infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions

Fix majority of remaining yamllint warnings and errors

Browse source 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
This commit is contained in:
Ryan Lercho 2024-11-27 13:48:08 +10:00
parent 1073f70bce
commit 89f6f1fc32
591 changed files with 1491 additions and 1168 deletions
Download patch file Download diff file Expand all files Collapse all files

7
.yamllint.yaml
View file

@ -14,9 +14,10 @@ rules:
spaces: 2
indent-sequences: whatever
level: warning
line-length:
max: 100
level: warning
line-length: disable
# line-length:
# max: 100
# level: warning
truthy:
allowed-values: ['true', 'false', 'yes', 'no']
...

1
files/communishift/objects/oidc_cm.yml
View file

@ -1,3 +1,4 @@
---
apiVersion: config.openshift.io/v1
kind: OAuth
metadata:

10
handlers/restart_services.yml
View file

@ -1,7 +1,7 @@
########################################
# Handlers for restarting services
#
---
- name: reload systemd
command: systemctl daemon-reload
@ -75,14 +75,14 @@
- name: restart openvpn (Fedora)
when: ansible_distribution == "Fedora"
action: service name=openvpn-client@openvpn state=restarted
#notify:
#- fix openvpn routing
# notify:
# - fix openvpn routing
- name: restart openvpn (RHEL7+)
when: ansible_distribution == "RedHat" and ansible_distribution_major_version|int >= 7
action: service name=openvpn-client@openvpn state=restarted
#notify:
#- fix openvpn routing
# notify:
# - fix openvpn routing
- name: fix openvpn routing
action: shell /etc/openvpn/fix-routes.sh

2
main.yml
View file

@ -21,7 +21,7 @@
- import_playbook: /srv/web/infra/ansible/playbooks/groups/busgateway.yml
- import_playbook: /srv/web/infra/ansible/playbooks/groups/certgetter.yml
- import_playbook: /srv/web/infra/ansible/playbooks/groups/copr-backend.yml
#- import_playbook: /srv/web/infra/ansible/playbooks/groups/copr-db.yml
# - import_playbook: /srv/web/infra/ansible/playbooks/groups/copr-db.yml
- import_playbook: /srv/web/infra/ansible/playbooks/groups/copr-dist-git.yml
- import_playbook: /srv/web/infra/ansible/playbooks/groups/copr-frontend.yml
- import_playbook: /srv/web/infra/ansible/playbooks/groups/copr-hypervisor.yml

6
playbooks/groups/pkgs.yml
View file

@ -76,8 +76,7 @@
mnt_dir: '/srv/cache/lookaside',
nfs_src_dir:
'fedora_sourcecache',
# yamllint disable rule:commas
nfs_mount_opts='rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3'
nfs_mount_opts='rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3' # yamllint disable-line rule:commas rule:indentation
}
- {
role: nfs/client,
@ -86,8 +85,7 @@
mnt_dir: '/srv/cache/lookaside_prod',
nfs_src_dir:
'fedora_sourcecache',
# yamllint disable rule:commas
nfs_mount_opts='ro,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3'
nfs_mount_opts='ro,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3' # yamllint disable-line rule:commas rule:indentation
}
- role: distgit/pagure
- role: distgit

2
roles/abrt/faf-post/tasks/main.yml
View file

@ -9,7 +9,7 @@
state: directory
owner: faf
group: faf
mode: 0750
mode: "0750"
when: env != 'staging'
- import_tasks: cron.yml

4
roles/abrt/faf-pre/tasks/main.yml
View file

@ -28,7 +28,7 @@
- { src: "{{private}}/files/rabbitmq/{{env}}/pki/ca.crt",
dest: "ca.crt",
owner: faf,
mode: 0644
mode: "0644"
}
- { src: "{{private}}/files/rabbitmq/{{env}}/pki/private/faf{{env_suffix}}.key",
dest: "faf.key",
@ -38,7 +38,7 @@
- { src: "{{private}}/files/rabbitmq/{{env}}/pki/issued/faf{{env_suffix}}.crt",
dest: "faf.crt",
owner: faf,
mode: 0644
mode: "0644"
}
# landing page

7
roles/abrt/faf/.github/workflows/ansible-lint.yml vendored
View file

@ -1,10 +1,11 @@
---
name: Check Ansible Role
on:
on: # yamllint disable-line rule:truthy
push:
branches: [ master ]
branches: [master]
pull_request:
branches: [ master ]
branches: [master]
jobs:
lint:

6
roles/abrt/faf/defaults/main.yml
View file

@ -39,7 +39,7 @@ faf_web_on_root: false
# [MAIN]
faf_plugins_dir: /etc/faf/plugins/
faf_templates_dir: /etc/faf/templates/
faf_autoenableplugins: False
faf_autoenableplugins: false
# [STORAGE]
# variables used to automatically create a connectstring
@ -62,11 +62,11 @@ faf_from: no-reply@localhost
# [uREPORT]
faf_spool_dir: /var/spool/faf
faf_create_components: False
faf_create_components: false
# Allow uReports without affected package - meaning that crashing code was
# not packaged
faf_allow_unpackaged: False
faf_allow_unpackaged: false
###########################
# faf-webui configuration #

1
roles/abrt/faf/tasks/celery.yml
View file

@ -1,3 +1,4 @@
---
- name: install faf web celery packages
package:
name: "{{ faf_web_celery_packages }}"

2
roles/abrt/faf/tasks/check_web.yml
View file

@ -1,6 +1,6 @@
# check web functionality
#
---
- name: Set URL facts
set_fact:
main_url: "https://{{ ansible_default_ipv4.address }}{{ url_suffix }}"

2
roles/abrt/faf/tasks/config.yml
View file

@ -11,7 +11,7 @@
path: /etc/fedora-messaging/
owner: root
group: root
mode: 0755
mode: "0755"
state: directory
when: faf_with_fedmsg|bool

1
roles/abrt/faf/tasks/main.yml
View file

@ -1,3 +1,4 @@
---
- import_tasks: install.yml
tags: [faf, faf_install, packages]

2
roles/abrt/faf/tasks/web.yml
View file

@ -1,4 +1,4 @@
---
- name: Set url_suffix fact
set_fact:
url_suffix: ""

1
roles/abrt/requirements.yml
View file

@ -1,4 +1,5 @@
# Install a role from GitHub
---
- name: faf
src: https://github.com/abrt/ansible-role-faf.git
version: master

8
roles/abrt/retrace-post/tasks/retrace_setup.yml
View file

@ -1,6 +1,6 @@
---
#long running tasks - run them in background - we do not actually care about the results
# long running tasks - run them in background - we do not actually care about the results
- name: reposync for fedora
shell: nohup retrace-server-reposync fedora {{ item[0] }} {{ item[1] }} </dev/null >$(mktemp /tmp/ansible.reposync_for_fedoraXXXXXX.log) &
loop: "{{ rs_internal_fedora_vers | product(rs_internal_arch_list) | list }}"
@ -20,20 +20,20 @@
- file:
path: /srv/retrace/repos
state: directory
mode: 0755
mode: "0755"
owner: retrace
group: retrace
- file:
path: /srv/retrace/tasks
state: directory
mode: 0755
mode: "0755"
owner: retrace
group: retrace
- file:
path: /srv/retrace/hardlink-local
state: directory
mode: 0755
mode: "0755"
owner: retrace
group: retrace

6
roles/abrt/retrace-pre/tasks/main.yml
View file

@ -47,7 +47,7 @@
file:
path: /srv/retrace/repos
state: directory
mode: 0755
mode: "0755"
owner: retrace
group: retrace
@ -55,13 +55,13 @@
file:
path: /srv/retrace/tasks
state: directory
mode: 0755
mode: "0755"
owner: retrace
group: retrace
- file:
path: /srv/retrace/hardlink-local
state: directory
mode: 0755
mode: "0755"
owner: retrace
group: retrace

7
roles/abrt/retrace/.github/workflows/ansible-lint.yml vendored
View file

@ -1,10 +1,11 @@
---
name: Check Ansible Role
on:
on: # yamllint disable-line rule:truthy
push:
branches: [ master ]
branches: [master]
pull_request:
branches: [ master ]
branches: [master]
jobs:
lint:

6
roles/abrt/retrace/tasks/config.yml
View file

@ -3,19 +3,19 @@
template:
src: etc-retrace-server.conf.j2
dest: /etc/retrace-server/retrace-server.conf
mode: 0644
mode: "0644"
notify: restart httpd
- name: retrace-server http config
template:
src: retrace-server-httpd.conf.j2
dest: /etc/httpd/conf.d/retrace-server-httpd.conf
mode: 0644
mode: "0644"
notify: restart httpd
- name: configure retrace-server hooks config
template:
src: etc-retrace-server-hooks.conf.j2
dest: /etc/retrace-server/retrace-server-hooks.conf
mode: 0644
mode: "0644"
notify: restart httpd

1
roles/ansible-osbuild-worker/meta/main.yml
View file

@ -1,3 +1,4 @@
---
galaxy_info:
role_name: osbuild_worker
namespace: osbuild

1
roles/apache/handlers/main.yml
View file

@ -1,2 +1,3 @@
---
- name: restart apache
command: /usr/local/bin/conditional-restart.sh httpd httpd

