ansiblelint fixes - fqcn[action-core] - shell to ansible.builtin.shell
Replaces references to shell: with ansible.builtin.shell Signed-off-by: Ryan Lerch <rlerch@redhat.com>
This commit is contained in:
parent
25391e95b7
commit
3c41882bb0
95 changed files with 179 additions and 179 deletions
|
|
@ -125,10 +125,10 @@
|
|||
service: name=memcached state=restarted
|
||||
|
||||
- name: restart nagios
|
||||
shell: nagios -v /etc/nagios/nagios.cfg && systemctl restart nagios
|
||||
ansible.builtin.shell: nagios -v /etc/nagios/nagios.cfg && systemctl restart nagios
|
||||
|
||||
- name: restart bridge
|
||||
shell: /usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge
|
||||
ansible.builtin.shell: /usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge
|
||||
|
||||
- name: reload libvirtd
|
||||
service: name=libvirtd state=reloaded
|
||||
|
|
|
|||
|
|
@ -10,12 +10,12 @@
|
|||
tasks:
|
||||
|
||||
- name: Create temp dir for collecting info
|
||||
shell: mktemp -d
|
||||
ansible.builtin.shell: mktemp -d
|
||||
register: temp_dir
|
||||
changed_when: false
|
||||
|
||||
- name: Get list of active loaded services with systemctl
|
||||
shell: '/bin/systemctl -t service --no-legend | egrep "loaded active" | tr -s " " | cut -d " " -f1'
|
||||
ansible.builtin.shell: '/bin/systemctl -t service --no-legend | egrep "loaded active" | tr -s " " | cut -d " " -f1'
|
||||
changed_when: false
|
||||
when: ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora'
|
||||
register: loaded_active_services_systemctl
|
||||
|
|
@ -24,7 +24,7 @@
|
|||
- services
|
||||
|
||||
- name: Get list of active loaded services with systemctl
|
||||
shell: '/bin/systemctl -t service --no-legend | egrep "loaded active" | tr -s " " | cut -d " " -f1'
|
||||
ansible.builtin.shell: '/bin/systemctl -t service --no-legend | egrep "loaded active" | tr -s " " | cut -d " " -f1'
|
||||
changed_when: false
|
||||
when: ansible_distribution_major_version|int > 6 and ansible_distribution == 'RedHat'
|
||||
register: loaded_active_services_systemctl
|
||||
|
|
@ -33,7 +33,7 @@
|
|||
- services
|
||||
|
||||
- name: Get list of inactive loaded services with systemctl
|
||||
shell: '/bin/systemctl -t service --no-legend | egrep -v "loaded active" | tr -s " " | cut -d " " -f1'
|
||||
ansible.builtin.shell: '/bin/systemctl -t service --no-legend | egrep -v "loaded active" | tr -s " " | cut -d " " -f1'
|
||||
changed_when: false
|
||||
when: ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora'
|
||||
register: loaded_inactive_services_systemctl
|
||||
|
|
@ -42,7 +42,7 @@
|
|||
- services
|
||||
|
||||
- name: Get list of inactive loaded services with systemctl
|
||||
shell: '/bin/systemctl -t service --no-legend | egrep -v "loaded active" | tr -s " " | cut -d " " -f1'
|
||||
ansible.builtin.shell: '/bin/systemctl -t service --no-legend | egrep -v "loaded active" | tr -s " " | cut -d " " -f1'
|
||||
changed_when: false
|
||||
when: ansible_distribution_major_version|int > 6 and ansible_distribution == 'RedHat'
|
||||
register: loaded_inactive_services_systemctl
|
||||
|
|
@ -52,7 +52,7 @@
|
|||
|
||||
|
||||
- name: Get list of enabled services with chkconfig at current runlevel
|
||||
shell: "chkconfig | grep \"`runlevel | cut -d ' ' -f 2`:on\" | awk '{print $1}'"
|
||||
ansible.builtin.shell: "chkconfig | grep \"`runlevel | cut -d ' ' -f 2`:on\" | awk '{print $1}'"
|
||||
changed_when: false
|
||||
when: ansible_distribution_major_version|int <= 6 and ansible_distribution == 'RedHat'
|
||||
register: enabled_services_chkconfig
|
||||
|
|
@ -61,7 +61,7 @@
|
|||
- services
|
||||
|
||||
- name: Get list of disabled services with chkconfig at current runlevel
|
||||
shell: "chkconfig | grep \"`runlevel | cut -d ' ' -f 2`:off\" | awk '{print $1}'"
|
||||
ansible.builtin.shell: "chkconfig | grep \"`runlevel | cut -d ' ' -f 2`:off\" | awk '{print $1}'"
|
||||
changed_when: false
|
||||
when: ansible_distribution_major_version|int <= 6 and ansible_distribution == 'RedHat'
|
||||
register: disabled_services_chkconfig
|
||||
|
|
@ -71,7 +71,7 @@
|
|||
|
||||
|
||||
- name: Output enabled service list chkconfig
|
||||
shell: echo {{enabled_services_chkconfig.stdout_lines}} >> {{temp_dir.stdout}}/eservices
|
||||
ansible.builtin.shell: echo {{enabled_services_chkconfig.stdout_lines}} >> {{temp_dir.stdout}}/eservices
|
||||
when: enabled_services_chkconfig is defined and enabled_services_chkconfig.rc == 0
|
||||
changed_when: false
|
||||
tags:
|
||||
|
|
@ -79,7 +79,7 @@
|
|||
- services
|
||||
|
||||
- name: Output disabled loaded service list chkconfig
|
||||
shell: echo {{disabled_services_chkconfig.stdout_lines}} >> {{temp_dir.stdout}}/dservices
|
||||
ansible.builtin.shell: echo {{disabled_services_chkconfig.stdout_lines}} >> {{temp_dir.stdout}}/dservices
|
||||
when: disabled_services_chkconfig is defined and disabled_services_chkconfig.rc == 0
|
||||
changed_when: false
|
||||
tags:
|
||||
|
|
@ -88,7 +88,7 @@
|
|||
|
||||
|
||||
- name: Output loaded active service list systemctl
|
||||
shell: echo {{loaded_active_services_systemctl.stdout_lines}} >> {{temp_dir.stdout}}/laservices
|
||||
ansible.builtin.shell: echo {{loaded_active_services_systemctl.stdout_lines}} >> {{temp_dir.stdout}}/laservices
|
||||
when: loaded_active_services_systemctl is defined and loaded_active_services_systemctl.rc == 0
|
||||
changed_when: false
|
||||
tags:
|
||||
|
|
@ -96,7 +96,7 @@
|
|||
- services
|
||||
|
||||
- name: Output loaded inactive service list systemctl
|
||||
shell: echo {{loaded_inactive_services_systemctl.stdout_lines}} >> {{temp_dir.stdout}}/liservices
|
||||
ansible.builtin.shell: echo {{loaded_inactive_services_systemctl.stdout_lines}} >> {{temp_dir.stdout}}/liservices
|
||||
when: loaded_inactive_services_systemctl is defined and loaded_inactive_services_systemctl.rc == 0
|
||||
changed_when: false
|
||||
tags:
|
||||
|
|
@ -114,14 +114,14 @@
|
|||
- updates
|
||||
|
||||
- name: Show pending updates
|
||||
shell: echo {{list_update.stdout_lines}} >> {{temp_dir.stdout}}/pending_updates
|
||||
ansible.builtin.shell: echo {{list_update.stdout_lines}} >> {{temp_dir.stdout}}/pending_updates
|
||||
changed_when: false
|
||||
tags:
|
||||
- check
|
||||
- updates
|
||||
|
||||
- name: Get processes that need restarting
|
||||
shell: needs-restarting
|
||||
ansible.builtin.shell: needs-restarting
|
||||
register: needs_restarting
|
||||
changed_when: false
|
||||
tags:
|
||||
|
|
@ -129,14 +129,14 @@
|
|||
- restart
|
||||
|
||||
- name: Show processes that need restarting
|
||||
shell: echo {{needs_restarting.stdout_lines}} >> {{temp_dir.stdout}}/needing_restart
|
||||
ansible.builtin.shell: echo {{needs_restarting.stdout_lines}} >> {{temp_dir.stdout}}/needing_restart
|
||||
changed_when: false
|
||||
tags:
|
||||
- check
|
||||
- restart
|
||||
|
||||
- name: Get locally changed files from the rpm package
|
||||
shell: rpm_tmp_var=`mktemp` && ! rpm -Va 2>/dev/null > $rpm_tmp_var && [[ -s $rpm_tmp_var ]] && echo $rpm_tmp_var warn=no
|
||||
ansible.builtin.shell: rpm_tmp_var=`mktemp` && ! rpm -Va 2>/dev/null > $rpm_tmp_var && [[ -s $rpm_tmp_var ]] && echo $rpm_tmp_var warn=no
|
||||
register: localchanges
|
||||
changed_when: false
|
||||
tags:
|
||||
|
|
@ -153,7 +153,7 @@
|
|||
- fileverify
|
||||
|
||||
- name: Show locally changed files (excluding config files)
|
||||
shell: echo {{rpm_va_nc.stdout_lines}} >> {{temp_dir.stdout}}/local_changed
|
||||
ansible.builtin.shell: echo {{rpm_va_nc.stdout_lines}} >> {{temp_dir.stdout}}/local_changed
|
||||
when: rpm_va_nc.stdout != ""
|
||||
changed_when: false
|
||||
tags:
|
||||
|
|
@ -170,7 +170,7 @@
|
|||
- fileverify
|
||||
|
||||
- name: 'Whitelist - Show locally changed files (config files)'
|
||||
shell: echo {{rpm_va_c.stdout_lines}} >> {{temp_dir.stdout}}/local_config_changed
|
||||
ansible.builtin.shell: echo {{rpm_va_c.stdout_lines}} >> {{temp_dir.stdout}}/local_config_changed
|
||||
changed_when: false
|
||||
when: rpm_va_c.stdout != ""
|
||||
tags:
|
||||
|
|
@ -178,7 +178,7 @@
|
|||
- fileverify
|
||||
|
||||
- name: Check if using iptables
|
||||
shell: /sbin/iptables -S
|
||||
ansible.builtin.shell: /sbin/iptables -S
|
||||
register: iptablesn
|
||||
changed_when: false
|
||||
tags:
|
||||
|
|
@ -186,21 +186,21 @@
|
|||
- iptables
|
||||
|
||||
- name: Show iptables rules
|
||||
shell: echo "{{iptablesn.stdout_lines}}" >> {{ temp_dir.stdout }}/iptables
|
||||
ansible.builtin.shell: echo "{{iptablesn.stdout_lines}}" >> {{ temp_dir.stdout }}/iptables
|
||||
changed_when: false
|
||||
tags:
|
||||
- check
|
||||
- iptables
|
||||
|
||||
- name: Show current SELinux status
|
||||
shell: echo "SELinux is {{ ansible_selinux.status }} for this System" >> {{temp_dir.stdout}}/selinux
|
||||
ansible.builtin.shell: echo "SELinux is {{ ansible_selinux.status }} for this System" >> {{temp_dir.stdout}}/selinux
|
||||
changed_when: false
|
||||
tags:
|
||||
- check
|
||||
- selinux
|
||||
|
||||
- name: Show Boot SELinux mode
|
||||
shell: echo "SELinux boots to {{ ansible_selinux.config_mode }} mode " >> {{temp_dir.stdout}}/selinux
|
||||
ansible.builtin.shell: echo "SELinux boots to {{ ansible_selinux.config_mode }} mode " >> {{temp_dir.stdout}}/selinux
|
||||
when: ansible_selinux.status != "disabled"
|
||||
changed_when: false
|
||||
tags:
|
||||
|
|
@ -208,7 +208,7 @@
|
|||
- selinux
|
||||
|
||||
- name: Show Current SELinux mode
|
||||
shell: echo "SELinux currently is in {{ ansible_selinux.mode }} mode" >> {{temp_dir.stdout}}/selinux
|
||||
ansible.builtin.shell: echo "SELinux currently is in {{ ansible_selinux.mode }} mode" >> {{temp_dir.stdout}}/selinux
|
||||
when: ansible_selinux.status != "disabled"
|
||||
changed_when: false
|
||||
tags:
|
||||
|
|
@ -216,7 +216,7 @@
|
|||
- selinux
|
||||
|
||||
- name: Match current SELinux status with boot status
|
||||
shell: echo "SElinux Current and Boot modes are in sync" >> {{temp_dir.stdout}}/selinux
|
||||
ansible.builtin.shell: echo "SElinux Current and Boot modes are in sync" >> {{temp_dir.stdout}}/selinux
|
||||
when: ansible_selinux.status != "disabled" and ansible_selinux.config_mode == ansible_selinux.mode
|
||||
changed_when: false
|
||||
tags:
|
||||
|
|
@ -225,7 +225,7 @@
|
|||
|
||||
|
||||
- name: MisMatch current SELinux status with boot status
|
||||
shell: echo "SElinux Current and Boot modes are NOT in sync" >> {{temp_dir.stdout}}/selinux
|
||||
ansible.builtin.shell: echo "SElinux Current and Boot modes are NOT in sync" >> {{temp_dir.stdout}}/selinux
|
||||
when: ansible_selinux.status != "disabled" and ansible_selinux.config_mode != ansible_selinux.mode
|
||||
changed_when: false
|
||||
tags:
|
||||
|
|
@ -239,12 +239,12 @@
|
|||
ignore_errors: true
|
||||
|
||||
- name: Get file list
|
||||
shell: ls -1 {{temp_dir.stdout}}/*
|
||||
ansible.builtin.shell: ls -1 {{temp_dir.stdout}}/*
|
||||
register: file_list
|
||||
changed_when: false
|
||||
|
||||
- name: Get timestamp
|
||||
shell: "date +%Y-%m-%d-%H-%M-%S"
|
||||
ansible.builtin.shell: "date +%Y-%m-%d-%H-%M-%S"
|
||||
register: timestamp
|
||||
changed_when: false
|
||||
|
||||
|
|
|
|||
|
|
@ -7,11 +7,11 @@
|
|||
|
||||
tasks:
|
||||
- name: Listing failed units
|
||||
shell: systemctl list-units --state failed --no-legend | awk '{ print $1 }'
|
||||
ansible.builtin.shell: systemctl list-units --state failed --no-legend | awk '{ print $1 }'
|
||||
register: listing_failed
|
||||
|
||||
- name: Check log with journalctl
|
||||
shell: journalctl -lru {{ item }} -n 50
|
||||
ansible.builtin.shell: journalctl -lru {{ item }} -n 50
|
||||
register: display_log
|
||||
with_items: "{{ listing_failed.stdout_lines[0:] }}"
|
||||
|
||||
|
|
|
|||
|
|
@ -60,7 +60,7 @@
|
|||
|
||||
tasks:
|
||||
- name: Combine IPA keytabs
|
||||
shell: printf "%b" "read_kt /etc/httpd/conf/ipa.keytab\nread_kt /etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab\nwrite_kt /etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab.combined" | ktutil
|
||||
ansible.builtin.shell: printf "%b" "read_kt /etc/httpd/conf/ipa.keytab\nread_kt /etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab\nwrite_kt /etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab.combined" | ktutil
|
||||
changed_when: false
|
||||
tags:
|
||||
- krb5
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@
|
|||
user:
|
||||
name: pagure
|
||||
uid: "{{ pagure_static_uid }}"
|
||||
shell: /sbin/nologin
|
||||
ansible.builtin.shell: /sbin/nologin
|
||||
comment: "Pagure User"
|
||||
when: env == "staging"
|
||||
## The above should be deleted when we rebuild pkgs02 in future.
|
||||
|
|
|
|||
|
|
@ -148,7 +148,7 @@
|
|||
# Do not count these as changed ever
|
||||
#
|
||||
- name: make sure docs are synced. This could take a very very very logtime to finish
|
||||
shell: /usr/local/bin/lock-wrapper docs-sync "/usr/local/bin/docs-rsync" >& /dev/null
|
||||
ansible.builtin.shell: /usr/local/bin/lock-wrapper docs-sync "/usr/local/bin/docs-rsync" >& /dev/null
|
||||
changed_when: false
|
||||
ignore_errors: true
|
||||
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@
|
|||
- import_tasks: "{{ tasks_path }}/motd.yml"
|
||||
|
||||
- name: check if ntpd port is already known by selinux
|
||||
shell: semanage port -l | grep ntp
|
||||
ansible.builtin.shell: semanage port -l | grep ntp
|
||||
register: ntp_selinux_port
|
||||
check_mode: no
|
||||
changed_when: false
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@
|
|||
- dhcp-server
|
||||
|
||||
- name: check if ntpd port is already known by selinux
|
||||
shell: semanage port -l | grep ntp
|
||||
ansible.builtin.shell: semanage port -l | grep ntp
|
||||
register: ntp_selinux_port
|
||||
check_mode: no
|
||||
changed_when: false
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@
|
|||
import_tasks: _generic_tasks.yml
|
||||
|
||||
- name: Check for copr-frontend update
|
||||
shell: dnf clean expire-cache ; dnf check-update copr-frontend
|
||||
ansible.builtin.shell: dnf clean expire-cache ; dnf check-update copr-frontend
|
||||
register: frontend_has_update
|
||||
changed_when: "frontend_has_update.rc != 0"
|
||||
failed_when: false
|
||||
|
|
@ -37,7 +37,7 @@
|
|||
- python3-copr-common
|
||||
|
||||
- name: Upgrade db to head, logs in /var/log/copr-frontend/migrations.log
|
||||
shell: alembic-3 upgrade head &> /var/log/copr-frontend/migrations.log
|
||||
ansible.builtin.shell: alembic-3 upgrade head &> /var/log/copr-frontend/migrations.log
|
||||
become: yes
|
||||
become_user: copr-fe
|
||||
args:
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@
|
|||
template: src=fas-readonly.sql dest=/var/lib/pgsql/fas-readonly.sql
|
||||
|
||||
- name: Change permissions for relevant tables in the fas db
|
||||
shell: psql -1 -v ON_ERROR_STOP=1 fas2 </var/lib/pgsql/fas-readonly.sql
|
||||
ansible.builtin.shell: psql -1 -v ON_ERROR_STOP=1 fas2 </var/lib/pgsql/fas-readonly.sql
|
||||
become: yes
|
||||
become_user: postgres
|
||||
become_method: su
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@
|
|||
template: src=rollback.sql dest=/var/lib/pgsql/rollback.sql
|
||||
|
||||
- name: Rollback permissions for relevant tables in the fas db
|
||||
shell: psql -1 -v ON_ERROR_STOP=1 fas2 </var/lib/pgsql/rollback.sql
|
||||
ansible.builtin.shell: psql -1 -v ON_ERROR_STOP=1 fas2 </var/lib/pgsql/rollback.sql
|
||||
become: yes
|
||||
become_user: postgres
|
||||
become_method: su
|
||||
|
|
|
|||
|
|
@ -41,7 +41,7 @@
|
|||
when: "sar_huge is not defined or not sar_huge"
|
||||
|
||||
# Huge SAR retrieval
|
||||
- shell: "ssh {{ inventory_hostname }} sudo -u {{ sar_script_user }} SAR_USERNAME={{ sar_fas_user }} SAR_EMAIL={{ sar_email }} {{ sar_script }} >{{ hostvars['localhost']['sar_tmp_dir'] }}/{{ sar_output_file }}"
|
||||
- ansible.builtin.shell: "ssh {{ inventory_hostname }} sudo -u {{ sar_script_user }} SAR_USERNAME={{ sar_fas_user }} SAR_EMAIL={{ sar_email }} {{ sar_script }} >{{ hostvars['localhost']['sar_tmp_dir'] }}/{{ sar_output_file }}"
|
||||
delegate_to: localhost
|
||||
when: "sar_huge is defined and sar_huge"
|
||||
|
||||
|
|
@ -57,7 +57,7 @@
|
|||
- name: "Create the archive"
|
||||
block:
|
||||
# Generate a private tarball of the files from each service.
|
||||
- shell: "umask 0077 && tar --transform \"s:^:{{ sar_fas_user }}_{{ sar_email }}/:\" -czf {{ sar_tmp_dir }}/{{ sar_fas_user }}_{{ sar_email }}.tar.gz *"
|
||||
- ansible.builtin.shell: "umask 0077 && tar --transform \"s:^:{{ sar_fas_user }}_{{ sar_email }}/:\" -czf {{ sar_tmp_dir }}/{{ sar_fas_user }}_{{ sar_email }}.tar.gz *"
|
||||
args:
|
||||
chdir: "{{ sar_tmp_dir }}"
