diff --git a/inventory/group_vars/infinote b/inventory/group_vars/infinote new file mode 100644 index 0000000000..08a402ddbb --- /dev/null +++ b/inventory/group_vars/infinote @@ -0,0 +1,35 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 4096 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +custom_rules: [ + # Need for rsync from log01 for logs. + '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', + ] + +tcp_ports: [] + +fas_client_groups: sysadmin-noc,fi-apprentice + +freezes: false + +# For the MOTD +csi_security_category: Low +csi_primary_contact: Fedora admins - admin@fedoraproject.org +csi_purpose: Run the 'infinote' backend for gobby +csi_relationship: | + There are a few things running here: + + - infinote server for gobby + - cgit server to serve gobby content + - web server + + - This host relies on: Nothing + + - Things that rely on this host: Nothing diff --git a/inventory/host_vars/infinote.fedoraproject.org b/inventory/host_vars/infinote.fedoraproject.org new file mode 100644 index 0000000000..b735ec2d13 --- /dev/null +++ b/inventory/host_vars/infinote.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.128 +gw: 140.211.169.193 +dns: 8.8.8.8 + +volgroup: /dev/vg_guests + +eth0_ip: 140.211.169.231 +ansible_ssh_host: infinote.fedoraproject.org + +postfix_group: vpn + +vmhost: osuosl03.fedoraproject.org +datacenter: osuosl diff --git a/inventory/inventory b/inventory/inventory index 871ac54f09..7a81d90394 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -1055,3 +1055,6 @@ twisted-rhel6-1.fedorainfracloud.org twisted-rhel6-2.fedorainfracloud.org twisted-rhel7-1.fedorainfracloud.org twisted-rhel7-2.fedorainfracloud.org + +[infinote] +infinote.fedoraproject.org diff --git a/playbooks/groups/infinote.yml b/playbooks/groups/infinote.yml new file mode 100644 index 0000000000..fb51a7b828 --- /dev/null +++ b/playbooks/groups/infinote.yml @@ -0,0 +1,31 @@ +# create a new infinote server +- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=infinote" + +- name: make the boxen be real for real + hosts: infinote + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - sudo + - collectd/base + - openvpn/client + - infinote + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/roles/infinote/tasks/main.yml b/roles/infinote/tasks/main.yml new file mode 100644 index 0000000000..bc61d6c226 --- /dev/null +++ b/roles/infinote/tasks/main.yml @@ -0,0 +1,29 @@ +# +# This role sets up the various packages and scripts needed for a infinote server +# + + + +# +# make directory for nfs mounts to live in +# + +- name: create /srv/web for web content + file: dest=/srv/web state=directory mode=755 + tags: + - infinote + - config + +- name: create /srv/infinote for infinote content + file: dest=/srv/infinote state=directory mode=755 + tags: + - infinote + - config + +- name: install packages needed + yum: pkg={{ item }} state=present + with_items: + - infinoted + tags: + - infinote + - config diff --git a/roles/openvpn/server/files/ccd/infinote.fedoraproject.org b/roles/openvpn/server/files/ccd/infinote.fedoraproject.org new file mode 100644 index 0000000000..fd25583750 --- /dev/null +++ b/roles/openvpn/server/files/ccd/infinote.fedoraproject.org @@ -0,0 +1 @@ +ifconfig-push 192.168.100.10 192.168.100.10