Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

inventory: create a certgetter01.stg instance and use it in stg

Browse source 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi 2020-07-24 15:07:56 -07:00
parent 14f05eb02f
commit 2d8bf791cd
6 changed files with 40 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

4
inventory/group_vars/all
View file

@ -419,7 +419,3 @@ sshd_sftp: false
# Autodetect python version # Autodetect python version
# #
ansible_python_interpreter: auto ansible_python_interpreter: auto
#
# datacenter with active certbot in it
#
certgetter_datacenter: iad2

15
inventory/group_vars/certgetter_stg Normal file
View file

@ -0,0 +1,15 @@
---
# Define resources for this group of hosts here.
lvm_size: 20000
mem_size: 2048
num_cpus: 2
# for systems that do not match the above - specify the same parameter in
# the host_vars/$hostname file
tcp_ports: [ 80, 443 ]
# Neeed for rsync from log01 for logs.
custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
fas_client_groups: sysadmin-main

13
inventory/host_vars/certgetter01.stg.iad2.fedoraproject.org Normal file
View file

@ -0,0 +1,13 @@
---
nm: 255.255.255.0
gw: 10.3.166.254
dns: 10.3.163.33
ks_url: http://10.3.163.35/repo/rhel/ks/kvm-fedora-32-iad2
ks_repo: http://10.3.163.35/pub/fedora/linux/releases/32/Server/x86_64/os/
volgroup: /dev/vg_guests
eth0_ip: 10.3.166.22
vmhost: vmhost-x86-01.stg.iad2.fedoraproject.org
datacenter: iad2
mem_size: 4096

5
inventory/inventory
View file

@ -35,6 +35,9 @@ retrace_stg_aws
[certgetter] [certgetter]
certgetter01.iad2.fedoraproject.org certgetter01.iad2.fedoraproject.org
[certgetter_stg]
certgetter01.stg.iad2.fedoraproject.org
[backup] [backup]
backup01.iad2.fedoraproject.org backup01.iad2.fedoraproject.org
@ -649,6 +652,7 @@ batcave01.iad2.fedoraproject.org
bastion01.iad2.fedoraproject.org bastion01.iad2.fedoraproject.org
bastion02.iad2.fedoraproject.org bastion02.iad2.fedoraproject.org
certgetter01.iad2.fedoraproject.org certgetter01.iad2.fedoraproject.org
certgetter01.stg.iad2.fedoraproject.org
log01.iad2.fedoraproject.org log01.iad2.fedoraproject.org
ns01.iad2.fedoraproject.org ns01.iad2.fedoraproject.org
ns02.iad2.fedoraproject.org ns02.iad2.fedoraproject.org
@ -1299,6 +1303,7 @@ bvmhost-x86-08.iad2.fedoraproject.org
bvmhost-x86-02.stg.iad2.fedoraproject.org bvmhost-x86-02.stg.iad2.fedoraproject.org
bvmhost-x86-03.stg.iad2.fedoraproject.org bvmhost-x86-03.stg.iad2.fedoraproject.org
certgetter01.iad2.fedoraproject.org certgetter01.iad2.fedoraproject.org
certgetter01.stg.iad2.fedoraproject.org
compose-iot01.iad2.fedoraproject.org compose-iot01.iad2.fedoraproject.org
compose-branched01.iad2.fedoraproject.org compose-branched01.iad2.fedoraproject.org
compose-rawhide01.iad2.fedoraproject.org compose-rawhide01.iad2.fedoraproject.org

4
playbooks/groups/certgetter.yml
View file

@ -1,7 +1,7 @@
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=certgetter" - import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=certgetter:certgetter_stg"
- name: make the box be real - name: make the box be real
hosts: certgetter hosts: certgetter:certgetter_stg
user: root user: root
gather_facts: True gather_facts: True

10
roles/letsencrypt/tasks/main.yml
View file

@ -1,5 +1,5 @@
- name: Generate (or renew) the certificate - name: Generate (or renew) the certificate
delegate_to: "certgetter01.{{ certgetter_datacenter }}.fedoraproject.org" delegate_to: "certgetter01{{ env_suffix }}.iad2.fedoraproject.org"
command: certbot certonly --expand --keep -n --webroot --webroot-path /var/www/html/ -d {{','.join([site_name] + server_aliases)}} command: certbot certonly --expand --keep -n --webroot --webroot-path /var/www/html/ -d {{','.join([site_name] + server_aliases)}}
run_once: true run_once: true
register: certbot_output register: certbot_output
@ -10,7 +10,7 @@
# Find the directory to use # Find the directory to use
- name: Get the directory to use - name: Get the directory to use
delegate_to: "certgetter01.{{ certgetter_datacenter }}.fedoraproject.org" delegate_to: "certgetter01{{ env_suffix }}.iad2.fedoraproject.org"
# Sometimes we get directories like site-0001, site-0002, etc. We want the latest # Sometimes we get directories like site-0001, site-0002, etc. We want the latest
shell: "file /etc/letsencrypt/live/{{site_name}}* | tail -1 | sed -e 's/: directory//' | tr -d '\n'" shell: "file /etc/letsencrypt/live/{{site_name}}* | tail -1 | sed -e 's/: directory//' | tr -d '\n'"
register: certbot_dir register: certbot_dir
@ -21,7 +21,7 @@
# And once we do that, we need to copy some things. # And once we do that, we need to copy some things.
- name: Obtain the certificate - name: Obtain the certificate
delegate_to: "certgetter01.{{ certgetter_datacenter }}.fedoraproject.org" delegate_to: "certgetter01{{ env_suffix }}.iad2.fedoraproject.org"
command: "cat {{certbot_dir.stdout}}/cert.pem" command: "cat {{certbot_dir.stdout}}/cert.pem"
register: certbot_certificate register: certbot_certificate
changed_when: 'false' changed_when: 'false'
@ -30,7 +30,7 @@
- letsencrypt - letsencrypt
- name: Obtain the intermediate certificate - name: Obtain the intermediate certificate
delegate_to: "certgetter01.{{ certgetter_datacenter }}.fedoraproject.org" delegate_to: "certgetter01{{ env_suffix }}.iad2.fedoraproject.org"
command: cat {{certbot_dir.stdout}}/chain.pem command: cat {{certbot_dir.stdout}}/chain.pem
register: certbot_chain register: certbot_chain
changed_when: 'false' changed_when: 'false'
@ -39,7 +39,7 @@
- letsencrypt - letsencrypt
- name: Obtain the key - name: Obtain the key
delegate_to: "certgetter01.{{ certgetter_datacenter }}.fedoraproject.org" delegate_to: "certgetter01{{ env_suffix }}.iad2.fedoraproject.org"
command: cat {{certbot_dir.stdout}}/privkey.pem command: cat {{certbot_dir.stdout}}/privkey.pem
register: certbot_key register: certbot_key
changed_when: 'false' changed_when: 'false'