From 871473e257f6c0bfdaba3a5754c066574387d421 Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Wed, 6 Apr 2016 09:19:37 -0700 Subject: [PATCH 1/6] add openqa databases to db-qa01 backup list --- inventory/host_vars/db-qa01.qa.fedoraproject.org | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/inventory/host_vars/db-qa01.qa.fedoraproject.org b/inventory/host_vars/db-qa01.qa.fedoraproject.org index bc62331a8d..f6614450a9 100644 --- a/inventory/host_vars/db-qa01.qa.fedoraproject.org +++ b/inventory/host_vars/db-qa01.qa.fedoraproject.org @@ -15,6 +15,7 @@ databases: - postgres - buildmaster - execdb +- openqa - resultsdb # This is a more strict list, to be made publicly available @@ -26,6 +27,10 @@ dbs_to_backup: - execdb - execdb_stg - execdb_dev +# these names are also stored as host vars 'openqa_dbname', +# make sure to keep in sync +- openqa +- openqa-stg - resultsdb - resultsdb_stg - resultsdb_dev From 8d529a8f600e39240028bb9fc49ad0f5f7dbc93e Mon Sep 17 00:00:00 2001 From: Adam Miller Date: Wed, 6 Apr 2016 16:43:02 +0000 Subject: [PATCH 2/6] update docker-distribution role to handle certs more logically Signed-off-by: Adam Miller --- playbooks/hosts/osbs-dev.fedorainfracloud.org.yml | 11 +++++------ roles/docker-distribution/defaults/main.yml | 13 ++++++------- roles/docker-distribution/handlers/main.yml | 2 ++ roles/docker-distribution/tasks/main.yml | 9 +++++---- 4 files changed, 18 insertions(+), 17 deletions(-) diff --git a/playbooks/hosts/osbs-dev.fedorainfracloud.org.yml b/playbooks/hosts/osbs-dev.fedorainfracloud.org.yml index bbfced9e36..5de0fd06c5 100644 --- a/playbooks/hosts/osbs-dev.fedorainfracloud.org.yml +++ b/playbooks/hosts/osbs-dev.fedorainfracloud.org.yml @@ -142,12 +142,11 @@ - { role: docker-distribution, cert: { - private_path: "files/osbs/osbs-dev.certs", - dir: "/etc/pki/docker/osbs-dev.fedorainfracloud.org:5000/", - src_name: "osbs-dev.fedorainfracloud.org.crt", - src_key_name: "osbs-dev.fedorainfracloud.org.key", - dest_name: "ca.cert", - dest_key_name: "ca.key" + dest_dir: "/etc/pki/docker/osbs-dev.fedorainfracloud.org:5000/", + cert_src: "{{private}}files/osbs/osbs-dev.certs/osbs-dev.fedorainfracloud.org.crt", + cert_dest: "ca.key", + key_src: "{{private}}files/osbs/osbs-dev.certs/osbs-dev.fedorainfracloud.org.key", + key_dest: "ca.cert", }, tls: { enabled: True, diff --git a/roles/docker-distribution/defaults/main.yml b/roles/docker-distribution/defaults/main.yml index cfc827da2b..610aa6608b 100644 --- a/roles/docker-distribution/defaults/main.yml +++ b/roles/docker-distribution/defaults/main.yml @@ -19,14 +19,13 @@ storage: filesystem: rootdirectory: "/var/lib/registry/" http: - addr: ":5000" + addr: "localhost:5000" # Cert information to place certificate files on system cert: - private_path: "PRIVATE_PATH_TO_CERT_DIR" - dir: "/etc/pki/docker/{{ ansible_fqdn }}{{ http.addr }}" - src_name: "ca.crt" - src_key_name: "ca.key" - dest_name: "ca.crt" - dest_key_name: "ca.key" + dest_dir: "/etc/pki/docker/{{ ansible_fqdn }}{{ http.addr }}" + cert_src: "ca.crt" + cert_dest: "ca.crt" + key_src: "ca.key" + key_dest: "ca.key" diff --git a/roles/docker-distribution/handlers/main.yml b/roles/docker-distribution/handlers/main.yml index 99c49e5cb5..ce8771fdb9 100644 --- a/roles/docker-distribution/handlers/main.yml +++ b/roles/docker-distribution/handlers/main.yml @@ -1,2 +1,4 @@ --- # handlers file for docker-distribution +- name: restart docker-distribution + service: name=docker-distribution state=restarted diff --git a/roles/docker-distribution/tasks/main.yml b/roles/docker-distribution/tasks/main.yml index a6b4de11bd..d76dee0aac 100644 --- a/roles/docker-distribution/tasks/main.yml +++ b/roles/docker-distribution/tasks/main.yml @@ -11,6 +11,7 @@ template: src: config.yml.j2 dest: "{{ conf_path }}" + notify: restart docker-distribution - name: ensure docker certs dir exists file: @@ -22,13 +23,13 @@ - name: install tls cert for docker copy: - src: "{{ private }}/{{ cert.private_path }}/{{ cert.src_name }}" - dest: "{{ cert.dir }}/{{ cert.dest_name }}" + src: "{{ cert.cert_src }}" + dest: "{{ cert.dir}}/{{ cert.cert_dest }}" when: tls.enabled - name: install tls key for docker copy: - src: "{{ private }}/{{ cert.private_path }}/{{ cert.src_key_name }}" - dest: "{{ cert.dir}}/{{ cert.dest_key_name }}" + src: "{{ cert.key_src }}" + dest: "{{ cert.dir}}/{{ cert.key_dest }}" when: tls.enabled From 1d704c3247195c4473be1be8c7f1270b0b2c6fc8 Mon Sep 17 00:00:00 2001 From: Adam Miller Date: Wed, 6 Apr 2016 16:45:39 +0000 Subject: [PATCH 3/6] update dir var name for docker-distribution Signed-off-by: Adam Miller --- roles/docker-distribution/tasks/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/docker-distribution/tasks/main.yml b/roles/docker-distribution/tasks/main.yml index d76dee0aac..e05275b107 100644 --- a/roles/docker-distribution/tasks/main.yml +++ b/roles/docker-distribution/tasks/main.yml @@ -15,7 +15,7 @@ - name: ensure docker certs dir exists file: - path: "{{ cert.dir }}" + path: "{{ cert.dest_dir }}" state: directory when: tls.enabled @@ -24,12 +24,12 @@ - name: install tls cert for docker copy: src: "{{ cert.cert_src }}" - dest: "{{ cert.dir}}/{{ cert.cert_dest }}" + dest: "{{ cert.dest_dir}}/{{ cert.cert_dest }}" when: tls.enabled - name: install tls key for docker copy: src: "{{ cert.key_src }}" - dest: "{{ cert.dir}}/{{ cert.key_dest }}" + dest: "{{ cert.dest_dir}}/{{ cert.key_dest }}" when: tls.enabled From 69924eed63d70835461e4294a138ec18a3ed1ea8 Mon Sep 17 00:00:00 2001 From: Adam Miller Date: Wed, 6 Apr 2016 16:47:59 +0000 Subject: [PATCH 4/6] add missing / for {{private}} pathing in osbs-dev after docker-distribution role change Signed-off-by: Adam Miller --- playbooks/hosts/osbs-dev.fedorainfracloud.org.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/playbooks/hosts/osbs-dev.fedorainfracloud.org.yml b/playbooks/hosts/osbs-dev.fedorainfracloud.org.yml index 5de0fd06c5..50e1bda069 100644 --- a/playbooks/hosts/osbs-dev.fedorainfracloud.org.yml +++ b/playbooks/hosts/osbs-dev.fedorainfracloud.org.yml @@ -143,9 +143,9 @@ role: docker-distribution, cert: { dest_dir: "/etc/pki/docker/osbs-dev.fedorainfracloud.org:5000/", - cert_src: "{{private}}files/osbs/osbs-dev.certs/osbs-dev.fedorainfracloud.org.crt", + cert_src: "{{private}}/files/osbs/osbs-dev.certs/osbs-dev.fedorainfracloud.org.crt", cert_dest: "ca.key", - key_src: "{{private}}files/osbs/osbs-dev.certs/osbs-dev.fedorainfracloud.org.key", + key_src: "{{private}}/files/osbs/osbs-dev.certs/osbs-dev.fedorainfracloud.org.key", key_dest: "ca.cert", }, tls: { From a0cb38abdac9a942ead38d975c8c21bdb0426722 Mon Sep 17 00:00:00 2001 From: aikidouke Date: Wed, 6 Apr 2016 19:11:24 +0000 Subject: [PATCH 5/6] fix some syntax --- roles/badges/backend/tasks/main.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/roles/badges/backend/tasks/main.yml b/roles/badges/backend/tasks/main.yml index 97c90e0305..9c86517939 100644 --- a/roles/badges/backend/tasks/main.yml +++ b/roles/badges/backend/tasks/main.yml @@ -172,13 +172,13 @@ #Should work in sh/bash. Needs tested in other shells # - name: set PS1 for prod and stage in /etc/profile.d - copy: > - src=templates/setps1.sh.j2 - dest=/etc/profile.d/setps1.sh - owner=root - group=sysadmin-badges - mode=644 - when: {{ env in ['production','staging'] }} + template: > + src=templates/setps1.sh.j2 + dest="/etc/profile.d/setps1.sh" + owner=root + group=sysadmin-badges + mode=644 + when: "{{ env in [production,staging] }}" tags: - base - config From b190b1232455d531a0c0a0e1f98e74ddc8e564c2 Mon Sep 17 00:00:00 2001 From: aikidouke Date: Wed, 6 Apr 2016 19:33:59 +0000 Subject: [PATCH 6/6] and more syntaxing --- roles/badges/backend/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/badges/backend/tasks/main.yml b/roles/badges/backend/tasks/main.yml index 9c86517939..836795a11b 100644 --- a/roles/badges/backend/tasks/main.yml +++ b/roles/badges/backend/tasks/main.yml @@ -178,7 +178,7 @@ owner=root group=sysadmin-badges mode=644 - when: "{{ env in [production,staging] }}" + when: {% env == 'staging' %} tags: - base - config