From 8e2ec48cc0fa1804e46034fe1a30c783365b4d7e Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Mon, 19 Aug 2013 20:12:26 +0000 Subject: [PATCH 01/10] Migrate a bunch of things to roles. Thanks to misc! --- .gitignore | 1 + handlers/restart_services.yml | 15 +-------------- playbooks/groups/arm-packager.yml | 8 +++++--- playbooks/groups/arm-qa.yml | 8 +++++--- playbooks/groups/arm-releng.yml | 5 +++-- playbooks/groups/backup-server.yml | 11 ++++++----- playbooks/groups/badges-backend.yml | 10 ++++++---- playbooks/groups/badges-web.yml | 10 ++++++---- playbooks/groups/beaker.yml | 10 ++++++---- playbooks/groups/gallery.yml | 10 ++++++---- playbooks/groups/kernel-qa.yml | 10 ++++++---- playbooks/groups/keyserver.yml | 10 ++++++---- playbooks/groups/koji-hub.yml | 10 ++++++---- playbooks/groups/mailman.yml | 10 ++++++---- playbooks/groups/mirrorlist.yml | 14 ++++++++------ playbooks/groups/postgresl-server.yml | 13 +++++++------ playbooks/groups/releng.yml | 4 +++- playbooks/groups/sign.yml | 4 +++- playbooks/groups/taskbot.yml | 10 ++++++---- playbooks/groups/virthost.yml | 11 ++++++----- playbooks/rkhunter_update.yml | 8 ++++---- .../denyhosts/files}/allowed-hosts | 0 .../denyhosts/files}/denyhosts.conf | 0 roles/denyhosts/handlers/main.yml | 3 +++ .../denyhosts/tasks/main.yml | 4 ++-- .../fas_client/files}/fas-client.cron | 0 .../fas_client/files}/nsswitch.conf | 0 roles/fas_client/handlers/main.yml | 3 +++ .../fas_client/tasks/main.yml | 18 +++++++++--------- .../fas_client/templates}/fas.conf.j2 | 0 {files/geoip => roles/geoip/files}/geoip_sync | 0 tasks/geoip.yml => roles/geoip/tasks/main.yml | 4 +--- .../mirrorlist/files}/mirrorlist-server.conf | 0 .../mirrorlist/files}/mm-authorized_key | 0 .../mirrorlist/files}/mm_sync_data | 0 .../mirrorlist/files}/supervisord.conf | 0 .../mirrorlist/tasks/main.yml | 6 +++--- .../nagios_client/files}/check_cron.cfg | 0 .../nagios_client/files}/check_disk.cfg | 0 .../nagios_client/files}/check_lock.cfg | 0 .../files}/check_mirrorlist_cache.cfg | 0 .../files}/check_postfix_queue.cfg | 0 .../nagios_client/files}/check_raid.cfg | 0 .../nagios_client/files}/check_swap.cfg | 0 .../nagios_client/files}/nrpe.cfg | 0 .../nagios_client/files}/scripts/check_lock | 0 .../files}/scripts/check_postfix_queue | 0 .../nagios_client/files}/scripts/check_raid.py | 0 roles/nagios_client/handlers/main.yml | 3 +++ .../nagios_client/tasks/main.yml | 6 +++--- roles/postgresql_server/handlers/main.yml | 3 +++ .../postgresql_server/tasks/main.yml | 0 .../rkhunter/files}/rkhunter.conf.j2 | 0 .../rkhunter/files}/rkhunter.sysconfig | 0 .../rkhunter/tasks/main.yml | 4 ++-- 55 files changed, 138 insertions(+), 108 deletions(-) rename {files/denyhosts => roles/denyhosts/files}/allowed-hosts (100%) rename {files/denyhosts => roles/denyhosts/files}/denyhosts.conf (100%) create mode 100644 roles/denyhosts/handlers/main.yml rename tasks/denyhosts.yml => roles/denyhosts/tasks/main.yml (71%) rename {files/fas-client => roles/fas_client/files}/fas-client.cron (100%) rename {files/fas-client => roles/fas_client/files}/nsswitch.conf (100%) create mode 100644 roles/fas_client/handlers/main.yml rename tasks/fas_client.yml => roles/fas_client/tasks/main.yml (74%) rename {files/fas-client => roles/fas_client/templates}/fas.conf.j2 (100%) rename {files/geoip => roles/geoip/files}/geoip_sync (100%) rename tasks/geoip.yml => roles/geoip/tasks/main.yml (78%) rename {files/mirrorlist => roles/mirrorlist/files}/mirrorlist-server.conf (100%) rename {files/mirrorlist => roles/mirrorlist/files}/mm-authorized_key (100%) rename {files/mirrorlist => roles/mirrorlist/files}/mm_sync_data (100%) mode change 100755 => 100644 rename {files/mirrorlist => roles/mirrorlist/files}/supervisord.conf (100%) rename tasks/mirrorlist.yml => roles/mirrorlist/tasks/main.yml (83%) rename {files/nagios/client => roles/nagios_client/files}/check_cron.cfg (100%) rename {files/nagios/client => roles/nagios_client/files}/check_disk.cfg (100%) rename {files/nagios/client => roles/nagios_client/files}/check_lock.cfg (100%) rename {files/nagios/client => roles/nagios_client/files}/check_mirrorlist_cache.cfg (100%) rename {files/nagios/client => roles/nagios_client/files}/check_postfix_queue.cfg (100%) rename {files/nagios/client => roles/nagios_client/files}/check_raid.cfg (100%) rename {files/nagios/client => roles/nagios_client/files}/check_swap.cfg (100%) rename {files/nagios/client => roles/nagios_client/files}/nrpe.cfg (100%) rename {files/nagios/client => roles/nagios_client/files}/scripts/check_lock (100%) mode change 100755 => 100644 rename {files/nagios/client => roles/nagios_client/files}/scripts/check_postfix_queue (100%) mode change 100755 => 100644 rename {files/nagios/client => roles/nagios_client/files}/scripts/check_raid.py (100%) mode change 100755 => 100644 create mode 100644 roles/nagios_client/handlers/main.yml rename tasks/nagios_client.yml => roles/nagios_client/tasks/main.yml (83%) create mode 100644 roles/postgresql_server/handlers/main.yml rename tasks/postgresql_server.yml => roles/postgresql_server/tasks/main.yml (100%) rename {files/rkhunter => roles/rkhunter/files}/rkhunter.conf.j2 (100%) rename {files/rkhunter => roles/rkhunter/files}/rkhunter.sysconfig (100%) rename tasks/rkhunter.yml => roles/rkhunter/tasks/main.yml (51%) diff --git a/.gitignore b/.gitignore index 1377554ebe..b94898552f 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ *.swp +*.pyc diff --git a/handlers/restart_services.yml b/handlers/restart_services.yml index 805ee4e11e..23aa481c39 100644 --- a/handlers/restart_services.yml +++ b/handlers/restart_services.yml @@ -26,9 +26,6 @@ - name: restart crond action: service name=crond state=restarted -- name: restart denyhosts - action: service name=denyhosts state=restarted - - name: restart httpd action: service name=httpd state=restarted @@ -59,9 +56,6 @@ - name: restart nfslock action: service name=nfslock state=restarted -- name: restart nrpe - action: service name=nrpe state=restarted - - name: restart ntpd action: service name=ntpd state=restarted @@ -71,9 +65,6 @@ - name: restart postfix action: service name=postfix state=restarted -- name: restart postgresql - service: name=postgresql state=restarted - - name: restart rpcbind action: service name=rpcbind state=restarted @@ -92,11 +83,7 @@ - name: restart sshd action: service name=sshd state=restarted -- name: restart supervisord - action: service name=supervisord state=restarted - - name: restart xinetd action: service name=xinetd state=restarted -- name: run fasclient - action: command /usr/bin/fasClient -i + diff --git a/playbooks/groups/arm-packager.yml b/playbooks/groups/arm-packager.yml index efdc0faaf2..fa02fa42d5 100644 --- a/playbooks/groups/arm-packager.yml +++ b/playbooks/groups/arm-packager.yml @@ -11,17 +11,19 @@ - ${private}/vars.yml - ${vars}/${ansible_distribution}.yml + roles: + - rkhunter + - denyhosts + - fas_client + tasks: # this is how you include other task lists - include: $tasks/hosts.yml - include: $tasks/yumrepos.yml - include: $tasks/base.yml - - include: $tasks/fas_client.yml - include: $tasks/2fa_client.yml - include: $tasks/motd.yml - include: $tasks/sudo.yml - - include: $tasks/rkhunter.yml - - include: $tasks/denyhosts.yml handlers: - include: $handlers/restart_services.yml diff --git a/playbooks/groups/arm-qa.yml b/playbooks/groups/arm-qa.yml index af789b28ad..3f281af25f 100644 --- a/playbooks/groups/arm-qa.yml +++ b/playbooks/groups/arm-qa.yml @@ -11,17 +11,19 @@ - ${private}/vars.yml - ${vars}/${ansible_distribution}.yml + roles: + - rkhunter + - denyhosts + - fas_client + tasks: # this is how you include other task lists - include: $tasks/hosts.yml - include: $tasks/yumrepos.yml - include: $tasks/base.yml - - include: $tasks/fas_client.yml - include: $tasks/2fa_client.yml - include: $tasks/motd.yml - include: $tasks/sudo.yml - - include: $tasks/rkhunter.yml - - include: $tasks/denyhosts.yml handlers: - include: $handlers/restart_services.yml diff --git a/playbooks/groups/arm-releng.yml b/playbooks/groups/arm-releng.yml index d2f32129ba..3858ee9b79 100644 --- a/playbooks/groups/arm-releng.yml +++ b/playbooks/groups/arm-releng.yml @@ -10,9 +10,10 @@ - /srv/web/infra/ansible/vars/global.yml - ${private}/vars.yml + roles: + - fas_client + tasks: - # This task sets up fas_client for user management - - include: $tasks/fas_client.yml # This task sets up /etc/hosts for us - include: $tasks/hosts.yml # This task includes our common scripts diff --git a/playbooks/groups/backup-server.yml b/playbooks/groups/backup-server.yml index 965c8cb478..90a4dd46b3 100644 --- a/playbooks/groups/backup-server.yml +++ b/playbooks/groups/backup-server.yml @@ -13,18 +13,19 @@ - ${private}/vars.yml - ${vars}/${ansible_distribution}.yml - tasks: + roles: + - rkhunter + - denyhosts + - nagios_client + - fas_client + tasks: - include: $tasks/hosts.yml - include: $tasks/yumrepos.yml - include: $tasks/base.yml - - include: $tasks/fas_client.yml - include: $tasks/2fa_client.yml - include: $tasks/motd.yml - include: $tasks/sudo.yml - - include: $tasks/rkhunter.yml - - include: $tasks/denyhosts.yml - - include: $tasks/nagios_client.yml - include: $tasks/mysql_server.yml - include: $tasks/bacula_server.yml - include: $tasks/rdiff_backup_server.yml diff --git a/playbooks/groups/badges-backend.yml b/playbooks/groups/badges-backend.yml index 77514dd7ff..696cf09437 100644 --- a/playbooks/groups/badges-backend.yml +++ b/playbooks/groups/badges-backend.yml @@ -29,17 +29,19 @@ - ${private}/vars.yml - ${vars}/${ansible_distribution}.yml + roles: + - rkhunter + - denyhosts + - nagios_client + - fas_client + tasks: - include: $tasks/hosts.yml - include: $tasks/yumrepos.yml - include: $tasks/base.yml - - include: $tasks/fas_client.yml - include: $tasks/2fa_client.yml - include: $tasks/motd.yml - include: $tasks/sudo.yml - - include: $tasks/rkhunter.yml - - include: $tasks/denyhosts.yml - - include: $tasks/nagios_client.yml - include: $tasks/openvpn_client.yml only_if: "'$env' != 'staging'" - include: $tasks/fedmsg_base.yml diff --git a/playbooks/groups/badges-web.yml b/playbooks/groups/badges-web.yml index c93eb85da4..41a70f2a94 100644 --- a/playbooks/groups/badges-web.yml +++ b/playbooks/groups/badges-web.yml @@ -32,17 +32,19 @@ - ${private}/vars.yml - ${vars}/${ansible_distribution}.yml + roles: + - rkhunter + - denyhosts + - nagios_client + - fas_client + tasks: - include: $tasks/hosts.yml - include: $tasks/yumrepos.yml - include: $tasks/base.yml - - include: $tasks/fas_client.yml - include: $tasks/2fa_client.yml - include: $tasks/motd.yml - include: $tasks/sudo.yml - - include: $tasks/rkhunter.yml - - include: $tasks/denyhosts.yml - - include: $tasks/nagios_client.yml - include: $tasks/openvpn_client.yml only_if: "'$env' != 'staging'" - include: $tasks/fedmsg_base.yml diff --git a/playbooks/groups/beaker.yml b/playbooks/groups/beaker.yml index ddd2dd2155..6296bd247c 100644 --- a/playbooks/groups/beaker.yml +++ b/playbooks/groups/beaker.yml @@ -28,19 +28,21 @@ - ${private}/vars.yml - ${vars}/${ansible_distribution}.yml + roles: + - rkhunter + - denyhosts + - nagios_client + - fas_client + tasks: # this is how you include other task lists - include: $tasks/hosts.yml - include: $tasks/yumrepos.yml - include: $tasks/base.yml - - include: $tasks/fas_client.yml - include: $tasks/2fa_client.yml - include: $tasks/collectd/client.yml - include: $tasks/motd.yml - include: $tasks/sudo.yml - - include: $tasks/rkhunter.yml - - include: $tasks/denyhosts.yml - - include: $tasks/nagios_client.yml handlers: - include: $handlers/restart_services.yml diff --git a/playbooks/groups/gallery.yml b/playbooks/groups/gallery.yml index 596ce8b682..17e1961c34 100644 --- a/playbooks/groups/gallery.yml +++ b/playbooks/groups/gallery.yml @@ -29,17 +29,19 @@ - ${private}/vars.yml - ${vars}/${ansible_distribution}.yml + roles: + - rkhunter + - denyhosts + - nagios_client + - fas_client + tasks: - include: $tasks/hosts.yml - include: $tasks/yumrepos.yml - include: $tasks/base.yml - - include: $tasks/fas_client.yml - include: $tasks/2fa_client.yml - include: $tasks/motd.yml - include: $tasks/sudo.yml - - include: $tasks/rkhunter.yml - - include: $tasks/denyhosts.yml - - include: $tasks/nagios_client.yml - include: $tasks/fedmsg_base.yml - include: $tasks/apache.yml diff --git a/playbooks/groups/kernel-qa.yml b/playbooks/groups/kernel-qa.yml index b08ebe32b1..b46335ab8e 100644 --- a/playbooks/groups/kernel-qa.yml +++ b/playbooks/groups/kernel-qa.yml @@ -12,18 +12,20 @@ - ${private}/vars.yml - ${vars}/${ansible_distribution}.yml + roles: + - rkhunter + - denyhosts + - nagios_client + - fas_client + tasks: # this is how you include other task lists - include: $tasks/hosts.yml - include: $tasks/yumrepos.yml - include: $tasks/base.yml - - include: $tasks/fas_client.yml - include: $tasks/2fa_client.yml - include: $tasks/motd.yml - include: $tasks/sudo.yml - - include: $tasks/rkhunter.yml - - include: $tasks/denyhosts.yml - - include: $tasks/nagios_client.yml handlers: diff --git a/playbooks/groups/keyserver.yml b/playbooks/groups/keyserver.yml index d8a4ba7a38..9c1c29693a 100644 --- a/playbooks/groups/keyserver.yml +++ b/playbooks/groups/keyserver.yml @@ -29,17 +29,19 @@ - ${private}/vars.yml - ${vars}/${ansible_distribution}.yml + roles: + - rkhunter + - denyhosts + - nagios_client + - fas_client + tasks: - include: $tasks/hosts.yml - include: $tasks/yumrepos.yml - include: $tasks/base.yml - - include: $tasks/fas_client.yml - include: $tasks/2fa_client.yml - include: $tasks/motd.yml - include: $tasks/sudo.yml - - include: $tasks/rkhunter.yml - - include: $tasks/denyhosts.yml - - include: $tasks/nagios_client.yml - include: $tasks/fedmsg_base.yml - include: $tasks/apache.yml - include: $tasks/keyserver.yml diff --git a/playbooks/groups/koji-hub.yml b/playbooks/groups/koji-hub.yml index 4d26766d90..1cf81954a2 100644 --- a/playbooks/groups/koji-hub.yml +++ b/playbooks/groups/koji-hub.yml @@ -30,17 +30,19 @@ - ${private}/vars.yml - ${vars}/${ansible_distribution}.yml + roles: + - rkhunter + - denyhosts + - nagios_client + - fas_client + tasks: - include: $tasks/hosts.yml - include: $tasks/yumrepos.yml - include: $tasks/base.yml - - include: $tasks/fas_client.yml - include: $tasks/2fa_client.yml - include: $tasks/motd.yml - include: $tasks/sudo.yml - - include: $tasks/rkhunter.yml - - include: $tasks/denyhosts.yml - - include: $tasks/nagios_client.yml - include: $tasks/collectd/client.yml - include: $tasks/koji/koji_hub.yml diff --git a/playbooks/groups/mailman.yml b/playbooks/groups/mailman.yml index d85eab8e69..bea5f23197 100644 --- a/playbooks/groups/mailman.yml +++ b/playbooks/groups/mailman.yml @@ -28,19 +28,21 @@ - ${private}/vars.yml - ${vars}/${ansible_distribution}.yml + roles: + - rkhunter + - denyhosts + - nagios_client + - fas_client + tasks: # this is how you include other task lists - include: $tasks/hosts.yml - include: $tasks/yumrepos.yml - include: $tasks/base.yml - - include: $tasks/fas_client.yml - include: $tasks/2fa_client.yml - include: $tasks/collectd/client.yml - include: $tasks/motd.yml - include: $tasks/sudo.yml - - include: $tasks/rkhunter.yml - - include: $tasks/denyhosts.yml - - include: $tasks/nagios_client.yml handlers: - include: $handlers/restart_services.yml diff --git a/playbooks/groups/mirrorlist.yml b/playbooks/groups/mirrorlist.yml index a6bc4d1e63..f824d6b55d 100644 --- a/playbooks/groups/mirrorlist.yml +++ b/playbooks/groups/mirrorlist.yml @@ -38,24 +38,26 @@ - ${private}/vars.yml - ${vars}/${ansible_distribution}.yml + roles: + - rkhunter + - denyhosts + - nagios_client + - geoip + - fas_client + - mirrorlist + tasks: # this is how you include other task lists - include: $tasks/hosts.yml - include: $tasks/yumrepos.yml - include: $tasks/base.yml - - include: $tasks/fas_client.yml - include: $tasks/2fa_client.yml - include: $tasks/collectd/client.yml - include: $tasks/openvpn_client.yml - include: $tasks/motd.yml - include: $tasks/sudo.yml - - include: $tasks/rkhunter.yml - - include: $tasks/denyhosts.yml - - include: $tasks/nagios_client.yml - include: $tasks/apache.yml - include: $tasks/mod_wsgi.yml - - include: $tasks/geoip.yml - - include: $tasks/mirrorlist.yml handlers: diff --git a/playbooks/groups/postgresl-server.yml b/playbooks/groups/postgresl-server.yml index d95801dd73..bb33a360ff 100644 --- a/playbooks/groups/postgresl-server.yml +++ b/playbooks/groups/postgresl-server.yml @@ -30,20 +30,21 @@ - ${private}/vars.yml - ${vars}/${ansible_distribution}.yml - tasks: + roles: + - rkhunter + - denyhosts + - nagios_client + - postgresql_server + - fas_client + tasks: - include: $tasks/hosts.yml - include: $tasks/yumrepos.yml - include: $tasks/base.yml - - include: $tasks/fas_client.yml - include: $tasks/2fa_client.yml - include: $tasks/motd.yml - include: $tasks/sudo.yml - - include: $tasks/rkhunter.yml - - include: $tasks/denyhosts.yml - - include: $tasks/nagios_client.yml - include: $tasks/collectd/client.yml - - include: $tasks/postgresql_server.yml # TODO: add iscsi task diff --git a/playbooks/groups/releng.yml b/playbooks/groups/releng.yml index 649cfbbc5c..f6428405a0 100644 --- a/playbooks/groups/releng.yml +++ b/playbooks/groups/releng.yml @@ -31,10 +31,12 @@ - ${private}/vars.yml - ${vars}/${ansible_distribution}.yml + roles: + - nagios_client + tasks: - include: $tasks/koji/releng_config.yml - include: $tasks/motd.yml - - include: $tasks/nagios_client.yml handlers: - include: $handlers/restart_services.yml diff --git a/playbooks/groups/sign.yml b/playbooks/groups/sign.yml index c287286cd4..1c5c64d20c 100644 --- a/playbooks/groups/sign.yml +++ b/playbooks/groups/sign.yml @@ -19,9 +19,11 @@ tasks: - include: $tasks/base.yml - include: $tasks/serialgetty.yml - - include: $tasks/rkhunter.yml - include: $tasks/motd.yml - include: $tasks/sign_setup.yml + roles: + - rkhunter + handlers: - include: $handlers/restart_services.yml diff --git a/playbooks/groups/taskbot.yml b/playbooks/groups/taskbot.yml index 5c4e24ab9c..eab5ae91e3 100644 --- a/playbooks/groups/taskbot.yml +++ b/playbooks/groups/taskbot.yml @@ -28,19 +28,21 @@ - ${private}/vars.yml - ${vars}/${ansible_distribution}.yml + roles: + - rkhunter + - denyhosts + - nagios_client + - fas_client + tasks: # this is how you include other task lists - include: $tasks/hosts.yml - include: $tasks/yumrepos.yml - include: $tasks/base.yml - - include: $tasks/fas_client.yml - include: $tasks/2fa_client.yml - include: $tasks/collectd/client.yml - include: $tasks/motd.yml - include: $tasks/sudo.yml - - include: $tasks/rkhunter.yml - - include: $tasks/denyhosts.yml - - include: $tasks/nagios_client.yml handlers: - include: $handlers/restart_services.yml diff --git a/playbooks/groups/virthost.yml b/playbooks/groups/virthost.yml index 5d5b22c018..ab93d9071f 100644 --- a/playbooks/groups/virthost.yml +++ b/playbooks/groups/virthost.yml @@ -12,18 +12,19 @@ - ${private}/vars.yml - ${vars}/${ansible_distribution}.yml - tasks: + roles: + - rkhunter + - denyhosts + - nagios_client + - fas_client + tasks: - include: $tasks/hosts.yml - include: $tasks/yumrepos.yml - include: $tasks/base.yml - - include: $tasks/fas_client.yml - include: $tasks/2fa_client.yml - include: $tasks/motd.yml - include: $tasks/sudo.yml - - include: $tasks/rkhunter.yml - - include: $tasks/denyhosts.yml - - include: $tasks/nagios_client.yml - include: $tasks/collectd/client.yml - include: $tasks/virthost.yml diff --git a/playbooks/rkhunter_update.yml b/playbooks/rkhunter_update.yml index a47d6bf266..c69ea645e6 100644 --- a/playbooks/rkhunter_update.yml +++ b/playbooks/rkhunter_update.yml @@ -6,20 +6,20 @@ tasks: - name: expire-caches - action: command yum clean expire-cache + command: yum clean expire-cache - name: yum -y ${yumcommand} - action: command yum -y ${yumcommand} + command: yum -y ${yumcommand} async: 7200 poll: 15 - name: check for rkhunter - action: command /usr/bin/test -f /usr/bin/rkhunter + command: /usr/bin/test -f /usr/bin/rkhunter register: rkhunter ignore_errors: true - name: run rkhunter --propupd - action: command /usr/bin/rkhunter --propupd + command: /usr/bin/rkhunter --propupd when: rkhunter|success diff --git a/files/denyhosts/allowed-hosts b/roles/denyhosts/files/allowed-hosts similarity index 100% rename from files/denyhosts/allowed-hosts rename to roles/denyhosts/files/allowed-hosts diff --git a/files/denyhosts/denyhosts.conf b/roles/denyhosts/files/denyhosts.conf similarity index 100% rename from files/denyhosts/denyhosts.conf rename to roles/denyhosts/files/denyhosts.conf diff --git a/roles/denyhosts/handlers/main.yml b/roles/denyhosts/handlers/main.yml new file mode 100644 index 0000000000..83c446bce7 --- /dev/null +++ b/roles/denyhosts/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart denyhosts + action: service name=denyhosts state=restarted diff --git a/tasks/denyhosts.yml b/roles/denyhosts/tasks/main.yml similarity index 71% rename from tasks/denyhosts.yml rename to roles/denyhosts/tasks/main.yml index cc4e7566a9..1e0a1c40da 100644 --- a/tasks/denyhosts.yml +++ b/roles/denyhosts/tasks/main.yml @@ -6,14 +6,14 @@ - packages - name: /etc/denyhosts.conf - copy: src=$files/denyhosts/denyhosts.conf dest=/etc/denyhosts.conf + copy: src=denyhosts.conf dest=/etc/denyhosts.conf notify: - restart denyhosts tags: - config - name: /var/lib/denyhosts/allowed-hosts - copy: src=$files/denyhosts/allowed-hosts dest=/var/lib/denyhosts/allowed-hosts + copy: src=allowed-hosts dest=/var/lib/denyhosts/allowed-hosts notify: - restart denyhosts tags: diff --git a/files/fas-client/fas-client.cron b/roles/fas_client/files/fas-client.cron similarity index 100% rename from files/fas-client/fas-client.cron rename to roles/fas_client/files/fas-client.cron diff --git a/files/fas-client/nsswitch.conf b/roles/fas_client/files/nsswitch.conf similarity index 100% rename from files/fas-client/nsswitch.conf rename to roles/fas_client/files/nsswitch.conf diff --git a/roles/fas_client/handlers/main.yml b/roles/fas_client/handlers/main.yml new file mode 100644 index 0000000000..354ef9d89b --- /dev/null +++ b/roles/fas_client/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: run fasclient + action: command /usr/bin/fasClient -i diff --git a/tasks/fas_client.yml b/roles/fas_client/tasks/main.yml similarity index 74% rename from tasks/fas_client.yml rename to roles/fas_client/tasks/main.yml index fedeb5b1fa..c2f64c7c8d 100644 --- a/tasks/fas_client.yml +++ b/roles/fas_client/tasks/main.yml @@ -9,7 +9,7 @@ # nss_db is needed to store user/group info. # - name: install package needed for fas-client - action: yum state=installed name=$item + yum: state=installed name=$item with_items: - fas-clients - cronie @@ -27,7 +27,7 @@ - packages - name: install nss_db on rhel hosts only - action: yum state=installed name=nss_db + yum: state=installed name=nss_db only_if: "'${ansible_distribution}' == 'RedHat'" tags: - packages @@ -36,7 +36,7 @@ # setup /etc/nsswitch.conf to use nssdb # - name: setup /etc/nsswitch.conf for client use - action: copy src=$files/fas-client/nsswitch.conf dest=/etc/nsswitch.conf owner=root mode=644 + copy: src=nsswitch.conf dest=/etc/nsswitch.conf owner=root mode=644 tags: - config @@ -54,12 +54,12 @@ # Currently the default template is used, but could be modified on a host basis. # - name: setup /etc/fas.conf for client use - action: template src=$item dest=/etc/fas.conf owner=root mode=600 + template: src=$item dest=/etc/fas.conf owner=root mode=600 with_first_found: - - $files/fas-client/${ansible_fqdn}.fas.conf.j2 - - $files/fas-client/${ansible_hostname}.fas.conf.j2 - - $files/fas-client/${ansible_hostname}.fas.conf.j2 - - $files/fas-client/fas.conf.j2 + - ${ansible_fqdn}.fas.conf.j2 + - ${ansible_hostname}.fas.conf.j2 + - ${ansible_hostname}.fas.conf.j2 + - fas.conf.j2 tags: - config notify: @@ -75,6 +75,6 @@ # - config - name: fas_client cron job - action: copy src=$files/fas-client/fas-client.cron dest=/etc/cron.d/fas-client owner=root mode=644 + copy: src=fas-client.cron dest=/etc/cron.d/fas-client owner=root mode=644 tags: - config diff --git a/files/fas-client/fas.conf.j2 b/roles/fas_client/templates/fas.conf.j2 similarity index 100% rename from files/fas-client/fas.conf.j2 rename to roles/fas_client/templates/fas.conf.j2 diff --git a/files/geoip/geoip_sync b/roles/geoip/files/geoip_sync similarity index 100% rename from files/geoip/geoip_sync rename to roles/geoip/files/geoip_sync diff --git a/tasks/geoip.yml b/roles/geoip/tasks/main.yml similarity index 78% rename from tasks/geoip.yml rename to roles/geoip/tasks/main.yml index d37a5d5d07..da72a52b66 100644 --- a/tasks/geoip.yml +++ b/roles/geoip/tasks/main.yml @@ -10,6 +10,4 @@ with_fileglob: $bigfiles/geoip/*.dat - name: geoip syncing script via cron - copy: src=$files/geoip/geoip_sync dest=/etc/cron.d/geoip_sync mode=0644 - - + copy: src=geoip_sync dest=/etc/cron.d/geoip_sync mode=0644 diff --git a/files/mirrorlist/mirrorlist-server.conf b/roles/mirrorlist/files/mirrorlist-server.conf similarity index 100% rename from files/mirrorlist/mirrorlist-server.conf rename to roles/mirrorlist/files/mirrorlist-server.conf diff --git a/files/mirrorlist/mm-authorized_key b/roles/mirrorlist/files/mm-authorized_key similarity index 100% rename from files/mirrorlist/mm-authorized_key rename to roles/mirrorlist/files/mm-authorized_key diff --git a/files/mirrorlist/mm_sync_data b/roles/mirrorlist/files/mm_sync_data old mode 100755 new mode 100644 similarity index 100% rename from files/mirrorlist/mm_sync_data rename to roles/mirrorlist/files/mm_sync_data diff --git a/files/mirrorlist/supervisord.conf b/roles/mirrorlist/files/supervisord.conf similarity index 100% rename from files/mirrorlist/supervisord.conf rename to roles/mirrorlist/files/supervisord.conf diff --git a/tasks/mirrorlist.yml b/roles/mirrorlist/tasks/main.yml similarity index 83% rename from tasks/mirrorlist.yml rename to roles/mirrorlist/tasks/main.yml index 0bc4cf81e5..6fb68afdb7 100644 --- a/tasks/mirrorlist.yml +++ b/roles/mirrorlist/tasks/main.yml @@ -16,11 +16,11 @@ - name: add authorized_keys for mirrormanager authorized_key: key="{{ item }}" user=mirrormanager state=present with_file: - - $files/mirrorlist/mm-authorized_key + - mm-authorized_key # install mirrorlist-server.conf apache config - name: mirrorlist-server apache conf - copy: src=$files/mirrorlist/mirrorlist-server.conf dest=/etc/httpd/conf.d/mirrorlist-server.conf + copy: src=mirrorlist-server.conf dest=/etc/httpd/conf.d/mirrorlist-server.conf notify: - restart apache tags: @@ -39,7 +39,7 @@ # setup and configure supervisord - name: /etc/supervisord.conf - copy: src=$files/mirrorlist/supervisord.conf dest=/etc/supervisord.conf mode=0644 + copy: src=supervisord.conf dest=/etc/supervisord.conf mode=0644 notify: - restart supervisord diff --git a/files/nagios/client/check_cron.cfg b/roles/nagios_client/files/check_cron.cfg similarity index 100% rename from files/nagios/client/check_cron.cfg rename to roles/nagios_client/files/check_cron.cfg diff --git a/files/nagios/client/check_disk.cfg b/roles/nagios_client/files/check_disk.cfg similarity index 100% rename from files/nagios/client/check_disk.cfg rename to roles/nagios_client/files/check_disk.cfg diff --git a/files/nagios/client/check_lock.cfg b/roles/nagios_client/files/check_lock.cfg similarity index 100% rename from files/nagios/client/check_lock.cfg rename to roles/nagios_client/files/check_lock.cfg diff --git a/files/nagios/client/check_mirrorlist_cache.cfg b/roles/nagios_client/files/check_mirrorlist_cache.cfg similarity index 100% rename from files/nagios/client/check_mirrorlist_cache.cfg rename to roles/nagios_client/files/check_mirrorlist_cache.cfg diff --git a/files/nagios/client/check_postfix_queue.cfg b/roles/nagios_client/files/check_postfix_queue.cfg similarity index 100% rename from files/nagios/client/check_postfix_queue.cfg rename to roles/nagios_client/files/check_postfix_queue.cfg diff --git a/files/nagios/client/check_raid.cfg b/roles/nagios_client/files/check_raid.cfg similarity index 100% rename from files/nagios/client/check_raid.cfg rename to roles/nagios_client/files/check_raid.cfg diff --git a/files/nagios/client/check_swap.cfg b/roles/nagios_client/files/check_swap.cfg similarity index 100% rename from files/nagios/client/check_swap.cfg rename to roles/nagios_client/files/check_swap.cfg diff --git a/files/nagios/client/nrpe.cfg b/roles/nagios_client/files/nrpe.cfg similarity index 100% rename from files/nagios/client/nrpe.cfg rename to roles/nagios_client/files/nrpe.cfg diff --git a/files/nagios/client/scripts/check_lock b/roles/nagios_client/files/scripts/check_lock old mode 100755 new mode 100644 similarity index 100% rename from files/nagios/client/scripts/check_lock rename to roles/nagios_client/files/scripts/check_lock diff --git a/files/nagios/client/scripts/check_postfix_queue b/roles/nagios_client/files/scripts/check_postfix_queue old mode 100755 new mode 100644 similarity index 100% rename from files/nagios/client/scripts/check_postfix_queue rename to roles/nagios_client/files/scripts/check_postfix_queue diff --git a/files/nagios/client/scripts/check_raid.py b/roles/nagios_client/files/scripts/check_raid.py old mode 100755 new mode 100644 similarity index 100% rename from files/nagios/client/scripts/check_raid.py rename to roles/nagios_client/files/scripts/check_raid.py diff --git a/roles/nagios_client/handlers/main.yml b/roles/nagios_client/handlers/main.yml new file mode 100644 index 0000000000..1086c3d4f6 --- /dev/null +++ b/roles/nagios_client/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart nrpe + action: service name=nrpe state=restarted diff --git a/tasks/nagios_client.yml b/roles/nagios_client/tasks/main.yml similarity index 83% rename from tasks/nagios_client.yml rename to roles/nagios_client/tasks/main.yml index 56093f0882..5888ede7fd 100644 --- a/tasks/nagios_client.yml +++ b/roles/nagios_client/tasks/main.yml @@ -18,7 +18,7 @@ - packages - name: install local nrpe check scripts that are not packaged - copy: src=$files/nagios/client/scripts/$item dest=/usr/lib64/nagios/plugins/$item mode=0755 owner=nagios group=nagios + copy: src=scripts/$item dest=/usr/lib64/nagios/plugins/$item mode=0755 owner=nagios group=nagios with_items: - check_postfix_queue - check_raid.py @@ -36,14 +36,14 @@ # FIXME? figure out nrpe selinux policy of DOOM is needed - name: /etc/nagios/nrpe.cfg - template: src=$files/nagios/client/nrpe.cfg dest=/etc/nagios/nrpe.cfg + template: src=nrpe.cfg dest=/etc/nagios/nrpe.cfg notify: - restart nrpe tags: - config - name: install nrpe client configs - template: src=$files/nagios/client/$item dest=/etc/nrpe.d/$item + template: src=$item dest=/etc/nrpe.d/$item with_items: - check_mirrorlist_cache.cfg - check_raid.cfg diff --git a/roles/postgresql_server/handlers/main.yml b/roles/postgresql_server/handlers/main.yml new file mode 100644 index 0000000000..c51e7d1cc8 --- /dev/null +++ b/roles/postgresql_server/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart postgresql + service: name=postgresql state=restarted diff --git a/tasks/postgresql_server.yml b/roles/postgresql_server/tasks/main.yml similarity index 100% rename from tasks/postgresql_server.yml rename to roles/postgresql_server/tasks/main.yml diff --git a/files/rkhunter/rkhunter.conf.j2 b/roles/rkhunter/files/rkhunter.conf.j2 similarity index 100% rename from files/rkhunter/rkhunter.conf.j2 rename to roles/rkhunter/files/rkhunter.conf.j2 diff --git a/files/rkhunter/rkhunter.sysconfig b/roles/rkhunter/files/rkhunter.sysconfig similarity index 100% rename from files/rkhunter/rkhunter.sysconfig rename to roles/rkhunter/files/rkhunter.sysconfig diff --git a/tasks/rkhunter.yml b/roles/rkhunter/tasks/main.yml similarity index 51% rename from tasks/rkhunter.yml rename to roles/rkhunter/tasks/main.yml index 325315b79c..4bec0f7b13 100644 --- a/tasks/rkhunter.yml +++ b/roles/rkhunter/tasks/main.yml @@ -6,12 +6,12 @@ - packages - name: rkhunter.conf - template: src=$files/rkhunter/rkhunter.conf.j2 dest=/etc/rkhunter.conf mode=0640 + template: src=rkhunter.conf.j2 dest=/etc/rkhunter.conf mode=0640 tags: - config - name: rkhunter sysconfig - copy: src=$files/rkhunter/rkhunter.sysconfig dest=/etc/sysconfig/rkhunter mode=0640 + copy: src=rkhunter.sysconfig dest=/etc/sysconfig/rkhunter mode=0640 tags: - config From 82159512525a349f8fe1f3ac24a1b6d8bb018029 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Mon, 19 Aug 2013 21:04:17 +0000 Subject: [PATCH 02/10] Just hard code these for now until we can figure out why $roles doesn't work. --- playbooks/groups/arm-packager.yml | 6 +++--- playbooks/groups/arm-qa.yml | 6 +++--- playbooks/groups/arm-releng.yml | 2 +- playbooks/groups/backup-server.yml | 8 ++++---- playbooks/groups/badges-backend.yml | 8 ++++---- playbooks/groups/badges-web.yml | 8 ++++---- playbooks/groups/beaker.yml | 8 ++++---- playbooks/groups/gallery.yml | 8 ++++---- playbooks/groups/kernel-qa.yml | 8 ++++---- playbooks/groups/keyserver.yml | 8 ++++---- playbooks/groups/koji-hub.yml | 8 ++++---- playbooks/groups/mailman.yml | 8 ++++---- playbooks/groups/mirrorlist.yml | 12 ++++++------ playbooks/groups/postgresl-server.yml | 10 +++++----- playbooks/groups/releng.yml | 2 +- playbooks/groups/sign.yml | 2 +- playbooks/groups/taskbot.yml | 8 ++++---- playbooks/groups/virthost.yml | 8 ++++---- vars/global.yml | 2 +- 19 files changed, 65 insertions(+), 65 deletions(-) diff --git a/playbooks/groups/arm-packager.yml b/playbooks/groups/arm-packager.yml index fa02fa42d5..280547b56f 100644 --- a/playbooks/groups/arm-packager.yml +++ b/playbooks/groups/arm-packager.yml @@ -12,9 +12,9 @@ - ${vars}/${ansible_distribution}.yml roles: - - rkhunter - - denyhosts - - fas_client + - /srv/web/infra/ansible/roles/rkhunter + - /srv/web/infra/ansible/roles/denyhosts + - /srv/web/infra/ansible/roles/fas_client tasks: # this is how you include other task lists diff --git a/playbooks/groups/arm-qa.yml b/playbooks/groups/arm-qa.yml index 3f281af25f..ef016a3dd3 100644 --- a/playbooks/groups/arm-qa.yml +++ b/playbooks/groups/arm-qa.yml @@ -12,9 +12,9 @@ - ${vars}/${ansible_distribution}.yml roles: - - rkhunter - - denyhosts - - fas_client + - /srv/web/infra/ansible/roles/rkhunter + - /srv/web/infra/ansible/roles/denyhosts + - /srv/web/infra/ansible/roles/fas_client tasks: # this is how you include other task lists diff --git a/playbooks/groups/arm-releng.yml b/playbooks/groups/arm-releng.yml index 3858ee9b79..53841dea22 100644 --- a/playbooks/groups/arm-releng.yml +++ b/playbooks/groups/arm-releng.yml @@ -11,7 +11,7 @@ - ${private}/vars.yml roles: - - fas_client + - /srv/web/infra/ansible/roles/fas_client tasks: # This task sets up /etc/hosts for us diff --git a/playbooks/groups/backup-server.yml b/playbooks/groups/backup-server.yml index 90a4dd46b3..ada24b9e1b 100644 --- a/playbooks/groups/backup-server.yml +++ b/playbooks/groups/backup-server.yml @@ -14,10 +14,10 @@ - ${vars}/${ansible_distribution}.yml roles: - - rkhunter - - denyhosts - - nagios_client - - fas_client + - /srv/web/infra/ansible/roles/rkhunter + - /srv/web/infra/ansible/roles/denyhosts + - /srv/web/infra/ansible/roles/nagios_client + - /srv/web/infra/ansible/roles/fas_client tasks: - include: $tasks/hosts.yml diff --git a/playbooks/groups/badges-backend.yml b/playbooks/groups/badges-backend.yml index 696cf09437..22e1d3ed88 100644 --- a/playbooks/groups/badges-backend.yml +++ b/playbooks/groups/badges-backend.yml @@ -30,10 +30,10 @@ - ${vars}/${ansible_distribution}.yml roles: - - rkhunter - - denyhosts - - nagios_client - - fas_client + - /srv/web/infra/ansible/roles/rkhunter + - /srv/web/infra/ansible/roles/denyhosts + - /srv/web/infra/ansible/roles/nagios_client + - /srv/web/infra/ansible/roles/fas_client tasks: - include: $tasks/hosts.yml diff --git a/playbooks/groups/badges-web.yml b/playbooks/groups/badges-web.yml index 41a70f2a94..2e3e30f865 100644 --- a/playbooks/groups/badges-web.yml +++ b/playbooks/groups/badges-web.yml @@ -33,10 +33,10 @@ - ${vars}/${ansible_distribution}.yml roles: - - rkhunter - - denyhosts - - nagios_client - - fas_client + - /srv/web/infra/ansible/roles/rkhunter + - /srv/web/infra/ansible/roles/denyhosts + - /srv/web/infra/ansible/roles/nagios_client + - /srv/web/infra/ansible/roles/fas_client tasks: - include: $tasks/hosts.yml diff --git a/playbooks/groups/beaker.yml b/playbooks/groups/beaker.yml index 6296bd247c..8eccf6cb14 100644 --- a/playbooks/groups/beaker.yml +++ b/playbooks/groups/beaker.yml @@ -29,10 +29,10 @@ - ${vars}/${ansible_distribution}.yml roles: - - rkhunter - - denyhosts - - nagios_client - - fas_client + - /srv/web/infra/ansible/roles/rkhunter + - /srv/web/infra/ansible/roles/denyhosts + - /srv/web/infra/ansible/roles/nagios_client + - /srv/web/infra/ansible/roles/fas_client tasks: # this is how you include other task lists diff --git a/playbooks/groups/gallery.yml b/playbooks/groups/gallery.yml index 17e1961c34..3c78e66f66 100644 --- a/playbooks/groups/gallery.yml +++ b/playbooks/groups/gallery.yml @@ -30,10 +30,10 @@ - ${vars}/${ansible_distribution}.yml roles: - - rkhunter - - denyhosts - - nagios_client - - fas_client + - /srv/web/infra/ansible/roles/rkhunter + - /srv/web/infra/ansible/roles/denyhosts + - /srv/web/infra/ansible/roles/nagios_client + - /srv/web/infra/ansible/roles/fas_client tasks: - include: $tasks/hosts.yml diff --git a/playbooks/groups/kernel-qa.yml b/playbooks/groups/kernel-qa.yml index b46335ab8e..c6bc99eb94 100644 --- a/playbooks/groups/kernel-qa.yml +++ b/playbooks/groups/kernel-qa.yml @@ -13,10 +13,10 @@ - ${vars}/${ansible_distribution}.yml roles: - - rkhunter - - denyhosts - - nagios_client - - fas_client + - /srv/web/infra/ansible/roles/rkhunter + - /srv/web/infra/ansible/roles/denyhosts + - /srv/web/infra/ansible/roles/nagios_client + - /srv/web/infra/ansible/roles/fas_client tasks: # this is how you include other task lists diff --git a/playbooks/groups/keyserver.yml b/playbooks/groups/keyserver.yml index 9c1c29693a..e9b33938cf 100644 --- a/playbooks/groups/keyserver.yml +++ b/playbooks/groups/keyserver.yml @@ -30,10 +30,10 @@ - ${vars}/${ansible_distribution}.yml roles: - - rkhunter - - denyhosts - - nagios_client - - fas_client + - /srv/web/infra/ansible/roles/rkhunter + - /srv/web/infra/ansible/roles/denyhosts + - /srv/web/infra/ansible/roles/nagios_client + - /srv/web/infra/ansible/roles/fas_client tasks: - include: $tasks/hosts.yml diff --git a/playbooks/groups/koji-hub.yml b/playbooks/groups/koji-hub.yml index 1cf81954a2..decce1a2ec 100644 --- a/playbooks/groups/koji-hub.yml +++ b/playbooks/groups/koji-hub.yml @@ -31,10 +31,10 @@ - ${vars}/${ansible_distribution}.yml roles: - - rkhunter - - denyhosts - - nagios_client - - fas_client + - /srv/web/infra/ansible/roles/rkhunter + - /srv/web/infra/ansible/roles/denyhosts + - /srv/web/infra/ansible/roles/nagios_client + - /srv/web/infra/ansible/roles/fas_client tasks: - include: $tasks/hosts.yml diff --git a/playbooks/groups/mailman.yml b/playbooks/groups/mailman.yml index bea5f23197..78f22afdf9 100644 --- a/playbooks/groups/mailman.yml +++ b/playbooks/groups/mailman.yml @@ -29,10 +29,10 @@ - ${vars}/${ansible_distribution}.yml roles: - - rkhunter - - denyhosts - - nagios_client - - fas_client + - /srv/web/infra/ansible/roles/rkhunter + - /srv/web/infra/ansible/roles/denyhosts + - /srv/web/infra/ansible/roles/nagios_client + - /srv/web/infra/ansible/roles/fas_client tasks: # this is how you include other task lists diff --git a/playbooks/groups/mirrorlist.yml b/playbooks/groups/mirrorlist.yml index f824d6b55d..572c841d2d 100644 --- a/playbooks/groups/mirrorlist.yml +++ b/playbooks/groups/mirrorlist.yml @@ -39,12 +39,12 @@ - ${vars}/${ansible_distribution}.yml roles: - - rkhunter - - denyhosts - - nagios_client - - geoip - - fas_client - - mirrorlist + - /srv/web/infra/ansible/roles/rkhunter + - /srv/web/infra/ansible/roles/denyhosts + - /srv/web/infra/ansible/roles/nagios_client + - /srv/web/infra/ansible/roles/geoip + - /srv/web/infra/ansible/roles/fas_client + - /srv/web/infra/ansible/roles/mirrorlist tasks: # this is how you include other task lists diff --git a/playbooks/groups/postgresl-server.yml b/playbooks/groups/postgresl-server.yml index bb33a360ff..f1049c6d40 100644 --- a/playbooks/groups/postgresl-server.yml +++ b/playbooks/groups/postgresl-server.yml @@ -31,11 +31,11 @@ - ${vars}/${ansible_distribution}.yml roles: - - rkhunter - - denyhosts - - nagios_client - - postgresql_server - - fas_client + - /srv/web/infra/ansible/roles/rkhunter + - /srv/web/infra/ansible/roles/denyhosts + - /srv/web/infra/ansible/roles/nagios_client + - /srv/web/infra/ansible/roles/postgresql_server + - /srv/web/infra/ansible/roles/fas_client tasks: - include: $tasks/hosts.yml diff --git a/playbooks/groups/releng.yml b/playbooks/groups/releng.yml index f6428405a0..193dd683a9 100644 --- a/playbooks/groups/releng.yml +++ b/playbooks/groups/releng.yml @@ -32,7 +32,7 @@ - ${vars}/${ansible_distribution}.yml roles: - - nagios_client + - /srv/web/infra/ansible/roles/nagios_client tasks: - include: $tasks/koji/releng_config.yml diff --git a/playbooks/groups/sign.yml b/playbooks/groups/sign.yml index 1c5c64d20c..fca5ac5797 100644 --- a/playbooks/groups/sign.yml +++ b/playbooks/groups/sign.yml @@ -23,7 +23,7 @@ - include: $tasks/sign_setup.yml roles: - - rkhunter + - /srv/web/infra/ansible/roles/rkhunter handlers: - include: $handlers/restart_services.yml diff --git a/playbooks/groups/taskbot.yml b/playbooks/groups/taskbot.yml index eab5ae91e3..e13cb390ab 100644 --- a/playbooks/groups/taskbot.yml +++ b/playbooks/groups/taskbot.yml @@ -29,10 +29,10 @@ - ${vars}/${ansible_distribution}.yml roles: - - rkhunter - - denyhosts - - nagios_client - - fas_client + - /srv/web/infra/ansible/roles/rkhunter + - /srv/web/infra/ansible/roles/denyhosts + - /srv/web/infra/ansible/roles/nagios_client + - /srv/web/infra/ansible/roles/fas_client tasks: # this is how you include other task lists diff --git a/playbooks/groups/virthost.yml b/playbooks/groups/virthost.yml index ab93d9071f..c03453ebde 100644 --- a/playbooks/groups/virthost.yml +++ b/playbooks/groups/virthost.yml @@ -13,10 +13,10 @@ - ${vars}/${ansible_distribution}.yml roles: - - rkhunter - - denyhosts - - nagios_client - - fas_client + - /srv/web/infra/ansible/roles/rkhunter + - /srv/web/infra/ansible/roles/denyhosts + - /srv/web/infra/ansible/roles/nagios_client + - /srv/web/infra/ansible/roles/fas_client tasks: - include: $tasks/hosts.yml diff --git a/vars/global.yml b/vars/global.yml index 5767ee7c84..150fc61b1a 100644 --- a/vars/global.yml +++ b/vars/global.yml @@ -4,7 +4,7 @@ private: /srv/private/ansible puppet_private: /var/lib/puppet/git/configs/secure bigfiles: /srv/web/infra/bigfiles files: /srv/web/infra/ansible/files -roles: /srv/web/infra/ansible/roles +roles_dir: /srv/web/infra/ansible/roles handlers: /srv/web/infra/ansible/handlers tasks: /srv/web/infra/ansible/tasks vars: /srv/web/infra/ansible/vars From 7ec446f2fb380400afb098dc55be20cb603984c2 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Mon, 19 Aug 2013 21:04:46 +0000 Subject: [PATCH 03/10] Revert this attempt --- vars/global.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/global.yml b/vars/global.yml index 150fc61b1a..5767ee7c84 100644 --- a/vars/global.yml +++ b/vars/global.yml @@ -4,7 +4,7 @@ private: /srv/private/ansible puppet_private: /var/lib/puppet/git/configs/secure bigfiles: /srv/web/infra/bigfiles files: /srv/web/infra/ansible/files -roles_dir: /srv/web/infra/ansible/roles +roles: /srv/web/infra/ansible/roles handlers: /srv/web/infra/ansible/handlers tasks: /srv/web/infra/ansible/tasks vars: /srv/web/infra/ansible/vars From b2f0ef86dabf725dbbde3d9273268b35f5d338d3 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Mon, 19 Aug 2013 21:06:22 +0000 Subject: [PATCH 04/10] Move template to the templates dir --- roles/rkhunter/{files => templates}/rkhunter.conf.j2 | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/rkhunter/{files => templates}/rkhunter.conf.j2 (100%) diff --git a/roles/rkhunter/files/rkhunter.conf.j2 b/roles/rkhunter/templates/rkhunter.conf.j2 similarity index 100% rename from roles/rkhunter/files/rkhunter.conf.j2 rename to roles/rkhunter/templates/rkhunter.conf.j2 From 6faab6d9bcf35431c7e32a8a5d148595b837e786 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Mon, 19 Aug 2013 21:08:14 +0000 Subject: [PATCH 05/10] Move this to templates too --- roles/nagios_client/{files/nrpe.cfg => templates/nrpe.cfg.j2} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/nagios_client/{files/nrpe.cfg => templates/nrpe.cfg.j2} (100%) diff --git a/roles/nagios_client/files/nrpe.cfg b/roles/nagios_client/templates/nrpe.cfg.j2 similarity index 100% rename from roles/nagios_client/files/nrpe.cfg rename to roles/nagios_client/templates/nrpe.cfg.j2 From 53a138d49f820a542b0d282eea4eaa7f7dff2db4 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Mon, 19 Aug 2013 21:09:42 +0000 Subject: [PATCH 06/10] This is really a template --- roles/nagios_client/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nagios_client/tasks/main.yml b/roles/nagios_client/tasks/main.yml index 5888ede7fd..1a3ba9cb24 100644 --- a/roles/nagios_client/tasks/main.yml +++ b/roles/nagios_client/tasks/main.yml @@ -36,7 +36,7 @@ # FIXME? figure out nrpe selinux policy of DOOM is needed - name: /etc/nagios/nrpe.cfg - template: src=nrpe.cfg dest=/etc/nagios/nrpe.cfg + template: src=nrpe.cfg.j2 dest=/etc/nagios/nrpe.cfg notify: - restart nrpe tags: From 3ccd34fad95e714b5c7b9f2a41940c09ad49af4d Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Mon, 19 Aug 2013 21:14:59 +0000 Subject: [PATCH 07/10] Clean up nagios client templates. --- roles/nagios_client/tasks/main.yml | 14 +++++++------- .../check_cron.cfg => templates/check_cron.cfg.j2} | 0 .../check_disk.cfg => templates/check_disk.cfg.j2} | 0 .../check_lock.cfg => templates/check_lock.cfg.j2} | 0 .../check_mirrorlist_cache.cfg.j2} | 0 .../check_postfix_queue.cfg.j2} | 0 .../check_raid.cfg => templates/check_raid.cfg.j2} | 0 .../check_swap.cfg => templates/check_swap.cfg.j2} | 0 8 files changed, 7 insertions(+), 7 deletions(-) rename roles/nagios_client/{files/check_cron.cfg => templates/check_cron.cfg.j2} (100%) rename roles/nagios_client/{files/check_disk.cfg => templates/check_disk.cfg.j2} (100%) rename roles/nagios_client/{files/check_lock.cfg => templates/check_lock.cfg.j2} (100%) rename roles/nagios_client/{files/check_mirrorlist_cache.cfg => templates/check_mirrorlist_cache.cfg.j2} (100%) rename roles/nagios_client/{files/check_postfix_queue.cfg => templates/check_postfix_queue.cfg.j2} (100%) rename roles/nagios_client/{files/check_raid.cfg => templates/check_raid.cfg.j2} (100%) rename roles/nagios_client/{files/check_swap.cfg => templates/check_swap.cfg.j2} (100%) diff --git a/roles/nagios_client/tasks/main.yml b/roles/nagios_client/tasks/main.yml index 1a3ba9cb24..45021626b7 100644 --- a/roles/nagios_client/tasks/main.yml +++ b/roles/nagios_client/tasks/main.yml @@ -45,13 +45,13 @@ - name: install nrpe client configs template: src=$item dest=/etc/nrpe.d/$item with_items: - - check_mirrorlist_cache.cfg - - check_raid.cfg - - check_cron.cfg - - check_disk.cfg - - check_swap.cfg - - check_postfix_queue.cfg - - check_lock.cfg + - check_mirrorlist_cache.cfg.j2 + - check_raid.cfg.j2 + - check_cron.cfg.j2 + - check_disk.cfg.j2 + - check_swap.cfg.j2 + - check_postfix_queue.cfg.j2 + - check_lock.cfg.j2 notify: - restart nrpe tags: diff --git a/roles/nagios_client/files/check_cron.cfg b/roles/nagios_client/templates/check_cron.cfg.j2 similarity index 100% rename from roles/nagios_client/files/check_cron.cfg rename to roles/nagios_client/templates/check_cron.cfg.j2 diff --git a/roles/nagios_client/files/check_disk.cfg b/roles/nagios_client/templates/check_disk.cfg.j2 similarity index 100% rename from roles/nagios_client/files/check_disk.cfg rename to roles/nagios_client/templates/check_disk.cfg.j2 diff --git a/roles/nagios_client/files/check_lock.cfg b/roles/nagios_client/templates/check_lock.cfg.j2 similarity index 100% rename from roles/nagios_client/files/check_lock.cfg rename to roles/nagios_client/templates/check_lock.cfg.j2 diff --git a/roles/nagios_client/files/check_mirrorlist_cache.cfg b/roles/nagios_client/templates/check_mirrorlist_cache.cfg.j2 similarity index 100% rename from roles/nagios_client/files/check_mirrorlist_cache.cfg rename to roles/nagios_client/templates/check_mirrorlist_cache.cfg.j2 diff --git a/roles/nagios_client/files/check_postfix_queue.cfg b/roles/nagios_client/templates/check_postfix_queue.cfg.j2 similarity index 100% rename from roles/nagios_client/files/check_postfix_queue.cfg rename to roles/nagios_client/templates/check_postfix_queue.cfg.j2 diff --git a/roles/nagios_client/files/check_raid.cfg b/roles/nagios_client/templates/check_raid.cfg.j2 similarity index 100% rename from roles/nagios_client/files/check_raid.cfg rename to roles/nagios_client/templates/check_raid.cfg.j2 diff --git a/roles/nagios_client/files/check_swap.cfg b/roles/nagios_client/templates/check_swap.cfg.j2 similarity index 100% rename from roles/nagios_client/files/check_swap.cfg rename to roles/nagios_client/templates/check_swap.cfg.j2 From 744e41c1791da980ad03c9a761cfdfbbbf27182f Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Mon, 19 Aug 2013 21:16:18 +0000 Subject: [PATCH 08/10] Add another cronjob for the libravatar badge to badges-backend01. --- .../files/cron/award-libravatar-badge | 78 +++++++++++++++++++ .../files/cron/award-libravatar-badge.cron | 1 + roles/badges-backend/tasks/main.yml | 2 + 3 files changed, 81 insertions(+) create mode 100644 roles/badges-backend/files/cron/award-libravatar-badge create mode 100644 roles/badges-backend/files/cron/award-libravatar-badge.cron diff --git a/roles/badges-backend/files/cron/award-libravatar-badge b/roles/badges-backend/files/cron/award-libravatar-badge new file mode 100644 index 0000000000..b3f7fd9ea1 --- /dev/null +++ b/roles/badges-backend/files/cron/award-libravatar-badge @@ -0,0 +1,78 @@ +#!/usr/bin/env python + +import __main__ +__main__.__requires__ = __requires__ = ["tahrir-api", "sqlalchemy>=0.7"]; +import pkg_resources +pkg_resources.require(__requires__) + +import hashlib +import requests +import time +import transaction + +from tahrir_api.dbapi import TahrirDatabase +from tahrir_api.model import Person + +import fedmsg +import fedmsg.config + +fm_config = fedmsg.config.load_config() +fm_config['cert_prefix'] = 'fedbadges' +fm_config['name'] = 'relay_inbound' +fm_config['active'] = True +fedmsg.init(**fm_config) + + +def main(): + persons = tahrir.session.query(Person)\ + .filter(Person.opt_out==False).all() + + badge = tahrir.get_badge('mugshot') + already_has_it = [assertion.person for assertion in badge.assertions] + + good, bad = [], [] + for person in persons: + + if person in already_has_it: + good.append(person) + print "Skipping %r" % person + continue + + openid = "http://%s.id.fedoraproject.org/" % person.nickname + hash = hashlib.sha256(openid).hexdigest() + url = "https://seccdn.libravatar.org/avatar/%s?d=404" % hash + response = requests.get(url) + + if response.status_code == 200: + print person.nickname, "totally gets the mugshot badge." + good.append(person) + try: + transaction.begin() + tahrir.add_assertion(badge.id, person.email, None) + transaction.commit() + fedmsg.publish(topic="badge.award", + modname="fedbadges", + msg=dict( + badge=dict( + name=badge.name, + description=badge.description, + image_url=badge.image, + ), + user=dict( + username=person.nickname, + badges_user_id=person.id, + ), + )) + time.sleep(1) + except Exception as e: + transaction.abort() + print "Failure:", e + else: + bad.append(person) + + print len(good), "good peoples" + print len(bad), "bad peoples" + +uri = fm_config['badges_global']['database_uri'] +tahrir = TahrirDatabase(uri) +main() diff --git a/roles/badges-backend/files/cron/award-libravatar-badge.cron b/roles/badges-backend/files/cron/award-libravatar-badge.cron new file mode 100644 index 0000000000..35a9c1c0ea --- /dev/null +++ b/roles/badges-backend/files/cron/award-libravatar-badge.cron @@ -0,0 +1 @@ +*/55 * * * * fedmsg /usr/share/badges/cronjobs/award-libravatar-badge diff --git a/roles/badges-backend/tasks/main.yml b/roles/badges-backend/tasks/main.yml index 5fa0624ded..ebfc4e277f 100644 --- a/roles/badges-backend/tasks/main.yml +++ b/roles/badges-backend/tasks/main.yml @@ -77,6 +77,7 @@ mode=744 with_items: - award-oldschool-badges + - award-libravatar-badge tags: - config - cron @@ -89,6 +90,7 @@ mode=644 with_items: - award-oldschool-badges + - award-libravatar-badge tags: - config - cron From 4fd845e41cd06e883f6ae4f9bae92ee3e4c90e9f Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Mon, 19 Aug 2013 21:25:28 +0000 Subject: [PATCH 09/10] Try this. --- roles/fas_client/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/fas_client/tasks/main.yml b/roles/fas_client/tasks/main.yml index c2f64c7c8d..0dfa32434c 100644 --- a/roles/fas_client/tasks/main.yml +++ b/roles/fas_client/tasks/main.yml @@ -55,7 +55,7 @@ # - name: setup /etc/fas.conf for client use template: src=$item dest=/etc/fas.conf owner=root mode=600 - with_first_found: + first_available_file: - ${ansible_fqdn}.fas.conf.j2 - ${ansible_hostname}.fas.conf.j2 - ${ansible_hostname}.fas.conf.j2 From e448c9d80f05b8b677d5f8537b88a609b005b834 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Mon, 19 Aug 2013 21:53:09 +0000 Subject: [PATCH 10/10] Add openvpn client. --- playbooks/groups/keyserver.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/playbooks/groups/keyserver.yml b/playbooks/groups/keyserver.yml index e9b33938cf..3b80b60d27 100644 --- a/playbooks/groups/keyserver.yml +++ b/playbooks/groups/keyserver.yml @@ -40,6 +40,7 @@ - include: $tasks/yumrepos.yml - include: $tasks/base.yml - include: $tasks/2fa_client.yml + - include: $tasks/openvpn_client.yml - include: $tasks/motd.yml - include: $tasks/sudo.yml - include: $tasks/fedmsg_base.yml