Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Move all puppet_private stuff to ansible private so we can stop using puppet private.

Browse source
This commit is contained in:
Kevin Fenzi 2015-09-25 18:16:23 +00:00
parent 81d9781409
commit 2873cdd427
25 changed files with 70 additions and 71 deletions
Download patch file Download diff file Expand all files Collapse all files

2
roles/anitya/fedmsg/tasks/main.yml
View file

@ -77,7 +77,7 @@
- name: install fedmsg ca.cert - name: install fedmsg ca.cert
copy: > copy: >
src="{{ puppet_private }}/fedmsg-certs/keys/ca.crt" src="{{ private }}/files/fedmsg-certs/keys/ca.crt"
dest=/etc/pki/fedmsg/ca.crt dest=/etc/pki/fedmsg/ca.crt
owner=root owner=root
group=root group=root

2
roles/bodhi/backend/tasks/main.yml
View file

@ -140,7 +140,7 @@
# #
- name: copy koji ssl cert for owner sync - name: copy koji ssl cert for owner sync
copy: src="{{ puppet_private }}/pkgdb_key_and_cert.pem" dest=/etc/pki/pkgdb/pkgdb.pem mode=600 copy: src="{{ private }}/files/pkgdb_key_and_cert.pem" dest=/etc/pki/pkgdb/pkgdb.pem mode=600
tags: tags:
- config - config

4
roles/bodhi/base/tasks/main.yml
View file

@ -52,7 +52,7 @@
- name: install bodhi.pem file - name: install bodhi.pem file
copy: > copy: >
src="{{ puppet_private }}/bodhi_key_and_cert.pem" src="{{ private }}/files/bodhi_key_and_cert.pem"
dest="/etc/pki/bodhi/bodhi.pem" dest="/etc/pki/bodhi/bodhi.pem"
owner=bodhi owner=bodhi
group=bodhi group=bodhi
@ -64,7 +64,7 @@
- name: install bodhi certificates - name: install bodhi certificates
copy: > copy: >
src="{{ puppet_private }}/fedora-ca.cert" src="{{ private }}/files/fedora-ca.cert"
dest="/etc/pki/bodhi/{{ item }}" dest="/etc/pki/bodhi/{{ item }}"
owner=root owner=root
group=root group=root

4
roles/bodhi2/backend/tasks/main.yml
View file

@ -141,13 +141,13 @@
file: path=/etc/pki/pkgdb mode=700 state=directory file: path=/etc/pki/pkgdb mode=700 state=directory
- name: copy koji ssl cert for owner sync - name: copy koji ssl cert for owner sync
copy: src="{{ puppet_private }}/pkgdb_key_and_cert.pem" dest=/etc/pki/pkgdb/pkgdb.pem mode=600 copy: src="{{ private }}/files/pkgdb_key_and_cert.pem" dest=/etc/pki/pkgdb/pkgdb.pem mode=600
tags: tags:
- config - config
- name: install /etc/pki/fas/fedora-server-ca.cert file - name: install /etc/pki/fas/fedora-server-ca.cert file
copy: > copy: >
src="{{ puppet_private }}/fedora-ca.cert" src="{{ private }}/files/fedora-ca.cert"
dest="/etc/pki/pkgdb/fedora-server-ca.cert" dest="/etc/pki/pkgdb/fedora-server-ca.cert"
mode=0644 mode=0644
tags: tags:

4
roles/bodhi2/base/tasks/main.yml
View file

@ -99,7 +99,7 @@
- name: install bodhi.pem file - name: install bodhi.pem file
copy: > copy: >
src="{{ puppet_private }}/bodhi_key_and_cert.pem" src="{{ private }}/files/bodhi_key_and_cert.pem"
dest="/etc/pki/bodhi/bodhi.pem" dest="/etc/pki/bodhi/bodhi.pem"
owner=bodhi owner=bodhi
group=bodhi group=bodhi
@ -111,7 +111,7 @@
- name: install bodhi certificates - name: install bodhi certificates
copy: > copy: >
src="{{ puppet_private }}/fedora-ca.cert" src="{{ private }}/files/fedora-ca.cert"
dest="/etc/pki/bodhi/{{ item }}" dest="/etc/pki/bodhi/{{ item }}"
owner=root owner=root
group=root group=root

2
roles/copr/backend/tasks/install_certs.yml
View file

@ -1,5 +1,5 @@
- name: copy httpd ssl certificates - name: copy httpd ssl certificates
copy: src="{{ puppet_private }}/httpd/{{ item }}" dest="/etc/lighttpd/{{ item }}" owner=root group=root mode=0600 copy: src="{{ private }}/files/httpd/{{ item }}" dest="/etc/lighttpd/{{ item }}" owner=root group=root mode=0600
with_items: with_items:
- copr-be.fedoraproject.org.key - copr-be.fedoraproject.org.key
- copr-be.fedoraproject.org.crt - copr-be.fedoraproject.org.crt

