Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

First rough cut at a people01. Many bugfixes ahead I am sure.

Browse source
This commit is contained in:
Kevin Fenzi 2015-06-16 19:06:24 +00:00
parent b4f5637962
commit db5b67207d
5 changed files with 317 additions and 85 deletions
Download patch file Download diff file Expand all files Collapse all files

23
inventory/host_vars/people02.fedoraproject.org → inventory/host_vars/people01.fedoraproject.org
View file

@ -1,26 +1,25 @@
--- ---
freezes: false freezes: false
datacenter: internetx datacenter: ibiblio
host_backup_targets: ['/srv/web'] #host_backup_targets: ['/srv/web']
nm: 255.255.255.240 nm: 255.255.255.128
gw: 85.236.55.1 gw: 152.19.134.129
dns: 8.8.8.8 dns: 8.8.8.8
volgroup: /dev/vg_guests
ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7 eth0_ip: 152.19.134.196
ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext
ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/
vmhost: internetx01.fedoraproject.org
volgroup: /dev/VolGuests00
eth0_ip: 85.236.55.7
postfix_group: vpn postfix_group: vpn
vmhost: ibiblio03.fedoraproject.org
datacenter: ibiblio
tcp_ports: [80, 443, 9418] tcp_ports: [80, 443, 9418]
nrpe_procs_warn: 900 nrpe_procs_warn: 900
nrpe_procs_crit: 1000 nrpe_procs_crit: 1000
lvm_size: 20000 lvm_size: 1t
mem_size: 8192 mem_size: 8192
num_cpus: 4 num_cpus: 4

60
playbooks/groups/people.yml
View file

@ -2,11 +2,9 @@
# #
# #
- name: make the people server - name: make the people server
hosts: people02.fedoraproject.org hosts: people01.fedoraproject.org
user: root user: root
gather_facts: False gather_facts: False
accelerate: "{{ accelerated }}"
vars_files: vars_files:
- /srv/web/infra/ansible/vars/global.yml - /srv/web/infra/ansible/vars/global.yml
@ -20,10 +18,9 @@
- include: "{{ handlers }}/restart_services.yml" - include: "{{ handlers }}/restart_services.yml"
- name: make the box be real - name: make the box be real
hosts: people02.fedoraproject.org hosts: people01.fedoraproject.org
user: root user: root
gather_facts: True gather_facts: True
accelerate: "{{ accelerated }}"
vars_files: vars_files:
- /srv/web/infra/ansible/vars/global.yml - /srv/web/infra/ansible/vars/global.yml
@ -39,21 +36,39 @@
- rkhunter - rkhunter
- rsyncd - rsyncd
- sudo - sudo
- { role: denyhosts, when: ansible_distribution_major_version|int != 7 }
- { role: openvpn/client, when: env != "staging" } - { role: openvpn/client, when: env != "staging" }
- { role: collectd/fedmsg-service, process: fedmsg-hub }
- apache
- git/hooks
- git/make_checkout_seed
- git/server
- gitolite/base
- gitolite/check_fedmsg_hooks
- cgit/base - cgit/base
- cgit/clean_lock_cron - cgit/clean_lock_cron
- cgit/make_pkgs_list - cgit/make_pkgs_list
- clamav - clamav
- distgit - fedmsg/base
- role: apache
- role: httpd/mod_ssl
- role: httpd/certificate
name: wildcard-2014.fedorapeople.org
SSLCertificateChainFile: wildcard-2014.fedorapeople.org.intermediate.cert
- role: httpd/certificate
name: planet.fedoraproject.org
SSLCertificateChainFile: planet.fedoraproject.org.org.intermediate.cert
- role: httpd/website
name: fedorapeople.org
cert_name: wildcard-2014.fedorapeople.org
server_aliases:
- *.fedorapeople.org
- role: httpd/website
name: fedoraplanet.org
- role: httpd/website
cert_name: planet.fedoraproject.org
name: planet.fedoraproject.org
- role: planet
tasks: tasks:
- include: "{{ tasks }}/yumrepos.yml" - include: "{{ tasks }}/yumrepos.yml"
@ -62,20 +77,3 @@
handlers: handlers:
- include: "{{ handlers }}/restart_services.yml" - include: "{{ handlers }}/restart_services.yml"
- name: setup fedmsg on people
hosts: people02.fedoraproject.org
user: root
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- fedmsg/base
- fedmsg/hub
handlers:
- include: "{{ handlers }}/restart_services.yml"

2
roles/openvpn/server/files/ccd/people01.fedoraproject.org Normal file
View file

@ -0,0 +1,2 @@
# ifconfig-push actualIP PtPIP
ifconfig-push 192.168.100.9 192.168.100.9

26
roles/people/tasks/main.yml Normal file
View file

@ -0,0 +1,26 @@
---
#
# Install packages needed for fedora people
#
- name: install packages needed for fedora people
yum: name={{ item }} state=present
with_items:
- cvs
- git
- bzr
- mercurial
- lftp
- quota
- nano
- pyliblzma
tags:
- packages
- name: set selinux booleans needed for people
seboolean: name=httpd_enable_homedirs state=true persistent=true
with_items:
- httpd_enable_homedirs
- git_cgi_enable_homedirs
- git_system_enable_homedirs

291
roles/planet/tasks/main.yml
View file

@ -17,7 +17,14 @@
tags: tags:
- planet_server - planet_server
- name: ad planet config directory - name: install the planet packages
yum: pkg={{item}} state=present
with_items:
- venus
tags:
- planet_server
- name: add base planet config directory
file: path=/etc/planet state=directory owner=root group=root mode=0775 file: path=/etc/planet state=directory owner=root group=root mode=0775
tags: tags:
- planet_server - planet_server
@ -26,62 +33,262 @@
copy: src=fpbuilder.conf dest=/etc/planet/fpbuilder.conf mode=0644 owner=root group=root copy: src=fpbuilder.conf dest=/etc/planet/fpbuilder.conf mode=0644 owner=root group=root
tags: tags:
- planet_server - planet_server
- name: create planet directory
file: path={{ item }} state=directory owner=planet-user group=web mode=0775
with_item:
- /srv/planet
- /srv/planet/site
- /srv/planet/config
- name: install the planet packages #- name: copy the planet http config file
yum: pkg={{item}} state=present # copy: src=planet-httpd.conf dest=/etc/httpd/conf.d/planet.conf
with_items: # tags:
- venus # - planet_server
tags:
- planet_server
- name: copy the planet cron job
copy: src=planet-cron dest=/etc/cron.d/planet-cron
tags:
- planet_server
- name: copy the planet http config file
copy: src=planet-httpd.conf dest=/etc/httpd/conf.d/planet.conf
tags:
- planet_server
- name: copy the run planet-config script - name: copy the run planet-config script
copy: src=pull-run-planet-config.sh dest=/usr/local/bin/pull-run-planet-config.sh copy: src=pull-run-planet-config.sh dest=/usr/local/bin/pull-run-planet-config.sh
tags: tags:
- planet_server - planet_server
- name: create planet directory
file: path={{ item }} state=directory owner=planet-user group=web mode=0775
with_item:
- /srv/planet/site
- /srv/planet/config
- name: copy the run-planet script - name: copy the run-planet script
copy: src=run-planet.sh dest=srv/planet/config/run-planet copy: src=run-planet.sh dest=srv/planet/config/run-planet
tags: tags:
- planet_server - planet_server
## #
## This is the area where we put in each sub-planets congfigs # base planet.fedoraproject.org planet
## #
- name: create sub-planet for {{ argv }}
- name: create planet directory (people)
file: path={{ item }} state=directory owner=planet-user group=web mode=0775 file: path={{ item }} state=directory owner=planet-user group=web mode=0775
with_item: with_item:
- /srv/planet/site/people/ - /etc/planet/people
- /srv/planet/site/people/css - /srv/planet/site/people
- /srv/planet/site/people/images
- /srv/planet/site/people/images/heads
- /srv/planet/config/people - /srv/planet/config/people
- /srv/planet/config/people/templates
tags:
- planet_people
- name: copy base people config file - name: copy the planet cron job (people)
copy: src=people_base_config dest=/etc/planet/people_base_config copy: src=planet-cron dest=/etc/cron.d/planet-cron
tags: tags:
- planet_people - planet_server
- name: copy over trees to site #
copy: src=sub-planets/people/site/css dest=/srv/planet/site/people/css # design
#
- name: create planet directory (design)
file: path={{ item }} state=directory owner=planet-user group=web mode=0775
with_item:
- /etc/planet/design
- /srv/planet/config/design
- /srv/planet/site/design
- name: copy the planet cron job (design)
copy: src=sub-planets/design/planet-group.cron dest=/etc/cron.d/planet-design.cron
tags: tags:
- planet_people - planet_server
- name: copy the planet fpbulder.conf (design)
copy: src=sub-planets/design/fpbuilder.conf dest=/etc/planet/design/fpbuilder.conf
tags:
- planet_server
- name: copy the cache and templates (design)
copy: src=sub-planets/design/{{ item }} dest=/srv/planet/config/design/{{ item }}
with_item:
- cache
- templates
tags:
- planet_server
- name: copy the css and images (design)
copy: src=sub-planets/design/{{ item }} dest=/srv/planet/site/design/{{ item }}
with_item:
- css
- images
tags:
- planet_server
#
# desktop
#
- name: create planet directory (desktop)
file: path={{ item }} state=directory owner=planet-user group=web mode=0775
with_item:
- /etc/planet/desktop
- /srv/planet/config/desktop
- /srv/planet/site/desktop
- name: copy the planet cron job (desktop)
copy: src=sub-planets/desktop/planet-group.cron dest=/etc/cron.d/planet-desktop.cron
tags:
- planet_server
- name: copy the planet fpbulder.conf (desktop)
copy: src=sub-planets/desktop/fpbuilder.conf dest=/etc/planet/desktop/fpbuilder.conf
tags:
- planet_server
- name: copy the cache and templates (desktop)
copy: src=sub-planets/desktop/{{ item }} dest=/srv/planet/config/desktop/{{ item }}
with_item:
- cache
- templates
tags:
- planet_server
- name: copy the css and images (desktop)
copy: src=sub-planets/desktop/{{ item }} dest=/srv/planet/site/desktop/{{ item }}
with_item:
- css
- images
tags:
- planet_server
#
# edited
#
- name: create planet directory (edited)
file: path={{ item }} state=directory owner=planet-user group=web mode=0775
with_item:
- /etc/planet/edited
- /srv/planet/config/edited
- /srv/planet/site/edited
- name: copy the planet cron job (edited)
copy: src=sub-planets/edited/planet-group.cron dest=/etc/cron.d/planet-edited.cron
tags:
- planet_server
- name: copy the planet fpbulder.conf (edited)
copy: src=sub-planets/edited/fpbuilder.conf dest=/etc/planet/edited/fpbuilder.conf
tags:
- planet_server
- name: copy the cache and templates (edited)
copy: src=sub-planets/edited/{{ item }} dest=/srv/planet/config/edited/{{ item }}
with_item:
- cache
- templates
tags:
- planet_server
- name: copy the css and images (edited)
copy: src=sub-planets/edited/{{ item }} dest=/srv/planet/site/edited/{{ item }}
with_item:
- css
- images
tags:
- planet_server
#
# people
#
- name: create planet directory (people)
file: path={{ item }} state=directory owner=planet-user group=web mode=0775
with_item:
- /etc/planet/people
- /srv/planet/config/people
- /srv/planet/site/people
- name: copy the planet cron job (people)
copy: src=sub-planets/people/planet-group.cron dest=/etc/cron.d/planet-people.cron
tags:
- planet_server
- name: copy the planet fpbulder.conf (people)
copy: src=sub-planets/people/fpbuilder.conf dest=/etc/planet/people/fpbuilder.conf
tags:
- planet_server
- name: copy the cache and templates (people)
copy: src=sub-planets/people/{{ item }} dest=/srv/planet/config/people/{{ item }}
with_item:
- cache
- templates
tags:
- planet_server
- name: copy the css and images (people)
copy: src=sub-planets/people/{{ item }} dest=/srv/planet/site/people/{{ item }}
with_item:
- css
- images
tags:
- planet_server
#
# security
#
- name: create planet directory (security)
file: path={{ item }} state=directory owner=planet-user group=web mode=0775
with_item:
- /etc/planet/security
- /srv/planet/config/security
- /srv/planet/site/security
- name: copy the planet cron job (security)
copy: src=sub-planets/security/planet-group.cron dest=/etc/cron.d/planet-security.cron
tags:
- planet_server
- name: copy the planet fpbulder.conf (security)
copy: src=sub-planets/security/fpbuilder.conf dest=/etc/planet/security/fpbuilder.conf
tags:
- planet_server
- name: copy the cache and templates (security)
copy: src=sub-planets/security/{{ item }} dest=/srv/planet/config/security/{{ item }}
with_item:
- cache
- templates
tags:
- planet_server
- name: copy the css and images (security)
copy: src=sub-planets/security/{{ item }} dest=/srv/planet/site/security/{{ item }}
with_item:
- css
- images
tags:
- planet_server
#
# summer-coding
#
- name: create planet directory (summer-coding)
file: path={{ item }} state=directory owner=planet-user group=web mode=0775
with_item:
- /etc/planet/summer-coding
- /srv/planet/config/summer-coding
- /srv/planet/site/summer-coding
- name: copy the planet cron job (summer-coding)
copy: src=sub-planets/summer-coding/planet-group.cron dest=/etc/cron.d/planet-summer-coding.cron
tags:
- planet_server
- name: copy the planet fpbulder.conf (summer-coding)
copy: src=sub-planets/summer-coding/fpbuilder.conf dest=/etc/planet/summer-coding/fpbuilder.conf
tags:
- planet_server
- name: copy the cache and templates (summer-coding)
copy: src=sub-planets/summer-coding/{{ item }} dest=/srv/planet/config/summer-coding/{{ item }}
with_item:
- cache
- templates
tags:
- planet_server
- name: copy the css and images (summer-coding)
copy: src=sub-planets/summer-coding/{{ item }} dest=/srv/planet/site/summer-coding/{{ item }}
with_item:
- css
- images
tags:
- planet_server