From 9299c11ae0bb38c069233fbc7bb951266f09c122 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Tue, 24 Feb 2015 18:23:25 +0000 Subject: [PATCH] Add ipsilon01.stg.phx2 Signed-off-by: Patrick Uiterwijk --- inventory/group_vars/ipsilon-stg | 15 ++++ .../ipsilon01.stg.phx2.fedoraproject.org | 12 ++++ playbooks/groups/ipsilon.yml | 68 +++++++++++++++++++ 3 files changed, 95 insertions(+) create mode 100644 inventory/group_vars/ipsilon-stg create mode 100644 inventory/host_vars/ipsilon01.stg.phx2.fedoraproject.org create mode 100644 playbooks/groups/ipsilon.yml diff --git a/inventory/group_vars/ipsilon-stg b/inventory/group_vars/ipsilon-stg new file mode 100644 index 0000000000..828c0859ff --- /dev/null +++ b/inventory/group_vars/ipsilon-stg @@ -0,0 +1,15 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443 ] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-main,sysadmin-accounts diff --git a/inventory/host_vars/ipsilon01.stg.phx2.fedoraproject.org b/inventory/host_vars/ipsilon01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..713c8d9c25 --- /dev/null +++ b/inventory/host_vars/ipsilon01.stg.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.35 +vmhost: virthost11.phx2.fedoraproject.org +datacenter: phx2 diff --git a/playbooks/groups/ipsilon.yml b/playbooks/groups/ipsilon.yml new file mode 100644 index 0000000000..11690c23aa --- /dev/null +++ b/playbooks/groups/ipsilon.yml @@ -0,0 +1,68 @@ +# create a new FedOAuth server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/ipsilon* or from hostvars + +- name: make ipsilon + hosts: ipsilon-stg + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: ipsilon-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - denyhosts + - nagios_client + - hosts + - fas_client + - rsyncd + - sudo + - { role: openvpn/client, + when: env != "staging" } + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/apache.yml" + - include: "{{ tasks }}/mod_wsgi.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: deploy ipsilon itself + hosts: ipsilon-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + roles: + - ipsilon + + handlers: + - include: "{{ handlers }}/restart_services.yml"