Merge branch 'master' of /git/ansible

.gitignore

@@ -1 +1,2 @@
 *.swp
+*.pyc

handlers/restart_services.yml

@@ -26,9 +26,6 @@
 - name: restart crond
   action: service name=crond state=restarted
 
-- name: restart denyhosts
-  action: service name=denyhosts state=restarted
-
 - name: restart httpd
   action: service name=httpd state=restarted
 
@@ -59,9 +56,6 @@
 - name: restart nfslock
   action: service name=nfslock state=restarted
 
-- name: restart nrpe
-  action: service name=nrpe state=restarted
-
 - name: restart ntpd
   action: service name=ntpd state=restarted
 
@@ -71,9 +65,6 @@
 - name: restart postfix
   action: service name=postfix state=restarted
 
-- name: restart postgresql
-  service: name=postgresql state=restarted
-
 - name: restart rpcbind
   action: service name=rpcbind state=restarted
 
@@ -92,11 +83,7 @@
 - name: restart sshd
   action: service name=sshd state=restarted
 
-- name: restart supervisord
-  action: service name=supervisord state=restarted
-
 - name: restart xinetd
   action: service name=xinetd state=restarted
 
-- name: run fasclient
-  action: command /usr/bin/fasClient -i
+

playbooks/groups/arm-packager.yml

@@ -11,17 +11,19 @@
    - ${private}/vars.yml
    - ${vars}/${ansible_distribution}.yml
 
+  roles:
+  - /srv/web/infra/ansible/roles/rkhunter
+  - /srv/web/infra/ansible/roles/denyhosts
+  - /srv/web/infra/ansible/roles/fas_client
+
   tasks:
   # this is how you include other task lists
   - include: $tasks/hosts.yml
   - include: $tasks/yumrepos.yml
   - include: $tasks/base.yml
-  - include: $tasks/fas_client.yml
   - include: $tasks/2fa_client.yml
   - include: $tasks/motd.yml
   - include: $tasks/sudo.yml
-  - include: $tasks/rkhunter.yml
-  - include: $tasks/denyhosts.yml
 
   handlers:
   - include: $handlers/restart_services.yml

playbooks/groups/arm-qa.yml

@@ -11,17 +11,19 @@
    - ${private}/vars.yml
    - ${vars}/${ansible_distribution}.yml
 
+  roles:
+  - /srv/web/infra/ansible/roles/rkhunter
+  - /srv/web/infra/ansible/roles/denyhosts
+  - /srv/web/infra/ansible/roles/fas_client
+
   tasks:
   # this is how you include other task lists
   - include: $tasks/hosts.yml
   - include: $tasks/yumrepos.yml
   - include: $tasks/base.yml
-  - include: $tasks/fas_client.yml
   - include: $tasks/2fa_client.yml
   - include: $tasks/motd.yml
   - include: $tasks/sudo.yml
-  - include: $tasks/rkhunter.yml
-  - include: $tasks/denyhosts.yml
 
   handlers:
   - include: $handlers/restart_services.yml

playbooks/groups/arm-releng.yml

@@ -10,9 +10,10 @@
    - /srv/web/infra/ansible/vars/global.yml
    - ${private}/vars.yml
 
+  roles:
+  - /srv/web/infra/ansible/roles/fas_client
+
   tasks:
-  # This task sets up fas_client for user management
-  - include: $tasks/fas_client.yml
   # This task sets up /etc/hosts for us
   - include: $tasks/hosts.yml
   # This task includes our common scripts

playbooks/groups/backup-server.yml

@@ -13,18 +13,19 @@
    - ${private}/vars.yml
    - ${vars}/${ansible_distribution}.yml
 
