Fix old variable usage. Patch from janeznemanic. Thanks!

This commit is contained in:
Kevin Fenzi 2014-01-01 19:15:11 +00:00
parent d011bbde2c
commit f7d56ff2b1
98 changed files with 886 additions and 889 deletions

View File

@ -3,12 +3,12 @@
user: root
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- $private/vars.yml
- $vars/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
tasks:
- include: $tasks/cloud_setup_basic.yml
- include: "{{ tasks }}/cloud_setup_basic.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -1,22 +1,21 @@
DIE DIE DIE
there is no way this could work so fail
#DIE DIE DIE
# there is no way this could work so fail
#
# only works with -e target=
# requires --extra-vars="target=hostspec"
- name: destroy the cloud instance
hosts: $target
hosts: "{{ target }}"
user: root
gather_facts: false
tasks:
- name: fail if the host/ip is not up
local_action: wait_for host=${inventory_hostname} port=22 delay=0 timeout=10
when_string: inventory_hostname not in result.list_vms
local_action: wait_for host={{ inventory_hostname }} port=22 delay=0 timeout=10
when: inventory_hostname not in result.list_vms
- name: pause for 30s before doing it
pause: seconds=30 prompt="Destroying vm now $target, abort if this is wrong"
pause: seconds=30 prompt="Destroying vm now {{ target }}, abort if this is wrong"
- name: find the instance id from the builder
action: command curl -s http://169.254.169.254/latest/meta-data/instance-id

View File

@ -10,29 +10,29 @@
# requires --extra-vars="target=hostspec"
- name: destroy and undefine vm
hosts: $target
hosts: "{{ target }}"
user: root
gather_facts: false
tasks:
- name: get vm list on the vmhost
delegate_to: $vmhost
delegate_to: "{{ vmhost }}"
virt: command=list_vms
register: result
- name: fail if the host is not already defined/existent
local_action: fail msg="host does not exist on $vmhost"
local_action: fail msg="host does not exist on {{ vmhost }}"
when: inventory_hostname not in result.list_vms
- name: pause for 30s before doing it
pause: seconds=30 prompt="Destroying vm now $target, abort if this is wrong"
pause: seconds=30 prompt="Destroying vm now {{ target }}, abort if this is wrong"
- name: destroy the vm
action: virt name=${inventory_hostname} command=destroy
delegate_to: $vmhost
action: virt name={{ inventory_hostname }} command=destroy
delegate_to: "{{ vmhost }}"
- name: undefine the vm
action: virt name=${inventory_hostname} command=undefine
delegate_to: $vmhost
action: virt name={{ inventory_hostname }} command=undefine
delegate_to: "{{ vmhost }}"

View File

@ -8,16 +8,16 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- "{{ private }}/vars.yml"
vars:
- keypair: fedora-admin-20130801
- image: $el6_qcow_id
- image: "{{ el6_qcow_id }}"
- instance_type: m1.small
- security_group: default
tasks:
- include: $tasks/transient_cloud.yml
- include: "{{ tasks }}/transient_cloud.yml"
- name: provision instance
hosts: tmp_just_created
@ -26,13 +26,13 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
tasks:
- include: $tasks/growroot_cloud.yml
- include: $tasks/cloud_setup_basic.yml
- include: "{{ tasks }}/growroot_cloud.yml"
- include: "{{ tasks }}/cloud_setup_basic.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -8,15 +8,15 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- "{{ private }}/vars.yml"
vars:
- keypair: fedora-admin-20130801
- image: $f19_qcow_id
- image: "{{ f19_qcow_id }}"
- instance_type: m1.small
- security_group: default
tasks:
- include: $tasks/transient_cloud.yml
- include: "{{ tasks }}/transient_cloud.yml"
- name: provision instance
hosts: tmp_just_created
@ -25,8 +25,8 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
tasks:
- name: growpart /dev/vda1 partition (/) to full size
@ -36,14 +36,14 @@
- name: resize the /dev/vda 1 fs
action: command resize2fs /dev/vda1
when: ${growpart.rc} == 0
when: "{{ growpart.rc }} == 0"
- name: put the mbr back - b/c the resize breaks booting otherwise
action: shell cat /usr/share/syslinux/mbr.bin > /dev/vda
when: ${growpart.rc} == 0
when: "{{ growpart.rc }} == 0"
- include: $tasks/cloud_setup_basic.yml
- include: "{{ tasks }}/cloud_setup_basic.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -8,15 +8,15 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- "{{ private }}/vars.yml"
vars:
- keypair: fedora-admin-20130801
- image: $f18_qcow_id
- image: "{{ f18_qcow_id }}"
- instance_type: m1.small
- security_group: default
tasks:
- include: $tasks/transient_cloud.yml
- include: "{{ tasks }}/transient_cloud.yml"
- name: provision instance
hosts: tmp_just_created
@ -25,12 +25,12 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
tasks:
- include: $tasks/growroot_cloud.yml
- include: $tasks/cloud_setup_basic.yml
- include: "{{ tasks }}/growroot_cloud.yml"
- include: "{{ tasks }}/cloud_setup_basic.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -1,6 +1,6 @@
# requires --extra-vars "{'repos': ['yokan.git', 'yumex.git']}"
- name: Install the fedmsg hook into a number of fedrahosted git repos
- name: Install the fedmsg hook into a number of fedorahosted git repos
hosts: hosted03.fedoraproject.org
user: root
@ -18,32 +18,32 @@
# the command *if* that creates= file is already present. Its a hackaround to
# make this task idempotent.
- name: make sure the git repos exist in the first place
command: /bin/ls ${prefix}${item} creates=${prefix}${item}
with_items: ${repos}
command: /bin/ls {{ prefix }}{{ item }} creates={{ prefix }}{{ item }}
with_items: "{{ repos }}"
- name: ensure there is a post-receive-chained.d/ directory
file: >
state=directory
path=${prefix}${item}${chained}/
with_items: ${repos}
path="{{ prefix }}{{ item }}{{ chained }}/"
with_items: "{{ repos }}"
- name: move the old post-receive email hook into the chained dir
command: >
/bin/mv ${prefix}${item}/hooks/post-receive ${prefix}${item}${chained}/post-receive-email
removes=${prefix}${item}/hooks/post-receive
creates=${prefix}${item}${chained}/post-receive-email
with_items: ${repos}
/bin/mv "{{ prefix }}{{ item }}/hooks/post-receive" "{{ prefix }}{{ item }}{{ chained }}/post-receive-email"
removes="{{ prefix }}{{ item }}/hooks/post-receive"
creates="{{ prefix }}{{ item }}{{ chained }}/post-receive-email"
with_items: "{{ repos }}"
- name: symlink the fedmsg hook into the chained dir
file: >
path=${prefix}${item}${chained}/post-receive-fedmsg
src=${fedmsg_hook}
path="{{ prefix }}{{ item }}{{ chained }}/post-receive-fedmsg"
src={{ fedmsg_hook }}
state=link
with_items: ${repos}
with_items: "{{ repos }}"
- name: symlink in the chained hook redirector
file: >
path=${prefix}${item}/hooks/post-receive
src=${chained_hook}
path="{{ prefix }}{{ item }}/hooks/post-receive"
src={{ chained_hook }}
state=link
with_items: ${repos}
with_items: "{{ repos }}"

View File

@ -8,8 +8,8 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
roles:
- /srv/web/infra/ansible/roles/base
@ -19,11 +19,11 @@
tasks:
# this is how you include other task lists
- include: $tasks/hosts.yml
- include: $tasks/yumrepos.yml
- include: $tasks/2fa_client.yml
- include: $tasks/motd.yml
- include: $tasks/sudo.yml
- include: "{{ tasks }}/hosts.yml"
- include: "{{ tasks }}/yumrepos.yml"
- include: "{{ tasks }}/2fa_client.yml"
- include: "{{ tasks }}/motd.yml"
- include: "{{ tasks }}/sudo.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -8,8 +8,8 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
roles:
- /srv/web/infra/ansible/roles/base
@ -19,11 +19,11 @@
tasks:
# this is how you include other task lists
- include: $tasks/hosts.yml
- include: $tasks/yumrepos.yml
- include: $tasks/2fa_client.yml
- include: $tasks/motd.yml
- include: $tasks/sudo.yml
- include: "{{ tasks }}/hosts.yml"
- include: "{{ tasks }}/yumrepos.yml"
- include: "{{ tasks }}/2fa_client.yml"
- include: "{{ tasks }}/motd.yml"
- include: "{{ tasks }}/sudo.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -8,8 +8,8 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
roles:
- /srv/web/infra/ansible/roles/base
@ -20,12 +20,12 @@
tasks:
# this is how you include other task lists
- include: $tasks/hosts.yml
- include: $tasks/2fa_client.yml
- include: $tasks/motd.yml
- include: $tasks/common_scripts.yml
- include: $tasks/sudo.yml
- include: $tasks/koji/releng_config.yml
- include: "{{ tasks }}/hosts.yml"
- include: "{{ tasks }}/2fa_client.yml"
- include: "{{ tasks }}/motd.yml"
- include: "{{ tasks }}/common_scripts.yml"
- include: "{{ tasks }}/sudo.yml"
- include: "{{ tasks }}/koji/releng_config.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -11,8 +11,8 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
roles:
- /srv/web/infra/ansible/roles/base
@ -22,13 +22,13 @@
- /srv/web/infra/ansible/roles/fas_client
tasks:
- include: $tasks/hosts.yml
- include: $tasks/yumrepos.yml
- include: $tasks/2fa_client.yml
- include: $tasks/motd.yml
- include: $tasks/sudo.yml
- include: $tasks/mysql_server.yml
- include: $tasks/rdiff_backup_server.yml
- include: "{{ tasks }}/hosts.yml"
- include: "{{ tasks }}/yumrepos.yml"
- include: "{{ tasks }}/2fa_client.yml"
- include: "{{ tasks }}/motd.yml"
- include: "{{ tasks }}/sudo.yml"
- include: "{{ tasks }}/mysql_server.yml"
- include: "{{ tasks }}/rdiff_backup_server.yml"
- name: Create GNOME backup user
user: name=gnomebackup state=present home=/fedora_backups/gnome/ createhome=yes shell=/sbin/nologin
@ -40,10 +40,10 @@
copy: src=$files/gnome/ssh_config dest=/usr/local/etc/gnome_ssh_config mode=0600 owner=gnomebackup
- name: Install GNOME backup key
copy: src=${private}/files/gnome/backup_id.rsa dest=/usr/local/etc/gnome_backup_id.rsa mode=0600 owner=gnomebackup
copy: src="{{ private }}/files/gnome/backup_id.rsa" dest=/usr/local/etc/gnome_backup_id.rsa mode=0600 owner=gnomebackup
- name: Install GNOME backup script
copy: src=$files/gnome/backup.sh dest=/usr/local/bin/gnome_backup mode=0700 owner=gnomebackup
copy: src="{{ files }}/gnome/backup.sh" dest=/usr/local/bin/gnome_backup mode=0700 owner=gnomebackup
- name: Schedule the GNOME backup script
cron: name="Backup" hour=5 minute=0 job="(cd /fedora_backups/gnome/; /usr/local/bin/lock-wrapper gnomebackup /usr/local/bin/gnome_backup)" user=gnomebackup
@ -77,4 +77,4 @@
- expander.gnome.org
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -10,15 +10,15 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
tasks:
- include: $tasks/virt_instance_create.yml
- include: $tasks/accelerate_prep.yml
- include: "{{ tasks }}/virt_instance_create.yml"
- include: "{{ tasks }}/accelerate_prep.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"
- name: dole out the generic configuration
hosts: badges-backend;badges-backend-stg
@ -28,8 +28,8 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
roles:
- /srv/web/infra/ansible/roles/base
@ -40,16 +40,16 @@
- /srv/web/infra/ansible/roles/fedmsg_base
tasks:
- include: $tasks/hosts.yml
- include: $tasks/yumrepos.yml
- include: $tasks/2fa_client.yml
- include: $tasks/motd.yml
- include: $tasks/sudo.yml
- include: $tasks/openvpn_client.yml
- include: "{{ tasks }}/hosts.yml"
- include: "{{ tasks }}/yumrepos.yml"
- include: "{{ tasks }}/2fa_client.yml"
- include: "{{ tasks }}/motd.yml"
- include: "{{ tasks }}/sudo.yml"
- include: "{{ tasks }}/openvpn_client.yml"
when: env != "staging"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"
- name: dole out the service-specific config
hosts: badges-backend;badges-backend-stg
@ -63,5 +63,5 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"

View File

@ -10,15 +10,15 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
tasks:
- include: $tasks/virt_instance_create.yml
- include: $tasks/accelerate_prep.yml
- include: "{{ tasks }}/virt_instance_create.yml"
- include: "{{ tasks }}/accelerate_prep.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"
- name: make the box be real
hosts: badges-web;badges-web-stg
@ -28,8 +28,8 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
roles:
- /srv/web/infra/ansible/roles/base
@ -41,15 +41,15 @@
- /srv/web/infra/ansible/roles/fedmsg_base
tasks:
- include: $tasks/hosts.yml
- include: $tasks/yumrepos.yml
- include: $tasks/2fa_client.yml
- include: $tasks/motd.yml
- include: $tasks/sudo.yml
- include: $tasks/openvpn_client.yml
- include: "{{ tasks }}/hosts.yml"
- include: "{{ tasks }}/yumrepos.yml"
- include: "{{ tasks }}/2fa_client.yml"
- include: "{{ tasks }}/motd.yml"
- include: "{{ tasks }}/sudo.yml"
- include: "{{ tasks }}/openvpn_client.yml"
when: env != "staging"
- include: $tasks/apache.yml
- include: $tasks/mod_wsgi.yml
- include: "{{ tasks }}/apache.yml"
- include: "{{ tasks }}/mod_wsgi.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -9,14 +9,14 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
tasks:
- include: $tasks/virt_instance_create.yml
- include: "{{ tasks }}/virt_instance_create.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"
- name: make the box be real
hosts: beaker
@ -25,8 +25,8 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
roles:
- /srv/web/infra/ansible/roles/base
@ -37,12 +37,12 @@
tasks:
# this is how you include other task lists
- include: $tasks/hosts.yml
- include: $tasks/yumrepos.yml
- include: $tasks/2fa_client.yml
- include: $tasks/collectd/client.yml
- include: $tasks/motd.yml
- include: $tasks/sudo.yml
- include: "{{ tasks }}/hosts.yml"
- include: "{{ tasks }}/yumrepos.yml"
- include: "{{ tasks }}/2fa_client.yml"
- include: "{{ tasks }}/collectd/client.yml"
- include: "{{ tasks }}/motd.yml"
- include: "{{ tasks }}/sudo.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -9,19 +9,19 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
roles:
- /srv/web/infra/ansible/roles/base
tasks:
- include: $tasks/koji/base_builder.yml
- include: $tasks/koji/builder_kernel_config.yml
- include: $tasks/koji/bkernel-setup.yml
- include: "{{ tasks }}/koji/base_builder.yml"
- include: "{{ tasks }}/koji/builder_kernel_config.yml"
- include: "{{ tasks }}/koji/bkernel-setup.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"
- name: restart kojid
action: service name=kojid state=restarted

View File

@ -9,19 +9,19 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
roles:
- /srv/web/infra/ansible/roles/base
tasks:
- include: $tasks/yumrepos.yml
- include: $tasks/hosts.yml
- include: $tasks/koji/base_builder.yml
- include: "{{ tasks }}/yumrepos.yml"
- include: "{{ tasks }}/hosts.yml"
- include: "{{ tasks }}/koji/base_builder.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"
- name: restart kojid
action: service name=kojid state=restarted
@ -35,18 +35,18 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
roles:
- /srv/web/infra/ansible/roles/base
tasks:
- include: $tasks/hosts.yml
- include: $tasks/koji/builder_kernel_config.yml
- include: "{{ tasks }}/hosts.yml"
- include: "{{ tasks }}/koji/builder_kernel_config.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"
- name: restart kojid
action: service name=kojid state=restarted

View File

@ -11,14 +11,14 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
tasks:
- include: $tasks/virt_instance_create.yml
- include: "{{ tasks }}/virt_instance_create.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"
- name: make koji builder(s)
hosts: buildvm
@ -28,19 +28,19 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
roles:
- /srv/web/infra/ansible/roles/base
tasks:
- include: $tasks/hosts.yml
- include: $tasks/koji/base_builder.yml
- include: $tasks/koji/builder_kernel_config.yml
- include: "{{ tasks }}/hosts.yml"
- include: "{{ tasks }}/koji/base_builder.yml"
- include: "{{ tasks }}/koji/builder_kernel_config.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"
- name: restart kojid
action: service name=kojid state=restarted

View File

@ -5,14 +5,14 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
tasks:
- include: $tasks/virt_instance_create.yml
- include: "{{ tasks }}/virt_instance_create.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"
- name: make the box be real
hosts: docs-backend
@ -21,8 +21,8 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
roles:
- /srv/web/infra/ansible/roles/base
@ -34,12 +34,12 @@
tasks:
# this is how you include other task lists
- include: $tasks/hosts.yml
- include: $tasks/yumrepos.yml
- include: $tasks/2fa_client.yml
- include: $tasks/collectd/client.yml
- include: $tasks/motd.yml
- include: $tasks/sudo.yml
- include: "{{ tasks }}/hosts.yml"
- include: "{{ tasks }}/yumrepos.yml"
- include: "{{ tasks }}/2fa_client.yml"
- include: "{{ tasks }}/collectd/client.yml"
- include: "{{ tasks }}/motd.yml"
- include: "{{ tasks }}/sudo.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -10,15 +10,15 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
tasks:
- include: $tasks/virt_instance_create.yml
- include: $tasks/accelerate_prep.yml
- include: "{{ tasks }}/virt_instance_create.yml"
- include: "{{ tasks }}/accelerate_prep.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"
- name: make the box be real
hosts: fedocal-stg;fedocal
@ -28,8 +28,8 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
roles:
- /srv/web/infra/ansible/roles/base
@ -39,18 +39,18 @@
- /srv/web/infra/ansible/roles/fas_client
tasks:
- include: $tasks/hosts.yml
- include: $tasks/yumrepos.yml
- include: $tasks/2fa_client.yml
- include: $tasks/motd.yml
- include: $tasks/sudo.yml
- include: $tasks/openvpn_client.yml
- include: "{{ tasks }}/hosts.yml"
- include: "{{ tasks }}/yumrepos.yml"
- include: "{{ tasks }}/2fa_client.yml"
- include: "{{ tasks }}/motd.yml"
- include: "{{ tasks }}/sudo.yml"
- include: "{{ tasks }}/openvpn_client.yml"
when: env != "staging"
- include: $tasks/apache.yml
- include: $tasks/mod_wsgi.yml
- include: "{{ tasks }}/apache.yml"
- include: "{{ tasks }}/mod_wsgi.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"
- name: set up fedmsg
hosts: fedocal-stg;fedocal
@ -60,14 +60,14 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
roles:
- /srv/web/infra/ansible/roles/fedmsg_base
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"
- name: deploy fedocal itself
hosts: fedocal-stg;fedocal
@ -77,11 +77,11 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
roles:
- /srv/web/infra/ansible/roles/fedocal
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -11,14 +11,14 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
tasks:
- include: $tasks/virt_instance_create.yml
- include: "{{ tasks }}/virt_instance_create.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"
- name: make the box be real
hosts: gallery-stg
@ -28,8 +28,8 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
roles:
- /srv/web/infra/ansible/roles/base
@ -40,15 +40,15 @@
- /srv/web/infra/ansible/roles/fedmsg_base
tasks:
- include: $tasks/hosts.yml
- include: $tasks/yumrepos.yml
- include: $tasks/2fa_client.yml
- include: $tasks/motd.yml
- include: $tasks/sudo.yml
- include: $tasks/apache.yml
- include: "{{ tasks }}/hosts.yml"
- include: "{{ tasks }}/yumrepos.yml"
- include: "{{ tasks }}/2fa_client.yml"
- include: "{{ tasks }}/motd.yml"
- include: "{{ tasks }}/sudo.yml"
- include: "{{ tasks }}/apache.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"
- name: deploy gallery itself
hosts: gallery-stg
@ -58,11 +58,11 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
roles:
- /srv/web/infra/ansible/roles/gallery
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -7,11 +7,11 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- "{{ private }}/vars.yml"
tasks:
- include: $tasks/persistent_cloud.yml
- include: $tasks/growroot_cloud.yml
- include: "{{ tasks }}/persistent_cloud.yml"
- include: "{{ tasks }}/growroot_cloud.yml"
- name: provision master
hosts: 209.132.184.153
@ -22,8 +22,8 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
vars:
- resolvconf: resolv.conf/jenkins-cloud
@ -31,7 +31,7 @@
- /srv/web/infra/ansible/roles/base
tasks:
- include: $tasks/cloud_setup_basic.yml
- include: "{{ tasks }}/cloud_setup_basic.yml"
- name: make the jenkins path
action: file state=directory path=/var/lib/jenkins
@ -40,14 +40,14 @@
action: mount name=/var/lib/jenkins src='LABEL=jenkins' fstype=ext4 state=mounted
- name: poke firewall holes
action: command lokkit $item
action: command lokkit {{ item }}
with_items:
- --service=ssh
- --service=https
- --service=http
- name: install pkgs for jenkins
action: yum state=installed pkg=$item
action: yum state=installed pkg={{ item }}
with_items:
- vim
- dejavu-s\*
@ -60,7 +60,7 @@
- packages
- name: add jenkins proxy config file for apache
action: copy src=$files/jenkins/master/jenkins-apache.conf dest=/etc/httpd/conf.d/jenkins-apache.conf owner=root group=root mode=0644
action: copy src="{{ files }}/jenkins/master/jenkins-apache.conf" dest=/etc/httpd/conf.d/jenkins-apache.conf owner=root group=root mode=0644
notify:
- restart httpd
tags:
@ -70,24 +70,24 @@
action: service name=httpd state=running enabled=true
- name: add jenkins upstream repo
action: copy src=$files/jenkins/master/jenkins.repo dest=/etc/yum.repos.d/jenkins.repo owner=root group=root
action: copy src="{{ files }}/jenkins/master/jenkins.repo" dest=/etc/yum.repos.d/jenkins.repo owner=root group=root
tags:
- config
- name: import jenkins upstream gpg key
action: copy src=$files/jenkins/master/jenkins-ci.org.key dest=/etc/pki/rpm-gpg/RPM-GPG-KEY-jenkins-ci.org owner=root group=root
action: copy src="{{ files }}/jenkins/master/jenkins-ci.org.key" dest=/etc/pki/rpm-gpg/RPM-GPG-KEY-jenkins-ci.org owner=root group=root
tags:
- config
- name: install pkgs for jenkins
action: yum state=installed pkg=$item
action: yum state=installed pkg={{ item }}
with_items:
- jenkins
tags:
- packages
- name: set the hostname to jenkins-osversion
action: command hostname jenkins-master-${dist_tag}
action: command hostname jenkins-master-{{ dist_tag }}
tags:
- config
@ -101,19 +101,19 @@
action: file state=directory path=/var/lib/jenkins/plugins/ owner=jenkins group=jenkins
- name: import jenkins plugins
action: copy src=$item owner=jenkins group=jenkins dest=/var/lib/jenkins/plugins/
with_fileglob: $files/jenkins/master/plugins/*.hpi
action: copy src={{ item }} owner=jenkins group=jenkins dest=/var/lib/jenkins/plugins/
with_fileglob: "{{ files }}/jenkins/master/plugins/*.hpi"
tags:
- config
- name: import jenkins configuration files
action: copy src=$item owner=jenkins group=jenkins dest=/var/lib/jenkins/ backup=yes
with_fileglob: $files/jenkins/master/*.xml
action: copy src={{ item }} owner=jenkins group=jenkins dest=/var/lib/jenkins/ backup=yes
with_fileglob: "{{ files }}/jenkins/master/*.xml"
tags:
- config
- name: add jenkins ssh priv key so it can connect to clients
action: copy src=$private/files/jenkins/ssh/jenkins_master dest=/var/tmp/jenkins_master_id_rsa mode=600 owner=jenkins group=jenkins
action: copy src="{{ private }}/files/jenkins/ssh/jenkins_master" dest=/var/tmp/jenkins_master_id_rsa mode=600 owner=jenkins group=jenkins
tags:
- config
@ -126,13 +126,13 @@
poll: 20
- name: jenkins hotfix big file
copy: src=$item dest=/var/lib/jenkins/plugins/openid/WEB-INF/lib/ group=jenkins mode=655
with_fileglob: $bigfiles/hotfixes/jenkins/openid/*.jar
copy: src={{ item }} dest=/var/lib/jenkins/plugins/openid/WEB-INF/lib/ group=jenkins mode=655
with_fileglob: "{{ bigfiles }}/hotfixes/jenkins/openid/*.jar"
notify:
- restart jenkins
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"
###################################################
# jenkins slaves
@ -146,14 +146,14 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- "{{ private }}/vars.yml"
vars:
- keypair: fedora-admin-20130801
- security_group: default
tasks:
- include: $tasks/persistent_cloud.yml
- include: $tasks/growroot_cloud.yml
- include: "{{ tasks }}/persistent_cloud.yml"
- include: "{{ tasks }}/growroot_cloud.yml"
- name: provision workers
hosts: jenkins-slaves
@ -164,21 +164,21 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
tasks:
- include: $tasks/cloud_setup_basic.yml
- include: "{{ tasks }}/cloud_setup_basic.yml"
- name: add jenkins repos
action: copy src=$item dest=/etc/yum.repos.d/ owner=root group=root
with_fileglob: $files/jenkins/slaves/*.repo
action: copy src={{ item }} dest=/etc/yum.repos.d/ owner=root group=root
with_fileglob: "{{ files }}/jenkins/slaves/*.repo"
tags:
- config
- packages
- name: install pkgs for jenkins
action: yum state=installed pkg=$item
action: yum state=installed pkg={{ item }}
with_items:
- vim
- java-1.7.0-openjdk
@ -219,7 +219,7 @@
- packages
- name: install pkgs for jenkins for fedora systems
action: yum state=installed pkg=$item
action: yum state=installed pkg={{ item }}
#when: is_fedora == 'True'
with_items:
- python3
@ -303,7 +303,7 @@
- name: copy android SDK
when: is_fedora == 'True'
action: copy src=$bigfiles/jenkins/android-sdk-with-platform-17.tar.gz dest=/var/android/ owner=jenkins_slave group=jenkins_slave
action: copy src="{{ bigfiles }}/jenkins/android-sdk-with-platform-17.tar.gz" dest=/var/android/ owner=jenkins_slave group=jenkins_slave
- name: extract android SDK
when: is_fedora == 'True'
@ -314,7 +314,7 @@
action: file state=absent path=/var/android/android-sdk-with-platform-17.tar.gz
- name: set the hostname to jenkins-osversion
action: command hostname jenkins-${dist_tag}
action: command hostname jenkins-{{ dist_tag }}
tags:
- config
@ -326,21 +326,21 @@
- name: setup jenkins_slave ssh key
action: authorized_key user=jenkins_slave key="{{ item }}"
with_file:
- $private/files/jenkins/ssh/jenkins_master.pub
- "{{ private }}/files/jenkins/ssh/jenkins_master.pub"
- name: jenkins_slave to mock group
action: user name=jenkins_slave groups=mock
- name: add .gitconfig for jenkins_slave user
action: copy src=$files/jenkins/gitconfig dest=/home/jenkins_slave/.gitconfig owner=jenkins_slave group=jenkins_slave mode=664
action: copy src="{{ files }}/jenkins/gitconfig" dest=/home/jenkins_slave/.gitconfig owner=jenkins_slave group=jenkins_slave mode=664
tags:
- config
- name: template sshd_config
action: copy src=$item dest=/etc/ssh/sshd_config mode=0600 owner=root group=root
action: copy src={{ item }} dest=/etc/ssh/sshd_config mode=0600 owner=root group=root
first_available_file:
- $files/jenkins/sshd_config_slave.$ansible_distribution
- $files/jenkins/sshd_config_slave
- "{{ files }}/jenkins/sshd_config_slave.{{ ansible_distribution }}"
- "{{ files }}/jenkins/sshd_config_slave"
notify:
- restart sshd
tags:
@ -350,5 +350,5 @@
action: file state=directory path=/mnt/jenkins owner=jenkins_slave group=jenkins_slave
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -9,8 +9,8 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
roles:
- /srv/web/infra/ansible/roles/base
@ -21,15 +21,15 @@
tasks:
# this is how you include other task lists
- include: $tasks/hosts.yml
- include: $tasks/yumrepos.yml
- include: $tasks/2fa_client.yml
- include: $tasks/motd.yml
- include: $tasks/sudo.yml
- include: "{{ tasks }}/hosts.yml"
- include: "{{ tasks }}/yumrepos.yml"
- include: "{{ tasks }}/2fa_client.yml"
- include: "{{ tasks }}/motd.yml"
- include: "{{ tasks }}/sudo.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -11,14 +11,14 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
tasks:
- include: $tasks/virt_instance_create.yml
- include: "{{ tasks }}/virt_instance_create.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"
- name: make the box be real
hosts: keys01.fedoraproject.org
@ -28,8 +28,8 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
roles:
- /srv/web/infra/ansible/roles/base
@ -40,14 +40,14 @@
- /srv/web/infra/ansible/roles/fedmsg_base
tasks:
- include: $tasks/hosts.yml
- include: $tasks/yumrepos.yml
- include: $tasks/2fa_client.yml
- include: $tasks/openvpn_client.yml
- include: $tasks/motd.yml
- include: $tasks/sudo.yml
- include: $tasks/apache.yml
- include: $tasks/keyserver.yml
- include: "{{ tasks }}/hosts.yml"
- include: "{{ tasks }}/yumrepos.yml"
- include: "{{ tasks }}/2fa_client.yml"
- include: "{{ tasks }}/openvpn_client.yml"
- include: "{{ tasks }}/motd.yml"
- include: "{{ tasks }}/sudo.yml"
- include: "{{ tasks }}/apache.yml"
- include: "{{ tasks }}/keyserver.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -9,14 +9,14 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
tasks:
- include: $tasks/virt_instance_create.yml
- include: "{{ tasks }}/virt_instance_create.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"
# Once the instance exists, configure it.
@ -27,8 +27,8 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
roles:
- /srv/web/infra/ansible/roles/base
@ -39,12 +39,12 @@
- /srv/web/infra/ansible/roles/koji_hub
tasks:
- include: $tasks/hosts.yml
- include: $tasks/yumrepos.yml
- include: $tasks/2fa_client.yml
- include: $tasks/motd.yml
- include: $tasks/sudo.yml
- include: $tasks/collectd/client.yml
- include: "{{ tasks }}/hosts.yml"
- include: "{{ tasks }}/yumrepos.yml"
- include: "{{ tasks }}/2fa_client.yml"
- include: "{{ tasks }}/motd.yml"
- include: "{{ tasks }}/sudo.yml"
- include: "{{ tasks }}/collectd/client.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -10,15 +10,15 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
tasks:
- include: $tasks/virt_instance_create.yml
- include: $tasks/accelerate_prep.yml
- include: "{{ tasks }}/virt_instance_create.yml"
- include: "{{ tasks }}/accelerate_prep.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"
- name: make the box be real
hosts: mailman-stg
@ -28,8 +28,8 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
roles:
- /srv/web/infra/ansible/roles/base
@ -41,17 +41,17 @@
tasks:
# this is how you include other task lists
- include: $tasks/hosts.yml
- include: $tasks/yumrepos.yml
- include: $tasks/2fa_client.yml
- include: $tasks/collectd/client.yml
- include: $tasks/motd.yml
- include: $tasks/sudo.yml
- include: $tasks/apache.yml
- include: $tasks/mod_wsgi.yml
- include: "{{ tasks }}/hosts.yml"
- include: "{{ tasks }}/yumrepos.yml"
- include: "{{ tasks }}/2fa_client.yml"
- include: "{{ tasks }}/collectd/client.yml"
- include: "{{ tasks }}/motd.yml"
- include: "{{ tasks }}/sudo.yml"
- include: "{{ tasks }}/apache.yml"
- include: "{{ tasks }}/mod_wsgi.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"
# Database setup
@ -62,23 +62,23 @@
sudo_user: postgres
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
tasks:
# mailman auto-updates its schema, there can only be one admin user
- name: mailman DB user
postgresql_user: name=mailmanadmin password=$mailman_mm_db_pass
postgresql_user: name=mailmanadmin password={{ mailman_mm_db_pass }}
- name: hyperkitty DB admin user
postgresql_user: name=hyperkittyadmin password=$mailman_hk_admin_db_pass
postgresql_user: name=hyperkittyadmin password={{ mailman_hk_admin_db_pass }}
- name: hyperkitty DB user
postgresql_user: name=hyperkittyapp password=$mailman_hk_db_pass
postgresql_user: name=hyperkittyapp password={{ mailman_hk_db_pass }}
- name: kittystore DB admin user
postgresql_user: name=kittystoreadmin password=$mailman_ks_admin_db_pass
postgresql_user: name=kittystoreadmin password={{ mailman_ks_admin_db_pass }}
- name: kittystore DB user
postgresql_user: name=kittystoreapp password=$mailman_ks_db_pass
postgresql_user: name=kittystoreapp password={{ mailman_ks_db_pass }}
- name: databases creation
postgresql_db: name=$item owner=${item}admin encoding=UTF-8
postgresql_db: name={{ item }} owner="{{ item }}admin" encoding=UTF-8
with_items:
- mailman
- hyperkitty
@ -93,8 +93,8 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
roles:
- /srv/web/infra/ansible/roles/mailman
@ -102,7 +102,7 @@
tasks:
- name: install more needed packages
yum: pkg=$item state=installed
yum: pkg={{ item }} state=installed
with_items:
- tar
- mailman # transition from mailman2.1
@ -114,11 +114,11 @@
# owner=root group=root mode=0600
- name: start services
service: state=started enabled=yes name=$item
service: state=started enabled=yes name={{ item }}
with_items:
- httpd
- mailman3
- postfix
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -11,14 +11,14 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
tasks:
- include: $tasks/virt_instance_create.yml
- include: "{{ tasks }}/virt_instance_create.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"
- name: make the box be real
hosts: mirrorlist
@ -28,8 +28,8 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
roles:
- /srv/web/infra/ansible/roles/base
@ -42,16 +42,16 @@
tasks:
# this is how you include other task lists
- include: $tasks/hosts.yml
- include: $tasks/yumrepos.yml
- include: $tasks/2fa_client.yml
- include: $tasks/collectd/client.yml
- include: $tasks/openvpn_client.yml
- include: $tasks/motd.yml
- include: $tasks/sudo.yml
- include: $tasks/apache.yml
- include: $tasks/mod_wsgi.yml
- include: "{{ tasks }}/hosts.yml"
- include: "{{ tasks }}/yumrepos.yml"
- include: "{{ tasks }}/2fa_client.yml"
- include: "{{ tasks }}/collectd/client.yml"
- include: "{{ tasks }}/openvpn_client.yml"
- include: "{{ tasks }}/motd.yml"
- include: "{{ tasks }}/sudo.yml"
- include: "{{ tasks }}/apache.yml"
- include: "{{ tasks }}/mod_wsgi.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -10,15 +10,15 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
tasks:
- include: $tasks/virt_instance_create.yml
- include: $tasks/accelerate_prep.yml
- include: "{{ tasks }}/virt_instance_create.yml"
- include: "{{ tasks }}/accelerate_prep.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"
- name: dole out the generic configuration
hosts: notifs-backend;notifs-backend-stg
@ -28,8 +28,8 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
roles:
- /srv/web/infra/ansible/roles/base
@ -40,16 +40,16 @@
- /srv/web/infra/ansible/roles/fedmsg_base
tasks:
- include: $tasks/hosts.yml
- include: $tasks/yumrepos.yml
- include: $tasks/2fa_client.yml
- include: $tasks/motd.yml
- include: $tasks/sudo.yml
- include: $tasks/openvpn_client.yml
- include: "{{ tasks }}/hosts.yml"
- include: "{{ tasks }}/yumrepos.yml"
- include: "{{ tasks }}/2fa_client.yml"
- include: "{{ tasks }}/motd.yml"
- include: "{{ tasks }}/sudo.yml"
- include: "{{ tasks }}/openvpn_client.yml"
when: env != "staging"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"
- name: dole out the service-specific config
hosts: notifs-backend;notifs-backend-stg
@ -63,5 +63,5 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"

View File

@ -10,15 +10,15 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
tasks:
- include: $tasks/virt_instance_create.yml
- include: $tasks/accelerate_prep.yml
- include: "{{ tasks }}/virt_instance_create.yml"
- include: "{{ tasks }}/accelerate_prep.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"
- name: make the box be real
hosts: notifs-web;notifs-web-stg
@ -28,8 +28,8 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
roles:
- /srv/web/infra/ansible/roles/base
@ -41,15 +41,15 @@
- /srv/web/infra/ansible/roles/notifs-frontend
tasks:
- include: $tasks/hosts.yml
- include: $tasks/yumrepos.yml
- include: $tasks/2fa_client.yml
- include: $tasks/motd.yml
- include: $tasks/sudo.yml
- include: $tasks/openvpn_client.yml
- include: "{{ tasks }}/hosts.yml"
- include: "{{ tasks }}/yumrepos.yml"
- include: "{{ tasks }}/2fa_client.yml"
- include: "{{ tasks }}/motd.yml"
- include: "{{ tasks }}/sudo.yml"
- include: "{{ tasks }}/openvpn_client.yml"
when: env != "staging"
- include: $tasks/apache.yml
- include: $tasks/mod_wsgi.yml
- include: "{{ tasks }}/apache.yml"
- include: "{{ tasks }}/mod_wsgi.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -10,15 +10,15 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
tasks:
- include: $tasks/virt_instance_create.yml
- include: $tasks/accelerate_prep.yml
- include: "{{ tasks }}/virt_instance_create.yml"
- include: "{{ tasks }}/accelerate_prep.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"
- name: make the box be real
hosts: nuancier;nuancier-stg
@ -28,8 +28,8 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
roles:
- /srv/web/infra/ansible/roles/base
@ -39,18 +39,18 @@
- /srv/web/infra/ansible/roles/fas_client
tasks:
- include: $tasks/hosts.yml
- include: $tasks/yumrepos.yml
- include: $tasks/2fa_client.yml
- include: $tasks/motd.yml
- include: $tasks/sudo.yml
- include: $tasks/openvpn_client.yml
- include: "{{ tasks }}/hosts.yml"
- include: "{{ tasks }}/yumrepos.yml"
- include: "{{ tasks }}/2fa_client.yml"
- include: "{{ tasks }}/motd.yml"
- include: "{{ tasks }}/sudo.yml"
- include: "{{ tasks }}/openvpn_client.yml"
when: env != "staging"
- include: $tasks/apache.yml
- include: $tasks/mod_wsgi.yml
- include: "{{ tasks }}/apache.yml"
- include: "{{ tasks }}/mod_wsgi.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"
- name: set up fedmsg
hosts: nuancier;nuancier-stg

View File

@ -9,14 +9,14 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
tasks:
- include: $tasks/virt_instance_create.yml
- include: "{{ tasks }}/virt_instance_create.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"
# Once the instance exists, configure it.
@ -27,8 +27,8 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
roles:
- /srv/web/infra/ansible/roles/base
@ -39,12 +39,12 @@
- /srv/web/infra/ansible/roles/postgresql_server
tasks:
- include: $tasks/hosts.yml
- include: $tasks/yumrepos.yml
- include: $tasks/2fa_client.yml
- include: $tasks/motd.yml
- include: $tasks/sudo.yml
- include: $tasks/collectd/client.yml
- include: "{{ tasks }}/hosts.yml"
- include: "{{ tasks }}/yumrepos.yml"
- include: "{{ tasks }}/2fa_client.yml"
- include: "{{ tasks }}/motd.yml"
- include: "{{ tasks }}/sudo.yml"
- include: "{{ tasks }}/collectd/client.yml"
- name: make koji db
hosts: dbserver-secondary
@ -54,8 +54,8 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
roles:
- /srv/web/infra/ansible/roles/koji_db
@ -63,4 +63,4 @@
# TODO: add iscsi task
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -11,14 +11,14 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
tasks:
- include: $tasks/virt_instance_create.yml
- include: "{{ tasks }}/virt_instance_create.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"
# Once the instance exists, configure it.
@ -30,18 +30,18 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
roles:
- /srv/web/infra/ansible/roles/base
- /srv/web/infra/ansible/roles/nagios_client
tasks:
- include: $tasks/koji/releng_config.yml
- include: $tasks/hosts.yml
- include: $tasks/motd.yml
- include: "{{ tasks }}/koji/releng_config.yml"
- include: "{{ tasks }}/hosts.yml"
- include: "{{ tasks }}/motd.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -13,17 +13,17 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
roles:
- /srv/web/infra/ansible/roles/base
- /srv/web/infra/ansible/roles/rkhunter
tasks:
- include: $tasks/serialgetty.yml
- include: $tasks/motd.yml
- include: $tasks/sign_setup.yml
- include: "{{ tasks }}/serialgetty.yml"
- include: "{{ tasks }}/motd.yml"
- include: "{{ tasks }}/sign_setup.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -9,14 +9,14 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
tasks:
- include: $tasks/virt_instance_create.yml
- include: "{{ tasks }}/virt_instance_create.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"
- name: make the box be real
hosts: taskbot
@ -25,8 +25,8 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
roles:
- /srv/web/infra/ansible/roles/base
@ -38,12 +38,12 @@
tasks:
# this is how you include other task lists
- include: $tasks/hosts.yml
- include: $tasks/yumrepos.yml
- include: $tasks/2fa_client.yml
- include: $tasks/collectd/client.yml
- include: $tasks/motd.yml
- include: $tasks/sudo.yml
- include: "{{ tasks }}/hosts.yml"
- include: "{{ tasks }}/yumrepos.yml"
- include: "{{ tasks }}/2fa_client.yml"
- include: "{{ tasks }}/collectd/client.yml"
- include: "{{ tasks }}/motd.yml"
- include: "{{ tasks }}/sudo.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -10,8 +10,8 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
roles:
- /srv/web/infra/ansible/roles/base
@ -22,13 +22,13 @@
- /srv/web/infra/ansible/roles/iscsi_client
tasks:
- include: $tasks/hosts.yml
- include: $tasks/yumrepos.yml
- include: $tasks/2fa_client.yml
- include: $tasks/motd.yml
- include: $tasks/sudo.yml
- include: $tasks/collectd/client.yml
- include: $tasks/virthost.yml
- include: "{{ tasks }}/hosts.yml"
- include: "{{ tasks }}/yumrepos.yml"
- include: "{{ tasks }}/2fa_client.yml"
- include: "{{ tasks }}/motd.yml"
- include: "{{ tasks }}/sudo.yml"
- include: "{{ tasks }}/collectd/client.yml"
- include: "{{ tasks }}/virthost.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -5,11 +5,11 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- "{{ private }}/vars.yml"
tasks:
- include: $tasks/persistent_cloud.yml
- include: $tasks/growroot_cloud.yml
- include: "{{ tasks }}/persistent_cloud.yml"
- include: "{{ tasks }}/growroot_cloud.yml"
- name: provision instance
hosts: 209.132.184.143
@ -18,19 +18,19 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
tasks:
- include: $tasks/cloud_setup_basic.yml
- include: $tasks/postfix_basic.yml
- include: "{{ tasks }}/cloud_setup_basic.yml"
- include: "{{ tasks }}/postfix_basic.yml"
- name: mount up disk of persistent storage
action: mount name=/srv/persist src='LABEL=artboard' fstype=ext4 state=mounted
# open up ports (22, 80, 443)
- name: poke holes in the firewall
action: command lokkit $item
action: command lokkit {{ item }}
with_items:
- --service=ssh
- --service=https
@ -38,7 +38,7 @@
# packages needed
- name: add packages
action: yum state=present name=$item
action: yum state=present name={{ item }}
with_items:
- rsync
- openssh-clients
@ -51,12 +51,12 @@
# packages needed to be gone
- name: erase packages
action: yum state=absent name=$item
action: yum state=absent name={{ item }}
with_items:
- cronie-anacron
- name: artboard backup thing
action: copy src=$files/artboard/artboard-backup dest=/etc/cron.daily/artboard-backup mode=0755
action: copy src="{{ files }}/artboard/artboard-backup" dest=/etc/cron.daily/artboard-backup mode=0755
- name: make artboard subdir
action: file path=/srv/persist/artboard mode=0755 state=directory
@ -65,7 +65,7 @@
action: file state=link src=/srv/persist/artboard path=/var/www/html/artboard
- name: add apache confs
action: copy src=$files/artboard/$item dest=/etc/httpd/conf.d/$item backup=true
action: copy src="{{ files }}/artboard/{{ item }}" dest="/etc/httpd/conf.d/{{ item }}" backup=true
with_items:
- artboard.conf
- redirect.conf
@ -75,4 +75,4 @@
action: service name=httpd state=started
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -5,11 +5,11 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- "{{ private }}/vars.yml"
tasks:
- include: $tasks/persistent_cloud.yml
- include: $tasks/growroot_cloud.yml
- include: "{{ tasks }}/persistent_cloud.yml"
- include: "{{ tasks }}/growroot_cloud.yml"
- name: provision instance
hosts: blockerbugs-dev.cloud.fedoraproject.org
@ -21,14 +21,14 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
tasks:
- include: $tasks/cloud_setup_basic.yml
- include: $tasks/iptables.yml
- include: "{{ tasks }}/cloud_setup_basic.yml"
- include: "{{ tasks }}/iptables.yml"
- name: mount up blockerbugs-dev to /srv/persistent
mount: name=/srv/persistent src='LABEL=blockerbugs-dev' fstype=ext4 state=mounted
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -5,11 +5,11 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- "{{ private }}/vars.yml"
tasks:
- include: $tasks/persistent_cloud.yml
- include: $tasks/growroot_cloud.yml
- include: "{{ tasks }}/persistent_cloud.yml"
- include: "{{ tasks }}/growroot_cloud.yml"
- name: provision instance
hosts: copr-be-dev.cloud.fedoraproject.org
@ -18,19 +18,19 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
tasks:
- include: $tasks/cloud_setup_basic.yml
- include: $tasks/iptables.yml
- include: "{{ tasks }}/cloud_setup_basic.yml"
- include: "{{ tasks }}/iptables.yml"
- name: copy copr.repo
action: copy src=$files/copr/fe/yum/copr.repo dest=/etc/yum.repos.d/copr.repo
action: copy src="{{ files }}/copr/fe/yum/copr.repo" dest=/etc/yum.repos.d/copr.repo
# packages needed
- name: add packages for copr-be
action: yum state=present name=$item
action: yum state=present name= {{ item }}
with_items:
- copr-selinux
- copr-backend
@ -39,7 +39,7 @@
- name: make copr dirs
file: state=directory path=$item
file: state=directory path= {{ item }}
with_items:
- /var/lib/copr/jobs
- /var/lib/copr/public_html/results
@ -49,44 +49,44 @@
chdir: /var/lib/copr/public_html/results
- name: setup dirs there
action: file state=directory path=/home/copr/$item owner=copr group=copr mode=0700
action: file state=directory path="/home/copr/{{ item }}" owner=copr group=copr mode=0700
with_items:
- cloud
- .ssh
- name: add copr-buildsys keys to copr user path
action: copy src=$item dest=/home/copr/cloud/ owner=copr group=copr mode=0600
with_fileglob: $private/files/openstack/copr-copr/*
action: copy src={{ item }} dest=/home/copr/cloud/ owner=copr group=copr mode=0600
with_fileglob: "{{ private }}/files/openstack/copr-copr/*"
- name: setup privkey for copr user
action: copy src=$private/files/copr/buildsys.priv dest=/home/copr/.ssh/id_rsa owner=copr group=copr mode=600
action: copy src="{{ private }}/files/copr/buildsys.priv" dest=/home/copr/.ssh/id_rsa owner=copr group=copr mode=600
- name: setup copr user ssh config file
action: copy src=$files/copr/ssh_config dest=/home/copr/.ssh/config owner=copr group=copr mode=600
action: copy src="{{ files }}/copr/ssh_config" dest=/home/copr/.ssh/config owner=copr group=copr mode=600
- name: create empty known_hosts
action: copy src=/dev/null dest=/home/copr/.ssh/known_hosts owner=copr group=copr mode=600
- name: replace bashrc for copr user
action: copy src=$files/copr/copr_bashrc dest=/home/copr/.bashrc owner=copr group=copr mode=600
action: copy src="{{ files }}/copr/copr_bashrc" dest=/home/copr/.bashrc owner=copr group=copr mode=600
- name: auth_key so we can login to localhost as the copr user from the copr user
action: authorized_key user=copr key="{{ item }}"
with_file:
- ${files}/copr/provision/files/buildsys.pub
- "{{ files }}/copr/provision/files/buildsys.pub"
- name: copy .boto file
action: copy src=$files/copr/boto dest=/home/copr/.boto owner=copr group=copr
action: copy src="{{ files }}/copr/boto" dest=/home/copr/.boto owner=copr group=copr
# setup webserver
- name: add config for copr-repo path
action: copy src=$files/copr/lighttpd/lighttpd.conf dest=/etc/lighttpd/lighttpd.conf owner=root group=root mode=0644
action: copy src="{{ files }}/copr/lighttpd/lighttpd.conf" dest=/etc/lighttpd/lighttpd.conf owner=root group=root mode=0644
notify:
- restart lighttpd
# mime default to text/plain and enable dirlisting for indexes
- name: update lighttpd configs
action: copy src=$files/copr/lighttpd/$item dest=/etc/lighttpd/conf.d/$item owner=root group=root mode=0644
action: copy src="{{ files }}/copr/lighttpd/{{ item }}" dest="/etc/lighttpd/conf.d/{{ item }}" owner=root group=root mode=0644
with_items:
- dirlisting.conf
- mime.conf
@ -98,7 +98,7 @@
# setup dirs for the ansible execution off of provisioning
- name: dirs from provision
action: file state=directory path=/home/copr/provision/$item owner=copr group=copr
action: file state=directory path="/home/copr/provision/{{ item }}" owner=copr group=copr
with_items:
- action_plugins
- library
@ -108,13 +108,12 @@
- provision_config
- name: put ansible.cfg for all this into /etc/ansible/ on the system
action: copy src=$files/copr/provision/ansible.cfg dest=/etc/ansible/ansible.cfg
action: copy src="{{ files }}/copr/provision/ansible.cfg" dest=/etc/ansible/ansible.cfg
tags:
- provision_config
- name: put some files into the provision subdir
action: copy src=$files/copr/provision/$item dest=/home/copr/provision/$item
action: copy src="{{ files }}/copr/provision/{{ item }}" dest="/home/copr/provision/{{ item }}"
with_items:
- inventory
- builderpb.yml
@ -123,21 +122,21 @@
- provision_config
- name: put files into the files subdir off of provisioning
action: copy src=$item dest=/home/copr/provision/files/
with_fileglob: $files/copr/provision/files/*
action: copy src={{ item }} dest=/home/copr/provision/files/
with_fileglob: "{{ files }}/copr/provision/files/*"
tags:
- provision_config
# ansible lacks a recurse - so we need this until then
- name: put files into the files/mock subdir off of provisioning
action: copy src=$item dest=/home/copr/provision/files/mock
with_fileglob: $files/copr/provision/files/mock/*
action: copy src={{ item }} dest=/home/copr/provision/files/mock
with_fileglob: "{{ files }}/copr/provision/files/mock/*"
tags:
- provision_config
- name: copy copr-be.conf
action: copy src=$files/copr/copr-be.conf-dev dest=/etc/copr/copr-be.conf
action: copy src="{{ files }}/copr/copr-be.conf-dev" dest=/etc/copr/copr-be.conf
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -5,11 +5,11 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- "{{ private }}/vars.yml"
tasks:
- include: $tasks/persistent_cloud.yml
- include: $tasks/growroot_cloud.yml
- include: "{{ tasks }}/persistent_cloud.yml"
- include: "{{ tasks }}/growroot_cloud.yml"
- name: provision instance
hosts: 209.132.184.142
@ -18,16 +18,16 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
# Roles are run first, before tasks, regardless of where you place them here.
roles:
- /srv/web/infra/ansible/roles/fedmsg_base
tasks:
- include: $tasks/cloud_setup_basic.yml
- include: $tasks/iptables.yml
- include: "{{ tasks }}/cloud_setup_basic.yml"
- include: "{{ tasks }}/iptables.yml"
- name: prepare mount point
action: file state=directory path=/var/lib/copr/public_html
@ -39,15 +39,15 @@
#- name: copy copr.repo
# action: copy src=$files/copr/fe/yum/copr.repo dest=/etc/yum.repos.d/copr.repo
- Set the hostname
- name: set the hostname
shell: hostname copr-be.cloud.fedoraproject.org
- name: copy .forward file
action: copy src=$files/copr/forward dest=/root/.forward owner=root group=root
action: copy src="{{ files }}/copr/forward" dest=/root/.forward owner=root group=root
# packages needed
- name: add packages for copr-be
action: yum state=present name=$item
action: yum state=present name={{ item }}
with_items:
- copr-selinux
- copr-backend
@ -57,7 +57,7 @@
- name: make copr dirs
file: state=directory path=$item
file: state=directory path={{ item }}
with_items:
- /var/lib/copr/jobs
- /var/lib/copr/public_html/results
@ -66,44 +66,44 @@
action: command /usr/bin/umask 0000 chdir=/var/lib/copr/public_html/results
- name: setup dirs there
action: file state=directory path=/home/copr/$item owner=copr group=copr mode=0700
action: file state=directory path="/home/copr/{{ item }}" owner=copr group=copr mode=0700
with_items:
- cloud
- .ssh
- name: add copr-buildsys keys to copr user path
action: copy src=$item dest=/home/copr/cloud/ owner=copr group=copr mode=0600
with_fileglob: $private/files/openstack/copr-copr/*
action: copy src={{ item }} dest=/home/copr/cloud/ owner=copr group=copr mode=0600
with_fileglob: "{{ private }}/files/openstack/copr-copr/*"
- name: setup privkey for copr user
action: copy src=$private/files/copr/buildsys.priv dest=/home/copr/.ssh/id_rsa owner=copr group=copr mode=600
action: copy src="{{ private }}/files/copr/buildsys.priv" dest=/home/copr/.ssh/id_rsa owner=copr group=copr mode=600
- name: setup copr user ssh config file
action: copy src=$files/copr/ssh_config dest=/home/copr/.ssh/config owner=copr group=copr mode=600
action: copy src="{{ files }}/copr/ssh_config" dest=/home/copr/.ssh/config owner=copr group=copr mode=600
- name: create empty known_hosts
action: copy src=/dev/null dest=/home/copr/.ssh/known_hosts owner=copr group=copr mode=600
- name: replace bashrc for copr user
action: copy src=$files/copr/copr_bashrc dest=/home/copr/.bashrc owner=copr group=copr mode=600
action: copy src="{{ files }}/copr/copr_bashrc" dest=/home/copr/.bashrc owner=copr group=copr mode=600
- name: auth_key so we can login to localhost as the copr user from the copr user
action: authorized_key user=copr key="{{ item }}"
with_file:
- ${files}/copr/provision/files/buildsys.pub
- "{{ files }}/copr/provision/files/buildsys.pub"
- name: copy .boto file
action: copy src=$files/copr/boto dest=/home/copr/.boto owner=copr group=copr
action: copy src="{{ files }}/copr/boto" dest=/home/copr/.boto owner=copr group=copr
# setup webserver
- name: add config for copr-repo path
action: copy src=$files/copr/lighttpd/lighttpd.conf dest=/etc/lighttpd/lighttpd.conf owner=root group=root mode=0644
action: copy src="{{ files }}/copr/lighttpd/lighttpd.conf" dest=/etc/lighttpd/lighttpd.conf owner=root group=root mode=0644
notify:
- restart lighttpd
# mime default to text/plain and enable dirlisting for indexes
- name: update lighttpd configs
action: copy src=$files/copr/lighttpd/$item dest=/etc/lighttpd/conf.d/$item owner=root group=root mode=0644
action: copy src="{{ files }}/copr/lighttpd/{{ item }}" dest="/etc/lighttpd/conf.d/{{ item }}" owner=root group=root mode=0644
with_items:
- dirlisting.conf
- mime.conf
@ -118,7 +118,7 @@
# setup dirs for the ansible execution off of provisioning
- name: dirs from provision
action: file state=directory path=/home/copr/provision/$item owner=copr group=copr
action: file state=directory path="/home/copr/provision/{{ item }}" owner=copr group=copr
with_items:
- action_plugins
- library
@ -128,13 +128,13 @@
- provision_config
- name: put ansible.cfg for all this into /etc/ansible/ on the system
action: copy src=$files/copr/provision/ansible.cfg dest=/etc/ansible/ansible.cfg
action: copy src="{{ files }}/copr/provision/ansible.cfg" dest=/etc/ansible/ansible.cfg
tags:
- provision_config
- name: put some files into the provision subdir
action: copy src=$files/copr/provision/$item dest=/home/copr/provision/$item
action: copy src="{{ files }}/copr/provision/{{ item }}" dest="/home/copr/provision/{{ item }}"
with_items:
- inventory
- builderpb.yml
@ -143,20 +143,20 @@
- provision_config
- name: put files into the files subdir off of provisioning
action: copy src=$item dest=/home/copr/provision/files/
with_fileglob: $files/copr/provision/files/*
action: copy src={{ item }} dest=/home/copr/provision/files/
with_fileglob: "{{ files }}/copr/provision/files/*"
tags:
- provision_config
# ansible lacks a recurse - so we need this until then
- name: put files into the files/mock subdir off of provisioning
action: copy src=$item dest=/home/copr/provision/files/mock
with_fileglob: $files/copr/provision/files/mock/*
action: copy src={{ item }} dest=/home/copr/provision/files/mock
with_fileglob: "{{ files }}/copr/provision/files/mock/*"
tags:
- provision_config
- name: copy copr-be.conf
template: src=$files/copr/copr-be.conf dest=/etc/copr/copr-be.conf mode=640
template: src="{{ files }}/copr/copr-be.conf" dest=/etc/copr/copr-be.conf mode=640
notify:
- restart copr-backend
tags:
@ -164,7 +164,7 @@
- name: fedmsg certs
copy: >
src=$private/files/fedmsg-certs/keys/copr-copr-be.cloud.fedoraproject.org.crt
src="{{ private }}/files/fedmsg-certs/keys/copr-copr-be.cloud.fedoraproject.org.crt"
dest=/etc/pki/fedmsg/
mode=644
owner=root
@ -172,7 +172,7 @@
- name: fedmsg keys
copy: >
src=$private/files/fedmsg-certs/keys/copr-copr-be.cloud.fedoraproject.org.key
src="{{ private }}/files/fedmsg-certs/keys/copr-copr-be.cloud.fedoraproject.org.key"
dest=/etc/pki/fedmsg/
mode=0640
owner=root
@ -180,11 +180,11 @@
# open up ports (22, 80, 443)
- name: poke holes in the firewall
action: command lokkit $item
action: command lokkit {{ item }}
with_items:
- --service=ssh
- --service=https
- --service=http
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -5,11 +5,11 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- "{{ private }}/vars.yml"
tasks:
- include: $tasks/persistent_cloud.yml
- include: $tasks/growroot_cloud.yml
- include: "{{ tasks }}/persistent_cloud.yml"
- include: "{{ tasks }}/growroot_cloud.yml"
- name: provision instance
hosts: copr-fe-dev.cloud.fedoraproject.org
@ -18,18 +18,18 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
tasks:
- include: $tasks/cloud_setup_basic.yml
- include: $tasks/iptables.yml
- include: "{{ tasks }}/cloud_setup_basic.yml"
- include: "{{ tasks }}/iptables.yml"
- name: copy copr.repo
action: copy src=$files/copr/fe/yum/copr.repo dest=/etc/yum.repos.d/copr.repo
action: copy src="{{ files }}/copr/fe/yum/copr.repo" dest=/etc/yum.repos.d/copr.repo
- name: install copr-fe pkgs
action: yum state=installed pkg=$item
action: yum state=installed pkg={{ item }}
with_items:
- copr-frontend
- copr-selinux
@ -39,19 +39,19 @@
- packages
- name: copy apache files to conf.d
action: copy src=$files/copr/fe/httpd/$item dest=/etc/httpd/conf.d/$item
action: copy src="{{ files }}/copr/fe/httpd/{{ item }}" dest="/etc/httpd/conf.d/{{ item }}"
with_items:
- coprs.conf
- welcome.conf
- name: copy pg_hba.conf
action: copy src=$files/copr/fe/pg/pg_hba.conf dest=/var/lib/pgsql/data/pg_hba.conf owner=postgres group=postgres mode=0600
action: copy src="{{ files }}/copr/fe/pg/pg_hba.conf" dest=/var/lib/pgsql/data/pg_hba.conf owner=postgres group=postgres mode=0600
- name: enable services
action: service state=running enabled=yes name=$item
action: service state=running enabled=yes name={{ item }}
with_items:
- httpd
- postgresql
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -5,11 +5,11 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- "{{ private }}/vars.yml"
tasks:
- include: $tasks/persistent_cloud.yml
- include: $tasks/growroot_cloud.yml
- include: "{{ tasks }}/persistent_cloud.yml"
- include: "{{ tasks }}/growroot_cloud.yml"
- name: provision instance
hosts: 209.132.184.144
@ -18,14 +18,14 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
tasks:
- include: $tasks/cloud_setup_basic.yml
- include: "{{ tasks }}/cloud_setup_basic.yml"
- name: mount up disk of copr fe
action: mount name=/srv/copr-fe src='LABEL=copr-fe' fstype=ext4 state=mounted
- include: $tasks/iptables.yml
- include: "{{ tasks }}/iptables.yml"
- name: mount up bind mount for postgres
action: mount src=/srv/copr-fe/pgsqldb name=/var/lib/pgsql fstype=auto opts=bind state=mounted
@ -33,14 +33,14 @@
#- name: copy copr.repo
# action: copy src=$files/copr/fe/yum/copr.repo dest=/etc/yum.repos.d/copr.repo
- Set the hostname
- name: set the hostname
shell: hostname copr-fe.cloud.fedoraproject.org
- name: copy .forward file
action: copy src=$files/copr/forward dest=/root/.forward owner=root group=root
action: copy src="{{ files }}/copr/forward" dest=/root/.forward owner=root group=root
- name: install copr-fe pkgs
action: yum state=installed pkg=$item
action: yum state=installed pkg={{ item }}
with_items:
- copr-frontend
- copr-selinux
@ -51,35 +51,35 @@
- packages
- name: install copr configs
template: src=$files/copr/copr.conf dest=/etc/copr/copr.conf mode=600
template: src="{{ files }}/copr/copr.conf" dest=/etc/copr/copr.conf mode=600
notify:
- restart httpd
tags:
- config
- name: copy apache files to conf.d
action: copy src=$files/copr/fe/httpd/$item dest=/etc/httpd/conf.d/$item
action: copy src="{{ files }}/copr/fe/httpd/{{ item }}" dest="/etc/httpd/conf.d/{{ item }}"
with_items:
- coprs.conf
- welcome.conf
- name: copy pg_hba.conf
action: copy src=$files/copr/fe/pg/pg_hba.conf dest=/var/lib/pgsql/data/pg_hba.conf owner=postgres group=postgres mode=0600
action: copy src="{{ files }}/copr/fe/pg/pg_hba.conf" dest=/var/lib/pgsql/data/pg_hba.conf owner=postgres group=postgres mode=0600
# open up ports (22, 80, 443)
- name: poke holes in the firewall
action: command lokkit $item
action: command lokkit {{ item }}
with_items:
- --service=ssh
- --service=https
- --service=http
- name: enable services
action: service state=running enabled=yes name=$item
action: service state=running enabled=yes name={{ item }}
with_items:
- httpd
- postgresql
- fail2ban
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -5,11 +5,11 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- "{{ private }}/vars.yml"
tasks:
- include: $tasks/persistent_cloud.yml
- include: $tasks/growroot_cloud.yml
- include: "{{ tasks }}/persistent_cloud.yml"
- include: "{{ tasks }}/growroot_cloud.yml"
- name: provision instance
hosts: 209.132.184.162
@ -18,18 +18,18 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
tasks:
- include: $tasks/cloud_setup_basic.yml
- include: "{{ tasks }}/cloud_setup_basic.yml"
- name: mount up disk of persistent storage
action: mount name=/srv/persist src='LABEL=elections' fstype=ext4 state=mounted
# open up ports (22, 80, 443)
- name: poke holes in the firewall
action: command lokkit $item
action: command lokkit {{ item }}
with_items:
- --service=ssh
- --service=https
@ -37,7 +37,7 @@
# packages needed
- name: add packages for repo
action: yum state=present name=$item
action: yum state=present name={{ item }}
with_items:
- rsync
- openssh-clients
@ -53,4 +53,4 @@
action: service name=httpd state=started
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -5,11 +5,11 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- "{{ private }}/vars.yml"
tasks:
- include: $tasks/persistent_cloud.yml
- include: $tasks/growroot_cloud.yml
- include: "{{ tasks }}/persistent_cloud.yml"
- include: "{{ tasks }}/growroot_cloud.yml"
- name: provision instance
hosts: 209.132.184.147
@ -21,16 +21,16 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
tasks:
- include: $tasks/cloud_setup_basic.yml
- include: $tasks/postfix_basic.yml
- include: "{{ tasks }}/cloud_setup_basic.yml"
- include: "{{ tasks }}/postfix_basic.yml"
# packages needed
- name: add packages for repo
action: yum state=present name=$item
action: yum state=present name={{ item }}
with_items:
- euca2ools
- rsync
@ -38,7 +38,7 @@
- system-config-firewall-base
- name: install dependencies of fedocal
action: yum state=installed pkg=$item
action: yum state=installed pkg={{ item }}
with_items:
- mod_wsgi
- mod_ssl
@ -61,9 +61,9 @@
# open up tcp ports
- name: poke holes in the firewall
action: command lokkit -p '${item}:tcp'
with_items: $tcp_ports
action: command lokkit -p '{{ item }}:tcp'
with_items: "{{ tcp_ports }}"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -5,10 +5,10 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- "{{ private }}/vars.yml"
tasks:
- include: $tasks/persistent_cloud.yml
- include: "{{ tasks }}/persistent_cloud.yml"
- name: provision instance
hosts: hrf.cloud.fedoraproject.org
@ -17,14 +17,14 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
tasks:
- include: $tasks/cloud_setup_basic.yml
- include: "{{ tasks }}/cloud_setup_basic.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"
- name: deploy hrf
hosts: hrf.cloud.fedoraproject.org
@ -33,12 +33,12 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
tasks:
- name: install deps
yum: state=present name=$item
yum: state=present name={{ item }}
with_items:
- httpd
- python-flask

View File

@ -5,10 +5,10 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- "{{ private }}/vars.yml"
tasks:
- include: $tasks/persistent_cloud.yml
- include: "{{ tasks }}/persistent_cloud.yml"
- name: provisions basics onto system/setup paths
hosts: lists-dev.cloud.fedoraproject.org
@ -17,14 +17,14 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
vars:
- mailman_vardir: /srv/persist/mailman
tasks:
- include: $tasks/cloud_setup_basic.yml
- include: $tasks/postfix_basic.yml
- include: "{{ tasks }}/cloud_setup_basic.yml"
- include: "{{ tasks }}/postfix_basic.yml"
- name: mount up disk of persistent storage
action: mount name=/srv/persist src='LABEL=lists-dev' fstype=ext4 state=mounted
@ -43,7 +43,7 @@
dest=/etc/yum.repos.d/fedora-hyperkitty.repo mode=0444
- name: install packages
yum: state=installed name=$item
yum: state=installed name={{ item }}
with_items:
- httpd
- mod_ssl
@ -72,7 +72,7 @@
command: /usr/bin/postgresql-setup initdb
creates=/var/lib/pgsql/data/postgresql.conf
- name: copy pg_hba.conf
copy: src=$files/lists-dev/pg_hba.conf dest=/var/lib/pgsql/data/pg_hba.conf
copy: src="{{ files }}/lists-dev/pg_hba.conf" dest=/var/lib/pgsql/data/pg_hba.conf
notify:
- restart postgresql
- name: start postgresql
@ -80,7 +80,7 @@
# open up ports (22, 80, 443, 25)
- name: poke holes in the firewall
command: lokkit $item
command: lokkit {{ item }}
with_items:
- --service=ssh
- --service=https
@ -89,12 +89,12 @@
# packages needed to be gone
- name: erase packages
action: yum state=absent name=$item
action: yum state=absent name={{ item }}
with_items:
- cronie-anacron
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"
@ -105,23 +105,23 @@
sudo_user: postgres
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
vars:
- mailman_vardir: /srv/persist/mailman
tasks:
- name: mailman DB user
postgresql_user: name=mailman password=$lists_dev_mm_db_pass
postgresql_user: name=mailman password={{ lists_dev_mm_db_pass }}
- name: hyperkitty DB user
postgresql_user: name=hyperkitty password=$lists_dev_hk_db_pass
postgresql_user: name=hyperkitty password={{ lists_dev_hk_db_pass }}
- name: kittystore DB user
postgresql_user: name=kittystore password=$lists_dev_ks_db_pass
postgresql_user: name=kittystore password={{ lists_dev_ks_db_pass }}
- name: postorius DB user
postgresql_user: name=postorius password=$lists_dev_ps_db_pass
postgresql_user: name=postorius password={{ lists_dev_ps_db_pass }}
- name: databases creation
postgresql_db: name=$item owner=$item encoding=UTF-8
postgresql_db: name={{ item }} owner={{ item }} encoding=UTF-8
with_items:
- mailman
- hyperkitty
@ -133,8 +133,8 @@
gather_facts: no
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
vars:
- mailman_vardir: /srv/persist/mailman
@ -147,12 +147,12 @@
- restart mailman
- name: set the mailman conffile
template: src=$files/lists-dev/mailman.cfg.j2 dest=/etc/mailman.cfg
template: src="{{ files }}/lists-dev/mailman.cfg.j2" dest=/etc/mailman.cfg
notify:
- restart mailman
- name: install kittystore and hyperkitty
yum: state=installed name=$item
yum: state=installed name={{ item }}
with_items:
- kittystore
- hyperkitty
@ -169,13 +169,13 @@
file: path=/var/log/hyperkitty/hyperkitty.log state=file
owner=root group=apache mode=664
- name: hyperkitty logging -- rotation
copy: src=$files/lists-dev/hyperkitty.logrotate.conf
copy: src="{{ files }}/lists-dev/hyperkitty.logrotate.conf"
dest=/etc/logrotate.d/hyperkitty
# settings / conf
- name: install the hyperkitty/postorius settings file
template: src=$files/lists-dev/$item.settings_local.py.j2
dest=/etc/$item/sites/default/settings_local.py
template: src="{{ files }}/lists-dev/{{ item.settings_local.py.j2 }}"
dest="/etc/{{ item }}/sites/default/settings_local.py"
owner=root group=apache mode=0640
with_items:
- hyperkitty
@ -185,8 +185,8 @@
- restart mailman
- name: install the hyperkitty/postorius urls file
copy: src=$files/lists-dev/$item.urls.py
dest=/etc/$item/sites/default/urls.py
copy: src="files/lists-dev/{{ item }}.urls.py"
dest="/etc/{{ item }}/sites/default/urls.py"
owner=root group=root mode=0644
with_items:
- hyperkitty
@ -196,8 +196,8 @@
- restart mailman
- name: install the hyperkitty/postorius httpd conf file
copy: src=$files/lists-dev/$item.apache.conf
dest=/etc/httpd/conf.d/$item.conf
copy: src="{{ files }}/lists-dev/{{ item }}.apache.conf"
dest="/etc/httpd/conf.d/{{ item }}.conf"
with_items:
- hyperkitty
- postorius
@ -205,22 +205,22 @@
- reload apache
- name: set the hyperkitty conffile in mailman
copy: src=$files/lists-dev/hyperkitty.cfg dest=/etc/mailman.d/hyperkitty.cfg
copy: src="{{ files }}/lists-dev/hyperkitty.cfg" dest=/etc/mailman.d/hyperkitty.cfg
notify:
- restart mailman
- name: set the postfix conffile
template: src=$files/lists-dev/postfix-main.cf.j2 dest=/etc/postfix/main.cf
template: src="{{ files }}/lists-dev/postfix-main.cf.j2" dest=/etc/postfix/main.cf
notify:
- restart postfix
- name: set the mail aliases
copy: src=$files/lists-dev/aliases dest=/etc/aliases
copy: src="{{ files }}/lists-dev/aliases" dest=/etc/aliases
notify:
- reload aliases
- name: easy access to the postgresql databases
template: src=$files/lists-dev/pgpass.j2 dest=/root/.pgpass
template: src="{{ files }}/lists-dev/pgpass.j2" dest=/root/.pgpass
owner=root group=root mode=0600
@ -231,17 +231,17 @@
# so no matter when it is run the right thing happens
- name: run django syncdb
command: /usr/bin/django-admin syncdb --pythonpath=/etc/$item/sites/default --settings=settings
command: /usr/bin/django-admin syncdb --pythonpath="/etc/{{ item }}/sites/default" --settings=settings
with_items:
- hyperkitty
- postorius
- name: run django migrate
command: /usr/bin/django-admin migrate --pythonpath=/etc/hyperkitty/sites/default --settings=settings hyperkitty
- name: kittystore schema update
command: /usr/bin/kittystore-updatedb -s postgres://kittystore:${lists_dev_ks_db_pass}@localhost/kittystore
command: /usr/bin/kittystore-updatedb -s postgres://kittystore:{{ lists_dev_ks_db_pass }}@localhost/kittystore
- name: copy the initial user fixture
copy: src=$files/lists-dev/postorius.initial-user.json
copy: src="{{ files }}/lists-dev/postorius.initial-user.json"
dest=/etc/postorius/sites/default/initial-user.json
owner=root group=apache mode=0640
@ -249,11 +249,11 @@
command: /usr/bin/django-admin loaddata --pythonpath=/etc/postorius/sites/default --settings=settings /etc/postorius/sites/default/initial-user.json
- name: html index
copy: src=$files/lists-dev/index.html dest=/var/www/html/index.html
copy: src="{{ files }}/lists-dev/index.html" dest=/var/www/html/index.html
# Start services
- name: start services
service: state=started enabled=yes name=$item
service: state=started enabled=yes name={{ item }}
with_items:
- httpd
- postgresql
@ -262,6 +262,6 @@
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"
- name: reload aliases
command: newaliases