|
||||
# Move the tarball into the desired pick up location.
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
# Get the correct pod
|
||||
---
|
||||
- name: Retrieve the id of the running container/pod
|
||||
shell: "oc get -n {{ item.value.openshift_namespace }} -o name -l app={{ item.value.openshift_pod }} pods | cut -f 2 -d '/'"
|
||||
ansible.builtin.shell: "oc get -n {{ item.value.openshift_namespace }} -o name -l app={{ item.value.openshift_pod }} pods | cut -f 2 -d '/'"
|
||||
register: pod_id
|
||||
# Run the SAR script
|
||||
- name: Run oc exec in container to extract the data
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@
|
|||
tasks:
|
||||
|
||||
- name: RPM_output
|
||||
shell: "/usr/bin/rpm -qa"
|
||||
ansible.builtin.shell: "/usr/bin/rpm -qa"
|
||||
register: rpm_output
|
||||
args:
|
||||
warn: false # set warn=false to prevent warning
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
|
||||
tasks:
|
||||
- name: Find the ID of the last yum transaction
|
||||
shell: yum history package {{ package }} | sed -n 3p | awk -F "|" '{ print $1 }' | tr -d ' '
|
||||
ansible.builtin.shell: yum history package {{ package }} | sed -n 3p | awk -F "|" '{ print $1 }' | tr -d ' '
|
||||
register: transaction_id
|
||||
|
||||
# If transaction_id.stderr == "", then that means that the $PACKAGE we're
|
||||
|
|
|
|||
|
|
@ -10,6 +10,6 @@
|
|||
ansible.builtin.command: ipa-backup
|
||||
|
||||
- name: Make the latest backup available under a fixed name
|
||||
shell:
|
||||
ansible.builtin.shell:
|
||||
cmd: ln -snf $(ls -1t ipa-full* | head -n 1) ipa-full-latest
|
||||
chdir: /var/lib/ipa/backup
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@
|
|||
|
||||
- name: Fix ownership of home directories in /home/fedora
|
||||
# assumes that directory name == user name
|
||||
shell:
|
||||
ansible.builtin.shell:
|
||||
chdir: /home/fedora
|
||||
cmd: /usr/local/sbin/fix-home-fedora-ownerships.sh
|
||||
register: chown_res
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
ansible.builtin.copy: src={{private}}/scripts/drivestatus.py dest=/root/drivestatus.py
|
||||
|
||||
- name: Run it for {{mgmt}}
|
||||
shell: python /root/drivestatus.py {{mgmt}}
|
||||
ansible.builtin.shell: python /root/drivestatus.py {{mgmt}}
|
||||
register: out
|
||||
|
||||
- name: Remove it
|
||||
|
|
|
|||
|
|
@ -41,7 +41,7 @@
|
|||
# TODO -- I'd also like to fail if there are no *.rpm files in there.
|
||||
|
||||
- name: Sign all the rpms with our gpg key
|
||||
shell: /bin/rpm --resign {{ rpmdir }}/*.rpm
|
||||
ansible.builtin.shell: /bin/rpm --resign {{ rpmdir }}/*.rpm
|
||||
|
||||
- name: Make a directory where we store the rpms afterwards
|
||||
ansible.builtin.file: path={{ rpmdir }}-old state=directory
|
||||
|
|
|
|||
|
|
@ -65,7 +65,7 @@
|
|||
- ansible.builtin.command: dropdb bodhi2
|
||||
- ansible.builtin.command: createdb -O bodhi2 bodhi2
|
||||
- name: Import the prod db.
|
||||
shell: cat /var/tmp/bodhi2.dump | psql bodhi2
|
||||
ansible.builtin.shell: cat /var/tmp/bodhi2.dump | psql bodhi2
|
||||
- ansible.builtin.file: path=/var/tmp/bodhi2.dump state=absent
|
||||
|
||||
- name: Bring staging services up (OpenShift web services)
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@
|
|||
|
||||
tasks:
|
||||
- name: Dumping the production db. This might take a minute. Go out to the lobby!
|
||||
shell: pg_dump -C {{ db }} |xz -c > /var/tmp/{{ db }}.dump.xz
|
||||
ansible.builtin.shell: pg_dump -C {{ db }} |xz -c > /var/tmp/{{ db }}.dump.xz
|
||||
|
||||
# Get the dump from `from` in the batcave
|
||||
- name: Export the dump from the dbhost in prod to batcave
|
||||
|
|
@ -89,7 +89,7 @@
|
|||
ansible.builtin.command: createdb {{ db }}
|
||||
|
||||
- name: Import the prod db. This will take quite a while. Go get a snack!
|
||||
shell: cat /var/tmp/{{ db }}.dump | psql {{ db }}
|
||||
ansible.builtin.shell: cat /var/tmp/{{ db }}.dump | psql {{ db }}
|
||||
|
||||
- name: Bring staging services up
|
||||
hosts: "{{ server or 'batcave01.iad2.fedoraproject.org' }}"
|
||||
|
|
|
|||
|
|
@ -73,7 +73,7 @@
|
|||
# buildroot_listing is excluded from the sync to save some time
|
||||
# TODO: install mbuffer on db-koji.stg
|
||||
- name: Import the prod db. This will take quite a while. Go get a snack!
|
||||
shell: >
|
||||
ansible.builtin.shell: >
|
||||
curl -s -S https://infrastructure.fedoraproject.org/infra/db-dumps/koji.dump.xz |
|
||||
mbuffer -q -s 8M -m 128M -l /tmp/mbuffer-curl-to-xz.log |
|
||||
xzcat |
|
||||
|
|
@ -82,9 +82,9 @@
|
|||
mbuffer -q -s 16M -m 512M -l /tmp/mbuffer-sed-to-psql.log |
|
||||
psql -v ON_ERROR_STOP=1
|
||||
- name: Repoint all the prod rpm entries at the secondary volume (and other stuff)
|
||||
shell: psql -1 -v ON_ERROR_STOP=1 koji </var/lib/pgsql/koji-reset-staging.sql
|
||||
ansible.builtin.shell: psql -1 -v ON_ERROR_STOP=1 koji </var/lib/pgsql/koji-reset-staging.sql
|
||||
- name: Vacuum database
|
||||
shell: psql -v ON_ERROR_STOP=1 koji <<<"VACUUM ANALYZE"
|
||||
ansible.builtin.shell: psql -v ON_ERROR_STOP=1 koji <<<"VACUUM ANALYZE"
|
||||
|
||||
- name: Bring staging services up
|
||||
hosts: koji_stg
|
||||
|
|
@ -147,7 +147,7 @@
|
|||
|
||||
tasks:
|
||||
- name: Remount koji nfs
|
||||
shell: umount /mnt/fedora_koji && mount /mnt/fedora_koji
|
||||
ansible.builtin.shell: umount /mnt/fedora_koji && mount /mnt/fedora_koji
|
||||
args:
|
||||
warn: false
|
||||
when: "'.s390.' not in inventory_hostname"
|
||||
|
|
|
|||
|
|
@ -21,16 +21,16 @@
|
|||
|
||||
tasks:
|
||||
- name: Delete all jobs
|
||||
shell: oc -n koschei delete job --all
|
||||
ansible.builtin.shell: oc -n koschei delete job --all
|
||||
|
||||
- name: Pause all deployments
|
||||
shell: oc -n koschei rollout pause deploy
|
||||
ansible.builtin.shell: oc -n koschei rollout pause deploy
|
||||
|
||||
- name: Delete all replica sets
|
||||
shell: oc -n koschei delete rs --all
|
||||
ansible.builtin.shell: oc -n koschei delete rs --all
|
||||
|
||||
- name: Delete all pods
|
||||
shell: oc -n koschei delete pod --all
|
||||
ansible.builtin.shell: oc -n koschei delete pod --all
|
||||
|
||||
- name: Drop koschei database
|
||||
postgresql_db: name=koschei state=absent
|
||||
|
|
@ -52,4 +52,4 @@
|
|||
job_command: "koschei-admin create-db && koschei-admin create-collection f41 --display-name 'Fedora Rawhide' --target f41 --bugzilla-product Fedora --bugzilla-version rawhide && koschei-admin create-group php"
|
||||
|
||||
- name: Resume all deployments
|
||||
shell: oc -n koschei rollout resume deploy
|
||||
ansible.builtin.shell: oc -n koschei rollout resume deploy
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@
|
|||
- name: Import the prod db. This will take quite a while. Go get a snack!
|
||||
ansible.builtin.command: psql -f /var/tmp/mailman.dump mailman
|
||||
# - name: Fix the database
|
||||
# shell: psql -f /var/lib/pgsql/mailman-reset-staging.sql mailman
|
||||
# ansible.builtin.shell: psql -f /var/lib/pgsql/mailman-reset-staging.sql mailman
|
||||
|
||||
# - template: src=templates/hyperkitty-reset-staging.sql dest=/var/lib/pgsql/hyperkitty-reset-staging.sql
|
||||
- ansible.builtin.copy:
|
||||
|
|
@ -62,7 +62,7 @@
|
|||
- name: Import the prod db. This will take quite a while. Go get a snack!
