From 2d4ec8d25970a4b68fceec4353849ffb82eb61f2 Mon Sep 17 00:00:00 2001 From: Nils Philippsen Date: Wed, 24 Mar 2021 13:43:28 +0100 Subject: [PATCH] Apply openvpn/client role before ipa/client This is so hosts on the Fedora VPN are able to talk to IPA before they try to enroll. Signed-off-by: Nils Philippsen --- playbooks/groups/backup-server.yml | 2 +- playbooks/groups/badges-backend.yml | 4 ++-- playbooks/groups/badges-web.yml | 4 ++-- playbooks/groups/basset.yml | 4 ++-- playbooks/groups/bastion_stg.yml | 2 +- playbooks/groups/batcave.yml | 2 +- playbooks/groups/blockerbugs.yml | 4 ++-- playbooks/groups/busgateway.yml | 4 ++-- playbooks/groups/certgetter.yml | 4 ++-- playbooks/groups/datagrepper.yml | 4 ++-- playbooks/groups/dns.yml | 4 ++-- playbooks/groups/download.yml | 2 +- playbooks/groups/fedimg.yml | 8 ++++---- playbooks/groups/fedocal.yml | 4 ++-- playbooks/groups/github2fedmsg.yml | 4 ++-- playbooks/groups/ipa.yml | 4 ++-- playbooks/groups/kerneltest.yml | 4 ++-- playbooks/groups/logserver.yml | 2 +- playbooks/groups/mailman.yml | 4 ++-- playbooks/groups/mbs.yml | 18 ++---------------- playbooks/groups/mirrormanager.yml | 2 +- playbooks/groups/noc.yml | 2 +- playbooks/groups/notifs-backend.yml | 8 ++++---- playbooks/groups/notifs-web.yml | 4 ++-- playbooks/groups/nuancier.yml | 4 ++-- playbooks/groups/oci-registry.yml | 4 ++-- playbooks/groups/odcs.yml | 18 ++---------------- playbooks/groups/os-cluster.yml | 2 +- playbooks/groups/packages.yml | 4 ++-- playbooks/groups/pagure.yml | 2 +- playbooks/groups/pdc.yml | 4 ++-- playbooks/groups/people.yml | 2 +- playbooks/groups/proxies.yml | 4 ++-- playbooks/groups/resultsdb.yml | 4 ++-- playbooks/groups/retrace.yml | 2 +- playbooks/groups/smtp-mm.yml | 4 ++-- playbooks/groups/sundries.yml | 4 ++-- playbooks/groups/torrent.yml | 2 +- playbooks/groups/unbound.yml | 4 ++-- playbooks/groups/value.yml | 4 ++-- playbooks/groups/virthost.yml | 2 +- playbooks/groups/vmhost_copr.yml | 4 ++-- playbooks/groups/wiki.yml | 4 ++-- 43 files changed, 77 insertions(+), 105 deletions(-) diff --git a/playbooks/groups/backup-server.yml b/playbooks/groups/backup-server.yml index 1876179ac4..f1298ab741 100644 --- a/playbooks/groups/backup-server.yml +++ b/playbooks/groups/backup-server.yml @@ -18,6 +18,7 @@ - rkhunter - nagios_client - hosts + - openvpn/client - ipa/client - sudo - collectd/base @@ -25,7 +26,6 @@ mnt_dir: '/fedora_backups', nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3", nfs_src_dir: 'fedora_backups' } - - openvpn/client - grokmirror_mirror pre_tasks: diff --git a/playbooks/groups/badges-backend.yml b/playbooks/groups/badges-backend.yml index 97f1b1da00..20ccecb27d 100644 --- a/playbooks/groups/badges-backend.yml +++ b/playbooks/groups/badges-backend.yml @@ -20,12 +20,12 @@ - rkhunter - nagios_client - hosts + - { role: openvpn/client, + when: env != "staging" } - ipa/client - collectd/base - fedmsg/base - sudo - - { role: openvpn/client, - when: env != "staging" } pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" diff --git a/playbooks/groups/badges-web.yml b/playbooks/groups/badges-web.yml index 15f2fc52d4..ea25b8c3b7 100644 --- a/playbooks/groups/badges-web.yml +++ b/playbooks/groups/badges-web.yml @@ -20,14 +20,14 @@ - rkhunter - nagios_client - hosts + - { role: openvpn/client, + when: env != "staging" } - ipa/client - collectd/base - badges/frontend - fedmsg/base - rsyncd - sudo - - { role: openvpn/client, - when: env != "staging" } - mod_wsgi - role: collectd/web-service site: frontpage diff --git a/playbooks/groups/basset.yml b/playbooks/groups/basset.yml index f2c5cba2f0..f96ba59d9b 100644 --- a/playbooks/groups/basset.yml +++ b/playbooks/groups/basset.yml @@ -17,12 +17,12 @@ - rkhunter - nagios_client - hosts + - { role: openvpn/client, + when: env != "staging" } - ipa/client - collectd/base - rsyncd - sudo - - { role: openvpn/client, - when: env != "staging" } - mongodb - rabbitmq - mod_wsgi diff --git a/playbooks/groups/bastion_stg.yml b/playbooks/groups/bastion_stg.yml index 231f1dbaab..8832aa9ce6 100644 --- a/playbooks/groups/bastion_stg.yml +++ b/playbooks/groups/bastion_stg.yml @@ -15,11 +15,11 @@ - rkhunter - nagios_client - hosts + #- { role: openvpn/client, when: inventory_hostname.startswith('bastion13') } - ipa/client - sudo #- collectd/base #- { role: openvpn/server, when: not inventory_hostname.startswith('bastion-comm01') or inventory_hostname.startswith('bastion13') } - #- { role: openvpn/client, when: inventory_hostname.startswith('bastion13') } #- { role: packager_alias, when: not inventory_hostname.startswith('bastion-comm01') or inventory_hostname.startswith('bastion13') } #- opendkim diff --git a/playbooks/groups/batcave.yml b/playbooks/groups/batcave.yml index 773c54c9bc..abdb7c2092 100644 --- a/playbooks/groups/batcave.yml +++ b/playbooks/groups/batcave.yml @@ -15,6 +15,7 @@ - rkhunter - nagios_client - hosts + - openvpn/client - ipa/client - ansible-server - sudo @@ -32,7 +33,6 @@ - role: httpd/certificate certname: "{{wildcard_cert_name}}" SSLCertificateChainFile: "{{wildcard_int_file}}" - - role: openvpn/client - role: rabbit/user username: "mirror_pagure_ansible{{ env_suffix }}" - role: rabbit/user diff --git a/playbooks/groups/blockerbugs.yml b/playbooks/groups/blockerbugs.yml index 9f9d4e3744..69cc7337ce 100644 --- a/playbooks/groups/blockerbugs.yml +++ b/playbooks/groups/blockerbugs.yml @@ -16,12 +16,12 @@ - rkhunter - nagios_client - hosts + - { role: openvpn/client, + when: env != "staging" } - ipa/client - collectd/base - sudo - rsyncd - - { role: openvpn/client, - when: env != "staging" } - mod_wsgi - blockerbugs diff --git a/playbooks/groups/busgateway.yml b/playbooks/groups/busgateway.yml index 6a87a1baf1..03cd1366aa 100644 --- a/playbooks/groups/busgateway.yml +++ b/playbooks/groups/busgateway.yml @@ -15,12 +15,12 @@ - rkhunter - nagios_client - hosts + - { role: openvpn/client, + when: env != "staging" } - ipa/client - collectd/base - fedmsg/base - sudo - - { role: openvpn/client, - when: env != "staging" } pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" diff --git a/playbooks/groups/certgetter.yml b/playbooks/groups/certgetter.yml index 0c6aaa2665..90582badb1 100644 --- a/playbooks/groups/certgetter.yml +++ b/playbooks/groups/certgetter.yml @@ -15,12 +15,12 @@ - rkhunter - nagios_client - hosts + - { role: openvpn/client, + when: env != "staging" } - ipa/client - rsyncd - sudo - apache - - { role: openvpn/client, - when: env != "staging" } pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" diff --git a/playbooks/groups/datagrepper.yml b/playbooks/groups/datagrepper.yml index a520d0ca9c..57320aedf1 100644 --- a/playbooks/groups/datagrepper.yml +++ b/playbooks/groups/datagrepper.yml @@ -17,6 +17,8 @@ - rkhunter - nagios_client - hosts + - { role: openvpn/client, + when: env != "staging" } - ipa/client - collectd/base - fedmsg/base @@ -24,8 +26,6 @@ username: "datagrepper{{ env_suffix }}"} - rsyncd - sudo - - { role: openvpn/client, - when: env != "staging" } - mod_wsgi pre_tasks: diff --git a/playbooks/groups/dns.yml b/playbooks/groups/dns.yml index d138468ab1..61578751cd 100644 --- a/playbooks/groups/dns.yml +++ b/playbooks/groups/dns.yml @@ -17,13 +17,13 @@ - hosts - rkhunter - nagios_client + - { role: openvpn/client, + when: datacenter != "rdu" and datacenter != 'iad2' } - ipa/client - collectd/base - collectd/bind - rsyncd - sudo - - { role: openvpn/client, - when: datacenter != "rdu" and datacenter != 'iad2' } - dns pre_tasks: diff --git a/playbooks/groups/download.yml b/playbooks/groups/download.yml index 7041bfb101..945f6dc9bc 100644 --- a/playbooks/groups/download.yml +++ b/playbooks/groups/download.yml @@ -31,6 +31,7 @@ - rkhunter - nagios_client - hosts + - { role: openvpn/client, when: vpn == True } - ipa/client - collectd/base - apache @@ -40,7 +41,6 @@ - { role: nfs/client, when: datacenter == "iad2", mnt_dir: '/mnt/koji', nfs_src_dir: 'fedora_koji/koji/' } # needed for internal sync and odcs - { role: nfs/client, when: datacenter == "iad2", mnt_dir: '/srv/odcs', nfs_src_dir: 'fedora_odcs' } # needed for internal sync - sudo - - { role: openvpn/client, when: vpn == True } pre_tasks: - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README diff --git a/playbooks/groups/fedimg.yml b/playbooks/groups/fedimg.yml index 63e211e4bd..2d873116a9 100644 --- a/playbooks/groups/fedimg.yml +++ b/playbooks/groups/fedimg.yml @@ -16,16 +16,16 @@ roles: - base - rkhunter + # The proxies don't actually need to talk to these hosts so we won't bother + # putting them on the vpn. + #- { role: openvpn/client, + # when: env != "staging" } - ipa/client - nagios_client - hosts - collectd/base - fedmsg/base - sudo - # The proxies don't actually need to talk to these hosts so we won't bother - # putting them on the vpn. - #- { role: openvpn/client, - # when: env != "staging" } pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" diff --git a/playbooks/groups/fedocal.yml b/playbooks/groups/fedocal.yml index d2ac27fb3d..863e18c6e2 100644 --- a/playbooks/groups/fedocal.yml +++ b/playbooks/groups/fedocal.yml @@ -15,11 +15,11 @@ - rkhunter - nagios_client - hosts + - { role: openvpn/client, + when: env != "staging" } - ipa/client - rsyncd - sudo - - { role: openvpn/client, - when: env != "staging" } - mod_wsgi - collectd/base diff --git a/playbooks/groups/github2fedmsg.yml b/playbooks/groups/github2fedmsg.yml index 1e11c393af..8ace27be8f 100644 --- a/playbooks/groups/github2fedmsg.yml +++ b/playbooks/groups/github2fedmsg.yml @@ -20,12 +20,12 @@ - rkhunter - nagios_client - hosts + - { role: openvpn/client, + when: env != "staging" } - ipa/client - collectd/base - rsyncd - sudo - - { role: openvpn/client, - when: env != "staging" } - mod_wsgi pre_tasks: diff --git a/playbooks/groups/ipa.yml b/playbooks/groups/ipa.yml index 47138fd86b..75d6697258 100644 --- a/playbooks/groups/ipa.yml +++ b/playbooks/groups/ipa.yml @@ -16,11 +16,11 @@ - nagios_client - collectd/base - hosts + - { role: openvpn/client, + when: env != "staging" } - ipa/client - rsyncd - sudo - - { role: openvpn/client, - when: env != "staging" } pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" diff --git a/playbooks/groups/kerneltest.yml b/playbooks/groups/kerneltest.yml index b155b4b56c..88cf11d2bb 100644 --- a/playbooks/groups/kerneltest.yml +++ b/playbooks/groups/kerneltest.yml @@ -20,12 +20,12 @@ - rkhunter - nagios_client - hosts + - { role: openvpn/client, + when: env != "staging" } - ipa/client - collectd/base - rsyncd - sudo - - { role: openvpn/client, - when: env != "staging" } - mod_wsgi pre_tasks: diff --git a/playbooks/groups/logserver.yml b/playbooks/groups/logserver.yml index 717d323789..8391f557a5 100644 --- a/playbooks/groups/logserver.yml +++ b/playbooks/groups/logserver.yml @@ -15,12 +15,12 @@ - rkhunter - nagios_client - hosts + - openvpn/client - ipa/client - apache - collectd/base - collectd/server - sudo - - openvpn/client - awstats - web-data-analysis - role: keytab/service diff --git a/playbooks/groups/mailman.yml b/playbooks/groups/mailman.yml index 6d84dc208c..ed440ba4c7 100644 --- a/playbooks/groups/mailman.yml +++ b/playbooks/groups/mailman.yml @@ -19,11 +19,11 @@ - rkhunter - nagios_client - hosts + - { role: openvpn/client, + when: env != "staging" } - ipa/client - collectd/base - sudo - - { role: openvpn/client, - when: env != "staging" } - spamassassin - mod_wsgi diff --git a/playbooks/groups/mbs.yml b/playbooks/groups/mbs.yml index 3bae01922e..3140dfc781 100644 --- a/playbooks/groups/mbs.yml +++ b/playbooks/groups/mbs.yml @@ -18,6 +18,8 @@ - rkhunter - nagios_client - hosts + # openvpn on the prod frontend nodes + - { role: openvpn/client, when: "'mbs_frontend' in group_names and datacenter == 'iad2'" } - ipa/client - rsyncd - sudo @@ -29,22 +31,6 @@ handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" -- name: openvpn on the prod frontend nodes - hosts: mbs_frontend - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - "{{ vars_path }}/{{ ansible_distribution }}.yml" - - roles: - - { role: openvpn/client, when: datacenter == 'iad2' } - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - name: Set up apache on the frontend MBS API app hosts: mbs_frontend:mbs_frontend_stg user: root diff --git a/playbooks/groups/mirrormanager.yml b/playbooks/groups/mirrormanager.yml index d3c0ecb9b7..676a52aa83 100644 --- a/playbooks/groups/mirrormanager.yml +++ b/playbooks/groups/mirrormanager.yml @@ -15,10 +15,10 @@ - rkhunter - nagios_client - hosts + - { role: openvpn/client, when: env != "staging" and inventory_hostname.startswith('mm-frontend') } - ipa/client - sudo - collectd/base - - { role: openvpn/client, when: env != "staging" and inventory_hostname.startswith('mm-frontend') } - { role: nfs/client, when: inventory_hostname.startswith('mm-backend01'), mnt_dir: '/srv/pub', nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' } pre_tasks: diff --git a/playbooks/groups/noc.yml b/playbooks/groups/noc.yml index 312270b83b..7049e9523d 100644 --- a/playbooks/groups/noc.yml +++ b/playbooks/groups/noc.yml @@ -19,11 +19,11 @@ - rkhunter - nagios_client - hosts + - { role: openvpn/client, when: env != "staging" } - ipa/client - collectd/base - { role: rsyncd, when: datacenter == 'iad2' } - sudo - - { role: openvpn/client, when: env != "staging" } - mod_wsgi - role: keytab/service owner_user: apache diff --git a/playbooks/groups/notifs-backend.yml b/playbooks/groups/notifs-backend.yml index 46d9891430..236184b57f 100644 --- a/playbooks/groups/notifs-backend.yml +++ b/playbooks/groups/notifs-backend.yml @@ -22,6 +22,10 @@ - base - rkhunter - hosts + # The proxies don't actually need to talk to these hosts so we won't bother + # putting them on the vpn. + #- { role: openvpn/client, + # when: env != "staging" } - ipa/client - nagios_client - collectd/base @@ -30,10 +34,6 @@ - { role: rabbit/user, username: "notifs-backend{{ env_suffix }}"} - sudo - # The proxies don't actually need to talk to these hosts so we won't bother - # putting them on the vpn. - #- { role: openvpn/client, - # when: env != "staging" } tasks: - import_tasks: "{{ tasks_path }}/motd.yml" diff --git a/playbooks/groups/notifs-web.yml b/playbooks/groups/notifs-web.yml index d3704eaf78..0846179d4e 100644 --- a/playbooks/groups/notifs-web.yml +++ b/playbooks/groups/notifs-web.yml @@ -20,6 +20,8 @@ - rkhunter - nagios_client - hosts + - { role: openvpn/client, + when: env != "staging" } - ipa/client - collectd/base - mod_wsgi @@ -29,8 +31,6 @@ username: "notifs-web{{ env_suffix }}"} - notifs/frontend - sudo - - { role: openvpn/client, - when: env != "staging" } pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" diff --git a/playbooks/groups/nuancier.yml b/playbooks/groups/nuancier.yml index 467cb1c243..42adcb854d 100644 --- a/playbooks/groups/nuancier.yml +++ b/playbooks/groups/nuancier.yml @@ -20,11 +20,11 @@ - rkhunter - nagios_client - hosts + - { role: openvpn/client, + when: env != "staging" } - ipa/client - collectd/base - sudo - - { role: openvpn/client, - when: env != "staging" } - mod_wsgi pre_tasks: diff --git a/playbooks/groups/oci-registry.yml b/playbooks/groups/oci-registry.yml index 1a4f4112eb..1d1b3f22ce 100644 --- a/playbooks/groups/oci-registry.yml +++ b/playbooks/groups/oci-registry.yml @@ -16,12 +16,12 @@ - rkhunter - nagios_client - hosts + - { role: openvpn/client, + when: env != "staging" } - ipa/client - collectd/base - rsyncd - sudo - - { role: openvpn/client, - when: env != "staging" } - role: nfs/client mnt_dir: '/srv/registry' nfs_src_dir: "oci_registry" diff --git a/playbooks/groups/odcs.yml b/playbooks/groups/odcs.yml index 5acfe54272..845d744ac4 100644 --- a/playbooks/groups/odcs.yml +++ b/playbooks/groups/odcs.yml @@ -18,6 +18,8 @@ - rkhunter - nagios_client - hosts + # openvpn on the prod frontend nodes + #- { role: openvpn/client, when: "'odcs_frontend' in group_names" } - ipa/client - rsyncd - sudo @@ -29,22 +31,6 @@ handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" -#- name: openvpn on the prod frontend nodes -# hosts: odcs_frontend -# user: root -# gather_facts: True -# -# vars_files: -# - /srv/web/infra/ansible/vars/global.yml -# - "/srv/private/ansible/vars.yml" -# - "{{ vars_path }}/{{ ansible_distribution }}.yml" -# -# roles: -# - openvpn/client -# -# handlers: -# - import_tasks: "{{ handlers_path }}/restart_services.yml" - - name: Set up odcs frontend service hosts: odcs_frontend:odcs_frontend_stg user: root diff --git a/playbooks/groups/os-cluster.yml b/playbooks/groups/os-cluster.yml index 12673e93fb..c38b2bfbe3 100644 --- a/playbooks/groups/os-cluster.yml +++ b/playbooks/groups/os-cluster.yml @@ -16,11 +16,11 @@ - rkhunter - nagios_client - hosts + - { role: openvpn/client, when: env != "staging" } - ipa/client - collectd/base - rsyncd - sudo - - { role: openvpn/client, when: env != "staging" } tasks: - name: put openshift repo on os- systems diff --git a/playbooks/groups/packages.yml b/playbooks/groups/packages.yml index a0d0124eb0..4d98ba2f58 100644 --- a/playbooks/groups/packages.yml +++ b/playbooks/groups/packages.yml @@ -23,12 +23,12 @@ - rkhunter - nagios_client - hosts + - { role: openvpn/client, + when: env != "staging" } - ipa/client - collectd/base - rsyncd - sudo - - { role: openvpn/client, - when: env != "staging" } - mod_wsgi tasks: diff --git