Add a sign-bridge01 and move around some sign stuff

inventory/group_vars/sign

@@ -2,3 +2,12 @@
 freezes: true
 postfix_group: sign
 host_group: sign
+
+# Define resources for this group of hosts here. 
+lvm_size: 10000
+mem_size: 4096
+num_cpus: 4
+
+tcp_ports: [ 44333, 44334 ]
+
+fas_client_groups: sysadmin-releng

inventory/group_vars/sign-bridge01.phx2.fedoraproject.org

@@ -0,0 +1,12 @@
+---
+nm: 255.255.255.0
+gw: 10.5.125.254
+dns: 10.5.126.21
+
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
+ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
+volgroup: /dev/vg_bvirthost06
+vmhost: bvirthost06.phx2.fedoraproject.org
+datacenter: phx2
+
+eth0_ip: 10.5.125.71

inventory/inventory

@@ -207,8 +207,10 @@ releng04.phx2.fedoraproject.org
 relepel01.phx2.fedoraproject.org
 
 # sign servers don't listen to ssh by default. 
-#[sign]
-#sign-bridge02.phx2.fedoraproject.org
+[sign-bridge]
+sign-bridge01.phx2.fedoraproject.org
+#
+#[sign-vault]
 #sign-vault03.phx2.fedoraproject.org
 #sign-vault04.phx2.fedoraproject.org
 

playbooks/manual/sign-bridge.yml

@@ -0,0 +1,49 @@
+# provision a new sign server.
+# NOTE: this assumes the boxes are already up and are accessible
+# NOTE: most of these vars_path come from group_vars/sign or from hostvars
+#
+# FURTHER NOTE: some of These machines run day to day with sshd disabled/off. 
+# Access is via management interface only. This playbook does initial setup. 
+# Please check with rel-eng before doing anything here. 
+
+- name: make sign-bridge server vm
+  hosts: sign-bridge
+  user: root
+  gather_facts: False
+  accelerate: "{{ accelerated }}"
+
+  vars_files:
+   - /srv/web/infra/ansible/vars/global.yml
+   - "{{ private }}/vars.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  tasks:
+  - include: "{{ tasks }}/virt_instance_create.yml"
+  - include: "{{ tasks }}/accelerate_prep.yml"
+
+  handlers:
+  - include: "{{ handlers }}/restart_services.yml"
+
+- name: configure sign bridge server
+  hosts: sign-bridge
+  user: root
+  gather_facts: true
+
+  vars_files: 
+   - /srv/web/infra/ansible/vars/global.yml
+   - "{{ private }}/vars.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  roles:
+  - base
+  - rkhunter
+  - hosts
+  - fas_client
+  - sudo
+
+  tasks:
+  - include: "{{ tasks }}/motd.yml"
+  - include: "{{ tasks }}/sign_setup.yml"
+
+  handlers:
+  - include: "{{ handlers }}/restart_services.yml"

playbooks/manual/sign-vault.yml

@@ -6,8 +6,8 @@
 # Access is via management interface only. This playbook does initial setup. 
 # Please check with rel-eng before doing anything here. 
 
-- name: make sign server
-  hosts: sign
+- name: make sign vault server
+  hosts: sign-vault
   user: root
   gather_facts: true