|
||||
ansible.builtin.command: psql -f /var/tmp/hyperkitty.dump hyperkitty
|
||||
# - name: Fix the database
|
||||
# shell: psql -f /var/lib/pgsql/hyperkitty-reset-staging.sql hyperkitty
|
||||
# ansible.builtin.shell: psql -f /var/lib/pgsql/hyperkitty-reset-staging.sql hyperkitty
|
||||
|
||||
# TODO: reindex emails (fulltext)? Not a full-reindex, it may take days.
|
||||
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@
|
|||
- include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README
|
||||
- include_vars: /srv/web/infra/ansible/vars/apps/bodhi.yml
|
||||
- name: Check for running composes
|
||||
shell: "curl https://bodhi{{env_suffix}}.fedoraproject.org/composes/"
|
||||
ansible.builtin.shell: "curl https://bodhi{{env_suffix}}.fedoraproject.org/composes/"
|
||||
register: composes
|
||||
|
||||
- name: Fail if we found that a compose was in progress
|
||||
|
|
|
|||
|
|
@ -71,7 +71,7 @@
|
|||
ansible.builtin.package: name=koji state=latest update_cache=yes
|
||||
when: db_upgrade_file is defined
|
||||
- name: Execute the db upgrade script
|
||||
shell: psql koji < {{db_upgrade_file}}
|
||||
ansible.builtin.shell: psql koji < {{db_upgrade_file}}
|
||||
become: true
|
||||
become_user: postgres
|
||||
when: db_upgrade_file is defined
|
||||
|
|
|
|||
|
|
@ -18,16 +18,16 @@
|
|||
|
||||
tasks:
|
||||
- name: Delete all jobs
|
||||
shell: oc -n koschei delete job --all
|
||||
ansible.builtin.shell: oc -n koschei delete job --all
|
||||
|
||||
- name: Pause all deployments
|
||||
shell: oc -n koschei rollout pause deploy
|
||||
ansible.builtin.shell: oc -n koschei rollout pause deploy
|
||||
|
||||
- name: Delete all replica sets
|
||||
shell: oc -n koschei delete rs --all
|
||||
ansible.builtin.shell: oc -n koschei delete rs --all
|
||||
|
||||
- name: Delete all pods
|
||||
shell: oc -n koschei delete pod --all
|
||||
ansible.builtin.shell: oc -n koschei delete pod --all
|
||||
|
||||
- name: Import upstream image into OpenShift
|
||||
include_role: name=openshift/import-image
|
||||
|
|
@ -52,4 +52,4 @@
|
|||
job_command: "koschei-admin psql <<<'VACUUM FULL ANALYZE'"
|
||||
|
||||
- name: Resume all deployments
|
||||
shell: oc -n koschei rollout resume deploy
|
||||
ansible.builtin.shell: oc -n koschei rollout resume deploy
|
||||
|
|
|
|||
|
|
@ -23,4 +23,4 @@
|
|||
import_image_imagestreamname: koschei
|
||||
|
||||
- name: Restart all deployments
|
||||
shell: oc -n koschei rollout restart deploy
|
||||
ansible.builtin.shell: oc -n koschei rollout restart deploy
|
||||
|
|
|
|||
|
|
@ -7,11 +7,11 @@
|
|||
|
||||
tasks:
|
||||
- name: Listing failed units
|
||||
shell: systemctl list-units --state failed --no-legend | awk '{ print $1 }'
|
||||
ansible.builtin.shell: systemctl list-units --state failed --no-legend | awk '{ print $1 }'
|
||||
register: listing_failed
|
||||
|
||||
- name: Check log with journalctl
|
||||
shell: journalctl -lru {{ item }} -n 50
|
||||
ansible.builtin.shell: journalctl -lru {{ item }} -n 50
|
||||
register: display_log
|
||||
with_items: "{{ listing_failed.stdout_lines[0:] }}"
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
- name: Add CentOS opsys releases
|
||||
loop: "{{ rs_internal_centos_vers }}"
|
||||
shell: >
|
||||
ansible.builtin.shell: >
|
||||
faf releaseadd -o centos --opsys-release {{ item }} -s ACTIVE
|
||||
become: yes
|
||||
become_user: faf
|
||||
|
|
@ -10,7 +10,7 @@
|
|||
|
||||
- name: Add Fedora opsys releases
|
||||
loop: "{{ rs_internal_fedora_vers }}"
|
||||
shell: >
|
||||
ansible.builtin.shell: >
|
||||
faf releaseadd -o fedora --opsys-release {{ item }} -s ACTIVE
|
||||
become: yes
|
||||
become_user: faf
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
- name: Add Fedora package repositories
|
||||
loop: "{{ faf_repos }}"
|
||||
shell: >
|
||||
ansible.builtin.shell: >
|
||||
faf repoadd --nogpgcheck "{{ item.name }}" dnf "{{ item.url | join('" "') }}"
|
||||
become: yes
|
||||
become_user: faf
|
||||
|
|
@ -18,7 +18,7 @@
|
|||
|
||||
- name: List repositories of EOL Fedora releases
|
||||
loop: "{{ rs_internal_fedora_vers_removed }}"
|
||||
shell: "faf repolist | grep fedora-{{ item }} || true"
|
||||
ansible.builtin.shell: "faf repolist | grep fedora-{{ item }} || true"
|
||||
become: yes
|
||||
become_user: faf
|
||||
register: eol_repolist
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
|
||||
- name: Check for count of faf tables
|
||||
shell: psql -c "SELECT COUNT(*) FROM pg_stat_user_tables"
|
||||
ansible.builtin.shell: psql -c "SELECT COUNT(*) FROM pg_stat_user_tables"
|
||||
register: count_tables
|
||||
changed_when: "( count_tables.stdout_lines[2]|int ) == 0"
|
||||
check_mode: no
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
# long running tasks - run them in background - we do not actually care about the results
|
||||
- name: Reposync for fedora
|
||||
shell: nohup retrace-server-reposync fedora {{ item[0] }} {{ item[1] }} </dev/null >$(mktemp /tmp/ansible.reposync_for_fedoraXXXXXX.log) &
|
||||
ansible.builtin.shell: nohup retrace-server-reposync fedora {{ item[0] }} {{ item[1] }} </dev/null >$(mktemp /tmp/ansible.reposync_for_fedoraXXXXXX.log) &
|
||||
loop: "{{ rs_internal_fedora_vers | product(rs_internal_arch_list) | list }}"
|
||||
become: yes
|
||||
become_user: retrace
|
||||
|
|
@ -10,7 +10,7 @@
|
|||
when: env != 'staging'
|
||||
|
||||
- name: Reposync for centos
|
||||
shell: nohup retrace-server-reposync centos {{ item }} x86_64 </dev/null >$(mktemp /tmp/ansible.reposync_for_centosXXXXXX.log) &
|
||||
ansible.builtin.shell: nohup retrace-server-reposync centos {{ item }} x86_64 </dev/null >$(mktemp /tmp/ansible.reposync_for_centosXXXXXX.log) &
|
||||
loop: "{{ rs_internal_centos_vers }}"
|
||||
become: yes
|
||||
become_user: retrace
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
|
||||
- block:
|
||||
- name: Get last subuid entry
|
||||
shell: |
|
||||
ansible.builtin.shell: |
|
||||
set -o pipefail
|
||||
sort -nrt: -k2 /etc/subuid | awk -F: 'NR == 1 { print $2 }'
|
||||
changed_when: false
|
||||
|
|
@ -41,7 +41,7 @@
|
|||
|
||||
- block:
|
||||
- name: Get last subgid entry
|
||||
shell: |
|
||||
ansible.builtin.shell: |
|
||||
set -o pipefail
|
||||
cut -d ':' -f2 /etc/subgid | sort | tail -1
|
||||
changed_when: false
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
- name: Rebuild apps-fp-o html
|
||||
shell: /usr/bin/apps-fp-o-yaml2html.py > /srv/web/apps-fp-o/apps-yaml.html
|
||||
ansible.builtin.shell: /usr/bin/apps-fp-o-yaml2html.py > /srv/web/apps-fp-o/apps-yaml.html
|
||||
|
||||
- name: Rebuild apps-fp-o json
|
||||
shell: /usr/bin/apps-fp-o-yaml2json.py > /srv/web/apps-fp-o/js/data.js
|
||||
ansible.builtin.shell: /usr/bin/apps-fp-o-yaml2json.py > /srv/web/apps-fp-o/js/data.js
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
- name: Create the awx user
|
||||
user:
|
||||
name: awx
|
||||
shell: /bin/bash
|
||||
ansible.builtin.shell: /bin/bash
|
||||
|
||||
- name: Enable Copr repo for Ansible Receptor (Fedora)
|
||||
community.general.copr:
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@
|
|||
|
||||
- name: Get admin keytab
|
||||
delegate_to: "{{ ipa_server }}"
|
||||
shell: echo "{{ipa_admin_password}}" | kinit admin
|
||||
ansible.builtin.shell: echo "{{ipa_admin_password}}" | kinit admin
|
||||
tags:
|
||||
- base
|
||||
- config
|
||||
|
|
@ -106,7 +106,7 @@
|
|||
when: not host_keytab_status.stat.exists
|
||||
|
||||
- name: Base64-decode keytab
|
||||
shell: "umask 077; base64 -d /etc/krb5.keytab.b64 >/etc/krb5.keytab"
|
||||
ansible.builtin.shell: "umask 077; base64 -d /etc/krb5.keytab.b64 >/etc/krb5.keytab"
|
||||
tags:
|
||||
- base
|
||||
- config
|
||||
|
|
|
|||
|
|
@ -149,7 +149,7 @@
|
|||
- base
|
||||
|
||||
- name: Setup builder ipset if this is a new install
|
||||
shell: "/usr/sbin/ipset create osbuildapi hash:ip; touch /etc/sysconfig/ipset-osbuildapi"
|
||||
ansible.builtin.shell: "/usr/sbin/ipset create osbuildapi hash:ip; touch /etc/sysconfig/ipset-osbuildapi"
|
||||
args:
|
||||
creates: /etc/sysconfig/ipset-osbuildapi
|
||||
when: "'osbuild' in group_names"
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@
|
|||
when: ( ansible_distribution == 'Fedora' and ansible_distribution_major_version|int >= 30 ) or ( ansible_distribution == 'RedHat' and ansible_distribution_major_version|int >= 8 )
|
||||
|
||||
- name: Check if sshd port is already known by selinux
|
||||
shell: semanage port -l | grep ssh
|
||||
