From db5b67207d7ffb4d150e45354f583f2c594a590c Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Tue, 16 Jun 2015 19:06:24 +0000 Subject: [PATCH] First rough cut at a people01. Many bugfixes ahead I am sure. --- ...project.org => people01.fedoraproject.org} | 23 +- playbooks/groups/people.yml | 60 ++-- .../files/ccd/people01.fedoraproject.org | 2 + roles/people/tasks/main.yml | 26 ++ roles/planet/tasks/main.yml | 291 +++++++++++++++--- 5 files changed, 317 insertions(+), 85 deletions(-) rename inventory/host_vars/{people02.fedoraproject.org => people01.fedoraproject.org} (65%) create mode 100644 roles/openvpn/server/files/ccd/people01.fedoraproject.org create mode 100644 roles/people/tasks/main.yml diff --git a/inventory/host_vars/people02.fedoraproject.org b/inventory/host_vars/people01.fedoraproject.org similarity index 65% rename from inventory/host_vars/people02.fedoraproject.org rename to inventory/host_vars/people01.fedoraproject.org index eee061a41a..1c45d6fc1c 100644 --- a/inventory/host_vars/people02.fedoraproject.org +++ b/inventory/host_vars/people01.fedoraproject.org @@ -1,26 +1,25 @@ --- freezes: false -datacenter: internetx -host_backup_targets: ['/srv/web'] +datacenter: ibiblio +#host_backup_targets: ['/srv/web'] -nm: 255.255.255.240 -gw: 85.236.55.1 +nm: 255.255.255.128 +gw: 152.19.134.129 dns: 8.8.8.8 - -ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7 -ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ - -vmhost: internetx01.fedoraproject.org -volgroup: /dev/VolGuests00 -eth0_ip: 85.236.55.7 +volgroup: /dev/vg_guests +eth0_ip: 152.19.134.196 +ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext +ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/ postfix_group: vpn +vmhost: ibiblio03.fedoraproject.org +datacenter: ibiblio tcp_ports: [80, 443, 9418] nrpe_procs_warn: 900 nrpe_procs_crit: 1000 -lvm_size: 20000 +lvm_size: 1t mem_size: 8192 num_cpus: 4 diff --git a/playbooks/groups/people.yml b/playbooks/groups/people.yml index 40bfcb93dc..7629fb1348 100644 --- a/playbooks/groups/people.yml +++ b/playbooks/groups/people.yml @@ -2,11 +2,9 @@ # # - name: make the people server - hosts: people02.fedoraproject.org + hosts: people01.fedoraproject.org user: root gather_facts: False - accelerate: "{{ accelerated }}" - vars_files: - /srv/web/infra/ansible/vars/global.yml @@ -20,10 +18,9 @@ - include: "{{ handlers }}/restart_services.yml" - name: make the box be real - hosts: people02.fedoraproject.org + hosts: people01.fedoraproject.org user: root gather_facts: True - accelerate: "{{ accelerated }}" vars_files: - /srv/web/infra/ansible/vars/global.yml @@ -39,21 +36,39 @@ - rkhunter - rsyncd - sudo - - { role: denyhosts, when: ansible_distribution_major_version|int != 7 } - { role: openvpn/client, when: env != "staging" } - - { role: collectd/fedmsg-service, process: fedmsg-hub } - - apache - - git/hooks - - git/make_checkout_seed - - git/server - - gitolite/base - - gitolite/check_fedmsg_hooks - cgit/base - cgit/clean_lock_cron - cgit/make_pkgs_list - clamav - - distgit + - fedmsg/base + - role: apache + + - role: httpd/mod_ssl + + - role: httpd/certificate + name: wildcard-2014.fedorapeople.org + SSLCertificateChainFile: wildcard-2014.fedorapeople.org.intermediate.cert + + - role: httpd/certificate + name: planet.fedoraproject.org + SSLCertificateChainFile: planet.fedoraproject.org.org.intermediate.cert + + - role: httpd/website + name: fedorapeople.org + cert_name: wildcard-2014.fedorapeople.org + server_aliases: + - *.fedorapeople.org + + - role: httpd/website + name: fedoraplanet.org + + - role: httpd/website + cert_name: planet.fedoraproject.org + name: planet.fedoraproject.org + + - role: planet tasks: - include: "{{ tasks }}/yumrepos.yml" @@ -62,20 +77,3 @@ handlers: - include: "{{ handlers }}/restart_services.yml" - -- name: setup fedmsg on people - hosts: people02.fedoraproject.org - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - fedmsg/base - - fedmsg/hub - - handlers: - - include: "{{ handlers }}/restart_services.yml" diff --git a/roles/openvpn/server/files/ccd/people01.fedoraproject.org b/roles/openvpn/server/files/ccd/people01.fedoraproject.org new file mode 100644 index 0000000000..39ed86b578 --- /dev/null +++ b/roles/openvpn/server/files/ccd/people01.fedoraproject.org @@ -0,0 +1,2 @@ +# ifconfig-push actualIP PtPIP +ifconfig-push 192.168.100.9 192.168.100.9 diff --git a/roles/people/tasks/main.yml b/roles/people/tasks/main.yml new file mode 100644 index 0000000000..5eaef30f53 --- /dev/null +++ b/roles/people/tasks/main.yml @@ -0,0 +1,26 @@ +--- +# +# Install packages needed for fedora people +# +- name: install packages needed for fedora people + yum: name={{ item }} state=present + with_items: + - cvs + - git + - bzr + - mercurial + - lftp + - quota + - nano + - pyliblzma + tags: + - packages + +- name: set selinux booleans needed for people + seboolean: name=httpd_enable_homedirs state=true persistent=true + with_items: + - httpd_enable_homedirs + - git_cgi_enable_homedirs + - git_system_enable_homedirs + + diff --git a/roles/planet/tasks/main.yml b/roles/planet/tasks/main.yml index 8b6a15129a..27ccf63181 100644 --- a/roles/planet/tasks/main.yml +++ b/roles/planet/tasks/main.yml @@ -17,7 +17,14 @@ tags: - planet_server -- name: ad planet config directory +- name: install the planet packages + yum: pkg={{item}} state=present + with_items: + - venus + tags: + - planet_server + +- name: add base planet config directory file: path=/etc/planet state=directory owner=root group=root mode=0775 tags: - planet_server @@ -26,62 +33,262 @@ copy: src=fpbuilder.conf dest=/etc/planet/fpbuilder.conf mode=0644 owner=root group=root tags: - planet_server - -- name: create planet directory - file: path={{ item }} state=directory owner=planet-user group=web mode=0775 - with_item: - - /srv/planet - - /srv/planet/site - - /srv/planet/config -- name: install the planet packages - yum: pkg={{item}} state=present - with_items: - - venus - tags: - - planet_server - -- name: copy the planet cron job - copy: src=planet-cron dest=/etc/cron.d/planet-cron - tags: - - planet_server - -- name: copy the planet http config file - copy: src=planet-httpd.conf dest=/etc/httpd/conf.d/planet.conf - tags: - - planet_server +#- name: copy the planet http config file +# copy: src=planet-httpd.conf dest=/etc/httpd/conf.d/planet.conf +# tags: +# - planet_server - name: copy the run planet-config script copy: src=pull-run-planet-config.sh dest=/usr/local/bin/pull-run-planet-config.sh tags: - planet_server +- name: create planet directory + file: path={{ item }} state=directory owner=planet-user group=web mode=0775 + with_item: + - /srv/planet/site + - /srv/planet/config + - name: copy the run-planet script copy: src=run-planet.sh dest=srv/planet/config/run-planet tags: - planet_server -## -## This is the area where we put in each sub-planets congfigs -## -- name: create sub-planet for {{ argv }} +# +# base planet.fedoraproject.org planet +# + +- name: create planet directory (people) file: path={{ item }} state=directory owner=planet-user group=web mode=0775 with_item: - - /srv/planet/site/people/ - - /srv/planet/site/people/css - - /srv/planet/site/people/images - - /srv/planet/site/people/images/heads + - /etc/planet/people + - /srv/planet/site/people - /srv/planet/config/people - - /srv/planet/config/people/templates - tags: - - planet_people -- name: copy base people config file - copy: src=people_base_config dest=/etc/planet/people_base_config +- name: copy the planet cron job (people) + copy: src=planet-cron dest=/etc/cron.d/planet-cron tags: - - planet_people - -- name: copy over trees to site - copy: src=sub-planets/people/site/css dest=/srv/planet/site/people/css + - planet_server + +# +# design +# + +- name: create planet directory (design) + file: path={{ item }} state=directory owner=planet-user group=web mode=0775 + with_item: + - /etc/planet/design + - /srv/planet/config/design + - /srv/planet/site/design + +- name: copy the planet cron job (design) + copy: src=sub-planets/design/planet-group.cron dest=/etc/cron.d/planet-design.cron tags: - - planet_people + - planet_server + +- name: copy the planet fpbulder.conf (design) + copy: src=sub-planets/design/fpbuilder.conf dest=/etc/planet/design/fpbuilder.conf + tags: + - planet_server + +- name: copy the cache and templates (design) + copy: src=sub-planets/design/{{ item }} dest=/srv/planet/config/design/{{ item }} + with_item: + - cache + - templates + tags: + - planet_server + +- name: copy the css and images (design) + copy: src=sub-planets/design/{{ item }} dest=/srv/planet/site/design/{{ item }} + with_item: + - css + - images + tags: + - planet_server +# +# desktop +# + +- name: create planet directory (desktop) + file: path={{ item }} state=directory owner=planet-user group=web mode=0775 + with_item: + - /etc/planet/desktop + - /srv/planet/config/desktop + - /srv/planet/site/desktop + +- name: copy the planet cron job (desktop) + copy: src=sub-planets/desktop/planet-group.cron