diff --git a/inventory/group_vars/nuancier-stg b/inventory/group_vars/nuancier-stg new file mode 100644 index 0000000000..d7c03eb6a1 --- /dev/null +++ b/inventory/group_vars/nuancier-stg @@ -0,0 +1,25 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 1024 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 80, 443, + # These 16 ports are used by fedmsg. One for each wsgi thread. + 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, + 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] + +fas_client_groups: sysadmin-noc,sysadmin-web + +# TODO -- we'll need fedmsg certs for nuancier nodes +# These are consumed by a task in tasks/fedmsg_base.yml +#fedmsg_certs: +#- service: shell +# owner: root +# group: sysadmin +#- service: tahrir +# owner: root +# group: apache diff --git a/inventory/host_vars/nuancier01.stg.phx2.fedoraproject.org b/inventory/host_vars/nuancier01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..903f19b324 --- /dev/null +++ b/inventory/host_vars/nuancier01.stg.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.202 +vmhost: virthost12.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/nuancier02.stg.phx2.fedoraproject.org b/inventory/host_vars/nuancier02.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..58d98a12e3 --- /dev/null +++ b/inventory/host_vars/nuancier02.stg.phx2.fedoraproject.org @@ -0,0 +1,10 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 +ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.203 +vmhost: virthost12.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/inventory b/inventory/inventory index 3f9ca27ff6..2b42a3f357 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -246,6 +246,10 @@ noc02.fedoraproject.org noc01.phx2.fedoraproject.org noc02.fedoraproject.org +[nuancier-stg] +nuancier01.stg.phx2.fedoraproject.org +nuancier02.stg.phx2.fedoraproject.org + [memcached] memcached03.phx2.fedoraproject.org memcached04.phx2.fedoraproject.org @@ -339,6 +343,7 @@ value01.stg.phx2.fedoraproject.org openid01.stg.phx2.fedoraproject.org badges-backend01.stg.phx2.fedoraproject.org badges-web01.stg.phx2.fedoraproject.org +nuancier01.stg.phx2.fedoraproject.org [taskbot] taskbot01.qa.fedoraproject.org diff --git a/playbooks/groups/nuancier.yml b/playbooks/groups/nuancier.yml new file mode 100644 index 0000000000..d2246f9813 --- /dev/null +++ b/playbooks/groups/nuancier.yml @@ -0,0 +1,55 @@ +# create a new nuancier server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars come from group_vars/badges-web* or from hostvars + +- name: make nuancier + # TODO -- add the nuancier production group when its ready + hosts: nuancier-stg + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - ${private}/vars.yml + - ${vars}/${ansible_distribution}.yml + + tasks: + - include: $tasks/virt_instance_create.yml + + handlers: + - include: $handlers/restart_services.yml + +- name: make the box be real + # TODO -- add the nuancier production group when its ready + hosts: nuancier-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - ${private}/vars.yml + - ${vars}/${ansible_distribution}.yml + + roles: + - /srv/web/infra/ansible/roles/base + - /srv/web/infra/ansible/roles/rkhunter + - /srv/web/infra/ansible/roles/denyhosts + - /srv/web/infra/ansible/roles/nagios_client + - /srv/web/infra/ansible/roles/fas_client + #- /srv/web/infra/ansible/roles/nuancier + + tasks: + - include: $tasks/hosts.yml + - include: $tasks/yumrepos.yml + - include: $tasks/2fa_client.yml + - include: $tasks/motd.yml + - include: $tasks/sudo.yml + - include: $tasks/openvpn_client.yml + only_if: "'$env' != 'staging'" + - include: $tasks/fedmsg_base.yml + - include: $tasks/apache.yml + - include: $tasks/mod_wsgi.yml + + handlers: + - include: $handlers/restart_services.yml