a/playbooks/groups/pagure.yml b/playbooks/groups/pagure.yml index d74bc7cb50..632a7df1db 100644 --- a/playbooks/groups/pagure.yml +++ b/playbooks/groups/pagure.yml @@ -15,10 +15,10 @@ - rkhunter - nagios_client - hosts + - openvpn/client - ipa/client - sudo - collectd/base - - openvpn/client - postgresql_server pre_tasks: diff --git a/playbooks/groups/pdc.yml b/playbooks/groups/pdc.yml index 88b5f3b1a4..ed0d6e70e9 100644 --- a/playbooks/groups/pdc.yml +++ b/playbooks/groups/pdc.yml @@ -23,6 +23,8 @@ - collectd/base - hosts - ipa/client + - role: openvpn/client + when: env != "staging" and datacenter == 'iad2' - sudo tasks: @@ -40,8 +42,6 @@ - import_tasks: "{{ handlers_path }}/restart_services.yml" roles: - - role: openvpn/client - when: env != "staging" and datacenter == 'iad2' - mod_wsgi - role: fedmsg/base # Set up for fedora-messaging diff --git a/playbooks/groups/people.yml b/playbooks/groups/people.yml index 266b3bcbf0..8ab6039a47 100644 --- a/playbooks/groups/people.yml +++ b/playbooks/groups/people.yml @@ -59,13 +59,13 @@ roles: - base - collectd/base + - { role: openvpn/client, when: env != "staging" } - ipa/client - hosts - nagios_client - rkhunter - rsyncd - sudo - - { role: openvpn/client, when: env != "staging" } - cgit/base - cgit/clean_lock_cron - cgit/make_pkgs_list diff --git a/playbooks/groups/proxies.yml b/playbooks/groups/proxies.yml index d5fa18aa84..7325bcf4cc 100644 --- a/playbooks/groups/proxies.yml +++ b/playbooks/groups/proxies.yml @@ -18,6 +18,8 @@ roles: - base + - { role: openvpn/client, + when: env != "staging" } - ipa/client - rkhunter - nagios_client @@ -28,8 +30,6 @@ - rsyncd - { role: mirrormanager/mirrorlist_proxy, when: env == "staging" or "'mirrorlist_proxy' in group_names" } - - { role: openvpn/client, - when: env != "staging" } - apache tasks: diff --git a/playbooks/groups/resultsdb.yml b/playbooks/groups/resultsdb.yml index debc9cfc3e..43f2b5a99d 100644 --- a/playbooks/groups/resultsdb.yml +++ b/playbooks/groups/resultsdb.yml @@ -23,11 +23,11 @@ - { role: rkhunter, tags: ['rkhunter'] } - { role: nagios_client, tags: ['nagios_client'] } - { role: hosts, tags: ['hosts']} + - { role: openvpn/client, + when: deployment_type == "prod" } - ipa/client - { role: collectd/base, tags: ['collectd_base'] } - { role: sudo, tags: ['sudo'] } - - { role: openvpn/client, - when: deployment_type == "prod" } - apache - fedmsg/base - { role: dnf-automatic, tags: ['dnfautomatic'] } diff --git a/playbooks/groups/retrace.yml b/playbooks/groups/retrace.yml index 146470d16e..6e8a38a675 100644 --- a/playbooks/groups/retrace.yml +++ b/playbooks/groups/retrace.yml @@ -64,10 +64,10 @@ tasks: - import_role: name=base - import_role: name=hosts + - import_role: name=openvpn/client - import_role: name=ipa/client - import_role: name=rkhunter - import_role: name=nagios_client - - import_role: name=openvpn/client - import_role: name=sudo - import_tasks: "{{ tasks_path }}/motd.yml" diff --git a/playbooks/groups/smtp-mm.yml b/playbooks/groups/smtp-mm.yml index 013814695f..163787fc5a 100644 --- a/playbooks/groups/smtp-mm.yml +++ b/playbooks/groups/smtp-mm.yml @@ -17,11 +17,11 @@ - rkhunter - nagios_client - hosts + - { role: openvpn/client, + when: env != "staging" } - ipa/client - collectd/base - sudo - - { role: openvpn/client, - when: env != "staging" } pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" diff --git a/playbooks/groups/sundries.yml b/playbooks/groups/sundries.yml index 