Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

ansible_distribution_version: address FIXME's/review tweaks.

Browse source 
download: mod_limitipconn isn't used anyone, dropped the entire line.
transient_cloud: just dropped the dnf part and use 'package' entirely.
sshd_config: UsePrivilegeSeparation isn't used in Fedora at all.
koji_hub: no fedora or rhel8 hubs yet, so just 7 is fine for now.
openvpn: changes look ok
packages3: Should get cverna to review, packages is using fedora now.
varnish: no rhel8 varnish servers yet.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi 2019-09-19 17:01:10 +00:00 committed by Pierre-Yves Chibon
parent c9ed62ac32
commit a562b8a3f8
8 changed files with 4 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

2
playbooks/groups/download.yml
View file

@ -26,7 +26,6 @@
- "/srv/private/ansible/vars.yml" - "/srv/private/ansible/vars.yml"
- "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml" - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml"
# FIXME: is checking for RedHat correct here ?
roles: roles:
- base - base
- rkhunter - rkhunter
@ -36,7 +35,6 @@
- collectd/base - collectd/base
- apache - apache
- download - download
- { role: mod_limitipconn, when: ansible_distribution_major_version|int != '7' and ansible_distribution is 'RedHat'}
- rsyncd - rsyncd
- { role: nfs/client, when: datacenter == "phx2", mnt_dir: '/srv/pub', nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' } - { role: nfs/client, when: datacenter == "phx2", mnt_dir: '/srv/pub', nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' }
- { role: nfs/client, when: datacenter == "rdu", mnt_dir: '/srv/pub', nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' } - { role: nfs/client, when: datacenter == "rdu", mnt_dir: '/srv/pub', nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' }

9
playbooks/transient_cloud_instance.yml
View file

@ -67,14 +67,9 @@
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
tasks: tasks:
- name: install cloud-utils (yum) - name: install cloud-utils
package: name=cloud-utils state=present package: name=cloud-utils state=present
when: ansible_distribution_major_version|int < 8 and ansible_distribution is 'RedHat' when: ansible_cmdline.ostree is not defined
# FIXME no Fedora ?
- name: install cloud-utils (dnf)
command: dnf install -y cloud-utils
when: ansible_distribution_major_version|int > 7 and ansible_cmdline.ostree is not defined
- import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml"

9
playbooks/transient_newcloud_instance.yml
View file

@ -74,14 +74,9 @@
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
tasks: tasks:
- name: install cloud-utils (yum) - name: install cloud-utils
package: name=cloud-utils state=present package: name=cloud-utils state=present
when: ansible_distribution_major_version|int < 8 and ansible_distribution is 'RedHat' when: ansible_cmdline.ostree is not defined
# FIXME no Fedora ?
- name: install cloud-utils (dnf)
command: dnf install -y cloud-utils
when: ansible_distribution_major_version|int > 7 and ansible_cmdline.ostree is not defined
- import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml"

1
roles/basessh/templates/sshd_config
View file

@ -33,7 +33,6 @@ PermitTunnel no
{% if ansible_distribution_major_version == "6" and ansible_distribution is 'RedHat' %} {% if ansible_distribution_major_version == "6" and ansible_distribution is 'RedHat' %}
UsePrivilegeSeparation yes UsePrivilegeSeparation yes
#FIXME: How about RHEL8 and Fedora ? sandbox as well ?
{% elif ansible_distribution_major_version == "7" and ansible_distribution is 'RedHat' %} {% elif ansible_distribution_major_version == "7" and ansible_distribution is 'RedHat' %}
UsePrivilegeSeparation sandbox UsePrivilegeSeparation sandbox
{% endif %} {% endif %}

8
roles/koji_hub/tasks/main.yml
View file

@ -350,20 +350,12 @@
- selinux - selinux
- koji_hub - koji_hub
- name: set sebooleans so koji can anon write
seboolean: name=allow_httpd_anon_write state=true persistent=true
tags:
- selinux
- koji_hub
when: ansible_distribution == "RedHat" and ansible_distribution_major_version|int == 6
- name: set sebooleans so koji can anon write - name: set sebooleans so koji can anon write
seboolean: name=httpd_anon_write state=true persistent=true seboolean: name=httpd_anon_write state=true persistent=true
tags: tags:
- selinux - selinux
- koji_hub - koji_hub
when: ansible_distribution == "RedHat" and ansible_distribution_major_version|int == 7 when: ansible_distribution == "RedHat" and ansible_distribution_major_version|int == 7
# FIXME wht about RHEL8+ ?
- name: Set httpd to run on boot - name: Set httpd to run on boot
service: name=httpd enabled=yes service: name=httpd enabled=yes

2
roles/openvpn/base/tasks/main.yml
View file

@ -1,8 +1,6 @@
--- ---
# OpenVpn basic configuration # OpenVpn basic configuration
# FIXME lots of changes, please review carefully:
#
- name: Install needed package - name: Install needed package
package: package:
state: present state: present

1
roles/packages3/web/tasks/main.yml
View file

@ -1,5 +1,4 @@
--- ---
# FIXME: Are these hosts really running RHEL or do we need to check for CentOS ?
# #
# Configuration for the fedora-packages webapp # Configuration for the fedora-packages webapp
- name: install needed packages - name: install needed packages

1
roles/varnish/tasks/main.yml
View file

@ -23,7 +23,6 @@
tags: tags:
- varnish - varnish
when: ansible_distribution_major_version|int == 7 and ansible_distribution is 'RedHat' when: ansible_distribution_major_version|int == 7 and ansible_distribution is 'RedHat'
#FIXME: RHEL8+ ?
- name: install varnish /etc/systemd/system/varnish.service file (fedora 29+) - name: install varnish /etc/systemd/system/varnish.service file (fedora 29+)
template: src=varnish.f29.j2 dest=/etc/systemd/system/varnish.service owner=root group=root template: src=varnish.f29.j2 dest=/etc/systemd/system/varnish.service owner=root group=root