4
roles/copr/frontend/tasks/install_certs.yml
View file

@ -1,10 +1,10 @@
- name: copy httpd ssl certificates (crt) - name: copy httpd ssl certificates (crt)
copy: src="{{ puppet_private }}/httpd/copr-fe.fedoraproject.org.crt" dest="/etc/pki/tls/certs/" owner=root group=root mode=0600 copy: src="{{ private }}/files/httpd/copr-fe.fedoraproject.org.crt" dest="/etc/pki/tls/certs/" owner=root group=root mode=0600
tags: tags:
- config - config
- name: copy httpd ssl certificates (key) - name: copy httpd ssl certificates (key)
copy: src="{{ puppet_private }}/httpd/copr-fe.fedoraproject.org.key" dest="/etc/pki/tls/private/" owner=root group=root mode=0600 copy: src="{{ private }}/files/httpd/copr-fe.fedoraproject.org.key" dest="/etc/pki/tls/private/" owner=root group=root mode=0600
tags: tags:
- config - config

6
roles/download/tasks/main.yml
View file

@ -59,13 +59,13 @@
- selinux - selinux
- name: Copy wildcard cert from puppet private - name: Copy wildcard cert from puppet private
copy: src="{{puppet_private}}/httpd/wildcard-2014.fedoraproject.org.cert" dest=/etc/pki/tls/certs/wildcard-2014.fedoraproject.org.cert owner=root group=root mode=0644 copy: src="{{private}}/files/httpd/wildcard-2014.fedoraproject.org.cert" dest=/etc/pki/tls/certs/wildcard-2014.fedoraproject.org.cert owner=root group=root mode=0644
- name: Copy wildcard key from puppet private - name: Copy wildcard key from puppet private
copy: src="{{puppet_private}}/httpd/wildcard-2014.fedoraproject.org.key" dest=/etc/pki/tls/private/wildcard-2014.fedoraproject.org.key owner=root group=root mode=0600 copy: src="{{private}}/files/httpd/wildcard-2014.fedoraproject.org.key" dest=/etc/pki/tls/private/wildcard-2014.fedoraproject.org.key owner=root group=root mode=0600
- name: Copy intermediate wildcard cert from puppet private - name: Copy intermediate wildcard cert from puppet private
copy: src="{{puppet_private}}/httpd/wildcard-2014.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/certs/wildcard-2014.fedoraproject.org.intermediate.cert owner=root group=root mode=0644 copy: src="{{private}}/files/httpd/wildcard-2014.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/certs/wildcard-2014.fedoraproject.org.intermediate.cert owner=root group=root mode=0644
- name: Configure httpd dl main conf - name: Configure httpd dl main conf
copy: src=httpd/dl.fedoraproject.org.conf dest=/etc/httpd/conf.d/dl.fedoraproject.org.conf copy: src=httpd/dl.fedoraproject.org.conf dest=/etc/httpd/conf.d/dl.fedoraproject.org.conf

14
roles/fas_server/tasks/main.yml
View file

@ -71,7 +71,7 @@
- name: install /etc/fas-gpg/pubring.gpg file - name: install /etc/fas-gpg/pubring.gpg file
copy: > copy: >
src="{{ puppet_private }}/fas-gpg/pubring.gpg" src="{{ private }}/files/fas-gpg/pubring.gpg"
dest="/etc/fas-gpg/pubring.gpg" dest="/etc/fas-gpg/pubring.gpg"
owner=fas owner=fas
group=fas group=fas
@ -82,7 +82,7 @@
- name: install /etc/pki/fas/fedora-server-ca.cert file - name: install /etc/pki/fas/fedora-server-ca.cert file
copy: > copy: >
src="{{ puppet_private }}/fedora-ca.cert" src="{{ private }}/files/fedora-ca.cert"
dest="/etc/pki/fas/fedora-server-ca.cert" dest="/etc/pki/fas/fedora-server-ca.cert"
owner=fas owner=fas
group=fas group=fas
@ -93,7 +93,7 @@
- name: install /etc/pki/fas/fedora-upload-ca.cert file - name: install /etc/pki/fas/fedora-upload-ca.cert file
copy: > copy: >
src="{{ puppet_private }}/fedora-ca.cert" src="{{ private }}/files/fedora-ca.cert"
dest="/etc/pki/fas/fedora-upload-ca.cert" dest="/etc/pki/fas/fedora-upload-ca.cert"
owner=fas owner=fas
group=fas group=fas
@ -104,7 +104,7 @@
- name: install /usr/share/fas/static/fedora-server-ca.cert file - name: install /usr/share/fas/static/fedora-server-ca.cert file
copy: > copy: >
src="{{ puppet_private }}/fedora-ca.cert" src="{{ private }}/files/fedora-ca.cert"
dest="/usr/share/fas/static/fedora-server-ca.cert" dest="/usr/share/fas/static/fedora-server-ca.cert"
owner=root owner=root
group=root group=root
@ -115,7 +115,7 @@
- name: install /usr/share/fas/static/fedora-upload-ca.cert file - name: install /usr/share/fas/static/fedora-upload-ca.cert file
copy: > copy: >
src="{{ puppet_private }}/fedora-ca.cert" src="{{ private }}/files/fedora-ca.cert"
dest="/usr/share/fas/static/fedora-upload-ca.cert" dest="/usr/share/fas/static/fedora-upload-ca.cert"
owner=root owner=root
group=root group=root
@ -201,7 +201,7 @@
- name: install /var/lib/fedora-ca/private/cakey.pem file - name: install /var/lib/fedora-ca/private/cakey.pem file
copy: > copy: >
src="{{ puppet_private }}/cakey.pem" src="{{ private }}/files/cakey.pem"
dest="/var/lib/fedora-ca/private/cakey.pem" dest="/var/lib/fedora-ca/private/cakey.pem"
owner=fas owner=fas
group=fas group=fas
@ -249,7 +249,7 @@
- name: install /var/lib/fedora-ca/cacert.pem file - name: install /var/lib/fedora-ca/cacert.pem file
copy: > copy: >
src="{{ puppet_private }}/fedora-ca.cert" src="{{ private }}/files/fedora-ca.cert"
dest="/var/lib/fedora-ca/cacert.pem" dest="/var/lib/fedora-ca/cacert.pem"
owner=root owner=root
group=root group=root

4
roles/fedmsg/crl/tasks/main.yml
View file

@ -12,7 +12,7 @@
- name: Copy over our crl from the private repo - name: Copy over our crl from the private repo
copy: > copy: >
src={{puppet_private}}/fedmsg-certs/keys/crl.pem dest=/srv/web/fedmsg/crl.pem src={{private}}/files/fedmsg-certs/keys/crl.pem dest=/srv/web/fedmsg/crl.pem
owner=root group=root mode=0644 owner=root group=root mode=0644
tags: tags:
- fedmsg - fedmsg
@ -24,7 +24,7 @@
# messages. # messages.
- name: Copy over our CA cert from the private repo - name: Copy over our CA cert from the private repo
copy: > copy: >
src={{puppet_private}}/fedmsg-certs/keys/ca.crt dest=/srv/web/fedmsg/ca.crt src={{private}}/files/fedmsg-certs/keys/ca.crt dest=/srv/web/fedmsg/ca.crt
owner=root group=root mode=0644 owner=root group=root mode=0644
tags: tags:
- fedmsg - fedmsg

4
roles/hotness/tasks/main.yml
View file

@ -35,7 +35,7 @@
- name: install hotness.pem koji key and cert - name: install hotness.pem koji key and cert
copy: > copy: >
src="{{ puppet_private }}/hotness_key_and_cert.pem" src="{{ private }}/files/hotness_key_and_cert.pem"
dest="/etc/pki/fedmsg/hotness.pem" dest="/etc/pki/fedmsg/hotness.pem"
owner=fedmsg owner=fedmsg
group=fedmsg group=fedmsg
@ -46,7 +46,7 @@
- name: install koji ca cert - name: install koji ca cert
copy: > copy: >
src="{{ puppet_private }}/fedora-ca.cert" src="{{ private }}/files/fedora-ca.cert"
dest="/etc/pki/fedmsg/{{ item }}" dest="/etc/pki/fedmsg/{{ item }}"
owner=root owner=root
group=root group=root

10
roles/keyserver/tasks/main.yml
View file

@ -52,27 +52,27 @@
- config - config
- name: /etc/pki/tls/wildcard-2014.fedoraproject.org.cert - name: /etc/pki/tls/wildcard-2014.fedoraproject.org.cert
copy: src="{{ puppet_private }}/httpd/wildcard-2014.fedoraproject.org.cert" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.cert owner=root group=root mode=0600 copy: src="{{ private }}/files/httpd/wildcard-2014.fedoraproject.org.cert" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.cert owner=root group=root mode=0600
tags: tags:
- config - config
- name: /etc/pki/tls/wildcard-2014.fedoraproject.org.key - name: /etc/pki/tls/wildcard-2014.fedoraproject.org.key
copy: src="{{ puppet_private }}/httpd/wildcard-2014.fedoraproject.org.key" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.key owner=root group=root mode=0600 copy: src="{{ private }}/files/httpd/wildcard-2014.fedoraproject.org.key" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.key owner=root group=root mode=0600
tags: tags:
- config - config
- name: /etc/pki/tls/wildcard-2014.fedoraproject.org.intermediate.cert - name: /etc/pki/tls/wildcard-2014.fedoraproject.org.intermediate.cert
copy: src="{{ puppet_private }}/httpd/wildcard-2014.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.intermediate.cert owner=root group=root mode=0600 copy: src="{{ private }}/files/httpd/wildcard-2014.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.intermediate.cert owner=root group=root mode=0600
tags: tags:
- config - config
- name: /etc/pki/tls/keys_fedoraproject_org.crt.pem - name: /etc/pki/tls/keys_fedoraproject_org.crt.pem
copy: src="{{ puppet_private }}/httpd/keys_fedoraproject_org-2014.crt.pem" dest=/etc/pki/tls/keys_fedoraproject_org.crt.pem owner=root group=root mode=0600 copy: src="{{ private }}/files/httpd/keys_fedoraproject_org-2014.crt.pem" dest=/etc/pki/tls/keys_fedoraproject_org.crt.pem owner=root group=root mode=0600
tags: tags:
- config - config
- name: /etc/pki/tls/keys_fedoraproject_org.key - name: /etc/pki/tls/keys_fedoraproject_org.key
copy: src="{{ puppet_private }}/httpd/keys_fedoraproject_org-2014.key" dest=/etc/pki/tls/keys_fedoraproject_org.key owner=root group=root mode=0600 copy: src="{{ private }}/files/httpd/keys_fedoraproject_org-2014.key" dest=/etc/pki/tls/keys_fedoraproject_org.key owner=root group=root mode=0600
tags: tags:
- config - config

20
roles/koji_hub/tasks/main.yml
View file

@ -80,7 +80,7 @@
# install production certs and keys # install production certs and keys
# #
- name: install kojiweb_cert_key.pem - name: install kojiweb_cert_key.pem
copy: src={{ puppet_private }}/koji/kojiweb_cert_key.pem dest=/etc/pki/tls/private/kojiweb_cert_key.pem owner=apache mode=600 copy: src={{ private }}/files/koji/kojiweb_cert_key.pem dest=/etc/pki/tls/private/kojiweb_cert_key.pem owner=apache mode=600
notify: notify:
- restart httpd - restart httpd
tags: tags:
@ -89,7 +89,7 @@
when: env != 'staging' and ansible_hostname.startswith('koji') when: env != 'staging' and ansible_hostname.startswith('koji')
- name: install production koji_cert.pem - name: install production koji_cert.pem
copy: src={{ puppet_private }}/koji/koji_cert.pem dest=/etc/pki/tls/certs/koji_cert.pem owner=apache mode=600 copy: src={{ private }}/files/koji/koji_cert.pem dest=/etc/pki/tls/certs/koji_cert.pem owner=apache mode=600
notify: notify:
- restart httpd - restart httpd
tags: tags:
@ -98,7 +98,7 @@
when: env != 'staging' and ansible_hostname.startswith('koji') when: env != 'staging' and ansible_hostname.startswith('koji')
- name: install production koji_key.pem - name: install production koji_key.pem
copy: src={{ puppet_private }}/koji/koji_key.pem dest=/etc/pki/tls/private/koji_key.pem owner=apache mode=600 copy: src={{ private }}/files/koji/koji_key.pem dest=/etc/pki/tls/private/koji_key.pem owner=apache mode=600
notify: notify:
- restart httpd - restart httpd
tags: tags:
@ -140,7 +140,7 @@
# install staging certs and keys # install staging certs and keys
# #
- name: Install staging koji ssl cert - name: Install staging koji ssl cert
copy: src={{ puppet_private }}/koji/koji.stg_cert.pem dest=/etc/pki/tls/certs/koji.stg_cert.pem copy: src={{ private }}/files/koji/koji.stg_cert.pem dest=/etc/pki/tls/certs/koji.stg_cert.pem
notify: notify:
- restart httpd - restart httpd
tags: tags:
@ -149,7 +149,7 @@
when: env == 'staging' when: env == 'staging'
- name: install staging koji ssl key - name: install staging koji ssl key
copy: src={{ puppet_private }}/koji/koji.stg_key.pem dest=/etc/pki/tls/private/koji.stg_key.pem copy: src={{ proivate }}/files/koji/koji.stg_key.pem dest=/etc/pki/tls/private/koji.stg_key.pem
notify: notify:
- restart httpd - restart httpd
tags: tags:
@ -158,7 +158,7 @@
when: env == 'staging' when: env == 'staging'
- name: instaall fedora-ca.cert in various places - name: instaall fedora-ca.cert in various places
copy: src={{ puppet_private }}/fedora-ca.cert dest={{ item }} owner=apache copy: src={{ private }}/files/fedora-ca.cert dest={{ item }} owner=apache
with_items: with_items:
- /etc/kojira/extras_cacert.pem - /etc/kojira/extras_cacert.pem
- /etc/pki/tls/certs/extras_cacert.pem - /etc/pki/tls/certs/extras_cacert.pem
@ -169,7 +169,7 @@
- koji_hub - koji_hub
- name: install kojira_cert_key - name: install kojira_cert_key
copy: src={{ puppet_private }}/koji/kojira_cert_key.pem dest=/etc/kojira/kojira_cert_key.pem owner=apache mode=600 copy: src={{ private }}/files/koji/kojira_cert_key.pem dest=/etc/kojira/kojira_cert_key.pem owner=apache mode=600
tags: tags:
- config - config
- koji_hub - koji_hub
@ -313,19 +313,19 @@
when: env != 'staging' and ansible_hostname.startswith('koji') when: env != 'staging' and ansible_hostname.startswith('koji')
- name: install cert for oscar (garbage collector) user - name: install cert for oscar (garbage collector) user
copy: src={{ puppet_private }}/koji/gc/oscar_key_and_cert.pem dest=/etc/koji-gc/client.crt copy: src={{ private }}/files/koji/gc/oscar_key_and_cert.pem dest=/etc/koji-gc/client.crt
tags: tags:
- koji_hub - koji_hub
when: env != 'staging' and ansible_hostname.startswith('koji') when: env != 'staging' and ansible_hostname.startswith('koji')
- name: install serverca cert for oscar (garbage collector) user - name: install serverca cert for oscar (garbage collector) user
copy: src={{ puppet_private }}/fedora-ca.cert dest=/etc/koji-gc/serverca.crt copy: src={{ private }}/files/fedora-ca.cert dest=/etc/koji-gc/serverca.crt
tags: tags:
- koji_hub - koji_hub
when: env != 'staging' and ansible_hostname.startswith('koji') when: env != 'staging' and ansible_hostname.startswith('koji')
- name: install clientca cert for oscar (garbage collector) user - name: install clientca cert for oscar (garbage collector) user
copy: src={{ puppet_private }}/fedora-ca.cert dest=/etc/koji-gc/clientca.crt copy: src={{ private }}/files/fedora-ca.cert dest=/etc/koji-gc/clientca.crt
tags: tags:
- koji_hub - koji_hub
when: env != 'staging' and ansible_hostname.startswith('koji') when: env != 'staging' and ansible_hostname.startswith('koji')

