ipsilon: create ipsilon01.stg vm

Right now ipsilon is running in openshift, but sadly in order to work
with ipa instead of fas as it's backend it needs to use sssd and pam
stack. That does not work in a container, so move it back to a vm at
least for now until we sort out what we want to do.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>

inventory/group_vars/ipsilon

@@ -0,0 +1,13 @@
+---
+# Define resources for this group of hosts here. 
+lvm_size: 20000
+mem_size: 4096
+num_cpus: 2
+
+# for systems that do not match the above - specify the same parameter in
+# the host_vars/$hostname file
+
+tcp_ports: [ 80, 443 ]
+
+# Neeed for rsync from log01 for logs.
+custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]

inventory/group_vars/ipsilon_stg

@@ -0,0 +1,13 @@
+---
+# Define resources for this group of hosts here. 
+lvm_size: 20000
+mem_size: 4096
+num_cpus: 2
+
+# for systems that do not match the above - specify the same parameter in
+# the host_vars/$hostname file
+
+proxy_tcp_ports: [ 80, 443 ]
+
+# Neeed for rsync from log01 for logs.
+custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]

inventory/host_vars/ipsilon01.stg.iad2.fedoraproject.org

@@ -0,0 +1,12 @@
+---
+nm: 255.255.255.0
+gw: 10.3.166.254
+dns: 10.3.163.33
+
+ks_url: http://10.3.163.35/repo/rhel/ks/kvm-fedora-32-iad2
+http://10.3.163.35/pub/fedora/linux/releases/32/Server/x86_64/os/
+
+volgroup: /dev/vg_guests
+eth0_ip: 10.3.166.30
+vmhost: vmhost-x86-01.stg.iad2.fedoraproject.org
+datacenter: iad2

inventory/inventory

@@ -295,6 +295,9 @@ ipa02.iad2.fedoraproject.org
 [ipa_stg]
 ipa01.stg.iad2.fedoraproject.org
 
+[ipsilon-stg]
+ipsilon01.stg.phx2.fedoraproject.org
+
 [ipsilon_dev]
 iddev.fedorainfracloud.org
 
@@ -600,6 +603,7 @@ oci-registry01.stg.iad2.fedoraproject.org
 # fedimg01.stg.iad2.fedoraproject.org
 github2fedmsg01.stg.iad2.fedoraproject.org
 ipa01.stg.iad2.fedoraproject.org
+ipsilon01.stg.phx2.fedoraproject.org
 koji01.stg.iad2.fedoraproject.org
 # mailman01.stg.iad2.fedoraproject.org
 mbs-backend01.stg.iad2.fedoraproject.org

playbooks/groups/ipsilon.yml

@@ -0,0 +1,63 @@
+- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=ipsilon:ipsilon-stg"
+
+- name: make the box be real
+  hosts: ipsilon:ipsilon-stg
+  user: root
+  gather_facts: True
+
+  vars_files:
+   - /srv/web/infra/ansible/vars/global.yml
+   - "/srv/private/ansible/vars.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  vars:
+    ipsilon_db_host: "db-fas01{{ env_suffix }}.iad2.fedoraproject.org"
+
+  roles:
+  - base
+  - rkhunter
+  - nagios_client
+  - hosts
+  - fas_client
+  - rsyncd
+  - sudo
+  - { role: openvpn/client,
+      when: env != "staging" }
+  - mod_wsgi
+  - role: keytab/service
+    owner_user: apache
+    owner_group: apache
+    service: HTTP
+    host: "id.stg.fedoraproject.org"
+    when: env == "staging"
+  - role: keytab/service
+    owner_user: apache
+    owner_group: apache
+    service: HTTP
+    host: "id.fedoraproject.org"
+    when: env == "production"
+
+  pre_tasks:
+  - import_tasks: "{{ tasks_path }}/yumrepos.yml"
+
+  tasks:
+  - import_tasks: "{{ tasks_path }}/motd.yml"
+
+  handlers:
+  - import_tasks: "{{ handlers_path }}/restart_services.yml"
+
+- name: deploy ipsilon itself
+  hosts: ipsilon:ipsilon-stg
+  user: root
+  gather_facts: True
+
+  vars_files:
+   - /srv/web/infra/ansible/vars/global.yml
+   - "/srv/private/ansible/vars.yml"
+   - "{{ vars_path }}/{{ ansible_distribution }}.yml"
+
+  roles:
+  - ipsilon
+
+  handlers:
+  - import_tasks: "{{ handlers_path }}/restart_services.yml"