Merge branch 'master' of /git/ansible
This commit is contained in:
Nick Bebout
commit
7f6635e8fb
13 changed files with 2639 additions and 49 deletions
|
|
@ -25,3 +25,8 @@ fedmsg_certs:
|
|||
group: fedmsg-announce
|
||||
can_send:
|
||||
- announce.announcement
|
||||
- service: scm
|
||||
owner: root
|
||||
group: sysadmin
|
||||
can_send:
|
||||
- infragit.receive
|
||||
|
|
|
|||
39
inventory/host_vars/arm-hub01.qa.fedoraproject.org
Normal file
39
inventory/host_vars/arm-hub01.qa.fedoraproject.org
Normal file
|
|
@ -0,0 +1,39 @@
|
|||
# Even though this host has not yet been ansibilized, we need this definition
|
||||
# here so that other hosts know that it is allowed to send the following fedmsg
|
||||
# messages.
|
||||
# Note that it can do both compose messages and koji messages
|
||||
fedmsg_certs:
|
||||
- service: shell
|
||||
owner: root
|
||||
group: root
|
||||
- service: koji
|
||||
owner: root
|
||||
group: apache
|
||||
can_send:
|
||||
- buildsys.build.state.change
|
||||
- buildsys.package.list.change
|
||||
- buildsys.repo.done
|
||||
- buildsys.repo.init
|
||||
- buildsys.rpm.sign
|
||||
- buildsys.tag
|
||||
- buildsys.task.state.change
|
||||
- buildsys.untag
|
||||
- service: bodhi
|
||||
owner: root
|
||||
group: masher
|
||||
can_send:
|
||||
- compose.branched.complete
|
||||
- compose.branched.mash.complete
|
||||
- compose.branched.mash.start
|
||||
- compose.branched.pungify.complete
|
||||
- compose.branched.pungify.start
|
||||
- compose.branched.rsync.complete
|
||||
- compose.branched.rsync.start
|
||||
- compose.branched.start
|
||||
- compose.epelbeta.complete
|
||||
- compose.rawhide.complete
|
||||
- compose.rawhide.mash.complete
|
||||
- compose.rawhide.mash.start
|
||||
- compose.rawhide.rsync.complete
|
||||
- compose.rawhide.rsync.start
|
||||
- compose.rawhide.start
|
||||
27
inventory/host_vars/ppc-composer.qa.fedoraproject.org
Normal file
27
inventory/host_vars/ppc-composer.qa.fedoraproject.org
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
# Even though this host has not yet been ansibilized, we need this definition
|
||||
# here so that other hosts know that it is allowed to send the following fedmsg
|
||||
# messages.
|
||||
# Note that it does only compose messages, not koji messages.
|
||||
fedmsg_certs:
|
||||
- service: shell
|
||||
owner: root
|
||||
group: root
|
||||
- service: bodhi
|
||||
owner: root
|
||||
group: masher
|
||||
can_send:
|
||||
- compose.branched.complete
|
||||
- compose.branched.mash.complete
|
||||
- compose.branched.mash.start
|
||||
- compose.branched.pungify.complete
|
||||
- compose.branched.pungify.start
|
||||
- compose.branched.rsync.complete
|
||||
- compose.branched.rsync.start
|
||||
- compose.branched.start
|
||||
- compose.epelbeta.complete
|
||||
- compose.rawhide.complete
|
||||
- compose.rawhide.mash.complete
|
||||
- compose.rawhide.mash.start
|
||||
- compose.rawhide.rsync.complete
|
||||
- compose.rawhide.rsync.start
|
||||
- compose.rawhide.start
|
||||
|
|
@ -1,23 +1,4 @@
|
|||
# create a new fedocal server
|
||||
# NOTE: should be used with --limit most of the time
|
||||
# NOTE: make sure there is room/space for this server on the vmhost
|
||||
# NOTE: most of these vars_path come from group_vars/fedocal* or from hostvars
|
||||
|
||||
- name: make fedocal
|
||||
hosts: fedocal-stg;fedocal
|
||||
user: root
|
||||
gather_facts: False
|
||||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- "/srv/private/ansible/vars.yml"
|
||||
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
||||
|
||||
tasks:
|
||||
- include: "{{ tasks }}/virt_instance_create.yml"
|
||||
|
||||
handlers:
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=fedocal-stg:fedocal"
|
||||
|
||||
- name: make the box be real
|
||||
hosts: fedocal-stg;fedocal
|
||||
|
|
|
|||
15
playbooks/include/virt-create.yml
Normal file
15
playbooks/include/virt-create.yml
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
- name: make fedocal
|
||||
hosts: "{{ myhosts }}"
|
||||
gather_facts: False
|
||||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- "/srv/private/ansible/vars.yml"
|
||||
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
||||
|
||||
tasks:
|
||||
- include: "{{ tasks }}/virt_instance_create.yml"
|
||||
|
||||
handlers:
|
||||
- include: "{{ handlers }}/restart_services.yml"
|
||||
|
||||
|
|
@ -72,7 +72,9 @@
|
|||
-A OUTPUT -p tcp -m tcp -d admin.fedoraproject.org --dport 80 -j ACCEPT
|
||||
-A OUTPUT -p tcp -m tcp -d admin.fedoraproject.org --dport 443 -j ACCEPT
|
||||
# for 2 facter auth
|
||||
-A OUTPUT -p tcp -m tcp -d fas-all.phx2.fedoraproject.org --dport 8443 -j ACCEPT
|
||||
-A OUTPUT -p tcp -m tcp -d 10.5.126.30 --dport 8443 -j ACCEPT
|
||||
-A OUTPUT -p tcp -m tcp -d 10.5.126.25 --dport 8443 -j ACCEPT
|
||||
-A OUTPUT -p tcp -m tcp -d 10.5.126.26 --dport 8443 -j ACCEPT
|
||||
|
||||
#nfs to vtap-fedora-nfs01.storage.phx2.redhat.com - a little to wide-open - but
|
||||
# kinda necessary
|
||||
|
|
|
|||
|
|
@ -70,10 +70,6 @@
|
|||
- lineinfile: dest=/etc/cgitrc regexp="^project-list=" line="project-list=/var/lib/copr-dist-git/cgit_pkg_list"
|
||||
- lineinfile: dest=/etc/cgitrc regexp="^scan-path=" line="scan-path=/var/lib/dist-git/git/rpms"
|
||||
|
||||
- name: install systemd unit
|
||||
copy: src="systemd/copr_distgit_updater.service" dest="/etc/systemd/system/"
|
||||
|
||||
- command: "systemctl daemon-reload"
|
||||
- command: "/usr/share/dist-git/dist_git_sync.sh"
|
||||
|
||||
- name: ensure that services are enabled and started
|
||||
|
|
@ -81,5 +77,5 @@
|
|||
with_items:
|
||||
- "httpd"
|
||||
- "dist-git.socket"
|
||||
- "copr_distgit_updater"
|
||||
- "copr-dist-git"
|
||||
|
||||
|
|
|
|||
|
|
@ -40,6 +40,7 @@ dhclient.*: Listening on.*
|
|||
dhclient.*: Sending on.*
|
||||
dhclient.*: Sending on.*
|
||||
dhclient.*: $
|
||||
docker.*
|
||||
fedmsg-hub.*
|
||||
moksha-hub.*
|
||||
mailman3.*
|
||||
|
|
|
|||
|
|
@ -12,6 +12,6 @@ ProxyPass / http://66.226.72.63/
|
|||
ProxyPassReverse / http://66.226.72.63/
|
||||
{% else %}
|
||||
# In staging we point to the staging version of the magazine
|
||||
ProxyPass / http://104.207.133.220/
|
||||
ProxyPassReverse / http://104.207.133.220/
|
||||
ProxyPass / http://66.226.72.133/
|
||||
ProxyPassReverse / http://66.226.72.133/
|
||||
{% endif %}
|
||||
|
|
|
|||
2501
roles/koji_builder/files/__init__.py
Normal file
2501
roles/koji_builder/files/__init__.py
Normal file
File diff suppressed because it is too large
Load diff
|
|
@ -255,3 +255,9 @@
|
|||
tags:
|
||||
- koji_builder
|
||||
|
||||
- name: HOTFIX ssl fix for koji
|
||||
copy: src=__init__.py dest=/usr/lib/python2.7/site-packages/koji/__init__.py
|
||||
tags:
|
||||
- koji_builder
|
||||
- hotfix
|
||||
|
||||
|
|
|
|||
|
|
@ -156,6 +156,20 @@ define service {
|
|||
use websitetemplate
|
||||
}
|
||||
|
||||
#define service {
|
||||
# host_name 209.132.181.16-phx2, 85.236.55.6-internetx, proxy03.fedoraproject.org, 152.19.134.142-ibiblio, proxy06.fedoraproject.org, 213.175.193.206-bodhost, 67.203.2.67-coloamerica, 66.135.62.187-serverbeach
|
||||
# service_description pagure.io - frontpage
|
||||
# check_command check_website_ssl!pagure.io!/!Projects
|
||||
# use websitetemplate
|
||||
#}
|
||||
#
|
||||
#define service {
|
||||
# host_name 209.132.181.16-phx2, 85.236.55.6-internetx, proxy03.fedoraproject.org, 152.19.134.142-ibiblio, proxy06.fedoraproject.org, 213.175.193.206-bodhost, 67.203.2.67-coloamerica, 66.135.62.187-serverbeach
|
||||
# service_description whatcanidoforfedora.org - asknot-ng
|
||||
# check_command check_website!whatcanidoforfedora.org!/en/!What can I do for Fedora
|
||||
# use websitetemplate
|
||||
#}
|
||||
|
||||
define service {
|
||||
host_name 209.132.183.81-phx2
|
||||
service_description www.redhat.com
|
||||
|
|
|
|||
|
|
@ -28,27 +28,6 @@ WSGIDaemonProcess paguredocs user=git group=git maximum-requests=1000 display-na
|
|||
{% endif %}
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost *:443>
|
||||
{% if env == 'pagure-staging' %}
|
||||
ServerName stg.pagure.org
|
||||
{% else %}
|
||||
ServerName pagure.org
|
||||
{% endif %}
|
||||
|
||||
SSLEngine on
|
||||
SSLProtocol all -SSLv2 -SSLv3
|
||||
# Use secure TLSv1.1 and TLSv1.2 ciphers
|
||||
Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
|
||||
|
||||
SSLCertificateFile /etc/pki/tls/certs/docs.pagure.org.crt
|
||||
SSLCertificateChainFile /etc/pki/tls/certs/docs.pagure.org.intermediate.crt
|
||||
SSLCertificateKeyFile /etc/pki/tls/certs/docs.pagure.org.key
|
||||
{% if env == 'pagure-staging' %}
|
||||
Redirect permanent / https://stg.pagure.io/
|
||||
{% else %}
|
||||
Redirect permanent / https://pagure.io/
|
||||
{% endif %}
|
||||
</VirtualHost>
|
||||
|
||||
## End of redirects http -> https
|
||||
|
||||
|
|
@ -117,6 +96,30 @@ WSGIDaemonProcess paguredocs user=git group=git maximum-requests=1000 display-na
|
|||
|
||||
</VirtualHost>
|
||||
|
||||
|
||||
<VirtualHost *:443>
|
||||
{% if env == 'pagure-staging' %}
|
||||
ServerName stg.pagure.org
|
||||
{% else %}
|
||||
ServerName pagure.org
|
||||
{% endif %}
|
||||
|
||||
SSLEngine on
|
||||
SSLProtocol all -SSLv2 -SSLv3
|
||||
# Use secure TLSv1.1 and TLSv1.2 ciphers
|
||||
Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
|
||||
|
||||
SSLCertificateFile /etc/pki/tls/certs/docs.pagure.org.crt
|
||||
SSLCertificateChainFile /etc/pki/tls/certs/docs.pagure.org.intermediate.crt
|
||||
SSLCertificateKeyFile /etc/pki/tls/certs/docs.pagure.org.key
|
||||
{% if env == 'pagure-staging' %}
|
||||
Redirect permanent / https://stg.pagure.io/
|
||||
{% else %}
|
||||
Redirect permanent / https://pagure.io/
|
||||
{% endif %}
|
||||
</VirtualHost>
|
||||
|
||||
|
||||
<VirtualHost *:443>
|
||||
{% if env == 'pagure-staging' %}
|
||||
ServerName docs.stg.pagure.org
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue