2d4ec8d259
This is so hosts on the Fedora VPN are able to talk to IPA before they try to enroll. Signed-off-by: Nils Philippsen <nils@redhat.com>
108 lines
2.7 KiB
YAML
108 lines
2.7 KiB
YAML
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=mm:mm_stg"
|
|
|
|
- name: make the boxe be real for real
|
|
hosts: mm:mm_stg
|
|
user: root
|
|
gather_facts: True
|
|
|
|
vars_files:
|
|
- /srv/web/infra/ansible/vars/global.yml
|
|
- "/srv/private/ansible/vars.yml"
|
|
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
|
|
|
roles:
|
|
- base
|
|
- rkhunter
|
|
- nagios_client
|
|
- hosts
|
|
- { role: openvpn/client, when: env != "staging" and inventory_hostname.startswith('mm-frontend') }
|
|
- ipa/client
|
|
- sudo
|
|
- collectd/base
|
|
- { role: nfs/client, when: inventory_hostname.startswith('mm-backend01'), mnt_dir: '/srv/pub', nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' }
|
|
|
|
pre_tasks:
|
|
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
|
|
|
|
tasks:
|
|
- import_tasks: "{{ tasks_path }}/motd.yml"
|
|
|
|
handlers:
|
|
- import_tasks: "{{ handlers_path }}/restart_services.yml"
|
|
|
|
- name: Deploy the backend
|
|
hosts: mm_backend:mm_backend_stg
|
|
user: root
|
|
gather_facts: True
|
|
|
|
vars_files:
|
|
- /srv/web/infra/ansible/vars/global.yml
|
|
- "/srv/private/ansible/vars.yml"
|
|
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
|
|
|
pre_tasks:
|
|
- include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README
|
|
|
|
roles:
|
|
- mirrormanager/backend
|
|
- s3-mirror
|
|
- geoip
|
|
|
|
handlers:
|
|
- import_tasks: "{{ handlers_path }}/restart_services.yml"
|
|
|
|
- name: Deploy the crawler
|
|
hosts: mm_crawler:mm_crawler_stg
|
|
user: root
|
|
gather_facts: True
|
|
|
|
vars_files:
|
|
- /srv/web/infra/ansible/vars/global.yml
|
|
- "/srv/private/ansible/vars.yml"
|
|
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
|
|
|
roles:
|
|
- mirrormanager/crawler
|
|
- { role: rsyncd,
|
|
when: env != "staging" }
|
|
- { role: openvpn/client, when: datacenter != "iad2" }
|
|
|
|
handlers:
|
|
- import_tasks: "{{ handlers_path }}/restart_services.yml"
|
|
|
|
- name: Deploy the frontend (web-app)
|
|
hosts: mm_frontend:mm_frontend_stg
|
|
user: root
|
|
gather_facts: True
|
|
|
|
vars_files:
|
|
- /srv/web/infra/ansible/vars/global.yml
|
|
- "/srv/private/ansible/vars.yml"
|
|
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
|
|
|
roles:
|
|
- mirrormanager/frontend2
|
|
|
|
handlers:
|
|
- import_tasks: "{{ handlers_path }}/restart_services.yml"
|
|
|
|
# Do this one last, since the mirrormanager user needs to exist so that it can
|
|
# own the fedmsg certs we put in place here.
|
|
- name: Put fedmsg stuff in place
|
|
hosts: mm:mm_stg
|
|
user: root
|
|
gather_facts: True
|
|
|
|
vars_files:
|
|
- /srv/web/infra/ansible/vars/global.yml
|
|
- "/srv/private/ansible/vars.yml"
|
|
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
|
|
|
roles:
|
|
- role: fedmsg/base
|
|
# Set up for fedora-messaging
|
|
- { role: rabbit/user,
|
|
username: "mirrormanager{{ env_suffix }}"}
|
|
|
|
handlers:
|
|
- import_tasks: "{{ handlers_path }}/restart_services.yml"
|