Merge branch 'master' of /git/ansible

2013-08-19 23:02:20 +00:00 · 2013-08-19 23:02:20 +00:00 · b4f81cdf33
commit b4f81cdf33
parent f3ad1a6570 e448c9d80f
58 changed files with 228 additions and 116 deletions
--- a/tasks/denyhosts.yml
+++ b/tasks/denyhosts.yml
@ -1,26 +0,0 @@
---
-#install denyhosts
- name: install denyhosts
-  yum: name=denyhosts state=installed
-  tags:
-  - packages
-
- name: /etc/denyhosts.conf
-  copy: src=$files/denyhosts/denyhosts.conf dest=/etc/denyhosts.conf
-  notify:
-  - restart denyhosts
-  tags:
-  - config
-
- name: /var/lib/denyhosts/allowed-hosts
-  copy: src=$files/denyhosts/allowed-hosts dest=/var/lib/denyhosts/allowed-hosts
-  notify:
-  - restart denyhosts
-  tags:
-  - config
-
- name: enable the service
-  service: name=denyhosts state=running enabled=true
-  tags:
-  - service
-
--- a/tasks/fas_client.yml
+++ b/tasks/fas_client.yml
@ -1,80 +0,0 @@
---
-#
-# This task sets up fasClient on a machine. 
-# It installs the fas-clients package, then the /etc/fas.conf and finally a cron job update.
-#
-
-#
-# fas-clients is in the infrastructure repo. 
-# nss_db is needed to store user/group info.
-#
- name: install package needed for fas-client
-  action: yum state=installed name=$item
-  with_items:
-  - fas-clients
-  - cronie
-  tags:
-  - packages
-
- name: hotfix - python-fedora proxyclient.py 
-  copy: >
-    src=$files/hotfix/python-fedora/proxyclient.py
-    dest=/usr/lib/python2.6/site-packages/fedora/client/proxyclient.py
-    owner=root mode=644
-  only_if: "'${ansible_distribution}' == 'RedHat'"
-  tags:
-  - hotfix
-  - packages
-
- name: install nss_db on rhel hosts only
-  action: yum state=installed name=nss_db
-  only_if: "'${ansible_distribution}' == 'RedHat'"
-  tags:
-  - packages
-
-#
-# setup /etc/nsswitch.conf to use nssdb
-#
- name: setup /etc/nsswitch.conf for client use
-  action: copy src=$files/fas-client/nsswitch.conf  dest=/etc/nsswitch.conf owner=root mode=644
-  tags:
-  - config
-
-#
-# fasClients needs a valid /etc/fas.conf. 
-# There's vars used in this template: 
-#
-# fas_client_groups = "sysadmin-main"
-# fas_client_restricted_app = ""
-# fas_client_admin_app = ""
-# fas_client_ssh_groups = ""
-#
-# if desired, set them on a per host/group basis. 
-#
-# Currently the default template is used, but could be modified on a host basis. 
-#
- name: setup /etc/fas.conf for client use
-  action: template src=$item dest=/etc/fas.conf owner=root mode=600
-  with_first_found:
-  - $files/fas-client/${ansible_fqdn}.fas.conf.j2 
-  - $files/fas-client/${ansible_hostname}.fas.conf.j2 
-  - $files/fas-client/${ansible_hostname}.fas.conf.j2 
-  - $files/fas-client/fas.conf.j2
-  tags:
-  - config
-  notify:
-  - run fasclient
-
-#
-# setup /etc/cron.d/ file to run sync every 10min
-# TODO: use cron module when it's fixed
-#
-#- name: fas_client cron job
-#  cron: name="fas client" user=root cron_file=fas-client minute="*/10" job="/usr/bin/fasClient -i"
-#  tags:
-#  - config
-
- name: fas_client cron job
-  action: copy src=$files/fas-client/fas-client.cron dest=/etc/cron.d/fas-client owner=root mode=644
-  tags:
-  - config
--- a/tasks/geoip.yml
+++ b/tasks/geoip.yml
@ -1,15 +0,0 @@
---
-# install python-geoIP
- name: install python-GeoIP
-  yum: name=python-GeoIP state=installed
-  tags:
-  - packages
-
- name: push over the geoip db once
-  copy: src=$item dest=/usr/share/GeoIP/
-  with_fileglob: $bigfiles/geoip/*.dat
-
- name: geoip syncing script via cron
-  copy: src=$files/geoip/geoip_sync dest=/etc/cron.d/geoip_sync mode=0644
-
-
--- a/tasks/mirrorlist.yml
+++ b/tasks/mirrorlist.yml
@ -1,48 +0,0 @@
---
-# tasklist for setting up the mirrorlist app components
-# create mirrormanager user
- name: add mirrormanager user - uid 441
-  user: name=mirrormanager uid=441 state=present home=/home/mirrormanager createhome=yes
-
- name: install supervisor and mirrormanager
-  yum: pkg=$item state=installed
-  with_items:
-  - supervisor
-  - mirrormanager
-  tags:
-  - packages
-
-# mirrormanager user ssh key(s)
- name: add authorized_keys for mirrormanager
-  authorized_key: key="{{ item }}" user=mirrormanager state=present
-  with_file:
-  - $files/mirrorlist/mm-authorized_key
-
-# install mirrorlist-server.conf apache config
- name: mirrorlist-server apache conf
-  copy: src=$files/mirrorlist/mirrorlist-server.conf dest=/etc/httpd/conf.d/mirrorlist-server.conf
-  notify:
-  - restart apache
-  tags:
-  - config
-
-# nuke mirrormanager.conf so that it doesn't start up
- name: kill /etc/httpd/conf.d/mirrrormanager.conf
-  copy: 'content="#blanked on purpose" dest=/etc/httpd/conf.d/mirrormanager.conf'
-  notify:
-  - restart apache
-  tags:
-  - config
-
-# selinux policy - mirrormanager - put in place - for the sockfile
-# 
-
-# setup and configure supervisord
- name: /etc/supervisord.conf
-  copy: src=$files/mirrorlist/supervisord.conf dest=/etc/supervisord.conf mode=0644
-  notify:
-  - restart supervisord
-
- name: enable supervisord
-  service: name=supervisord state=started enabled=yes
-
--- a/tasks/nagios_client.yml
+++ b/tasks/nagios_client.yml
@ -1,63 +0,0 @@
-# nagios-client/nrpe
-
---
-# install pkgs:
- name: install nagios client pkgs
-  yum: name=$item state=installed
-  with_items:
-  - nrpe
-  - nagios-plugins
-  - nagios-plugins-disk
-  - nagios-plugins-file_age
-  - nagios-plugins-users
-  - nagios-plugins-procs
-  - nagios-plugins-swap
-  - nagios-plugins-load
-  - nagios-plugins-ping
-  tags:
-  - packages
-
- name: install local nrpe check scripts that are not packaged
-  copy: src=$files/nagios/client/scripts/$item dest=/usr/lib64/nagios/plugins/$item mode=0755 owner=nagios group=nagios
-  with_items:
-  - check_postfix_queue
-  - check_raid.py
-  - check_lock
-
-# create dirs
-# puppet used to make /var/spool/nagios (owned by nagios.nagios) mode 750
-# and /usr/lib/nagios/plugins (owned by root) mode 755 - but we don't know WHY 
-# then stuff it with plugins from the plugins dir in the nagios module
-# then we symlinked that to /usr/lib64/nagios/plugins
-# it was a nightmare - don't do that - my ghost will haunt you if you do
-# skvidal 2013-05-21
-
-
-# FIXME? figure out nrpe selinux policy of DOOM is needed
-
- name: /etc/nagios/nrpe.cfg
-  template: src=$files/nagios/client/nrpe.cfg dest=/etc/nagios/nrpe.cfg
-  notify:
-  - restart nrpe
-  tags:
-  - config
-
- name: install nrpe client configs
-  template: src=$files/nagios/client/$item dest=/etc/nrpe.d/$item
-  with_items:
-  - check_mirrorlist_cache.cfg
-  - check_raid.cfg
-  - check_cron.cfg
-  - check_disk.cfg
-  - check_swap.cfg
-  - check_postfix_queue.cfg
-  - check_lock.cfg
-  notify:
-  - restart nrpe
-  tags:
-  - config
-
- name: nrpe service start
-  service: name=nrpe state=running enabled=true
-  tags:
-  - service
--- a/tasks/postgresql_server.yml
+++ b/tasks/postgresql_server.yml
@ -1,27 +0,0 @@
---
-#
-# Setup postgresql server. 
-#
- name: install postgresql server packages
-  yum: name=$item state=installed
-  with_items:
-  - postgresql-server
-  - postgresql-contrib
-  - postgresql-plpython
-  tags:
-  - packages
-
- name: initialize postgresql
-  command: service postgresql initdb
-           creates=/var/lib/pgsql/data/postgresql.conf
-  ignore_errors: true
-  tags:
-  - service
-
- name: Set postgresql-server to run on boot
-  service: name=postgresql enabled=yes
-  ignore_errors: true
-  notify:
-  - restart postgresql
-  tags:
-  - service
--- a/tasks/rkhunter.yml
+++ b/tasks/rkhunter.yml
@ -1,18 +0,0 @@
---
-
- name: install rkhunter
-  yum: name=rkhunter state=present
-  tags:
-  - packages
-
- name: rkhunter.conf
-  template: src=$files/rkhunter/rkhunter.conf.j2 dest=/etc/rkhunter.conf mode=0640
-  tags:
-  - config
-
- name: rkhunter sysconfig
-  copy: src=$files/rkhunter/rkhunter.sysconfig dest=/etc/sysconfig/rkhunter mode=0640
-  tags:
-  - config
-
-