Merge branch 'master' of /git/ansible
This commit is contained in:
Randy Barlow
commit
5fb8c38b4b
15 changed files with 43 additions and 49 deletions
|
|
@ -23,7 +23,7 @@ custom_rules: [
|
||||||
|
|
||||||
# TODO - remove modularity-wg membership here once it is not longer needed:
|
# TODO - remove modularity-wg membership here once it is not longer needed:
|
||||||
# https://fedorahosted.org/fedora-infrastructure/ticket/5363
|
# https://fedorahosted.org/fedora-infrastructure/ticket/5363
|
||||||
fas_client_groups: sysadmin-ask,sysadmin-web,sysadmin-main,sysadmin-cvs,sysadmin-build,sysadmin-noc,sysadmin-releng,sysadmin-dba,sysadmin-hosted,sysadmin-tools,sysadmin-spin,sysadmin-cloud,fi-apprentice,sysadmin-darkserver,sysadmin-badges,sysadmin-troubleshoot,sysadmin-qa,sysadmin-centos,sysadmin-ppc,sysadmin-koschei,sysadmin-secondary,sysadmin-fedimg,sysadmin-veteran,modularity-wg,pungi-devel
|
fas_client_groups: sysadmin-ask,sysadmin-web,sysadmin-main,sysadmin-cvs,sysadmin-build,sysadmin-noc,sysadmin-releng,sysadmin-dba,sysadmin-hosted,sysadmin-tools,sysadmin-spin,sysadmin-cloud,fi-apprentice,sysadmin-darkserver,sysadmin-badges,sysadmin-troubleshoot,sysadmin-qa,sysadmin-centos,sysadmin-ppc,sysadmin-koschei,sysadmin-secondary,sysadmin-fedimg,sysadmin-veteran,sysadmin-mbs,modularity-wg,pungi-devel
|
||||||
|
|
||||||
#
|
#
|
||||||
# This is a postfix gateway. This will pick up gateway postfix config in base
|
# This is a postfix gateway. This will pick up gateway postfix config in base
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,7 @@ tcp_ports: [ 80, 443 ]
|
||||||
# Neeed for rsync from log01 for logs.
|
# Neeed for rsync from log01 for logs.
|
||||||
custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
|
custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
|
||||||
|
|
||||||
fas_client_groups: sysadmin-ask,sysadmin-build,sysadmin-cvs,sysadmin-main,sysadmin-web,sysadmin-noc,sysadmin-hosted,sysadmin-releng,sysadmin-qa,sysadmin-tools,sysadmin-cloud,sysadmin-bot,sysadmin-centos,sysadmin-koschei,sysadmin-datanommer,sysadmin-fedimg,fi-apprentice,sysadmin-regcfp,sysadmin-badges,sysadmin-veteran
|
fas_client_groups: sysadmin-ask,sysadmin-build,sysadmin-cvs,sysadmin-main,sysadmin-web,sysadmin-noc,sysadmin-hosted,sysadmin-releng,sysadmin-qa,sysadmin-tools,sysadmin-cloud,sysadmin-bot,sysadmin-centos,sysadmin-koschei,sysadmin-datanommer,sysadmin-fedimg,fi-apprentice,sysadmin-regcfp,sysadmin-badges,sysadmin-mbs,sysadmin-veteran
|
||||||
|
|
||||||
ansible_base: /srv/web/infra
|
ansible_base: /srv/web/infra
|
||||||
freezes: false
|
freezes: false
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@ freezes: false
|
||||||
tcp_ports: [ 3000, 3001, 3002, 3003,
|
tcp_ports: [ 3000, 3001, 3002, 3003,
|
||||||
3004, 3005, 3006, 3007 ]
|
3004, 3005, 3006, 3007 ]
|
||||||
|
|
||||||
fas_client_groups: sysadmin-noc,sysadmin-releng
|
fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-mbs
|
||||||
|
|
||||||
# These people get told when something goes wrong.
|
# These people get told when something goes wrong.
|
||||||
fedmsg_error_recipients:
|
fedmsg_error_recipients:
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@ freezes: false
|
||||||
tcp_ports: [ 3000, 3001, 3002, 3003,
|
tcp_ports: [ 3000, 3001, 3002, 3003,
|
||||||
3004, 3005, 3006, 3007 ]
|
3004, 3005, 3006, 3007 ]
|
||||||
|
|
||||||
fas_client_groups: sysadmin-noc,sysadmin-releng
|
fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-mbs
|
||||||
|
|
||||||
# These people get told when something goes wrong.
|
# These people get told when something goes wrong.
|
||||||
fedmsg_error_recipients:
|
fedmsg_error_recipients:
|
||||||
|
|
|
||||||
|
|
@ -19,7 +19,7 @@ tcp_ports: [ 80 ]
|
||||||
# Neeed for rsync from log01 for logs.
|
# Neeed for rsync from log01 for logs.
|
||||||
custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
|
custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
|
||||||
|
|
||||||
fas_client_groups: sysadmin-noc,sysadmin-releng
|
fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-mbs
|
||||||
|
|
||||||
# These are consumed by a task in roles/fedmsg/base/main.yml
|
# These are consumed by a task in roles/fedmsg/base/main.yml
|
||||||
fedmsg_certs:
|
fedmsg_certs:
|
||||||
|
|
|
||||||
|
|
@ -19,7 +19,7 @@ tcp_ports: [ 80 ]
|
||||||
# Neeed for rsync from log01 for logs.
|
# Neeed for rsync from log01 for logs.
|
||||||
custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
|
custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
|
||||||
|
|
||||||
fas_client_groups: sysadmin-noc,sysadmin-releng
|
fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-mbs
|
||||||
|
|
||||||
# These are consumed by a task in roles/fedmsg/base/main.yml
|
# These are consumed by a task in roles/fedmsg/base/main.yml
|
||||||
fedmsg_certs:
|
fedmsg_certs:
|
||||||
|
|
|
||||||
|
|
@ -69,6 +69,10 @@ buildslave_password: '{{ qa_stg_buildslave_password }}'
|
||||||
deployment_type: qa-stg
|
deployment_type: qa-stg
|
||||||
tcp_ports: [ 80, 222, 443, "{{ buildslave_port }}", 3306 ]
|
tcp_ports: [ 80, 222, 443, "{{ buildslave_port }}", 3306 ]
|
||||||
|
|
||||||
|
# for downloading taskotron images
|
||||||
|
imagesdir: /var/lib/diskimages
|
||||||
|
slaves_group: apache
|
||||||
|
|
||||||
# static sites
|
# static sites
|
||||||
static_sites:
|
static_sites:
|
||||||
- name: "{{ inventory_hostname }}"
|
- name: "{{ inventory_hostname }}"
|
||||||
|
|
@ -79,6 +83,11 @@ static_sites:
|
||||||
document_root: /srv/content/docs
|
document_root: /srv/content/docs
|
||||||
external_name: "docs.{{ external_hostname }}"
|
external_name: "docs.{{ external_hostname }}"
|
||||||
|
|
||||||
|
- name: "images.{{ inventory_hostname }}"
|
||||||
|
document_root: /srv/content/images
|
||||||
|
external_name: "images.{{ external_hostname }}"
|
||||||
|
|
||||||
|
|
||||||
sslonly: false
|
sslonly: false
|
||||||
|
|
||||||
freezes: false
|
freezes: false
|
||||||
|
|
|
||||||
|
|
@ -1,26 +0,0 @@
|
||||||
---
|
|
||||||
nm: 255.255.255.128
|
|
||||||
gw: 152.19.134.129
|
|
||||||
dns: 8.8.8.8
|
|
||||||
ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-ext
|
|
||||||
ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/
|
|
||||||
volgroup: /dev/vg_ibiblio04
|
|
||||||
eth0_ip: 152.19.134.195
|
|
||||||
eth0_nm: 255.255.255.128
|
|
||||||
has_ipv6: yes
|
|
||||||
eth0_ipv6: "2610:28:3090:3001:5054:ff:fed9:f194"
|
|
||||||
eth0_ipv6_gw: "2610:28:3090:3001::1"
|
|
||||||
|
|
||||||
vmhost: ibiblio04.fedoraproject.org
|
|
||||||
datacenter: ibiblio
|
|
||||||
postfix_group: vpn
|
|
||||||
vpn: true
|
|
||||||
|
|
||||||
tcp_ports: [80, 443, 873]
|
|
||||||
rsyncd_conf: "rsyncd.conf.download-{{ datacenter }}"
|
|
||||||
nrpe_procs_warn: 900
|
|
||||||
nrpe_procs_crit: 1000
|
|
||||||
|
|
||||||
lvm_size: 20000
|
|
||||||
mem_size: 8192
|
|
||||||
num_cpus: 4
|
|
||||||
|
|
@ -2,9 +2,9 @@
|
||||||
nm: 255.255.255.128
|
nm: 255.255.255.128
|
||||||
gw: 152.19.134.129
|
gw: 152.19.134.129
|
||||||
dns: 152.2.21.1
|
dns: 152.2.21.1
|
||||||
ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7
|
ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-ext
|
||||||
ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/
|
ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/
|
||||||
volgroup: /dev/vg_ibiblio04
|
volgroup: /dev/vg_guests
|
||||||
eth0_ip: 152.19.134.192
|
eth0_ip: 152.19.134.192
|
||||||
eth0_nm: 255.255.255.128
|
eth0_nm: 255.255.255.128
|
||||||
has_ipv6: yes
|
has_ipv6: yes
|
||||||
|
|
|
||||||
|
|
@ -2,9 +2,9 @@
|
||||||
nm: 255.255.255.128
|
nm: 255.255.255.128
|
||||||
gw: 152.19.134.129
|
gw: 152.19.134.129
|
||||||
dns: 152.2.21.1
|
dns: 152.2.21.1
|
||||||
ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7
|
ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-ext
|
||||||
ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/
|
ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/
|
||||||
volgroup: /dev/vg_ibiblio04
|
volgroup: /dev/vg_guests
|
||||||
eth0_ip: 152.19.134.150
|
eth0_ip: 152.19.134.150
|
||||||
eth0_nm: 255.255.255.128
|
eth0_nm: 255.255.255.128
|
||||||
vmhost: ibiblio04.fedoraproject.org
|
vmhost: ibiblio04.fedoraproject.org
|
||||||
|
|
|
||||||
|
|
@ -108,6 +108,9 @@
|
||||||
tags:
|
tags:
|
||||||
- qastaticsites
|
- qastaticsites
|
||||||
|
|
||||||
|
roles:
|
||||||
|
- { role: taskotron/imagefactory-client, tags: ['imagefactoryclient']}
|
||||||
|
|
||||||
handlers:
|
handlers:
|
||||||
- include: "{{ handlers }}/restart_services.yml"
|
- include: "{{ handlers }}/restart_services.yml"
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
- name: verify koschei frontend
|
- name: verify koschei frontend
|
||||||
hosts: "{{ koschei_web_hosts | default('koschei-web') }}"
|
hosts: "{{ koschei_web_hosts | default('koschei-web:koschei-web-stg') }}"
|
||||||
vars_files:
|
vars_files:
|
||||||
- /srv/web/infra/ansible/vars/global.yml
|
- /srv/web/infra/ansible/vars/global.yml
|
||||||
- /srv/private/ansible/vars.yml
|
- /srv/private/ansible/vars.yml
|
||||||
|
|
@ -11,7 +11,7 @@
|
||||||
- koschei/frontend
|
- koschei/frontend
|
||||||
|
|
||||||
- name: verify koschei backend
|
- name: verify koschei backend
|
||||||
hosts: "{{ koschei_backend_hosts | default('koschei-backend') }}"
|
hosts: "{{ koschei_backend_hosts | default('koschei-backend:koschei-backend-stg') }}"
|
||||||
vars_files:
|
vars_files:
|
||||||
- /srv/web/infra/ansible/vars/global.yml
|
- /srv/web/infra/ansible/vars/global.yml
|
||||||
- /srv/private/ansible/vars.yml
|
- /srv/private/ansible/vars.yml
|
||||||
|
|
@ -22,7 +22,7 @@
|
||||||
- koschei/backend
|
- koschei/backend
|
||||||
|
|
||||||
- name: upgrade koschei backend
|
- name: upgrade koschei backend
|
||||||
hosts: "{{ koschei_backend_hosts | default('koschei-backend') }}"
|
hosts: "{{ koschei_backend_hosts | default('koschei-backend:koschei-backend-stg') }}"
|
||||||
vars_files:
|
vars_files:
|
||||||
- /srv/web/infra/ansible/vars/global.yml
|
- /srv/web/infra/ansible/vars/global.yml
|
||||||
- /srv/private/ansible/vars.yml
|
- /srv/private/ansible/vars.yml
|
||||||
|
|
@ -60,7 +60,7 @@
|
||||||
- koschei-backend-fedora
|
- koschei-backend-fedora
|
||||||
|
|
||||||
- name: upgrade koschei frontend
|
- name: upgrade koschei frontend
|
||||||
hosts: "{{ koschei_web_hosts | default('koschei-web') }}"
|
hosts: "{{ koschei_web_hosts | default('koschei-web:koschei-web-stg') }}"
|
||||||
vars_files:
|
vars_files:
|
||||||
- /srv/web/infra/ansible/vars/global.yml
|
- /srv/web/infra/ansible/vars/global.yml
|
||||||
- /srv/private/ansible/vars.yml
|
- /srv/private/ansible/vars.yml
|
||||||
|
|
@ -92,7 +92,7 @@
|
||||||
- koschei-frontend-fedora
|
- koschei-frontend-fedora
|
||||||
|
|
||||||
- name: run DB migration
|
- name: run DB migration
|
||||||
hosts: "{{ koschei_backend_hosts | default('koschei-backend') }}"
|
hosts: "{{ koschei_backend_hosts | default('koschei-backend:koschei-backend-stg') }}"
|
||||||
vars_files:
|
vars_files:
|
||||||
- /srv/web/infra/ansible/vars/global.yml
|
- /srv/web/infra/ansible/vars/global.yml
|
||||||
- /srv/private/ansible/vars.yml
|
- /srv/private/ansible/vars.yml
|
||||||
|
|
@ -104,7 +104,7 @@
|
||||||
command: alembic -c /usr/share/koschei/alembic.ini upgrade head
|
command: alembic -c /usr/share/koschei/alembic.ini upgrade head
|
||||||
|
|
||||||
- name: restart koschei frontend
|
- name: restart koschei frontend
|
||||||
hosts: "{{ koschei_web_hosts | default('koschei-web') }}"
|
hosts: "{{ koschei_web_hosts | default('koschei-web:koschei-web-stg') }}"
|
||||||
vars_files:
|
vars_files:
|
||||||
- /srv/web/infra/ansible/vars/global.yml
|
- /srv/web/infra/ansible/vars/global.yml
|
||||||
- /srv/private/ansible/vars.yml
|
- /srv/private/ansible/vars.yml
|
||||||
|
|
@ -116,7 +116,7 @@
|
||||||
- koschei/frontend
|
- koschei/frontend
|
||||||
|
|
||||||
- name: restart koschei backend
|
- name: restart koschei backend
|
||||||
hosts: "{{ koschei_backend_hosts | default('koschei-backend') }}"
|
hosts: "{{ koschei_backend_hosts | default('koschei-backend:koschei-backend-stg') }}"
|
||||||
vars_files:
|
vars_files:
|
||||||
- /srv/web/infra/ansible/vars/global.yml
|
- /srv/web/infra/ansible/vars/global.yml
|
||||||
- /srv/private/ansible/vars.yml
|
- /srv/private/ansible/vars.yml
|
||||||
|
|
@ -127,13 +127,13 @@
|
||||||
- koschei/backend
|
- koschei/backend
|
||||||
|
|
||||||
- name: Check whether backend update happened
|
- name: Check whether backend update happened
|
||||||
hosts: "{{ koschei_backend_hosts | default('koschei-backend') }}"
|
hosts: "{{ koschei_backend_hosts | default('koschei-backend:koschei-backend-stg') }}"
|
||||||
tasks:
|
tasks:
|
||||||
- assert:
|
- assert:
|
||||||
that: backend_upgrade.changed
|
that: backend_upgrade.changed
|
||||||
|
|
||||||
- name: Check whether frontend update happened
|
- name: Check whether frontend update happened
|
||||||
hosts: "{{ koschei_web_hosts | default('koschei-web') }}"
|
hosts: "{{ koschei_web_hosts | default('koschei-web:koschei-web-stg') }}"
|
||||||
tasks:
|
tasks:
|
||||||
- assert:
|
- assert:
|
||||||
that: frontend_upgrade.changed
|
that: frontend_upgrade.changed
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@
|
||||||
user: name="copr-dist-git" group=copr-dist-git groups=cvsadmin,packager uid=1001
|
user: name="copr-dist-git" group=copr-dist-git groups=cvsadmin,packager uid=1001
|
||||||
|
|
||||||
- name: create user for copr-dist-git service
|
- name: create user for copr-dist-git service
|
||||||
user: name="copr-service" group=copr-service groups=packager,docker generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa uid=1002
|
user: name="copr-service" group=copr-service groups=packager,docker,apache,mock generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa uid=1002
|
||||||
|
|
||||||
- name: enable copr dist-git repo
|
- name: enable copr dist-git repo
|
||||||
shell: "dnf -y copr enable clime/dist-git"
|
shell: "dnf -y copr enable clime/dist-git"
|
||||||
|
|
@ -35,8 +35,6 @@
|
||||||
- rdiff-backup
|
- rdiff-backup
|
||||||
- tmpwatch
|
- tmpwatch
|
||||||
|
|
||||||
- user: append=yes name="copr-service" groups=apache,mock
|
|
||||||
|
|
||||||
- name: install copr-dist-git
|
- name: install copr-dist-git
|
||||||
dnf: state=latest name={{ item }}
|
dnf: state=latest name={{ item }}
|
||||||
with_items:
|
with_items:
|
||||||
|
|
|
||||||
|
|
@ -47,3 +47,13 @@
|
||||||
- mbs
|
- mbs
|
||||||
- mbs/frontend
|
- mbs/frontend
|
||||||
- selinux
|
- selinux
|
||||||
|
|
||||||
|
- name: make httpd logs world readable
|
||||||
|
file:
|
||||||
|
name: /var/log/httpd
|
||||||
|
state: directory
|
||||||
|
mode: 0755
|
||||||
|
tags:
|
||||||
|
- mbs
|
||||||
|
- mbs/frontend
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
define service {
|
define service {
|
||||||
host_name mirrorlist-osuosl, mirrorlist-ibiblio, mirrorlist-ibiblio02, mirrorlist-phx2, mirrorlist-host1plus, mirrorlist-dedicatedsolutions
|
host_name mirrorlist-osuosl, mirrorlist-ibiblio02, mirrorlist-phx2, mirrorlist-host1plus, mirrorlist-dedicatedsolutions
|
||||||
service_description Check MirrorList Cache
|
service_description Check MirrorList Cache
|
||||||
check_command check_by_nrpe!check_mirrorlist_cache
|
check_command check_by_nrpe!check_mirrorlist_cache
|
||||||
use defaulttemplate
|
use defaulttemplate
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue