b3d6a90b9a
migrated notes from infra/hosts motd changes; excluding CSI infos removed csi_* vars from group_vars; converted csi_purpose & csi_relationship into notes fixed merge conflicts minor changes; var updating YAMLs & playbooks udpated YAMLs & playbooks again updated correctly; buildhw.yml fixing merge conflicts dest added in motd.yml
102 lines
2.9 KiB
YAML
102 lines
2.9 KiB
YAML
# create an osbs server
|
|
---
|
|
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
|
|
vars:
|
|
myhosts: "oci_registry:oci_registry_stg"
|
|
|
|
- name: Make the box be real
|
|
hosts: oci_registry:oci_registry_stg
|
|
user: root
|
|
gather_facts: true
|
|
|
|
vars_files:
|
|
- /srv/web/infra/ansible/vars/global.yml
|
|
- "/srv/private/ansible/vars.yml"
|
|
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
|
|
|
roles:
|
|
- base
|
|
- rkhunter
|
|
- nagios_client
|
|
- zabbix/zabbix_agent
|
|
- hosts
|
|
- { role: openvpn/client,
|
|
when: env != "staging" }
|
|
- ipa/client
|
|
- collectd/base
|
|
- rsyncd
|
|
- sudo
|
|
- role: nfs/client
|
|
mnt_dir: '/srv/registry'
|
|
nfs_src_dir: "oci_registry"
|
|
when: inventory_hostname.startswith(('oci-registry01.iad2', 'oci-registry02.iad2'))
|
|
|
|
- role: nfs/client
|
|
mnt_dir: '/srv/registry'
|
|
nfs_src_dir: "oci_candidate_registry"
|
|
when: inventory_hostname.startswith(('oci-candidate-registry01.iad2'))
|
|
|
|
pre_tasks:
|
|
- name: Create /srv/registry on staging since it does not use NFS
|
|
ansible.builtin.file:
|
|
path: /srv/registry
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: "0755"
|
|
when: "env == 'staging'"
|
|
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
|
|
|
|
handlers:
|
|
- import_tasks: "{{ handlers_path }}/restart_services.yml"
|
|
|
|
- name: Setup docker distribution registry
|
|
hosts: oci_registry:oci_registry_stg
|
|
vars_files:
|
|
- /srv/web/infra/ansible/vars/global.yml
|
|
- /srv/private/ansible/vars.yml
|
|
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
|
|
|
|
|
# NOTE: tls is disabled for docker-distribution because we are listening only
|
|
# on localhost and all external connections will be through httpd which
|
|
# will be SSL enabled.
|
|
roles:
|
|
- {
|
|
role: docker-distribution,
|
|
conf_path: "/etc/docker-distribution/registry/config.yml",
|
|
tls: {
|
|
enabled: false,
|
|
},
|
|
log: {
|
|
fields: {
|
|
service: "registry"
|
|
}
|
|
},
|
|
storage: {
|
|
filesystem: {
|
|
rootdirectory: "/srv/registry"
|
|
}
|
|
},
|
|
http: {
|
|
addr: ":5000"
|
|
}
|
|
}
|
|
|
|
# Setup compose-x86-01 push docker images to registry
|
|
- {
|
|
role: login-registry,
|
|
candidate_registry: "candidate-registry.stg.fedoraproject.org",
|
|
candidate_registry_osbs_username: "{{candidate_registry_osbs_stg_username}}",
|
|
candidate_registry_osbs_password: "{{candidate_registry_osbs_stg_password}}",
|
|
when: env == "staging",
|
|
delegate_to: "compose-x86-01.{{ datacenter }}.fedoraproject.org"
|
|
}
|
|
- {
|
|
role: login-registry,
|
|
candidate_registry: "candidate-registry.fedoraproject.org",
|
|
candidate_registry_osbs_username: "{{candidate_registry_osbs_prod_username}}",
|
|
candidate_registry_osbs_password: "{{candidate_registry_osbs_prod_password}}",
|
|
when: env == "production",
|
|
delegate_to: "compose-x86-01.{{ datacenter }}.fedoraproject.org"
|
|
}
|