Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Merge branch 'master' of /git/ansible

Browse source
This commit is contained in:
Nick Bebout 2013-08-22 03:53:11 +00:00
commit 4a66c4e699
9 changed files with 170 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

2
files/releng/fedora-branched-compose-i386.cfg
View file

@ -31,7 +31,7 @@ cost=5000
[static] [static]
name=static name=static
baseurl=http://kojipkgs.fedoraproject.org/repos/f19-build/latest/i386 baseurl=http://kojipkgs.fedoraproject.org/repos/f20-build/latest/i386
enabled=1 enabled=1
#cost=2000 #cost=2000
""" """

2
files/releng/fedora-branched-compose-x86_64.cfg
View file

@ -31,7 +31,7 @@ cost=5000
[static] [static]
name=static name=static
baseurl=http://kojipkgs.fedoraproject.org/repos/f19-build/latest/x86_64 baseurl=http://kojipkgs.fedoraproject.org/repos/f20-build/latest/x86_64
enabled=1 enabled=1
#cost=2000 #cost=2000
""" """

49
playbooks/fedorahosted_fedmsg_git.yml Normal file
View file

@ -0,0 +1,49 @@
# requires --extra-vars "{'repos': ['yokan.git', 'yumex.git']}"
- name: Install the fedmsg hook into a number of fedrahosted git repos
hosts: hosted03.fedoraproject.org
user: root
vars:
prefix: /srv/git/
chained: /hooks/post-receive-chained.d
fedmsg_hook: /usr/local/share/git/hooks/post-receive-fedorahosted-fedmsg
chained_hook: /usr/share/git-core/post-receive-chained
tasks:
# First -- a sanity check. We want this to fail and stop the playbook if
# someone typoed and reponame. The "command" here claims that it "creates" a
# file. That is not actually true, but it tells ansible to not bother running
# the command *if* that creates= file is already present. Its a hackaround to
# make this task idempotent.
- name: make sure the git repos exist in the first place
command: /bin/ls ${prefix}${item} creates=${prefix}${item}
with_items: ${repos}
- name: ensure there is a post-receive-chained.d/ directory
file: >
state=directory
path=${prefix}${item}${chained}/
with_items: ${repos}
- name: move the old post-receive email hook into the chained dir
command: >
/bin/mv ${prefix}${item}/hooks/post-receive ${prefix}${item}${chained}/post-receive-email
removes=${prefix}${item}/hooks/post-receive
creates=${prefix}${item}${chained}/post-receive-email
with_items: ${repos}
- name: symlink the fedmsg hook into the chained dir
file: >
path=${prefix}${item}${chained}/post-receive-fedmsg
src=${fedmsg_hook}
state=link
with_items: ${repos}
- name: symlink in the chained hook redirector
file: >
path=${prefix}${item}/hooks/post-receive
src=${chained_hook}
state=link
with_items: ${repos}

1
playbooks/groups/mailman.yml
View file

@ -33,6 +33,7 @@
- /srv/web/infra/ansible/roles/denyhosts - /srv/web/infra/ansible/roles/denyhosts
- /srv/web/infra/ansible/roles/nagios_client - /srv/web/infra/ansible/roles/nagios_client
- /srv/web/infra/ansible/roles/fas_client - /srv/web/infra/ansible/roles/fas_client
- /srv/web/infra/ansible/roles/yum-cron
tasks: tasks:
# this is how you include other task lists # this is how you include other task lists

2
roles/badges-backend/files/cron/award-libravatar-badge.cron
View file

@ -1 +1 @@
*/55 * * * * fedmsg /usr/share/badges/cronjobs/award-libravatar-badge 40 * * * * fedmsg /usr/share/badges/cronjobs/award-libravatar-badge > /dev/null 2>&1

2
roles/badges-backend/files/cron/award-oldschool-badges.cron
View file

@ -1 +1 @@
*/25 * * * * fedmsg /usr/share/badges/cronjobs/award-oldschool-badges 25 * * * * fedmsg /usr/share/badges/cronjobs/award-oldschool-badges > /dev/null 2>&1

16
roles/badges-backend/tasks/main.yml
View file

@ -55,6 +55,17 @@
notify: notify:
- restart fedmsg-hub - restart fedmsg-hub
- name: ensure the fedmsg user has a homedir for cron to work
file: >
state=directory
path=/usr/share/fedmsg
mode=700
owner=fedmsg
group=fedmsg
only_if: "'$env' != 'staging'"
tags:
- config
- cron
- name: ensure badges cron directories exist - name: ensure badges cron directories exist
file: > file: >
@ -62,6 +73,7 @@
path=$item path=$item
mode=755 mode=755
owner=root owner=root
only_if: "'$env' != 'staging'"
with_items: with_items:
- /usr/share/badges/cronjobs/ - /usr/share/badges/cronjobs/
- /etc/cron.d/ - /etc/cron.d/
@ -75,6 +87,7 @@
dest=/usr/share/badges/cronjobs/$item dest=/usr/share/badges/cronjobs/$item
owner=fedmsg owner=fedmsg
mode=744 mode=744
only_if: "'$env' != 'staging'"
with_items: with_items:
- award-oldschool-badges - award-oldschool-badges
- award-libravatar-badge - award-libravatar-badge
@ -84,10 +97,11 @@
- name: oldschool badge award cronjobs - name: oldschool badge award cronjobs
copy: > copy: >
src=cron/$item src=cron/$item.cron
dest=/etc/cron.d/$item dest=/etc/cron.d/$item
owner=root owner=root
mode=644 mode=644
only_if: "'$env' != 'staging'"
with_items: with_items:
- award-oldschool-badges - award-oldschool-badges
- award-libravatar-badge - award-libravatar-badge

25
roles/yum-cron/tasks/main.yml Normal file
View file

@ -0,0 +1,25 @@
---
#
# This role adds yum cron package and configuration.
# We want this on any public facing Fedora installs so we
# can pick up security updates.
#
- name: install yum-cron
yum: name=yum-cron state=present
tags:
- packages
when: ansible_distribution == 'Fedora'
- name: install yum-cron.conf
template: src=yum-cron.conf.j2 dest=/etc/yum/yum-cron.conf mode=0644
tags:
- config
when: ansible_distribution == 'Fedora'
- name: enable yum-cron
copy: content="enable yum cron" dest=/var/lock/subsys/yum-cron mode=0644
tags:
- config
when: ansible_distribution == 'Fedora'

76
roles/yum-cron/templates/yum-cron.conf.j2 Normal file
View file

@ -0,0 +1,76 @@
[commands]
# What kind of update to use:
# default = yum upgrade
# security = yum --security upgrade
# security-severity:Critical = yum --sec-severity=Critical upgrade
# minimal = yum --bugfix upgrade-minimal
# minimal-security = yum --security upgrade-minimal
# minimal-security-severity:Critical = --sec-severity=Critical upgrade-minimal
update_cmd = security
# Whether a message should emitted when updates are available.
update_messages = yes
# Whether updates should be downloaded when they are available. Note
# that updates_messages must also be yes for updates to be downloaded.
download_updates = yes
# Whether updates should be applied when they are available. Note
# that both update_messages and download_updates must also be yes for
# the update to be applied
apply_updates = yes
# Maximum amout of time to randomly sleep, in minutes. The program
# will sleep for a random amount of time between 0 and random_sleep
# minutes before running. This is useful for e.g. staggering the
# times that multiple systems will access update servers. If
# random_sleep is 0 or negative, the program will run immediately.
random_sleep = 0
[emitters]
# Name to use for this system in messages that are emitted. If
# system_name is None, the hostname will be used.
system_name = None
# How to send messages. Valid options are stdio and email. If
# emit_via includes stdio, messages will be sent to stdout; this is useful
# to have cron send the messages. If emit_via includes email, this
# program will send email itself according to the configured options.
# If emit_via is None or left blank, no messages will be sent.
emit_via = stdio
# The width, in characters, that messages that are emitted should be
# formatted to.
ouput_width = 80
[email]
# The address to send email messages from.
email_from = root@localhost
# List of addresses to send messages to.
email_to = root
# Name of the host to connect to to send email messages.
email_host = localhost
[groups]
# List of groups to update
group_list = None
# The types of group packages to install
group_package_types = mandatory, default
[base]
# Use this to filter Yum core messages
# -4: critical
# -3: critical+errors
# -2: critical+errors+warnings (default)
debuglevel = -2
# override yum options of the same name
# skip_broken = True
mdpolicy = group:main