dest=/etc/cron.d/planet-desktop.cron + tags: + - planet_server + +- name: copy the planet fpbulder.conf (desktop) + copy: src=sub-planets/desktop/fpbuilder.conf dest=/etc/planet/desktop/fpbuilder.conf + tags: + - planet_server + +- name: copy the cache and templates (desktop) + copy: src=sub-planets/desktop/{{ item }} dest=/srv/planet/config/desktop/{{ item }} + with_item: + - cache + - templates + tags: + - planet_server + +- name: copy the css and images (desktop) + copy: src=sub-planets/desktop/{{ item }} dest=/srv/planet/site/desktop/{{ item }} + with_item: + - css + - images + tags: + - planet_server + +# +# edited +# + +- name: create planet directory (edited) + file: path={{ item }} state=directory owner=planet-user group=web mode=0775 + with_item: + - /etc/planet/edited + - /srv/planet/config/edited + - /srv/planet/site/edited + +- name: copy the planet cron job (edited) + copy: src=sub-planets/edited/planet-group.cron dest=/etc/cron.d/planet-edited.cron + tags: + - planet_server + +- name: copy the planet fpbulder.conf (edited) + copy: src=sub-planets/edited/fpbuilder.conf dest=/etc/planet/edited/fpbuilder.conf + tags: + - planet_server + +- name: copy the cache and templates (edited) + copy: src=sub-planets/edited/{{ item }} dest=/srv/planet/config/edited/{{ item }} + with_item: + - cache + - templates + tags: + - planet_server + +- name: copy the css and images (edited) + copy: src=sub-planets/edited/{{ item }} dest=/srv/planet/site/edited/{{ item }} + with_item: + - css + - images + tags: + - planet_server + +# +# people +# + +- name: create planet directory (people) + file: path={{ item }} state=directory owner=planet-user group=web mode=0775 + with_item: + - /etc/planet/people + - /srv/planet/config/people + - /srv/planet/site/people + +- name: copy the planet cron job (people) + copy: src=sub-planets/people/planet-group.cron dest=/etc/cron.d/planet-people.cron + tags: + - planet_server + +- name: copy the planet fpbulder.conf (people) + copy: src=sub-planets/people/fpbuilder.conf dest=/etc/planet/people/fpbuilder.conf + tags: + - planet_server + +- name: copy the cache and templates (people) + copy: src=sub-planets/people/{{ item }} dest=/srv/planet/config/people/{{ item }} + with_item: + - cache + - templates + tags: + - planet_server + +- name: copy the css and images (people) + copy: src=sub-planets/people/{{ item }} dest=/srv/planet/site/people/{{ item }} + with_item: + - css + - images + tags: + - planet_server + +# +# security +# + +- name: create planet directory (security) + file: path={{ item }} state=directory owner=planet-user group=web mode=0775 + with_item: + - /etc/planet/security + - /srv/planet/config/security + - /srv/planet/site/security + +- name: copy the planet cron job (security) + copy: src=sub-planets/security/planet-group.cron dest=/etc/cron.d/planet-security.cron + tags: + - planet_server + +- name: copy the planet fpbulder.conf (security) + copy: src=sub-planets/security/fpbuilder.conf dest=/etc/planet/security/fpbuilder.conf + tags: + - planet_server + +- name: copy the cache and templates (security) + copy: src=sub-planets/security/{{ item }} dest=/srv/planet/config/security/{{ item }} + with_item: + - cache + - templates + tags: + - planet_server + +- name: copy the css and images (security) + copy: src=sub-planets/security/{{ item }} dest=/srv/planet/site/security/{{ item }} + with_item: + - css + - images + tags: + - planet_server + +# +# summer-coding +# + +- name: create planet directory (summer-coding) + file: path={{ item }} state=directory owner=planet-user group=web mode=0775 + with_item: + - /etc/planet/summer-coding + - /srv/planet/config/summer-coding + - /srv/planet/site/summer-coding + +- name: copy the planet cron job (summer-coding) + copy: src=sub-planets/summer-coding/planet-group.cron dest=/etc/cron.d/planet-summer-coding.cron + tags: + - planet_server + +- name: copy the planet fpbulder.conf (summer-coding) + copy: src=sub-planets/summer-coding/fpbuilder.conf dest=/etc/planet/summer-coding/fpbuilder.conf + tags: + - planet_server + +- name: copy the cache and templates (summer-coding) + copy: src=sub-planets/summer-coding/{{ item }} dest=/srv/planet/config/summer-coding/{{ item }} + with_item: + - cache + - templates + tags: + - planet_server + +- name: copy the css and images (summer-coding) + copy: src=sub-planets/summer-coding/{{ item }} dest=/srv/planet/site/summer-coding/{{ item }} + with_item: + - css + - images + tags: + - planet_server +