Review ansible SOP

Signed-off-by: Michal Konečný <mkonecny@redhat.com>

modules/sysadmin_guide/nav.adoc

@@ -3,7 +3,7 @@
 ** xref:2-factor.adoc[Two factor auth]
 ** xref:accountdeletion.adoc[Account Deletion SOP]
 ** xref:anitya.adoc[Anitya Infrastructure SOP]
-** xref:ansible.adoc[ansible - SOP in review ]
+** xref:ansible.adoc[ansible - SOP]
 ** xref:apps-fp-o.adoc[apps-fp-o - SOP in review ]
 ** xref:archive-old-fedora.adoc[archive-old-fedora - SOP in review ]
 ** xref:arm.adoc[arm - SOP in review ]

modules/sysadmin_guide/pages/ansible.adoc

@@ -28,83 +28,85 @@ some other groups to run playbooks against specific hosts.
 There are 2 git repositories associated with Ansible:
 
 * The Fedora Infrastructure Ansible repository and replicas.
-+
+
 [CAUTION]
-.Caution
 ====
 This is a public repository. Never commit private data to this repo.
 ====
-+
+
 image:ansible-repositories.png[image]
-+
+
 This repository exists as several copies or replicas:
+
 ** The "upstream" repository on Pagure.
-+
+
 https://pagure.io/fedora-infra/ansible
-+
+
 This repository is the public facing place where people can contribute
 (e.g. pull requests) as well as the authoritative source. Members of the
 `sysadmin` FAS group or the `fedora-infra` Pagure group have commit
 access to this repository.
-+
+
 To contribute changes, fork the repository on Pagure and submit a Pull
 Request. Someone from the aforementioned groups can then review and
 merge them.
-+
+
 It is recommended that you configure git to use `pull --rebase` by
 default by running `git config --bool pull.rebase true` in your ansible
 clone directory. This configuration prevents unneeded merges which can
 occur if someone else pushes changes to the remote repository while you
 are working on your own local changes.
-** Two bare mirrors on [.title-ref]#batcave01#, `/srv/git/ansible.git`
+
+** Two bare mirrors on _batcave01_, `/srv/git/ansible.git`
 and `/srv/git/mirrors/ansible.git`
-+
+
 [CAUTION]
-.Caution
 ====
 These are public repositories. Never commit private data to these
 repositories. Don't commit or push to these repos directly, unless
 Pagure is unavailable.
 ====
-+
+
-The `mirror_pagure_ansible` service on [.title-ref]#batcave01# receives
+The `mirror_pagure_ansible` service on _batcave01_ receives
 bus messages about changes in the repository on Pagure, fetches these
 into `/srv/git/mirrors/ansible.git` and pushes from there to
 `/srv/git/ansible.git`. When this happens, various actions are triggered
 via git hooks:
+
 *** The working copy at `/srv/web/infra/ansible` is updated.
-*** A mail about the changes is sent to [.title-ref]#sysadmin-members#.
+
+*** A mail about the changes is sent to _sysadmin-members_.
+
 *** The changes are announced on the message bus, which in turn triggers
 announcements on IRC.
-+
+
-You can check out the repo locally on [.title-ref]#batcave01# with:
+You can check out the repo locally on _batcave01_ with:
-+
+
 ....
 git clone /srv/git/ansible.git
 ....
-+
+
 If the Ansible repository on Pagure is unavailable, members of the
-[.title-ref]#sysadmin# group may commit directly, provided this
+_sysadmin_ group may commit directly, provided this
 procedure is followed:
 [arabic]
 . The synchronization service is stopped and disabled:
-+
+
 ....
 sudo systemctl disable --now mirror_pagure_ansible.service
 ....
-. Changes are applied to the repository on [.title-ref]#batcave01#.
+. Changes are applied to the repository on _batcave01_.
 . After Pagure is available again, the changes are pushed to the
 repository there.
 . The synchronization service is enabled and started:
-+
+
 ....
 sudo systemctl enable --now mirror_pagure_ansible.service
 ....
-** `/srv/web/infra/ansible` on [.title-ref]#batcave01#, the working copy
+** `/srv/web/infra/ansible` on _batcave01_, the working copy
 from which playbooks are run.
-+
+
 [CAUTION]
-.Caution
 ====
 This is a public repository. Never commit private data to this repo.
 Don't commit or push to this repo directly, unless Pagure is
@@ -113,26 +115,21 @@ unavailable.
 +
 You can access it also via a cgit web interface at:
 https://pagure.io/fedora-infra/ansible/
-+
-[verse]
---
 
---
+* `/srv/git/ansible-private` on _batcave01_.
-* `/srv/git/ansible-private` on [.title-ref]#batcave01#.
+
-+
 [CAUTION]
-.Caution
 ====
 This is a private repository for passwords and other sensitive data. It
 is not available in cgit, nor should it be cloned or copied remotely.
 ====
-+
+
 This repository is only accessible to members of 'sysadmin-main'.
 
 === Cron job/scheduled runs
 
 With use of run_ansible-playbook_cron.py that is run daily via cron we
-walk through playbooks and run them with [.title-ref]#--check --diff#
+walk through playbooks and run them with _--check --diff_
 params to perform a dry-run.
 
 This way we make sure all the playbooks are idempotent and there is no
@@ -149,7 +146,7 @@ when and what commands and playbooks were run.
 
 === role based access control for playbooks
 
-There's a wrapper script on batcave01 called 'rbac-playbook' that allows
+There's a wrapper script on _batcave01_ called 'rbac-playbook' that allows
 non sysadmin-main members to run specific playbooks against specific
 groups of hosts. This is part of the ansible_utils package. The upstream
 for ansible_utils is: https://bitbucket.org/tflink/ansible_utils