Merge branch 'master' of ssh://pagure.io/fedora-infra/ansible
This commit is contained in:
Stephen Smoogen
commit
e83de19d86
5 changed files with 25 additions and 22 deletions
|
|
@ -15,5 +15,6 @@ fas_client_groups: sysadmin-main,sysadmin-accounts
|
||||||
nrpe_procs_warn: 300
|
nrpe_procs_warn: 300
|
||||||
nrpe_procs_crit: 500
|
nrpe_procs_crit: 500
|
||||||
|
|
||||||
|
ipa_initial: false
|
||||||
ipa_dm_password: "{{ ipa_prod_dm_password }}"
|
ipa_dm_password: "{{ ipa_prod_dm_password }}"
|
||||||
ipa_ldap_socket: ldapi://%2fvar%2frun%2fslapd-FEDORAPROJECT-ORG.socket
|
ipa_ldap_socket: ldapi://%2fvar%2frun%2fslapd-FEDORAPROJECT-ORG.socket
|
||||||
|
|
|
||||||
|
|
@ -8,3 +8,4 @@ volgroup: /dev/vg_guests00
|
||||||
eth0_ip: 10.5.126.162
|
eth0_ip: 10.5.126.162
|
||||||
vmhost: virthost15.phx2.fedoraproject.org
|
vmhost: virthost15.phx2.fedoraproject.org
|
||||||
datacenter: phx2
|
datacenter: phx2
|
||||||
|
ipa_initial: true
|
||||||
|
|
|
||||||
|
|
@ -8,3 +8,4 @@ volgroup: /dev/vg_guests
|
||||||
eth0_ip: 10.5.128.136
|
eth0_ip: 10.5.128.136
|
||||||
vmhost: virthost04.stg.phx2.fedoraproject.org
|
vmhost: virthost04.stg.phx2.fedoraproject.org
|
||||||
datacenter: phx2
|
datacenter: phx2
|
||||||
|
ipa_initial: true
|
||||||
|
|
|
||||||
|
|
@ -173,6 +173,7 @@
|
||||||
|
|
||||||
- name: install the DistGit related httpd config
|
- name: install the DistGit related httpd config
|
||||||
copy: src=git-smart-http.conf dest=/etc/httpd/conf.d/dist-git/git-smart-http.conf
|
copy: src=git-smart-http.conf dest=/etc/httpd/conf.d/dist-git/git-smart-http.conf
|
||||||
|
when: env != "staging"
|
||||||
notify:
|
notify:
|
||||||
- reload httpd
|
- reload httpd
|
||||||
tags:
|
tags:
|
||||||
|
|
@ -180,6 +181,7 @@
|
||||||
|
|
||||||
- name: Symlink pkgs-git-repos-list
|
- name: Symlink pkgs-git-repos-list
|
||||||
copy: src=repolist.conf dest=/etc/httpd/conf.d/dist-git/repolist.conf
|
copy: src=repolist.conf dest=/etc/httpd/conf.d/dist-git/repolist.conf
|
||||||
|
when: env != "staging"
|
||||||
notify:
|
notify:
|
||||||
- reload httpd
|
- reload httpd
|
||||||
tags:
|
tags:
|
||||||
|
|
|
||||||
|
|
@ -38,7 +38,7 @@
|
||||||
tags:
|
tags:
|
||||||
- ipa/server
|
- ipa/server
|
||||||
- config
|
- config
|
||||||
when: inventory_hostname.startswith("ipa01")
|
when: ipa_initial
|
||||||
|
|
||||||
- name: install IPA vault
|
- name: install IPA vault
|
||||||
command: ipa-kra-install
|
command: ipa-kra-install
|
||||||
|
|
@ -49,7 +49,7 @@
|
||||||
tags:
|
tags:
|
||||||
- ipa/server
|
- ipa/server
|
||||||
- config
|
- config
|
||||||
when: inventory_hostname.startswith("ipa01")
|
when: ipa_initial
|
||||||
|
|
||||||
- name: determine whether we need to set up replication
|
- name: determine whether we need to set up replication
|
||||||
stat: path=/etc/ipa/default.conf
|
stat: path=/etc/ipa/default.conf
|
||||||
|
|
@ -57,31 +57,29 @@
|
||||||
tags:
|
tags:
|
||||||
- ipa/server
|
- ipa/server
|
||||||
- config
|
- config
|
||||||
when: not inventory_hostname.startswith("ipa01")
|
when: not ipa_initial
|
||||||
|
|
||||||
- name: create replica file
|
- name: create replica file
|
||||||
delegate_to: ipa01.{{ item }}.fedoraproject.org
|
delegate_to: ipa01.phx2.fedoraproject.org
|
||||||
command: ipa-replica-prepare
|
command: ipa-replica-prepare
|
||||||
--password={{ipa_dm_password}}
|
--password={{ipa_dm_password}}
|
||||||
--ip-address={{eth0_ip}}
|
--ip-address={{eth0_ip}}
|
||||||
{{inventory_hostname}}
|
{{inventory_hostname}}
|
||||||
creates=/var/lib/ipa/replica-info-{{inventory_hostname}}.gpg
|
creates=/var/lib/ipa/replica-info-{{inventory_hostname}}.gpg
|
||||||
with_items: "{{ datacenter }}"
|
|
||||||
tags:
|
tags:
|
||||||
- ipa/server
|
- ipa/server
|
||||||
- config
|
- config
|
||||||
when: not inventory_hostname.startswith("ipa01") and not replication_status.stat.exists
|
when: not ipa_initial and not replication_status.stat.exists
|
||||||
|
|
||||||
- name: retrieve replica file
|
- name: retrieve replica file
|
||||||
delegate_to: ipa01.{{ item }}.fedoraproject.org
|
delegate_to: ipa01.phx2.fedoraproject.org
|
||||||
with_items: "{{ datacenter }}"
|
|
||||||
fetch: src=/var/lib/ipa/replica-info-{{inventory_hostname}}.gpg
|
fetch: src=/var/lib/ipa/replica-info-{{inventory_hostname}}.gpg
|
||||||
dest=/tmp/ipa_replica_{{inventory_hostname}}.gpg
|
dest=/tmp/ipa_replica_{{inventory_hostname}}.gpg
|
||||||
flat=yes
|
flat=yes
|
||||||
tags:
|
tags:
|
||||||
- ipa/server
|
- ipa/server
|
||||||
- config
|
- config
|
||||||
when: not inventory_hostname.startswith("ipa01") and not replication_status.stat.exists
|
when: not ipa_initial and not replication_status.stat.exists
|
||||||
|
|
||||||
- name: deploy replica file
|
- name: deploy replica file
|
||||||
copy: src=/tmp/ipa_replica_{{inventory_hostname}}.gpg
|
copy: src=/tmp/ipa_replica_{{inventory_hostname}}.gpg
|
||||||
|
|
@ -90,7 +88,7 @@
|
||||||
tags:
|
tags:
|
||||||
- ipa/server
|
- ipa/server
|
||||||
- config
|
- config
|
||||||
when: not inventory_hostname.startswith("ipa01") and not replication_status.stat.exists
|
when: not ipa_initial and not replication_status.stat.exists
|
||||||
|
|
||||||
- name: destroy replica file on ansible host
|
- name: destroy replica file on ansible host
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
|
|
@ -98,7 +96,7 @@
|
||||||
tags:
|
tags:
|
||||||
- ipa/server
|
- ipa/server
|
||||||
- config
|
- config
|
||||||
when: not inventory_hostname.startswith("ipa01") and not replication_status.stat.exists
|
when: not ipa_initial and not replication_status.stat.exists
|
||||||
|
|
||||||
- name: deploy replica
|
- name: deploy replica
|
||||||
command: ipa-replica-install
|
command: ipa-replica-install
|
||||||
|
|
@ -121,7 +119,7 @@
|
||||||
tags:
|
tags:
|
||||||
- ipa/server
|
- ipa/server
|
||||||
- config
|
- config
|
||||||
when: not inventory_hostname.startswith("ipa01") and not replication_status.stat.exists
|
when: not ipa_initial and not replication_status.stat.exists
|
||||||
|
|
||||||
- name: Disable rewrites
|
- name: Disable rewrites
|
||||||
copy: src=ipa-rewrite.conf dest=/etc/httpd/conf.d/ipa-rewrite.conf
|
copy: src=ipa-rewrite.conf dest=/etc/httpd/conf.d/ipa-rewrite.conf
|
||||||
|
|
@ -137,14 +135,14 @@
|
||||||
tags:
|
tags:
|
||||||
- ipa/server
|
- ipa/server
|
||||||
- config
|
- config
|
||||||
when: inventory_hostname.startswith("ipa01")
|
when: ipa_initial
|
||||||
|
|
||||||
- name: Run configuration script
|
- name: Run configuration script
|
||||||
command: /bin/bash /root/configure-ipa.sh {{ipa_admin_password}}
|
command: /bin/bash /root/configure-ipa.sh {{ipa_admin_password}}
|
||||||
tags:
|
tags:
|
||||||
