clean up iptables in base to not apply to cloud compute/master, osbs or os

inventory/group_vars/all

@@ -266,4 +266,6 @@ nagios_Check_Services:
   dhcpd: false
   httpd: false
 
-
+# Set variable if we want to use our global iptables defaults
+# Some things need to set their own.
+baseiptables: True

inventory/group_vars/openstack-compute

@@ -3,3 +3,4 @@ host_group: openstack-compute
 nrpe_procs_warn: 1100
 nrpe_procs_crit: 1200
 ansible_ifcfg_blacklist: true 
+baseiptables: False

inventory/group_vars/os

@@ -1,2 +1,3 @@
 ---
 host_group: os
+baseiptables: False

inventory/group_vars/os-stg

@@ -0,0 +1,3 @@
+---
+host_group: os
+baseiptables: False

inventory/group_vars/osbs

@@ -19,3 +19,5 @@ osbs_koji_username: "kojibuilder"
 koji_url: "koji.fedoraproject.org"
 
 osbs_client_conf_path: /etc/osbs.conf
+
+baseiptables: False

inventory/group_vars/osbs-stg

@@ -0,0 +1,2 @@
+---
+baseiptables: False

inventory/host_vars/fed-cloud09.cloud.fedoraproject.org

@@ -8,3 +8,5 @@ ansible_ifcfg_blacklist: true
 nagios_Check_Services:
   nrpe: true
   sshd: true
+
+baseiptables: False

inventory/inventory

@@ -1330,6 +1330,16 @@ osbs-master01.stg.phx2.fedoraproject.org
 osbs-node01.stg.phx2.fedoraproject.org
 osbs-node02.stg.phx2.fedoraproject.org
 
+[osbs:children]
+osbs-control
+osbs-nodes
+osbs-masters
+
+[osbs-stg:children]
+osbs-control-stg
+osbs-nodes-stg
+osbs-masters-stg
+
 [os-control-stg]
 os-control01.stg.phx2.fedoraproject.org
 
@@ -1342,7 +1352,7 @@ os-master03.stg.phx2.fedoraproject.org
 os-node01.stg.phx2.fedoraproject.org
 os-node02.stg.phx2.fedoraproject.org
 
-[os:children]
+[os-stg:children]
 os-nodes-stg
 os-masters-stg
 os-control-stg

master.yml

@@ -33,6 +33,7 @@
 - include: /srv/web/infra/ansible/playbooks/groups/buildvm.yml
 - include: /srv/web/infra/ansible/playbooks/groups/bugyou.yml
 - include: /srv/web/infra/ansible/playbooks/groups/busgateway.yml
+- include: /srv/web/infra/ansible/playbooks/groups/ci.yml
 - include: /srv/web/infra/ansible/playbooks/groups/copr-backend.yml
 - include: /srv/web/infra/ansible/playbooks/groups/copr-dist-git.yml
 - include: /srv/web/infra/ansible/playbooks/groups/copr-frontend.yml
@@ -143,11 +144,11 @@
 - include: /srv/web/infra/ansible/playbooks/hosts/insim.fedorainfracloud.org.yml
 - include: /srv/web/infra/ansible/playbooks/hosts/lists-dev.fedorainfracloud.org.yml
 - include: /srv/web/infra/ansible/playbooks/hosts/kolinahr.fedorainfracloud.org.yml
-- include: /srv/web/infra/ansible/playbooks/hosts/magazine.fedorainfracloud.org.yml
+- include: /srv/web/infra/ansible/playbooks/hosts/magazine2.fedorainfracloud.org.yml
 - include: /srv/web/infra/ansible/playbooks/hosts/modernpaste.fedorainfracloud.org.yml
 - include: /srv/web/infra/ansible/playbooks/hosts/modularity.fedorainfracloud.org.yml
 - include: /srv/web/infra/ansible/playbooks/hosts/piwik.fedorainfracloud.org.yml
-#- include: /srv/web/infra/ansible/playbooks/hosts/regcfp.fedorainfracloud.org.yml
+#- include: /srv/web/infra/ansible/playbooks/hosts/regcfp2.fedorainfracloud.org.yml
 - include: /srv/web/infra/ansible/playbooks/hosts/respins.fedorainfracloud.org.yml
 - include: /srv/web/infra/ansible/playbooks/hosts/shogun-ca.cloud.fedoraproject.org.yml
 - include: /srv/web/infra/ansible/playbooks/hosts/shumgrepper-dev.fedorainfracloud.org.yml

playbooks/hosts/magazine.fedorainfracloud.org.yml

@@ -1,55 +0,0 @@
-- name: check/create instance
-  hosts: magazine.fedorainfracloud.org
-  gather_facts: False
-
-  vars_files:
-   - /srv/web/infra/ansible/vars/global.yml
-   - /srv/private/ansible/vars.yml
-   - /srv/web/infra/ansible/vars/fedora-cloud.yml
-   - /srv/private/ansible/files/openstack/passwords.yml
-
-  tasks:
-  - include: "{{ tasks_path }}/persistent_cloud.yml"
-
-- name: setup all the things
-  hosts: magazine.fedorainfracloud.org
-  gather_facts: True
-  vars_files:
-   - /srv/web/infra/ansible/vars/global.yml
-   - /srv/private/ansible/vars.yml
-   - /srv/private/ansible/files/openstack/passwords.yml
-   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
-
-  pre_tasks:
-  - include: "{{ tasks_path }}/cloud_setup_basic.yml"
-  - name: set hostname (required by some services, at least postfix need it)
-    hostname: name="{{inventory_hostname}}"
-
-  tasks:
-  - name: add packages
-    yum: state=present name={{ item }}
-    with_items:
-    - httpd
-    - php
-    - php-mysql
-    - mariadb-server
-    - mariadb
-    - mod_ssl
-    - php-mcrypt
-    - php-mbstring
-    - wget
-    - unzip
-    - postfix
-
-  - name: enable httpd service
-    service: name=httpd enabled=yes state=started
-
-  - name: configure postfix for ipv4 only
-    raw: postconf -e inet_protocols=ipv4
-
-  - name: enable local postfix service
-    service: name=postfix enabled=yes state=started
-
-  roles:
-  - nagios_client
-  - mariadb_server

roles/base/tasks/main.yml

@@ -233,7 +233,7 @@
    - iptables/iptables.{{ host_group }}
    - iptables/iptables.{{ env }}
    - iptables/iptables
-  when: not inventory_hostname.startswith(('fed-cloud','osbs'))
+  when: baseiptables is true
   notify:
   - restart iptables
   - reload libvirtd
@@ -248,6 +248,7 @@
   - iptables
   - service
   - base
+  when: baseiptables is true
 
 - name: ip6tables
   template: src={{ item }} dest=/etc/sysconfig/ip6tables mode=0600 backup=yes
@@ -257,7 +258,7 @@
    - iptables/ip6tables.{{ host_group }}
    - iptables/ip6tables.{{ env }}
    - iptables/ip6tables
-  when: not inventory_hostname.startswith('fed-cloud09')
+  when: baseiptables is true
   notify:
   - restart ip6tables
   - reload libvirtd
@@ -272,6 +273,7 @@
   - ip6tables
   - service
   - base
+  when: baseiptables is true
 
 - name: enable journald persistence
   file: path=/var/log/journal state=directory