From a562b8a3f874d8c60a924cb40e823b40c07146f6 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Thu, 19 Sep 2019 17:01:10 +0000 Subject: [PATCH] ansible_distribution_version: address FIXME's/review tweaks. download: mod_limitipconn isn't used anyone, dropped the entire line. transient_cloud: just dropped the dnf part and use 'package' entirely. sshd_config: UsePrivilegeSeparation isn't used in Fedora at all. koji_hub: no fedora or rhel8 hubs yet, so just 7 is fine for now. openvpn: changes look ok packages3: Should get cverna to review, packages is using fedora now. varnish: no rhel8 varnish servers yet. Signed-off-by: Kevin Fenzi --- playbooks/groups/download.yml | 2 -- playbooks/transient_cloud_instance.yml | 9 ++------- playbooks/transient_newcloud_instance.yml | 9 ++------- roles/basessh/templates/sshd_config | 1 - roles/koji_hub/tasks/main.yml | 8 -------- roles/openvpn/base/tasks/main.yml | 2 -- roles/packages3/web/tasks/main.yml | 1 - roles/varnish/tasks/main.yml | 1 - 8 files changed, 4 insertions(+), 29 deletions(-) diff --git a/playbooks/groups/download.yml b/playbooks/groups/download.yml index 698ab7b9b1..9cd4b9984e 100644 --- a/playbooks/groups/download.yml +++ b/playbooks/groups/download.yml @@ -26,7 +26,6 @@ - "/srv/private/ansible/vars.yml" - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml" -# FIXME: is checking for RedHat correct here ? roles: - base - rkhunter @@ -36,7 +35,6 @@ - collectd/base - apache - download - - { role: mod_limitipconn, when: ansible_distribution_major_version|int != '7' and ansible_distribution is 'RedHat'} - rsyncd - { role: nfs/client, when: datacenter == "phx2", mnt_dir: '/srv/pub', nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' } - { role: nfs/client, when: datacenter == "rdu", mnt_dir: '/srv/pub', nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' } diff --git a/playbooks/transient_cloud_instance.yml b/playbooks/transient_cloud_instance.yml index 53300ccff2..f4aa0564bb 100644 --- a/playbooks/transient_cloud_instance.yml +++ b/playbooks/transient_cloud_instance.yml @@ -67,14 +67,9 @@ - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - - name: install cloud-utils (yum) + - name: install cloud-utils package: name=cloud-utils state=present - when: ansible_distribution_major_version|int < 8 and ansible_distribution is 'RedHat' - -# FIXME no Fedora ? - - name: install cloud-utils (dnf) - command: dnf install -y cloud-utils - when: ansible_distribution_major_version|int > 7 and ansible_cmdline.ostree is not defined + when: ansible_cmdline.ostree is not defined - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" diff --git a/playbooks/transient_newcloud_instance.yml b/playbooks/transient_newcloud_instance.yml index 207679d613..2973dd7517 100644 --- a/playbooks/transient_newcloud_instance.yml +++ b/playbooks/transient_newcloud_instance.yml @@ -74,14 +74,9 @@ - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - - name: install cloud-utils (yum) + - name: install cloud-utils package: name=cloud-utils state=present - when: ansible_distribution_major_version|int < 8 and ansible_distribution is 'RedHat' - -# FIXME no Fedora ? - - name: install cloud-utils (dnf) - command: dnf install -y cloud-utils - when: ansible_distribution_major_version|int > 7 and ansible_cmdline.ostree is not defined + when: ansible_cmdline.ostree is not defined - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" diff --git a/roles/basessh/templates/sshd_config b/roles/basessh/templates/sshd_config index 43f9b4d849..ae1f788cb5 100644 --- a/roles/basessh/templates/sshd_config +++ b/roles/basessh/templates/sshd_config @@ -33,7 +33,6 @@ PermitTunnel no {% if ansible_distribution_major_version == "6" and ansible_distribution is 'RedHat' %} UsePrivilegeSeparation yes -#FIXME: How about RHEL8 and Fedora ? sandbox as well ? {% elif ansible_distribution_major_version == "7" and ansible_distribution is 'RedHat' %} UsePrivilegeSeparation sandbox {% endif %} diff --git a/roles/koji_hub/tasks/main.yml b/roles/koji_hub/tasks/main.yml index 8cfffa77bd..0649d94a30 100644 --- a/roles/koji_hub/tasks/main.yml +++ b/roles/koji_hub/tasks/main.yml @@ -350,20 +350,12 @@ - selinux - koji_hub -- name: set sebooleans so koji can anon write - seboolean: name=allow_httpd_anon_write state=true persistent=true - tags: - - selinux - - koji_hub - when: ansible_distribution == "RedHat" and ansible_distribution_major_version|int == 6 - - name: set sebooleans so koji can anon write seboolean: name=httpd_anon_write state=true persistent=true tags: - selinux - koji_hub when: ansible_distribution == "RedHat" and ansible_distribution_major_version|int == 7 -# FIXME wht about RHEL8+ ? - name: Set httpd to run on boot service: name=httpd enabled=yes diff --git a/roles/openvpn/base/tasks/main.yml b/roles/openvpn/base/tasks/main.yml index 8550c60cd9..01ffbcdcbb 100644 --- a/roles/openvpn/base/tasks/main.yml +++ b/roles/openvpn/base/tasks/main.yml @@ -1,8 +1,6 @@ --- # OpenVpn basic configuration -# FIXME lots of changes, please review carefully: -# - name: Install needed package package: state: present diff --git a/roles/packages3/web/tasks/main.yml b/roles/packages3/web/tasks/main.yml index 23a28e1d3a..37cc0a3154 100644 --- a/roles/packages3/web/tasks/main.yml +++ b/roles/packages3/web/tasks/main.yml @@ -1,5 +1,4 @@ --- -# FIXME: Are these hosts really running RHEL or do we need to check for CentOS ? # # Configuration for the fedora-packages webapp - name: install needed packages diff --git a/roles/varnish/tasks/main.yml b/roles/varnish/tasks/main.yml index f1bd50de84..c0a0cf1972 100644 --- a/roles/varnish/tasks/main.yml +++ b/roles/varnish/tasks/main.yml @@ -23,7 +23,6 @@ tags: - varnish when: ansible_distribution_major_version|int == 7 and ansible_distribution is 'RedHat' -#FIXME: RHEL8+ ? - name: install varnish /etc/systemd/system/varnish.service file (fedora 29+) template: src=varnish.f29.j2 dest=/etc/systemd/system/varnish.service owner=root group=root