fedimg ansible files, take 2

add a fedimg.cfg template add comment about unused config vars need check for denyhosts and fas_client needs to be before nagios_client maybe this template setup is proper? fedmsg.d/ template fedimg.cfg should be owned by fedmsg and have more strict perms Signed-off-by: David Gay <oddshocks@riseup.net>
2014-09-15 12:47:29 -07:00 · 2014-09-15 12:47:29 -07:00 · bb73d1b6d2
commit bb73d1b6d2
parent 8fbe7f8fcf
4 changed files with 112 additions and 2 deletions
--- a/playbooks/groups/fedimg.yml
+++ b/playbooks/groups/fedimg.yml
@ -1,3 +1,6 @@
+# create a new fedimg server
+# NOTE: make sure there is room/space for this server on the vmhost
+
 - name: make fedimg server
  hosts: fedimg;fedimg-stg
  user: root
@ -34,6 +37,10 @@
  - collectd/base
  - fedmsg/base
  - sudo
+  # The proxies don't actually need to talk to these hosts so we won't bother
+  # putting them on the vpn.
+  #- { role: openvpn/client,
+  #    when: env != "staging" }

  tasks:
  - include: "{{ tasks }}/yumrepos.yml"
@ -50,14 +57,14 @@

  roles:
  - fedmsg/hub
-  #- fedimg
+  - fedimg
  - role: collectd/fedmsg-service
    process: fedmsg-hub

  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
   - "{{ private }}/vars.yml"
-   - "{{ vars_path }}/{{ ansible_distribution }}.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  handlers:
  - include: "{{ handlers }}/restart_services.yml"
--- a/roles/fedimg/tasks/main.yml
+++ b/roles/fedimg/tasks/main.yml
@ -0,0 +1,25 @@
+---
+# Configuration for the notifications consumer
+
+- name: install needed packages
+  yum: pkg={{ item }} state=installed
+  with_items:
+  - koji
+  - fedmsg
+  - python-paramiko
+  - python-libcloud
+  - python-fedimg
+
+- name: copy base configuration
+  template: >
+    src=fedimg.cfg dest=/etc/fedimg.cfg
+    owner=fedmsg group=fedmsg mode=0700
+  notify:
+  - restart fedmsg-hub
+
+- name: copy koji fedmsg consumer
+  template: >
+    src=fedmsg.d/fedimg.py dest=/etc/fedmsg.d/fedimg.py
+    owner=fedmsg group=fedmsg mode=0600
+  notify:
+  - restart fedmsg-hub
--- a/roles/fedimg/templates/fedimg.cfg
+++ b/roles/fedimg/templates/fedimg.cfg
@ -0,0 +1,54 @@
+[koji]
+{% if env == 'staging' %}
+server = https://koji.stg.fedoraproject.org/kojihub
+# The two adjacent slashes in the below URL are _not_ a typo.
+base_task_url = https://kojipkgs.stg.fedoraproject.org//work/tasks
+{% else %}
+server = https://koji.fedoraproject.org/kojihub
+# The two adjacent slashes in the below URL are _not_ a typo.
+base_task_url = https://kojipkgs.fedoraproject.org//work/tasks
+{% endif %}
+
+[aws]
+util_username = {{aws_util_username}}
+test_username = {{aws_test_username}}
+access_id = {{aws_access_id}}
+secret_key = {{aws_secret_key}}
+iam_profile = {{aws_iam_profile}}
+keyname = {{aws_keyname}}
+keypath = {{aws_keypath}}
+pubkeypath = {{aws_pubkeypath}}
+test = /bin/true
+amis = ap-northeast-1|RHEL|6.5|x86_64|ami-e7aee0e6|aki-176bf516
+       ap-southeast-1|RHEL|6.5|x86_64|ami-c683df94|aki-503e7402
+       ap-southeast-2|RHEL|6.5|x86_64|ami-41ra8f7b|aki-c362fff9
+       eu-west-1|RHEL|6.5|x86_64|ami-81f23cf6|aki-52a34525
+       sa-east-1|RHEL|6.5|x86_64|ami-b7ec43aa|aki-5553f448
+       us-east-1|RHEL|6.5|x86_64|ami-be6a98d6|aki-919dcaf8
+       us-west-1|RHEL|6.5|x86_64|ami-fc393eb9|aki-880531cd
+       us-west-2|RHEL|6.5|x86_64|ami-79daa849|aki-fc8f11cc
+       ap-northeast-1|RHEL|6.5|i386|ami-c7bff1c6|aki-136bf512
+       ap-southeast-1|RHEL|6.5|i386|ami-9eb8e4cc|aki-ae3973fc
+       ap-southeast-2|RHEL|6.5|i386|ami-87f194bd|aki-cd62fff7
+       eu-west-1|RHEL|6.5|i386|ami-7101cf06|aki-68a3451f
+       sa-east-1|RHEL|6.5|i386|ami-e9e847f4|aki-5b53f446
+       us-east-1|RHEL|6.5|i386|ami-acac51c4|aki-8f9dcae6
+       us-west-1|RHEL|6.5|i386|ami-eacfc8af|aki-8e0531cb
+       us-west-2|RHEL|6.5|i386|ami-25cab815|aki-f08f11c0
+
+# none of the stuff below this line is used right now,
+# so these placeholders can stay
+
+[rackspace]
+username = someuser
+api_key = secretk3y
+
+[gce]
+email = someacct@provider.com
+keypath = /path/to/pem/file
+project_id = someprojectid
+
+[hp]
+username = aperson
+password = somecoolpassword
+tenant = theprojectname
--- a/roles/fedimg/templates/fedmsg.d/fedimg.py
+++ b/roles/fedimg/templates/fedmsg.d/fedimg.py
@ -0,0 +1,24 @@
+# This file is part of fedimg.
+# Copyright (C) 2014 Red Hat, Inc.
+#
+# fedimg is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# fedimg is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public
+# License along with fedimg; if not, see http://www.gnu.org/licenses,
+# or write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+#
+# Authors:  David Gay <dgay@redhat.com>
+#
+
+config = dict(
+    kojiconsumer=True,
+)