4
roles/kojipkgs/tasks/main.yml
View file

@ -78,7 +78,7 @@
- name: Copy squid ssl cert from puppet private - name: Copy squid ssl cert from puppet private
copy: > copy: >
src="{{puppet_private}}/httpd/wildcard-2014.squid.cert" src="{{private}}/files/httpd/wildcard-2014.squid.cert"
dest=/etc/pki/tls/certs/wildcard-2014.squid.cert dest=/etc/pki/tls/certs/wildcard-2014.squid.cert
owner=root group=root mode=0644 owner=root group=root mode=0644
tags: tags:
@ -88,7 +88,7 @@
- name: Copy squid ssl key from puppet private - name: Copy squid ssl key from puppet private
copy: > copy: >
src="{{puppet_private}}/httpd/wildcard-2014.fedoraproject.org.key" src="{{private}}/files/httpd/wildcard-2014.fedoraproject.org.key"
dest=/etc/pki/tls/private/wildcard-2014.fedoraproject.org.key dest=/etc/pki/tls/private/wildcard-2014.fedoraproject.org.key
owner=root group=root mode=0600 owner=root group=root mode=0600
tags: tags:

2
roles/koschei/tasks/main.yml
View file

@ -55,7 +55,7 @@
- name: install koji ca cert - name: install koji ca cert
copy: > copy: >
src="{{ puppet_private }}/fedora-ca.cert" src="{{ private }}/files/fedora-ca.cert"
dest="/etc/koschei/fedora-ca.cert" dest="/etc/koschei/fedora-ca.cert"
owner=root owner=root
group=root group=root

2
roles/mirrormanager/backend/tasks/main.yml
View file

@ -53,7 +53,7 @@
- name: setup /var/lib/mirrormanager/.ssh directory - name: setup /var/lib/mirrormanager/.ssh directory
copy: > copy: >
src="{{ puppet_private }}/mirrormanager/" src="{{ private }}/files/mirrormanager/"
dest="/var/lib/mirrormanager/.ssh" dest="/var/lib/mirrormanager/.ssh"
directory_mode=yes directory_mode=yes
owner=mirrormanager owner=mirrormanager

2
roles/openvpn/base/tasks/main.yml
View file

@ -9,7 +9,7 @@
- packages - packages
- name: Install certificate and key - name: Install certificate and key
copy: src={{ puppet_private }}/vpn/openvpn/keys/ca.crt copy: src={{ private }}/files/vpn/openvpn/keys/ca.crt
dest=/etc/openvpn/ca.crt dest=/etc/openvpn/ca.crt
owner=root group=root mode=0600 owner=root group=root mode=0600
tags: tags:

4
roles/openvpn/client/tasks/main.yml
View file

@ -17,10 +17,10 @@
- { file: client.conf, - { file: client.conf,
dest: /etc/openvpn/openvpn.conf, dest: /etc/openvpn/openvpn.conf,
mode: '0644' } mode: '0644' }
- { file: "{{ puppet_private }}/vpn/openvpn/keys/{{ inventory_hostname }}.crt", - { file: "{{ private }}/files/vpn/openvpn/keys/{{ inventory_hostname }}.crt",
dest: "/etc/openvpn/client.crt", dest: "/etc/openvpn/client.crt",
mode: '0600' } mode: '0600' }
- { file: "{{ puppet_private }}/vpn/openvpn/keys/{{ inventory_hostname }}.key", - { file: "{{ private }}/files/vpn/openvpn/keys/{{ inventory_hostname }}.key",
dest: "/etc/openvpn/client.key", dest: "/etc/openvpn/client.key",
mode: '0600' } mode: '0600' }
tags: tags:

8
roles/openvpn/server/tasks/main.yml
View file

@ -27,16 +27,16 @@
- { file: server.conf, - { file: server.conf,
dest: /etc/openvpn/openvpn.conf, dest: /etc/openvpn/openvpn.conf,
mode: '0644' } mode: '0644' }
- { file: "{{ puppet_private }}/vpn/openvpn/keys/crl.pem", - { file: "{{ private }}/files/vpn/openvpn/keys/crl.pem",
dest: /etc/openvpn/crl.pem, dest: /etc/openvpn/crl.pem,
mode: '0644' } mode: '0644' }
- { file: "{{ puppet_private }}/vpn/openvpn/keys/server.crt", - { file: "{{ private }}/files/vpn/openvpn/keys/server.crt",
dest: /etc/openvpn/server.crt, dest: /etc/openvpn/server.crt,
mode: '0644' } mode: '0644' }
- { file: "{{ puppet_private }}/vpn/openvpn/keys/server.key", - { file: "{{ private }}/files/vpn/openvpn/keys/server.key",
dest: /etc/openvpn/server.key, dest: /etc/openvpn/server.key,
mode: '0600' } mode: '0600' }
- { file: "{{ puppet_private }}/vpn/openvpn/keys/dh2048.pem", - { file: "{{ private }}/files/vpn/openvpn/keys/dh2048.pem",
dest: /etc/openvpn/dh2048.pem, dest: /etc/openvpn/dh2048.pem,
mode: '0644' } mode: '0644' }
tags: tags:

2
roles/pagure/fedmsg/tasks/main.yml
View file

@ -84,7 +84,7 @@
- name: install fedmsg ca.cert - name: install fedmsg ca.cert
copy: > copy: >
src="{{ puppet_private }}/fedmsg-certs/keys/ca.crt" src="{{ private }}/files/fedmsg-certs/keys/ca.crt"
dest=/etc/pki/fedmsg/ca.crt dest=/etc/pki/fedmsg/ca.crt
owner=root owner=root
group=root group=root

14
roles/totpcgi/tasks/main.yml
View file

@ -92,7 +92,7 @@
- name: copy staging server cert file over - name: copy staging server cert file over
copy: > copy: >
src={{ puppet_private }}/2fa-certs/keys/fas-all.stg.phx2.fedoraproject.org.crt src={{ private }}/files/2fa-certs/keys/fas-all.stg.phx2.fedoraproject.org.crt
dest=/etc/pki/tls/certs/totpcgi-server.crt dest=/etc/pki/tls/certs/totpcgi-server.crt
owner=root owner=root
group=totpcgi group=totpcgi
@ -104,7 +104,7 @@
- name: copy staging server key file over - name: copy staging server key file over
copy: > copy: >
src={{ puppet_private }}/2fa-certs/keys/fas-all.stg.phx2.fedoraproject.org.key src={{ private }}/files/2fa-certs/keys/fas-all.stg.phx2.fedoraproject.org.key
dest=/etc/pki/totpcgi/totpcgi-server.key dest=/etc/pki/totpcgi/totpcgi-server.key
owner=root owner=root
group=totpcgi group=totpcgi
@ -130,7 +130,7 @@
- name: copy server cert file over - name: copy server cert file over
copy: > copy: >
src={{ puppet_private }}/2fa-certs/keys/fas-all.phx2.fedoraproject.org.crt src={{ private }}/files/2fa-certs/keys/fas-all.phx2.fedoraproject.org.crt
dest=/etc/pki/totpcgi/totpcgi-server.crt dest=/etc/pki/totpcgi/totpcgi-server.crt
owner=root owner=root
group=totpcgi group=totpcgi
@ -144,7 +144,7 @@
- name: copy server cert file over - name: copy server cert file over
copy: > copy: >
src={{ puppet_private }}/2fa-certs/keys/fas-all.phx2.fedoraproject.org.key src={{ private }}/files/2fa-certs/keys/fas-all.phx2.fedoraproject.org.key
dest=/etc/pki/totpcgi/totpcgi-server.key dest=/etc/pki/totpcgi/totpcgi-server.key
owner=root owner=root
group=totpcgi group=totpcgi
@ -174,7 +174,7 @@
- name: copy VPN server cert file over - name: copy VPN server cert file over
copy: > copy: >
src={{ puppet_private }}/2fa-certs/keys/fas-all.vpn.fedoraproject.org.crt src={{ private }}/files/2fa-certs/keys/fas-all.vpn.fedoraproject.org.crt
dest=/etc/pki/totpcgi/totpcgi-server-vpn.crt dest=/etc/pki/totpcgi/totpcgi-server-vpn.crt
owner=root owner=root
group=totpcgi group=totpcgi
@ -188,7 +188,7 @@
- name: copy VPN server cert file over - name: copy VPN server cert file over
copy: > copy: >
src={{ puppet_private }}/2fa-certs/keys/fas-all.vpn.fedoraproject.org.key src={{ private }}/files/2fa-certs/keys/fas-all.vpn.fedoraproject.org.key
dest=/etc/pki/totpcgi/totpcgi-server-vpn.key dest=/etc/pki/totpcgi/totpcgi-server-vpn.key
owner=root owner=root
group=totpcgi group=totpcgi
@ -212,7 +212,7 @@
- name: copy ca cert over - name: copy ca cert over
copy: > copy: >
src={{ puppet_private }}/2fa-certs/keys/ca.crt src={{ private }}/files/2fa-certs/keys/ca.crt
dest=/etc/pki/totpcgi/totpcgi-ca.crt dest=/etc/pki/totpcgi/totpcgi-ca.crt
owner=root owner=root
group=totpcgi group=totpcgi

4
tasks/2fa_client.yml
View file

@ -5,12 +5,12 @@
- packages - packages
- name: /etc/pki/tls/private/totpcgi.pem - name: /etc/pki/tls/private/totpcgi.pem
copy: src="{{ puppet_private }}/2fa-certs/keys/{{ inventory_hostname }}.pem" dest=/etc/pki/tls/private/totpcgi.pem mode=0400 copy: src="{{ private }}/files/2fa-certs/keys/{{ inventory_hostname }}.pem" dest=/etc/pki/tls/private/totpcgi.pem mode=0400
tags: tags:
- config - config
- name: /etc/pki/tls/private/totpcgi-ca.cert - name: /etc/pki/tls/private/totpcgi-ca.cert
copy: src="{{ puppet_private }}/2fa-certs/keys/ca.crt" dest=/etc/pki/tls/private/totpcgi-ca.cert mode=0400 copy: src="{{ private }}/files/2fa-certs/keys/ca.crt" dest=/etc/pki/tls/private/totpcgi-ca.cert mode=0400
tags: tags:
- config - config

8
tasks/openvpn_client.yml
View file

@ -6,14 +6,14 @@
- packages - packages
- name: /etc/openvpn/ca.crt from vpn/openvpn/keys/ca.crt - name: /etc/openvpn/ca.crt from vpn/openvpn/keys/ca.crt
copy: src="{{ puppet_private }}/vpn/openvpn/keys/ca.crt" dest=/etc/openvpn/ca.crt mode=0600 owner=root group=root copy: src="{{ private }}/files/vpn/openvpn/keys/ca.crt" dest=/etc/openvpn/ca.crt mode=0600 owner=root group=root
tags: tags:
- config - config
notify: notify:
- restart openvpn - restart openvpn
#- name: /etc/openvpn/crl.pem from vpn/openvpn/keys/crl.pem #- name: /etc/openvpn/crl.pem from vpn/openvpn/keys/crl.pem
# copy: src="{{ puppet_private }}/vpn/openvpn/keys/crl.pem" dest=/etc/openvpn/crl.pem mode=0644 owner=root group=root # copy: src="{{ private }}/vpn/openvpn/keys/crl.pem" dest=/etc/openvpn/crl.pem mode=0644 owner=root group=root
# tags: # tags:
# - config # - config
# notify: # notify:
@ -27,14 +27,14 @@
- restart openvpn - restart openvpn
- name: /etc/openvpn/client.crt - name: /etc/openvpn/client.crt
copy: src="{{ puppet_private }}/vpn/openvpn/keys/{{ inventory_hostname }}.crt" dest=/etc/openvpn/client.crt mode=0600 owner=root group=root copy: src="{{ private }}/files/vpn/openvpn/keys/{{ inventory_hostname }}.crt" dest=/etc/openvpn/client.crt mode=0600 owner=root group=root
tags: tags:
- config - config
notify: notify:
- restart openvpn - restart openvpn
- name: /etc/openvpn/client.key - name: /etc/openvpn/client.key
copy: src="{{ puppet_private }}/vpn/openvpn/keys/{{ inventory_hostname }}.key" dest=/etc/openvpn/client.key mode=0600 owner=root group=root copy: src="{{ private }}/files/vpn/openvpn/keys/{{ inventory_hostname }}.key" dest=/etc/openvpn/client.key mode=0600 owner=root group=root
tags: tags:
- config - config
notify: notify:

10
tasks/openvpn_client_7.yml
View file

@ -6,35 +6,35 @@
- packages - packages
- name: /etc/openvpn/ca.crt from vpn/openvpn/keys/ca.crt - name: /etc/openvpn/ca.crt from vpn/openvpn/keys/ca.crt
copy: src="{{ puppet_private }}/vpn/openvpn/keys/ca.crt" dest=/etc/openvpn/ca.crt mode=0600 owner=root group=root copy: src="{{ private }}/files/vpn/openvpn/keys/ca.crt" dest=/etc/openvpn/ca.crt mode=0600 owner=root group=root
tags: tags:
- config - config
notify: notify:
- restart openvpn 7 - restart openvpn 7
#- name: /etc/openvpn/crl.pem from vpn/openvpn/keys/crl.pem #- name: /etc/openvpn/crl.pem from vpn/openvpn/keys/crl.pem
# copy: src="{{ puppet_private }}/vpn/openvpn/keys/crl.pem" dest=/etc/openvpn/crl.pem mode=0644 owner=root group=root # copy: src="{{ private }}/vpn/openvpn/keys/crl.pem" dest=/etc/openvpn/crl.pem mode=0644 owner=root group=root
# tags: # tags:
# - config # - config
# notify: # notify:
# - restart openvpn # - restart openvpn
- name: /etc/openvpn/openvpn.conf - name: /etc/openvpn/openvpn.conf
copy: src="{{ files }}/openvpn/client.conf" dest=/etc/openvpn/openvpn.conf copy: src="{{ files }}/files/openvpn/client.conf" dest=/etc/openvpn/openvpn.conf
tags: tags:
- config - config
notify: notify:
- restart openvpn 7 - restart openvpn 7
- name: /etc/openvpn/client.crt - name: /etc/openvpn/client.crt
copy: src="{{ puppet_private }}/vpn/openvpn/keys/{{ inventory_hostname }}.crt" dest=/etc/openvpn/client.crt mode=0600 owner=root group=root copy: src="{{ private }}/files/vpn/openvpn/keys/{{ inventory_hostname }}.crt" dest=/etc/openvpn/client.crt mode=0600 owner=root group=root
tags: tags:
- config - config
notify: notify:
- restart openvpn 7 - restart openvpn 7
- name: /etc/openvpn/client.key - name: /etc/openvpn/client.key
copy: src="{{ puppet_private }}/vpn/openvpn/keys/{{ inventory_hostname }}.key" dest=/etc/openvpn/client.key mode=0600 owner=root group=root copy: src="{{ private }}/files/vpn/openvpn/keys/{{ inventory_hostname }}.key" dest=/etc/openvpn/client.key mode=0600 owner=root group=root
tags: tags:
- config - config
notify: notify:

1
vars/global.yml
View file

@ -1,7 +1,6 @@
--- ---
basedir: /srv/web/infra/ansible basedir: /srv/web/infra/ansible
private: /srv/private/ansible private: /srv/private/ansible
puppet_private: /var/lib/puppet/git/configs/secure
bigfiles: /srv/web/infra/bigfiles bigfiles: /srv/web/infra/bigfiles
files: /srv/web/infra/ansible/files files: /srv/web/infra/ansible/files
roles: /srv/web/infra/ansible/roles roles: /srv/web/infra/ansible/roles