ansible.builtin.shell: semanage port -l | grep ssh
|
||||
register: sshd_selinux_port
|
||||
check_mode: no
|
||||
changed_when: false
|
||||
|
|
@ -199,7 +199,7 @@
|
|||
|
||||
# Currently, we use the epoch as serial. That's unique enough for now
|
||||
- name: Sign the certificates
|
||||
shell: "ssh-keygen -s {{private}}/files/ssh/{{env}}_ca_host_key -t rsa-sha2-256 -I {{inventory_hostname}} -h -n {{ sign_hostnames|join(',') }} -V {{sign_validity}} -z `date +%s` {{pubkeydir}}/{{inventory_hostname}}{{item}}.pub"
|
||||
ansible.builtin.shell: "ssh-keygen -s {{private}}/files/ssh/{{env}}_ca_host_key -t rsa-sha2-256 -I {{inventory_hostname}} -h -n {{ sign_hostnames|join(',') }} -V {{sign_validity}} -z `date +%s` {{pubkeydir}}/{{inventory_hostname}}{{item}}.pub"
|
||||
delegate_to: localhost
|
||||
with_items: "{{certs_to_sign}}"
|
||||
check_mode: no
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@
|
|||
- bkernel
|
||||
|
||||
- name: Setup opensc in pcscd
|
||||
shell: modutil -dbdir /etc/pki/pesign -list | grep -q OpenSC || modutil -force -dbdir /etc/pki/pesign -add opensc -libfile /usr/lib64/pkcs11/opensc-pkcs11.so
|
||||
ansible.builtin.shell: modutil -dbdir /etc/pki/pesign -list | grep -q OpenSC || modutil -force -dbdir /etc/pki/pesign -add opensc -libfile /usr/lib64/pkcs11/opensc-pkcs11.so
|
||||
check_mode: no
|
||||
changed_when: "1 != 1"
|
||||
tags:
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@
|
|||
user:
|
||||
name: blockerbugs
|
||||
group: blockerbugs
|
||||
shell: /bin/nologin
|
||||
ansible.builtin.shell: /bin/nologin
|
||||
home: /usr/share/blockerbugs
|
||||
tags:
|
||||
- blockerbugs
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@
|
|||
name: bodhi
|
||||
group: bodhi
|
||||
comment: Bodhi Server
|
||||
shell: /sbin/nologin
|
||||
ansible.builtin.shell: /sbin/nologin
|
||||
home: /usr/share/bodhi
|
||||
system: yes
|
||||
state: present
|
||||
|
|
|
|||
|
|
@ -133,7 +133,7 @@
|
|||
|
||||
# TODO: consider using selinux_modules from https://galaxy.ansible.com/linux-system-roles/selinux instead
|
||||
- name: Check to see what version is installed (if any)
|
||||
shell: "semodule -l -m | grep fi-collectd | cut -d: -f2"
|
||||
ansible.builtin.shell: "semodule -l -m | grep fi-collectd | cut -d: -f2"
|
||||
register: ficgeneral_installed_version
|
||||
check_mode: no
|
||||
changed_when: false
|
||||
|
|
@ -143,7 +143,7 @@
|
|||
|
||||
# This cmd comes from the last example of the semodule man page
|
||||
- name: Check to see what version we have
|
||||
shell: /usr/libexec/selinux/hll/pp /usr/share/collectd/fi-collectd.pp | sha256sum | cut -d ' ' -f1
|
||||
ansible.builtin.shell: /usr/libexec/selinux/hll/pp /usr/share/collectd/fi-collectd.pp | sha256sum | cut -d ' ' -f1
|
||||
register: ficgeneral_local_version
|
||||
check_mode: no
|
||||
changed_when: false
|
||||
|
|
@ -166,7 +166,7 @@
|
|||
- selinux
|
||||
|
||||
- name: Check to see if its even installed yet
|
||||
shell: semodule -l | grep fi-pstorefs | wc -l
|
||||
ansible.builtin.shell: semodule -l | grep fi-pstorefs | wc -l
|
||||
register: ficpstorefs_grep
|
||||
check_mode: no
|
||||
changed_when: "'0' in ficpstorefs_grep.stdout"
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@
|
|||
- selinux
|
||||
|
||||
- name: Check to see if its even installed yet
|
||||
shell: semodule -l | grep fi-collectd-fcomm | wc -l
|
||||
ansible.builtin.shell: semodule -l | grep fi-collectd-fcomm | wc -l
|
||||
register: ficfcomm_grep
|
||||
check_mode: no
|
||||
changed_when: "'0' in ficfcomm_grep.stdout"
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
# tasks file for CommunishiftAuthorization
|
||||
- name: Authorize with kinit
|
||||
shell: kinit -k -t "{{ communishift_keytab_path }}" -l 3600 "{{ communishift_keytab_principal }}"
|
||||
ansible.builtin.shell: kinit -k -t "{{ communishift_keytab_path }}" -l 3600 "{{ communishift_keytab_principal }}"
|
||||
run_once: true
|
||||
|
||||
- name: Retrieve fasjson group/user data based on pattern supplied
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
- name: "call dnf on {{ path }}"
|
||||
shell: "df '{{ path }}' --output=avail | tail -1"
|
||||
ansible.builtin.shell: "df '{{ path }}' --output=avail | tail -1"
|
||||
register: df
|
||||
changed_when: false
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
- name: "Work-around for https://github.com/ansible/ansible/issues/84206 #1 (install python3 libdnf5)"
|
||||
shell: dnf -y install python3-libdnf5
|
||||
ansible.builtin.shell: dnf -y install python3-libdnf5
|
||||
|
||||
- name: "Work-around for https://github.com/ansible/ansible/issues/84206 #2 (reload remote python modules)"
|
||||
meta: reset_connection
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@
|
|||
register: helpers_installed
|
||||
|
||||
- name: remount with larger TMP
|
||||
shell: mount -o remount,size=20G /tmp
|
||||
ansible.builtin.shell: mount -o remount,size=20G /tmp
|
||||
when: helpers_installed.changed
|
||||
|
||||
- name: set direct backend for guestfish
|
||||
|
|
@ -102,7 +102,7 @@
|
|||
register: key_stat
|
||||
|
||||
- name: create ssh keypair for password-less connection to nested-VMs
|
||||
shell: 'ssh-keygen -b 4096 -t rsa -q -N "" -f {{ private_key_file }}'
|
||||
ansible.builtin.shell: 'ssh-keygen -b 4096 -t rsa -q -N "" -f {{ private_key_file }}'
|
||||
when: not key_stat.stat.exists
|
||||
|
||||
# - name: install composer packages
|
||||
|
|
|
|||
|
|
@ -72,7 +72,7 @@
|
|||
# - starting_builder
|
||||
|
||||
- name: clean dnf cache before checking for updated packages
|
||||
shell: dnf clean all
|
||||
ansible.builtin.shell: dnf clean all
|
||||
when:
|
||||
- preparing_image
|
||||
|
||||
|
|
@ -124,7 +124,7 @@
|
|||
- pyp2spec
|
||||
|
||||
- name: Activate Red Hat Subscription
|
||||
shell:
|
||||
ansible.builtin.shell:
|
||||
cmd: >
|
||||
echo "{{ copr_rhsm_activation_key }}"
|
||||
| /usr/bin/copr-builder-rhsm-subscribe-daemon
|
||||
|
|
@ -137,7 +137,7 @@
|
|||
when: starting_builder
|
||||
|
||||
- name: make sure the enable-swap service has already finished
|
||||
shell: "systemctl is-active enable-swap || :"
|
||||
ansible.builtin.shell: "systemctl is-active enable-swap || :"
|
||||
register: enable_swap_active
|
||||
until: "'inactive' in enable_swap_active.stdout or 'failed' in enable_swap_active.stdout"
|
||||
retries: 20
|
||||
|
|
@ -145,7 +145,7 @@
|
|||
when: starting_builder
|
||||
|
||||
- name: debug the swap failure
|
||||
shell: journalctl -u enable-swap
|
||||
ansible.builtin.shell: journalctl -u enable-swap
|
||||
register: journalctl_output
|
||||
when:
|
||||
- starting_builder
|
||||
|
|
@ -207,7 +207,7 @@
|
|||
- starting_builder
|
||||
|
||||
- name: run /bin/copr-update-builder from copr-builder package
|
||||
shell: /usr/bin/copr-update-builder
|
||||
ansible.builtin.shell: /usr/bin/copr-update-builder
|
||||
|
||||
# - name: install the latest mock and mock-core-configs from updates-testing
|
||||
# ansible.builtin.package: state=latest name={{ packages }}
|
||||
|
|
@ -218,7 +218,7 @@
|
|||
# - https://kojipkgs.fedoraproject.org/packages/mock-core-configs/32.6/1.fc31/noarch/mock-core-configs-32.6-1.fc31.noarch.rpm
|
||||
#
|
||||
# - name: re-run copr-update builder when mock/mock-core-configs are updated
|
||||
# shell: /usr/bin/copr-update-builder
|
||||
# ansible.builtin.shell: /usr/bin/copr-update-builder
|
||||
# when: mock_updated.changed
|
||||
|
||||
- name: patch from https://github.com/rpm-software-management/mock/pull/1341
|
||||
|
|
@ -327,4 +327,4 @@
|
|||
- copr-rpmbuild.yml
|
||||
|
||||
- name: Set up motd for builder
|
||||
shell: "copr-builder help > /etc/motd || :"
|
||||
ansible.builtin.shell: "copr-builder help > /etc/motd || :"
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@
|
|||
tags: copr_ping
|
||||
|
||||
- name: Restorecon ping_log
|
||||
shell: restorecon -irv "{{ ping_log }}"
|
||||
ansible.builtin.shell: restorecon -irv "{{ ping_log }}"
|
||||
when: semanage_run.changed or ping_log_created.changed
|
||||
tags: copr_ping
|
||||
|
||||
|
|
|
|||
|
|
@ -274,7 +274,7 @@
|
|||
register: copr_results_dir_st
|
||||
|
||||
- name: Change owner for results dir if it isn't copr
|
||||
shell: "chown -R copr:copr /var/lib/copr/public_html"
|
||||
ansible.builtin.shell: "chown -R copr:copr /var/lib/copr/public_html"
|
||||
when: '"copr" not in copr_results_dir_st.stat.pw_name'
|
||||
|
||||
- ansible.builtin.command: "ls -dZ /var/lib/copr/public_html/"
