[copr] rbac acl, trying with replaced old playbook

2014-10-10 14:01:41 +02:00 · 2014-10-10 14:01:41 +02:00 · 8046f74f50
commit 8046f74f50
parent ce52dce02c
1 changed files with 9 additions and 77 deletions
--- a/playbooks/hosts/copr-fe-dev.cloud.fedoraproject.org.yml
+++ b/playbooks/hosts/copr-fe-dev.cloud.fedoraproject.org.yml
@ -1,9 +1,11 @@
 - name: check/create instance
+  #hosts: copr-front-stg:copr-front
+  #hosts: copr-front-stg
  hosts: copr-fe-dev.cloud.fedoraproject.org
  user: root
  gather_facts: False

-  vars_files: 
+  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "{{ private }}/vars.yml"

@ -12,87 +14,17 @@
  - include: "{{ tasks }}/growroot_cloud.yml"

 - name: provision instance
+  #hosts: copr-front:copr-front-stg
+  #hosts: copr-front-stg
  hosts: copr-fe-dev.cloud.fedoraproject.org
  user: root
  gather_facts: True

-  vars_files: 
+  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "{{ private }}/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

-  tasks:
-  - include: "{{ tasks }}/cloud_setup_basic.yml"
-  - include: "{{ tasks }}/postfix_basic.yml"
-  - include: "{{ tasks }}/iptables.yml"
-
-  - name: copy copr.repo
-    action: copy src="{{ files }}/copr/fe/yum/copr.repo" dest=/etc/yum.repos.d/copr.repo
-
-  - name: set the hostname
-    shell: hostname copr-fe-dev.cloud.fedoraproject.org
-
-  - name: copy .forward file
-    action: copy src="{{ files }}/copr/forward-dev" dest=/root/.forward owner=root group=root
-
-  - name: deploy /etc/hosts file
-    action: copy src="{{ files }}/copr/hosts" dest=/etc/hosts owner=root group=root mode=644
-
-  - name: install copr-fe pkgs
-    action: yum state=present pkg={{ item }}
-    with_items:
-    - copr-frontend
-    - copr-selinux
-    - postgresql-server
-    - bash-completion
-    - fail2ban
-    - mod_ssl
-    - system-config-firewall-base
-    tags:
-    - packages
-
-  - name: install copr configs
-    template: src="{{ files }}/copr/fe/copr.conf" dest=/etc/copr/copr.conf mode=600
-    notify:
-    - restart httpd
-    tags:
-    - config
-
-  - name: copy apache files to conf.d
-    action: copy src="{{ files }}/copr/fe/httpd/{{ item }}" dest="/etc/httpd/conf.d/{{ item }}"
-    with_items:
-    - coprs.conf
-    - welcome.conf
-
-  - name: copy pg_hba.conf
-    action: copy src="{{ files }}/copr/fe/pg/pg_hba.conf" dest=/var/lib/pgsql/data/pg_hba.conf owner=postgres group=postgres mode=0600
-
-  - name: copy httpd ssl certificates (crt)
-    action: copy src="{{ puppet_private }}/httpd/copr-fe.fedoraproject.org.crt" dest="/etc/pki/tls/certs/" owner=root group=root mode=0600
-    tags:
-    - config
-
-  - name: copy httpd ssl certificates (key)
-    action: copy src="{{ puppet_private }}/httpd/copr-fe.fedoraproject.org.key" dest="/etc/pki/tls/private/" owner=root group=root mode=0600
-    tags:
-    - config
-
-  - lineinfile: dest=/etc/httpd/conf.d/coprs.conf regexp="SSLCertificateFile " insertafter="^#SSLCertificateFile " line="SSLCertificateFile /etc/pki/tls/certs/copr-fe.fedoraproject.org.crt"
-    notify:
-    - restart httpd
-
-  - lineinfile: dest=/etc/httpd/conf.d/coprs.conf regexp="SSLCertificateKeyFile " insertafter="^#SSLCertificateKeyFile " line="SSLCertificateKeyFile /etc/pki/tls/private/copr-fe.fedoraproject.org.key"
-    notify:
-    - restart httpd
-
-  - name: enable services
-    action: service state=running enabled=yes name={{ item }}
-    with_items:
-    - httpd
-    - postgresql
-    - fail2ban
-
-  handlers:
-  - name: restart httpd
-    service: name=httpd state=restarted
-  - include: "{{ handlers }}/restart_services.yml"
+  roles:
+  - base
+  - copr/frontend