Initial cut of new darkserver02 instance.

inventory/group_vars/darkserver

@@ -1,2 +1,11 @@
 ---
+# Define resources for this group of hosts here. 
+lvm_size: 20000
+mem_size: 6144
+num_cpus: 8
+
+tcp_ports: [ 80, 443 ]
+
+fas_client_groups: sysadmin-noc,sysadmin-darkserver,fi-apprentice
+
 freezes: false

inventory/host_vars/darkserver02.phx2.fedoraproject.org

@@ -0,0 +1,10 @@
+---
+nm: 255.255.255.0
+gw: 10.5.126.254
+dns: 10.5.126.21
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6
+ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/
+volgroup: /dev/vg_guests
+eth0_ip: 10.5.126.7
+vmhost: virthost22.phx2.fedoraproject.org
+datacenter: phx2

inventory/inventory

@@ -222,6 +222,7 @@ autosign01.phx2.fedoraproject.org
 
 [darkserver]
 darkserver01.phx2.fedoraproject.org
+darkserver02.phx2.fedoraproject.org
 
 [dbserver]
 db01.phx2.fedoraproject.org

playbooks/groups/darkserver.yml

@@ -0,0 +1,47 @@
+- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=darkserver02.phx2.fedoraproject.org"
+
+- name: make the box be real
+  hosts: darkserver02.phx2.fedoraproject.org
+  user: root
+  gather_facts: True
+
+  vars_files: 
+   - /srv/web/infra/ansible/vars/global.yml
+   - "/srv/private/ansible/vars.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  pre_tasks:
+
+  - name: "Add koji to hosts file"
+    lineinfile: dest=/etc/hosts line="10.5.125.36	koji koji.fedoraproject.org" state=present  
+
+  - name: "Set SElinux booleans"
+    seboolean: name=httpd_can_network_connect_db state=yes persistent=yes 
+
+  roles:
+  - base
+  - collectd/base
+  - fas_client
+  - hosts
+  - nagios_client
+  - rsyncd
+  - sudo
+  - { role: openvpn/client, when: env != "staging" }
+
+  - role: apache
+
+  - role: httpd/mod_ssl
+
+  - role: httpd/certificate
+    name: wildcard-2014.fedorapeople.org
+    SSLCertificateChainFile: wildcard-2014.fedorapeople.org.intermediate.cert
+
+  - darkserver
+ 
+  tasks:
+  - include: "{{ tasks }}/yumrepos.yml"
+  - include: "{{ tasks }}/2fa_client.yml"
+  - include: "{{ tasks }}/motd.yml"
+
+  handlers:
+  - include: "{{ handlers }}/restart_services.yml"

roles/darkserver/files/email.json

@@ -0,0 +1 @@
+"sysadmin-darkserver-members@fedoraproject.org"

roles/darkserver/tasks/main.yml

@@ -0,0 +1,24 @@
+#
+#  Setup darkserver packages
+#
+
+- name: setup darkserver
+  yum: name={{ item }} state=present
+  with_items:
+    - darkserver
+    - darkserver-importer
+
+- name: mail.json file
+  copy: src=mail.json dest=/etc/darkserver/email.json owner=root group=root mode=0644
+
+- name: darkserverweb.conf
+  template: src=darkserverweb.conf.j2 dest=/etc/darkserver/darkserverweb.conf owner=apache group=apache mode=0640
+  notify: restart httpd
+
+- name: darkjobworker.conf
+  template: src=darkjobworker.conf.j2 dest=/etc/darkserver/darkjobworker.conf owner=apache group=apache mode=640
+  notify: restart httpd
+
+- name: darkserver.conf
+  template: src=darkserver.conf.j2 dest=/etc/httpd/conf.d/darkserver.fedoraproject.org/darkserver.conf owner=root group=root mode=0644
+  notify: restart httpd

roles/darkserver/templates/darkjobworker.conf.j2

@@ -0,0 +1,11 @@
+[darkserver]
+{% if environment == "staging" %}
+host=db-darkserver.stg
+{% else %}
+host=db-darkserver
+{% endif %}
+database=darkserver
+user=darkwriter
+password={{ darkserverWriterDBPassword }}
+port=3306
+unique=127.0.0.1

roles/darkserver/templates/darkserver.conf.j2

@@ -0,0 +1,10 @@
+[darkserver]
+{% if environment == "staging" %}
+host=db-darkserver.stg
+{% else %}
+host=db-darkserver
+{% endif %}
+user=darkserver-koji
+password={{ darkserverKojiPluginDBPassword }}
+database=darkserver
+port=3306

roles/darkserver/templates/darkserverweb.conf.j2

@@ -0,0 +1,9 @@
+[darkserverweb]
+{% if environment == "staging" %}
+host=db-darkserver.stg
+{% else %}
+host=db-darkserver
+{% endif %}
+user=darkreader
+password={{ darkserverReaderDBPassword }}
+database=darkserver

roles/openvpn/server/files/ccd/darkserver01.phx2.fedoraproject.org

@@ -1,2 +1 @@
-# ifconfig-push actualIP PtPIP
+ifconfig-push 192.168.1.150 192.168.0.150
-ifconfig-push 192.168.1.91 192.168.0.91