inventory: create a certgetter01.stg instance and use it in stg
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
parent
14f05eb02f
commit
2d8bf791cd
6 changed files with 40 additions and 11 deletions
|
@ -419,7 +419,3 @@ sshd_sftp: false
|
||||||
# Autodetect python version
|
# Autodetect python version
|
||||||
#
|
#
|
||||||
ansible_python_interpreter: auto
|
ansible_python_interpreter: auto
|
||||||
#
|
|
||||||
# datacenter with active certbot in it
|
|
||||||
#
|
|
||||||
certgetter_datacenter: iad2
|
|
||||||
|
|
15
inventory/group_vars/certgetter_stg
Normal file
15
inventory/group_vars/certgetter_stg
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
---
|
||||||
|
# Define resources for this group of hosts here.
|
||||||
|
lvm_size: 20000
|
||||||
|
mem_size: 2048
|
||||||
|
num_cpus: 2
|
||||||
|
|
||||||
|
# for systems that do not match the above - specify the same parameter in
|
||||||
|
# the host_vars/$hostname file
|
||||||
|
|
||||||
|
tcp_ports: [ 80, 443 ]
|
||||||
|
|
||||||
|
# Neeed for rsync from log01 for logs.
|
||||||
|
custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
|
||||||
|
|
||||||
|
fas_client_groups: sysadmin-main
|
13
inventory/host_vars/certgetter01.stg.iad2.fedoraproject.org
Normal file
13
inventory/host_vars/certgetter01.stg.iad2.fedoraproject.org
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
nm: 255.255.255.0
|
||||||
|
gw: 10.3.166.254
|
||||||
|
dns: 10.3.163.33
|
||||||
|
|
||||||
|
ks_url: http://10.3.163.35/repo/rhel/ks/kvm-fedora-32-iad2
|
||||||
|
ks_repo: http://10.3.163.35/pub/fedora/linux/releases/32/Server/x86_64/os/
|
||||||
|
|
||||||
|
volgroup: /dev/vg_guests
|
||||||
|
eth0_ip: 10.3.166.22
|
||||||
|
vmhost: vmhost-x86-01.stg.iad2.fedoraproject.org
|
||||||
|
datacenter: iad2
|
||||||
|
mem_size: 4096
|
|
@ -35,6 +35,9 @@ retrace_stg_aws
|
||||||
[certgetter]
|
[certgetter]
|
||||||
certgetter01.iad2.fedoraproject.org
|
certgetter01.iad2.fedoraproject.org
|
||||||
|
|
||||||
|
[certgetter_stg]
|
||||||
|
certgetter01.stg.iad2.fedoraproject.org
|
||||||
|
|
||||||
[backup]
|
[backup]
|
||||||
backup01.iad2.fedoraproject.org
|
backup01.iad2.fedoraproject.org
|
||||||
|
|
||||||
|
@ -649,6 +652,7 @@ batcave01.iad2.fedoraproject.org
|
||||||
bastion01.iad2.fedoraproject.org
|
bastion01.iad2.fedoraproject.org
|
||||||
bastion02.iad2.fedoraproject.org
|
bastion02.iad2.fedoraproject.org
|
||||||
certgetter01.iad2.fedoraproject.org
|
certgetter01.iad2.fedoraproject.org
|
||||||
|
certgetter01.stg.iad2.fedoraproject.org
|
||||||
log01.iad2.fedoraproject.org
|
log01.iad2.fedoraproject.org
|
||||||
ns01.iad2.fedoraproject.org
|
ns01.iad2.fedoraproject.org
|
||||||
ns02.iad2.fedoraproject.org
|
ns02.iad2.fedoraproject.org
|
||||||
|
@ -1299,6 +1303,7 @@ bvmhost-x86-08.iad2.fedoraproject.org
|
||||||
bvmhost-x86-02.stg.iad2.fedoraproject.org
|
bvmhost-x86-02.stg.iad2.fedoraproject.org
|
||||||
bvmhost-x86-03.stg.iad2.fedoraproject.org
|
bvmhost-x86-03.stg.iad2.fedoraproject.org
|
||||||
certgetter01.iad2.fedoraproject.org
|
certgetter01.iad2.fedoraproject.org
|
||||||
|
certgetter01.stg.iad2.fedoraproject.org
|
||||||
compose-iot01.iad2.fedoraproject.org
|
compose-iot01.iad2.fedoraproject.org
|
||||||
compose-branched01.iad2.fedoraproject.org
|
compose-branched01.iad2.fedoraproject.org
|
||||||
compose-rawhide01.iad2.fedoraproject.org
|
compose-rawhide01.iad2.fedoraproject.org
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=certgetter"
|
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=certgetter:certgetter_stg"
|
||||||
|
|
||||||
- name: make the box be real
|
- name: make the box be real
|
||||||
hosts: certgetter
|
hosts: certgetter:certgetter_stg
|
||||||
user: root
|
user: root
|
||||||
gather_facts: True
|
gather_facts: True
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
- name: Generate (or renew) the certificate
|
- name: Generate (or renew) the certificate
|
||||||
delegate_to: "certgetter01.{{ certgetter_datacenter }}.fedoraproject.org"
|
delegate_to: "certgetter01{{ env_suffix }}.iad2.fedoraproject.org"
|
||||||
command: certbot certonly --expand --keep -n --webroot --webroot-path /var/www/html/ -d {{','.join([site_name] + server_aliases)}}
|
command: certbot certonly --expand --keep -n --webroot --webroot-path /var/www/html/ -d {{','.join([site_name] + server_aliases)}}
|
||||||
run_once: true
|
run_once: true
|
||||||
register: certbot_output
|
register: certbot_output
|
||||||
|
@ -10,7 +10,7 @@
|
||||||
|
|
||||||
# Find the directory to use
|
# Find the directory to use
|
||||||
- name: Get the directory to use
|
- name: Get the directory to use
|
||||||
delegate_to: "certgetter01.{{ certgetter_datacenter }}.fedoraproject.org"
|
delegate_to: "certgetter01{{ env_suffix }}.iad2.fedoraproject.org"
|
||||||
# Sometimes we get directories like site-0001, site-0002, etc. We want the latest
|
# Sometimes we get directories like site-0001, site-0002, etc. We want the latest
|
||||||
shell: "file /etc/letsencrypt/live/{{site_name}}* | tail -1 | sed -e 's/: directory//' | tr -d '\n'"
|
shell: "file /etc/letsencrypt/live/{{site_name}}* | tail -1 | sed -e 's/: directory//' | tr -d '\n'"
|
||||||
register: certbot_dir
|
register: certbot_dir
|
||||||
|
@ -21,7 +21,7 @@
|
||||||
|
|
||||||
# And once we do that, we need to copy some things.
|
# And once we do that, we need to copy some things.
|
||||||
- name: Obtain the certificate
|
- name: Obtain the certificate
|
||||||
delegate_to: "certgetter01.{{ certgetter_datacenter }}.fedoraproject.org"
|
delegate_to: "certgetter01{{ env_suffix }}.iad2.fedoraproject.org"
|
||||||
command: "cat {{certbot_dir.stdout}}/cert.pem"
|
command: "cat {{certbot_dir.stdout}}/cert.pem"
|
||||||
register: certbot_certificate
|
register: certbot_certificate
|
||||||
changed_when: 'false'
|
changed_when: 'false'
|
||||||
|
@ -30,7 +30,7 @@
|
||||||
- letsencrypt
|
- letsencrypt
|
||||||
|
|
||||||
- name: Obtain the intermediate certificate
|
- name: Obtain the intermediate certificate
|
||||||
delegate_to: "certgetter01.{{ certgetter_datacenter }}.fedoraproject.org"
|
delegate_to: "certgetter01{{ env_suffix }}.iad2.fedoraproject.org"
|
||||||
command: cat {{certbot_dir.stdout}}/chain.pem
|
command: cat {{certbot_dir.stdout}}/chain.pem
|
||||||
register: certbot_chain
|
register: certbot_chain
|
||||||
changed_when: 'false'
|
changed_when: 'false'
|
||||||
|
@ -39,7 +39,7 @@
|
||||||
- letsencrypt
|
- letsencrypt
|
||||||
|
|
||||||
- name: Obtain the key
|
- name: Obtain the key
|
||||||
delegate_to: "certgetter01.{{ certgetter_datacenter }}.fedoraproject.org"
|
delegate_to: "certgetter01{{ env_suffix }}.iad2.fedoraproject.org"
|
||||||
command: cat {{certbot_dir.stdout}}/privkey.pem
|
command: cat {{certbot_dir.stdout}}/privkey.pem
|
||||||
register: certbot_key
|
register: certbot_key
|
||||||
changed_when: 'false'
|
changed_when: 'false'
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue