Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Merge branch 'master' of /git/ansible

Browse source
This commit is contained in:
Stephen Smoogen 2017-05-10 15:57:52 +00:00
commit 051ab3e830
9 changed files with 283 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

12
inventory/host_vars/os-control01.stg.phx2.fedoraproject.org Normal file
View file

@ -0,0 +1,12 @@
---
nm: 255.255.255.0
gw: 10.5.128.254
dns: 10.5.126.21
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
volgroup: /dev/vg_guests
eth0_ip: 10.5.128.100
vmhost: virthost04.phx2.fedoraproject.org
datacenter: phx2

19
inventory/host_vars/os-master01.stg.phx2.fedoraproject.org Normal file
View file

@ -0,0 +1,19 @@
---
nm: 255.255.255.0
gw: 10.5.128.254
dns: 10.5.126.21
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-atomic-rhel-7
ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
volgroup: /dev/vg_guests
eth0_ip: 10.5.128.101
vmhost: virthost11.phx2.fedoraproject.org
datacenter: phx2
host_group: os-stg
nrpe_procs_warn: 900
nrpe_procs_crit: 1000
lvm_size: 120g
mem_size: 8192
max_mem_size: 8192
num_cpus: 4

19
inventory/host_vars/os-master02.stg.phx2.fedoraproject.org Normal file
View file

@ -0,0 +1,19 @@
---
nm: 255.255.255.0
gw: 10.5.128.254
dns: 10.5.126.21
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-atomic-host-rhel-7
ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
volgroup: /dev/vg_guests
eth0_ip: 10.5.128.102
vmhost: virthost04.phx2.fedoraproject.org
datacenter: phx2
host_group: os-stg
nrpe_procs_warn: 900
nrpe_procs_crit: 1000
lvm_size: 120g
mem_size: 8192
max_mem_size: 16384
num_cpus: 4

19
inventory/host_vars/os-master03.stg.phx2.fedoraproject.org Normal file
View file

@ -0,0 +1,19 @@
---
nm: 255.255.255.0
gw: 10.5.128.254
dns: 10.5.126.21
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-atomic-host-rhel-7
ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
volgroup: /dev/vg_guests
eth0_ip: 10.5.128.103
vmhost: virthost04.phx2.fedoraproject.org
datacenter: phx2
host_group: os-stg
nrpe_procs_warn: 900
nrpe_procs_crit: 1000
lvm_size: 120g
mem_size: 8192
max_mem_size: 16384
num_cpus: 4

19
inventory/host_vars/os-node01.stg.phx2.fedoraproject.org Normal file
View file

@ -0,0 +1,19 @@
---
nm: 255.255.255.0
gw: 10.5.128.254
dns: 10.5.126.21
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-atomic-host-rhel-7
ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
volgroup: /dev/vg_guests
eth0_ip: 10.5.128.104
vmhost: virthost11.phx2.fedoraproject.org
datacenter: phx2
host_group: os-nodes-stg
nrpe_procs_warn: 900
nrpe_procs_crit: 1000
lvm_size: 120g
mem_size: 8192
max_mem_size: 16384
num_cpus: 4

19
inventory/host_vars/os-node02.stg.phx2.fedoraproject.org Normal file
View file

@ -0,0 +1,19 @@
---
nm: 255.255.255.0
gw: 10.5.128.254
dns: 10.5.126.21
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-atomic-host-7
ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
volgroup: /dev/vg_guests
eth0_ip: 10.5.128.105
vmhost: virthost04.phx2.fedoraproject.org
datacenter: phx2
host_group: os-nodes-stg
nrpe_procs_warn: 900
nrpe_procs_crit: 1000
lvm_size: 120g
mem_size: 8192
max_mem_size: 16384
num_cpus: 4

17
inventory/inventory
View file

@ -776,6 +776,12 @@ osbs-node02.stg.phx2.fedoraproject.org
docker-registry01.stg.phx2.fedoraproject.org docker-registry01.stg.phx2.fedoraproject.org
docker-registry02.stg.phx2.fedoraproject.org docker-registry02.stg.phx2.fedoraproject.org
docker-candidate-registry01.stg.phx2.fedoraproject.org docker-candidate-registry01.stg.phx2.fedoraproject.org
os-control01.stg.phx2.fedoraproject.org
os-master01.stg.phx2.fedoraproject.org
os-master02.stg.phx2.fedoraproject.org
os-master03.stg.phx2.fedoraproject.org
os-node01.stg.phx2.fedoraproject.org
os-node02.stg.phx2.fedoraproject.org
# This is a list of hosts that are a little "friendly" with staging. # This is a list of hosts that are a little "friendly" with staging.
# They are exempted from the iptables wall between staging and prod. # They are exempted from the iptables wall between staging and prod.
@ -1324,6 +1330,17 @@ osbs-master01.stg.phx2.fedoraproject.org
osbs-node01.stg.phx2.fedoraproject.org osbs-node01.stg.phx2.fedoraproject.org
osbs-node02.stg.phx2.fedoraproject.org osbs-node02.stg.phx2.fedoraproject.org
[os-control-stg]
os-control01.stg.phx2.fedoraproject.org
[os-master-stg]
os-master01.stg.phx2.fedoraproject.org
os-master02.stg.phx2.fedoraproject.org
os-master03.stg.phx2.fedoraproject.org
[os-node-stg]
os-node01.stg.phx2.fedoraproject.org
os-node02.stg.phx2.fedoraproject.org
# Docker (docker-distribution) registries # Docker (docker-distribution) registries
[docker-registry] [docker-registry]

158
playbooks/groups/os-cluster.yml Normal file
View file

@ -0,0 +1,158 @@
# create an os server
- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=os-control-stg:os-control"
- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=os-nodes-stg:os-masters-stg:os-nodes:os-masters"
- name: make the box be real
hosts: os-control:os-control-stg:os-masters-stg:os-nodes-stg:os-masters:os-nodes
user: root
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- base
- rkhunter
- nagios_client
- hosts
- fas_client
- collectd/base
- rsyncd
- sudo
tasks:
- include: "{{ tasks_path }}/yumrepos.yml"
- include: "{{ tasks_path }}/2fa_client.yml"
- include: "{{ tasks_path }}/motd.yml"
handlers:
- include: "{{ handlers_path }}/restart_services.yml"
- name: OSBS control hosts pre-req setup
hosts: os-control:os-control-stg
tags:
- os-cluster-prereq
user: root
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
tasks:
- name: deploy private key to control hosts
copy:
src: "{{private}}/files/os/{{env}}/control_key"
dest: "/root/.ssh/id_rsa"
owner: root
mode: 0600
- name: set ansible to use pipelining
ini_file:
dest: /etc/ansible/ansible.cfg
section: ssh_connection
option: pipelining
value: "True"
- name: Setup cluster masters pre-reqs
hosts: os-masters-stg:os-masters
tags:
- os-cluster-prereq
user: root
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
tasks:
- name: ensure origin conf dir exists
file:
path: "/etc/origin"
state: "directory"
- name: create cert dir for openshift public facing REST API SSL
file:
path: "/etc/origin/master/named_certificates"
state: "directory"
- name: install cert for openshift public facing REST API SSL
copy:
src: "{{private}}/files/os/{{env}}/os-internal.pem"
dest: "/etc/origin/master/named_certificates/{{os}}.pem"
- name: install key for openshift public facing REST API SSL
copy:
src: "{{private}}/files/os/{{env}}/os-internal.key"
dest: "/etc/origin/master/named_certificates/{{os}}.key"
- name: place htpasswd file
copy:
src: "{{private}}/files/httpd/os-{{env}}.htpasswd"
dest: /etc/origin/htpasswd
- name: Setup cluster hosts pre-reqs
hosts: os-masters-stg:os-nodes-stg:os-masters:os-nodes
tags:
- os-cluster-prereq
user: root
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
handlers:
- name: restart NetworkManager
service:
name: NetworkManager
state: restarted
tasks:
- name: Install necessary packages that openshift-ansible needs
package: name="{{ item }}" state=installed
with_items:
- tar
- rsync
- dbus-python
- NetworkManager
- libselinux-python
- origin
- name: Deploy controller public ssh keys to os cluster hosts
authorized_key:
user: root
key: "{{ lookup('file', '{{private}}/files/os/{{env}}/control_key.pub') }}"
# This is required for OpenShift built-in SkyDNS inside the overlay network
# of the cluster
- name: ensure NM_CONTROLLED is set to "yes" for os cluster
lineinfile:
dest: "/etc/sysconfig/network-scripts/ifcfg-eth0"
line: "NM_CONTROLLED=yes"
notify:
- restart NetworkManager
# This is required for OpenShift built-in SkyDNS inside the overlay network
# of the cluster
- name: ensure NetworkManager is enabled and started
service:
name: NetworkManager
state: started
enabled: yes
- name: cron entry to clean up docker storage
copy:
src: "{{files}}/os/cleanup-docker-storage"
dest: "/etc/cron.d/cleanup-docker-storage"
- name: copy docker-storage-setup config
copy:
src: "{{files}}/os/docker-storage-setup"
dest: "/etc/sysconfig/docker-storage-setup"

1
roles/batcave/tasks/main.yml
View file

@ -21,6 +21,7 @@
- yum-metadata-parser # Needed for rhn sync - yum-metadata-parser # Needed for rhn sync
- yum-rhn-plugin # Needed for rhn sync - yum-rhn-plugin # Needed for rhn sync
- createrepo_c # Needed for rhn sync - createrepo_c # Needed for rhn sync
- ostree # Needed for rhn sync
- python-sqlalchemy # Needed for repo2json - python-sqlalchemy # Needed for repo2json
- pyliblzma # Needed for repo2json - pyliblzma # Needed for repo2json
- ansible_utils # Needed for rbac-playbook - ansible_utils # Needed for rbac-playbook