98
roles/apps-fp-o/files/apps.yaml
View file

@ -1,7 +1,4 @@
%YAML 1.2
# This file is managed in two places, please keep them synchronised:
# - https://pagure.io/fedora-infra/ansible/blob/main/f/roles/apps-fp-o/files/apps.yaml
# - https://github.com/fedora-infra/apps.fp.o/blob/develop/data/apps.yaml
---
name: Fedora Apps
data:
@ -20,7 +17,7 @@ children:
data:
url: https://fedorapeople.org
user_url: https://{user}.fedorapeople.org
status_mappings: ['people']
status_mappings: [people]
description: >
Being a community member you gain access to fedorapeople which
provides you with a space on the web where you can upload
@ -37,7 +34,7 @@ children:
- https://fedora-infra-docs.readthedocs.io/en/latest/sysadmin-guide/sops/fas-openid.html
- https://fedora-infra-docs.readthedocs.io/en/latest/sysadmin-guide/sops/accountdeletion.html
- https://fedora-infra-docs.readthedocs.io/en/latest/sysadmin-guide/sops/nonhumanaccounts.html
status_mappings: ['fas']
status_mappings: [fas]
description: >
Fedora Accounts. Update your profile
information and apply for membership in groups.
@ -48,14 +45,13 @@ children:
source_url: https://github.com/fedora-infra/fmn/
bugs_url: https://github.com/fedora-infra/fmn/issues/
docs_url: https://fmn.readthedocs.io/
sops:
- https://docs.fedoraproject.org/en-US/infra/sysadmin_guide/fmn/
status_mappings: ['fedmsg']
sops: [https://docs.fedoraproject.org/en-US/infra/sysadmin_guide/fmn/]
status_mappings: [fedmsg]
description: >
Centrally managed preferences for Fedora Infrastructure
notifications to your inbox, irc client, and mobile device.
- name: Badges
status_mappings: ['badges']
status_mappings: [badges]
data:
icon: badges.png
url: https://badges.fedoraproject.org
@ -63,8 +59,7 @@ children:
source_url: https://github.com/fedora-infra/tahrir/
bugs_url: https://github.com/fedora-infra/tahrir/issues/
docs_url: https://tahrir.readthedocs.org/en/latest/
sops:
- https://infrastructure.fedoraproject.org/infra/docs/badges.rst
sops: [https://infrastructure.fedoraproject.org/infra/docs/badges.rst]
description: >
An achievements system for Fedora Contributors! "Badges"
are awarded based on activity in the community. Can you
@ -86,9 +81,8 @@ children:
source_url: https://github.com/askbot/askbot-devel
bugs_url: https://github.com/askbot/askbot-devel/issues/
docs_url: http://askbot.org/doc/index.html
sops:
- https://infrastructure.fedoraproject.org/infra/docs/askbot.rst
status_mappings: ['ask']
sops: [https://infrastructure.fedoraproject.org/infra/docs/askbot.rst]
status_mappings: [ask]
description: >
Any question at all about Fedora? Ask it here.
- name: The Wiki
@ -99,9 +93,8 @@ children:
source_url: https://www.mediawiki.org/
bugs_url: https://www.mediawiki.org/wiki/Phabricator#Get_started
docs_url: https://www.mediawiki.org/wiki/Sysadmin_hub
sops:
- https://infrastructure.fedoraproject.org/infra/docs/wiki.rst
status_mappings: ['wiki']
sops: [https://infrastructure.fedoraproject.org/infra/docs/wiki.rst]
status_mappings: [wiki]
description: >
Maintain your own user profile page, contribute to
documents about features, process, and governance.
@ -132,7 +125,7 @@ children:
- name: Docs
data:
url: https://docs.fedoraproject.org
status_mappings: ['docs']
status_mappings: [docs]
# TODO - add the docs_url. I asked pete travis for info on this
# docs_url: put the url here
# TODO - add a sop.
@ -177,7 +170,7 @@ children:
docs_url: https://tflink.fedorapeople.org/blockerbugs/docs/
sops:
- https://infrastructure.fedoraproject.org/infra/docs/blockerbugs.rst
status_mappings: ['blockerbugs']
status_mappings: [blockerbugs]
description: >
The Fedora Blocker Bug Tracker tracks release blocking bugs
and related updates in Fedora releases currently under
@ -230,9 +223,8 @@ children:
source_url: https://github.com/fedora-infra/koschei
bugs_url: https://github.com/fedora-infra/koschei/issues
docs_url: https://fedoraproject.org/wiki/Koschei
sops:
- https://infrastructure.fedoraproject.org/infra/docs/koschei.rst
status_mappings: ['koschei']
sops: [https://infrastructure.fedoraproject.org/infra/docs/koschei.rst]
status_mappings: [koschei]
description: >
Koschei is a continuous integration system for RPM packages. It
tracks dependency changes done in Koji repositories and rebuilds
@ -268,9 +260,8 @@ children:
source_url: https://github.com/fedora-infra/elections
bugs_url: https://github.com/fedora-infra/elections/issues
docs_url: https://github.com/fedora-infra/elections/blob/develop/README.md
sops:
- https://infrastructure.fedoraproject.org/infra/docs/voting.rst
status_mappings: ['elections']
sops: [https://infrastructure.fedoraproject.org/infra/docs/voting.rst]
status_mappings: [elections]
description: >
As a member of the community, you can now vote for the
different steering committees and for this you will use the
@ -284,9 +275,8 @@ children:
source_url: https://gitlab.com/mailman/hyperkitty
bugs_url: https://gitlab.com/mailman/hyperkitty/issues
docs_url: https://hyperkitty.readthedocs.org/en/latest/
sops:
- https://infrastructure.fedoraproject.org/infra/docs/mailman.rst
status_mappings: ['mailinglists']
sops: [https://infrastructure.fedoraproject.org/infra/docs/mailman.rst]
status_mappings: [mailinglists]
description: >
Mailing lists are used for communication within the community.
There are lists for generic topics and lists more dedicated
@ -298,9 +288,8 @@ children:
source_url: https://github.com/fedora-infra/fedocal
bugs_url: https://github.com/fedora-infra/fedocal/issues
docs_url: https://fedocal.readthedocs.org/en/latest/
sops:
- https://infrastructure.fedoraproject.org/infra/docs/fedocal.rst
status_mappings: ['fedocal']
sops: [https://infrastructure.fedoraproject.org/infra/docs/fedocal.rst]
status_mappings: [fedocal]
description: >
The Fedora Calendar (or <strong>fedocal</strong>), you might
have already guessed, is a public calendar service. You can
@ -317,19 +306,17 @@ children:
sops:
- https://infrastructure.fedoraproject.org/infra/docs/mote.rst
- https://infrastructure.fedoraproject.org/infra/docs/zodbot.rst
status_mappings: ['zodbot']
status_mappings: [zodbot]
description: >
Fedora Infrastructure runs a friendly IRC bot that you may
know named <a href="https://fedoraproject.org/wiki/Zodbot">zodbot</a>.
Among its many and varied functions is logging IRC meetings,
the archives of which you can find here.
- name: Packaging
data:
description: >
Tools for packagers -- where the pieces of the distribution get
built.
children:
- name: Packages
data:
@ -340,7 +327,7 @@ children:
docs_url: http://threebean.org/blog/history-of-fedora-packages/
sops:
- https://infrastructure.fedoraproject.org/infra/docs/fedorapackages.rst
status_mappings: ['packages']
status_mappings: [packages]
description: >
A meta-app over the other packaging apps; the best place to
find out what is in the Fedora repositories. Which
@ -349,7 +336,8 @@ children:
reported against them. All these kind of questions can be
answered here.
It is sometimes called "Fedora Community v2" after the old
<a href="https://admin.fedoraproject.org/community">Fedora Community</a> site.
<a href="https://admin.fedoraproject.org/community">Fedora Community</a>
site.
- name: COPR
data:
icon: copr.png
@ -362,9 +350,8 @@ children:
# Also:
# - https://copr-keygen.readthedocs.org/
# - https://copr-rest-api.readthedocs.org/
sops:
- https://infrastructure.fedoraproject.org/infra/docs/copr.rst
status_mappings: ['copr']
sops: [https://infrastructure.fedoraproject.org/infra/docs/copr.rst]
status_mappings: [copr]
description: >
Copr is an easy-to-use automatic build system providing a
package repository as its output. You can make your **own** repositories!
@ -381,7 +368,7 @@ children:
sops:
- https://infrastructure.fedoraproject.org/infra/docs/koji.rst
- https://infrastructure.fedoraproject.org/infra/docs/koji-builder-setup.rst
status_mappings: ['koji']
status_mappings: [koji]
description: >
Koji is the software that builds RPM packages for the
Fedora project. It uses Mock to create chroot
@ -396,9 +383,8 @@ children:
source_url: https://github.com/fedora-infra/bodhi
bugs_url: https://github.com/fedora-infra/bodhi/issues
docs_url: https://bodhi.fedoraproject.org/docs
sops:
- https://infrastructure.fedoraproject.org/infra/docs/bodhi.rst
status_mappings: ['bodhi']
sops: [https://infrastructure.fedoraproject.org/infra/docs/bodhi.rst]
status_mappings: [bodhi]
description: >
The tool you will use to push your packages to the Fedora
repositories as an update, first an update to be tested
@ -413,7 +399,7 @@ children:
source_url: https://pagure.io/pagure
bugs_url: https://pagure.io/pagure/issues
docs_url: https://pagure.io/docs/pagure/
status_mappings: ['pkgs']
status_mappings: [pkgs]
description: >
Ever wonder <em>exactly</em> what is in the new release
of a Fedora package? This is where the change histories
@ -425,14 +411,12 @@ children:
description: >
mdapi is a small API exposing the metadata contained in
different RPM repositories.
- name: Upstream
data:
description: >
Tools for <a
href="https://fedoraproject.org/wiki/Staying_close_to_upstream_projects">upstream</a>
developers -- because we love you.
children:
- name: Release Monitoring
data:
@ -475,7 +459,7 @@ children:
data:
icon: pagure.png
url: https://pagure.io/
status_mappings: ['pagure']
status_mappings: [pagure]
description: >
Pagure is a git-centered forge, python based using pygit2.
With pagure you can host your project with its documentation,
@ -483,7 +467,6 @@ children:
the ticketing system and build your community of contributors
by allowing them to fork your projects and contribute to it
via the now-popular pull-request mechanism.
- name: Infrastructure
data:
description: >
@ -526,16 +509,14 @@ children:
source_url: https://github.com/fedora-infra/datagrepper
bugs_url: https://github.com/fedora-infra/datagrepper/issues
docs_url: https://github.com/fedora-infra/datagrepper/blob/develop/README.rst
sops:
- https://infrastructure.fedoraproject.org/infra/docs/datanommer.rst
status_mappings: ['fedmsg']
sops: [https://infrastructure.fedoraproject.org/infra/docs/datanommer.rst]
status_mappings: [fedmsg]
description: >
DataGrepper is an HTTP API for querying the datanommer
database. You can use it to dig into the history of the
<a href="https://fedmsg.readthedocs.io/">fedmsg</a> message bus. You
can grab events by username, by package, by message
source, by topic... you name it.
- name: Status
data:
icon: status-good.png
@ -565,7 +546,7 @@ children:
- https://infrastructure.fedoraproject.org/infra/docs/mastermirror.rst
- https://infrastructure.fedoraproject.org/infra/docs/mirrorhiding.rst
- https://infrastructure.fedoraproject.org/infra/docs/mirrormanager-S3-EC2-netblocks.rst
status_mappings: ['mirrormanager', 'mirrorlist']
status_mappings: [mirrormanager, mirrorlist]
description: >
Fedora is distributed to millions of systems globally.
This would not be possible without the donations of time,
@ -582,8 +563,7 @@ children:
source_url: https://github.com/NagiosEnterprises/nagioscore
bugs_url: https://pagure.io/fedora-infrastructure/issues
docs_url: https://www.nagios.org/documentation/
sops:
- https://infrastructure.fedoraproject.org/infra/docs/nagios.rst
sops: [https://infrastructure.fedoraproject.org/infra/docs/nagios.rst]
description: >
"Is telia down?" The answer can most definitively be
found here (and in detail). The Fedora Infrastructure
@ -597,8 +577,7 @@ children:
source_url: https://github.com/collectd/collectd
bugs_url: https://github.com/collectd/collectd/issues
docs_url: https://collectd.org/documentation.shtml
sops:
- https://infrastructure.fedoraproject.org/infra/docs/collectd.rst
sops: [https://infrastructure.fedoraproject.org/infra/docs/collectd.rst]
description: >
Tracks and displays statistics on the Fedora
Infrastructure machines over time. Useful for debugging
@ -609,8 +588,7 @@ children:
source_url: https://git.haproxy.org/
bugs_url: https://www.haproxy.org/knownbugs-1.3.html
docs_url: https://www.haproxy.org/#docs
sops:
- https://infrastructure.fedoraproject.org/infra/docs/haproxy.rst
sops: [https://infrastructure.fedoraproject.org/infra/docs/haproxy.rst]
description: >
Shows the health of our proxies. How many bytes?
Concurrent sessions? Health checks?
@ -625,7 +603,7 @@ children:
- name: Ipsilon
data:
url: https://pagure.io/ipsilon
description: >
description: >-
Ipsilon is our central authentication agent that is used to
authenticate users agains FAS. It is seperate from FAS. The
only service that is not using this currently is the wiki.

1
roles/apps-fp-o/handlers/main.yml
View file

@ -1,3 +1,4 @@
---
- name: rebuild apps-fp-o html
shell: /usr/bin/apps-fp-o-yaml2html.py > /srv/web/apps-fp-o/apps-yaml.html

1
roles/apps-fp-o/tasks/main.yml
View file

@ -1,3 +1,4 @@
---
- name: Install that apps-fp-o rpm package
package: name=apps-fp-o state=present
tags:

10
roles/awx/podman/tasks/main.yml
View file

@ -10,7 +10,7 @@
ansible.builtin.file:
path: "~{{ podman_user }}/.config/containers"
state: directory
mode: 0700
mode: "0700"
owner: "{{ podman_user }}"
group: "{{ podman_group }}"
@ -23,7 +23,7 @@
dest: "~{{ podman_user }}/.config/containers/containers.conf"
owner: "{{ podman_user }}"
group: "{{ podman_group }}"
mode: 0600
mode: "0600"
- name: Create empty mounts config file to avoid permissions error message
ansible.builtin.copy:
@ -32,17 +32,17 @@
force: false
owner: "{{ podman_user }}"
group: "{{ podman_group }}"
mode: 0600
mode: "0600"
- name: Ensure registries.conf.d exists
ansible.builtin.file:
path: /etc/containers/registries.conf.d/
state: directory
mode: 0755
mode: "0755"
- name: Force fully qualified image names to be provided to podman pull
ansible.builtin.copy:
content: |
unqualified-search-registries = []
dest: /etc/containers/registries.conf.d/force-fully-qualified-images.conf
mode: 0644
mode: "0644"

1
roles/base/tasks/crypto-policies.yml
View file

@ -1,3 +1,4 @@
---
- name: Check current crypto-policy
command: "update-crypto-policies --show"
register: currentcryptopolicy

1
roles/base/tasks/postfix.yml
View file

@ -1,3 +1,4 @@
---
- name: /etc/postfix/main.cf
copy: src={{ item }} dest=/etc/postfix/main.cf
with_first_found:

1
roles/base/tasks/watchdog.yml
View file

@ -1,3 +1,4 @@
---
- name: See if theres a watchdog device
stat: path=/dev/watchdog
when: ansible_virtualization_role is defined and ansible_virtualization_role == 'guest'

10
roles/basessh/tasks/main.yml
View file

@ -7,20 +7,20 @@
- name: make sure there is no old ssh host key for the host still around
local_action: known_hosts path={{item}} host={{ inventory_hostname }} state=absent
ignore_errors: True
ignore_errors: true
with_items:
- /root/.ssh/known_hosts
when: birthday is defined
- name: gather ssh host key from new instance
local_action: command ssh-keyscan -t rsa {{ inventory_hostname }}
ignore_errors: True
ignore_errors: true
register: hostkey
when: birthday is defined
- name: add new ssh host key (until we can sign it)
local_action: known_hosts path={{item}} key="{{ hostkey.stdout }}" host={{ inventory_hostname }} state=present
ignore_errors: True
ignore_errors: true
with_items:
- /root/.ssh/known_hosts
when: birthday is defined
@ -163,7 +163,7 @@
state=directory
delegate_to: localhost
run_once: true
changed_when: False
changed_when: false
tags:
- basessh
- sshd_cert
@ -249,6 +249,6 @@
- name: make sure there is no old ssh host key for the host still around
local_action: known_hosts path={{item}} host={{ inventory_hostname }} state=absent
ignore_errors: True
ignore_errors: true
with_items:
- /root/.ssh/known_hosts

9
roles/batcave/tasks/main.yml
View file

@ -6,6 +6,7 @@
# make directory for nfs mounts to live in
#
---
- name: create /srv/web/pub for nfs mounts
file: dest=/srv/web/pub state=directory mode=0755
tags:
@ -38,7 +39,7 @@
- fedora-messaging # To send/receive messages on the amqp bus
- ansible-freeipa # For the IPA server configuration tasks
- moreutils # needed for pee command for dns repo hook
#- python39-jmespath # for the copr playbooks
# - python39-jmespath # for the copr playbooks
- rhel-system-roles # for networking
- python3-requests-kerberos # for authentication via kinit inside ansible
tags:
@ -94,7 +95,7 @@
copy:
src: make-rabbitmq-certs-public.sh
dest: /etc/cron.daily/make-rabbitmq-certs-public
mode: 0755
mode: "0755"
tags:
- batcave
- config
@ -404,7 +405,7 @@
template:
src: geoip-download-databases
dest: /usr/local/bin/geoip-download-databases
mode: 0700
mode: "0700"
tags:
- batcave
- config
@ -413,7 +414,7 @@
copy:
src: geoip-download-databases.cron
dest: /etc/cron.d/geoip-download-databases.cron
mode: 0644
mode: "0644"
tags:
- batcave
- config

2
roles/bkernel/tasks/main.yml
View file

@ -63,7 +63,7 @@
template:
src: bkernel-site-defaults.cfg
dest: /etc/mock/site-defaults.cfg
mode: 0644
mode: "0644"
owner: root
group: mock
tags:

2
roles/bodhi2/backend/tasks/main.yml
View file

@ -131,7 +131,7 @@
- -c
- "from sys import version_info as vi; print(f'{vi[0]}.{vi[1]}')"
register: _python3_version_result
changed_when: False
changed_when: false
- name: Set Python version fact
set_fact:

4
roles/btrfs/tasks/main.yml
View file

@ -12,7 +12,7 @@
path: /etc/systemd/system/btrfs-balance.timer.d
owner: root
group: root
mode: 0755
mode: "0755"
- name: Configure btrfs-balance timer
@ -21,7 +21,7 @@
dest: /etc/systemd/system/btrfs-balance.timer.d/schedule.conf
owner: root
group: root
mode: 0644
mode: "0644"
notify:
- reload systemd
- restart btrfs-balance

1
roles/builder_repo/tasks/main.yml
View file

@ -1,3 +1,4 @@
---
- name: add builder infra yum repo
file: dest=/etc/yum.repos.d/builder-infrastructure.repo state=absent
tags:

2
roles/centosci-keytab/tasks/main.yml
View file

@ -5,7 +5,7 @@
state: directory
owner: root
group: root
mode: 0750
mode: "0750"
- name: Acquire a keytab for staging
include_role:

2
roles/cgit/base/tasks/main.yml
View file

@ -43,6 +43,6 @@
when: inventory_hostname.startswith('batcave')
tags: cgit
#- name: install the libravatar filter
# - name: install the libravatar filter
# copy: src=email-libravatar-korg.lua dest=/usr/libexec/cgit/filters/email-libravatar-korg.lua owner=root group=root mode=0755
# tags: cgit

1
roles/check-compose/defaults/main.yml
View file

@ -1,3 +1,4 @@
---
checkcompose_prod: false
checkcompose_amqp_passive: false
checkcompose_amqp_url: "amqps://fedora:@rabbitmq.fedoraproject.org/%2Fpublic_pubsub"

1
roles/check-compose/handlers/main.yml
View file

@ -1,4 +1,5 @@
# Restart handler for our fedora-messaging consumer
---
- name: Conditionally restart check-compose consumer service
command: /usr/local/bin/conditional-restart.sh fm-consumer@check-compose
listen:

9
roles/check-compose/tasks/main.yml
View file

@ -101,13 +101,14 @@
# by openqa/dispatcher role; ideally we should factor this out into a
# shared task or something.
#- name: Install required packages (testing)
# - name: Install required packages (testing)
# dnf: name={{ item }} state=present enablerepo="updates-testing"
# with_items:
# - python3-fedfind
# tags:
# - packages
---
- name: Install required packages
package:
name: ['fedora-messaging', 'python3-fedfind', 'python3-openqa_client', 'python3-pip',
@ -138,7 +139,7 @@
- name: Create /etc/pki/fedora-messaging
file:
dest: /etc/pki/fedora-messaging
mode: 0775
mode: "0775"
owner: root
group: root
state: directory
@ -153,7 +154,7 @@
copy:
src: "{{ private }}/files/rabbitmq/{{ checkcompose_env }}/pki/issued/{{ openqa_amqp_this_username }}.crt"
dest: "/etc/pki/fedora-messaging/{{ openqa_amqp_this_username }}-cert.pem"
mode: 0644
mode: "0644"
owner: root
group: root
when: "deployment_type is defined"
@ -168,7 +169,7 @@
copy:
src: "{{ private }}/files/rabbitmq/{{ checkcompose_env }}/pki/private/{{ openqa_amqp_this_username }}.key"
dest: "/etc/pki/fedora-messaging/{{ openqa_amqp_this_username }}-key.pem"
mode: 0640
mode: "0640"
owner: root
group: geekotest
when: "deployment_type is defined"

1
roles/chrony/tasks/main.yml
View file

@ -1,3 +1,4 @@
---
- name: install chrony
package: name=chrony state=present
tags:

1
roles/cloudstats/tasks/main.yml
View file

@ -1,3 +1,4 @@
---
- name: Install the cloud-image-stat script
copy: >
src=cloud-image-stat.py dest=/usr/local/bin/cloud-image-stat.py

7
roles/collectd/base/tasks/main.yml
View file

@ -1,8 +1,7 @@
# collectd client setup
# install pkg
---
- name: install collectd
package: name=collectd state=present
tags:
@ -106,7 +105,7 @@
seboolean: name=collectd_tcp_network_connect state=yes persistent=yes
tags:
- collectd
ignore_errors: True
ignore_errors: true
notify:
- restart collectd
when: ( collectd_apache is defined ) and ansible_selinux.status != "disabled"
@ -182,8 +181,6 @@
- collectd
- selinux
# each of the below should move to a separate task list
# since they are odd-balls and one-offs

1
roles/collectd/fedmsg-activation/tasks/main.yml
View file

@ -1,3 +1,4 @@
---
- name: Copy in /usr/local/bin/fedmsg-map
copy: src=fedmsg-map.py dest=/usr/local/bin/fedmsg-map mode=0755
tags:

1
roles/collectd/fedmsg-service/vars/main.yml
View file

@ -1,2 +1,3 @@
---
user: fedmsg
process: fedmsg-hub

3
roles/collectd/rabbitmq/tasks/main.yml
View file

@ -1,3 +1,4 @@
---
- name: install collectd-rabbitmq
package:
state: present
@ -20,7 +21,7 @@
dest: "/etc/collectd.d/rabbitmq.conf"
owner: root
group: root
mode: 0640
mode: "0640"
tags:
- collectd
- config

2
roles/collectd/web-service/tasks/main.yml
View file

@ -21,4 +21,4 @@
seboolean: name=collectd_tcp_network_connect state=yes persistent=yes
tags:
- collectd
ignore_errors: True
ignore_errors: true

2
roles/communishift/default/main.yml
View file

@ -1,7 +1,7 @@
---
communishift_efs_access_key: "OVERRIDEME"
communishift_efs_secret_key: "OVERRIDEME"
communishift_project_name: "OVERRIDEME"
communishift_region: "OVERRIDEME"
communishift_subnet_id: "OVERRIDEME"
communishift_security_group: "OVERRIDEME"

2
roles/communishift/tasks/cleanup-administration-tasks.yml
View file

@ -1,3 +1,3 @@
---
#- include_tasks: retrieve-communishift-admin-data.yml
# - include_tasks: retrieve-communishift-admin-data.yml
- include_tasks: send-tenant-deletion-notifications.yml

1
roles/copr/backend/files/provision/create_swap_file.yml
View file

@ -1,3 +1,4 @@
---
- name: install enable-swap.service
copy:
src: files/enable-swap.service

2
roles/copr/backend/files/provision/playbook-prepare-builder-to-create-images.yml
View file

@ -96,7 +96,7 @@
--run-command "chcon -v -R -h system_u:object_r:ssh_home_t:s0 /root/.ssh" )
EIMG_DOUBLECHECK_WAITING_FOR_IPV4=true
dest: /etc/eimg/eimg.sh
mode: 0644
mode: "0644"
- stat: path={{ private_key_file }}
register: key_stat

4
roles/copr/backend/files/provision/provision_builder_tasks.yml
View file

@ -209,7 +209,7 @@
- name: run /bin/copr-update-builder from copr-builder package
shell: /usr/bin/copr-update-builder
#- name: install the latest mock and mock-core-configs from updates-testing
# - name: install the latest mock and mock-core-configs from updates-testing
# package: state=latest name={{ packages }}
# register: mock_updated
# vars:
@ -259,7 +259,7 @@
dest: /etc/security/limits.d/50-copr-fds.conf
owner: root
group: root
mode: 0644
mode: "0644"
when:
- preparing_image

1
roles/copr/backend/handlers/main.yml
View file

@ -1,3 +1,4 @@
---
- name: chmod_key
file: path=/etc/lighttpd/copr-be.fedoraproject.org.pem owner=root group=root mode=0600

8
roles/copr/backend/tasks/copr-ping.yml
View file

@ -35,7 +35,7 @@
src: "{{ ping_script }}.j2"
owner: "{{ ping_user }}"
group: "{{ ping_user }}"
mode: 0700
mode: "0700"
tags: copr_ping
- name: install the check script
@ -44,7 +44,7 @@
src: "copr-ping-check.py.j2"
owner: "{{ ping_user }}"
group: "nagios"
mode: 0750
mode: "0750"
tags: copr_ping
- name: selinux - allow nrpe_t to read ping_log
@ -65,7 +65,7 @@
path: "{{ ping_homedir }}/.config"
owner: "{{ ping_user }}"
group: "{{ ping_user }}"
mode: 0755
mode: "0755"
state: directory
tags: copr_ping
@ -78,7 +78,7 @@
token = {{ copr_ping_bot_token }}
copr_url = https://copr.fedorainfracloud.org
dest: "{{ ping_homedir }}/.config/copr"
mode: 0600
mode: "0600"
owner: "{{ ping_user }}"
group: "{{ ping_user }}"
tags: copr_ping

1
roles/copr/backend/tasks/install_cloud_cert.yml
View file

@ -1,3 +1,4 @@
---
- name: copy .pem
copy: src=../../files/fedora-cloud/fed-cloud09.pem dest=/etc/pki/ca-trust/source/anchors/
register: cloud_pem_copied

18
roles/copr/backend/tasks/main.yml
View file

@ -34,7 +34,7 @@
tags:
- packages
#- name: patch for prunerepo, issue 1090
# - name: patch for prunerepo, issue 1090
# patch: src=patches/prunerepo-dataloss.patch
# dest=/usr/bin/prunerepo
# tags: patches
@ -64,7 +64,7 @@
dest: /home/copr/.ssh/config
owner: copr
group: copr
mode: 0600
mode: "0600"
tags:
- backend_to_hv_ssh_config
- provision_config
@ -85,7 +85,7 @@
- name: auth_key so we can login to localhost as the copr user from the copr user
authorized_key: user=copr key="{{ item }}"
no_log: True
no_log: true
with_file:
- "provision/files/buildsys.pub"
@ -139,13 +139,13 @@
src: cgi-resalloc
dest: /var/www/
setype: httpd_sys_script_exec_t
mode: 0755
mode: "0755"
- name: install the helper scripts for lighttpd log rotation
copy:
src: "{{ item }}"
dest: /usr/local/bin/{{ item }}
mode: 0755
mode: "0755"
owner: root
group: root
with_items:
@ -167,7 +167,7 @@
service: state=started enabled=yes name=lighttpd
# setup dirs for the ansible execution off of provisioning
#- name: dirs from provision
# - name: dirs from provision
# file: state=directory path="/home/copr/provision/{{ item }}" owner=copr group=copr
# with_items:
# - action_plugins
@ -278,7 +278,7 @@
- command: "ls -dZ /var/lib/copr/public_html/"
register: public_html_ls
check_mode: no
changed_when: False
changed_when: false
- name: update selinux context for results if root folder does not have proper type
command: "restorecon -vvRF /var/lib/copr/public_html/"
@ -304,7 +304,7 @@
copy:
content: "{{ copr_red_hat_subscription_offline_token }}"
dest: "{{ rhn_offline_token_file }}"
mode: 0600
mode: "0600"
owner: resalloc
group: resalloc
tags:
@ -314,7 +314,7 @@
template:
src: "{{ item }}"
dest: /usr/local/bin/{{ item }}
mode: 0755
mode: "0755"
loop:
- cleanup-unused-vms-from-redis
- cleanup-unused-redhat-subscriptions

1
roles/copr/backend/tasks/network.yml
View file

@ -1,3 +1,4 @@
---
- name: copy ifcfg-eth1
copy: src="ifcfg-eth1" dest=/etc/sysconfig/network-scripts/ owner=root group=root mode=644

6
roles/copr/backend/tasks/pulp.yml
View file

@ -10,7 +10,7 @@
path: /home/copr/.config/pulp/
owner: copr
group: copr
mode: 0700
mode: "0700"
- name: Install Pulp auth certificates
copy:
@ -18,7 +18,7 @@
dest: "/home/copr/.config/pulp/"
owner: copr
group: copr
mode: 0600
mode: "0600"
with_items:
- copr-pulp-prod.crt
- copr-pulp-prod.key
@ -30,4 +30,4 @@
dest: "/home/copr/.config/pulp/cli.toml"
owner: copr
group: copr
mode: 0600
mode: "0600"

14
roles/copr/backend/tasks/resalloc.yml
View file

@ -33,7 +33,7 @@
line: "{{ item }}"
owner: postgres
group: postgres
mode: 0600
mode: "0600"
with_items:
- "all postgres postgres"
- "all resalloc resalloc"
@ -101,7 +101,7 @@
file:
path: /var/lib/resallocserver/.ssh
state: directory
mode: 0700
mode: "0700"
owner: resalloc
group: resalloc
@ -111,7 +111,7 @@
dest: /var/lib/resallocserver/.ssh/id_rsa
owner: resalloc
group: resalloc
mode: 0600
mode: "0600"
- name: resalloc, ssh config file
template:
@ -119,7 +119,7 @@
dest: /var/lib/resallocserver/.ssh/config
owner: resalloc
group: resalloc
mode: 0600
mode: "0600"
tags:
- backend_to_hv_ssh_config
- provision_config
@ -128,7 +128,7 @@
template:
src: "resalloc/{{ item }}"
dest: "/etc/resallocserver/{{ item }}"
mode: 0640
mode: "0640"
owner: resalloc
group: resalloc
with_items:
@ -160,7 +160,7 @@
copy:
src: copr-prepare-s390x-image-builder
dest: /usr/local/bin/copr-prepare-s390x-image-builder
mode: 0755
mode: "0755"
tags:
- images_s390x
@ -173,6 +173,6 @@
dest: "{{ ibmcloud_token_file }}"
owner: resalloc
group: resalloc
mode: 0600
mode: "0600"
tags:
- provision_config

6
roles/copr/backend/tasks/setup_provisioning_environment.yml
View file

@ -35,7 +35,7 @@
template:
src: "{{ roles_path }}/copr/backend/templates/provision/{{ item }}"
dest: "{{ provision_directory }}/{{ item }}"
mode: 0755
mode: "0755"
with_items:
- upload-qcow2-images
tags:
@ -48,7 +48,7 @@
template:
src: "{{ roles_path }}/copr/backend/templates/provision/{{ item }}"
dest: "{{ provision_directory }}/{{ item }}"
mode: 0755
mode: "0755"
with_items:
- libvirt-new
tags:
@ -93,6 +93,6 @@
dest: "{{ provision_directory }}/.rc-osuosl.sh"
owner: "{{ provision_user }}"
group: "{{ provision_user }}"
mode: 0600
mode: "0600"
tags:
- provision_config

1
roles/copr/backend/templates/provision/aws_cloud_vars.yml
View file

@ -1,3 +1,4 @@
---
aws_access_key: {{ copr_aws_access_key_id }}
aws_secret_key: {{ copr_aws_secret_access_key }}

5
roles/copr/backend/templates/resalloc/server.yaml
View file

@ -1,6 +1,7 @@
---
db_url: 'postgresql://resalloc@/resalloc'
logdir: '/var/log/resallocserver'
# Listen only on localhost!
hostname: 'localhost'
#port: 49100
#loglevel: info
# port: 49100
# loglevel: info

4
roles/copr/base/tasks/main.yml
View file

@ -6,10 +6,10 @@
# again to late to do it here
# - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml"
# already included into the `base` role
#- import_tasks: "{{ tasks_path }}/postfix_basic.yml"
# - import_tasks: "{{ tasks_path }}/postfix_basic.yml"
# To late to do it here (
#- name: setup correct hostname for copr machine
# - name: setup correct hostname for copr machine
# hostname: name="{{ copr_hostbase }}.cloud.fedoraproject.org"
# # hostname: name="{{ hostbase|regex_replace('.*-$', '')}}.cloud.fedoraproject.org"
# tags:

2
roles/copr/certbot/tasks/letsencrypt.yml
View file

@ -133,7 +133,7 @@
file:
path: "{{ le_backup_path }}"
# nobody, except for root, can step into this directory (on batcave)
mode: 0700
mode: "0700"
owner: root
group: root
state: directory

1
roles/copr/certbot/tasks/main.yml
View file

@ -1,3 +1,4 @@
---
- include_tasks: letsencrypt.yml
when:
- letsencrypt is defined

1
roles/copr/dist_git/handlers/main.yml
View file

@ -1,3 +1,4 @@
---
- name: reload httpd
service: name="httpd" state="restarted"

1
roles/copr/dist_git/tasks/main.yml
View file

@ -1,3 +1,4 @@
---
- import_tasks: "mount_fs.yml"
# pre-create users/groups and copy uids/gids from the current prod copr-dist-git

1
roles/copr/dist_git/tasks/mount_fs.yml
View file

@ -1,3 +1,4 @@
---
- name: prepare mount point
file: state=directory path=/var/lib/dist-git

1
roles/copr/frontend/handlers/main.yml
View file

@ -1,3 +1,4 @@
---
- import_tasks: "{{ handlers_path }}/restart_services.yml"
- name: restart postgresql

12
roles/copr/frontend/tasks/main.yml
View file

@ -4,7 +4,7 @@
- name: register security context for pgsql directory
command: "ls -dZ /var/lib/pgsql"
register: pgsql_ls
changed_when: False # `ls' command is not changing anything
changed_when: false # `ls' command is not changing anything
- name: update selinux context for postgress db dir if it's wrong
command: "restorecon -vvRF /var/lib/pgsql"
@ -47,7 +47,7 @@
copy:
src: copr-frontend-prometheus-monitoring.py
dest: /usr/bin/copr-frontend-prometheus-monitoring.py
mode: 0750
mode: "0750"
owner: root
group: root
tags:
@ -70,7 +70,7 @@
tags:
- packages
#- name: patch for issue XXX
# - name: patch for issue XXX
# patch: src=patches/xxx.patch
# dest=/the/patched/file.py
# tags: patches
@ -164,8 +164,8 @@
become: yes
become_user: copr-fe
register: update_indexes_required_result
changed_when: False
failed_when: False
changed_when: false
failed_when: false
- name: rebuild indexes
command: ./manage.py update_indexes
@ -229,7 +229,7 @@
dest: "/usr/bin/copr-cdn-check.py"
src: "copr-cdn-check.py.j2"
group: "nagios"
mode: 0750
mode: "0750"
vars:
api_key: "{{ copr_uptimerobot_api_key_ro | default('not-configured') }}"
tags: copr_cdn

2
roles/copr/frontend/tasks/mount_fs.yml
View file

@ -1,6 +1,6 @@
---
- name: mount up disk of copr fe
mount: name=/srv/copr-fe src='LABEL=copr-fe' fstype=ext4 state=mounted
- name: mount up bind mount for postgres
mount: src=/srv/copr-fe/pgsqldb name=/var/lib/pgsql fstype=auto opts=bind state=mounted

5
roles/copr/frontend/tasks/psql_setup.yml
View file

@ -1,3 +1,4 @@
---
- name: install postresql
package: state=present pkg={{ item }}
with_items:
@ -131,7 +132,7 @@
dest: "{{ copr_fe_homedir }}/.psqlrc"
owner: copr-fe
group: copr-fe
mode: 0600
mode: "0600"
- name: install pgpass file
copy:
@ -140,7 +141,7 @@
dest: "{{ copr_fe_homedir }}/.pgpass"
owner: copr-fe
group: copr-fe
mode: 0400
mode: "0400"
- stat: path="{{ copr_fe_homedir }}/.psql_history"
register: history_file

2
roles/copr/hypervisor/tasks/main.yml
View file

@ -159,7 +159,7 @@
src: "{{ private }}/files/copr/buildsys.priv"
dest: /home/copr/.ssh/id_rsa
owner: copr
mode: 0600
mode: "0600"
- name: provide pub key, too, so we can install them to generated builder images
copy: src=buildsys.pub dest=/home/copr/.ssh/id_rsa.pub

1
roles/copr/keygen/tasks/setup_backup.yml
View file

@ -1,3 +1,4 @@
---
- name: ensure /backup dir
file: path=/backup state=directory

1
roles/debug_env/tasks/main.yml
View file

@ -3,5 +3,6 @@
# the env from ansible to see what variables and facts are.
# Taken from https://coderwall.com/p/13lh6w
#
---
- name: Dump all ansible vars
template: src=dumpall.j2 dest=/tmp/debug_env.out

1
roles/developer/build/tasks/main.yml
View file

@ -1,3 +1,4 @@
---
- name: Create directories
file: state=directory
path=/srv/web/{{item}}

1
roles/developer/website/tasks/main.yml
View file

@ -1,3 +1,4 @@
---
- name: Copy in the sync-developer cronjob
copy: src=cron-sync-developer dest=/etc/cron.d/sync-developer
tags:

1
roles/distgit/templates/repospanner-admin.yml
View file

@ -4,4 +4,3 @@ admin:
ca: /etc/pagure/ca.crt
cert: /etc/pagure/fedora_rpms_admin.crt
key: /etc/pagure/fedora_rpms_admin.key

2
roles/dns/tasks/main.yml
View file

@ -49,7 +49,7 @@
- config
- dns
#- name: create GeoIP acl
# - name: create GeoIP acl
# command: /var/named/GeoIP.sh
# changed_when: "1 != 1"
# notify:

3
roles/docker-distribution/defaults/main.yml
View file

@ -7,7 +7,7 @@ conf_path: "/etc/docker-distribution/registry/config.yml"
# Config directives
tls:
enabled: False
enabled: false
certificate: "PATH_TO_CERT"
key: "PATH_TO_KEY"
log:
@ -28,4 +28,3 @@ cert:
cert_dest: "ca.crt"
key_src: "ca.key"
key_dest: "ca.key"

61
roles/docker-distribution/meta/main.yml
View file

@ -20,18 +20,18 @@ galaxy_info:
# the ones that apply to your role. If you don't see your
# platform on this list, let us know and we'll get it added!
#
#platforms:
#- name: EL
# platforms:
# - name: EL
# versions:
# - all
# - 5
# - 6
# - 7
#- name: GenericUNIX
# - name: GenericUNIX
# versions:
# - all
# - any
#- name: Solaris
# - name: Solaris
# versions:
# - all
# - 10
@ -39,7 +39,7 @@ galaxy_info:
# - 11.1
# - 11.2
# - 11.3
#- name: Fedora
# - name: Fedora
# versions:
# - all
# - 16
@ -49,15 +49,15 @@ galaxy_info:
# - 20
# - 21
# - 22
#- name: Windows
# - name: Windows
# versions:
# - all
# - 2012R2
#- name: SmartOS
# - name: SmartOS
# versions:
# - all
# - any
#- name: opensuse
# - name: opensuse
# versions:
# - all
# - 12.1
@ -65,16 +65,16 @@ galaxy_info:
# - 12.3
# - 13.1
# - 13.2
#- name: Amazon
# - name: Amazon
# versions:
# - all
# - 2013.03
# - 2013.09
#- name: GenericBSD
# - name: GenericBSD
# versions:
# - all
# - any
#- name: FreeBSD
# - name: FreeBSD
# versions:
# - all
# - 8.0
@ -86,7 +86,7 @@ galaxy_info:
# - 9.1
# - 9.1
# - 9.2
#- name: Ubuntu
# - name: Ubuntu
# versions:
# - all
# - lucid
@ -100,7 +100,7 @@ galaxy_info:
# - trusty
# - utopic
# - vivid
#- name: SLES
# - name: SLES
# versions:
# - all
# - 10SP3
@ -109,11 +109,11 @@ galaxy_info:
# - 11SP1
# - 11SP2
# - 11SP3
#- name: GenericLinux
# - name: GenericLinux
# versions:
# - all
# - any
#- name: Debian
# - name: Debian
# versions:
# - all
# - etch
@ -125,23 +125,22 @@ galaxy_info:
# Below are all categories currently available. Just as with
# the platforms above, uncomment those that apply to your role.
#
#categories:
#- cloud
#- cloud:ec2
#- cloud:gce
#- cloud:rax
#- clustering
#- database
#- database:nosql
#- database:sql
#- development
#- monitoring
#- networking
#- packaging
#- system
#- web
# categories:
# - cloud
# - cloud:ec2
# - cloud:gce
# - cloud:rax
# - clustering
# - database
# - database:nosql
# - database:sql
# - development
# - monitoring
# - networking
# - packaging
# - system
# - web
dependencies: []
# List your role dependencies here, one per line.
# Be sure to remove the '[]' above if you add dependencies
# to this list.

1
roles/easyfix/proxy/tasks/main.yml
View file

@ -1,3 +1,4 @@
---
- name: Ensure dir for content exists
file: dest=/srv/web/gather-easyfix owner=root group=root mode=0755 state=directory
tags:

1
roles/fas2discourse/default/main.yml
View file

@ -1,3 +1,4 @@
---
fas2discourse_hostname: "fas2discourse.hostna.me"
fas2discourse_namespace: "fas2discourse-operator"
fas2discourse_project_description: "The fas2discourse-operator is responsible for synchronising group membership for users between Discourse and IPA."

3
roles/fas2discourse/tasks/administration-tasks.yml
View file

@ -5,11 +5,10 @@
state: directory
owner: root
group: root
mode: 0770
mode: "0770"
recurse: yes
- include_tasks: create-operator-namespace.yml
- include_tasks: create-keytab-secret.yml
- include_tasks: create-discourse-apikey-secret.yml
- include_tasks: deploy-fas2discourse-operator.yml

3
roles/fas2discourse/tasks/create-discourse-apikey-secret.yml
View file

@ -4,9 +4,8 @@
template:
src: "secret-discourse-apikey.yml"
dest: "/root/ocp4/openshift-apps/fas2discourse-operator/secret-discourse-apikey.yml"
mode: 0770
mode: "0770"
# apply created openshift resources
- name: oc apply resources
command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/fas2discourse-operator/secret-discourse-apikey.yml"

7
roles/fas2discourse/tasks/create-keytab-secret.yml
View file

@ -4,15 +4,15 @@
ansible.builtin.fetch:
src: "/etc/openshift_apps/fas2discourse/fas2discourse{{ env_suffix }}-keytab.kt"
dest: "/etc/openshift_apps/fas2discourse/fas2discourse{{ env_suffix }}-keytab.kt"
flat: True
mode: 0600
flat: true
mode: "0600"
# generate the templates for project to be created
- name: copy the templates to the host
template:
src: "secret-keytab.yml"
dest: "/root/ocp4/openshift-apps/fas2discourse-operator/secret-keytab.yml"
mode: 0770
mode: "0770"
vars:
fas2discourse_keytab_file:
"{{ lookup('file',
@ -22,4 +22,3 @@
# apply created openshift resources
- name: oc apply resources
command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/fas2discourse-operator/secret-keytab.yml"

3
roles/fas2discourse/tasks/create-keytab.yml
View file

@ -6,7 +6,7 @@
state: directory
owner: root
group: root
mode: 0750
mode: "0750"
tags:
- create-keytab
@ -21,4 +21,3 @@
host: "{{ fas2discourse_hostname }}"
tags:
- create-keytab

2
roles/fas2discourse/tasks/create-operator-namespace.yml
View file

@ -4,7 +4,7 @@
template:
src: "namespace.yml"
dest: "/root/ocp4/openshift-apps/fas2discourse-operator/namespace.yml"
mode: 0770
mode: "0770"
# apply created openshift resources
- name: oc apply resources

1
roles/fas2discourse/tasks/deploy-fas2discourse-operator.yml
View file

@ -15,4 +15,3 @@
make:
chdir: "/root/ocp4/openshift-apps/fas2discourse-operator/fas2discourse-operator/"
target: "deploy"

1
roles/fas2discourse/templates/namespace.yml
View file

@ -6,4 +6,3 @@ metadata:
annotations:
openshift.io/description: "{{ fas2discourse_project_description }}"
openshift.io/display-name: "{{ fas2discourse_namespace }}"

2
roles/fas2discourse/templates/secret-discourse-apikey.yml
View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Secret
metadata:
@ -12,4 +13,3 @@ data:
"{{ (env == 'production')|ternary(fas2discourse_fasjson_hostname, fas2discourse_stg_fasjson_hostname) | b64encode }}"
fas2discourse-principal:
"{{ (env == 'production')|ternary(fas2discourse_principal, fas2discourse_stg_principal) | b64encode }}"

2
roles/fas2discourse/templates/secret-keytab.yml
View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Secret
metadata:
@ -6,4 +7,3 @@ metadata:
data:
fas2discourse-keytab:
"{{ fas2discourse_keytab_file | b64encode }}"

1
roles/fasjson/tasks/main.yml
View file

@ -33,4 +33,3 @@
- config
- fasjson
when: fasjson_aliases is defined

1
roles/fedmsg/crl/tasks/main.yml
View file

@ -3,6 +3,7 @@
# repo and throw it into fedoraproject.org/fedmsg/crl.pem
# See https://infrastructure.fedoraproject.org/infra/docs/fedmsg-certs.txt
---
- name: Ensure dir for content exists
file: dest=/srv/web/fedmsg owner=apache group=apache mode=0755 state=directory
tags:

3
roles/fedmsg/gateway/slave/tasks/main.yml
View file

@ -27,7 +27,7 @@
when: (ansible_distribution_major_version|int >= 30 and ansible_distribution == 'Fedora') or (ansible_distribution == 'RedHat' and ansible_distribution_major_version|int >= 8)
#- name: Apply fixing patch
# - name: Apply fixing patch
# patch: src=fixup.patch dest=/usr/lib/python2.7/site-packages/fedmsg/consumers/__init__.py
# tags:
# - packages
@ -135,4 +135,3 @@
ignore_errors: true
tags:
- fedmsgmonitor

1
roles/fedmsg/gateway/tasks/main.yml
View file

@ -1,3 +1,4 @@
---
- name: install fedmsg-gateway
package: name=fedmsg-gateway state=present
tags:

5
roles/fedmsg/hub/defaults/main.yml
View file

@ -1,9 +1,10 @@
# This is false by default. You have to override it when including the role.
enable_websocket_server: False
---
enable_websocket_server: false
# Absolute memory limit in megabytes for fedmsg-hub and fedmsg-bub-3
# services. Zero means infinity (no limit).
fedmsg_hub_memory_limit_mb: 0
# Restart fedmsg-hub.service on failure.
fedmsg_hub_auto_restart: False
fedmsg_hub_auto_restart: false

2
roles/fedmsg/irc/tasks/main.yml
View file

@ -1,4 +1,4 @@
---
- name: install package for fedmsg-irc
package:
state: present

1
roles/fedmsg/relay/tasks/main.yml
View file

@ -1,6 +1,7 @@
# This is a *very* simple role. The config needed for fedmsg-relay to operate
# correctly is actually included as part of the fedmsg/base role.
---
- name: install fedmsg-relay (yum)
package: name=fedmsg-relay state=present
tags:

1
roles/fedora-budget/build/tasks/main.yml
View file

@ -1,3 +1,4 @@
---
- file: dest=/srv/web/budget.fedoraproject.org state=directory
- template: >

1
roles/fedora-budget/proxy/tasks/main.yml
View file

@ -1,3 +1,4 @@
---
- name: Copy in the sync-budget cronjob
copy: src=cron-sync-budget dest=/etc/cron.d/sync-budget
tags:

Some files were not shown because too many files have changed in this diff Show more