-  tasks:
+  roles:
+  - /srv/web/infra/ansible/roles/rkhunter
+  - /srv/web/infra/ansible/roles/denyhosts
+  - /srv/web/infra/ansible/roles/nagios_client
+  - /srv/web/infra/ansible/roles/fas_client
+
   tasks:
   - include: $tasks/hosts.yml
   - include: $tasks/yumrepos.yml
   - include: $tasks/base.yml
-  - include: $tasks/fas_client.yml
   - include: $tasks/2fa_client.yml
   - include: $tasks/motd.yml
   - include: $tasks/sudo.yml
-  - include: $tasks/rkhunter.yml
-  - include: $tasks/denyhosts.yml
-  - include: $tasks/nagios_client.yml
   - include: $tasks/mysql_server.yml
   - include: $tasks/bacula_server.yml
   - include: $tasks/rdiff_backup_server.yml

playbooks/groups/badges-backend.yml

@@ -29,17 +29,19 @@
    - ${private}/vars.yml
    - ${vars}/${ansible_distribution}.yml
 
+  roles:
+  - /srv/web/infra/ansible/roles/rkhunter
+  - /srv/web/infra/ansible/roles/denyhosts
+  - /srv/web/infra/ansible/roles/nagios_client
+  - /srv/web/infra/ansible/roles/fas_client
+
   tasks:
   - include: $tasks/hosts.yml
   - include: $tasks/yumrepos.yml
   - include: $tasks/base.yml
-  - include: $tasks/fas_client.yml
   - include: $tasks/2fa_client.yml
   - include: $tasks/motd.yml
   - include: $tasks/sudo.yml
-  - include: $tasks/rkhunter.yml
-  - include: $tasks/denyhosts.yml
-  - include: $tasks/nagios_client.yml
   - include: $tasks/openvpn_client.yml
     only_if: "'$env' != 'staging'"
   - include: $tasks/fedmsg_base.yml

playbooks/groups/badges-web.yml

@@ -32,17 +32,19 @@
    - ${private}/vars.yml
    - ${vars}/${ansible_distribution}.yml
 
+  roles:
+  - /srv/web/infra/ansible/roles/rkhunter
+  - /srv/web/infra/ansible/roles/denyhosts
+  - /srv/web/infra/ansible/roles/nagios_client
+  - /srv/web/infra/ansible/roles/fas_client
+
   tasks:
   - include: $tasks/hosts.yml
   - include: $tasks/yumrepos.yml
   - include: $tasks/base.yml
-  - include: $tasks/fas_client.yml
   - include: $tasks/2fa_client.yml
   - include: $tasks/motd.yml
   - include: $tasks/sudo.yml
-  - include: $tasks/rkhunter.yml
-  - include: $tasks/denyhosts.yml
-  - include: $tasks/nagios_client.yml
   - include: $tasks/openvpn_client.yml
     only_if: "'$env' != 'staging'"
   - include: $tasks/fedmsg_base.yml

playbooks/groups/beaker.yml

@@ -28,19 +28,21 @@
    - ${private}/vars.yml
    - ${vars}/${ansible_distribution}.yml
 
+  roles:
+  - /srv/web/infra/ansible/roles/rkhunter
+  - /srv/web/infra/ansible/roles/denyhosts
+  - /srv/web/infra/ansible/roles/nagios_client
+  - /srv/web/infra/ansible/roles/fas_client
+
   tasks:
   # this is how you include other task lists
   - include: $tasks/hosts.yml
   - include: $tasks/yumrepos.yml
   - include: $tasks/base.yml
-  - include: $tasks/fas_client.yml
   - include: $tasks/2fa_client.yml
   - include: $tasks/collectd/client.yml
   - include: $tasks/motd.yml
   - include: $tasks/sudo.yml
-  - include: $tasks/rkhunter.yml
-  - include: $tasks/denyhosts.yml
-  - include: $tasks/nagios_client.yml
 
   handlers:
   - include: $handlers/restart_services.yml

playbooks/groups/gallery.yml

@@ -29,17 +29,19 @@
    - ${private}/vars.yml
    - ${vars}/${ansible_distribution}.yml
 
+  roles:
+  - /srv/web/infra/ansible/roles/rkhunter
+  - /srv/web/infra/ansible/roles/denyhosts
+  - /srv/web/infra/ansible/roles/nagios_client
+  - /srv/web/infra/ansible/roles/fas_client
+
   tasks:
   - include: $tasks/hosts.yml
   - include: $tasks/yumrepos.yml
   - include: $tasks/base.yml
-  - include: $tasks/fas_client.yml
   - include: $tasks/2fa_client.yml
   - include: $tasks/motd.yml
   - include: $tasks/sudo.yml
-  - include: $tasks/rkhunter.yml
-  - include: $tasks/denyhosts.yml
-  - include: $tasks/nagios_client.yml
   - include: $tasks/fedmsg_base.yml
   - include: $tasks/apache.yml
 

playbooks/groups/kernel-qa.yml

@@ -12,18 +12,20 @@
    - ${private}/vars.yml
    - ${vars}/${ansible_distribution}.yml
 
+  roles:
+  - /srv/web/infra/ansible/roles/rkhunter
+  - /srv/web/infra/ansible/roles/denyhosts
+  - /srv/web/infra/ansible/roles/nagios_client
+  - /srv/web/infra/ansible/roles/fas_client
+
   tasks:
   # this is how you include other task lists
   - include: $tasks/hosts.yml
   - include: $tasks/yumrepos.yml
   - include: $tasks/base.yml
-  - include: $tasks/fas_client.yml
   - include: $tasks/2fa_client.yml
   - include: $tasks/motd.yml
   - include: $tasks/sudo.yml
-  - include: $tasks/rkhunter.yml
-  - include: $tasks/denyhosts.yml
-  - include: $tasks/nagios_client.yml
 
 
   handlers:

playbooks/groups/keyserver.yml

@@ -29,17 +29,20 @@
    - ${private}/vars.yml
    - ${vars}/${ansible_distribution}.yml
 
+  roles:
+  - /srv/web/infra/ansible/roles/rkhunter
+  - /srv/web/infra/ansible/roles/denyhosts
+  - /srv/web/infra/ansible/roles/nagios_client
+  - /srv/web/infra/ansible/roles/fas_client
+
   tasks:
   - include: $tasks/hosts.yml
   - include: $tasks/yumrepos.yml
   - include: $tasks/base.yml
-  - include: $tasks/fas_client.yml
   - include: $tasks/2fa_client.yml
+  - include: $tasks/openvpn_client.yml
   - include: $tasks/motd.yml
   - include: $tasks/sudo.yml
-  - include: $tasks/rkhunter.yml
-  - include: $tasks/denyhosts.yml
-  - include: $tasks/nagios_client.yml
   - include: $tasks/fedmsg_base.yml
   - include: $tasks/apache.yml
   - include: $tasks/keyserver.yml

playbooks/groups/koji-hub.yml

@@ -30,17 +30,19 @@
    - ${private}/vars.yml
    - ${vars}/${ansible_distribution}.yml
 
+  roles:
+  - /srv/web/infra/ansible/roles/rkhunter
+  - /srv/web/infra/ansible/roles/denyhosts
+  - /srv/web/infra/ansible/roles/nagios_client
+  - /srv/web/infra/ansible/roles/fas_client
+
   tasks:
   - include: $tasks/hosts.yml
   - include: $tasks/yumrepos.yml
   - include: $tasks/base.yml
-  - include: $tasks/fas_client.yml
   - include: $tasks/2fa_client.yml
   - include: $tasks/motd.yml
   - include: $tasks/sudo.yml
-  - include: $tasks/rkhunter.yml
-  - include: $tasks/denyhosts.yml
-  - include: $tasks/nagios_client.yml
   - include: $tasks/collectd/client.yml
   - include: $tasks/koji/koji_hub.yml
 

playbooks/groups/mailman.yml

@@ -28,19 +28,21 @@
    - ${private}/vars.yml
    - ${vars}/${ansible_distribution}.yml
 
+  roles:
+  - /srv/web/infra/ansible/roles/rkhunter
+  - /srv/web/infra/ansible/roles/denyhosts
+  - /srv/web/infra/ansible/roles/nagios_client
+  - /srv/web/infra/ansible/roles/fas_client
+
   tasks:
   # this is how you include other task lists
   - include: $tasks/hosts.yml
   - include: $tasks/yumrepos.yml
   - include: $tasks/base.yml
-  - include: $tasks/fas_client.yml
   - include: $tasks/2fa_client.yml
   - include: $tasks/collectd/client.yml
   - include: $tasks/motd.yml
   - include: $tasks/sudo.yml
-  - include: $tasks/rkhunter.yml
-  - include: $tasks/denyhosts.yml
-  - include: $tasks/nagios_client.yml
 
   handlers:
   - include: $handlers/restart_services.yml

playbooks/groups/mirrorlist.yml

@@ -38,24 +38,26 @@
    - ${private}/vars.yml
    - ${vars}/${ansible_distribution}.yml
 
+  roles:
+  - /srv/web/infra/ansible/roles/rkhunter
+  - /srv/web/infra/ansible/roles/denyhosts
+  - /srv/web/infra/ansible/roles/nagios_client
+  - /srv/web/infra/ansible/roles/geoip
+  - /srv/web/infra/ansible/roles/fas_client
+  - /srv/web/infra/ansible/roles/mirrorlist
+
   tasks:
   # this is how you include other task lists
   - include: $tasks/hosts.yml
   - include: $tasks/yumrepos.yml
   - include: $tasks/base.yml
-  - include: $tasks/fas_client.yml
   - include: $tasks/2fa_client.yml
   - include: $tasks/collectd/client.yml
   - include: $tasks/openvpn_client.yml
   - include: $tasks/motd.yml
   - include: $tasks/sudo.yml
-  - include: $tasks/rkhunter.yml
-  - include: $tasks/denyhosts.yml
-  - include: $tasks/nagios_client.yml
   - include: $tasks/apache.yml
   - include: $tasks/mod_wsgi.yml
-  - include: $tasks/geoip.yml
-  - include: $tasks/mirrorlist.yml
 
 
   handlers:

playbooks/groups/postgresl-server.yml

@@ -30,20 +30,21 @@
    - ${private}/vars.yml
    - ${vars}/${ansible_distribution}.yml
 
-  tasks:
+  roles:
+  - /srv/web/infra/ansible/roles/rkhunter
+  - /srv/web/infra/ansible/roles/denyhosts
+  - /srv/web/infra/ansible/roles/nagios_client
+  - /srv/web/infra/ansible/roles/postgresql_server
+  - /srv/web/infra/ansible/roles/fas_client
+
   tasks:
   - include: $tasks/hosts.yml
   - include: $tasks/yumrepos.yml
   - include: $tasks/base.yml
-  - include: $tasks/fas_client.yml
   - include: $tasks/2fa_client.yml
   - include: $tasks/motd.yml
   - include: $tasks/sudo.yml
-  - include: $tasks/rkhunter.yml
-  - include: $tasks/denyhosts.yml
-  - include: $tasks/nagios_client.yml
   - include: $tasks/collectd/client.yml
-  - include: $tasks/postgresql_server.yml
 
 # TODO: add iscsi task
 

playbooks/groups/releng.yml

@@ -31,10 +31,12 @@
   - ${private}/vars.yml
   - ${vars}/${ansible_distribution}.yml
 
+  roles:
+  - /srv/web/infra/ansible/roles/nagios_client
+
   tasks:
   - include: $tasks/koji/releng_config.yml
   - include: $tasks/motd.yml
-  - include: $tasks/nagios_client.yml
 
   handlers:
   - include: $handlers/restart_services.yml

playbooks/groups/sign.yml

@@ -19,9 +19,11 @@
   tasks:
   - include: $tasks/base.yml
   - include: $tasks/serialgetty.yml
-  - include: $tasks/rkhunter.yml
   - include: $tasks/motd.yml
   - include: $tasks/sign_setup.yml
 
+  roles:
+  - /srv/web/infra/ansible/roles/rkhunter
+
   handlers:
   - include: $handlers/restart_services.yml

playbooks/groups/taskbot.yml

@@ -28,19 +28,21 @@
    - ${private}/vars.yml
    - ${vars}/${ansible_distribution}.yml
 
+  roles:
+  - /srv/web/infra/ansible/roles/rkhunter
+  - /srv/web/infra/ansible/roles/denyhosts
+  - /srv/web/infra/ansible/roles/nagios_client
+  - /srv/web/infra/ansible/roles/fas_client
+
   tasks:
   # this is how you include other task lists
   - include: $tasks/hosts.yml
   - include: $tasks/yumrepos.yml
   - include: $tasks/base.yml
-  - include: $tasks/fas_client.yml
   - include: $tasks/2fa_client.yml
   - include: $tasks/collectd/client.yml
   - include: $tasks/motd.yml
   - include: $tasks/sudo.yml
-  - include: $tasks/rkhunter.yml
-  - include: $tasks/denyhosts.yml
-  - include: $tasks/nagios_client.yml
 
   handlers:
   - include: $handlers/restart_services.yml

playbooks/groups/virthost.yml

@@ -12,18 +12,19 @@
    - ${private}/vars.yml
    - ${vars}/${ansible_distribution}.yml
 
-  tasks:
+  roles:
+  - /srv/web/infra/ansible/roles/rkhunter
+  - /srv/web/infra/ansible/roles/denyhosts
+  - /srv/web/infra/ansible/roles/nagios_client
+  - /srv/web/infra/ansible/roles/fas_client
+
   tasks:
   - include: $tasks/hosts.yml
   - include: $tasks/yumrepos.yml
   - include: $tasks/base.yml
-  - include: $tasks/fas_client.yml
   - include: $tasks/2fa_client.yml
   - include: $tasks/motd.yml
   - include: $tasks/sudo.yml
-  - include: $tasks/rkhunter.yml
-  - include: $tasks/denyhosts.yml
-  - include: $tasks/nagios_client.yml
   - include: $tasks/collectd/client.yml
   - include: $tasks/virthost.yml
 

playbooks/rkhunter_update.yml

@@ -6,20 +6,20 @@
 
   tasks:
   - name: expire-caches
-    action: command yum clean expire-cache
+    command: yum clean expire-cache
     
   - name: yum -y ${yumcommand}
-    action: command yum -y ${yumcommand}
+    command: yum -y ${yumcommand}
     async: 7200
     poll: 15
 
   - name: check for rkhunter
-    action: command /usr/bin/test -f /usr/bin/rkhunter
+    command: /usr/bin/test -f /usr/bin/rkhunter
     register: rkhunter
     ignore_errors: true
   
   - name: run rkhunter --propupd
-    action: command /usr/bin/rkhunter --propupd
+    command: /usr/bin/rkhunter --propupd
     when: rkhunter|success
 
 

roles/badges-backend/files/cron/award-libravatar-badge

@@ -0,0 +1,78 @@
+#!/usr/bin/env python
+
+import __main__
+__main__.__requires__ = __requires__ = ["tahrir-api", "sqlalchemy>=0.7"];
+import pkg_resources
+pkg_resources.require(__requires__)
+
+import hashlib
+import requests
+import time
+import transaction
+
+from tahrir_api.dbapi import TahrirDatabase
+from tahrir_api.model import Person
+
+import fedmsg
+import fedmsg.config
+
+fm_config = fedmsg.config.load_config()
+fm_config['cert_prefix'] = 'fedbadges'
+fm_config['name'] = 'relay_inbound'
+fm_config['active'] = True
+fedmsg.init(**fm_config)
+
+
+def main():
+    persons = tahrir.session.query(Person)\
+        .filter(Person.opt_out==False).all()
+
+    badge = tahrir.get_badge('mugshot')
+    already_has_it = [assertion.person for assertion in badge.assertions]
+
+    good, bad = [], []
+    for person in persons:
+
+        if person in already_has_it:
+            good.append(person)
+            print "Skipping %r" % person
+            continue
+
+        openid = "http://%s.id.fedoraproject.org/" % person.nickname
+        hash = hashlib.sha256(openid).hexdigest()
+        url = "https://seccdn.libravatar.org/avatar/%s?d=404" % hash
+        response = requests.get(url)
+
+        if response.status_code == 200:
+            print person.nickname, "totally gets the mugshot badge."
+            good.append(person)
+            try:
+                transaction.begin()
+                tahrir.add_assertion(badge.id, person.email, None)
+                transaction.commit()
+                fedmsg.publish(topic="badge.award",
+                    modname="fedbadges",
+                    msg=dict(
+                        badge=dict(
+                            name=badge.name,
+                            description=badge.description,
+                            image_url=badge.image,
+                        ),
+                        user=dict(
+                            username=person.nickname,
+                            badges_user_id=person.id,
+                        ),
+                ))
+                time.sleep(1)
+            except Exception as e:
+                transaction.abort()
+                print "Failure:", e
+        else:
+            bad.append(person)
+
+    print len(good), "good peoples"
+    print len(bad), "bad peoples"
+
+uri = fm_config['badges_global']['database_uri']
+tahrir = TahrirDatabase(uri)
+main()

roles/badges-backend/files/cron/award-libravatar-badge.cron

@@ -0,0 +1 @@
+*/55 * * * * fedmsg /usr/share/badges/cronjobs/award-libravatar-badge

roles/badges-backend/tasks/main.yml

@@ -77,6 +77,7 @@
     mode=744
   with_items:
   - award-oldschool-badges
+  - award-libravatar-badge
   tags:
   - config
   - cron
@@ -89,6 +90,7 @@
     mode=644
   with_items:
   - award-oldschool-badges
+  - award-libravatar-badge
   tags:
   - config
   - cron

roles/denyhosts/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: restart denyhosts
+  action: service name=denyhosts state=restarted

roles/denyhosts/tasks/main.yml

@@ -6,14 +6,14 @@
   - packages
 
 - name: /etc/denyhosts.conf
-  copy: src=$files/denyhosts/denyhosts.conf dest=/etc/denyhosts.conf
+  copy: src=denyhosts.conf dest=/etc/denyhosts.conf
   notify:
   - restart denyhosts
   tags:
   - config
 
 - name: /var/lib/denyhosts/allowed-hosts
-  copy: src=$files/denyhosts/allowed-hosts dest=/var/lib/denyhosts/allowed-hosts
+  copy: src=allowed-hosts dest=/var/lib/denyhosts/allowed-hosts
   notify:
   - restart denyhosts
   tags:

roles/fas_client/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: run fasclient
+  action: command /usr/bin/fasClient -i

roles/fas_client/tasks/main.yml

@@ -9,7 +9,7 @@
 # nss_db is needed to store user/group info.
 #
 - name: install package needed for fas-client
-  action: yum state=installed name=$item
+  yum: state=installed name=$item
   with_items:
   - fas-clients
   - cronie
@@ -27,7 +27,7 @@
   - packages
 
 - name: install nss_db on rhel hosts only
-  action: yum state=installed name=nss_db
+  yum: state=installed name=nss_db
   only_if: "'${ansible_distribution}' == 'RedHat'"
   tags:
   - packages
@@ -36,7 +36,7 @@
 # setup /etc/nsswitch.conf to use nssdb
 #
 - name: setup /etc/nsswitch.conf for client use
-  action: copy src=$files/fas-client/nsswitch.conf  dest=/etc/nsswitch.conf owner=root mode=644
+  copy: src=nsswitch.conf  dest=/etc/nsswitch.conf owner=root mode=644
   tags:
   - config
 
@@ -54,12 +54,12 @@
 # Currently the default template is used, but could be modified on a host basis. 
 #
 - name: setup /etc/fas.conf for client use
-  action: template src=$item dest=/etc/fas.conf owner=root mode=600
-  with_first_found:
-  - $files/fas-client/${ansible_fqdn}.fas.conf.j2 
-  - $files/fas-client/${ansible_hostname}.fas.conf.j2 
-  - $files/fas-client/${ansible_hostname}.fas.conf.j2 
-  - $files/fas-client/fas.conf.j2
+  template: src=$item dest=/etc/fas.conf owner=root mode=600
+  first_available_file:
+  - ${ansible_fqdn}.fas.conf.j2 
+  - ${ansible_hostname}.fas.conf.j2 
+  - ${ansible_hostname}.fas.conf.j2 
+  - fas.conf.j2
   tags:
   - config
   notify:
@@ -75,6 +75,6 @@
 #  - config
 
 - name: fas_client cron job
-  action: copy src=$files/fas-client/fas-client.cron dest=/etc/cron.d/fas-client owner=root mode=644
+  copy: src=fas-client.cron dest=/etc/cron.d/fas-client owner=root mode=644
   tags:
   - config

roles/geoip/tasks/main.yml

@@ -10,6 +10,4 @@
   with_fileglob: $bigfiles/geoip/*.dat
 
 - name: geoip syncing script via cron
-  copy: src=$files/geoip/geoip_sync dest=/etc/cron.d/geoip_sync mode=0644
-
-
+  copy: src=geoip_sync dest=/etc/cron.d/geoip_sync mode=0644

roles/mirrorlist/tasks/main.yml

@@ -16,11 +16,11 @@
 - name: add authorized_keys for mirrormanager
   authorized_key: key="{{ item }}" user=mirrormanager state=present
   with_file:
-  - $files/mirrorlist/mm-authorized_key
+  - mm-authorized_key
 
 # install mirrorlist-server.conf apache config
 - name: mirrorlist-server apache conf
-  copy: src=$files/mirrorlist/mirrorlist-server.conf dest=/etc/httpd/conf.d/mirrorlist-server.conf
+  copy: src=mirrorlist-server.conf dest=/etc/httpd/conf.d/mirrorlist-server.conf
   notify:
   - restart apache
   tags:
@@ -39,7 +39,7 @@
 
 # setup and configure supervisord
 - name: /etc/supervisord.conf
-  copy: src=$files/mirrorlist/supervisord.conf dest=/etc/supervisord.conf mode=0644
+  copy: src=supervisord.conf dest=/etc/supervisord.conf mode=0644
   notify:
   - restart supervisord
 

roles/nagios_client/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: restart nrpe
+  action: service name=nrpe state=restarted

roles/nagios_client/tasks/main.yml

@@ -18,7 +18,7 @@
   - packages
 
 - name: install local nrpe check scripts that are not packaged
-  copy: src=$files/nagios/client/scripts/$item dest=/usr/lib64/nagios/plugins/$item mode=0755 owner=nagios group=nagios
+  copy: src=scripts/$item dest=/usr/lib64/nagios/plugins/$item mode=0755 owner=nagios group=nagios
   with_items:
   - check_postfix_queue
   - check_raid.py
@@ -36,22 +36,22 @@
 # FIXME? figure out nrpe selinux policy of DOOM is needed
 
 - name: /etc/nagios/nrpe.cfg
-  template: src=$files/nagios/client/nrpe.cfg dest=/etc/nagios/nrpe.cfg
+  template: src=nrpe.cfg.j2 dest=/etc/nagios/nrpe.cfg
   notify:
   - restart nrpe
   tags:
   - config
 
 - name: install nrpe client configs
-  template: src=$files/nagios/client/$item dest=/etc/nrpe.d/$item
+  template: src=$item dest=/etc/nrpe.d/$item
   with_items:
-  - check_mirrorlist_cache.cfg
-  - check_raid.cfg
-  - check_cron.cfg
-  - check_disk.cfg
-  - check_swap.cfg
-  - check_postfix_queue.cfg
-  - check_lock.cfg
+  - check_mirrorlist_cache.cfg.j2
+  - check_raid.cfg.j2
+  - check_cron.cfg.j2
+  - check_disk.cfg.j2
+  - check_swap.cfg.j2
+  - check_postfix_queue.cfg.j2
+  - check_lock.cfg.j2
   notify:
   - restart nrpe
   tags:

roles/postgresql_server/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: restart postgresql
+  service: name=postgresql state=restarted

roles/rkhunter/tasks/main.yml

@@ -6,12 +6,12 @@
   - packages
 
 - name: rkhunter.conf
-  template: src=$files/rkhunter/rkhunter.conf.j2 dest=/etc/rkhunter.conf mode=0640
+  template: src=rkhunter.conf.j2 dest=/etc/rkhunter.conf mode=0640
   tags:
   - config
 
 - name: rkhunter sysconfig
-  copy: src=$files/rkhunter/rkhunter.sysconfig dest=/etc/sysconfig/rkhunter mode=0640
+  copy: src=rkhunter.sysconfig dest=/etc/sysconfig/rkhunter mode=0640
   tags:
   - config