View File

@ -5,11 +5,11 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- "{{ private }}/vars.yml"
tasks:
- include: $tasks/persistent_cloud.yml
- include: $tasks/growroot_cloud.yml
- include: "{{ tasks }}/persistent_cloud.yml"
- include: "{{ tasks }}/growroot_cloud.yml"
- name: provision instance
hosts: 209.132.184.146
@ -18,15 +18,15 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
tasks:
- include: $tasks/cloud_setup_basic.yml
- include: "{{ tasks }}/cloud_setup_basic.yml"
# packages needed
- name: add packages for repo
action: yum state=present name=$item
action: yum state=present name={{ item }}
with_items:
- rsync
- openssh-clients
@ -41,4 +41,4 @@
- mount_disk
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -5,11 +5,11 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- "{{ private }}/vars.yml"
tasks:
- include: $tasks/persistent_cloud.yml
- include: $tasks/growroot_cloud.yml
- include: "{{ tasks }}/persistent_cloud.yml"
- include: "{{ tasks }}/growroot_cloud.yml"
- name: provision instance
hosts: 209.132.184.157
@ -18,12 +18,12 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
tasks:
- include: $tasks/cloud_setup_basic.yml
- include: $tasks/postfix_basic.yml
- include: "{{ tasks }}/cloud_setup_basic.yml"
- include: "{{ tasks }}/postfix_basic.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -20,11 +20,11 @@
tasks:
- name: run rdiff-backup hitting all the global targets
local_action: "shell rdiff-backup --create-full-path --print-statistics ${inventory_hostname}::${item} /fedora_backups/${inventory_hostname}/`basename ${item}` | mail -r sysadmin-backup-members@fedoraproject.org -s 'rdiff-backup: ${inventory_hostname}:${item}' sysadmin-backup-members@fedoraproject.org"
with_items: $global_backup_targets
local_action: "shell rdiff-backup --create-full-path --print-statistics {{ inventory_hostname }}::{{ item }} /fedora_backups/{{ inventory_hostname }}/`basename {{ item }}` | mail -r sysadmin-backup-members@fedoraproject.org -s 'rdiff-backup: {{ inventory_hostname }}:{{ item }}' sysadmin-backup-members@fedoraproject.org"
with_items: global_backup_targets
when: global_backup_targets is defined
- name: run rdiff-backup hitting all the host targets
local_action: "shell rdiff-backup --exclude='**.snapshot' --create-full-path --print-statistics ${inventory_hostname}::${item} /fedora_backups/${inventory_hostname}/`basename ${item}` | mail -r sysadmin-backup-members@fedoraproject.org -s 'rdiff-backup: ${inventory_hostname}:${item}' sysadmin-backup-members@fedoraproject.org"
with_items: $host_backup_targets
local_action: "shell rdiff-backup --exclude='**.snapshot' --create-full-path --print-statistics {{ inventory_hostname }}::{{ item }} /fedora_backups/{{ inventory_hostname }}/`basename {{ item }}` | mail -r sysadmin-backup-members@fedoraproject.org -s 'rdiff-backup: {{ inventory_hostname }}:{{ item }}' sysadmin-backup-members@fedoraproject.org"
with_items: host_backup_targets
when: host_backup_targets is defined

View File

@ -1,15 +1,15 @@
# requires --extra-vars="target='host1;host2;group etc' yumcommand=update'"
- name: update all run rkhunter if installed
hosts: $target
hosts: "{{ target }}"
user: root
tasks:
- name: expire-caches
command: yum clean expire-cache
- name: yum -y ${yumcommand}
command: yum -y ${yumcommand}
- name: yum -y {{ yumcommand }}
command: yum -y {{ yumcommand }}
async: 7200
poll: 15

View File

@ -1,13 +1,13 @@
# optionally can take --extra-vars="hostbase=hostnamebase root_auth_users='user1 user2 user3'"
- name: set auth keys
hosts: $target
hosts: "{{ target }}"
user: root
gather_facts: False
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
vars:
- root_auth_users: ''
@ -15,6 +15,6 @@
- name: add root keys for sysadmin-main and other allowed users
action: authorized_key user=root key="{{ item }}"
with_pipe:
- "${auth_keys_from_fas} @sysadmin-main ${root_auth_users}"
- "{{ auth_keys_from_fas }} @sysadmin-main {{ root_auth_users }}"

View File

@ -27,10 +27,10 @@
# TODO -- I'd also like to fail if there are no *.rpm files in there.
- name: sign all the rpms with our gpg key
shell: /bin/rpm --resign ${rpmdir}/*.rpm
shell: /bin/rpm --resign "{{ rpmdir }}/*.rpm"
- name: make a directory where we store the rpms afterwards
file: path=${rpmdir}-old state=directory
file: path={{ rpmdir }}-old state=directory

View File

@ -5,7 +5,7 @@
tasks:
- name: add it to the special group
local_action: add_host hostname=$target groupname=tmp_just_created
local_action: add_host hostname={{ target }} groupname=tmp_just_created
- name: provision instance
hosts: tmp_just_created
@ -14,12 +14,12 @@
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- ${private}/vars.yml
- ${vars}/${ansible_distribution}.yml
- "{{ private }}/vars.yml"
- "{{ vars }}/{{ ansible_distribution }}.yml"
tasks:
- include: $tasks/growroot_cloud.yml
- include: $tasks/cloud_setup_basic.yml
- include: "{{ tasks }}/growroot_cloud.yml"
- include: "{{ tasks }}/cloud_setup_basic.yml"
handlers:
- include: $handlers/restart_services.yml
- include: "{{ handlers }}/restart_services.yml"

View File

@ -6,7 +6,7 @@
# TODO -- how do make it easy to select the infra-testing repo?
- name: push packages out
hosts: $target
hosts: "{{ target }}"
user: root
tasks:
@ -14,5 +14,5 @@
- name: expire-caches
command: yum clean expire-cache
- name: yum update ${package}
yum: name=${package} state=latest
- name: yum update {{ package }}
yum: name={{ package }} state=latest

View File

@ -20,7 +20,7 @@
- name: find instances
hosts: $vhost
hosts: "{{ vhost }}"
user: root
tasks:
@ -29,8 +29,8 @@
register: vmlist
- name: add them to myvms_new group
local_action: add_host hostname=$item groupname=myvms_new
with_items: ${vmlist.list_vms}
local_action: add_host hostname={{ item }} groupname=myvms_new
with_items: "{{ vmlist.list_vms }}"
- name: halt instances
@ -40,7 +40,7 @@
tasks:
- name: tell nagios to shush
action: nagios action=silence host=${inventory_hostname_short}
action: nagios action=silence host={{ inventory_hostname_short }}
delegate_to: noc01.phx2.fedoraproject.org
- name: echo-y
@ -49,4 +49,4 @@
# if one of them is down we don't care
- name: wait for them to die
local_action: wait_for port=22 delay=30 timeout=300 state=stopped host=${inventory_hostname}
local_action: wait_for port=22 delay=30 timeout=300 state=stopped host={{ inventory_hostname }}

View File

@ -2,7 +2,7 @@
# Configuration for the fedbadges consumer
- name: install needed packages
yum: pkg=$item state=installed
yum: pkg={{ item }} state=installed
with_items:
- python-fedbadges
- python-psycopg2
@ -12,7 +12,7 @@
- name: copy database configuration
template: >
src=$item dest=/etc/fedmsg.d/$item
src={{ item }} dest="/etc/fedmsg.d/{{ item }}"
owner=fedmsg group=fedmsg mode=0600
with_items:
- datanommer.py
@ -45,7 +45,7 @@
- name: copy over all our badge definitions
copy: >
src=$item
src={{ item }}
dest=/usr/share/badges/rules/
owner=fedmsg group=fedmsg mode=0644
with_fileglob:
@ -71,7 +71,7 @@
- name: ensure badges cron directories exist
file: >
state=directory
path=$item
path={{ item }}
mode=755
owner=root
when: env != "staging"
@ -84,8 +84,8 @@
- name: oldschool badge award scripts
copy: >
src=cron/$item
dest=/usr/share/badges/cronjobs/$item
src="cron/{{ item }}"
dest="/usr/share/badges/cronjobs/{{ item }}"
owner=fedmsg
mode=744
when: env != "staging"
@ -100,8 +100,8 @@
- name: oldschool badge award cronjobs
copy: >
src=cron/$item.cron
dest=/etc/cron.d/$item
src="cron/{{ item }}.cron"
dest="/etc/cron.d/{{ item }}"
owner=root
mode=644
when: env != "staging"
@ -135,8 +135,8 @@
- name: copy over the badge-admin one-off scripts
copy: >
src=$item
dest=/usr/local/bin/$item
src={{ item }}
dest="/usr/local/bin/{{ item }}"
owner=root
group=sysadmin-badges
mode=750

View File

@ -2,7 +2,7 @@
# Configuration for the tahrir webapp
- name: install needed packages
yum: pkg=$item state=installed
yum: pkg={{ item }} state=installed
with_items:
- python-tahrir
- python-psycopg2
@ -15,7 +15,7 @@
- name: copy tahrir app configuration
template: >
src=$item dest=/etc/tahrir/$item
src={{ item }} dest="/etc/tahrir/{{ item }}"
owner=tahrir group=tahrir mode=0600
with_items:
- tahrir.ini
@ -26,7 +26,7 @@
- name: copy tahrir wsgi script
copy: >
src=$item dest=/usr/share/tahrir/$item
src={{ item }} dest="/usr/share/tahrir/{{ item }}"
owner=apache group=apache mode=0644
with_items:
- tahrir.wsgi
@ -37,7 +37,7 @@
- name: copy tahrir httpd config
copy: >
src=$item dest=/etc/httpd/conf.d/$item
src={{ item }} dest="/etc/httpd/conf.d/{{ item }}"
owner=apache group=apache mode=0644
with_items:
- tahrir.conf
@ -67,7 +67,7 @@
- name: copy over all our .rst site docs
copy: >
src=$item
src={{ item }}
dest=/usr/share/badges/sitedocs
owner=root group=root mode=0644
with_fileglob:
@ -86,7 +86,7 @@
- name: copy over all our badge images
copy: >
src=$item
src={{ item }}
dest=/usr/share/badges/pngs/
owner=root group=root mode=0644
with_fileglob:

View File

@ -13,7 +13,7 @@
- name: sshd_config
copy: src={{ item }} dest=/etc/ssh/sshd_config mode=600
first_available_file:
- ${sshd_config}
- "{{ sshd_config }}"
- ssh/sshd_config.{{ ansible_fqdn }}
- ssh/sshd_config.{{ host_group }}
- ssh/sshd_config.{{ dist_tag }}
@ -73,7 +73,7 @@
- name: iptables
template: src={{ item }} dest=/etc/sysconfig/iptables mode=600 backup=yes
first_available_file:
- $iptables
- "{{ iptables }}"
- iptables/iptables.{{ ansible_fqdn }}
- iptables/iptables.{{ host_group }}
- iptables/iptables.{{ env }}
@ -88,7 +88,7 @@
- name: /etc/resolv.conf
copy: src={{ item }} dest=/etc/resolv.conf
first_available_file:
- ${resolvconf}
- "{{ resolvconf }}"
- resolv.conf/{{ ansible_fqdn }}
- resolv.conf/{{ host_group }}
- resolv.conf/{{ datacenter }}
@ -100,7 +100,7 @@
- name: rsyslog.conf
copy: src={{ item }} dest=/etc/rsyslog.conf mode=644
first_available_file:
- $rsyslogconf
- "{{ rsyslogconf }}"
- rsyslog/rsyslog.conf.{{ ansible_fqdn }}
- rsyslog/rsyslog.conf.{{ host_group }}
- rsyslog/rsyslog.conf.{{ datacenter }}
@ -115,7 +115,7 @@
- name: /etc/postfix/main.cf
copy: src={{ item }} dest=/etc/postfix/main.cf
first_available_file:
- $postfix_maincf
- "{{ postfix_maincf }}"
- postfix/main.cf.{{ ansible_fqdn }}
- postfix/main.cf.{{ host_group }}
- postfix/main.cf.{{ postfix_group }}
@ -137,7 +137,7 @@
#
- name: Install common scripts
copy: src=$item dest=/usr/local/bin/ owner=root group=root mode=0755
copy: src={{ item }} dest=/usr/local/bin/ owner=root group=root mode=0755
with_fileglob: common-scripts/*
tags:
- config

View File

@ -9,7 +9,7 @@
# nss_db is needed to store user/group info.
#
- name: install package needed for fas-client
yum: state=installed name=$item
yum: state=installed name={{ item }}
with_items:
- fas-clients
- cronie
@ -18,7 +18,7 @@
- name: hotfix - python-fedora proxyclient.py
copy: >
src=$files/hotfix/python-fedora/proxyclient.py
src="{{ files }}/hotfix/python-fedora/proxyclient.py"
dest=/usr/lib/python2.6/site-packages/fedora/client/proxyclient.py
owner=root mode=644
when: is_rhel == 'True'
@ -54,11 +54,11 @@
# Currently the default template is used, but could be modified on a host basis.
#
- name: setup /etc/fas.conf for client use
template: src=$item dest=/etc/fas.conf owner=root mode=600
template: src={{ item }} dest=/etc/fas.conf owner=root mode=600
first_available_file:
- ${ansible_fqdn}.fas.conf.j2
- ${ansible_hostname}.fas.conf.j2
- ${ansible_hostname}.fas.conf.j2
- "{{ ansible_fqdn }}.fas.conf.j2"
- "{{ ansible_hostname }}.fas.conf.j2"
- "{{ ansible_hostname }}.fas.conf.j2"
- fas.conf.j2
tags:
- config

View File

@ -2,7 +2,7 @@
# Setup a fedmsg-hub
- name: install needed packages
yum: pkg=$item state=installed
yum: pkg={{ item }} state=installed
with_items:
- fedmsg-hub
tags:

View File

@ -3,7 +3,7 @@
# This is the base set of files needed for fedmsg
- name: install needed packages
yum: pkg=$item state=installed
yum: pkg={{ item }} state=installed
with_items:
- fedmsg
tags:
@ -15,7 +15,7 @@
- config
- name: setup basic /etc/fedmsg.d/ contents
template: src=$item.j2 dest=/etc/fedmsg.d/$item owner=root group=root mode=644
template: src="{{ item }}.j2" dest="/etc/fedmsg.d/{{ item }}" owner=root group=root mode=644
with_items:
- ssl.py
- endpoints.py
@ -36,7 +36,7 @@
- name: install fedmsg ca.cert
copy: >
src=$puppet_private/fedmsg-certs/keys/ca.crt
src="{{ puppet_private }}/fedmsg-certs/keys/ca.crt"
dest=/etc/pki/fedmsg/ca.crt
owner=root
group=root
@ -46,24 +46,24 @@
- name: fedmsg certs
copy: >
src=$private/files/fedmsg-certs/keys/{{item['service']}}-{{ansible_fqdn}}.crt
src="{{ private }}/files/fedmsg-certs/keys/{{item['service']}}-{{ansible_fqdn}}.crt"
dest=/etc/pki/fedmsg/
mode=644
owner={{item['owner']}}
group={{item['group']}}
with_items: ${fedmsg_certs}
with_items: "{{ fedmsg_certs }}"
when: fedmsg_certs != []
tags:
- config
- name: fedmsg keys
copy: >
src=$private/files/fedmsg-certs/keys/{{item['service']}}-{{ansible_fqdn}}.key
src="{{ private }}/files/fedmsg-certs/keys/{{item['service']}}-{{ansible_fqdn}}.key"
dest=/etc/pki/fedmsg/
mode=0640
owner={{item['owner']}}
group={{item['group']}}
with_items: ${fedmsg_certs}
with_items: "{{ fedmsg_certs }}"
when: fedmsg_certs != []
tags:
- config

View File

@ -7,7 +7,7 @@
- packages
- name: install needed packages
yum: pkg=$item state=installed
yum: pkg={{ item }} state=installed
with_items:
- fedocal
- python-psycopg2

View File

@ -7,7 +7,7 @@
- packages
- name: install needed packages
yum: pkg=$item state=installed
yum: pkg={{ item }} state=installed
with_items:
- gallery3
- gallery3-openid

View File

@ -6,8 +6,8 @@
- packages
- name: push over the geoip db once
copy: src=$item dest=/usr/share/GeoIP/
with_fileglob: $bigfiles/geoip/*.dat
copy: src={{ item }} dest=/usr/share/GeoIP/
with_fileglob: "{{ bigfiles }}/geoip/*.dat"
- name: geoip syncing script via cron
copy: src=geoip_sync dest=/etc/cron.d/geoip_sync mode=0644

View File

@ -2,10 +2,9 @@
#
# This task sets up iscsid and mpathd on a machine.
#
#
- name: install packages needed for iscsi_client
yum: state=installed name=$item
yum: state=installed name={{ item }}
with_items:
- iscsi-initiator-utils
- device-mapper-multipath

View File

@ -6,7 +6,7 @@
# create a koji db user to own the db with the kojidatabasepassword from private
#
- name: koji db user
postgresql_user: name=koji password=$aarch64kojidatabasepassword
postgresql_user: name=koji password={{ aarch64kojidatabasepassword }}
tags:
- db
when: is_kojidb == "True"

View File

@ -3,7 +3,7 @@
# Setup koji hub server.
#
- name: install koji hub server packages
yum: name=$item state=installed
yum: name={{ item }} state=installed
with_items:
- koji-hub
- koji-web

View File

@ -35,7 +35,7 @@
# Packages
#
- name: install needed packages
yum: pkg=$item state=installed
yum: pkg={{ item }} state=installed
with_items:
- mailman3
- mailman3-selinux
@ -93,11 +93,11 @@
#
- name: create the configuration directory
file: path=${mailman_webui_confdir} state=directory
file: path={{ mailman_webui_confdir }} state=directory
- name: install the hyperkitty settings file
template: src=settings.py.j2
dest=${mailman_webui_confdir}/settings.py
dest="{{ mailman_webui_confdir }}/settings.py"
owner=root group=apache mode=0640
tags:
- config
@ -107,14 +107,14 @@
- name: install the hyperkitty settings admin file
template: src=settings_admin.py.j2
dest=${mailman_webui_confdir}/settings_admin.py
dest="{{ mailman_webui_confdir }}/settings_admin.py"
owner=root group=root mode=0600
tags:
- config
- name: install the hyperkitty urls file
copy: src=urls.py
dest=${mailman_webui_confdir}/urls.py
dest="{{ mailman_webui_confdir }}/urls.py"
owner=root group=root mode=0644
tags:
- config
@ -124,7 +124,7 @@
- name: install the hyperkitty wsgi file
copy: src=webui.wsgi
dest=${mailman_webui_confdir}/webui.wsgi
dest="{{ mailman_webui_confdir }/webui.wsgi"
owner=root group=root mode=0644
tags:
- config
@ -133,7 +133,7 @@
- name: install the hyperkitty/postorius dummy httpd conf file
template: src=apache-dummy.conf.j2
dest=/etc/httpd/conf.d/$item.conf
dest=/etc/httpd/conf.d/{{ item }}.conf
with_items:
- hyperkitty
- postorius
@ -151,15 +151,15 @@
- reload apache
- name: copy the manage.py script
command: /bin/cp /etc/hyperkitty/sites/default/manage.py ${mailman_webui_confdir}/manage.py
creates=${mailman_webui_confdir}/manage.py
command: /bin/cp /etc/hyperkitty/sites/default/manage.py "{{ mailman_webui_confdir }}/manage.py"
creates="{{ mailman_webui_confdir }}/manage.py"
- name: create the kittystore plain text index dir
file: path=${mailman_webui_basedir}/kittystore_search_index
file: path="{{ mailman_webui_basedir }}/kittystore_search_index"
state=directory owner=mailman group=mailman mode=0755
- name: create the hyperkitty static files dir
file: path=${mailman_webui_basedir}/static
file: path="{{ mailman_webui_basedir }}/static"
state=directory owner=root group=root mode=0755
- name: install the kittystore cache cronjob
@ -172,14 +172,14 @@
#
- name: copy the mailman-hyperkitty conffile
template: src=mailman-hyperkitty.cfg.j2
dest=${mailman_webui_confdir}/mailman-hyperkitty.cfg
dest="{{ mailman_webui_confdir }}/mailman-hyperkitty.cfg"
tags:
- config
notify:
- restart mailman3
- name: symlink the hyperkitty conffile in mailman directory
file: src=${mailman_webui_confdir}/mailman-hyperkitty.cfg
file: src="{{ mailman_webui_confdir }}/mailman-hyperkitty.cfg"
dest=/etc/mailman3.d/hyperkitty.cfg state=link
tags:
- config
@ -196,7 +196,7 @@
owner=root group=root mode=0644
- name: create the scripts dir
file: path=${mailman_webui_basedir}/bin
file: path="{{ mailman_webui_basedir }}/bin"
state=directory owner=root group=root mode=0755
- name: install the migration environment
@ -205,7 +205,7 @@
owner=root group=root mode=0644
- name: install the scripts
copy: src=${item} dest=${mailman_webui_basedir}/bin/${item}
copy: src={{ item }} dest="{{ mailman_webui_basedir }}/bin/{{ item }}"
owner=root group=root mode=0755
with_items:
- yamlget
@ -224,7 +224,7 @@
template: src=post-transaction.action.j2
dest=/etc/yum/post-actions/hyperkitty.action
- name: run the post-update script
command: ${mailman_webui_basedir}/bin/post-update.sh
command: "{{ mailman_webui_basedir }}/bin/post-update.sh"
# Postfix

View File

@ -5,7 +5,7 @@
user: name=mirrormanager uid=441 state=present home=/home/mirrormanager createhome=yes
- name: install supervisor and mirrormanager
yum: pkg=$item state=installed
yum: pkg={{ item }} state=installed
with_items:
- supervisor
- mirrormanager

View File

@ -3,7 +3,7 @@
---
# install pkgs:
- name: install nagios client pkgs
yum: name=$item state=installed
yum: name={{ item }} state=installed
with_items:
- nrpe
- nagios-plugins
@ -18,7 +18,7 @@
- packages
- name: install local nrpe check scripts that are not packaged
copy: src=scripts/$item dest={{ libdir }}/nagios/plugins/$item mode=0755 owner=nagios group=nagios
copy: src="scripts/{{ item }}" dest="{{ libdir }}/nagios/plugins/{{ item }}" mode=0755 owner=nagios group=nagios
with_items:
- check_postfix_queue
- check_raid.py

View File

@ -2,7 +2,7 @@
# Configuration for the notifications consumer
- name: install needed packages
yum: pkg=$item state=installed
yum: pkg={{ item }} state=installed
with_items:
- python-fmn-consumer
- python-psycopg2
@ -10,7 +10,7 @@
- name: copy database configuration
template: >
src=$item dest=/etc/fedmsg.d/$item
src={{ item }} dest=/etc/fedmsg.d/{{ item }}
owner=fedmsg group=fedmsg mode=0600
with_items:
- fmn.consumer.py

View File

@ -42,7 +42,7 @@
state=directory
- name: copy live docs
copy: src=$item dest=/usr/lib/python2.6/site-packages/fmn/web/docs
copy: src={{ item }} dest=/usr/lib/python2.6/site-packages/fmn/web/docs
with_fileglob: fedora-sitedocs/*.rst
- name: apply selinux type to static files

View File

@ -7,7 +7,7 @@
- packages
- name: install needed packages
yum: pkg=$item state=installed
yum: pkg={{ item }} state=installed
with_items:
- nuancier-lite
- python-psycopg2
@ -20,7 +20,7 @@
- name: copy sundry nuancier configuration
template: src={{ item.file }}
dest={{ item.location }}/{{ item.dest }}
dest="{{ item.location }}/{{ item.dest }}"
owner=apache group=apache mode=0600
with_items:
- { file: nuancier_admin.cfg, location: /etc/nuancier, dest: nuancier-lite.cfg }
@ -49,7 +49,7 @@
- name: replace the nuancier configuration file by the one with the normal user
template: src={{ item.file }}
dest={{ item.location }}/{{ item.file }}
dest="{{ item.location }}/{{ item.file }}"
owner=apache group=apache mode=0600
with_items:
- { file: nuancier-lite.cfg, location: /etc/nuancier }
@ -79,7 +79,7 @@
- name: hotfix python-fedora-flask to include latest flask_fas_openid
template: src={{ item.file }}
dest={{ item.location }}/{{ item.file }}
dest="{{ item.location }}/{{ item.file }}"
owner=apache group=apache mode=0600
with_items:
- { file: flask_fas_openid.py, location: /usr/lib/python2.6/site-packages/ }

View File

@ -3,7 +3,7 @@
# Setup postgresql server.
#
- name: install postgresql server packages
yum: name=$item state=installed
yum: name={{ item }} state=installed
with_items:
- postgresql-server
- postgresql-contrib

View File

@ -5,30 +5,30 @@
- packages
- name: /etc/pki/tls/private/totpcgi.pem
copy: src=$puppet_private/2fa-certs/keys/${inventory_hostname}.pem dest=/etc/pki/tls/private/totpcgi.pem mode=0400
copy: src="{{ puppet_private }}/2fa-certs/keys/{{ inventory_hostname }}.pem" dest=/etc/pki/tls/private/totpcgi.pem mode=0400
tags:
- config
- name: /etc/pki/tls/private/totpcgi-ca.cert
copy: src=$puppet_private/2fa-certs/keys/ca.crt dest=/etc/pki/tls/private/totpcgi-ca.cert mode=0400
copy: src="{{ puppet_private }}/2fa-certs/keys/ca.crt" dest=/etc/pki/tls/private/totpcgi-ca.cert mode=0400
tags:
- config
- name: /etc/pam_url.conf - split for staging/phx2/everyone else
template: src=$item dest=/etc/pam_url.conf mode=0644
template: src={{ item }} dest=/etc/pam_url.conf mode=0644
with_first_found:
- $files/2fa/pam_url.conf.${inventory_hostname}
- $files/2fa/pam_url.conf.${ansible_domain}
- $files/2fa/pam_url.conf.j2
- "{{ files }}/2fa/pam_url.conf.{{ inventory_hostname }}"
- "{{ files }}/2fa/pam_url.conf.{{ ansible_domain }}"
- "{{ files }}/2fa/pam_url.conf.j2"
tags:
- config
- name: /etc/pam.d/sudo
copy: src=$item dest=/etc/pam.d/sudo mode=0644
copy: src={{ item }} dest=/etc/pam.d/sudo mode=0644
with_first_found:
- $files/2fa/sudo.pam.${inventory_hostname}
- $files/2fa/sudo.pam.${ansible_domain}
- $files/2fa/sudo.pam
- "{{ files }}/2fa/sudo.pam.{{ inventory_hostname }}"
- "{{ files }}/2fa/sudo.pam.{{ ansible_domain }}"
- "{{ files }}/2fa/sudo.pam"
tags:
- config

View File

@ -1,6 +1,6 @@
---
- name: install needed packages for accelerated mode
yum: pkg=$item state=installed
yum: pkg={{ item }} state=installed
with_items:
- python-keyczar
tags:

View File

@ -1,7 +1,7 @@
---
# install apache(httpd)
- name: install apache
yum: name=$item state=installed
yum: name={{ item }} state=installed
with_items:
- httpd
- httpd-tools
@ -20,7 +20,7 @@
# install hash randomization hotfix
- name: hotfix - copy over new httpd init script
copy: src=$files/hotfix/httpd/httpd.init dest=/etc/init.d/httpd
copy: src="{{ files }}/hotfix/httpd/httpd.init" dest=/etc/init.d/httpd
owner=root group=root mode=0755
notify:
- restart apache
@ -30,7 +30,7 @@
- apache
- name: hotfix - copy over new httpd sysconfig
copy: src=$files/hotfix/httpd/httpd.sysconfig dest=/etc/sysconfig/httpd
copy: src="{{ files }}/hotfix/httpd/httpd.sysconfig" dest=/etc/sysconfig/httpd
notify:
- restart apache
tags:
@ -39,7 +39,7 @@
- apache
- name: add appserver headers.conf
template: src=$files/httpd/headers.conf.j2 dest=/etc/httpd/conf.d/headers.conf
template: src="{{ files }}/httpd/headers.conf.j2" dest=/etc/httpd/conf.d/headers.conf
notify:
- restart apache
tags:
@ -47,10 +47,10 @@
- apache
- name: add apache_status location for collectd
template: src=$files/httpd/apachestatus.conf dest=/etc/httpd/conf.d/apachestatus.conf
template: src="{{ files }}/httpd/apachestatus.conf" dest=/etc/httpd/conf.d/apachestatus.conf
notify:
- restart apache
tags:
- config
- apache

View File

@ -6,7 +6,7 @@
- packages
- name: ntp pkgs
action: yum state=installed pkg=$item
action: yum state=installed pkg={{ item }}
with_items:
- ntpdate
- ntp
@ -22,13 +22,13 @@
- packages
- name: put step-tickers in place
action: copy src=$files/common/step-tickers dest=/etc/ntp/step-tickers
action: copy src="{{ files }}/common/step-tickers" dest=/etc/ntp/step-tickers
- name: enable the service
action: service name=ntpd state=running enabled=true
- name: edit hostname to be instance name - prefix hostbase var if it exists
action: shell hostname ${hostbase}`curl -s http://169.254.169.254/latest/meta-data/instance-id`
action: shell hostname {{ hostbase }}`curl -s http://169.254.169.254/latest/meta-data/instance-id`
tags:
- config
@ -42,7 +42,7 @@
- name: add root keys for sysadmin-main and other allowed users
action: authorized_key user=root key="{{ item }}"
with_pipe:
- "${auth_keys_from_fas} @sysadmin-main ${root_auth_users}"
- "{{ auth_keys_from_fas }} @sysadmin-main {{ root_auth_users }}"
tags:
- config
ignore_errors: true

View File

@ -11,13 +11,13 @@
# install collected.conf
- name: /etc/collectd.conf
template: src=$files/collectd/collectd.conf.j2 dest=/etc/collectd.conf
template: src="{{ files }}/collectd/collectd.conf.j2" dest=/etc/collectd.conf
notify:
- restart collectd
# install collectd-network config
- name: /etc/collectd.d/network.conf
copy: src=$files/collectd/network-client.conf dest=/etc/collectd.d/network.conf
copy: src="{{ files }}/collectd/network-client.conf" dest=/etc/collectd.d/network.conf
notify:
- restart collectd
@ -26,13 +26,13 @@
yum: state=installed name=collectd-apache
notify:
- restart collectd
when_set: $collectd_apache
when_set: {{ collectd_apache }}
- name: /etc/collectd/apache.conf
copy: src=$files/collectd/apache.conf dest=/etc/collectd.d/apache.conf
copy: src="{{ files }}/collectd/apache.conf" dest=/etc/collectd.d/apache.conf
notify:
- restart collectd
when_set: $collectd_apache
when_set: {{ collectd_apache }}
# each of the below should move to a separate task list
@ -60,4 +60,4 @@
# webproxy

View File

@ -5,7 +5,7 @@
#
- name: Install common scripts
action: copy src=$item dest=/usr/local/bin/ owner=root group=root mode=0755
with_fileglob: $files/common-scripts/*
action: copy src={{ item }} dest=/usr/local/bin/ owner=root group=root mode=0755
with_fileglob: "{{ files }}/common-scripts/*"
tags:
- config

View File

@ -17,13 +17,13 @@
- name: reboot the box
action: command /sbin/reboot
when: ${growpart.rc} == 0
when: "{{ growpart.rc }} == 0"
ignore_errors: true
- name: wait for it to come back (should be quick)
local_action: wait_for host=${inventory_hostname} port=22 delay=10 timeout=120
when: ${growpart.rc} == 0
local_action: wait_for host={{ inventory_hostname }} port=22 delay=10 timeout=120
when: "{{ growpart.rc }} == 0"
- name: resize the /dev/vda 2 fs
action: command resize2fs /dev/vda2
when: ${growpart.rc} == 0
when: "{{ growpart.rc }} == 0"

View File

@ -10,9 +10,9 @@
# Note that if it's not set it will just skip this play and do nothing.
#
- name: setup /etc/hosts for some clients
action: copy src=$item dest=/etc/hosts
action: copy src={{ item }} dest=/etc/hosts
with_first_found:
- files: $files/hosts/${ansible_fqdn}-hosts $files/hosts/${ansible_hostname}-hosts $files/hosts/${ansible_domain}-hosts $files/hosts/${host_group}-hosts
- files: "{{ files }}/hosts/{{ ansible_fqdn }}-hosts" "{{ files }}/hosts/{{ ansible_hostname }}-hosts" "{{ files }}/hosts/{{ ansible_domain }}-hosts" "{{ files }}/hosts/{{ host_group }}-hosts"
skip: true
tags:
- config