- ipa/server
|
- ipa/server
|
||||||
- config
|
- config
|
||||||
when: inventory_hostname.startswith("ipa01") and config_deployed.changed
|
when: ipa_initial and config_deployed.changed
|
||||||
|
|
||||||
- name: Get admin ticket
|
- name: Get admin ticket
|
||||||
shell: echo "{{ipa_admin_password}}" | kinit admin
|
shell: echo "{{ipa_admin_password}}" | kinit admin
|
||||||
|
|
@ -153,14 +151,14 @@
|
||||||
- keytab
|
- keytab
|
||||||
- config
|
- config
|
||||||
- krb5
|
- krb5
|
||||||
when: inventory_hostname.startswith("ipa01")
|
when: ipa_initial
|
||||||
|
|
||||||
- name: Create fas_sync user
|
- name: Create fas_sync user
|
||||||
command: ipa user-add fas_sync --first=FAS --last=Sync
|
command: ipa user-add fas_sync --first=FAS --last=Sync
|
||||||
tags:
|
tags:
|
||||||
- ipa/server
|
- ipa/server
|
||||||
- config
|
- config
|
||||||
when: inventory_hostname.startswith("ipa01")
|
when: ipa_initial
|
||||||
register: create_output
|
register: create_output
|
||||||
changed_when: "'already exists' not in create_output.stderr"
|
changed_when: "'already exists' not in create_output.stderr"
|
||||||
failed_when: "'already exists' not in create_output.stderr and create_output.rc != 0"
|
failed_when: "'already exists' not in create_output.stderr and create_output.rc != 0"
|
||||||
|
|
@ -170,7 +168,7 @@
|
||||||
tags:
|
tags:
|
||||||
- ipa/server
|
- ipa/server
|
||||||
- config
|
- config
|
||||||
when: inventory_hostname.startswith("ipa01")
|
when: ipa_initial
|
||||||
register: promote_output
|
register: promote_output
|
||||||
changed_when: "'already a member' not in promote_output.stdout"
|
changed_when: "'already a member' not in promote_output.stdout"
|
||||||
failed_when: "'already a member' not in promote_output.stdout and promote_output.rc != 0"
|
failed_when: "'already a member' not in promote_output.stdout and promote_output.rc != 0"
|
||||||
|
|
@ -180,7 +178,7 @@
|
||||||
tags:
|
tags:
|
||||||
- ipa/server
|
- ipa/server
|
||||||
- config
|
- config
|
||||||
when: inventory_hostname.startswith("ipa01")
|
when: ipa_initial
|
||||||
register: pwpolicy_output
|
register: pwpolicy_output
|
||||||
changed_when: "'no modifications to be performed' not in pwpolicy_output.stderr"
|
changed_when: "'no modifications to be performed' not in pwpolicy_output.stderr"
|
||||||
failed_when: "'no modifications to be performed' not in pwpolicy_output.stderr and pwpolicy_output.rc != 0"
|
failed_when: "'no modifications to be performed' not in pwpolicy_output.stderr and pwpolicy_output.rc != 0"
|
||||||
|
|
@ -192,7 +190,7 @@
|
||||||
- keytab
|
- keytab
|
||||||
- config
|
- config
|
||||||
- krb5
|
- krb5
|
||||||
when: inventory_hostname.startswith("ipa01")
|
when: ipa_initial
|
||||||
|
|
||||||
- name: Create LDIF directory
|
- name: Create LDIF directory
|
||||||
file: path=/root/ldif state=directory owner=root group=root mode=0750
|
file: path=/root/ldif state=directory owner=root group=root mode=0750
|
||||||
|
|
@ -216,7 +214,7 @@
|
||||||
with_items:
|
with_items:
|
||||||
- grant_fas_sync
|
- grant_fas_sync
|
||||||
- use_id_fp_o
|
- use_id_fp_o
|
||||||
when: inventory_hostname.startswith("ipa01")
|
when: ipa_initial
|
||||||
tags:
|
tags:
|
||||||
- ipa/server
|
- ipa/server
|
||||||
- config
|
- config
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue