From 769f392493eab074e7f0c6a8ff172fd5282c09f2 Mon Sep 17 00:00:00 2001 From: Valentin Gologuzov Date: Fri, 7 Nov 2014 17:19:29 +0100 Subject: [PATCH] [copr] prepearing backup for copr-keygen --- inventory/inventory | 9 +++++++++ playbooks/groups/copr-keygen.yml | 2 +- roles/copr/base/files/hosts | 2 +- roles/copr/keygen/files/backup_keyring.sh | 9 +++++++++ roles/copr/keygen/tasks/main.yml | 8 ++++++++ roles/copr/keygen/tasks/setup_backup.yml | 12 ++++++++++++ 6 files changed, 40 insertions(+), 2 deletions(-) create mode 100644 roles/copr/keygen/files/backup_keyring.sh create mode 100644 roles/copr/keygen/tasks/setup_backup.yml diff --git a/inventory/inventory b/inventory/inventory index cbbe87ba53..ca743adbcc 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -717,6 +717,13 @@ copr-fe-dev.cloud.fedoraproject.org [copr-back-stg] copr-be-dev.cloud.fedoraproject.org +[copr-keygen-stg] +209.132.184.124 + +# temporary +[copr-keygen] +209.132.184.124 + [copr-front] copr-fe.cloud.fedoraproject.org @@ -726,7 +733,9 @@ copr-be.cloud.fedoraproject.org [copr:children] copr-front copr-back +copr-keygen [copr-stg:children] copr-front-stg copr-back-stg +copr-keygen-stg diff --git a/playbooks/groups/copr-keygen.yml b/playbooks/groups/copr-keygen.yml index df17d68d06..0b0cca5a62 100644 --- a/playbooks/groups/copr-keygen.yml +++ b/playbooks/groups/copr-keygen.yml @@ -13,7 +13,7 @@ - include: "{{ tasks }}/growroot_cloud.yml" - name: cloud basic setup - hosts: copr-back-stg + hosts: copr-keygen-stg vars_files: - /srv/web/infra/ansible/vars/global.yml - "{{ private }}/vars.yml" diff --git a/roles/copr/base/files/hosts b/roles/copr/base/files/hosts index 2678d2760d..7e2d2d5688 100644 --- a/roles/copr/base/files/hosts +++ b/roles/copr/base/files/hosts @@ -6,5 +6,5 @@ 172.16.5.5 copr-be-dev.cloud.fedoraproject.org 172.16.5.15 copr-fe-dev.cloud.fedoraproject.org -# for ansible, some dark magic why do we need this +# for ansible, some dark magic why do we need this ? 10.5.126.23 puppet.fedoraproject.org puppet puppet01 puppet01.phx2.fedoraproject.org diff --git a/roles/copr/keygen/files/backup_keyring.sh b/roles/copr/keygen/files/backup_keyring.sh new file mode 100644 index 0000000000..0c31bf5357 --- /dev/null +++ b/roles/copr/keygen/files/backup_keyring.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +# used as root +# root gpg keychain should have PUBLIC key with `user email` infra@fedorporject.org + +PATH_TO_KEYRING_DIR="/var/lib/copr-keygen" +OUTPUT_FILE="/backup/copr_keygen_keyring.tar.gz.gpg" + +tar -cvzf - $1 | gpg2 --output $2 --encrypt --recipient infra@fedorporject.org diff --git a/roles/copr/keygen/tasks/main.yml b/roles/copr/keygen/tasks/main.yml index 96056a77c3..315d4837d2 100644 --- a/roles/copr/keygen/tasks/main.yml +++ b/roles/copr/keygen/tasks/main.yml @@ -1,4 +1,8 @@ --- +- name: install keygen specific packages + yum: name="{{ item }}" state=present + with_items: + - gnupg2 - name: install obs-signd yum: name="obs-signd" enablerepo="updates-testing" state=present @@ -32,3 +36,7 @@ - httpd - haveged - signd + +- name: setup backup + # when: not devel + include: "setup_backup.yml" diff --git a/roles/copr/keygen/tasks/setup_backup.yml b/roles/copr/keygen/tasks/setup_backup.yml new file mode 100644 index 0000000000..ac5a23e193 --- /dev/null +++ b/roles/copr/keygen/tasks/setup_backup.yml @@ -0,0 +1,12 @@ +- name: ensure /backup dir + file: path=/backup state=directory + +- name: copy pubkey for backup encryption + copy: src="{{ private }}/copr/keygen/backup_key.asc" dest="/root/backup_key.asc" + +- name: import pubkey for backup encryption + shell: "gpg2 --import /root/backup_key.asc || true" + +- name: copy backup script + copy: src="backup_keyring.sh" dest="/etc/cron.daily/backup_keyring.sh" owner=root group=root mode=755 +