Infrastructure/ansible
5
0
Fork 0
Code Issues Pull requests 3 Projects Releases Packages Wiki Activity Actions

[yaml-lint] fix yamllint errors and warnings on plabooks

Browse source 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
This commit is contained in:
Ryan Lercho 2024-11-25 18:24:56 +10:00
parent 4ffa8cd38e
commit 2cf38c1f17
204 changed files with 1210 additions and 1046 deletions
Download patch file Download diff file Expand all files Collapse all files

1
playbooks/check-for-nonvirt-updates.yml
View file

@ -8,6 +8,7 @@
# time ansible-playbook check-for-updates.yml | grep msg\": | awk -F: '{print $2}' | sort
#
---
- name: check for updates (EL)
hosts: virt_host:&distro_RedHat
gather_facts: false

1
playbooks/check-for-updates.yml
View file

@ -8,6 +8,7 @@
# time ansible-playbook check-for-updates.yml | grep msg\": | awk -F: '{print $2}' | sort
#
---
- name: check for updates
hosts: distro_RedHat:distro_CentOS:!ocp*:!worker*
gather_facts: false

80
playbooks/check-host.yml
View file

@ -12,11 +12,11 @@
- name: create temp dir for collecting info
shell: mktemp -d
register: temp_dir
changed_when: False
changed_when: false
- name: Get list of active loaded services with systemctl
shell: '/bin/systemctl -t service --no-legend | egrep "loaded active" | tr -s " " | cut -d " " -f1'
changed_when: False
changed_when: false
when: ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora'
register: loaded_active_services_systemctl
tags:
@ -25,7 +25,7 @@
- name: Get list of active loaded services with systemctl
shell: '/bin/systemctl -t service --no-legend | egrep "loaded active" | tr -s " " | cut -d " " -f1'
changed_when: False
changed_when: false
when: ansible_distribution_major_version|int > 6 and ansible_distribution == 'RedHat'
register: loaded_active_services_systemctl
tags:
@ -34,7 +34,7 @@
- name: Get list of inactive loaded services with systemctl
shell: '/bin/systemctl -t service --no-legend | egrep -v "loaded active" | tr -s " " | cut -d " " -f1'
changed_when: False
changed_when: false
when: ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora'
register: loaded_inactive_services_systemctl
tags:
@ -43,7 +43,7 @@
- name: Get list of inactive loaded services with systemctl
shell: '/bin/systemctl -t service --no-legend | egrep -v "loaded active" | tr -s " " | cut -d " " -f1'
changed_when: False
changed_when: false
when: ansible_distribution_major_version|int > 6 and ansible_distribution == 'RedHat'
register: loaded_inactive_services_systemctl
tags:
@ -53,7 +53,7 @@
- name: Get list of enabled services with chkconfig at current runlevel
shell: "chkconfig | grep \"`runlevel | cut -d ' ' -f 2`:on\" | awk '{print $1}'"
changed_when: False
changed_when: false
when: ansible_distribution_major_version|int <= 6 and ansible_distribution == 'RedHat'
register: enabled_services_chkconfig
tags:
@ -62,7 +62,7 @@
- name: Get list of disabled services with chkconfig at current runlevel
shell: "chkconfig | grep \"`runlevel | cut -d ' ' -f 2`:off\" | awk '{print $1}'"
changed_when: False
changed_when: false
when: ansible_distribution_major_version|int <= 6 and ansible_distribution == 'RedHat'
register: disabled_services_chkconfig
tags:
@ -73,7 +73,7 @@
- name: output enabled service list chkconfig
shell: echo {{enabled_services_chkconfig.stdout_lines}} >> {{temp_dir.stdout}}/eservices
when: enabled_services_chkconfig is defined and enabled_services_chkconfig.rc == 0
changed_when: False
changed_when: false
tags:
- check
- services
@ -81,7 +81,7 @@
- name: output disabled loaded service list chkconfig
shell: echo {{disabled_services_chkconfig.stdout_lines}} >> {{temp_dir.stdout}}/dservices
when: disabled_services_chkconfig is defined and disabled_services_chkconfig.rc == 0
changed_when: False
changed_when: false
tags:
- check
- services
@ -90,7 +90,7 @@
- name: output loaded active service list systemctl
shell: echo {{loaded_active_services_systemctl.stdout_lines}} >> {{temp_dir.stdout}}/laservices
when: loaded_active_services_systemctl is defined and loaded_active_services_systemctl.rc == 0
changed_when: False
changed_when: false
tags:
- check
- services
@ -98,7 +98,7 @@
- name: output loaded inactive service list systemctl
shell: echo {{loaded_inactive_services_systemctl.stdout_lines}} >> {{temp_dir.stdout}}/liservices
when: loaded_inactive_services_systemctl is defined and loaded_inactive_services_systemctl.rc == 0
changed_when: False
changed_when: false
tags:
- check
- services
@ -108,14 +108,14 @@
script: needs-updates --host {{ inventory_hostname }}
register: list_update
delegate_to: 127.0.0.1
changed_when: False
changed_when: false
tags:
- check
- updates
- name: Show pending updates
shell: echo {{list_update.stdout_lines}} >> {{temp_dir.stdout}}/pending_updates
changed_when: False
changed_when: false
tags:
- check
- updates
@ -123,14 +123,14 @@
- name: Get processes that need restarting
shell: needs-restarting
register: needs_restarting
changed_when: False
changed_when: false
tags:
- check
- restart
- name: Show processes that need restarting
shell: echo {{needs_restarting.stdout_lines}} >> {{temp_dir.stdout}}/needing_restart
changed_when: False
changed_when: false
tags:
- check
- restart
@ -138,7 +138,7 @@
- name: Get locally changed files from the rpm package
shell: rpm_tmp_var=`mktemp` && ! rpm -Va 2>/dev/null > $rpm_tmp_var && [[ -s $rpm_tmp_var ]] && echo $rpm_tmp_var warn=no
register: localchanges
changed_when: False
changed_when: false
tags:
- check
- fileverify
@ -146,7 +146,7 @@
- name: Get locally changed files (excluding config files)
command: "egrep -v ' c /' {{ localchanges.stdout }}"
register: rpm_va_nc
changed_when: False
changed_when: false
when: localchanges is defined and localchanges.stdout != ""
tags:
- check
@ -155,7 +155,7 @@
- name: Show locally changed files (excluding config files)
shell: echo {{rpm_va_nc.stdout_lines}} >> {{temp_dir.stdout}}/local_changed
when: rpm_va_nc.stdout != ""
changed_when: False
changed_when: false
tags:
- check
- fileverify
@ -164,14 +164,14 @@
command: "egrep ' c /' {{ localchanges.stdout }}"
register: rpm_va_c
when: localchanges is defined and localchanges.stdout != ""
changed_when: False
changed_when: false
tags:
- check
- fileverify
- name: 'Whitelist - Show locally changed files (config files)'
shell: echo {{rpm_va_c.stdout_lines}} >> {{temp_dir.stdout}}/local_config_changed
changed_when: False
changed_when: false
when: rpm_va_c.stdout != ""
tags:
- check
@ -180,21 +180,21 @@
- name: Check if using iptables
shell: /sbin/iptables -S
register: iptablesn
changed_when: False
changed_when: false
tags:
- check
- iptables
- name: Show iptables rules
shell: echo "{{iptablesn.stdout_lines}}" >> {{ temp_dir.stdout }}/iptables
changed_when: False
changed_when: false
tags:
- check
- iptables
- name: Show current SELinux status
shell: echo "SELinux is {{ ansible_selinux.status }} for this System" >> {{temp_dir.stdout}}/selinux
changed_when: False
changed_when: false
tags:
- check
- selinux
@ -202,7 +202,7 @@
- name: Show Boot SELinux mode
shell: echo "SELinux boots to {{ ansible_selinux.config_mode }} mode " >> {{temp_dir.stdout}}/selinux
when: ansible_selinux.status != "disabled"
changed_when: False
changed_when: false
tags:
- check
- selinux
@ -210,7 +210,7 @@
- name: Show Current SELinux mode
shell: echo "SELinux currently is in {{ ansible_selinux.mode }} mode" >> {{temp_dir.stdout}}/selinux
when: ansible_selinux.status != "disabled"
changed_when: False
changed_when: false
tags:
- check
- selinux
@ -218,7 +218,7 @@
- name: Match current SELinux status with boot status
shell: echo "SElinux Current and Boot modes are in sync" >> {{temp_dir.stdout}}/selinux
when: ansible_selinux.status != "disabled" and ansible_selinux.config_mode == ansible_selinux.mode
changed_when: False
changed_when: false
tags:
- check
- selinux
@ -227,7 +227,7 @@
- name: misMatch current SELinux status with boot status
shell: echo "SElinux Current and Boot modes are NOT in sync" >> {{temp_dir.stdout}}/selinux
when: ansible_selinux.status != "disabled" and ansible_selinux.config_mode != ansible_selinux.mode
changed_when: False
changed_when: false
tags:
- check
- selinux
@ -235,51 +235,51 @@
- name: resolve last persisted dir - if one is present
local_action: shell ls -d -1 {{datadir_prfx_path}}/{{inventory_hostname}}-* 2>/dev/null | sort -r | head -1
register: last_dir
changed_when: False
ignore_errors: True
changed_when: false
ignore_errors: true
- name: get file list
shell: ls -1 {{temp_dir.stdout}}/*
register: file_list
changed_when: False
changed_when: false
- name: get timestamp
shell: "date +%Y-%m-%d-%H-%M-%S"
register: timestamp
changed_when: False
changed_when: false
- name: create persisting-state directory
local_action: file path=/{{datadir_prfx_path}}/{{inventory_hostname}}-{{timestamp.stdout}} state=directory
changed_when: False
changed_when: false
- name: fetch file list
fetch: src={{item}} dest=/{{datadir_prfx_path}}/{{inventory_hostname}}-{{timestamp.stdout}}/ flat=true
with_items: "{{file_list.stdout_lines}}"
changed_when: False
changed_when: false
- name: diff the new files with last ones presisted
local_action: shell for file in {{datadir_prfx_path}}/{{inventory_hostname}}-{{timestamp.stdout}}/*; do filename=$(basename $file); diff {{datadir_prfx_path}}/{{inventory_hostname}}-{{timestamp.stdout}}/$filename {{last_dir.stdout.strip(':')}}/$filename; done
ignore_errors: True
changed_when: False
ignore_errors: true
changed_when: false
register: file_diff
when: last_dir is defined and last_dir.stdout != ""
- name: display diff
debug: var=file_diff.stdout_lines
ignore_errors: True
changed_when: False
ignore_errors: true
changed_when: false
when: file_diff is defined
#clean up: can also be put as handlers
# clean up: can also be put as handlers
- name: clean remote temp dir
file: path={{temp_dir.stdout}} state=absent
changed_when: False
changed_when: false
- name: clean rpm temp file
file: path={{localchanges.stdout}} state=absent
changed_when: False
changed_when: false
# handlers:

