Merge branch 'master' of /git/ansible
This commit is contained in:
Nick Bebout
commit
7f6635e8fb
13 changed files with 2639 additions and 49 deletions
|
|
@ -25,3 +25,8 @@ fedmsg_certs:
|
||||||
group: fedmsg-announce
|
group: fedmsg-announce
|
||||||
can_send:
|
can_send:
|
||||||
- announce.announcement
|
- announce.announcement
|
||||||
|
- service: scm
|
||||||
|
owner: root
|
||||||
|
group: sysadmin
|
||||||
|
can_send:
|
||||||
|
- infragit.receive
|
||||||
|
|
|
||||||
39
inventory/host_vars/arm-hub01.qa.fedoraproject.org
Normal file
39
inventory/host_vars/arm-hub01.qa.fedoraproject.org
Normal file
|
|
@ -0,0 +1,39 @@
|
||||||
|
# Even though this host has not yet been ansibilized, we need this definition
|
||||||
|
# here so that other hosts know that it is allowed to send the following fedmsg
|
||||||
|
# messages.
|
||||||
|
# Note that it can do both compose messages and koji messages
|
||||||
|
fedmsg_certs:
|
||||||
|
- service: shell
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
- service: koji
|
||||||
|
owner: root
|
||||||
|
group: apache
|
||||||
|
can_send:
|
||||||
|
- buildsys.build.state.change
|
||||||
|
- buildsys.package.list.change
|
||||||
|
- buildsys.repo.done
|
||||||
|
- buildsys.repo.init
|
||||||
|
- buildsys.rpm.sign
|
||||||
|
- buildsys.tag
|
||||||
|
- buildsys.task.state.change
|
||||||
|
- buildsys.untag
|
||||||
|
- service: bodhi
|
||||||
|
owner: root
|
||||||
|
group: masher
|
||||||
|
can_send:
|
||||||
|
- compose.branched.complete
|
||||||
|
- compose.branched.mash.complete
|
||||||
|
- compose.branched.mash.start
|
||||||
|
- compose.branched.pungify.complete
|
||||||
|
- compose.branched.pungify.start
|
||||||
|
- compose.branched.rsync.complete
|
||||||
|
- compose.branched.rsync.start
|
||||||
|
- compose.branched.start
|
||||||
|
- compose.epelbeta.complete
|
||||||
|
- compose.rawhide.complete
|
||||||
|
- compose.rawhide.mash.complete
|
||||||
|
- compose.rawhide.mash.start
|
||||||
|
- compose.rawhide.rsync.complete
|
||||||
|
- compose.rawhide.rsync.start
|
||||||
|
- compose.rawhide.start
|
||||||
27
inventory/host_vars/ppc-composer.qa.fedoraproject.org
Normal file
27
inventory/host_vars/ppc-composer.qa.fedoraproject.org
Normal file
|
|
@ -0,0 +1,27 @@
|
||||||
|
# Even though this host has not yet been ansibilized, we need this definition
|
||||||
|
# here so that other hosts know that it is allowed to send the following fedmsg
|
||||||
|
# messages.
|
||||||
|
# Note that it does only compose messages, not koji messages.
|
||||||
|
fedmsg_certs:
|
||||||
|
- service: shell
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
- service: bodhi
|
||||||
|
owner: root
|
||||||
|
group: masher
|
||||||
|
can_send:
|
||||||
|
- compose.branched.complete
|
||||||
|
- compose.branched.mash.complete
|
||||||
|
- compose.branched.mash.start
|
||||||
|
- compose.branched.pungify.complete
|
||||||
|
- compose.branched.pungify.start
|
||||||
|
- compose.branched.rsync.complete
|
||||||
|
- compose.branched.rsync.start
|
||||||
|
- compose.branched.start
|
||||||
|
- compose.epelbeta.complete
|
||||||
|
- compose.rawhide.complete
|
||||||
|
- compose.rawhide.mash.complete
|
||||||
|
- compose.rawhide.mash.start
|
||||||
|
- compose.rawhide.rsync.complete
|
||||||
|
- compose.rawhide.rsync.start
|
||||||
|
- compose.rawhide.start
|
||||||
|
|
@ -1,23 +1,4 @@
|
||||||
# create a new fedocal server
|
- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=fedocal-stg:fedocal"
|
||||||
# NOTE: should be used with --limit most of the time
|
|
||||||
# NOTE: make sure there is room/space for this server on the vmhost
|
|
||||||
# NOTE: most of these vars_path come from group_vars/fedocal* or from hostvars
|
|
||||||
|
|
||||||
- name: make fedocal
|
|
||||||
hosts: fedocal-stg;fedocal
|
|
||||||
user: root
|
|
||||||
gather_facts: False
|
|
||||||
|
|
||||||
vars_files:
|
|
||||||
- /srv/web/infra/ansible/vars/global.yml
|
|
||||||
- "/srv/private/ansible/vars.yml"
|
|
||||||
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
|
||||||
|
|
||||||
tasks:
|
|
||||||
- include: "{{ tasks }}/virt_instance_create.yml"
|
|
||||||
|
|
||||||
handlers:
|
|
||||||
- include: "{{ handlers }}/restart_services.yml"
|
|
||||||
|
|
||||||
- name: make the box be real
|
- name: make the box be real
|
||||||
hosts: fedocal-stg;fedocal
|
hosts: fedocal-stg;fedocal
|
||||||
|
|
|
||||||
15
playbooks/include/virt-create.yml
Normal file
15
playbooks/include/virt-create.yml
Normal file
|
|
@ -0,0 +1,15 @@
|
||||||
|
- name: make fedocal
|
||||||
|
hosts: "{{ myhosts }}"
|
||||||
|
gather_facts: False
|
||||||
|
|
||||||
|
vars_files:
|
||||||
|
- /srv/web/infra/ansible/vars/global.yml
|
||||||
|
- "/srv/private/ansible/vars.yml"
|
||||||
|
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- include: "{{ tasks }}/virt_instance_create.yml"
|
||||||
|
|
||||||
|
handlers:
|
||||||
|
- include: "{{ handlers }}/restart_services.yml"
|
||||||
|
|
||||||
|
|
@ -72,7 +72,9 @@
|
||||||
-A OUTPUT -p tcp -m tcp -d admin.fedoraproject.org --dport 80 -j ACCEPT
|
-A OUTPUT -p tcp -m tcp -d admin.fedoraproject.org --dport 80 -j ACCEPT
|
||||||
-A OUTPUT -p tcp -m tcp -d admin.fedoraproject.org --dport 443 -j ACCEPT
|
-A OUTPUT -p tcp -m tcp -d admin.fedoraproject.org --dport 443 -j ACCEPT
|
||||||
# for 2 facter auth
|
# for 2 facter auth
|
||||||
-A OUTPUT -p tcp -m tcp -d fas-all.phx2.fedoraproject.org --dport 8443 -j ACCEPT
|
-A OUTPUT -p tcp -m tcp -d 10.5.126.30 --dport 8443 -j ACCEPT
|
||||||
|
-A OUTPUT -p tcp -m tcp -d 10.5.126.25 --dport 8443 -j ACCEPT
|
||||||
|
-A OUTPUT -p tcp -m tcp -d 10.5.126.26 --dport 8443 -j ACCEPT
|
||||||
|
|
||||||
#nfs to vtap-fedora-nfs01.storage.phx2.redhat.com - a little to wide-open - but
|
#nfs to vtap-fedora-nfs01.storage.phx2.redhat.com - a little to wide-open - but
|
||||||
# kinda necessary
|
# kinda necessary
|
||||||
|
|
|
||||||
|
|
@ -70,10 +70,6 @@
|
||||||
- lineinfile: dest=/etc/cgitrc regexp="^project-list=" line="project-list=/var/lib/copr-dist-git/cgit_pkg_list"
|
- lineinfile: dest=/etc/cgitrc regexp="^project-list=" line="project-list=/var/lib/copr-dist-git/cgit_pkg_list"
|
||||||
- lineinfile: dest=/etc/cgitrc regexp="^scan-path=" line="scan-path=/var/lib/dist-git/git/rpms"
|
- lineinfile: dest=/etc/cgitrc regexp="^scan-path=" line="scan-path=/var/lib/dist-git/git/rpms"
|
||||||
|
|
||||||
- name: install systemd unit
|
|
||||||
copy: src="systemd/copr_distgit_updater.service" dest="/etc/systemd/system/"
|
|
||||||
|
|
||||||
- command: "systemctl daemon-reload"
|
|
||||||
- command: "/usr/share/dist-git/dist_git_sync.sh"
|
- command: "/usr/share/dist-git/dist_git_sync.sh"
|
||||||
|
|
||||||
- name: ensure that services are enabled and started
|
- name: ensure that services are enabled and started
|
||||||
|
|
@ -81,5 +77,5 @@
|
||||||
with_items:
|
with_items:
|
||||||
- "httpd"
|
- "httpd"
|
||||||
- "dist-git.socket"
|
- "dist-git.socket"
|
||||||
- "copr_distgit_updater"
|
- "copr-dist-git"
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -40,6 +40,7 @@ dhclient.*: Listening on.*
|
||||||
dhclient.*: Sending on.*
|
dhclient.*: Sending on.*
|
||||||
dhclient.*: Sending on.*
|
dhclient.*: Sending on.*
|
||||||
dhclient.*: $
|
dhclient.*: $
|
||||||
|
docker.*
|
||||||
fedmsg-hub.*
|
fedmsg-hub.*
|
||||||
moksha-hub.*
|
moksha-hub.*
|
||||||
mailman3.*
|
mailman3.*
|
||||||
|
|
|
||||||
|
|
@ -12,6 +12,6 @@ ProxyPass / http://66.226.72.63/
|
||||||
ProxyPassReverse / http://66.226.72.63/
|
ProxyPassReverse / http://66.226.72.63/
|
||||||
{% else %}
|
{% else %}
|
||||||
# In staging we point to the staging version of the magazine
|
# In staging we point to the staging version of the magazine
|
||||||
ProxyPass / http://104.207.133.220/
|
ProxyPass / http://66.226.72.133/
|
||||||
ProxyPassReverse / http://104.207.133.220/
|
ProxyPassReverse / http://66.226.72.133/
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
|
||||||
2501
roles/koji_builder/files/__init__.py
Normal file
2501
roles/koji_builder/files/__init__.py
Normal file
File diff suppressed because it is too large
Load diff
|
|
@ -255,3 +255,9 @@
|
||||||
tags:
|
tags:
|
||||||
- koji_builder
|
- koji_builder
|
||||||
|
|
||||||
|
- name: HOTFIX ssl fix for koji
|
||||||
|
copy: src=__init__.py dest=/usr/lib/python2.7/site-packages/koji/__init__.py
|
||||||
|
tags:
|
||||||
|
- koji_builder
|
||||||
|
- hotfix
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -156,6 +156,20 @@ define service {
|
||||||
use websitetemplate
|
use websitetemplate
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#define service {
|
||||||
|
# host_name 209.132.181.16-phx2, 85.236.55.6-internetx, proxy03.fedoraproject.org, 152.19.134.142-ibiblio, proxy06.fedoraproject.org, 213.175.193.206-bodhost, 67.203.2.67-coloamerica, 66.135.62.187-serverbeach
|
||||||
|
# service_description pagure.io - frontpage
|
||||||
|
# check_command check_website_ssl!pagure.io!/!Projects
|
||||||
|
# use websitetemplate
|
||||||
|
#}
|
||||||
|
#
|
||||||
|
#define service {
|
||||||
|
# host_name 209.132.181.16-phx2, 85.236.55.6-internetx, proxy03.fedoraproject.org, 152.19.134.142-ibiblio, proxy06.fedoraproject.org, 213.175.193.206-bodhost, 67.203.2.67-coloamerica, 66.135.62.187-serverbeach
|
||||||
|
# service_description whatcanidoforfedora.org - asknot-ng
|
||||||
|
# check_command check_website!whatcanidoforfedora.org!/en/!What can I do for Fedora
|
||||||
|
# use websitetemplate
|
||||||
|
#}
|
||||||
|
|
||||||
define service {
|
define service {
|
||||||
host_name 209.132.183.81-phx2
|
host_name 209.132.183.81-phx2
|
||||||
service_description www.redhat.com
|
service_description www.redhat.com
|
||||||
|
|
|
||||||
|
|
@ -28,27 +28,6 @@ WSGIDaemonProcess paguredocs user=git group=git maximum-requests=1000 display-na
|
||||||
{% endif %}
|
{% endif %}
|
||||||
</VirtualHost>
|
</VirtualHost>
|
||||||
|
|
||||||
<VirtualHost *:443>
|
|
||||||
{% if env == 'pagure-staging' %}
|
|
||||||
ServerName stg.pagure.org
|
|
||||||
{% else %}
|
|
||||||
ServerName pagure.org
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
SSLEngine on
|
|
||||||
SSLProtocol all -SSLv2 -SSLv3
|
|
||||||
# Use secure TLSv1.1 and TLSv1.2 ciphers
|
|
||||||
Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
|
|
||||||
|
|
||||||
SSLCertificateFile /etc/pki/tls/certs/docs.pagure.org.crt
|
|
||||||
SSLCertificateChainFile /etc/pki/tls/certs/docs.pagure.org.intermediate.crt
|
|
||||||
SSLCertificateKeyFile /etc/pki/tls/certs/docs.pagure.org.key
|
|
||||||
{% if env == 'pagure-staging' %}
|
|
||||||
Redirect permanent / https://stg.pagure.io/
|
|
||||||
{% else %}
|
|
||||||
Redirect permanent / https://pagure.io/
|
|
||||||
{% endif %}
|
|
||||||
</VirtualHost>
|
|
||||||
|
|
||||||
## End of redirects http -> https
|
## End of redirects http -> https
|
||||||
|
|
||||||
|
|
@ -117,6 +96,30 @@ WSGIDaemonProcess paguredocs user=git group=git maximum-requests=1000 display-na
|
||||||
|
|
||||||
</VirtualHost>
|
</VirtualHost>
|
||||||
|
|
||||||
|
|
||||||
|
<VirtualHost *:443>
|
||||||
|
{% if env == 'pagure-staging' %}
|
||||||
|
ServerName stg.pagure.org
|
||||||
|
{% else %}
|
||||||
|
ServerName pagure.org
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
SSLEngine on
|
||||||
|
SSLProtocol all -SSLv2 -SSLv3
|
||||||
|
# Use secure TLSv1.1 and TLSv1.2 ciphers
|
||||||
|
Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
|
||||||
|
|
||||||
|
SSLCertificateFile /etc/pki/tls/certs/docs.pagure.org.crt
|
||||||
|
SSLCertificateChainFile /etc/pki/tls/certs/docs.pagure.org.intermediate.crt
|
||||||
|
SSLCertificateKeyFile /etc/pki/tls/certs/docs.pagure.org.key
|
||||||
|
{% if env == 'pagure-staging' %}
|
||||||
|
Redirect permanent / https://stg.pagure.io/
|
||||||
|
{% else %}
|
||||||
|
Redirect permanent / https://pagure.io/
|
||||||
|
{% endif %}
|
||||||
|
</VirtualHost>
|
||||||
|
|
||||||
|
|
||||||
<VirtualHost *:443>
|
<VirtualHost *:443>
|
||||||
{% if env == 'pagure-staging' %}
|
{% if env == 'pagure-staging' %}
|
||||||
ServerName docs.stg.pagure.org
|
ServerName docs.stg.pagure.org
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue