From d2b53039fdf932b9f1efe1ebaa94ecd19608b893 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Tue, 15 Jul 2014 17:13:55 +0000
Subject: [PATCH] Add a sign-bridge01 and move around some sign stuff

---
 inventory/group_vars/sign                     |  9 ++++
 .../sign-bridge01.phx2.fedoraproject.org      | 12 +++++
 inventory/inventory                           |  6 ++-
 playbooks/manual/sign-bridge.yml              | 49 +++++++++++++++++++
 playbooks/manual/{sign.yml => sign-vault.yml} |  4 +-
 5 files changed, 76 insertions(+), 4 deletions(-)
 create mode 100644 inventory/group_vars/sign-bridge01.phx2.fedoraproject.org
 create mode 100644 playbooks/manual/sign-bridge.yml
 rename playbooks/manual/{sign.yml => sign-vault.yml} (94%)

diff --git a/inventory/group_vars/sign b/inventory/group_vars/sign
index 61a827bf1d..d58e1cccfc 100644
--- a/inventory/group_vars/sign
+++ b/inventory/group_vars/sign
@@ -2,3 +2,12 @@
 freezes: true
 postfix_group: sign
 host_group: sign
+
+# Define resources for this group of hosts here. 
+lvm_size: 10000
+mem_size: 4096
+num_cpus: 4
+
+tcp_ports: [ 44333, 44334 ]
+
+fas_client_groups: sysadmin-releng
diff --git a/inventory/group_vars/sign-bridge01.phx2.fedoraproject.org b/inventory/group_vars/sign-bridge01.phx2.fedoraproject.org
new file mode 100644
index 0000000000..a43311f567
--- /dev/null
+++ b/inventory/group_vars/sign-bridge01.phx2.fedoraproject.org
@@ -0,0 +1,12 @@
+---
+nm: 255.255.255.0
+gw: 10.5.125.254
+dns: 10.5.126.21
+
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
+ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
+volgroup: /dev/vg_bvirthost06
+vmhost: bvirthost06.phx2.fedoraproject.org
+datacenter: phx2
+
+eth0_ip: 10.5.125.71
diff --git a/inventory/inventory b/inventory/inventory
index 196ae8d7f4..ca8b9e2d87 100644
--- a/inventory/inventory
+++ b/inventory/inventory
@@ -207,8 +207,10 @@ releng04.phx2.fedoraproject.org
 relepel01.phx2.fedoraproject.org
 
 # sign servers don't listen to ssh by default. 
-#[sign]
-#sign-bridge02.phx2.fedoraproject.org
+[sign-bridge]
+sign-bridge01.phx2.fedoraproject.org
+#
+#[sign-vault]
 #sign-vault03.phx2.fedoraproject.org
 #sign-vault04.phx2.fedoraproject.org
 
diff --git a/playbooks/manual/sign-bridge.yml b/playbooks/manual/sign-bridge.yml
new file mode 100644
index 0000000000..95782334f3
--- /dev/null
+++ b/playbooks/manual/sign-bridge.yml
@@ -0,0 +1,49 @@
+# provision a new sign server.
+# NOTE: this assumes the boxes are already up and are accessible
+# NOTE: most of these vars_path come from group_vars/sign or from hostvars
+#
+# FURTHER NOTE: some of These machines run day to day with sshd disabled/off. 
+# Access is via management interface only. This playbook does initial setup. 
+# Please check with rel-eng before doing anything here. 
+
+- name: make sign-bridge server vm
+  hosts: sign-bridge
+  user: root
+  gather_facts: False
+  accelerate: "{{ accelerated }}"
+
+  vars_files:
+   - /srv/web/infra/ansible/vars/global.yml
+   - "{{ private }}/vars.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  tasks:
+  - include: "{{ tasks }}/virt_instance_create.yml"
+  - include: "{{ tasks }}/accelerate_prep.yml"
+
+  handlers:
+  - include: "{{ handlers }}/restart_services.yml"
+
+- name: configure sign bridge server
+  hosts: sign-bridge
+  user: root
+  gather_facts: true
+
+  vars_files: 
+   - /srv/web/infra/ansible/vars/global.yml
+   - "{{ private }}/vars.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  roles:
+  - base
+  - rkhunter
+  - hosts
+  - fas_client
+  - sudo
+
+  tasks:
+  - include: "{{ tasks }}/motd.yml"
+  - include: "{{ tasks }}/sign_setup.yml"
+
+  handlers:
+  - include: "{{ handlers }}/restart_services.yml"
diff --git a/playbooks/manual/sign.yml b/playbooks/manual/sign-vault.yml
similarity index 94%
rename from playbooks/manual/sign.yml
rename to playbooks/manual/sign-vault.yml
index deadb217bf..2f44185744 100644
--- a/playbooks/manual/sign.yml
+++ b/playbooks/manual/sign-vault.yml
@@ -6,8 +6,8 @@
 # Access is via management interface only. This playbook does initial setup. 
 # Please check with rel-eng before doing anything here. 
 
-- name: make sign server
-  hosts: sign
+- name: make sign vault server
+  hosts: sign-vault
   user: root
   gather_facts: true