diff --git a/inventory/inventory b/inventory/inventory index 6953c3fe84..10810b5857 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -272,7 +272,7 @@ kerneltest01.stg.phx2.fedoraproject.org [kernel-qa] kernel01.qa.fedoraproject.org -kernel02.qa.fedoraproject.org +#kernel02.qa.fedoraproject.org [keys] keys02.fedoraproject.org diff --git a/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml b/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml index 0c382f1f59..b317e1894c 100644 --- a/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml +++ b/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml @@ -138,6 +138,7 @@ - openstack-neutron - openstack-nova-common - haproxy + - http://people.redhat.com/~lkellogg/rpms/openvswitch-2.3.1-2.git20150113.el7.x86_64.rpm - yum: name=* state=latest - name: add ssl cert @@ -157,6 +158,10 @@ copy: src={{ private }}/files/openstack/fed-cloud09.pem dest=/etc/pki/tls/certs/fed-cloud09-neutron.pem mode=600 owner=neutron group=root - name: add ssl key for neutron copy: src={{ private }}/files/openstack/fed-cloud09.key dest=/etc/pki/tls/private/fed-cloud09-neutron.key mode=600 owner=neutron group=root + - name: add ssl cert for nova + copy: src={{ private }}/files/openstack/fed-cloud09.pem dest=/etc/pki/tls/certs/fed-cloud09-nova.pem mode=600 owner=nova group=root + - name: add ssl key for nova + copy: src={{ private }}/files/openstack/fed-cloud09.key dest=/etc/pki/tls/private/fed-cloud09-nova.key mode=600 owner=nova group=root # http://docs.openstack.org/trunk/install-guide/install/yum/content/basics-database-controller.html - name: install mysql packages @@ -310,6 +315,8 @@ - ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=osapi_compute_listen_port value=6774 - ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=ec2_listen_port value=6773 - ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=glance_api_servers value=https://{{ controller_hostname }}:9292 + - ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=cert value=/etc/pki/tls/certs/fed-cloud09-nova.pem + - ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=key value=/etc/pki/tls/private/fed-cloud09-nova.key - ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=novncproxy_host value={{ controller_hostname }} - ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=ssl_only value=False @@ -339,6 +346,11 @@ - ini_file: dest=/etc/cinder/api-paste.conf section="filter:authtoken" option=auth_protocol value=https - ini_file: dest=/etc/cinder/api-paste.conf section="filter:authtoken" option=service_protocol value=https - ini_file: dest=/etc/cinder/api-paste.conf section="filter:authtoken" option=cafile value=/etc/pki/tls/certs/fed-cloud09-keystone.pem + - ini_file: dest=/etc/cinder/api-paste.ini section="filter:authtoken" option=auth_uri value=https://{{ controller_hostname }}:5000 + - ini_file: dest=/etc/cinder/api-paste.ini section="filter:authtoken" option=auth_host value={{ controller_hostname }} + - ini_file: dest=/etc/cinder/api-paste.ini section="filter:authtoken" option=auth_protocol value=https + - ini_file: dest=/etc/cinder/api-paste.ini section="filter:authtoken" option=service_host value={{ controller_hostname }} + - ini_file: dest=/etc/cinder/api-paste.ini section="filter:authtoken" option=cafile value=/etc/pki/tls/certs/fed-cloud09-keystone.pem - ini_file: dest=/etc/neutron/neutron.conf section=keystone_authtoken option=auth_uri value=https://{{ controller_hostname }}:5000 - ini_file: dest=/etc/neutron/neutron.conf section=keystone_authtoken option=auth_protocol value=https @@ -372,7 +384,7 @@ - ini_file: dest=/etc/ceilometer/ceilometer.conf section=keystone_authtoken option=auth_host value={{ controller_hostname }} - ini_file: dest=/etc/ceilometer/ceilometer.conf section=keystone_authtoken option=cafile value=/etc/pki/tls/certs/fed-cloud09-keystone.pem - ini_file: dest=/etc/ceilometer/ceilometer.conf section=service_credentials option=os_auth_url value=https://{{ controller_hostname }}:35357/v2.0 - - ini_file: dest=/etc/ceilometer/ceilometer.conf section=api value=6777 + - ini_file: dest=/etc/ceilometer/ceilometer.conf section=api option=port value=6777 # enable stunell to neutron - shell: cat /etc/pki/tls/certs/fed-cloud09-keystone.pem /etc/pki/tls/private/fed-cloud09.key > /etc/haproxy/fed-cloud09.combined @@ -463,12 +475,13 @@ state=present with_items: - { name: persistent, desc: "persistent instances" } - - { name: qa, desc: "" } + - { name: qa, desc: "developmnet and test-day applications of QA" } - { name: transient, desc: 'transient instances' } - - { name: infrastructure, desc: "" } + - { name: infrastructure, desc: "one off instances for infrastructure folks to test or check something (proof-of-concept)" } - { name: cloudintern, desc: 'project for the cloudintern under mattdm' } - { name: cloudsig, desc: 'Fedora cloud sig folks.' } - - { name: copr, desc: 'Copr tenant for the buildsys' } + - { name: copr, desc: 'Space for Copr builders' } + - { name: coprdev, desc: 'Development version of Copr' } - { name: pythonbots, desc: 'project for python build bot users - twisted, etc' } - { name: scratch, desc: 'scratch and short term instances' } @@ -531,7 +544,16 @@ - { name: msuchy, email: 'msuchy@redhat.com', tenant: copr, password: "{{msuchy_password}}", public_key: "{{ lookup('pipe', '/srv/web/infra/ansible/scripts/auth-keys-from-fas msuchy') }}" } - { name: red, email: 'red@fedoraproject.org', tenant: infrastructure, password: "{{red_password}}", public_key: "{{ lookup('pipe', '/srv/web/infra/ansible/scripts/auth-keys-from-fas red') }}" } - #- shell: source /root/keystonerc_admin && F=$(mktemp) && {{ lookup('pipe', '/srv/web/infra/ansible/scripts/auth-keys-from-fas msuchy') }}> "$F" && nova --os-username msuchy --os-password {{msuchy_password}} --os-tenant-name copr keypair-list | ( grep msuchy || nova --os-username msuchy --os-password {{msuchy_password}} --os-tenant-name copr keypair-add --pub_key "$F" msuchy ); rm -f "$F" + - name: Create role coprdev + shell: source /root/keystonerc_admin && keystone role-list |grep coprdev || keystone role-create --name coprdev + - name: Assign users to coprdev as secondary tentant + keystone_user: + endpoint="https://{{controller_hostname}}:35357/v2.0" + login_user="admin" login_password="{{ ADMIN_PASS }}" + role=coprdev user={{ item }} tenant=coprdev + with_items: + - msuchy + - copr ##### NETWORK #### # http://docs.openstack.org/havana/install-guide/install/apt/content/install-neutron.configure-networks.html @@ -580,7 +602,8 @@ # 172.25.96.1/20 - cloudsig (172.25.96.1 - 172.25.111.254) # 172.25.112.1/20 - qa (172.25.112.1 - 172.25.127.254) # 172.25.128.1/20 - pythonbots (172.25.128.1 - 172.25.143.254) - # 172.25.143.1/20 -- 172.25.240.1/20 - free + # 172.25.144.1/20 - coprdev (172.25.144.1 - 172.25.159.254) + # 172.25.160.1/20 -- 172.25.240.1/20 - free # 172.26.0.1/16 -- 172.31.0.1/16 - free (can be split to /20) # Cloudintern network @@ -594,6 +617,7 @@ - cloudintern - cloudsig - copr + - coprdev - infrastructure - persistent - pythonbots @@ -610,6 +634,7 @@ - cloudintern - cloudsig - copr + - coprdev - infrastructure - persistent - pythonbots @@ -626,6 +651,7 @@ - cloudintern - cloudsig - copr + - coprdev - infrastructure - persistent - pythonbots @@ -646,6 +672,7 @@ - { name: cloudintern, cidr: '172.25.0.1/20', gateway: '172.25.0.1' } - { name: cloudsig, cidr: '172.25.96.1/20', gateway: '172.25.96.1' } - { name: copr, cidr: '172.25.80.1/20', gateway: '172.25.80.1' } + - { name: coprdev, cidr: '172.25.144.1/20', gateway: '172.25.144.1' } - { name: infrastructure, cidr: '172.25.16.1/20', gateway: '172.25.16.1' } - { name: persistent, cidr: '172.25.32.1/20', gateway: '172.25.32.1' } - { name: pythonbots, cidr: '172.25.128.1/20', gateway: '172.25.128.1' } @@ -663,6 +690,7 @@ - cloudintern - cloudsig - copr + - coprdev - infrastructure - persistent - pythonbots @@ -694,6 +722,7 @@ - cloudintern - cloudsig - copr + - coprdev - infrastructure - persistent - pythonbots @@ -722,6 +751,7 @@ - { name: cloudintern, prefix: '172.25.0.1/20' } - { name: cloudsig, prefix: '172.25.96.1/20' } - { name: copr, prefix: '172.25.80.1/20' } + - { name: coprdev, prefix: '172.25.80.1/20' } - { name: infrastructure, prefix: "172.25.16.1/20" } - { name: persistent, prefix: "172.25.32.1/20" } - { name: pythonbots, prefix: '172.25.128.1/20' } @@ -818,7 +848,7 @@ # nova quota-defaults # nova quota-show --tenant $TENANT_ID # default is 10 instances, 20 cores, 51200 RAM, 10 floating IPs - - shell: source /root/keystonerc_admin && keystone tenant-list | grep 'copr' | awk '{print $2}' + - shell: source /root/keystonerc_admin && keystone tenant-list | grep 'copr ' | awk '{print $2}' register: TENANT_ID - shell: source /root/keystonerc_admin && nova quota-update --instances 40 --cores 80 --ram 512000 --floating-ips 40 {{ TENANT_ID.stdout }} diff --git a/roles/cloud_compute/tasks/main.yml b/roles/cloud_compute/tasks/main.yml index 70da22f617..8cbf352f48 100644 --- a/roles/cloud_compute/tasks/main.yml +++ b/roles/cloud_compute/tasks/main.yml @@ -266,3 +266,10 @@ - file: src=/etc/neutron/plugins/ml2/ml2_conf.ini dest=/etc/neutron/plugin.ini state=link notify: - restart openstack-nova-compute + +# This needs to be run after controller reprovision +#- name: "restart neutron-openvswitch-agent" +# service: name=neutron-openvswitch-agent state=restarted +#- name: "restart openstack-nova-compute" +# service: name=openstack-nova-compute state=restarted + diff --git a/roles/kojipkgs/tasks/main.yml b/roles/kojipkgs/tasks/main.yml index c9fb965eca..b62d1668d5 100644 --- a/roles/kojipkgs/tasks/main.yml +++ b/roles/kojipkgs/tasks/main.yml @@ -29,6 +29,11 @@ tags: - kojipkgs +- name: set seboolean for nfs httpd + seboolean: name=httpd_use_nfs state=true persistent=true + tags: + - kojipkgs + - name: install squid config files copy: src={{ item }} dest=/etc/squid/{{ item }} owner=root group=root mode=644 with_items: diff --git a/roles/rsyncd/files/rsyncd.conf.download-ibiblio b/roles/rsyncd/files/rsyncd.conf.download-ibiblio index f9bc001f30..a483fcdf4a 100644 --- a/roles/rsyncd/files/rsyncd.conf.download-ibiblio +++ b/roles/rsyncd/files/rsyncd.conf.download-ibiblio @@ -68,7 +68,7 @@ refuse options = checksum list = no uid = 263 gid = 263 - hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-che.mnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 129.101.198.59 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com sfo-korg-mirror.kernel.org + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 152.19.134.145 152.19.134.195 mirrors.mit.edu solar-one.mit.edu 10.64.10.11 mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 mirror.switch.ch [fedora-buffet0] comment = Fedora Buffet for Tier0|1 Mirrors @@ -76,7 +76,7 @@ refuse options = checksum list = no uid = 263 gid = 263 - hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-che.mnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 129.101.198.59 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com sfo-korg-mirror.kernel.org + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 152.19.134.145 152.19.134.195 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 mirror.switch.ch [fedora-epel0] comment = Fedora EPEL for Tier0|1 Mirrors @@ -84,7 +84,7 @@ refuse options = checksum list = no uid = 263 gid = 263 - hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-che.mnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 129.101.198.59 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com sfo-korg-mirror.kernel.org + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 mirror.switch.ch [fedora-alt0] comment = Fedora ALT for Tier0|1 Mirrors @@ -92,7 +92,7 @@ refuse options = checksum list = no uid = 100103 gid = 101737 - hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-che.mnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com sfo-korg-mirror.kernel.org + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 mirror.switch.ch # For distributing applications [log] diff --git a/roles/rsyncd/files/rsyncd.conf.download-phx2 b/roles/rsyncd/files/rsyncd.conf.download-phx2 index c237f69089..8bf342d10b 100644 --- a/roles/rsyncd/files/rsyncd.conf.download-phx2 +++ b/roles/rsyncd/files/rsyncd.conf.download-phx2 @@ -72,7 +72,7 @@ refuse options = checksum list = no uid = nobody gid = 263 - hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-che.mnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 152.19.134.145 152.19.134.195 mirrors.mit.edu solar-one.mit.edu 10.64.10.11 mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 152.19.134.145 152.19.134.195 mirrors.mit.edu solar-one.mit.edu 10.64.10.11 mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 mirror.switch.ch [fedora-buffet0] comment = Fedora Buffet for Tier0|1 Mirrors @@ -80,7 +80,7 @@ refuse options = checksum list = no uid = nobody gid = 263 - hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-che.mnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 152.19.134.145 152.19.134.195 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 152.19.134.145 152.19.134.195 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 mirror.switch.ch [fedora-epel0] comment = Fedora EPEL for Tier0|1 Mirrors @@ -88,7 +88,7 @@ refuse options = checksum list = no uid = nobody gid = 263 - hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-che.mnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 mirror.switch.ch [fedora-alt0] comment = Fedora ALT for Tier0|1 Mirrors @@ -96,7 +96,7 @@ refuse options = checksum list = no uid = 100103 gid = 101737 - hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-che.mnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 mirror.switch.ch # For distributing applications [log] diff --git a/roles/rsyncd/files/rsyncd.conf.download-rdu b/roles/rsyncd/files/rsyncd.conf.download-rdu index 0272735f67..89629623bd 100644 --- a/roles/rsyncd/files/rsyncd.conf.download-rdu +++ b/roles/rsyncd/files/rsyncd.conf.download-rdu @@ -68,7 +68,7 @@ refuse options = checksum list = no uid = nobody gid = 263 - hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-che.mnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 129.101.198.59 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com sfo-korg-mirror.kernel.org + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 152.19.134.145 152.19.134.195 mirrors.mit.edu solar-one.mit.edu 10.64.10.11 mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 mirror.switch.ch [fedora-buffet0] comment = Fedora Buffet for Tier0|1 Mirrors @@ -76,7 +76,7 @@ refuse options = checksum list = no uid = nobody gid = 263 - hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-che.mnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 129.101.198.59 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com sfo-korg-mirror.kernel.org + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 152.19.134.145 152.19.134.195 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 mirror.switch.ch [fedora-epel0] comment = Fedora EPEL for Tier0|1 Mirrors @@ -84,7 +84,7 @@ refuse options = checksum list = no uid = nobody gid = 263 - hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 129.101.198.59 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com sfo-korg-mirror.kernel.org + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 mirror.switch.ch [fedora-alt0] comment = Fedora ALT for Tier0|1 Mirrors @@ -92,7 +92,7 @@ refuse options = checksum list = no uid = 100103 gid = 101737 - hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com sfo-korg-mirror.kernel.org + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 mirror.switch.ch # For distributing applications [log] diff --git a/tasks/drbackupkey.yml b/tasks/drbackupkey.yml index 2f71fbcdf4..36cc17d92d 100644 --- a/tasks/drbackupkey.yml +++ b/tasks/drbackupkey.yml @@ -2,17 +2,18 @@ - name: ensure the drbackup group exists group: name=drbackup state=present +# Do not move the homedir outside of /home, since either this or uid < 1000 is required - name: ensure the drbackup user exists - user: name=drbackup comment="DR Backup User" group=drbackup shell=/bin/bash home=/var/lib/drbackup + user: name=drbackup comment="DR Backup User" group=drbackup shell=/bin/bash home=/home/drbackup - name: Make sure the drbackup homedir exists - file: dest=/var/lib/drbackup/ state=directory owner=drbackup group=drbackup mode=0700 + file: dest=/home/drbackup/ state=directory owner=drbackup group=drbackup mode=0700 - name: install the authorized SSH key - file: dest=/var/lib/drbackup/.ssh/ state=directory owner=drbackup group=drbackup mode=0700 + file: dest=/home/drbackup/.ssh/ state=directory owner=drbackup group=drbackup mode=0700 - name: install the backup ssh keys - copy: src={{private}}/files/backup.pub dest=/var/lib/drbackup/.ssh/authorized_keys owner=drbackup group=drbackup mode=0600 + copy: src={{private}}/files/backup.pub dest=/home/drbackup/.ssh/authorized_keys owner=drbackup group=drbackup mode=0600 # # deploy the confine-ssh script