_hostname }}.pem" dest=/etc/kojid/kojibuilder.pem mode=600
|
||||
|
||||
- name: chkconfig kojid on and leave it running
|
||||
action: service name=kojid enabled=on
|
||||
# action: service name=kojid enabled=on state=started
|
||||
|
||||
- name: copy over authorized keys for root
|
||||
action: copy src=$files/kojibuilder/root_auth_keys dest=/root/.ssh/authorized_keys mode=644
|
||||
action: copy src="{{ files }}/kojibuilder/root_auth_keys" dest=/root/.ssh/authorized_keys mode=644
|
||||
|
||||
# idmapd and make sure it's set to run
|
||||
- name: idmapd.conf
|
||||
action: copy src=$files/kojibuilder/idmapd.conf dest=/etc/idmapd.conf
|
||||
action: copy src="{{ files }}/kojibuilder/idmapd.conf" dest=/etc/idmapd.conf
|
||||
tags:
|
||||
- configs
|
||||
- name: enable nfs-related services and run them
|
||||
action: service name=$item enabled=true state=started
|
||||
action: service name={{ item }} enabled=true state=started
|
||||
with_items:
|
||||
- rpcidmapd
|
||||
- rpcbind
|
||||
|
@ -106,7 +106,7 @@
|
|||
- nfslock
|
||||
|
||||
- name: route config for netapp network
|
||||
action: copy src=$files/kojibuilder/route-eth1 dest=/etc/sysconfig/network-scripts/route-eth1
|
||||
action: copy src="{{ files }}/kojibuilder/route-eth1" dest=/etc/sysconfig/network-scripts/route-eth1
|
||||
|
||||
- name: run netapp route
|
||||
command: /etc/sysconfig/network-scripts/ifup-routes eth1
|
||||
|
@ -122,7 +122,7 @@
|
|||
# mock configs for pungify job
|
||||
# TODO: restore this to "copy:", this is a temporary "fix" for https://github.com/ansible/ansible/issues/4377
|
||||
- name: put extra special mock configs in
|
||||
template: src=$files/kojibuilder/builders/$item dest=/etc/mock/$item mode=644
|
||||
template: src="{{ files }}/kojibuilder/builders/{{ item }}" dest="/etc/mock/{{ item }}" mode=644
|
||||
with_items:
|
||||
- fedora-branched-pungi-armhfp.cfg
|
||||
- fedora-branched-pungi-i386.cfg
|
||||
|
@ -132,14 +132,14 @@
|
|||
- fedora-rawhide-pungi-armhfp.cfg
|
||||
|
||||
- name: mock site-defaults.cfg
|
||||
action: copy src=$files/kojibuilder/builders/site-defaults.cfg dest=/etc/mock/site-defaults.cfg mode=0644 owner=root group=mock
|
||||
action: copy src="{{ files }}/kojibuilder/builders/site-defaults.cfg" dest=/etc/mock/site-defaults.cfg mode=0644 owner=root group=mock
|
||||
when: not inventory_hostname.startswith('bkernel')
|
||||
|
||||
- name: ntp steptickers
|
||||
action: copy src=$files/common/step-tickers dest=/etc/ntp/step-tickers
|
||||
action: copy src="{{ files }}/common/step-tickers" dest=/etc/ntp/step-tickers
|
||||
|
||||
- name: ntp.conf
|
||||
action: copy src=$files/common/ntp.conf dest=/etc/ntp.conf
|
||||
action: copy src="{{ files }}/common/ntp.conf" dest=/etc/ntp.conf
|
||||
|
||||
- name: enable ntpd
|
||||
action: service name=ntpd enabled=true state=started
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
- name: add pkgs for bkernel boxes
|
||||
action: yum state=latest pkg=$item enablerepo=epel-test
|
||||
action: yum state=latest pkg={{ item }} enablerepo=epel-test
|
||||
with_items:
|
||||
- pesign
|
||||
- ccid
|
||||
|
@ -22,11 +22,11 @@
|
|||
action: service name=pesign state=started enabled=true
|
||||
|
||||
- name: when you awake you will remember nothing
|
||||
action: copy src=$files/kojibuilder/history_off.sh dest=/etc/profile.d/history_off.sh mode=0644
|
||||
action: copy src="{{ files }}/kojibuilder/history_off.sh" dest=/etc/profile.d/history_off.sh mode=0644
|
||||
|
||||
- name: mock site-defaults.cfg
|
||||
action: copy src=$files/kojibuilder/builders/bkernel-site-defaults.cfg dest=/etc/mock/site-defaults.cfg mode=0644 owner=root group=mock
|
||||