1
playbooks/checks_log_failed_services.yml
View file

@ -1,6 +1,7 @@
#
# This playbook lets you safely display systemd logs for failed services
---
- hosts: mirrorlist_proxies
gather_facts: false

1
playbooks/clear_memcached.yml
View file

@ -1,3 +1,4 @@
---
- name: clear memcache
hosts: memcached:memcached-stg
serial: 1

1
playbooks/clear_varnish.yml
View file

@ -1,3 +1,4 @@
---
- name: clear varnish cache
hosts: proxies
user: root

19
playbooks/death_to_postfix.yml
View file

@ -1,21 +1,22 @@
# requires --extra-vars="target='host1:host2:group'"
# thanks threebean on this.
---
- name: kills postfix which has been left around alive after update.
hosts: "{{ target }}"
user: root
tasks:
- name: Try to stop postfix cleanly.
service: name=postfix state=stopped
- name: Try to stop postfix cleanly.
service: name=postfix state=stopped
# This doesn't really remove the pid file.. but we say it does so ansible only runs it if the pid file is there..
- name: Really kill postfix master process
command: pkill -u root master removes=/var/spool/postfix/pid/master.pid
# This doesn't really remove the pid file.. but we say it does so ansible only runs it if the pid file is there..
- name: Really kill postfix master process
command: pkill -u root master removes=/var/spool/postfix/pid/master.pid
- name: Clean up old pid lock file.
command: rm /var/spool/postfix/pid/master.pid removes=/var/spool/postfix/pid/master.pid
- name: Clean up old pid lock file.
command: rm /var/spool/postfix/pid/master.pid removes=/var/spool/postfix/pid/master.pid
- name: Try to start postfix cleanly
service: name=postfix state=started
- name: Try to start postfix cleanly
service: name=postfix state=started

1
playbooks/destroy_virt_inst.yml
View file

@ -9,6 +9,7 @@
# requires --extra-vars="target=hostspec"
---
- name: destroy and undefine vm
hosts: "{{ target }}"
user: root

9
playbooks/groups/backup-server.yml
View file

@ -3,15 +3,16 @@
# NOTE: make sure there is room/space for this instance on the buildvmhost
# NOTE: most of these vars_path come from group_vars/backup_server or from hostvars
---
- name: make backup server system
hosts: backup
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- base

10
playbooks/groups/bastion.yml
View file

@ -1,3 +1,4 @@
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "bastion"
@ -5,12 +6,12 @@
- name: make the boxen be real for real
hosts: bastion
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- base
@ -34,4 +35,3 @@
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"

13
playbooks/groups/batcave.yml
View file

@ -1,3 +1,4 @@
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "batcave"
@ -5,12 +6,12 @@
- name: make the box be real
hosts: batcave
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- base
@ -54,8 +55,8 @@
- batcave
- role: grobisplitter
when: datacenter == 'iad2'
- { role: nfs/client, when: inventory_hostname.startswith('batcave'), mnt_dir: '/srv/web/pub', nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' }
- { role: nfs/client, when: inventory_hostname.startswith('batcave01'), mnt_dir: '/mnt/fedora/app', nfs_src_dir: 'fedora_app/app' }
- { role: nfs/client, when: inventory_hostname.startswith('batcave'), mnt_dir: '/srv/web/pub', nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' }
- { role: nfs/client, when: inventory_hostname.startswith('batcave01'), mnt_dir: '/mnt/fedora/app', nfs_src_dir: 'fedora_app/app' }
- { role: mirror_pagure_ansible, tags: ['mirror_pagure_ansible'] }
pre_tasks:

3
playbooks/groups/bodhi-backend.yml
View file

@ -5,6 +5,7 @@
# They also run some misc releng scripts.
#
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "bodhi_backend:bodhi_backend_stg"
@ -14,7 +15,7 @@
- name: make bodhi-backend server system
hosts: bodhi_backend:bodhi_backend_stg
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml

3
playbooks/groups/build-kcs.yml
View file

@ -3,10 +3,11 @@
# Creation of the system is done by a different process so is not
# covered by this playbook.
---
- name: enable an ephemeral builder
hosts: build_x86_kcs:build_x86_kcs_stg
user: root
gather_facts: False
gather_facts: false
vars_files:
- /srv/web/infra/ansible/vars/global.yml

11
playbooks/groups/buildhw.yml
View file

@ -1,3 +1,4 @@
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/happy_birthday.yml"
vars:
myhosts: "buildhw:bkernel"
@ -5,12 +6,12 @@
- name: make koji builder(s) on raw hw
hosts: buildhw:bkernel
remote_user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
pre_tasks:
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
@ -33,7 +34,7 @@
roles:
- base
- { role: nfs/client, mnt_dir: '/mnt/fedora_koji', nfs_src_dir: "{{ koji_hub_nfs }}", when: koji_hub_nfs is defined }
- { role: nfs/client, mnt_dir: '/mnt/fedora_koji', nfs_src_dir: "{{ koji_hub_nfs }}", when: koji_hub_nfs is defined }
- role: nfs/client
mnt_dir: '/mnt/koji/ostree'
nfs_src_dir: 'fedora_ostree_content/ostree'

3
playbooks/groups/buildvm-osbuild.yml
View file

@ -1,5 +1,6 @@
# create a new osbuild worker
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "buildvm_osbuild_ppc64le:buildvm_osbuild_ppc64le_staging"
@ -7,7 +8,7 @@
- name: make osbuild-worker
hosts: buildvm_osbuild_ppc64le:buildvm_osbuild_ppc64le_staging
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml

17
playbooks/groups/buildvm.yml
View file

@ -3,6 +3,7 @@
# NOTE: make sure there is room/space for this builder on the buildvmhost
# NOTE: most of these vars_path come from group_vars/buildvm or from hostvars
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "buildvm:buildvm_stg:buildvm_aarch64:buildvm_ppc64le:buildvm_ppc64le_stg:buildvm_aarch64_stg:buildvm_s390x_kvm"
@ -10,7 +11,7 @@
- name: make koji builder(s)
hosts: buildvm:buildvm_stg:buildvm_aarch64:buildvm_ppc64le:buildvm_ppc64le_stg:buildvm_aarch64_stg:buildvm_s390x:buildvm_s390x_stg
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
@ -25,11 +26,11 @@
- base
- hosts
- {
role: nfs/client,
mnt_dir: "/mnt/fedora_koji",
nfs_src_dir: "{{ koji_hub_nfs }}",
when: "env == 'staging' or createrepo or 'runroot' in group_names and not inventory_hostname.startswith('buildvm-s390x')",
}
role: nfs/client,
mnt_dir: "/mnt/fedora_koji",
nfs_src_dir: "{{ koji_hub_nfs }}",
when: "env == 'staging' or createrepo or 'runroot' in group_names and not inventory_hostname.startswith('buildvm-s390x')",
}
- ipa/client
- role: sudo
when: not inventory_hostname.startswith('bkernel') and env == 'production'
@ -86,7 +87,7 @@
tags:
- varnish
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
@ -104,7 +105,7 @@
tags:
- sshfs
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml

19
playbooks/groups/busgateway.yml
View file

@ -1,3 +1,4 @@
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "busgateway:busgateway_stg"
@ -5,12 +6,12 @@
- name: dole out the generic configuration
hosts: busgateway:busgateway_stg
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- base
@ -36,11 +37,11 @@
- name: dole out the service-specific config
hosts: busgateway:busgateway_stg
user: root
gather_facts: True
gather_facts: true
roles:
- role: fedmsg/hub
enable_websocket_server: True
enable_websocket_server: true
- role: fedmsg/relay
- role: fedmsg/gateway
- role: collectd/fedmsg-service
@ -52,9 +53,9 @@
- role: collectd/fedmsg-activation
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- "{{ vars_path }}/{{ ansible_distribution }}.yml"
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- "{{ vars_path }}/{{ ansible_distribution }}.yml"
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"

13
playbooks/groups/centos-ipa-client.yml
View file

@ -1,3 +1,4 @@
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "centos_ipa_client_stg"
@ -5,21 +6,19 @@
- name: make the boxes be realen
hosts: centos_ipa_client_stg
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- base
- hosts
pre_tasks:
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"

9
playbooks/groups/certgetter.yml
View file

@ -1,3 +1,4 @@
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "certgetter"
@ -5,12 +6,12 @@
- name: make the box be real
hosts: certgetter
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- base

21
playbooks/groups/copr-backend.yml
View file

@ -1,11 +1,12 @@
---
- name: check/create instance
hosts: copr_back_dev_aws:copr_back_aws
user: root
gather_facts: False
gather_facts: false
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- /srv/private/ansible/vars.yml
- /srv/web/infra/ansible/vars/global.yml
- /srv/private/ansible/vars.yml
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"
@ -25,10 +26,10 @@
- name: cloud basic setup
hosts: copr_back_dev_aws:copr_back_aws
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- /srv/private/ansible/vars.yml
- /srv/web/infra/ansible/vars/global.yml
- /srv/private/ansible/vars.yml
pre_tasks:
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
@ -45,12 +46,12 @@
- name: provision instance
hosts: copr_back_dev_aws:copr_back_aws
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- /srv/private/ansible/vars.yml
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- /srv/private/ansible/vars.yml
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
# Roles are run first, before tasks, regardless of where you place them here.
roles:

21
playbooks/groups/copr-dist-git.yml
View file

@ -1,11 +1,12 @@
---
- name: check/create instance
hosts: copr_dist_git_dev_aws:copr_dist_git_aws
user: root
gather_facts: False
gather_facts: false
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"
@ -20,10 +21,10 @@
- name: cloud basic setup
hosts: copr_dist_git_dev_aws:copr_dist_git_aws
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
pre_tasks:
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
@ -41,12 +42,12 @@
- name: provision instance
hosts: copr_dist_git_dev_aws:copr_dist_git_aws
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- base

27
playbooks/groups/copr-frontend.yml
View file

@ -1,11 +1,12 @@
---
- name: check/create instance
hosts: copr_front_dev_aws:copr_front_aws
user: root
gather_facts: False
gather_facts: false
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"
@ -25,10 +26,10 @@
- name: cloud basic setup
hosts: copr_front_dev_aws:copr_front_aws
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
pre_tasks:
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
@ -41,14 +42,14 @@
- name: provision instance
hosts: copr_front_dev_aws:copr_front_aws
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- base
- nagios_client
- copr/frontend
- base
- nagios_client
- copr/frontend

9
playbooks/groups/copr-hypervisor.yml
View file

@ -1,12 +1,13 @@
---
- name: Setup copr hypervisor hosts
hosts: copr_hypervisor
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "{{ private }}/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "{{ private }}/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
pre_tasks:
- include_role: name=copr/reboot

23
playbooks/groups/copr-keygen.yml
View file

@ -1,10 +1,11 @@
---
- name: check/create instance
hosts: copr_keygen_dev_aws:copr_keygen_aws
gather_facts: False
gather_facts: false
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"
@ -20,7 +21,7 @@
- name: gather facts
setup:
check_mode: no
ignore_errors: True
ignore_errors: true
register: facts
- name: install python2 and dnf stuff
raw: dnf -y install python-dnf libselinux-python yum
@ -28,10 +29,10 @@
- name: cloud basic setup
hosts: copr_keygen_dev_aws:copr_keygen_aws
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
pre_tasks:
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
@ -44,12 +45,12 @@
- name: provision instance
hosts: copr_keygen_dev_aws:copr_keygen_aws
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- base

2
playbooks/groups/copr-pulp.yml
View file

@ -53,7 +53,7 @@
copy:
content: "{{ copr_dev_pulp_default_admin_password }}"
dest: /tmp/pulp_default_admin_password
mode: 000
mode: "000"
- name: cloud basic setup
hosts: copr_pulp_dev_aws:copr_pulp_aws

9
playbooks/groups/data-reports.yml
View file

@ -1,6 +1,7 @@
# create a data-reports vm
#
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "data_reports"
@ -8,12 +9,12 @@
- name: make the box be real
hosts: data_reports
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
pre_tasks:
- import_tasks: "{{ tasks_path }}/yumrepos.yml"

29
playbooks/groups/db.aws.yml
View file

@ -3,14 +3,15 @@
# Once the instance exists, configure it.
---
- name: check/create instance
hosts: db.stg.aws.fedoraproject.org
user: root
gather_facts: False
gather_facts: false
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- /srv/private/ansible/vars.yml
- /srv/web/infra/ansible/vars/global.yml
- /srv/private/ansible/vars.yml
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"
@ -27,10 +28,10 @@
- name: cloud basic setup
hosts: db.stg.aws.fedoraproject.org
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- /srv/private/ansible/vars.yml
- /srv/web/infra/ansible/vars/global.yml
- /srv/private/ansible/vars.yml
pre_tasks:
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
@ -41,12 +42,12 @@
- name: configure server
hosts: db.stg.aws.fedoraproject.org
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
pre_tasks:
- include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README
@ -63,12 +64,12 @@
- base
- rkhunter
# - {role: ipa/client, when: env == "staging"}
#- nagios_client
#- zabbix/zabbix_agent
# - nagios_client
# - zabbix/zabbix_agent
- hosts
- postgresql_server
#- collectd/base
#- collectd/postgres # This requires a 'databases' var to be set in host_vars
# - collectd/base
# - collectd/postgres # This requires a 'databases' var to be set in host_vars
- sudo
tasks:

1
playbooks/groups/debuginfod.yml
View file

@ -1,3 +1,4 @@
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "debuginfod:debuginfod_stg"

9
playbooks/groups/dns.yml
View file

@ -1,5 +1,6 @@
# create a new dns server
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "dns"
@ -7,12 +8,12 @@
- name: make the box be real
hosts: dns
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- base

28
playbooks/groups/download.yml
View file

@ -1,3 +1,4 @@
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "download_ibiblio:download_cc_rdu:download_iad2"
@ -5,12 +6,12 @@
- name: Download servers
hosts: download
user: root
gather_facts: False
gather_facts: false
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
tasks:
@ -21,12 +22,12 @@
- name: post-initial-steps
hosts: download
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml"
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml"
roles:
- base
@ -39,9 +40,9 @@
- apache
- download
- rsyncd
- { role: nfs/client, when: datacenter == "iad2" or datacenter == "rdu", mnt_dir: '/srv/pub', nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' }
- { role: nfs/client, when: datacenter == "iad2" or datacenter == "rdu", mnt_dir: '/srv/pub/archive', nfs_src_dir: 'fedora_ftp_archive' }
- { role: nfs/client, when: datacenter == "iad2", mnt_dir: '/mnt/fedora_koji', nfs_src_dir: 'fedora_koji' } # needed for internal sync
- { role: nfs/client, when: datacenter == "iad2" or datacenter == "rdu", mnt_dir: '/srv/pub', nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' }
- { role: nfs/client, when: datacenter == "iad2" or datacenter == "rdu", mnt_dir: '/srv/pub/archive', nfs_src_dir: 'fedora_ftp_archive' }
- { role: nfs/client, when: datacenter == "iad2", mnt_dir: '/mnt/fedora_koji', nfs_src_dir: 'fedora_koji' } # needed for internal sync
- sudo
pre_tasks:
@ -68,7 +69,7 @@
when: inventory_hostname == 'download-ib01.fedoraproject.org'
- name: install bc so last-sync works.
package: name=bc state=present
when: inventory_hostname == 'download-ib01.fedoraproject.org'
when: inventory_hostname == 'download-ib01.fedoraproject.org'
- name: put in script for syncing on download-cc-rdu01
copy: src="{{ files }}/download/sync-up-downloads.sh.cc-rdu01" dest=/usr/local/bin/sync-up-downloads owner=root group=root mode=755
@ -86,7 +87,6 @@
- name: make a mnt/koji link
file: state=link src=/mnt/fedora_koji/koji dest=/mnt/koji
when: datacenter == "iad2"
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"

8
playbooks/groups/flatpak-cache.yml
View file

@ -6,12 +6,12 @@
- name: make the box be real
hosts: flatpak_cache
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- base

17
playbooks/groups/github2fedmsg.yml
View file

@ -3,6 +3,7 @@
# NOTE: make sure there is room/space for this server on the vmhost
# NOTE: most of these vars_path come from group_vars/github2fedmsg* or from hostvars
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "github2fedmsg:github2fedmsg_stg"
@ -10,12 +11,12 @@
- name: make the box be real
hosts: github2fedmsg:github2fedmsg_stg
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- base
@ -43,12 +44,12 @@
- name: deploy service-specific config
hosts: github2fedmsg:github2fedmsg_stg
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"

11
playbooks/groups/ipa.yml
View file

@ -1,3 +1,4 @@
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "ipa:ipa_stg"
@ -5,7 +6,7 @@
- name: make the box be real
hosts: ipa:ipa_stg
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
@ -37,7 +38,7 @@
- name: deploy ipa itself
hosts: ipa:ipa_stg
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
@ -73,7 +74,7 @@
- krb5
- ipa/server
# original: /etc/httpd/conf/ipa.keytab
#- name: Make IPA HTTP use the combined keytab
# - name: Make IPA HTTP use the combined keytab
# lineinfile: dest=/etc/httpd/conf.d/ipa.conf
# regexp='GssapiCredStore keytab:'
# line=' GssapiCredStore keytab:/etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab.combined'
@ -81,7 +82,7 @@
# - krb5
# - ipa/server
# - config
#- name: Make IPA HTTP use the id.fp.o client keytab
# - name: Make IPA HTTP use the id.fp.o client keytab
# lineinfile: dest=/etc/httpd/conf.d/ipa.conf
# regexp='GssapiCredStore client_keytab:'
# line=' GssapiCredStore client_keytab:/etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab'
@ -93,7 +94,7 @@
- name: do base role once more to revert any resolvconf changes
hosts: ipa:ipa_stg
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml

7
playbooks/groups/ipsilon.yml
View file

@ -1,3 +1,4 @@
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "ipsilon:ipsilon_stg"
@ -6,7 +7,7 @@
- name: make the box be real
hosts: ipsilon:ipsilon_stg
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
@ -46,7 +47,7 @@
- name: deploy ipsilon itself
hosts: ipsilon:ipsilon_stg
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
@ -68,7 +69,7 @@
- name: setup IPA
hosts: ipa[0]:ipa_stg[0]
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml

17
playbooks/groups/koji-hub.yml
View file

@ -2,6 +2,7 @@
# NOTE: should be used with --limit most of the time
# NOTE: most of these vars_path come from group_vars/koji-hub or from hostvars
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "koji_stg:koji"
@ -11,12 +12,12 @@
- name: make koji_hub server system
hosts: koji_stg:koji
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
pre_tasks:
- include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README
@ -133,12 +134,12 @@
tags:
- sshfs
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
tasks:
- name: Put public sshfs key in place

9
playbooks/groups/kojipkgs.yml
View file

@ -1,3 +1,4 @@
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "kojipkgs"
@ -5,12 +6,12 @@
- name: make the boxen be real for real
hosts: kojipkgs
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
pre_tasks:
- import_tasks: "{{ tasks_path }}/yumrepos.yml"

63
playbooks/groups/logserver.yml
View file

@ -1,3 +1,4 @@
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "logging"
@ -5,12 +6,12 @@
- name: make the box be real
hosts: logging
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- base
@ -57,12 +58,12 @@
- name: Cloud Image stats
hosts: log01.iad2.fedoraproject.org
user: root
gather_facts: False
gather_facts: false
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- cloudstats
@ -73,34 +74,34 @@
- name: dole out the service-specific config
hosts: log01.iad2.fedoraproject.org
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"
roles:
- role: nfs/client
mnt_dir: '/mnt/fedora_stats'
nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3"
nfs_src_dir: 'fedora_stats'
- geoip
- role: nfs/client
mnt_dir: '/mnt/fedora_stats'
nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3"
nfs_src_dir: 'fedora_stats'
- geoip
tasks:
- name: install needed packages
package: name={{ item }} state=present
with_items:
- httpd
- httpd-tools
- mod_ssl
- rsync
- emacs-nox
- git
- bc
- gnuplot
- mod_auth_gssapi
- name: install needed packages
package: name={{ item }} state=present
with_items:
- httpd
- httpd-tools
- mod_ssl
- rsync
- emacs-nox
- git
- bc
- gnuplot
- mod_auth_gssapi
- name: set domain_can_mmap_files so collectd works
seboolean: name=domain_can_mmap_files state=yes persistent=yes
- name: set domain_can_mmap_files so collectd works
seboolean: name=domain_can_mmap_files state=yes persistent=yes

11
playbooks/groups/maintainer-test.yml
View file

@ -1,13 +1,14 @@
---
- name: Setup maintainer test hosts
hosts: maintainer_test
gather_facts: True
gather_facts: true
tags:
- maintainer-test
- maintainer-test
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
pre_tasks:
- include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README

9
playbooks/groups/mariadb-server.yml
View file

@ -2,6 +2,7 @@
# NOTE: should be used with --limit most of the time
# NOTE: most of these vars_path come from group_vars/backup_server or from hostvars
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "db03.stg.iad2.fedoraproject.org:db03.iad2.fedoraproject.org"
@ -11,12 +12,12 @@
- name: configure mariadb server system
hosts: db03.stg.iad2.fedoraproject.org:db03.iad2.fedoraproject.org
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- base

3
playbooks/groups/memcached.yml
View file

@ -1,3 +1,4 @@
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "memcached:memcached_stg"
@ -5,7 +6,7 @@
- name: make the box be real
hosts: memcached:memcached_stg
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml

25
playbooks/groups/nfs-servers.yml
View file

@ -1,14 +1,15 @@
# This is a basic playbook
---
- name: dole out the basic configuration
hosts: nfs_servers
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
pre_tasks:
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
@ -33,11 +34,11 @@
- name: Deal with drive items on storinator01
hosts: storinator01.rdu-cc.fedoraproject.org
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"
@ -75,11 +76,11 @@
- name: Deal with NFS
hosts: storinator01.rdu-cc.fedoraproject.org
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"
roles:

21
playbooks/groups/noc.yml
View file

@ -1,4 +1,5 @@
# This is a basic playbook
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "nagios"
@ -6,12 +7,12 @@
- name: make the box be real
hosts: nagios
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
pre_tasks:
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
@ -27,7 +28,7 @@
- { role: rsyncd, when: datacenter == 'iad2' }
- sudo
- apache
#- mod_wsgi
# - mod_wsgi
- role: keytab/service
owner_user: apache
owner_group: apache
@ -39,7 +40,7 @@
owner_group: apache
service: HTTP
host: "nagios-external{{env_suffix}}.fedoraproject.org"
when: datacenter != 'iad2'
when: datacenter != 'iad2'
- { role: letsencrypt, site_name: 'nagios-external.fedoraproject.org', when: inventory_hostname.startswith('noc02') }
tasks:
@ -51,12 +52,12 @@
- name: deploy service-specific config (just for production)
hosts: nagios
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"

57
playbooks/groups/oci-registry.yml
View file

@ -1,17 +1,18 @@
# create an osbs server
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "oci_registry:oci_registry_stg"
- name: make the box be real
hosts: oci_registry:oci_registry_stg
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- base
@ -42,7 +43,7 @@
state: directory
owner: root
group: root
mode: 0755
mode: "0755"
when: "env == 'staging'"
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
@ -66,39 +67,39 @@
roles:
- {
role: docker-distribution,
conf_path: "/etc/docker-distribution/registry/config.yml",
tls: {
enabled: False,
},
log: {
fields: {
service: "registry"
}
},
storage: {
filesystem: {
rootdirectory: "/srv/registry"
}
},
http: {
addr: ":5000"
conf_path: "/etc/docker-distribution/registry/config.yml",
tls: {
enabled: false,
},
log: {
fields: {
service: "registry"
}
},
storage: {
filesystem: {
rootdirectory: "/srv/registry"
}
},
http: {
addr: ":5000"
}
}
# Setup compose-x86-01 push docker images to registry
- {
role: login-registry,
candidate_registry: "candidate-registry.stg.fedoraproject.org",
candidate_registry_osbs_username: "{{candidate_registry_osbs_stg_username}}",
candidate_registry_osbs_password: "{{candidate_registry_osbs_stg_password}}",
candidate_registry: "candidate-registry.stg.fedoraproject.org",
candidate_registry_osbs_username: "{{candidate_registry_osbs_stg_username}}",
candidate_registry_osbs_password: "{{candidate_registry_osbs_stg_password}}",
when: env == "staging",
delegate_to: "compose-x86-01.{{ datacenter }}.fedoraproject.org"
}
- {
role: login-registry,
candidate_registry: "candidate-registry.fedoraproject.org",
candidate_registry_osbs_username: "{{candidate_registry_osbs_prod_username}}",
candidate_registry_osbs_password: "{{candidate_registry_osbs_prod_password}}",
candidate_registry: "candidate-registry.fedoraproject.org",
candidate_registry_osbs_username: "{{candidate_registry_osbs_prod_username}}",
candidate_registry_osbs_password: "{{candidate_registry_osbs_prod_password}}",
when: env == "production",
delegate_to: "compose-x86-01.{{ datacenter }}.fedoraproject.org"
}

45
playbooks/groups/openqa-onebox-test.yml
View file

@ -1,49 +1,50 @@
---
- name: setup base openQA host
hosts: openqa_onebox_test
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
pre_tasks:
- include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
roles:
- { role: base, tags: ['base'] }
- { role: rkhunter, tags: ['rkhunter'] }
- { role: nagios_client, tags: ['nagios_client'] }
- { role: hosts, tags: ['hosts']}
- ipa/client
- { role: collectd/base, tags: ['collectd_base'] }
- { role: sudo, tags: ['sudo'] }
- apache
- { role: base, tags: ['base'] }
- { role: rkhunter, tags: ['rkhunter'] }
- { role: nagios_client, tags: ['nagios_client'] }
- { role: hosts, tags: ['hosts']}
- ipa/client
- { role: collectd/base, tags: ['collectd_base'] }
- { role: sudo, tags: ['sudo'] }
- apache
tasks:
- import_tasks: "{{ tasks_path }}/motd.yml"
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"
- import_tasks: "{{ handlers_path }}/restart_services.yml"
- name: configure openQA
hosts: openqa_onebox_test
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
# we need this box to be its own pgsql server...
roles:
- { role: postgresql_server, tags: ['postgresql_server'] }
- { role: openqa/server, tags: ['openqa_server'] }
- { role: openqa/dispatcher, tags: ['openqa_dispatcher'] }
- { role: openqa/worker, tags: ['openqa_worker'] }
- { role: postgresql_server, tags: ['postgresql_server'] }
- { role: openqa/server, tags: ['openqa_server'] }
- { role: openqa/dispatcher, tags: ['openqa_dispatcher'] }
- { role: openqa/worker, tags: ['openqa_worker'] }
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"
- import_tasks: "{{ handlers_path }}/restart_services.yml"

31
playbooks/groups/openqa-workers.yml
View file

@ -1,31 +1,32 @@
---
- name: configure openQA workers
hosts: openqa_workers:openqa_lab_workers
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
pre_tasks:
- include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
roles:
- { role: base, tags: ['base'] }
- { role: rkhunter, tags: ['rkhunter'] }
- { role: nagios_client, tags: ['nagios_client'] }
- { role: hosts, tags: ['hosts']}
- { role: ipa/client, tags: ['ipa_client']}
- { role: collectd/base, tags: ['collectd_base'] }
- { role: sudo, tags: ['sudo'] }
- { role: openqa/worker, tags: ['openqa_worker'] }
- { role: linux-system-roles.nbde_client, tags: ['nbde_client'], when: openqa_nbde|bool }
- apache
- { role: base, tags: ['base'] }
- { role: rkhunter, tags: ['rkhunter'] }
- { role: nagios_client, tags: ['nagios_client'] }
- { role: hosts, tags: ['hosts']}
- { role: ipa/client, tags: ['ipa_client']}
- { role: collectd/base, tags: ['collectd_base'] }
- { role: sudo, tags: ['sudo'] }
- { role: openqa/worker, tags: ['openqa_worker'] }
- { role: linux-system-roles.nbde_client, tags: ['nbde_client'], when: openqa_nbde|bool }
- apache
tasks:
- import_tasks: "{{ tasks_path }}/motd.yml"
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"
- import_tasks: "{{ handlers_path }}/restart_services.yml"

73
playbooks/groups/openqa.yml
View file

@ -1,3 +1,4 @@
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "openqa:openqa_lab"
@ -5,42 +6,42 @@
- name: setup base openQA host
hosts: openqa:openqa_lab
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
pre_tasks:
- include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
roles:
- { role: base, tags: ['base'] }
- { role: rkhunter, tags: ['rkhunter'] }
- { role: nagios_client, tags: ['nagios_client'] }
- { role: hosts, tags: ['hosts']}
- ipa/client
- { role: collectd/base, tags: ['collectd_base'] }
- { role: sudo, tags: ['sudo'] }
- apache
- { role: base, tags: ['base'] }
- { role: rkhunter, tags: ['rkhunter'] }
- { role: nagios_client, tags: ['nagios_client'] }
- { role: hosts, tags: ['hosts']}
- ipa/client
- { role: collectd/base, tags: ['collectd_base'] }
- { role: sudo, tags: ['sudo'] }
- apache
tasks:
- import_tasks: "{{ tasks_path }}/motd.yml"
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"
- import_tasks: "{{ handlers_path }}/restart_services.yml"
- name: configure fedora-messaging queues on openQA servers
hosts: openqa:openqa_lab
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
# we must always make sure the prod user exists, as stg uses the
@ -149,9 +150,9 @@
hosts: openqa_lab
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- role: nfs/client
@ -166,15 +167,15 @@
tags: ['nfs_client']
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"
- import_tasks: "{{ handlers_path }}/restart_services.yml"
- name: set up openQA server data NFS mounts (prod)
hosts: openqa
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- role: nfs/client
@ -189,28 +190,28 @@
tags: ['nfs_client']
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"
- import_tasks: "{{ handlers_path }}/restart_services.yml"
- name: configure openQA
hosts: openqa:openqa_lab
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
# relvalconsumer isn't particularly related to openQA in any way, we
# just put that role on these boxes. There's nowhere more obviously
# correct for it, really. Ditto fedora_nightlies and testcase_stats
roles:
- { role: openqa/server, tags: ['openqa_server'] }
- { role: openqa/dispatcher, tags: ['openqa_dispatcher'] }
- { role: check-compose, tags: ['check-compose'], when: "checkcompose_amqp_queue is defined" }
- { role: relvalconsumer, tags: ['relvalconsumer'], when: "relvalconsumer_amqp_queue is defined" }
- { role: fedora_nightlies, tags: ['fedora_nightlies'], when: "fedora_nightlies_amqp_queue is defined" }
- { role: testcase_stats, tags: ['testcase_stats'], when: "testcase_stats_output_dir is defined" }
- { role: openqa/server, tags: ['openqa_server'] }
- { role: openqa/dispatcher, tags: ['openqa_dispatcher'] }
- { role: check-compose, tags: ['check-compose'], when: "checkcompose_amqp_queue is defined" }
- { role: relvalconsumer, tags: ['relvalconsumer'], when: "relvalconsumer_amqp_queue is defined" }
- { role: fedora_nightlies, tags: ['fedora_nightlies'], when: "fedora_nightlies_amqp_queue is defined" }
- { role: testcase_stats, tags: ['testcase_stats'], when: "testcase_stats_output_dir is defined" }
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"
- import_tasks: "{{ handlers_path }}/restart_services.yml"

7
playbooks/groups/os-control.yml
View file

@ -1,4 +1,5 @@
# This is a basic playbook
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "os_control:os_control_stg"
@ -6,7 +7,7 @@
- name: make the box be real
hosts: os_control:os_control_stg
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
@ -30,7 +31,7 @@
state: directory
owner: root
group: root
mode: 0770
mode: "0770"
- name: copy oc rpm
copy:
@ -46,7 +47,7 @@
copy:
src: "{{ files }}/scripts/jobs-summary"
dest: /usr/local/bin/jobs-summary
mode: 0755
mode: "0755"
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
- import_tasks: "{{ tasks_path }}/motd.yml"

10
playbooks/groups/os-proxies.yml
View file

@ -1,5 +1,6 @@
# create a new proxy server
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "os_proxies"
@ -7,12 +8,12 @@
- name: make the box be real
hosts: os_proxies
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
pre_tasks:
- include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README
@ -40,4 +41,3 @@
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"

17
playbooks/groups/pagure.yml
View file

@ -1,3 +1,4 @@
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "pagure:pagure_stg"
@ -5,12 +6,12 @@
- name: make the boxen be real for real
hosts: pagure:pagure_stg
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- base
@ -36,12 +37,12 @@
- name: deploy pagure itself
hosts: pagure:pagure_stg
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- "{{ vars_path }}/{{ ansible_distribution }}.yml"
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- "{{ vars_path }}/{{ ansible_distribution }}.yml"
roles:

3
playbooks/groups/postgresql-server.yml
View file

@ -2,6 +2,7 @@
# NOTE: should be used with --limit most of the time
# NOTE: most of these vars_path come from group_vars/backup_server or from hostvars
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "db-fas01.stg.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org:db-koji01.stg.iad2.fedoraproject.org:db-fas01.iad2.fedoraproject.org:db01.iad2.fedoraproject.org:db-koji01.iad2.fedoraproject.org:db-openqa01.iad2.fedoraproject.org:db-datanommer01.stg.iad2.fedoraproject.org:db-datanommer02.iad2.fedoraproject.org"
@ -11,7 +12,7 @@
- name: configure postgresql server system
hosts: db-fas01.stg.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org:db-koji01.stg.iad2.fedoraproject.org:db-fas01.iad2.fedoraproject.org:db01.iad2.fedoraproject.org:db-koji01.iad2.fedoraproject.org:db-openqa01.iad2.fedoraproject.org:db-datanommer01.stg.iad2.fedoraproject.org:db-datanommer02.iad2.fedoraproject.org
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml

15
playbooks/groups/proxies.yml
View file

@ -1,5 +1,6 @@
# create a new proxy server
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "proxies:proxies_stg:!proxy05.fedoraproject.org:!cloud_aws"
@ -7,7 +8,7 @@
- name: make the box be real
hosts: proxies_stg:proxies
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
@ -33,7 +34,7 @@
- {role: mirrormanager/mirrorlist_proxy,
when: env == "staging" or "'mirrorlist_proxy' in group_names"}
- apache
#when: env == "staging"
# when: env == "staging"
tasks:
- import_tasks: "{{ tasks_path }}/motd.yml"
@ -41,8 +42,8 @@
# You might think we would want these tasks_path on the proxy nodes, but they
# actually deliver a configuration that our proxy-specific roles below then go
# and overwrite... so, let's just leave them out.
#- import_tasks: "{{ tasks_path }}/apache.yml"
#- import_tasks: "{{ tasks_path }}/mod_wsgi.yml"
# - import_tasks: "{{ tasks_path }}/apache.yml"
# - import_tasks: "{{ tasks_path }}/mod_wsgi.yml"
- name: Ensure nf_conntrack module is loaded before tuning ip_conntrack_max
copy:
@ -51,7 +52,7 @@
dest: /etc/modules-load.d/nf_conntrack.conf
owner: root
group: root
mode: 0644
mode: "0644"
- name: set ip_conntrack_max to a high value as the proxies deal with lots of connections
sysctl: name=net.nf_conntrack_max value=26214400 state=present sysctl_set=yes reload=yes
@ -80,7 +81,7 @@
- name: Set up the proxy basics
hosts: proxies_stg:proxies
user: root
gather_facts: False
gather_facts: false
vars_files:
- /srv/web/infra/ansible/vars/global.yml
@ -121,7 +122,7 @@
hosts: proxies_stg:proxies
strategy: free
user: root
gather_facts: False
gather_facts: false
vars_files:
- /srv/web/infra/ansible/vars/global.yml

3
playbooks/groups/rabbitmq.yml
View file

@ -1,3 +1,4 @@
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "rabbitmq:rabbitmq_stg"
@ -5,7 +6,7 @@
- name: make the box be real
hosts: rabbitmq:rabbitmq_stg
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml

9
playbooks/groups/releng-compose.yml
View file

@ -3,6 +3,7 @@
# NOTE: make sure there is room/space for this instance on the buildvmhost
# NOTE: most of these vars_path come from group_vars/releng or from hostvars
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "releng_compose:releng_compose_stg:releng_compose_eln"
@ -203,7 +204,7 @@
dest: /etc/krb5.releng.keytab
owner: root
group: "releng-team"
mode: 0640
mode: "0640"
tags:
- containerrebuild
@ -213,7 +214,7 @@
dest: /etc/pki/releng
owner: root
group: "releng-team"
mode: 0600
mode: "0600"
tags:
- containerrebuild
@ -223,7 +224,7 @@
dest: "/usr/local/bin/relengpush"
owner: root
group: "releng-team"
mode: 0750
mode: "0750"
tags:
- containerrebuild
@ -233,7 +234,7 @@
dest: "/usr/local/bin/relengpush-int"
owner: root
group: "releng-team"
mode: 0750
mode: "0750"
tags:
- containerrebuild

31
playbooks/groups/retrace.yml
View file

@ -1,7 +1,8 @@
---
- name: AWS setup
hosts: retrace_stg_aws
user: root
gather_facts: False
gather_facts: false
vars_files:
- /srv/web/infra/ansible/vars/global.yml
@ -17,7 +18,7 @@
- name: setup RabbitMQ
hosts: rabbitmq[0]:rabbitmq_stg[0]
user: root
gather_facts: False
gather_facts: false
tags: rabbitmq
vars_files:
@ -25,7 +26,7 @@
- /srv/private/ansible/vars.yml
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
roles:
- role: rabbit/queue
username: "faf{{ env_suffix }}"
queue_name: faf
@ -51,12 +52,12 @@
- name: Setup retrace hosts
hosts: retrace,retrace_stg
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "{{ private }}/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "{{ private }}/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
pre_tasks:
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
@ -79,12 +80,12 @@
- name: setup FAF server
hosts: retrace,retrace_stg
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "{{ private }}/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "{{ private }}/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
tasks:
- import_role: name=abrt/faf-pre
@ -99,12 +100,12 @@
- name: setup retrace server
hosts: retrace,retrace_stg
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "{{ private }}/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "{{ private }}/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
tasks:
- import_role: name=abrt/retrace-pre

9
playbooks/groups/secondary.yml
View file

@ -1,3 +1,4 @@
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "secondary"
@ -5,12 +6,12 @@
- name: setup secondary arch download server
hosts: secondary
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml"
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml"
roles:
- base

7
playbooks/groups/sign-bridge.yml
View file

@ -6,6 +6,7 @@
# Access is via management interface only. This playbook does initial setup.
# Please check with rel-eng before doing anything here.
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "sign_bridge"
@ -16,9 +17,9 @@
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- base

9
playbooks/groups/smtp-auth.yml
View file

@ -1,5 +1,6 @@
# create smtp auth servers
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "smtp_auth"
@ -7,12 +8,12 @@
- name: make the box be real
hosts: smtp_auth
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- base

9
playbooks/groups/smtp-mm.yml
View file

@ -1,5 +1,6 @@
# create smtp servers
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "smtp_mm"
@ -7,12 +8,12 @@
- name: make the box be real
hosts: smtp_mm
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- base

9
playbooks/groups/tang.yml
View file

@ -1,3 +1,4 @@
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "tang"
@ -5,12 +6,12 @@
- name: make the box be real
hosts: tang
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
pre_tasks:
- import_tasks: "{{ tasks_path }}/yumrepos.yml"

9
playbooks/groups/torrent.yml
View file

@ -1,3 +1,4 @@
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "torrent"
@ -5,12 +6,12 @@
- name: make the box be real
hosts: torrent
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- base

11
playbooks/groups/value.yml
View file

@ -1,3 +1,4 @@
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "value:value_stg"
@ -5,7 +6,7 @@
- name: make the box be real
hosts: value:value_stg
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
@ -39,10 +40,10 @@
- role: collectd/fedmsg-service
process: fedmsg-irc
- {role: nfs/client,
nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3",
mnt_dir: '/srv/',
nfs_src_dir: 'fedora_value_{{env_short}}',
mount_stg: true }
nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3",
mnt_dir: '/srv/',
nfs_src_dir: 'fedora_value_{{env_short}}',
mount_stg: true }
pre_tasks:
- import_tasks: "{{ tasks_path }}/yumrepos.yml"

9
playbooks/groups/virthost.yml
View file

@ -2,6 +2,7 @@
# NOTE: should be used with --limit most of the time
# NOTE: most of these vars_path come from group_vars/backup_server or from hostvars
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/happy_birthday.yml"
vars:
myhosts: "virthost:bvirthost:buildvmhost:colo_virt"
@ -9,12 +10,12 @@
- name: make virthost server system
hosts: virthost:bvirthost:buildvmhost:colo_virt
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
pre_tasks:
- include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README

13
playbooks/groups/wiki.yml
View file

@ -3,6 +3,7 @@
# These servers run mediawiki for the main fedora wiki instance.
#
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "wiki:wiki_stg"
@ -10,12 +11,12 @@
- name: make the box be real
hosts: wiki:wiki_stg
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
pre_tasks:
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
@ -36,8 +37,8 @@
username: "mediawiki{{ env_suffix }}"
sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(wiki|logger)\..*
when: inventory_hostname.startswith('wiki01')
- { role: nfs/client, when: env == "staging", mnt_dir: '/mnt/web/attachments', nfs_src_dir: 'fedora_app_staging/app/attachments', mount_stg: true }
- { role: nfs/client, when: env != "staging", mnt_dir: '/mnt/web/attachments', nfs_src_dir: 'fedora_app/app/attachments' }
- { role: nfs/client, when: env == "staging", mnt_dir: '/mnt/web/attachments', nfs_src_dir: 'fedora_app_staging/app/attachments', mount_stg: true }
- { role: nfs/client, when: env != "staging", mnt_dir: '/mnt/web/attachments', nfs_src_dir: 'fedora_app/app/attachments' }
- mediawiki
- sudo

9
playbooks/groups/zabbix.yml
View file

@ -1,3 +1,4 @@
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "zabbix_stg:zabbix"
@ -5,12 +6,12 @@
- name: make the box be real
hosts: zabbix_stg:zabbix
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- base

3
playbooks/host_reboot.yml
View file

@ -1,8 +1,9 @@
# requires --extra-vars="target=hostspec"
---
- name: reboot hosts
hosts: "{{ target }}"
gather_facts: False
gather_facts: false
user: root
serial: 1

3
playbooks/host_update.yml
View file

@ -3,6 +3,7 @@
# requires --extra-vars="target=somehostname yumcommand=update"
---
- name: update the system
hosts: "{{ target }}"
gather_facts: false
@ -18,7 +19,7 @@
poll: 30
- name: run rkhunter if installed
hosts: "{{ target }}"
hosts: "{{ target }}"
user: root
tasks:

10
playbooks/hosts/cloud-noc01.fedorainfracloud.org.yml
View file

@ -1,5 +1,6 @@
# This is a basic playbook
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "cloud-noc01.fedorainfracloud.org"
@ -7,12 +8,12 @@
- name: make cloud noc hardware
hosts: cloud-noc01.fedorainfracloud.org
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- base
@ -58,4 +59,3 @@
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"

9
playbooks/hosts/noc-cc01.rdu-cc.fedoraproject.org.yml
View file

@ -1,5 +1,6 @@
# This is a basic playbook
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "noc-cc01.rdu-cc.fedoraproject.org"
@ -7,12 +8,12 @@
- name: make cloud noc hardware
hosts: noc-cc01.rdu-cc.fedoraproject.org
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- base

10
playbooks/include/happy_birthday.yml
View file

@ -1,11 +1,12 @@
---
- name: handle ssh keys on a hosts birthday (new hw machine)
hosts: "{{ myhosts }}"
gather_facts: False
gather_facts: false
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
tasks:
- import_tasks: "{{ tasks_path }}/happy_birthday.yml"
@ -13,4 +14,3 @@
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"

12
playbooks/include/proxies-certificates.yml
View file

@ -1,12 +1,13 @@
---
- name: Set up those proxy certificates. Good gravy..
hosts: proxies_stg:proxies
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"
@ -22,7 +23,7 @@
- role: httpd/certificate
certname: wildcard-2024.fedoraproject.org
SSLCertificateChainFile: wildcard-2024.fedoraproject.org.intermediate.cert
- role: httpd/certificate
certname: wildcard-2024.id.fedoraproject.org
SSLCertificateChainFile: wildcard-2024.id.fedoraproject.org.intermediate.cert
@ -70,4 +71,3 @@
# - role: httpd/certificate
# certname: secondary.koji.fedoraproject.org.letsencrypt
# SSLCertificateChainFile: secondary.koji.fedoraproject.org.letsencrypt.intermediate.crt

9
playbooks/include/proxies-fedora-web.yml
View file

@ -1,12 +1,13 @@
---
- name: Set up all that fedora-web goodness. What a wonder!
hosts: proxies_stg:proxies
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"

12
playbooks/include/proxies-fedorahosted.yml
View file

@ -1,12 +1,13 @@
- name: Fedorahosted. No more on our servers, but still in our hearts...
---
- name: Fedorahosted. No more on our servers, but still in our hearts...
hosts: proxies_stg:proxies
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"
@ -26,4 +27,3 @@
- name: install special git.fedorahosted-redirects.conf with git.fedorahosted redirects
copy: src={{ files }}/httpd/git.fedorahosted-redirects.conf dest=/etc/httpd/conf.d/git.fedorahosted.org/fedorahosted-redirects.conf

9
playbooks/include/proxies-haproxy.yml
View file

@ -1,12 +1,13 @@
---
- name: Set up all the haproxy stuff.
hosts: proxies_stg:proxies
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"

19
playbooks/include/proxies-miscellaneous.yml
View file

@ -1,12 +1,13 @@
---
- name: Set up all the other proxy stuff -- miscellaneous
hosts: proxies_stg:proxies
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"
@ -14,11 +15,11 @@
tasks:
# We retired this in favor of PDC
# https://lists.fedoraproject.org/archives/list/rel-eng@lists.fedoraproject.org/thread/LOWVTF6WTS43LNPWDEISLXUELXAH5YXR/#LOWVTF6WTS43LNPWDEISLXUELXAH5YXR
- file:
dest=/etc/httpd/conf.d/apps.fedoraproject.org/fedora-releng-dash.conf
state=absent
tags: releng-dash
notify: reload proxyhttpd
- file:
dest=/etc/httpd/conf.d/apps.fedoraproject.org/fedora-releng-dash.conf
state=absent
tags: releng-dash
notify: reload proxyhttpd
roles:

15
playbooks/include/proxies-redirects.yml
View file

@ -1,12 +1,13 @@
---
- name: Set up those proxy redirects. Wow!
hosts: proxies_stg:proxies
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"
@ -648,13 +649,13 @@
target: https://download.fedoraproject.org/pub/fedora/linux/releases/21/Cloud/Images/x86_64/Fedora-Cloud-Atomic-20141203-21.x86_64.raw.xz
# Except, there are no 32bit atomic images atm.
#- role: httpd/redirect
# - role: httpd/redirect
# shortname: cloud-atomic-32bit-21-raw
# website: cloud.fedoraproject.org
# path: /fedora-atomic-21.i386.raw.xz
# target: https://download.fedoraproject.org/pub/fedora/linux/releases/21/Cloud/Images/i386/Fedora-Cloud-Atomic-20141203-21.i386.raw.xz
#- role: httpd/redirect
# - role: httpd/redirect
# shortname: cloud-atomic-32bit-21
# website: cloud.fedoraproject.org
# path: /fedora-atomic-21.i386.qcow2
@ -901,7 +902,7 @@
regex: ^/composes/production/latest-Fedora-ELN/compose/(.*)$
target: https://dl.fedoraproject.org/pub/eln/1/$1
tags:
- odcs
- odcs
- role: httpd/redirect
shortname: 01-old-odcs

9
playbooks/include/proxies-reverseproxy.yml
View file

@ -1,12 +1,13 @@
---
- name: Set up those ProxyPassReverse statements. Somebody get me a cup of coffee..
hosts: proxies_stg:proxies
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"

9
playbooks/include/proxies-rewrites.yml
View file

@ -1,12 +1,13 @@
---
- name: Set up some domain rewrites.
hosts: proxies_stg:proxies
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"

13
playbooks/include/proxies-websites.yml
View file

@ -1,12 +1,13 @@
---
- name: Set up those proxy websites. My, my..
hosts: proxies_stg:proxies
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"
@ -920,14 +921,14 @@
- role: httpd/website
site_name: zabbix.fedoraproject.org
sslonly: true
#server_aliases: [zabbix.fedoraproject.org]
# server_aliases: [zabbix.fedoraproject.org]
cert_name: "{{wildcard_cert_name}}"
tags: zabbix
- role: httpd/website
site_name: zabbix.stg.fedoraproject.org
sslonly: true
#server_aliases: [zabbix.stg.fedoraproject.org]
# server_aliases: [zabbix.stg.fedoraproject.org]
cert_name: "{{wildcard_cert_name}}"
tags: zabbix
when: env == "staging"

10
playbooks/include/virt-create.yml
View file

@ -1,15 +1,15 @@
---
- name: make the virtual instance
hosts: "{{ myhosts }}"
gather_facts: False
gather_facts: false
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
tasks:
- import_tasks: "{{ tasks_path }}/virt_instance_create.yml"
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"

2
playbooks/list-vms-per-host.yml
View file

@ -4,7 +4,7 @@
---
- hosts: virtservers
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml

9
playbooks/manual/autosign.yml
View file

@ -4,6 +4,7 @@
# Access is via management interface only. This playbook does initial setup.
# Please check with rel-eng before doing anything here.
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "autosign_stg"
@ -11,12 +12,12 @@
- name: make the box be real
hosts: autosign:autosign_stg
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- base

1
playbooks/manual/copr/_generic_tasks.yml
View file

@ -1,3 +1,4 @@
---
- name: detect package versions
package_facts: manager=auto

8
playbooks/manual/copr/copr-backend-upgrade.yml
View file

@ -2,12 +2,12 @@
- name: upgrade copr backend
hosts: copr_back_dev_aws:copr_back_aws
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
tasks:
- name: Generic upgrade tasks for copr servers

8
playbooks/manual/copr/copr-dist-git-upgrade.yml
View file

@ -2,12 +2,12 @@
- name: upgrade copr distgit
hosts: copr_dist_git_dev_aws:copr_dist_git_aws
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
tasks:
- name: Generic upgrade tasks for copr servers

8
playbooks/manual/copr/copr-frontend-upgrade.yml
View file

@ -2,15 +2,15 @@
- name: upgrade copr frontend
hosts: copr_front_dev_aws:copr_front_aws
user: root
gather_facts: True
gather_facts: true
vars:
cache_file: /var/lib/copr/.ansible-copr-frontend-version
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
tasks:
- name: Generic upgrade tasks for copr servers

8
playbooks/manual/copr/copr-keygen-upgrade.yml
View file

@ -2,12 +2,12 @@
- name: upgrade copr keygen
hosts: copr_keygen_dev_aws:copr_keygen_aws
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
tasks:
- name: Generic upgrade tasks for copr servers

8
playbooks/manual/copr/copr-pulp-upgrade.yml
View file

@ -2,12 +2,12 @@
- name: upgrade copr pulp
hosts: copr_pulp_dev_aws:copr_pulp_aws
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
tasks:
- name: Generic upgrade tasks for copr servers

6
playbooks/manual/fas-readonly/fas-readonly.yml
View file

@ -3,9 +3,9 @@
hosts: db-fas01.iad2.fedoraproject.org:db-fas01.stg.iad2.fedoraproject.org
user: root
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
tasks:
- name: copy the sql script to file
template: src=fas-readonly.sql dest=/var/lib/pgsql/fas-readonly.sql

6
playbooks/manual/fas-readonly/rollback-readonly.yml
View file

@ -3,9 +3,9 @@
hosts: db-fas01.iad2.fedoraproject.org:db-fas01.stg.iad2.fedoraproject.org
user: root
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
tasks:
- name: copy the sql script to file
template: src=rollback.sql dest=/var/lib/pgsql/rollback.sql

1
playbooks/manual/gdpr/delete.yml
View file

@ -3,6 +3,7 @@
# Please read http://fedora-infra-docs.readthedocs.io/en/latest/sysadmin-guide/sops/gdpr_delete.html
# for information about how to use this playbook and how to integration applications with it.
---
- name: Delete user data
hosts: gdpr_delete
strategy: free

1
playbooks/manual/gdpr/sar.yml
View file

@ -2,6 +2,7 @@
#
# Please read http://fedora-infra-docs.readthedocs.io/en/latest/sysadmin-guide/sops/gdpr_sar.html
# for information about how to use this playbook and how to integration applications with it.
---
- name: Create the archive location
hosts: localhost
tasks:

1
playbooks/manual/gdpr/sar_openshift.yml
View file

@ -1,5 +1,6 @@
# Retrieve GDPR data from single openshift app.
# Get the correct pod
---
- name: Retrieve the id of the running container/pod
shell: "oc get -n {{ item.value.openshift_namespace }} -o name -l app={{ item.value.openshift_pod }} pods | cut -f 2 -d '/'"
register: pod_id

6
playbooks/manual/get-system-packages.yml
View file

@ -1,7 +1,8 @@
#
# A playbook to get all the rpms installed on a set of systems.
#
# A playbook to get all the rpms installed on a set of systems.
#
---
- name: Get installed packages
hosts: builders:releng-compose:data-analysis01.iad2.fedoraproject.org
gather_facts: true
@ -18,4 +19,3 @@
- debug: var=rpm_output.stdout_lines
# when: rpm_output is defined and rpm_output.results|length > 0

3
playbooks/manual/history_undo.yml
View file

@ -8,6 +8,7 @@
# all the virthosts. If you run this once, it will undo those transactions. If
# you run it again, it will undo that previous *undo*.
---
- name: Find and undo the latest yum transaction involving a $PACKAGE
hosts: "{{ target }}"
user: root
@ -30,7 +31,7 @@
- debug: var=transaction_info.stdout_lines
when: transaction_id.stderr == ""
#- pause: seconds=30 prompt="Undoing that yum transaction. Abort if this is wrong."
# - pause: seconds=30 prompt="Undoing that yum transaction. Abort if this is wrong."
# when: transaction_id.stderr == ""
- name: Okay.. undo that transaction now

11
playbooks/manual/import-irc-cookies-to-matrix.yml
View file

@ -1,13 +1,14 @@
# This playbook imports the cookies given on IRC to the Matrix Zodbot
---
- name: Import the cookies
hosts: value02.iad2.fedoraproject.org:value02.stg.iad2.fedoraproject.org
user: root
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
tasks:
@ -18,7 +19,7 @@
dest: /root/.pgpass
owner: root
group: root
mode: 0400
mode: "0400"
- name: install the required package
dnf:
@ -29,7 +30,7 @@
copy:
src: "{{ files }}/zodbot/karma-to-cookies-db.py"
dest: /usr/local/bin/karma-to-cookies-db
mode: 0755
mode: "0755"
- name: run the import script
command:

9
playbooks/manual/kernel-qa.yml
View file

@ -2,15 +2,16 @@
# NOTE: this assumes the kernel-qa boxes are already up and are accessible
# NOTE: most of these vars_path come from group_vars/kernel-qa or from hostvars
---
- name: make kernel-qa
hosts: kernel_qa
user: root
gather_facts: True
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- base

1
playbooks/manual/mirrormanager/emergency-expire-repo.yml
View file

@ -6,6 +6,7 @@
# "Fedora", "EPEL" or "RHEL"
# version => The version that must be expired and updated.
---
- name: Run the emergency-expire-repo script
hosts: os_control[0]:os_control_stg[0]
user: root

1
playbooks/manual/mirrormanager/move-devel-to-release.yml
View file

@ -4,6 +4,7 @@
# --extra-vars="version='42'"
# version => The version that must be expired and updated.
---
- name: Run the move-devel-to-release script
hosts: os_control[0]:os_control_stg[0]
user: root

1
playbooks/manual/mirrormanager/move-to-archive.yml
View file

@ -6,6 +6,7 @@
# "Fedora", "EPEL" or "RHEL"
# version => The version that must be archived.
---
- name: Run the move-to-archive script
hosts: os_control[0]:os_control_stg[0]
user: root

9
playbooks/manual/nagios/shush-fmn.yml
View file

@ -1,10 +1,11 @@
---
- name: be quiet please...
hosts: notifs_backend:notifs_backend_stg
user: root
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
tasks:
- name: tell nagios to shush.

Some files were not shown because too many files have changed in this diff Show more