86794502e4..c3ec0ec642 100644 --- a/playbooks/groups/sundries.yml +++ b/playbooks/groups/sundries.yml @@ -20,6 +20,8 @@ - rkhunter - nagios_client - hosts + - { role: openvpn/client, + when: env != "staging" } - ipa/client - collectd/base - mod_wsgi @@ -35,8 +37,6 @@ - freemedia - sudo - pager_server - - { role: openvpn/client, - when: env != "staging" } - role: zanata when: master_sundries_node|bool - role: fedora-web/build diff --git a/playbooks/groups/torrent.yml b/playbooks/groups/torrent.yml index 284e629d95..a2c2ee412a 100644 --- a/playbooks/groups/torrent.yml +++ b/playbooks/groups/torrent.yml @@ -15,11 +15,11 @@ - hosts - rkhunter - nagios_client + - openvpn/client - ipa/client - collectd/base - rsyncd - sudo - - openvpn/client - torrent - apache diff --git a/playbooks/groups/unbound.yml b/playbooks/groups/unbound.yml index 327c97de49..8501ed7580 100644 --- a/playbooks/groups/unbound.yml +++ b/playbooks/groups/unbound.yml @@ -15,12 +15,12 @@ - rkhunter - nagios_client - hosts + - { role: openvpn/client, + when: env != "staging" } - ipa/client - collectd/base - unbound - sudo - - { role: openvpn/client, - when: env != "staging" } pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" diff --git a/playbooks/groups/value.yml b/playbooks/groups/value.yml index 91a8f9b6f5..163dc18cfe 100644 --- a/playbooks/groups/value.yml +++ b/playbooks/groups/value.yml @@ -15,6 +15,8 @@ - rkhunter - nagios_client - hosts + - { role: openvpn/client, + when: env != "staging" } - ipa/client - collectd/base - apache @@ -26,8 +28,6 @@ - supybot - sudo - rsyncd - - { role: openvpn/client, - when: env != "staging" } - role: collectd/fedmsg-service process: fedmsg-irc - mote diff --git a/playbooks/groups/virthost.yml b/playbooks/groups/virthost.yml index e13b64d96d..55954bb1c4 100644 --- a/playbooks/groups/virthost.yml +++ b/playbooks/groups/virthost.yml @@ -23,12 +23,12 @@ - rkhunter - nagios_client - hosts + - { role: openvpn/client, when: vpn|bool } - ipa/client - collectd/base - { role: iscsi_client, when: "inventory_hostname.startswith(('bvirthost', 'buildvmhost-0'))" } - { role: iscsi_client, when: "inventory_hostname.startswith(('bvmhost-x86-06', 'bvmhost-x86-07')) and datacenter == 'iad2'" } - sudo - - { role: openvpn/client, when: vpn|bool } - virthost - { role: clevis, when: datacenter == 'iad2'} - { role: serial-console, when: datacenter == 'iad2' and not inventory_hostname.startswith('buildvmhost-s390x') } diff --git a/playbooks/groups/vmhost_copr.yml b/playbooks/groups/vmhost_copr.yml index 29c9d08735..cc2e781c2b 100644 --- a/playbooks/groups/vmhost_copr.yml +++ b/playbooks/groups/vmhost_copr.yml @@ -24,11 +24,11 @@ - rkhunter - nagios_client - hosts + - { role: openvpn/client, when: vpn|bool } + - virthost - ipa/client - collectd/base - sudo - - { role: openvpn/client, when: vpn|bool } - - virthost tasks: - import_tasks: "{{ tasks_path }}/motd.yml" diff --git a/playbooks/groups/wiki.yml b/playbooks/groups/wiki.yml index 6da119b127..1723f1d765 100644 --- a/playbooks/groups/wiki.yml +++ b/playbooks/groups/wiki.yml @@ -23,6 +23,8 @@ - rkhunter - nagios_client - hosts + - { role: openvpn/client, + when: env != "staging" } - ipa/client - collectd/base - apache @@ -34,8 +36,6 @@ - { role: nfs/client, when: env != "staging", mnt_dir: '/mnt/web/attachments', nfs_src_dir: 'fedora_app/app/attachments' } - mediawiki - sudo - - { role: openvpn/client, - when: env != "staging" } tasks: - import_tasks: "{{ tasks_path }}/motd.yml"