action: copy src="{{ files }}/kojibuilder/builders/bkernel-site-defaults.cfg" dest=/etc/mock/site-defaults.cfg mode=0644 owner=root group=mock
|
||||
|
||||
- name: make sure our bkernel boxes have static ip
|
||||
action: template src=$files/kojibuilder/builders/bkernel-eth0-network dest=/etc/sysconfig/network-scripts/ifcfg-eth0
|
||||
action: template src="{{ files }}/kojibuilder/builders/bkernel-eth0-network" dest=/etc/sysconfig/network-scripts/ifcfg-eth0
|
||||
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
action: command /sbin/grubby --update-kernel=ALL --args=max_loop=64
|
||||
|
||||
- name: special pkgs for the x86_64 builders
|
||||
yum: state=installed pkg=$item
|
||||
yum: state=installed pkg={{ item }}
|
||||
with_items:
|
||||
- kmod-hfsplus
|
||||
when: is_rhel == 'True'
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
- name: set root passwd
|
||||
action: user name=root password=$builder_rootpw state=present
|
||||
action: user name=root password={{ builder_rootpw }} state=present
|
||||
|
||||
- name: add mock user as 425
|
||||
action: user name=mock uid=425 state=present home=/var/lib/mock createhome=yes system=yes
|
||||
|
@ -8,7 +8,7 @@
|
|||
- name: add mock ssh dir
|
||||
action: file state=directory path=/var/lib/mock/.ssh mode=700 owner=mock group=mock
|
||||
- name: add mock ssh keys
|
||||
action: copy src=$files/kojibuilder/mock_auth_keys dest=/var/lib/mock/.ssh/authorized_keys mode=644 owner=mock group=mock
|
||||
action: copy src="{{ files }}/kojibuilder/mock_auth_keys" dest=/var/lib/mock/.ssh/authorized_keys mode=644 owner=mock group=mock
|
||||
|
||||
- name: add ftpsync group
|
||||
action: group name=ftpsync gid=263 system=yes state=present
|
||||
|
@ -17,7 +17,7 @@
|
|||
action: user name=ftpsync uid=263 group=ftpsync system=yes home=/var/tmp/ftpsync createhome=yes system=yes state=present
|
||||
|
||||
- name: add the ftpsync update-fullfilelist script
|
||||
action: copy src=$files/releng/update-fullfilelist dest=/usr/local/bin/update-fullfilelist owner=ftpsync group=ftpsync mode=555
|
||||
action: copy src="{{ files }}/releng/update-fullfilelist" dest=/usr/local/bin/update-fullfilelist owner=ftpsync group=ftpsync mode=555
|
||||
|
||||
- name: add masher group
|
||||
action: group name=masher gid=751 system=yes state=present
|
||||
|
@ -28,18 +28,18 @@
|
|||
- name: add masher ssh dir
|
||||
action: file state=directory path=/home/masher/.ssh mode=700 owner=masher group=masher
|
||||
- name: add masher ssh keys
|
||||
action: copy src=$files/releng/mash/masher.$item dest=/home/masher/.ssh/$item mode=600 owner=masher group=masher
|
||||
action: copy src="{{ files }}/releng/mash/masher.{{ item }}" dest="/home/masher/.ssh/{{ item }}" mode=600 owner=masher group=masher
|
||||
with_items:
|
||||
- id_rsa.pub
|
||||
- config
|
||||
|
||||
- name: add masher ssh priv key
|
||||
action: copy src=$private/files/mash/masher.id_rsa dest=/home/masher/.ssh/id_rsa mode=600 owner=masher group=masher
|
||||
action: copy src="{{ private }}/files/mash/masher.id_rsa" dest=/home/masher/.ssh/id_rsa mode=600 owner=masher group=masher
|
||||
|
||||
- name: add masher koji cert/key
|
||||
action: copy src=$private/files/mash/masher.pem dest=/home/masher/.fedora.cert mode=600 owner=masher group=masher
|
||||
action: copy src="{{ private }}/files/mash/masher.pem dest=/home/masher/.fedora.cert" mode=600 owner=masher group=masher
|
||||
- name: add masher koji ca cert
|
||||
action: copy src=$private/files/koji/buildercerts/fedora-ca.cert dest=/home/masher/.fedora-server-ca.cert
|
||||
action: copy src="{{ private }}/files/koji/buildercerts/fedora-ca.cert" dest=/home/masher/.fedora-server-ca.cert
|
||||
|
||||
# rawhide group
|
||||
- name: rawhide group
|
||||
|
@ -49,7 +49,7 @@
|
|||
action: user name=rawhide uid=265 group=rawhide home=/tmp comment="rawhide compose account"
|
||||
|
||||
- name: make a bunch of dirs
|
||||
action: file state=directory path=$item
|
||||
action: file state=directory path={{ item }}
|
||||
with_items:
|
||||
- /pub
|
||||
- /pub/fedora
|
||||
|
@ -67,17 +67,17 @@
|
|||
action: file src=/mnt/fedora_koji/compose/cache dest=/srv/pungi/cache state=link
|
||||
|
||||
- name: add builder infra yum repo
|
||||
action: copy src=$files/kojibuilder/builder-infrastructure.repo dest=/etc/yum.repos.d/builder-infrastructure.repo
|
||||
action: copy src="{{ files }}/kojibuilder/builder-infrastructure.repo" dest=/etc/yum.repos.d/builder-infrastructure.repo
|
||||
tags:
|
||||
- configs
|
||||
|
||||
- name: add releng yum repo
|
||||
action: copy src=$files/releng/releng.repo dest=/etc/yum.repos.d/releng.repo
|
||||
action: copy src="{{ files }}/releng/releng.repo" dest=/etc/yum.repos.d/releng.repo
|
||||
tags:
|
||||
- configs
|
||||
|
||||
- name: add pkgs
|
||||
action: yum state=installed pkg=$item
|
||||
action: yum state=installed pkg={{ item }}
|
||||
with_items:
|
||||
- yum-utils
|
||||
- koji
|
||||
|
@ -93,12 +93,12 @@
|
|||
- pykickstart
|
||||
|
||||
- name: /etc/koji/koji.conf
|
||||
action: copy src=$files/kojibuilder/koji.conf dest=/etc/koji.conf
|
||||
action: copy src="{{ files }}/kojibuilder/koji.conf" dest=/etc/koji.conf
|
||||
|
||||
|
||||
# mock configs
|
||||
- name: put extra special mock configs in
|
||||
action: copy src=$files/releng/$item dest=/etc/mock/$item mode=644
|
||||
action: copy src="{{ files }}/releng/{{ item }}" dest="/etc/mock/{{ item }}" mode=644
|
||||
with_items:
|
||||
- fedora-branched-compose-armhfp.cfg
|
||||
- fedora-rawhide-compose-armhfp.cfg
|
||||
|
@ -109,12 +109,12 @@
|
|||
|
||||
# idmapd and make sure it's set to run
|
||||
- name: idmapd.conf
|
||||
action: copy src=$files/kojibuilder/idmapd.conf dest=/etc/idmapd.conf
|
||||
action: copy src="{{ files }}/kojibuilder/idmapd.conf" dest=/etc/idmapd.conf
|
||||
tags:
|
||||
- configs
|
||||
|
||||
- name: enable nfs-related services and run them
|
||||
action: service name=$item enabled=true state=started
|
||||
action: service name={{ item }} enabled=true state=started
|
||||
with_items:
|
||||
- rpcidmapd
|
||||
- rpcbind
|
||||
|
@ -123,7 +123,7 @@
|
|||
|
||||
|
||||
- name: route to netapp network
|
||||
action: copy src=$files/kojibuilder/route-eth1 dest=/etc/sysconfig/network-scripts/route-eth1
|
||||
action: copy src="{{ files }}/kojibuilder/route-eth1" dest=/etc/sysconfig/network-scripts/route-eth1
|
||||
notify:
|
||||
- restart netapproute
|
||||
|
||||
|
@ -138,26 +138,26 @@
|
|||
|
||||
# put cron job in for branched compose
|
||||
- name: branched compose cron
|
||||
action: copy src=$files/releng/branched dest=/etc/cron.d/branched
|
||||
action: copy src="{{ files }}/releng/branched" dest=/etc/cron.d/branched
|
||||
when: inventory_hostname.startswith('releng01')
|
||||
|
||||
# put cron job in for rawhide compose
|
||||
- name: rawhide compose cron
|
||||
action: copy src=$files/releng/rawhide dest=/etc/cron.d/rawhide
|
||||
action: copy src="{{ files }}/releng/rawhide" dest=/etc/cron.d/rawhide
|
||||
when: inventory_hostname.startswith('releng02')
|
||||
|
||||
- name: sudoers defaults
|
||||
action: copy src=$private/files/sudo/releng-sudoers dest=/etc/sudoers mode=0440
|
||||
action: copy src="{{ private }}/files/sudo/releng-sudoers" dest=/etc/sudoers mode=0440
|
||||
tags:
|
||||
- configs
|
||||
- name: sudoers for ftpsync
|
||||
action: copy src=$private/files/sudo/ftpsync-sudo dest=/etc/sudoers.d/ftpsync mode=0440
|
||||
action: copy src="{{ private }}/files/sudo/ftpsync-sudo" dest=/etc/sudoers.d/ftpsync mode=0440
|
||||
tags:
|
||||
- configs
|
||||
|
||||
# fedmsg message buss stuff.
|
||||
- name: fedmsg install
|
||||
action: yum state=installed pkg=$item
|
||||
action: yum state=installed pkg={{ item }}
|
||||
with_items:
|
||||
- fedmsg
|
||||
# needed for now, until moksha 0.8.8-4 pulls it in.
|
||||
|
@ -173,7 +173,7 @@
|
|||
tags:
|
||||
- fedmsg
|
||||
- name: fedmsg files
|
||||
action: copy src=$files/releng/fedmsg/$item dest=/etc/fedmsg.d/$item mode=644
|
||||
action: copy src="{{ files }}/releng/fedmsg/{{ item }}" dest="/etc/fedmsg.d/{{ item }}" mode=644
|
||||
with_items:
|
||||
- ircbot.py
|
||||
- ssl.py
|
||||
|
@ -182,32 +182,32 @@
|
|||
tags:
|
||||
- fedmsg
|
||||
- name: fedmsg ca
|
||||
action: copy src=$private/files/fedmsg-certs/keys/$item dest=/etc/pki/fedmsg/$item mode=644
|
||||
action: copy src="{{ private }}/files/fedmsg-certs/keys/{{ item }}" dest="/etc/pki/fedmsg/{{ item }}" mode=644
|
||||
with_items:
|
||||
- ca.crt
|
||||
- name: fedmsg cert
|
||||
action: copy src=$private/files/fedmsg-certs/keys/$item dest=/etc/pki/fedmsg/$item mode=644
|
||||
action: copy src="{{ private }}/files/fedmsg-certs/keys/{{ item }}" dest="/etc/pki/fedmsg/{{ item }}" mode=644
|
||||
with_items:
|
||||
- bodhi-releng01.phx2.fedoraproject.org.crt
|
||||
tags:
|
||||
- fedmsg
|
||||
when: inventory_hostname.startswith('releng01')
|
||||
- name: fedmsg key
|
||||
action: copy src=$private/files/fedmsg-certs/keys/$item dest=/etc/pki/fedmsg/$item mode=640 group=masher
|
||||
action: copy src="{{ private }}/files/fedmsg-certs/keys/{{ item }}" dest="/etc/pki/fedmsg/{{ item }}" mode=640 group=masher
|
||||
with_items:
|
||||
- bodhi-releng01.phx2.fedoraproject.org.key
|
||||
tags:
|
||||
- fedmsg
|
||||
when: inventory_hostname.startswith('releng01')
|
||||
- name: fedmsg cert
|
||||
action: copy src=$private/files/fedmsg-certs/keys/$item dest=/etc/pki/fedmsg/$item mode=644
|
||||
action: copy src="{{ private }}/files/fedmsg-certs/keys/{{ item }}" dest="/etc/pki/fedmsg/{{ item }}" mode=644
|
||||
with_items:
|
||||
- bodhi-releng02.phx2.fedoraproject.org.crt
|
||||
tags:
|
||||
- fedmsg
|
||||
when: inventory_hostname.startswith('releng02')
|
||||
- name: fedmsg key
|
||||
action: copy src=$private/files/fedmsg-certs/keys/$item dest=/etc/pki/fedmsg/$item mode=640 group=masher
|
||||
action: copy src="{{ private }}/files/fedmsg-certs/keys/{{ item }}" dest="/etc/pki/fedmsg/{{ item }}" mode=640 group=masher
|
||||
with_items:
|
||||
- bodhi-releng02.phx2.fedoraproject.org.key
|
||||
tags:
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
- packages
|
||||
|
||||
- name: wsgi.conf
|
||||
copy: src=$files/mod_wsgi/wsgi.conf dest=/etc/httpd/conf.d/wsgi.conf
|
||||
copy: src="{{ files }}/mod_wsgi/wsgi.conf" dest=/etc/httpd/conf.d/wsgi.conf
|
||||
notify:
|
||||
- restart apache
|
||||
tags:
|
||||
|
|
|
@ -3,14 +3,14 @@
|
|||
# Setup mysql server.
|
||||
#
|
||||
- name: install mysql server packages
|
||||
yum: name=$item state=installed
|
||||
yum: name={{ item }} state=installed
|
||||
with_items:
|
||||
- mysql-server
|
||||
tags:
|
||||
- packages
|
||||
|
||||
- name: install our my.cnf
|
||||
copy: src=$files/mysql/my.cnf dest=/etc/my.cnf owner=root group=root mode=0644
|
||||
copy: src="{{ files }}/mysql/my.cnf" dest=/etc/my.cnf owner=root group=root mode=0644
|
||||
|
||||
- name: Set mysql-server to run
|
||||
service: name=mysqld enabled=yes state=running
|
||||
|
|
|
@ -6,35 +6,35 @@
|
|||
- packages
|
||||
|
||||
- name: /etc/openvpn/ca.crt from vpn/openvpn/keys/ca.crt
|
||||
copy: src=$puppet_private/vpn/openvpn/keys/ca.crt dest=/etc/openvpn/ca.crt mode=0600 owner=root group=root
|
||||
copy: src="{{ puppet_private }}/vpn/openvpn/keys/ca.crt" dest=/etc/openvpn/ca.crt mode=0600 owner=root group=root
|
||||
tags:
|
||||
- config
|
||||
notify:
|
||||
- restart openvpn
|
||||
|
||||
- name: /etc/openvpn/crl.pem from vpn/openvpn/keys/crl.pem
|
||||
copy: src=$puppet_private/vpn/openvpn/keys/crl.pem dest=/etc/openvpn/crl.pem mode=0644 owner=root group=root
|
||||
copy: src="{{ puppet_private }}/vpn/openvpn/keys/crl.pem" dest=/etc/openvpn/crl.pem mode=0644 owner=root group=root
|
||||
tags:
|
||||
- config
|
||||
notify:
|
||||
- restart openvpn
|
||||
|
||||
- name: /etc/openvpn/openvpn.conf
|
||||
copy: src=$files/openvpn/client.conf dest=/etc/openvpn/openvpn.conf
|
||||
copy: src="{{ files }}/openvpn/client.conf" dest=/etc/openvpn/openvpn.conf
|
||||
tags:
|
||||
- config
|
||||
notify:
|
||||
- restart openvpn
|
||||
|
||||
- name: /etc/openvpn/client.crt
|
||||
copy: src=$puppet_private/vpn/openvpn/keys/${inventory_hostname}.crt dest=/etc/openvpn/client.crt mode=0600 owner=root group=root
|
||||
copy: src="{{ puppet_private }}/vpn/openvpn/keys/{{ inventory_hostname }}.crt" dest=/etc/openvpn/client.crt mode=0600 owner=root group=root
|
||||
tags:
|
||||
- config
|
||||
notify:
|
||||
- restart openvpn
|
||||
|
||||
- name: /etc/openvpn/client.key
|
||||
copy: src=$puppet_private/vpn/openvpn/keys/${inventory_hostname}.key dest=/etc/openvpn/client.key mode=0600 owner=root group=root
|
||||
copy: src="{{ puppet_private }}/vpn/openvpn/keys/{{ inventory_hostname }}.key" dest=/etc/openvpn/client.key mode=0600 owner=root group=root
|
||||
tags:
|
||||
- config
|
||||
notify:
|
||||
|
|
|
@ -1,25 +1,25 @@
|
|||
---
|
||||
- name: check it out
|
||||
local_action: shell nc -d -z -w 5 ${inventory_hostname} 22 >>/dev/null
|
||||
local_action: shell nc -d -z -w 5 {{ inventory_hostname }} 22 >>/dev/null
|
||||
register: host_is_up
|
||||
ignore_errors: true
|
||||
|
||||
- name: spin it up
|
||||
local_action: ec2 keypair=${keypair} image=${image} type=${instance_type} wait=true group=${security_group} ec2_access_key=$persist_access_key ec2_secret_key=$persist_secret_key ec2_url=$os_ec2_url
|
||||
local_action: ec2 keypair={{ keypair }} image={{ image }} type={{ instance_type }} wait=true group={{ security_group }} ec2_access_key={{ persist_access_key }} ec2_secret_key={{ persist_secret_key }} ec2_url={{ os_ec2_url }}
|
||||
register: inst_res
|
||||
when: host_is_up|failed
|
||||
|
||||
- name: assign it a special ip
|
||||
local_action: shell euca-associate-address --config ${persist_config} -i ${inst_res.instances[0].id} ${public_ip}
|
||||
local_action: shell euca-associate-address --config {{ persist_config }} -i {{ inst_res.instances[0].id }} {{ public_ip }}
|
||||
when: host_is_up|failed
|
||||
|
||||
- name: wait for the reassignation
|
||||
local_action: wait_for host=${public_ip} port=22 delay=20 timeout=300
|
||||
local_action: wait_for host={{ public_ip }} port=22 delay=20 timeout=300
|
||||
when: host_is_up|failed
|
||||
|
||||
# attach and mount volumes
|
||||
- name: attach volumes to the system
|
||||
local_action: shell euca-attach-volume --config ${persist_config} -i ${inst_res.instances[0].id} $item
|
||||
with_items: $volumes
|
||||
local_action: shell euca-attach-volume --config {{ persist_config }} -i {{ inst_res.instances[0].id }} {{ item }}
|
||||
with_items: "{{ volumes }}"
|
||||
when: volumes is defined and host_is_up|failed
|
||||
|
||||
|
|
|
@ -5,14 +5,14 @@
|
|||
- packages
|
||||
|
||||
- name: /etc/postfix/main.cf
|
||||
action: copy src=$item dest=/etc/postfix/main.cf
|
||||
action: copy src={{ item }} dest=/etc/postfix/main.cf
|
||||
with_first_found:
|
||||
- $postfix_maincf
|
||||
- $files/postfix/main.cf.${ansible_fqdn}
|
||||
- $files/postfix/main.cf.${inventory_hostname}
|
||||
- $files/postfix/main.cf.${host_group}
|
||||
- $files/postfix/main.cf.${postfix_group}
|
||||
- $files/postfix/main.cf
|
||||
- "{{ postfix_maincf }}"
|
||||
- "{{ files }}/postfix/main.cf.{{ ansible_fqdn }}"
|
||||
- "{{ files }}/postfix/main.cf.{{ inventory_hostname }}"
|
||||
- "{{ files }}/postfix/main.cf.{{ host_group }}"
|
||||
- "{{ files }}/postfix/main.cf.{{ postfix_group }}"
|
||||
- "{{ files }}/postfix/main.cf"
|
||||
notify:
|
||||
- restart postfix
|
||||
tags:
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
# tasklist for setting up a rdiff backup server.
|
||||
- name: install rdiff-backup
|
||||
yum: pkg=$item state=installed
|
||||
yum: pkg={{ item }} state=installed
|
||||
with_items:
|
||||
- rdiff-backup
|
||||
- git
|
||||
|
@ -10,11 +10,11 @@
|
|||
- packages
|
||||
|
||||
- name: setup rdiff backup script
|
||||
copy: src=$files/rdiff-backup/run-rdiff-backups dest=/usr/local/bin/run-rdiff-backups mode=755
|
||||
copy: src="{{ files }}/rdiff-backup/run-rdiff-backups" dest=/usr/local/bin/run-rdiff-backups mode=755
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: setup rdiff backup cron
|
||||
copy: src=$files/rdiff-backup/run-rdiff-backups.cron dest=/etc/cron.d/run-rdiff-backups
|
||||
copy: src="{{ files }}/rdiff-backup/run-rdiff-backups.cron" dest=/etc/cron.d/run-rdiff-backups
|
||||
tags:
|
||||
- config
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
|
||||
- name: upstart serial setup
|
||||
action: copy src=$files/common/ttyS0.conf dest=/etc/init/ttyS0.conf
|
||||
action: copy src="{{ files }}/common/ttyS0.conf" dest=/etc/init/ttyS0.conf
|
||||
when: is_rhel == 'True'
|
||||
tags:
|
||||
- configs
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
|
||||
- name: put builder-repo on system
|
||||
action: copy src=$files/sign/$item dest=/etc/yum.repos.d/$item
|
||||
action: copy src="{{ files }}/sign/{{ item }}" dest="/etc/yum.repos.d/{{ item }}"
|
||||
with_items:
|
||||
- builder-rpms.repo
|
||||
when: is_rhel == 'True'
|
||||
|
@ -10,7 +10,7 @@
|
|||
- packages
|
||||
|
||||
- name: install sigul
|
||||
action: yum state=installed name=$item
|
||||
action: yum state=installed name={{ item }}
|
||||
with_items:
|
||||
- sigul
|
||||
- ntp
|
||||
|
@ -20,24 +20,24 @@
|
|||
- packages
|
||||
|
||||
- name: setup /etc/sigul/bridge.conf file
|
||||
action: template src=$files/sign/bridge.conf.j2 dest=/etc/sigul/bridge.conf owner=root group=sigul mode=640
|
||||
action: template src="{{ files }}/sign/bridge.conf.j2" dest=/etc/sigul/bridge.conf owner=root group=sigul mode=640
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: setup /etc/sigul/server.conf file
|
||||
action: copy src=$files/sign/server.conf dest=/etc/sigul/server.conf owner=root group=sigul mode=640
|
||||
action: copy src="{{ files }}/sign/server.conf" dest=/etc/sigul/server.conf owner=root group=sigul mode=640
|
||||
|
||||
- name: ntp steptickers
|
||||
action: copy src=$files/common/step-tickers dest=/etc/ntp/step-tickers
|
||||
action: copy src="{{ files }}/common/step-tickers" dest=/etc/ntp/step-tickers
|
||||
|
||||
- name: ntp.conf
|
||||
action: copy src=$files/common/ntp.conf dest=/etc/ntp.conf
|
||||
action: copy src="{{ files }}/common/ntp.conf" dest=/etc/ntp.conf
|
||||
|
||||
- name: enable ntpd
|
||||
action: service name=ntpd enabled=true state=started
|
||||
|
||||
- name: /etc/hosts
|
||||
action: copy src=$files/hosts/sign-hosts dest=/etc/hosts
|
||||
action: copy src="{{ files }}/hosts/sign-hosts" dest=/etc/hosts
|
||||
tags:
|
||||
- configs
|
||||
|
||||
|
|
|
@ -7,16 +7,16 @@
|
|||
# Put in place the default sysadmin-main sudoers file.
|
||||
#
|
||||
- name: setup /etc/sudoers.d/sysadmin-main
|
||||
action: copy src=$private/files/sudo/sysadmin-main dest=/etc/sudoers.d/ owner=root group=root mode=0600
|
||||
action: copy src="{{ private }}/files/sudo/sysadmin-main" dest=/etc/sudoers.d/ owner=root group=root mode=0600
|
||||
tags:
|
||||
- config
|
||||
#
|
||||
# This will move a /etc/sudoers.d/ file in place
|
||||
#
|
||||
- name: setup /etc/sudoers.d/sudoer file for client use
|
||||
action: copy src=$item dest=/etc/sudoers.d/ owner=root group=root mode=0600
|
||||
action: copy src={{ item }} dest=/etc/sudoers.d/ owner=root group=root mode=0600
|
||||
with_first_found:
|
||||
- files: ${sudoers} ${private}/files/sudo/${ansible_fqdn}-sudoers ${private}/files/sudo/${ansible_hostname}-sudoers ${private}/files/sudo/${ansible_domain}-sudoers
|
||||
- files: "{{ sudoers }}" "{{ private }}/files/sudo/{{ ansible_fqdn }}-sudoers" "{{ private }}/files/sudo/{{ ansible_hostname }}-sudoers" "{{ private }}/files/sudo/{{ ansible_domain }}-sudoers"
|
||||
skip: true
|
||||
tags:
|
||||
- config
|
||||
|
|
|
@ -1,16 +1,16 @@
|
|||
---
|
||||
- name: spin it up
|
||||
local_action: ec2 keypair=${keypair} image=${image} type=${instance_type} wait=true group=${security_group} ec2_access_key=$transient_access_key ec2_secret_key=$transient_secret_key ec2_url=$os_ec2_url
|
||||
local_action: ec2 keypair={{ keypair }} image={{ image }} type={{ instance_type }} wait=true group={{ security_group }} ec2_access_key={{ transient_access_key }} ec2_secret_key={{ transient_secret_key }} ec2_url={{ os_ec2_url }}
|
||||
register: inst_res
|
||||
|
||||
- name: add it to the special group
|
||||
local_action: add_host hostname=${inst_res.instances[0].public_ip} groupname=tmp_just_created
|
||||
local_action: add_host hostname={{ inst_res.instances[0].public_ip }} groupname=tmp_just_created
|
||||
|
||||
|
||||
- name: mail off about where it is
|
||||
local_action: mail to=sysadmin-main-members@fedoraproject.org from=ansible-create@fedoraproject.org subject=${inst_res.instances[0].public_ip} msg="cloud instance created on ${inst_res.instances[0].public_ip}\n instance id - ${inst_res.instances[0].id} - ${hostbase} ${root_auth_users} "
|
||||
local_action: mail to=sysadmin-main-members@fedoraproject.org from=ansible-create@fedoraproject.org subject={{ inst_res.instances[0].public_ip }} msg="cloud instance created on {{ inst_res.instances[0].public_ip }}\n instance id - {{ inst_res.instances[0].id }} - {{ hostbase }} {{ root_auth_users }} "
|
||||
|
||||
- name: wait for the host to be hot
|
||||
local_action: wait_for host=${inst_res.instances[0].public_ip} port=22 delay=2 timeout=300
|
||||
local_action: wait_for host={{ inst_res.instances[0].public_ip }} port=22 delay=2 timeout=300
|
||||
|
||||
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
selinux: policy=targeted state=enforcing
|
||||
|
||||
- name: install libvirt packages
|
||||
yum: pkg=$item state=installed
|
||||
yum: pkg={{ item }} state=installed
|
||||
with_items:
|
||||
- qemu-kvm
|
||||
- libvirt
|
||||
|
@ -18,7 +18,7 @@
|
|||
# This provides us with the ability to use virt-manager from non root accounts.
|
||||
#
|
||||
- name: install libvirtd.conf
|
||||
copy: src=$files/virthost/libvirtd.conf dest=/etc/libvirt/libvirtd.conf
|
||||
copy: src="{{ files }}/virthost/libvirtd.conf" dest=/etc/libvirt/libvirtd.conf
|
||||
notify:
|
||||
- restart libvirtd
|
||||
tags:
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
- name: put rhel repos on system
|
||||
action: copy src=$files/common/$item dest=/etc/yum.repos.d/$item
|
||||
action: copy src="{{ files }}/common/{{ item }}" dest="/etc/yum.repos.d/{{ item }}"
|
||||
with_items:
|
||||
- epel6.repo
|
||||
- rhel6.repo
|
||||
|
@ -10,7 +10,7 @@
|
|||
- packages
|
||||
|
||||
- name: put fedora repos on x86 systems
|
||||
action: copy src=$files/common/$item dest=/etc/yum.repos.d/$item
|
||||
action: copy src="{{ files }}/common/{{ item }}" dest="/etc/yum.repos.d/{{ item }}"
|
||||
with_items:
|
||||
- fedora.repo
|
||||
- fedora-updates.repo
|
||||
|
@ -21,7 +21,7 @@
|
|||
- packages
|
||||
|
||||
- name: put fedora repos on arm systems
|
||||
action: copy src=$files/common/$item-arm dest=/etc/yum.repos.d/$item
|
||||
action: copy src="{{ files }}/common/{{ item-arm }}" dest="/etc/yum.repos.d/{{ item }}"
|
||||
with_items:
|
||||
- fedora.repo
|
||||
- fedora-updates.repo
|
||||
|
@ -32,7 +32,7 @@
|
|||
- packages
|
||||
|
||||
- name: add infrastructure repo
|
||||
action: copy src=$files/common/$item dest=/etc/yum.repos.d/$item
|
||||
action: copy src="{{ files }}/common/{{ item }}" dest="/etc/yum.repos.d/{{ item }}"
|
||||
with_items:
|
||||
- infrastructure.repo
|
||||
- infrastructure-testing.repo
|
||||
|
|
Loading…
Reference in New Issue