Add first cut at a infinote server (config to come)

2015-10-09 19:03:59 +00:00 · 2015-10-09 19:03:59 +00:00 · 301a9cea82
commit 301a9cea82
parent 86b178eb51
6 changed files with 113 additions and 0 deletions
--- a/inventory/group_vars/infinote
+++ b/inventory/group_vars/infinote
@ -0,0 +1,35 @@
+---
+# Define resources for this group of hosts here.
+lvm_size: 20000
+mem_size: 4096
+num_cpus: 2
+
+# for systems that do not match the above - specify the same parameter in
+# the host_vars/$hostname file
+
+custom_rules: [
+    # Need for rsync from log01 for logs.
+    '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
+ ]
+
+tcp_ports: []
+
+fas_client_groups: sysadmin-noc,fi-apprentice
+
+freezes: false
+
+# For the MOTD
+csi_security_category: Low
+csi_primary_contact: Fedora admins - admin@fedoraproject.org
+csi_purpose: Run the 'infinote' backend for gobby
+csi_relationship: |
+    There are a few things running here:
+
+    - infinote server for gobby
+    - cgit server to serve gobby content
+    - web server
+
+    - This host relies on: Nothing
+
+    - Things that rely on this host: Nothing
--- a/inventory/host_vars/infinote.fedoraproject.org
+++ b/inventory/host_vars/infinote.fedoraproject.org
@ -0,0 +1,14 @@
+---
+nm: 255.255.255.128
+gw: 140.211.169.193
+dns: 8.8.8.8
+
+volgroup: /dev/vg_guests
+
+eth0_ip: 140.211.169.231
+ansible_ssh_host: infinote.fedoraproject.org
+
+postfix_group: vpn
+
+vmhost: osuosl03.fedoraproject.org
+datacenter: osuosl
--- a/inventory/inventory
+++ b/inventory/inventory
@ -1055,3 +1055,6 @@ twisted-rhel6-1.fedorainfracloud.org
 twisted-rhel6-2.fedorainfracloud.org
 twisted-rhel7-1.fedorainfracloud.org
 twisted-rhel7-2.fedorainfracloud.org
+
+[infinote]
+infinote.fedoraproject.org
--- a/playbooks/groups/infinote.yml
+++ b/playbooks/groups/infinote.yml
@ -0,0 +1,31 @@
+# create a new infinote server
+- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=infinote"
+
+- name: make the boxen be real for real
+  hosts: infinote
+  user: root
+  gather_facts: True
+
+  vars_files:
+   - /srv/web/infra/ansible/vars/global.yml
+   - "/srv/private/ansible/vars.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  roles:
+  - base
+  - rkhunter
+  - nagios_client
+  - hosts
+  - fas_client
+  - sudo
+  - collectd/base
+  - openvpn/client
+  - infinote
+
+  tasks:
+  - include: "{{ tasks }}/yumrepos.yml"
+  - include: "{{ tasks }}/2fa_client.yml"
+  - include: "{{ tasks }}/motd.yml"
+
+  handlers:
+  - include: "{{ handlers }}/restart_services.yml"
--- a/roles/infinote/tasks/main.yml
+++ b/roles/infinote/tasks/main.yml
@ -0,0 +1,29 @@
+#
+# This role sets up the various packages and scripts needed for a infinote server
+#
+
+
+
+#
+# make directory for nfs mounts to live in
+#
+
+- name: create /srv/web for web content
+  file: dest=/srv/web state=directory mode=755
+  tags:
+  - infinote
+  - config
+
+- name: create /srv/infinote for infinote content
+  file: dest=/srv/infinote state=directory mode=755
+  tags:
+  - infinote
+  - config
+
+- name: install packages needed
+  yum: pkg={{ item }} state=present
+  with_items:
+  - infinoted
+  tags:
+  - infinote
+  - config
--- a/roles/openvpn/server/files/ccd/infinote.fedoraproject.org
+++ b/roles/openvpn/server/files/ccd/infinote.fedoraproject.org
@ -0,0 +1 @@
+ifconfig-push 192.168.100.10 192.168.100.10