View File

@ -22,13 +22,13 @@
- service
- name: iptables
action: template src=$item dest=/etc/sysconfig/iptables mode=600 backup=yes
action: template src={{ item }} dest=/etc/sysconfig/iptables mode=600 backup=yes
with_first_found:
- $iptables
- $files/iptables/iptables.${ansible_fqdn}
- $files/iptables/iptables.${host_group}
- $files/iptables/iptables.${env}
- $files/iptables/iptables
- "{{ iptables }}"
- "{{ files }}/iptables/iptables.{{ ansible_fqdn }}"
- "{{ files }}/iptables/iptables.{{ host_group }}"
- "{{ files }}/iptables/iptables.{{ env }}"
- "{{ files }}/iptables/iptables"
notify:
- restart iptables
tags:

View File

@ -16,12 +16,12 @@
owner=sks group=sks mode=0755
- name: /srv/sks/membership
copy: src=$files/keyserver/membership dest=/srv/sks/membership owner=sks group=sks mode=0644
copy: src="{{ files }}/keyserver/membership" dest=/srv/sks/membership owner=sks group=sks mode=0644
tags:
- config
- name: /srv/sks/sksconf
copy: src=$files/keyserver/sksconf dest=/srv/sks/sksconf owner=sks group=sks mode=0644
copy: src="{{ files }}/keyserver/sksconf" dest=/srv/sks/sksconf owner=sks group=sks mode=0644
tags:
- config
@ -32,47 +32,47 @@
owner=sks group=sks mode=0755
- name: /srv/sks/web/index.html
copy: src=$files/keyserver/index.html dest=/srv/sks/web/index.html owner=sks group=sks mode=0644
copy: src="{{ files }}/keyserver/index.html" dest=/srv/sks/web/index.html owner=sks group=sks mode=0644
tags:
- config
- name: /srv/sks/web/css.css
copy: src=$files/keyserver/css.css dest=/srv/sks/web/css.css owner=sks group=sks mode=0644
copy: src="{{ files }}/keyserver/css.css" dest=/srv/sks/web/css.css owner=sks group=sks mode=0644
tags:
- config
- name: /etc/httpd/conf.d/sks.conf
copy: src=$files/keyserver/sks.conf dest=/etc/httpd/conf.d/sks.conf owner=root group=root mode=0644
copy: src="{{ files }}/keyserver/sks.conf" dest=/etc/httpd/conf.d/sks.conf owner=root group=root mode=0644
tags:
- config
- name: /etc/httpd/conf.d/ssl.conf
copy: src=$files/keyserver/ssl.conf dest=/etc/httpd/conf.d/ssl.conf owner=root group=root mode=0644
copy: src="{{ files }}/keyserver/ssl.conf" dest=/etc/httpd/conf.d/ssl.conf owner=root group=root mode=0644
tags:
- config
- name: /etc/pki/tls/wildcard-2013.fedoraproject.org.cert
copy: src=$puppet_private/httpd/wildcard-2013.fedoraproject.org.cert dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.cert owner=root group=root mode=0600
copy: src="{{ puppet_private }}/httpd/wildcard-2013.fedoraproject.org.cert" dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.cert owner=root group=root mode=0600
tags:
- config
- name: /etc/pki/tls/wildcard-2013.fedoraproject.org.key
copy: src=$puppet_private/httpd/wildcard-2013.fedoraproject.org.key dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.key owner=root group=root mode=0600
copy: src="{{ puppet_private }}/httpd/wildcard-2013.fedoraproject.org.key" dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.key owner=root group=root mode=0600
tags:
- config
- name: /etc/pki/tls/wildcard-2013.fedoraproject.org.intermediate.cert
copy: src=$puppet_private/httpd/wildcard-2013.fedoraproject.org.intermediate.cert dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.intermediate.cert owner=root group=root mode=0600
copy: src="{{ puppet_private }}/httpd/wildcard-2013.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.intermediate.cert owner=root group=root mode=0600
tags:
- config
- name: /etc/pki/tls/keys_fedoraproject_org.crt.pem
copy: src=$puppet_private/keys_fedoraproject_org.crt.pem dest=/etc/pki/tls/keys_fedoraproject_org.crt.pem owner=root group=root mode=0600
copy: src="{{ puppet_private }}/keys_fedoraproject_org.crt.pem" dest=/etc/pki/tls/keys_fedoraproject_org.crt.pem owner=root group=root mode=0600
tags:
- config
- name: /etc/pki/tls/keys_fedoraproject_org.key
copy: src=$puppet_private/keys_fedoraproject_org.key dest=/etc/pki/tls/keys_fedoraproject_org.key owner=root group=root mode=0600
copy: src="{{ puppet_private }}/keys_fedoraproject_org.key" dest=/etc/pki/tls/keys_fedoraproject_org.key owner=root group=root mode=0600
tags:
- config

View File

@ -1,5 +1,5 @@
- name: set root passwd
action: user name=root password=$builder_rootpw state=present
action: user name=root password={{ builder_rootpw }} state=present
- name: add mock user as 425
action: user name=mock uid=425 state=present home=/var/lib/mock createhome=yes system=yes
@ -11,7 +11,7 @@
action: file state=directory path=/var/lib/mock/.ssh mode=700 owner=mock group=mock
- name: add mock ssh keys
action: copy src=$files/kojibuilder/mock_auth_keys dest=/var/lib/mock/.ssh/authorized_keys mode=640 owner=mock group=mock
action: copy src="{{ files }}/kojibuilder/mock_auth_keys" dest=/var/lib/mock/.ssh/authorized_keys mode=640 owner=mock group=mock
- name: add kojibuilder
action: user name=kojibuilder groups=mock
@ -23,10 +23,10 @@
action: file state=directory path=/home/mockbuilder/.ssh mode=700 owner=mockbuilder group=mockbuilder
- name: mockbuilder ssh key
action: copy src=$files/kojibuilder/ftbfs_auth_keys dest=/home/mockbuilder/.ssh/authorized_keys mode=644 owner=mockbuilder group=mockbuilder
action: copy src="{{ files }}/kojibuilder/ftbfs_auth_keys" dest=/home/mockbuilder/.ssh/authorized_keys mode=644 owner=mockbuilder group=mockbuilder
- name: make a bunch of dirs
action: file state=directory path=$item
action: file state=directory path={{ item }}
with_items:
- /pub
- /mnt/fedora_koji
@ -35,16 +35,16 @@
- /var/spool/rsyslog
- name: add builder infra yum repo
action: copy src=$files/kojibuilder/builder-infrastructure.repo dest=/etc/yum.repos.d/builder-infrastructure.repo
action: copy src="{{ files }}/kojibuilder/builder-infrastructure.repo" dest=/etc/yum.repos.d/builder-infrastructure.repo
- name: clean up packages we do not need
action: yum state=removed pkg=$item
action: yum state=removed pkg={{ item }}
with_items:
- audit
- 'cronie\*'
- name: add pkgs
action: yum state=installed pkg=$item
action: yum state=installed pkg={{ item }}
with_items:
- yum-utils
- koji-builder
@ -56,49 +56,49 @@
- ntpdate
- name: /etc/kojid/kojid.conf
action: copy src=$files/kojibuilder/kojid.conf dest=/etc/kojid/kojid.conf
action: copy src="{{ files }}/kojibuilder/kojid.conf" dest=/etc/kojid/kojid.conf
when: not inventory_hostname.startswith(('arm01','arm03'))
notify:
- restart kojid
- name: arm /etc/kojid/kojid.conf
action: copy src=$files/kojibuilder/arm-kojid.conf dest=/etc/kojid/kojid.conf
action: copy src="{{ files }}/kojibuilder/arm-kojid.conf" dest=/etc/kojid/kojid.conf
when: inventory_hostname.startswith(('arm01','arm03'))
notify:
- restart kojid
- name: /etc/koji/koji.conf
action: copy src=$files/kojibuilder/koji.conf dest=/etc/koji.conf
action: copy src="{{ files }}/kojibuilder/koji.conf" dest=/etc/koji.conf
when: not inventory_hostname.startswith(('arm01','arm03'))
- name: /etc/koji/koji.conf
action: copy src=$files/kojibuilder/arm-koji.conf dest=/etc/koji.conf
action: copy src="{{ files }}/kojibuilder/arm-koji.conf" dest=/etc/koji.conf
when: inventory_hostname.startswith(('arm01','arm03'))
- name: copy over koji ca cert
action: copy src=$private/files/koji/buildercerts/fedora-ca.cert dest=/etc/kojid/cacert.pem
action: copy src="{{ private }}/files/koji/buildercerts/fedora-ca.cert" dest=/etc/kojid/cacert.pem
- name: copy over /etc/security/limits.conf
action: copy src=$files/kojibuilder/limits.conf dest=/etc/security/limits.conf
action: copy src="{{ files }}/kojibuilder/limits.conf" dest=/etc/security/limits.conf
- name: copy over builder cert to /etc/kojid/kojibuilder.pem
action: copy src=$private/files/koji/buildercerts/${inventory_hostname}.pem dest=/etc/kojid/kojibuilder.pem mode=600
action: copy src="{{ private }}/files/koji/buildercerts/{{ inventory_hostname }}.pem" dest=/etc/kojid/kojibuilder.pem mode=600
- name: chkconfig kojid on and leave it running
action: service name=kojid enabled=on
# action: service name=kojid enabled=on state=started
- name: copy over authorized keys for root
action: copy src=$files/kojibuilder/root_auth_keys dest=/root/.ssh/authorized_keys mode=644
action: copy src="{{ files }}/kojibuilder/root_auth_keys" dest=/root/.ssh/authorized_keys mode=644
# idmapd and make sure it's set to run
- name: idmapd.conf
action: copy src=$files/kojibuilder/idmapd.conf dest=/etc/idmapd.conf
action: copy src="{{ files }}/kojibuilder/idmapd.conf" dest=/etc/idmapd.conf
tags:
- configs
- name: enable nfs-related services and run them
action: service name=$item enabled=true state=started
action: service name={{ item }} enabled=true state=started
with_items:
- rpcidmapd
- rpcbind
@ -106,7 +106,7 @@
- nfslock
- name: route config for netapp network
action: copy src=$files/kojibuilder/route-eth1 dest=/etc/sysconfig/network-scripts/route-eth1
action: copy src="{{ files }}/kojibuilder/route-eth1" dest=/etc/sysconfig/network-scripts/route-eth1
- name: run netapp route
command: /etc/sysconfig/network-scripts/ifup-routes eth1
@ -122,7 +122,7 @@
# mock configs for pungify job
# TODO: restore this to "copy:", this is a temporary "fix" for https://github.com/ansible/ansible/issues/4377
- name: put extra special mock configs in
template: src=$files/kojibuilder/builders/$item dest=/etc/mock/$item mode=644
template: src="{{ files }}/kojibuilder/builders/{{ item }}" dest="/etc/mock/{{ item }}" mode=644
with_items:
- fedora-branched-pungi-armhfp.cfg
- fedora-branched-pungi-i386.cfg
@ -132,14 +132,14 @@
- fedora-rawhide-pungi-armhfp.cfg
- name: mock site-defaults.cfg
action: copy src=$files/kojibuilder/builders/site-defaults.cfg dest=/etc/mock/site-defaults.cfg mode=0644 owner=root group=mock
action: copy src="{{ files }}/kojibuilder/builders/site-defaults.cfg" dest=/etc/mock/site-defaults.cfg mode=0644 owner=root group=mock
when: not inventory_hostname.startswith('bkernel')
- name: ntp steptickers
action: copy src=$files/common/step-tickers dest=/etc/ntp/step-tickers
action: copy src="{{ files }}/common/step-tickers" dest=/etc/ntp/step-tickers
- name: ntp.conf
action: copy src=$files/common/ntp.conf dest=/etc/ntp.conf
action: copy src="{{ files }}/common/ntp.conf" dest=/etc/ntp.conf
- name: enable ntpd
action: service name=ntpd enabled=true state=started

View File

@ -1,6 +1,6 @@
---
- name: add pkgs for bkernel boxes
action: yum state=latest pkg=$item enablerepo=epel-test
action: yum state=latest pkg={{ item }} enablerepo=epel-test
with_items:
- pesign
- ccid
@ -22,11 +22,11 @@
action: service name=pesign state=started enabled=true
- name: when you awake you will remember nothing
action: copy src=$files/kojibuilder/history_off.sh dest=/etc/profile.d/history_off.sh mode=0644
action: copy src="{{ files }}/kojibuilder/history_off.sh" dest=/etc/profile.d/history_off.sh mode=0644
- name: mock site-defaults.cfg
action: copy src=$files/kojibuilder/builders/bkernel-site-defaults.cfg dest=/etc/mock/site-defaults.cfg mode=0644 owner=root group=mock
action: copy src="{{ files }}/kojibuilder/builders/bkernel-site-defaults.cfg" dest=/etc/mock/site-defaults.cfg mode=0644 owner=root group=mock
- name: make sure our bkernel boxes have static ip
action: template src=$files/kojibuilder/builders/bkernel-eth0-network dest=/etc/sysconfig/network-scripts/ifcfg-eth0
action: template src="{{ files }}/kojibuilder/builders/bkernel-eth0-network" dest=/etc/sysconfig/network-scripts/ifcfg-eth0

View File

@ -5,7 +5,7 @@
action: command /sbin/grubby --update-kernel=ALL --args=max_loop=64
- name: special pkgs for the x86_64 builders
yum: state=installed pkg=$item
yum: state=installed pkg={{ item }}
with_items:
- kmod-hfsplus
when: is_rhel == 'True'

View File

@ -1,5 +1,5 @@
- name: set root passwd
action: user name=root password=$builder_rootpw state=present
action: user name=root password={{ builder_rootpw }} state=present
- name: add mock user as 425
action: user name=mock uid=425 state=present home=/var/lib/mock createhome=yes system=yes
@ -8,7 +8,7 @@
- name: add mock ssh dir
action: file state=directory path=/var/lib/mock/.ssh mode=700 owner=mock group=mock
- name: add mock ssh keys
action: copy src=$files/kojibuilder/mock_auth_keys dest=/var/lib/mock/.ssh/authorized_keys mode=644 owner=mock group=mock
action: copy src="{{ files }}/kojibuilder/mock_auth_keys" dest=/var/lib/mock/.ssh/authorized_keys mode=644 owner=mock group=mock
- name: add ftpsync group
action: group name=ftpsync gid=263 system=yes state=present
@ -17,7 +17,7 @@
action: user name=ftpsync uid=263 group=ftpsync system=yes home=/var/tmp/ftpsync createhome=yes system=yes state=present
- name: add the ftpsync update-fullfilelist script
action: copy src=$files/releng/update-fullfilelist dest=/usr/local/bin/update-fullfilelist owner=ftpsync group=ftpsync mode=555
action: copy src="{{ files }}/releng/update-fullfilelist" dest=/usr/local/bin/update-fullfilelist owner=ftpsync group=ftpsync mode=555
- name: add masher group
action: group name=masher gid=751 system=yes state=present
@ -28,18 +28,18 @@
- name: add masher ssh dir
action: file state=directory path=/home/masher/.ssh mode=700 owner=masher group=masher
- name: add masher ssh keys
action: copy src=$files/releng/mash/masher.$item dest=/home/masher/.ssh/$item mode=600 owner=masher group=masher
action: copy src="{{ files }}/releng/mash/masher.{{ item }}" dest="/home/masher/.ssh/{{ item }}" mode=600 owner=masher group=masher
with_items:
- id_rsa.pub
- config
- name: add masher ssh priv key
action: copy src=$private/files/mash/masher.id_rsa dest=/home/masher/.ssh/id_rsa mode=600 owner=masher group=masher
action: copy src="{{ private }}/files/mash/masher.id_rsa" dest=/home/masher/.ssh/id_rsa mode=600 owner=masher group=masher
- name: add masher koji cert/key
action: copy src=$private/files/mash/masher.pem dest=/home/masher/.fedora.cert mode=600 owner=masher group=masher
action: copy src="{{ private }}/files/mash/masher.pem dest=/home/masher/.fedora.cert" mode=600 owner=masher group=masher
- name: add masher koji ca cert
action: copy src=$private/files/koji/buildercerts/fedora-ca.cert dest=/home/masher/.fedora-server-ca.cert
action: copy src="{{ private }}/files/koji/buildercerts/fedora-ca.cert" dest=/home/masher/.fedora-server-ca.cert
# rawhide group
- name: rawhide group
@ -49,7 +49,7 @@
action: user name=rawhide uid=265 group=rawhide home=/tmp comment="rawhide compose account"
- name: make a bunch of dirs
action: file state=directory path=$item
action: file state=directory path={{ item }}
with_items:
- /pub
- /pub/fedora
@ -67,17 +67,17 @@
action: file src=/mnt/fedora_koji/compose/cache dest=/srv/pungi/cache state=link
- name: add builder infra yum repo
action: copy src=$files/kojibuilder/builder-infrastructure.repo dest=/etc/yum.repos.d/builder-infrastructure.repo
action: copy src="{{ files }}/kojibuilder/builder-infrastructure.repo" dest=/etc/yum.repos.d/builder-infrastructure.repo
tags:
- configs
- name: add releng yum repo
action: copy src=$files/releng/releng.repo dest=/etc/yum.repos.d/releng.repo
action: copy src="{{ files }}/releng/releng.repo" dest=/etc/yum.repos.d/releng.repo
tags:
- configs
- name: add pkgs
action: yum state=installed pkg=$item
action: yum state=installed pkg={{ item }}
with_items:
- yum-utils
- koji
@ -93,12 +93,12 @@
- pykickstart
- name: /etc/koji/koji.conf
action: copy src=$files/kojibuilder/koji.conf dest=/etc/koji.conf
action: copy src="{{ files }}/kojibuilder/koji.conf" dest=/etc/koji.conf
# mock configs
- name: put extra special mock configs in
action: copy src=$files/releng/$item dest=/etc/mock/$item mode=644
action: copy src="{{ files }}/releng/{{ item }}" dest="/etc/mock/{{ item }}" mode=644
with_items:
- fedora-branched-compose-armhfp.cfg
- fedora-rawhide-compose-armhfp.cfg
@ -109,12 +109,12 @@
# idmapd and make sure it's set to run
- name: idmapd.conf
action: copy src=$files/kojibuilder/idmapd.conf dest=/etc/idmapd.conf
action: copy src="{{ files }}/kojibuilder/idmapd.conf" dest=/etc/idmapd.conf
tags:
- configs
- name: enable nfs-related services and run them
action: service name=$item enabled=true state=started
action: service name={{ item }} enabled=true state=started
with_items:
- rpcidmapd
- rpcbind
@ -123,7 +123,7 @@
- name: route to netapp network
action: copy src=$files/kojibuilder/route-eth1 dest=/etc/sysconfig/network-scripts/route-eth1
action: copy src="{{ files }}/kojibuilder/route-eth1" dest=/etc/sysconfig/network-scripts/route-eth1
notify:
- restart netapproute
@ -138,26 +138,26 @@
# put cron job in for branched compose
- name: branched compose cron
action: copy src=$files/releng/branched dest=/etc/cron.d/branched
action: copy src="{{ files }}/releng/branched" dest=/etc/cron.d/branched
when: inventory_hostname.startswith('releng01')
# put cron job in for rawhide compose
- name: rawhide compose cron
action: copy src=$files/releng/rawhide dest=/etc/cron.d/rawhide
action: copy src="{{ files }}/releng/rawhide" dest=/etc/cron.d/rawhide
when: inventory_hostname.startswith('releng02')
- name: sudoers defaults
action: copy src=$private/files/sudo/releng-sudoers dest=/etc/sudoers mode=0440
action: copy src="{{ private }}/files/sudo/releng-sudoers" dest=/etc/sudoers mode=0440
tags:
- configs
- name: sudoers for ftpsync
action: copy src=$private/files/sudo/ftpsync-sudo dest=/etc/sudoers.d/ftpsync mode=0440
action: copy src="{{ private }}/files/sudo/ftpsync-sudo" dest=/etc/sudoers.d/ftpsync mode=0440
tags:
- configs
# fedmsg message buss stuff.
- name: fedmsg install
action: yum state=installed pkg=$item
action: yum state=installed pkg={{ item }}
with_items:
- fedmsg
# needed for now, until moksha 0.8.8-4 pulls it in.
@ -173,7 +173,7 @@
tags:
- fedmsg
- name: fedmsg files
action: copy src=$files/releng/fedmsg/$item dest=/etc/fedmsg.d/$item mode=644
action: copy src="{{ files }}/releng/fedmsg/{{ item }}" dest="/etc/fedmsg.d/{{ item }}" mode=644
with_items:
- ircbot.py
- ssl.py
@ -182,32 +182,32 @@
tags:
- fedmsg
- name: fedmsg ca
action: copy src=$private/files/fedmsg-certs/keys/$item dest=/etc/pki/fedmsg/$item mode=644
action: copy src="{{ private }}/files/fedmsg-certs/keys/{{ item }}" dest="/etc/pki/fedmsg/{{ item }}" mode=644
with_items:
- ca.crt
- name: fedmsg cert
action: copy src=$private/files/fedmsg-certs/keys/$item dest=/etc/pki/fedmsg/$item mode=644
action: copy src="{{ private }}/files/fedmsg-certs/keys/{{ item }}" dest="/etc/pki/fedmsg/{{ item }}" mode=644
with_items:
- bodhi-releng01.phx2.fedoraproject.org.crt
tags:
- fedmsg
when: inventory_hostname.startswith('releng01')
- name: fedmsg key
action: copy src=$private/files/fedmsg-certs/keys/$item dest=/etc/pki/fedmsg/$item mode=640 group=masher
action: copy src="{{ private }}/files/fedmsg-certs/keys/{{ item }}" dest="/etc/pki/fedmsg/{{ item }}" mode=640 group=masher
with_items:
- bodhi-releng01.phx2.fedoraproject.org.key
tags:
- fedmsg
when: inventory_hostname.startswith('releng01')
- name: fedmsg cert
action: copy src=$private/files/fedmsg-certs/keys/$item dest=/etc/pki/fedmsg/$item mode=644
action: copy src="{{ private }}/files/fedmsg-certs/keys/{{ item }}" dest="/etc/pki/fedmsg/{{ item }}" mode=644
with_items:
- bodhi-releng02.phx2.fedoraproject.org.crt
tags:
- fedmsg
when: inventory_hostname.startswith('releng02')
- name: fedmsg key
action: copy src=$private/files/fedmsg-certs/keys/$item dest=/etc/pki/fedmsg/$item mode=640 group=masher
action: copy src="{{ private }}/files/fedmsg-certs/keys/{{ item }}" dest="/etc/pki/fedmsg/{{ item }}" mode=640 group=masher
with_items:
- bodhi-releng02.phx2.fedoraproject.org.key
tags:

View File

@ -6,7 +6,7 @@
- packages
- name: wsgi.conf
copy: src=$files/mod_wsgi/wsgi.conf dest=/etc/httpd/conf.d/wsgi.conf
copy: src="{{ files }}/mod_wsgi/wsgi.conf" dest=/etc/httpd/conf.d/wsgi.conf
notify:
- restart apache
tags:

View File

@ -3,14 +3,14 @@
# Setup mysql server.
#
- name: install mysql server packages
yum: name=$item state=installed
yum: name={{ item }} state=installed
with_items:
- mysql-server
tags:
- packages
- name: install our my.cnf
copy: src=$files/mysql/my.cnf dest=/etc/my.cnf owner=root group=root mode=0644
copy: src="{{ files }}/mysql/my.cnf" dest=/etc/my.cnf owner=root group=root mode=0644
- name: Set mysql-server to run
service: name=mysqld enabled=yes state=running

View File

@ -6,35 +6,35 @@
- packages
- name: /etc/openvpn/ca.crt from vpn/openvpn/keys/ca.crt
copy: src=$puppet_private/vpn/openvpn/keys/ca.crt dest=/etc/openvpn/ca.crt mode=0600 owner=root group=root
copy: src="{{ puppet_private }}/vpn/openvpn/keys/ca.crt" dest=/etc/openvpn/ca.crt mode=0600 owner=root group=root
tags:
- config
notify:
- restart openvpn
- name: /etc/openvpn/crl.pem from vpn/openvpn/keys/crl.pem
copy: src=$puppet_private/vpn/openvpn/keys/crl.pem dest=/etc/openvpn/crl.pem mode=0644 owner=root group=root
copy: src="{{ puppet_private }}/vpn/openvpn/keys/crl.pem" dest=/etc/openvpn/crl.pem mode=0644 owner=root group=root
tags:
- config
notify:
- restart openvpn
- name: /etc/openvpn/openvpn.conf
copy: src=$files/openvpn/client.conf dest=/etc/openvpn/openvpn.conf
copy: src="{{ files }}/openvpn/client.conf" dest=/etc/openvpn/openvpn.conf
tags:
- config
notify:
- restart openvpn
- name: /etc/openvpn/client.crt
copy: src=$puppet_private/vpn/openvpn/keys/${inventory_hostname}.crt dest=/etc/openvpn/client.crt mode=0600 owner=root group=root
copy: src="{{ puppet_private }}/vpn/openvpn/keys/{{ inventory_hostname }}.crt" dest=/etc/openvpn/client.crt mode=0600 owner=root group=root
tags:
- config
notify:
- restart openvpn
- name: /etc/openvpn/client.key
copy: src=$puppet_private/vpn/openvpn/keys/${inventory_hostname}.key dest=/etc/openvpn/client.key mode=0600 owner=root group=root
copy: src="{{ puppet_private }}/vpn/openvpn/keys/{{ inventory_hostname }}.key" dest=/etc/openvpn/client.key mode=0600 owner=root group=root
tags:
- config
notify:

View File

@ -1,25 +1,25 @@
---
- name: check it out
local_action: shell nc -d -z -w 5 ${inventory_hostname} 22 >>/dev/null
local_action: shell nc -d -z -w 5 {{ inventory_hostname }} 22 >>/dev/null
register: host_is_up
ignore_errors: true
- name: spin it up
local_action: ec2 keypair=${keypair} image=${image} type=${instance_type} wait=true group=${security_group} ec2_access_key=$persist_access_key ec2_secret_key=$persist_secret_key ec2_url=$os_ec2_url
local_action: ec2 keypair={{ keypair }} image={{ image }} type={{ instance_type }} wait=true group={{ security_group }} ec2_access_key={{ persist_access_key }} ec2_secret_key={{ persist_secret_key }} ec2_url={{ os_ec2_url }}
register: inst_res
when: host_is_up|failed
- name: assign it a special ip
local_action: shell euca-associate-address --config ${persist_config} -i ${inst_res.instances[0].id} ${public_ip}
local_action: shell euca-associate-address --config {{ persist_config }} -i {{ inst_res.instances[0].id }} {{ public_ip }}
when: host_is_up|failed
- name: wait for the reassignation
local_action: wait_for host=${public_ip} port=22 delay=20 timeout=300
local_action: wait_for host={{ public_ip }} port=22 delay=20 timeout=300
when: host_is_up|failed
# attach and mount volumes
- name: attach volumes to the system
local_action: shell euca-attach-volume --config ${persist_config} -i ${inst_res.instances[0].id} $item
with_items: $volumes
local_action: shell euca-attach-volume --config {{ persist_config }} -i {{ inst_res.instances[0].id }} {{ item }}
with_items: "{{ volumes }}"
when: volumes is defined and host_is_up|failed

View File

@ -5,14 +5,14 @@
- packages
- name: /etc/postfix/main.cf
action: copy src=$item dest=/etc/postfix/main.cf
action: copy src={{ item }} dest=/etc/postfix/main.cf
with_first_found:
- $postfix_maincf
- $files/postfix/main.cf.${ansible_fqdn}
- $files/postfix/main.cf.${inventory_hostname}
- $files/postfix/main.cf.${host_group}
- $files/postfix/main.cf.${postfix_group}
- $files/postfix/main.cf
- "{{ postfix_maincf }}"
- "{{ files }}/postfix/main.cf.{{ ansible_fqdn }}"
- "{{ files }}/postfix/main.cf.{{ inventory_hostname }}"
- "{{ files }}/postfix/main.cf.{{ host_group }}"
- "{{ files }}/postfix/main.cf.{{ postfix_group }}"
- "{{ files }}/postfix/main.cf"
notify:
- restart postfix
tags:

View File

@ -1,7 +1,7 @@
---
# tasklist for setting up a rdiff backup server.
- name: install rdiff-backup
yum: pkg=$item state=installed
yum: pkg={{ item }} state=installed
with_items:
- rdiff-backup
- git
@ -10,11 +10,11 @@
- packages
- name: setup rdiff backup script
copy: src=$files/rdiff-backup/run-rdiff-backups dest=/usr/local/bin/run-rdiff-backups mode=755
copy: src="{{ files }}/rdiff-backup/run-rdiff-backups" dest=/usr/local/bin/run-rdiff-backups mode=755
tags:
- config
- name: setup rdiff backup cron
copy: src=$files/rdiff-backup/run-rdiff-backups.cron dest=/etc/cron.d/run-rdiff-backups
copy: src="{{ files }}/rdiff-backup/run-rdiff-backups.cron" dest=/etc/cron.d/run-rdiff-backups
tags:
- config

View File

@ -1,7 +1,7 @@
---
- name: upstart serial setup
action: copy src=$files/common/ttyS0.conf dest=/etc/init/ttyS0.conf
action: copy src="{{ files }}/common/ttyS0.conf" dest=/etc/init/ttyS0.conf
when: is_rhel == 'True'
tags:
- configs

View File

@ -1,7 +1,7 @@
---
- name: put builder-repo on system
action: copy src=$files/sign/$item dest=/etc/yum.repos.d/$item
action: copy src="{{ files }}/sign/{{ item }}" dest="/etc/yum.repos.d/{{ item }}"
with_items:
- builder-rpms.repo
when: is_rhel == 'True'
@ -10,7 +10,7 @@
- packages
- name: install sigul
action: yum state=installed name=$item
action: yum state=installed name={{ item }}
with_items:
- sigul
- ntp
@ -20,24 +20,24 @@
- packages
- name: setup /etc/sigul/bridge.conf file
action: template src=$files/sign/bridge.conf.j2 dest=/etc/sigul/bridge.conf owner=root group=sigul mode=640
action: template src="{{ files }}/sign/bridge.conf.j2" dest=/etc/sigul/bridge.conf owner=root group=sigul mode=640
tags:
- config
- name: setup /etc/sigul/server.conf file
action: copy src=$files/sign/server.conf dest=/etc/sigul/server.conf owner=root group=sigul mode=640
action: copy src="{{ files }}/sign/server.conf" dest=/etc/sigul/server.conf owner=root group=sigul mode=640
- name: ntp steptickers
action: copy src=$files/common/step-tickers dest=/etc/ntp/step-tickers
action: copy src="{{ files }}/common/step-tickers" dest=/etc/ntp/step-tickers
- name: ntp.conf
action: copy src=$files/common/ntp.conf dest=/etc/ntp.conf
action: copy src="{{ files }}/common/ntp.conf" dest=/etc/ntp.conf
- name: enable ntpd
action: service name=ntpd enabled=true state=started
- name: /etc/hosts
action: copy src=$files/hosts/sign-hosts dest=/etc/hosts
action: copy src="{{ files }}/hosts/sign-hosts" dest=/etc/hosts
tags:
- configs

View File

@ -7,16 +7,16 @@
# Put in place the default sysadmin-main sudoers file.
#
- name: setup /etc/sudoers.d/sysadmin-main
action: copy src=$private/files/sudo/sysadmin-main dest=/etc/sudoers.d/ owner=root group=root mode=0600
action: copy src="{{ private }}/files/sudo/sysadmin-main" dest=/etc/sudoers.d/ owner=root group=root mode=0600
tags:
- config
#
# This will move a /etc/sudoers.d/ file in place
#
- name: setup /etc/sudoers.d/sudoer file for client use
action: copy src=$item dest=/etc/sudoers.d/ owner=root group=root mode=0600
action: copy src={{ item }} dest=/etc/sudoers.d/ owner=root group=root mode=0600
with_first_found:
- files: ${sudoers} ${private}/files/sudo/${ansible_fqdn}-sudoers ${private}/files/sudo/${ansible_hostname}-sudoers ${private}/files/sudo/${ansible_domain}-sudoers
- files: "{{ sudoers }}" "{{ private }}/files/sudo/{{ ansible_fqdn }}-sudoers" "{{ private }}/files/sudo/{{ ansible_hostname }}-sudoers" "{{ private }}/files/sudo/{{ ansible_domain }}-sudoers"
skip: true
tags:
- config

View File

@ -1,16 +1,16 @@
---
- name: spin it up
local_action: ec2 keypair=${keypair} image=${image} type=${instance_type} wait=true group=${security_group} ec2_access_key=$transient_access_key ec2_secret_key=$transient_secret_key ec2_url=$os_ec2_url
local_action: ec2 keypair={{ keypair }} image={{ image }} type={{ instance_type }} wait=true group={{ security_group }} ec2_access_key={{ transient_access_key }} ec2_secret_key={{ transient_secret_key }} ec2_url={{ os_ec2_url }}
register: inst_res
- name: add it to the special group
local_action: add_host hostname=${inst_res.instances[0].public_ip} groupname=tmp_just_created
local_action: add_host hostname={{ inst_res.instances[0].public_ip }} groupname=tmp_just_created
- name: mail off about where it is
local_action: mail to=sysadmin-main-members@fedoraproject.org from=ansible-create@fedoraproject.org subject=${inst_res.instances[0].public_ip} msg="cloud instance created on ${inst_res.instances[0].public_ip}\n instance id - ${inst_res.instances[0].id} - ${hostbase} ${root_auth_users} "
local_action: mail to=sysadmin-main-members@fedoraproject.org from=ansible-create@fedoraproject.org subject={{ inst_res.instances[0].public_ip }} msg="cloud instance created on {{ inst_res.instances[0].public_ip }}\n instance id - {{ inst_res.instances[0].id }} - {{ hostbase }} {{ root_auth_users }} "
- name: wait for the host to be hot
local_action: wait_for host=${inst_res.instances[0].public_ip} port=22 delay=2 timeout=300
local_action: wait_for host={{ inst_res.instances[0].public_ip }} port=22 delay=2 timeout=300

View File

@ -5,7 +5,7 @@
selinux: policy=targeted state=enforcing
- name: install libvirt packages
yum: pkg=$item state=installed
yum: pkg={{ item }} state=installed
with_items:
- qemu-kvm
- libvirt
@ -18,7 +18,7 @@
# This provides us with the ability to use virt-manager from non root accounts.
#
- name: install libvirtd.conf
copy: src=$files/virthost/libvirtd.conf dest=/etc/libvirt/libvirtd.conf
copy: src="{{ files }}/virthost/libvirtd.conf" dest=/etc/libvirt/libvirtd.conf
notify:
- restart libvirtd
tags:

View File

@ -1,6 +1,6 @@
---
- name: put rhel repos on system
action: copy src=$files/common/$item dest=/etc/yum.repos.d/$item
action: copy src="{{ files }}/common/{{ item }}" dest="/etc/yum.repos.d/{{ item }}"
with_items:
- epel6.repo
- rhel6.repo
@ -10,7 +10,7 @@
- packages
- name: put fedora repos on x86 systems
action: copy src=$files/common/$item dest=/etc/yum.repos.d/$item
action: copy src="{{ files }}/common/{{ item }}" dest="/etc/yum.repos.d/{{ item }}"
with_items:
- fedora.repo
- fedora-updates.repo
@ -21,7 +21,7 @@
- packages
- name: put fedora repos on arm systems
action: copy src=$files/common/$item-arm dest=/etc/yum.repos.d/$item
action: copy src="{{ files }}/common/{{ item-arm }}" dest="/etc/yum.repos.d/{{ item }}"
with_items:
- fedora.repo
- fedora-updates.repo
@ -32,7 +32,7 @@
- packages
- name: add infrastructure repo
action: copy src=$files/common/$item dest=/etc/yum.repos.d/$item
action: copy src="{{ files }}/common/{{ item }}" dest="/etc/yum.repos.d/{{ item }}"
with_items:
- infrastructure.repo
- infrastructure-testing.repo