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@
|
|||
|
||||
- name: Scan and assemble raid volumes and activate volume groups
|
||||
when: not stat_repo_fs.stat.exists
|
||||
shell: mdadm --assemble --scan && sleep 10 && vgchange -a y && sleep 5 && vgchange copr-backend-data --setautoactivation y && sleep 5
|
||||
ansible.builtin.shell: mdadm --assemble --scan && sleep 10 && vgchange -a y && sleep 5 && vgchange copr-backend-data --setautoactivation y && sleep 5
|
||||
|
||||
- name: Stat the ext4 filesystem
|
||||
stat: path=/dev/disk/by-label/copr-repo
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@
|
|||
register: postgres_initialized
|
||||
|
||||
- name: Init postgresql
|
||||
shell: "postgresql-setup initdb"
|
||||
ansible.builtin.shell: "postgresql-setup initdb"
|
||||
when: not postgres_initialized.stat.exists
|
||||
|
||||
- name: Enable PostgreSQL service
|
||||
|
|
|
|||
|
|
@ -87,7 +87,7 @@
|
|||
- "'pulp' not in inventory_hostname"
|
||||
|
||||
# - name: Check offloading
|
||||
# shell: "ethtool -k ens5 | egrep -q 'tcp-segmentation-offload: on|generic-receive-offload: on|generic-segmentation-offload: on'"
|
||||
# ansible.builtin.shell: "ethtool -k ens5 | egrep -q 'tcp-segmentation-offload: on|generic-receive-offload: on|generic-segmentation-offload: on'"
|
||||
# register: offloading
|
||||
# failed_when: offloading.rc == 2
|
||||
# changed_when: "1 != 1"
|
||||
|
|
@ -100,7 +100,7 @@
|
|||
# - ansible_distribution == 'Fedora'
|
||||
#
|
||||
# - name: Disable offloading (persitently)
|
||||
# shell: "nmcli con modify '{{ aws_ipv6_con }}' ethtool.feature-tso off ethtool.feature-gro off ethtool.feature-gso off"
|
||||
# ansible.builtin.shell: "nmcli con modify '{{ aws_ipv6_con }}' ethtool.feature-tso off ethtool.feature-gro off ethtool.feature-gso off"
|
||||
# when:
|
||||
# - offloading.rc == 0
|
||||
# - ansible_distribution == 'Fedora'
|
||||
|
|
@ -108,7 +108,7 @@
|
|||
# - config
|
||||
#
|
||||
# - name: Check we have the needed ipv6
|
||||
# shell: "nmcli con show '{{ aws_ipv6_con }}' | grep ipv6.addresses | grep {{ aws_ipv6_addr }}"
|
||||
# ansible.builtin.shell: "nmcli con show '{{ aws_ipv6_con }}' | grep ipv6.addresses | grep {{ aws_ipv6_addr }}"
|
||||
# register: ipv6_config_check
|
||||
# failed_when: false
|
||||
# changed_when: ipv6_config_check.rc == 1
|
||||
|
|
@ -117,7 +117,7 @@
|
|||
# tags: ipv6_config
|
||||
#
|
||||
# - name: Setup ipv6 networking
|
||||
# shell: |
|
||||
# ansible.builtin.shell: |
|
||||
# nmcli con modify '{{ aws_ipv6_con }}' ipv6.method auto ipv6.may-fail yes ipv6.never-default no ipv6.addresses '{{ aws_ipv6_addr }}'
|
||||
# nmcli con up '{{ aws_ipv6_con }}'
|
||||
# when:
|
||||
|
|
|
|||
|
|
@ -53,7 +53,7 @@
|
|||
register: some_cert_restored
|
||||
|
||||
- name: Initialize certbot configuration
|
||||
shell: |
|
||||
ansible.builtin.shell: |
|
||||
certbot certonly --standalone \
|
||||
-w {{ item.item.value.challenge_dir }} \
|
||||
-d {{ item.item.value.domains | join(' -d ') }} \
|
||||
|
|
@ -87,7 +87,7 @@
|
|||
- certbot
|
||||
|
||||
- name: Post init script
|
||||
shell: |
|
||||
ansible.builtin.shell: |
|
||||
/usr/libexec/auto-certbot-deploy \
|
||||
--init {{ item.item.key }}
|
||||
when:
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@
|
|||
register: postgres_initialized
|
||||
|
||||
- name: Init postgresql
|
||||
shell: "postgresql-setup initdb"
|
||||
ansible.builtin.shell: "postgresql-setup initdb"
|
||||
when: not postgres_initialized.stat.exists
|
||||
|
||||
- name: Copy pg_hba.conf
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@
|
|||
# tags: swap
|
||||
|
||||
# - name: Mount the swap
|
||||
# shell: swapon -a
|
||||
# ansible.builtin.shell: swapon -a
|
||||
# when: fstab_swap_entry.changed
|
||||
# tags: swap
|
||||
|
||||
|
|
@ -76,12 +76,12 @@
|
|||
tags: libvirtd
|
||||
|
||||
- name: Restorecon
|
||||
shell: restorecon -irv "{{ image_pool_dir }}"
|
||||
ansible.builtin.shell: restorecon -irv "{{ image_pool_dir }}"
|
||||
when: semanage_run.changed
|
||||
tags: libvirtd
|
||||
|
||||
- name: Check host-bridge in libvirt
|
||||
shell: virsh net-info host-bridge
|
||||
ansible.builtin.shell: virsh net-info host-bridge
|
||||
register: libvirt_bridge_exists
|
||||
failed_when: false
|
||||
changed_when: libvirt_bridge_exists.rc != 0
|
||||
|
|
@ -94,7 +94,7 @@
|
|||
tags: libvirtd
|
||||
|
||||
- name: Define host-bridge in libvirt
|
||||
shell: |
|
||||
ansible.builtin.shell: |
|
||||
virsh net-define /root/.tmp-ansible-file.xml
|
||||
virsh net-start host-bridge
|
||||
virsh net-autostart host-bridge
|
||||
|
|
@ -103,7 +103,7 @@
|
|||
tags: libvirtd
|
||||
|
||||
- name: Check if image pool exists
|
||||
shell: virsh pool-info "{{ image_pool_name }}"
|
||||
ansible.builtin.shell: virsh pool-info "{{ image_pool_name }}"
|
||||
register: libvirt_pool_exists
|
||||
failed_when: false
|
||||
changed_when: libvirt_pool_exists.rc != 0
|
||||
|
|
@ -116,7 +116,7 @@
|
|||
tags: libvirtd
|
||||
|
||||
- name: Define image pool in libvirt
|
||||
shell: |
|
||||
ansible.builtin.shell: |
|
||||
virsh pool-define /root/.tmp-ansible-file.xml
|
||||
virsh pool-start "{{ image_pool_name }}"
|
||||
virsh pool-autostart "{{ image_pool_name }}"
|
||||
|
|
|
|||
|
|
@ -61,4 +61,4 @@
|
|||
# Sorry for writting this as `shell`. We will drop this task once it
|
||||
# is in stable repos.
|
||||
- name: Install gnupg2 with required bugfixes
|
||||
shell: "dnf -y upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-45c44b31a2"
|
||||
ansible.builtin.shell: "dnf -y upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-45c44b31a2"
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@
|
|||
register: pub_key_installed
|
||||
|
||||
- name: Import pubkey for backup encryption
|
||||
shell: gpg2 --import /root/backup_key.asc creates=/root/backupkeyimported
|
||||
ansible.builtin.shell: gpg2 --import /root/backup_key.asc creates=/root/backupkeyimported
|
||||
when: pub_key_installed.changed
|
||||
|
||||
- name: Copy backup script
|
||||
|
|
|
|||
|
|
@ -287,7 +287,7 @@
|
|||
- fedmsg/base
|
||||
|
||||
- name: Check if the nrpe user exists
|
||||
shell: /usr/bin/getent passwd nrpe | /usr/bin/wc -l | tr -d ' '
|
||||
ansible.builtin.shell: /usr/bin/getent passwd nrpe | /usr/bin/wc -l | tr -d ' '
|
||||
register: nrpe_exists
|
||||
check_mode: no
|
||||
changed_when: "1 != 1"
|
||||
|
|
|
|||
|
|
@ -92,7 +92,7 @@
|
|||
- selinux
|
||||
|
||||
- name: Check to see if its even installed yet
|
||||
shell: semodule -l | grep fi-haproxy | wc -l
|
||||
ansible.builtin.shell: semodule -l | grep fi-haproxy | wc -l
|
||||
register: fi_haproxy_grep
|
||||
check_mode: no
|
||||
changed_when: "'0' in fi_haproxy_grep.stdout"
|
||||
|
|
|
|||
|
|
@ -3,4 +3,4 @@
|
|||
ansible.builtin.command: sss_cache -E
|
||||
|
||||
- name: Restart sssd
|
||||
shell: systemctl restart sssd
|
||||
ansible.builtin.shell: systemctl restart sssd
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
- name: Get admin ticket
|
||||
delegate_to: "{{ ipa_server }}"
|
||||
shell: echo "{{ipa_admin_password}}" | kinit admin
|
||||
ansible.builtin.shell: echo "{{ipa_admin_password}}" | kinit admin
|
||||
check_mode: no
|
||||
changed_when: "1 != 1"
|
||||
tags:
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
- name: Get admin ticket
|
||||
delegate_to: "{{ ipa_server }}"
|
||||
shell: echo "{{ipa_admin_password}}" | kinit admin
|
||||
ansible.builtin.shell: echo "{{ipa_admin_password}}" | kinit admin
|
||||
check_mode: no
|
||||
changed_when: "1 != 1"
|
||||
tags:
|
||||
|
|
|
|||
|
|
@ -64,7 +64,7 @@
|
|||
name: ipa/client
|
||||
|
||||
- name: Get admin ticket
|
||||
shell: echo "{{ipa_admin_password}}" | kinit admin
|
||||
ansible.builtin.shell: echo "{{ipa_admin_password}}" | kinit admin
|
||||
check_mode: no
|
||||
tags:
|
||||
- ipsilon
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@
|
|||
|
||||
- name: Get admin ticket
|
||||
delegate_to: "{{ ipa_server }}"
|
||||
shell: echo "{{ipa_admin_password}}" | kinit admin
|
||||
ansible.builtin.shell: echo "{{ipa_admin_password}}" | kinit admin
|
||||
check_mode: no
|
||||
changed_when: "1 != 1"
|
||||
tags:
|
||||
|
|
@ -126,7 +126,7 @@
|
|||
when: not keytab_status.stat.exists
|
||||
|
||||
- name: Base64-decode keytab
|
||||
shell: "umask 077 && base64 -d {{kt_location}}.b64 >{{kt_location}}"
|
||||
ansible.builtin.shell: "umask 077 && base64 -d {{kt_location}}.b64 >{{kt_location}}"
|
||||
tags:
|
||||
- keytab
|
||||
- config
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@
|
|||
# Load the initial schema and create a file to note that it's loaded now.
|
||||
#
|
||||
- name: Load initial schema
|
||||
shell: creates=/var/lib/pgql/koji-schema psql koji koji < /usr/share/doc/koji*/docs/schema.sql
|
||||
ansible.builtin.shell: creates=/var/lib/pgql/koji-schema psql koji koji < /usr/share/doc/koji*/docs/schema.sql
|
||||
tags:
|
||||
- db
|
||||
when: is_kojidb == "True"
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@
|
|||
- name: Get the directory to use
|
||||
delegate_to: "certgetter01.iad2.fedoraproject.org"
|
||||
# Sometimes we get directories like site-0001, site-0002, etc. We want the latest
|
||||
shell: "file /etc/letsencrypt/live/{{site_name}}* | tail -1 | sed -e 's/: directory//' | tr -d '\n'"
|
||||
ansible.builtin.shell: "file /etc/letsencrypt/live/{{site_name}}* | tail -1 | sed -e 's/: directory//' | tr -d '\n'"
|
||||
register: certbot_dir
|
||||
changed_when: 'false'
|
||||
check_mode: no
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@
|
|||
- name: Setup pagure user
|
||||
user:
|
||||
name: mirror_pagure_ansible
|
||||
shell: /sbin/nologin
|
||||
ansible.builtin.shell: /sbin/nologin
|
||||
comment: "mirror_pagure_ansible User"
|
||||
tags:
|
||||
- mirror_pagure_ansible
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@
|
|||
uid: "{{nrpe_client_uid|default(omit)}}"
|
||||
comment: NRPE user for the NRPE service
|
||||
home: /var/run/nrpe
|
||||
shell: /sbin/nologin
|
||||
ansible.builtin.shell: /sbin/nologin
|
||||
system: true
|
||||
tags:
|
||||
- nagios_client
|
||||
|
|
@ -323,7 +323,7 @@
|
|||
- pagure
|
||||
|
||||
- name: Check if the fedmsg group exists
|
||||
shell: /usr/bin/getent group fedmsg | /usr/bin/wc -l | tr -d ' '
|
||||
ansible.builtin.shell: /usr/bin/getent group fedmsg | /usr/bin/wc -l | tr -d ' '
|
||||
register: fedmsg_exists
|
||||
check_mode: no
|
||||
changed_when: "1 != 1"
|
||||
|
|
|
|||
|
|
@ -97,7 +97,7 @@
|
|||
home: "/var/lib/openqa"
|
||||
createhome: no
|
||||
system: yes
|
||||
shell: /sbin/nologin
|
||||
ansible.builtin.shell: /sbin/nologin
|
||||
when: "openqa_static_uid is defined"
|
||||
|
||||
- name: Remove old scratch repo directory
|
||||
|
|
@ -250,7 +250,7 @@
|
|||
- config
|
||||
|
||||
- name: Initialize database
|
||||
shell: "/usr/share/openqa/script/initdb --user geekotest --init_database" # noqa 305
|
||||
ansible.builtin.shell: "/usr/share/openqa/script/initdb --user geekotest --init_database" # noqa 305
|
||||
register: initdb
|
||||
changed_when: "initdb.rc == 0"
|
||||
failed_when: "(initdb.rc > 0) and (initdb.stdout is not defined or initdb.stdout.find('already exists') == -1)"
|
||||
|
|
@ -316,7 +316,7 @@
|
|||
register: templatesfif
|
||||
|
||||
- name: Dump existing config for checking changes
|
||||
shell: "/usr/share/openqa/script/dump_templates --json > /tmp/tmpl-old.json || :"
|
||||
ansible.builtin.shell: "/usr/share/openqa/script/dump_templates --json > /tmp/tmpl-old.json || :"
|
||||
when: "(gittests is defined) and (gittests is changed)"
|
||||
changed_when: "1 != 1"
|
||||
|
||||
|
|
@ -342,7 +342,7 @@
|
|||
changed_when: "1 != 1"
|
||||
|
||||
- name: Check if the tests changed in previous step
|
||||
shell: "/usr/share/openqa/script/dump_templates --json > /tmp/tmpl-new.json && diff <(jq -S . /tmp/tmpl-old.json) <(jq -S . /tmp/tmpl-new.json)"
|
||||
ansible.builtin.shell: "/usr/share/openqa/script/dump_templates --json > /tmp/tmpl-new.json && diff <(jq -S . /tmp/tmpl-old.json) <(jq -S . /tmp/tmpl-new.json)"
|
||||
when: "(gittests is defined) and (gittests is changed)"
|
||||
register: testsdiff
|
||||
changed_when: "testsdiff.rc > 0"
|
||||
|
|
|
|||
|
|
@ -56,13 +56,13 @@
|
|||
|
||||
# nmcli collection does not support tun type
|
||||
- name: Check whether tap device interface connection profiles exist
|
||||
shell: "(for i in {0..{{ openqa_workers | int }}}; do ip addr show tap$i || exit 1; done)"
|
||||
ansible.builtin.shell: "(for i in {0..{{ openqa_workers | int }}}; do ip addr show tap$i || exit 1; done)"
|
||||
register: tapsexist
|
||||
changed_when: "1 != 1"
|
||||
failed_when: "1 != 1"
|
||||
|
||||
- name: Create openvswitch interfaces for tap devices
|
||||
shell: "nmcli con add type tun mode tap owner $(id -u _openqa-worker) group $(getent group nogroup | cut -f3 -d:) con.int tap{{ item }} master tap{{ item }}"
|
||||
ansible.builtin.shell: "nmcli con add type tun mode tap owner $(id -u _openqa-worker) group $(getent group nogroup | cut -f3 -d:) con.int tap{{ item }} master tap{{ item }}"
|
||||
with_sequence: start=0 end={{ openqa_workers | int }}
|
||||
when: tapsexist.rc > 0
|
||||
|
||||
|
|
|
|||
|
|
@ -5,10 +5,10 @@
|
|||
dest: "/etc/openshift_apps/{{job_app}}/job-{{job_name}}.yml"
|
||||
|
||||
- name: Delete previous job (if any)
|
||||
shell: oc -n {{ job_app }} delete --ignore-not-found=true -f /etc/openshift_apps/{{job_app}}/job-{{job_name}}.yml
|
||||
ansible.builtin.shell: oc -n {{ job_app }} delete --ignore-not-found=true -f /etc/openshift_apps/{{job_app}}/job-{{job_name}}.yml
|
||||
|
||||
- name: Start job
|
||||
shell: oc -n {{ job_app }} create -f /etc/openshift_apps/{{job_app}}/job-{{job_name}}.yml
|
||||
ansible.builtin.shell: oc -n {{ job_app }} create -f /etc/openshift_apps/{{job_app}}/job-{{job_name}}.yml
|
||||
|
||||
- name: Wait for job to complete
|
||||
shell: oc -n {{ job_app }} wait job/job-{{job_name}} --for condition=complete
|
||||
ansible.builtin.shell: oc -n {{ job_app }} wait job/job-{{job_name}} --for condition=complete
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
---
|
||||
- name: Run `oc import-image`
|
||||
shell: oc -n {{import_image_app}} import-image {{import_image_imagestreamname}}
|
||||
ansible.builtin.shell: oc -n {{import_image_app}} import-image {{import_image_imagestreamname}}
|
||||
|
|
|
|||
|
|
@ -16,5 +16,5 @@
|
|||
register: ipa_config_result
|
||||
|
||||
- name: Call `oc apply` on the copied file
|
||||
shell: oc -n {{ipa_client_app}} apply -f /etc/openshift_apps/{{ipa_client_app}}/configmap-ipa-client.yml
|
||||
ansible.builtin.shell: oc -n {{ipa_client_app}} apply -f /etc/openshift_apps/{{ipa_client_app}}/configmap-ipa-client.yml
|
||||
when: ipa_config_result.changed or object_always_apply
|
||||
|
|
|
|||
|
|
@ -17,10 +17,10 @@
|
|||
dest: "/etc/openshift_apps/{{job_app}}/job-{{job_name}}.yml"
|
||||
|
||||
- name: Delete previous job (if any)
|
||||
shell: oc -n {{os_app}} delete --ignore-not-found=true -f /etc/openshift_apps/{{job_app}}/job-{{job_name}}.yml
|
||||
ansible.builtin.shell: oc -n {{os_app}} delete --ignore-not-found=true -f /etc/openshift_apps/{{job_app}}/job-{{job_name}}.yml
|
||||
|
||||
- name: Start job
|
||||
shell: oc -n {{os_app}} create -f /etc/openshift_apps/{{job_app}}/job-{{job_name}}.yml
|
||||
ansible.builtin.shell: oc -n {{os_app}} create -f /etc/openshift_apps/{{job_app}}/job-{{job_name}}.yml
|
||||
|
||||
- debug:
|
||||
msg: "Job started. You can watch the logs with: oc -n {{os_app}} logs -f job/job-{{job_name}}"
|
||||
|
|
@ -28,4 +28,4 @@
|
|||
msg: "You can cancel it with: oc -n {{os_app}} delete job/job-{{job_name}}"
|
||||
|
||||
- name: Wait for job to complete
|
||||
shell: oc -n {{os_app}} wait job/job-{{job_name}} --for condition=complete
|
||||
ansible.builtin.shell: oc -n {{os_app}} wait job/job-{{job_name}} --for condition=complete
|
||||
|
|
|
|||
|
|
@ -8,13 +8,13 @@
|
|||
kt_location: "/etc/openshift_apps/{{keytab_app}}/{{keytab_key}}.kt"
|
||||
|
||||
- name: Call `oc secrets new` on the copied file
|
||||
shell: oc -n {{keytab_app}} secrets new {{keytab_secret_name}} {{keytab_key}}=/etc/openshift_apps/{{keytab_app}}/{{keytab_key}}.kt
|
||||
ansible.builtin.shell: oc -n {{keytab_app}} secrets new {{keytab_secret_name}} {{keytab_key}}=/etc/openshift_apps/{{keytab_app}}/{{keytab_key}}.kt
|
||||
register: create_out
|
||||
when: not ocp4
|
||||
failed_when: "create_out.rc != 0 and 'AlreadyExists' not in create_out.stderr"
|
||||
|
||||
- name: Call `oc create secret generic` on the copied file
|
||||
shell: oc -n {{keytab_app}} create secret generic {{keytab_secret_name}} --from-file={{keytab_key}}=/etc/openshift_apps/{{keytab_app}}/{{keytab_key}}.kt
|
||||
ansible.builtin.shell: oc -n {{keytab_app}} create secret generic {{keytab_secret_name}} --from-file={{keytab_key}}=/etc/openshift_apps/{{keytab_app}}/{{keytab_key}}.kt
|
||||
register: create_out
|
||||
when: ocp4 and not keytab_status.stat.exists
|
||||
failed_when: "create_out.rc != 0 and 'AlreadyExists' not in create_out.stderr"
|
||||
|
|
|
|||
|
|
@ -12,4 +12,4 @@
|
|||
when: object_delete_objecttype == 'project'
|
||||
|
||||
- name: Call `oc delete` on the object
|
||||
shell: oc -n {{object_delete_app}} delete {{object_delete_objecttype}}/{{object_delete_objectname}}
|
||||
ansible.builtin.shell: oc -n {{object_delete_app}} delete {{object_delete_objecttype}}/{{object_delete_objectname}}
|
||||
|
|
|
|||
|
|
@ -15,5 +15,5 @@
|
|||
register: object_file_result
|
||||
|
||||
- name: Call `oc apply` on the copied file
|
||||
shell: oc -n {{object_os_app}} apply --validate=strict -f /etc/openshift_apps/{{object_os_app}}/{{object_objectname}}
|
||||
ansible.builtin.shell: oc -n {{object_os_app}} apply --validate=strict -f /etc/openshift_apps/{{object_os_app}}/{{object_objectname}}
|
||||
when: object_template_result.changed or object_template_fullpath_result.changed or object_file_result.changed or object_always_apply
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@
|
|||
dest=/etc/openshift_apps/{{project_app}}/project.yml
|
||||
|
||||
- name: Create project
|
||||
shell: oc apply --validate=strict -f /etc/openshift_apps/{{project_app}}/project.yml
|
||||
ansible.builtin.shell: oc apply --validate=strict -f /etc/openshift_apps/{{project_app}}/project.yml
|
||||
when: "'not found' in project_exists.stderr"
|
||||
|
||||
- name: Deployer.yml
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
---
|
||||
- name: Run `oc rollout latest`
|
||||
shell: oc -n {{rollout_app}} rollout latest {{rollout_dcname}}
|
||||
ansible.builtin.shell: oc -n {{rollout_app}} rollout latest {{rollout_dcname}}
|
||||
|
|
|
|||
|
|
@ -15,18 +15,18 @@
|
|||
register: secret_privatefile
|
||||
|
||||
- name: Delete existing secrets
|
||||
shell: oc -n {{os_app}} delete secret/{{secret_file_secret_name}}
|
||||
ansible.builtin.shell: oc -n {{os_app}} delete secret/{{secret_file_secret_name}}
|
||||
register: delete_out
|
||||
changed_when: "'NotFound' in delete_out.stderr"
|
||||
failed_when: "('NotFound' not in delete_out.stderr) and (delete_out.rc != 0)"
|
||||
when: secret_template.changed or secret_file.changed or secret_privatefile.changed
|
||||
|
||||
- name: Call `oc secrets new` on the copied file
|
||||
shell: oc -n {{os_app}} secrets new {{secret_file_secret_name}} {{secret_file_key}}=/etc/openshift_apps/{{os_app}}/{{secret_file_key}}
|
||||
ansible.builtin.shell: oc -n {{os_app}} secrets new {{secret_file_secret_name}} {{secret_file_key}}=/etc/openshift_apps/{{os_app}}/{{secret_file_key}}
|
||||
register: create_out
|
||||
when: not ocp4 and (secret_template.changed or secret_file.changed or secret_privatefile.changed)
|
||||
|
||||
- name: Call `oc create secret generic` on the copied file
|
||||
shell: oc -n {{os_app}} create secret generic {{secret_file_secret_name}} --from-file={{secret_file_key}}=/etc/openshift_apps/{{os_app}}/{{secret_file_key}}
|
||||
ansible.builtin.shell: oc -n {{os_app}} create secret generic {{secret_file_secret_name}} --from-file={{secret_file_key}}=/etc/openshift_apps/{{os_app}}/{{secret_file_key}}
|
||||
register: create_out
|
||||
when: ocp4 and (secret_template.changed or secret_file.changed or secret_privatefile.changed)
|
||||
|
|
|
|||
|
|
@ -8,18 +8,18 @@
|
|||
register: secret_privatekey
|
||||
|
||||
- name: Delete existing secrets
|
||||
shell: oc -n {{secret_tls_app}} delete secret/{{secret_tls_secret_name}}
|
||||
ansible.builtin.shell: oc -n {{secret_tls_app}} delete secret/{{secret_tls_secret_name}}
|
||||
register: delete_out
|
||||
changed_when: "'NotFound' in delete_out.stderr"
|
||||
failed_when: "('NotFound' not in delete_out.stderr) and (delete_out.rc != 0)"
|
||||
when: secret_privatecert.changed or secret_privatekey.changed
|
||||
|
||||
- name: Call `oc create secret tls` on the copied file
|
||||
shell: oc -n {{secret_tls_app}} create secret tls {{secret_tls_secret_name}} --cert=/etc/openshift_apps/{{secret_tls_app}}/{{secret_tls_key}}.crt --key=/etc/openshift_apps/{{secret_tls_app}}/{{secret_tls_key}}.key
|
||||
ansible.builtin.shell: oc -n {{secret_tls_app}} create secret tls {{secret_tls_secret_name}} --cert=/etc/openshift_apps/{{secret_tls_app}}/{{secret_tls_key}}.crt --key=/etc/openshift_apps/{{secret_tls_app}}/{{secret_tls_key}}.key
|
||||
register: create_out
|
||||
when: secret_privatecert.changed or secret_privatekey.changed
|
||||
|
||||
- name: Call `oc create secret tls` on the copied file
|
||||
shell: oc -n {{secret_tls_app}} create secret tls {{secret_tls_secret_name}} --cert=/etc/openshift_apps/{{secret_tls_app}}/{{secret_tls_key}}.crt --key=/etc/openshift_apps/{{secret_tls_app}}/{{secret_tls_key}}.key
|
||||
ansible.builtin.shell: oc -n {{secret_tls_app}} create secret tls {{secret_tls_secret_name}} --cert=/etc/openshift_apps/{{secret_tls_app}}/{{secret_tls_key}}.crt --key=/etc/openshift_apps/{{secret_tls_app}}/{{secret_tls_key}}.key
|
||||
register: create_out
|
||||
when: secret_privatecert.changed or secret_privatekey.changed
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
---
|
||||
- name: Run `oc start-build`
|
||||
shell: oc -n {{start_build_app}} start-build {{start_build_buildname}}
|
||||
ansible.builtin.shell: oc -n {{start_build_app}} start-build {{start_build_buildname}}
|
||||
|
|
|
|||
|
|
@ -192,7 +192,7 @@
|
|||
name: paguremirroring
|
||||
group: paguremirroring
|
||||
groups: paguremirroring,git
|
||||
shell: /bin/nologin
|
||||
ansible.builtin.shell: /bin/nologin
|
||||
home: /srv/mirror
|
||||
tags:
|
||||
- pagure
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
- name: restart nagios on noc
|
||||
shell: nagios -v /etc/nagios/nagios.cfg && systemctl restart nagios
|
||||
ansible.builtin.shell: nagios -v /etc/nagios/nagios.cfg && systemctl restart nagios
|
||||
delegate_to: "{{ queue_nagios_server }}"
|
||||
|
||||
- name: restart nrpe on rabbitmq
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@
|
|||
system: yes
|
||||
home: /etc/robosignatory
|
||||
comment: Robosignatory
|
||||
shell: /sbin/nologin
|
||||
ansible.builtin.shell: /sbin/nologin
|
||||
uid: 263
|
||||
tags:
|
||||
- config
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
#
|
||||
---
|
||||
- name: Check for grub serial setup
|
||||
shell: grep options /boot/loader/entries/*
|
||||
ansible.builtin.shell: grep options /boot/loader/entries/*
|
||||
register: serial
|
||||
check_mode: no
|
||||
changed_when: '1 != 1'
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@
|
|||
- smtp_auth_relay
|
||||
|
||||
- name: Regenerate the password db file
|
||||
shell: postmap /etc/postfix/sasl_passwd
|
||||
ansible.builtin.shell: postmap /etc/postfix/sasl_passwd
|
||||
when: smtp_relay_password_file.changed
|
||||
notify: restart postfix
|
||||
tags:
|
||||
|
|
|
|||
|
|
@ -108,7 +108,7 @@
|
|||
user:
|
||||
name: countme
|
||||
group: countme
|
||||
shell: /sbin/nologin
|
||||
ansible.builtin.shell: /sbin/nologin
|
||||
home: /srv/countme
|
||||
comment: "DNF countme counter"
|
||||
tags:
|
||||
|
|
@ -125,7 +125,7 @@
|
|||
|
||||
- name: Remove local mirrors-countme git repo, scripts and Python package
|
||||
# Using `shell` here because `file` doesn't know wild cards
|
||||
shell: >-
|
||||
ansible.builtin.shell: >-
|
||||
shopt -s nullglob;
|
||||
rm -rfv \
|
||||
/srv/countme/mirrors-countme \
|
||||
|
|
|
|||
|
|
@ -3,5 +3,5 @@
|
|||
service: name=zabbix-agent state=restarted
|
||||
|
||||
- name: reload custom selinux files
|
||||
shell: /usr/sbin/semodule -u "/etc/selinux/centos/centos-zabbix-agent.pp"
|
||||
ansible.builtin.shell: /usr/sbin/semodule -u "/etc/selinux/centos/centos-zabbix-agent.pp"
|
||||
when: ansible_selinux.mode == "enforcing"
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@
|
|||
- zabbix_agent
|
||||
|
||||
- name: Reload custom selinux files
|
||||
shell: /usr/sbin/semodule -u "/etc/selinux/centos/centos-zabbix-agent.pp"
|
||||
ansible.builtin.shell: /usr/sbin/semodule -u "/etc/selinux/centos/centos-zabbix-agent.pp"
|
||||
when: ansible_distribution == "Centos" and ansible_selinux.status == "enabled" and sepolicy.changed
|
||||
tags:
|
||||
- zabbix_agent
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@
|
|||
include_role: name=basessh
|
||||
|
||||
# - name: Edit hostname to be instance name - prefix hostbase var if it exists
|
||||
# shell: hostname {{ hostbase }}`curl -s http://169.254.169.254/latest/meta-data/instance-id`
|
||||
# ansible.builtin.shell: hostname {{ hostbase }}`curl -s http://169.254.169.254/latest/meta-data/instance-id`
|
||||
# tags:
|
||||
# - config
|
||||
|
||||
|
|
|
|||
|
|
@ -88,7 +88,7 @@
|
|||
- swap
|
||||
|
||||
- name: Disable zram0
|
||||
shell: swapoff /dev/zram0
|
||||
ansible.builtin.shell: swapoff /dev/zram0
|
||||
tags:
|
||||
- swap
|
||||
- swap.file.swapoffzram
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@
|
|||
when: inventory_hostname not in result.list_vms
|
||||
|
||||
- name: Run the virt-install
|
||||
shell: "{{ virt_install_command }}"
|
||||
ansible.builtin.shell: "{{ virt_install_command }}"
|
||||
delegate_to: "{{ vmhost }}"
|
||||
when: inventory_hostname not in result.list_vms
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue