From 691adee6ee1b15a78745d3f997d854171405522d Mon Sep 17 00:00:00 2001 From: Ryan Lerch Date: Tue, 14 Jan 2025 20:18:57 +1000 Subject: [PATCH] Fix name[casing] ansible-lint issues fix 1900 failures of the following case issue: `name[casing]: All names should start with an uppercase letter.` Signed-off-by: Ryan Lerch --- playbooks/check-for-nonvirt-updates.yml | 16 +-- playbooks/check-for-updates.yml | 10 +- playbooks/check-host.yml | 30 ++-- playbooks/checks_log_failed_services.yml | 6 +- playbooks/clear_memcached.yml | 4 +- playbooks/clear_varnish.yml | 4 +- playbooks/death_to_postfix.yml | 2 +- playbooks/destroy_virt_inst.yml | 16 +-- playbooks/groups/backup-server.yml | 2 +- playbooks/groups/build-kcs.yml | 4 +- playbooks/groups/copr-backend.yml | 6 +- playbooks/groups/copr-dist-git.yml | 8 +- playbooks/groups/copr-frontend.yml | 8 +- playbooks/groups/copr-keygen.yml | 12 +- playbooks/groups/copr-pulp.yml | 16 +-- playbooks/groups/db.aws.yml | 6 +- playbooks/groups/logdetective.yml | 4 +- playbooks/groups/maintainer-test.yml | 4 +- playbooks/groups/nfs-servers.yml | 4 +- playbooks/groups/openqa-onebox-test.yml | 4 +- playbooks/groups/retrace.yml | 6 +- playbooks/host_reboot.yml | 12 +- playbooks/host_update.yml | 12 +- playbooks/include/happy_birthday.yml | 2 +- playbooks/include/proxies-fedorahosted.yml | 4 +- playbooks/include/proxies-websites.yml | 2 +- playbooks/include/virt-create.yml | 2 +- playbooks/manual/copr/_generic_tasks.yml | 4 +- .../manual/copr/copr-backend-upgrade.yml | 2 +- .../manual/copr/copr-dist-git-upgrade.yml | 2 +- .../manual/copr/copr-frontend-upgrade.yml | 8 +- playbooks/manual/copr/copr-keygen-upgrade.yml | 2 +- playbooks/manual/copr/copr-pulp-upgrade.yml | 2 +- .../manual/fas-readonly/fas-readonly.yml | 6 +- .../manual/fas-readonly/rollback-readonly.yml | 6 +- playbooks/manual/fas2discourse.yml | 4 +- playbooks/manual/history_undo.yml | 4 +- .../manual/import-irc-cookies-to-matrix.yml | 8 +- playbooks/manual/kernel-qa.yml | 2 +- playbooks/manual/nagios/shush-fmn.yml | 4 +- .../noggin-deployment/create-full-backup.yml | 6 +- .../restore-latest-backup.yml | 4 +- playbooks/manual/ocp4-place-ignitionfiles.yml | 2 +- playbooks/manual/openqa-restart-workers.yml | 4 +- playbooks/manual/qadevel.yml | 4 +- playbooks/manual/rebuild/websites.yml | 2 +- playbooks/manual/restart-fedmsg-services.yml | 26 ++-- playbooks/manual/restart-pagure.yml | 4 +- playbooks/manual/sign-and-import.yml | 16 +-- playbooks/manual/sign-vault.yml | 4 +- playbooks/manual/staging-sync/bodhi.yml | 14 +- playbooks/manual/staging-sync/db-sync.yml | 16 +-- playbooks/manual/staging-sync/koji.yml | 48 +++---- playbooks/manual/staging-sync/koschei.yml | 2 +- playbooks/manual/staging-sync/mailman.yml | 6 +- playbooks/manual/update-aliases.yml | 2 +- playbooks/manual/update-packages.yml | 14 +- playbooks/manual/upgrade/bodhi.yml | 22 +-- playbooks/manual/upgrade/bugzilla2fedmsg.yml | 14 +- playbooks/manual/upgrade/datagrepper.yml | 14 +- playbooks/manual/upgrade/fedmsg.yml | 10 +- playbooks/manual/upgrade/koji.yml | 26 ++-- playbooks/manual/upgrade/mote.yml | 14 +- playbooks/manual/upgrade/packages.yml | 14 +- playbooks/manual/upgrade/pagure.yml | 18 +-- playbooks/rdiff-backup.yml | 8 +- playbooks/restart_when_failed.yml | 8 +- playbooks/rkhunter_only.yml | 6 +- playbooks/rkhunter_update.yml | 10 +- playbooks/universe_update.yml | 12 +- playbooks/update_dns.yml | 4 +- playbooks/vhost_halt_guests.yml | 14 +- playbooks/vhost_poweroff.yml | 20 +-- playbooks/vhost_update.yml | 22 +-- roles/abrt/faf-post/tasks/cron.yml | 2 +- roles/abrt/faf-pre/tasks/install.yml | 8 +- roles/abrt/faf-pre/tasks/main.yml | 22 +-- roles/abrt/faf-pre/tasks/services.yml | 6 +- roles/abrt/faf-pre/tasks/setup_db.yml | 26 ++-- roles/abrt/faf-pre/tasks/ssl.yml | 8 +- roles/abrt/faf/tasks/celery.yml | 10 +- roles/abrt/faf/tasks/check.yml | 4 +- roles/abrt/faf/tasks/check_web.yml | 4 +- roles/abrt/faf/tasks/cleanup.yml | 6 +- roles/abrt/faf/tasks/config.yml | 6 +- roles/abrt/faf/tasks/cron.yml | 20 +-- roles/abrt/faf/tasks/first_time_setup.yml | 8 +- roles/abrt/faf/tasks/install.yml | 22 +-- roles/abrt/faf/tasks/migrate_db.yml | 2 +- roles/abrt/faf/tasks/update.yml | 2 +- roles/abrt/faf/tasks/web.yml | 8 +- .../abrt/retrace-post/tasks/retrace_setup.yml | 4 +- roles/abrt/retrace/tasks/check.yml | 2 +- roles/abrt/retrace/tasks/config.yml | 6 +- roles/abrt/retrace/tasks/install.yml | 4 +- roles/abrt/retrace/tasks/usefafpkgs.yml | 4 +- roles/ansible-server/tasks/main.yml | 8 +- roles/apache/handlers/main.yml | 2 +- roles/apache/tasks/main.yml | 18 +-- roles/apps-fp-o/handlers/main.yml | 4 +- roles/base/handlers/main.yml | 18 +-- roles/base/tasks/main.yml | 96 ++++++------- roles/base/tasks/postfix.yml | 14 +- roles/base/tasks/watchdog.yml | 4 +- roles/basessh/handlers/main.yml | 2 +- roles/basessh/tasks/main.yml | 18 +-- roles/batcave/tasks/main.yml | 90 ++++++------ roles/bkernel/tasks/main.yml | 14 +- roles/blockerbugs/tasks/main.yml | 18 +-- roles/bodhi2/backend/tasks/main.yml | 44 +++--- roles/btrfs/handlers/main.yml | 2 +- roles/bugzilla2fedmsg/tasks/main.yml | 4 +- roles/builder_repo/tasks/main.yml | 2 +- roles/cgit/base/tasks/main.yml | 8 +- roles/cgit/clean_lock_cron/tasks/main.yml | 2 +- roles/cgit/make_pkgs_list/tasks/main.yml | 20 +-- roles/chrony/tasks/main.yml | 4 +- roles/clamav/tasks/main.yml | 12 +- roles/collectd/base/tasks/main.yml | 36 ++--- roles/collectd/bind/tasks/main.yml | 2 +- roles/collectd/fcomm-queue/tasks/main.yml | 12 +- roles/collectd/memcached/tasks/main.yml | 2 +- roles/collectd/rabbitmq/tasks/main.yml | 6 +- roles/collectd/server/tasks/main.yml | 20 +-- roles/copr/backend/tasks/aws.yml | 8 +- roles/copr/backend/tasks/copr-ping.yml | 20 +-- .../copr/backend/tasks/install_cloud_cert.yml | 4 +- roles/copr/backend/tasks/main.yml | 128 +++++++++--------- roles/copr/backend/tasks/monitoring.yml | 6 +- roles/copr/backend/tasks/mount_fs.yml | 28 ++-- roles/copr/backend/tasks/network.yml | 8 +- roles/copr/backend/tasks/resalloc.yml | 40 +++--- .../tasks/setup_provisioning_environment.yml | 22 +-- roles/copr/base/tasks/main.yml | 38 +++--- roles/copr/certbot/tasks/letsencrypt.yml | 26 ++-- roles/copr/dist_git/tasks/main.yml | 58 ++++---- roles/copr/dist_git/tasks/mount_fs.yml | 10 +- roles/copr/frontend/tasks/httpd.yml | 4 +- roles/copr/frontend/tasks/main.yml | 66 ++++----- roles/copr/frontend/tasks/mount_fs.yml | 4 +- roles/copr/frontend/tasks/psql_setup.yml | 28 ++-- roles/copr/hypervisor/tasks/main.yml | 48 +++---- roles/copr/keygen/tasks/main.yml | 24 ++-- roles/copr/keygen/tasks/setup_backup.yml | 6 +- roles/copr/pre/tasks/main.yml | 8 +- roles/developer/build/tasks/main.yml | 2 +- roles/dhcp_server/tasks/main.yml | 6 +- roles/distgit/pagure/tasks/main.yml | 38 +++--- roles/distgit/tasks/main.yml | 66 ++++----- roles/dns/tasks/main.yml | 30 ++-- roles/docker-distribution/handlers/main.yml | 2 +- roles/docker-distribution/tasks/main.yml | 14 +- roles/download/tasks/main.yml | 6 +- .../tasks/create-discourse-apikey-secret.yml | 4 +- .../tasks/create-keytab-secret.yml | 6 +- .../tasks/create-operator-namespace.yml | 4 +- roles/fasjson/tasks/main.yml | 8 +- roles/fedmsg/base/tasks/main.yml | 50 +++---- roles/fedmsg/gateway/slave/tasks/main.yml | 24 ++-- roles/fedmsg/gateway/tasks/main.yml | 14 +- roles/fedmsg/hub/tasks/main.yml | 24 ++-- roles/fedmsg/irc/tasks/main.yml | 10 +- roles/fedmsg/relay/tasks/main.yml | 10 +- .../tasks/crontab_path.yml | 8 +- roles/fedora-messaging-utils/tasks/main.yml | 4 +- roles/fedora-web/build/tasks/main.yml | 4 +- roles/fedora-web/fedora.im/tasks/main.yml | 6 +- roles/fedora-web/ostree/tasks/main.yml | 8 +- roles/fedora-web/registry/tasks/main.yml | 4 +- roles/flatpak-cache/tasks/main.yml | 2 +- roles/freemedia/tasks/main.yml | 16 +-- roles/geoip-city-wsgi/app/tasks/main.yml | 10 +- roles/geoip/tasks/main.yml | 12 +- roles/git/checks/tasks/main.yml | 6 +- roles/git/hooks/tasks/main.yml | 6 +- roles/git/make_checkout_seed/tasks/main.yml | 10 +- roles/git/server/tasks/main.yml | 14 +- roles/github2fedmsg/tasks/main.yml | 16 +-- roles/gitolite/base/tasks/main.yml | 4 +- .../check_fedmsg_hooks/tasks/main.yml | 2 +- roles/grobisplitter/tasks/main.yml | 8 +- roles/grokmirror_mirror/tasks/main.yml | 14 +- roles/haproxy/handlers/main.yml | 2 +- roles/haproxy/tasks/main.yml | 24 ++-- roles/hosts/tasks/main.yml | 4 +- roles/httpd/proxy/tasks/main.yml | 12 +- roles/ipa/client/handlers/main.yml | 4 +- roles/ipa/client/tasks/hbac.yml | 2 +- roles/ipa/service/tasks/main.yml | 2 +- roles/ipsilon/handlers/main.yml | 2 +- roles/ipsilon/tasks/main.yml | 36 ++--- roles/ipsilon/tasks/patches.yml | 8 +- roles/iscsi_client/tasks/main.yml | 22 +-- roles/keepalived/handlers/main.yml | 2 +- roles/kerneltest/tasks/main.yml | 10 +- roles/koji_builder/handlers/main.yml | 2 +- roles/koji_builder/tasks/main.yml | 82 +++++------ roles/koji_db/tasks/main.yml | 6 +- roles/koji_hub/tasks/main.yml | 92 ++++++------- roles/kojipkgs/handlers/main.yml | 2 +- roles/kojipkgs/tasks/main.yml | 16 +-- roles/letsencrypt/tasks/main.yml | 2 +- roles/log-detective-backup/tasks/main.yml | 8 +- roles/login-registry/tasks/main.yml | 4 +- roles/mariadb_server/handlers/main.yml | 2 +- roles/mariadb_server/tasks/main.yml | 14 +- roles/mediawiki/tasks/main.yml | 64 ++++----- roles/memcached/tasks/main.yml | 10 +- roles/messaging/base/tasks/main.yml | 16 +-- roles/mirror_pagure_ansible/tasks/main.yml | 4 +- .../mirrorlist_proxy/tasks/main.yml | 32 ++--- roles/mod_wsgi/tasks/main.yml | 8 +- roles/mote/handlers/main.yml | 2 +- roles/mote/tasks/main.yml | 28 ++-- roles/nagios_client/handlers/main.yml | 2 +- roles/nagios_client/tasks/main.yml | 46 +++---- roles/nagios_server/handlers/main.yml | 2 +- roles/nagios_server/tasks/main.yml | 4 +- roles/nfs/client/tasks/main.yml | 16 +-- roles/nfs/server/tasks/main.yml | 8 +- roles/nfs/server/tasks/storinator-cloud.yml | 8 +- roles/opendkim/tasks/main.yml | 16 +-- roles/openqa/dispatcher/tasks/main.yml | 2 +- roles/openqa/server/tasks/main.yml | 2 +- roles/openqa/worker/tasks/main.yml | 8 +- .../openshift-apps/coreos-ci/tasks/main.yaml | 6 +- .../fedora-coreos-pipeline/tasks/main.yaml | 4 +- .../firmitas/tasks/create-buildconfig.yml | 6 +- .../firmitas/tasks/create-cronjob.yml | 4 +- .../firmitas/tasks/create-deployment.yml | 4 +- .../create-firmitas-configuration-secret.yml | 8 +- .../firmitas/tasks/create-imagestream.yml | 4 +- .../firmitas/tasks/create-namespace.yml | 4 +- .../tasks/create-pagure-apikey-secret.yml | 4 +- .../tasks/create-persistent-volume-claim.yml | 4 +- roles/openshift-apps/firmitas/tasks/main.yml | 2 +- roles/openshift/imagestream/tasks/main.yml | 2 +- roles/openshift/project/tasks/main.yml | 14 +- roles/openshift/route/tasks/main.yml | 2 +- .../sysadmin-openshift/tasks/resources.yaml | 4 +- roles/openvpn/base/tasks/main.yml | 2 +- roles/openvpn/client/tasks/main.yml | 2 +- roles/openvpn/server/tasks/main.yml | 4 +- roles/packager_alias/tasks/main.yml | 2 +- roles/packages3/web/tasks/main.yml | 8 +- roles/pager_server/tasks/main.yml | 4 +- roles/pagure/handlers/main.yml | 2 +- roles/pagure/tasks/main.yml | 56 ++++---- roles/pagure/tasks/selinux.yml | 22 +-- roles/people/tasks/main.yml | 60 ++++---- roles/planet/tasks/main.yml | 86 ++++++------ roles/postfix_logreport/tasks/main.yml | 6 +- roles/postgresql_server/handlers/main.yml | 2 +- roles/postgresql_server/tasks/datanommer.yml | 10 +- roles/postgresql_server/tasks/main.yml | 16 +-- roles/push-container-registry/tasks/main.yml | 8 +- roles/rabbitmq/tasks/main.yml | 6 +- roles/rabbitmq_cluster/tasks/apps.yml | 6 +- roles/rabbitmq_cluster/tasks/main.yml | 32 ++--- roles/redis/tasks/main.yml | 4 +- roles/rkhunter/tasks/main.yml | 6 +- roles/robosignatory/handlers/main.yml | 2 +- roles/rsnapshot-push/tasks/main.yml | 14 +- roles/rsyncd/handlers/main.yml | 4 +- roles/rsyncd/tasks/main.yml | 20 +-- roles/selinux/module/tasks/main.yml | 4 +- roles/serial-console/tasks/main.yml | 8 +- roles/sigul/server/tasks/main.yml | 12 +- roles/smtp-auth-relay/tasks/main.yml | 6 +- roles/spamassassin/handlers/main.yml | 2 +- roles/spamassassin/tasks/main.yml | 16 +-- roles/sudo/tasks/main.yml | 8 +- roles/supybot/tasks/main.yml | 30 ++-- roles/tang/tasks/main.yml | 2 +- roles/testdays/tasks/main.yml | 12 +- roles/tftp_server/tasks/main.yml | 14 +- roles/torrent/tasks/main.yml | 14 +- roles/varnish/handlers/main.yml | 2 +- roles/varnish/tasks/main.yml | 12 +- roles/virthost/tasks/main.yml | 16 +-- roles/web-data-analysis/tasks/main.yml | 72 +++++----- roles/weblate-backup/tasks/main.yml | 2 +- roles/yubikey/tasks/main.yml | 10 +- roles/zabbix/zabbix_agent/tasks/main.yml | 2 +- tasks/aws_cloud.yml | 22 +-- tasks/cloud_setup_basic.yml | 20 +-- tasks/confine_ssh.yml | 2 +- tasks/happy_birthday.yml | 2 +- tasks/motd.yml | 2 +- tasks/openvpn_client.yml | 4 +- tasks/openvpn_client_7.yml | 4 +- tasks/persistent_cloud.yml | 18 +-- tasks/postfix_basic.yml | 4 +- tasks/rdiff_backup_server.yml | 6 +- tasks/reg-server.yml | 2 +- tasks/serialgetty.yml | 2 +- tasks/swap.yml | 4 +- tasks/virt_instance_create.yml | 22 +-- tasks/yumrepos.yml | 26 ++-- 299 files changed, 1935 insertions(+), 1935 deletions(-) diff --git a/playbooks/check-for-nonvirt-updates.yml b/playbooks/check-for-nonvirt-updates.yml index eb50720adb..1195bbc0f3 100644 --- a/playbooks/check-for-nonvirt-updates.yml +++ b/playbooks/check-for-nonvirt-updates.yml @@ -9,25 +9,25 @@ # --- -- name: check for updates (EL) +- name: Check for updates (EL) hosts: virt_host:&distro_RedHat gather_facts: false tasks: - - name: check for updates (yum) + - name: Check for updates (yum) yum: list=updates update_cache=true register: yumoutput - debug: msg="{{ inventory_hostname}} {{ yumoutput.results|length }}" -- name: check for updates (Fedora) +- name: Check for updates (Fedora) hosts: virt_host:&distro_Fedora gather_facts: false tasks: - - name: check for updates (dnf) + - name: Check for updates (dnf) dnf: list=updates register: dnfoutput @@ -37,25 +37,25 @@ # For some reason ansible detects aarch64/armv7 hosts as virt type "NA" # -- name: check for updates (aarch64/armv7) EL +- name: Check for updates (aarch64/armv7) EL hosts: virt_NA:&distro_RedHat gather_facts: false tasks: - - name: check for updates (yum) + - name: Check for updates (yum) yum: list=updates update_cache=true register: yumoutput - debug: msg="{{ inventory_hostname}} {{ yumoutput.results|length }}" -- name: check for updates (aarch64/armv7) Fedora +- name: Check for updates (aarch64/armv7) Fedora hosts: virt_NA:&distro_Fedora gather_facts: false tasks: - - name: check for updates (dnf) + - name: Check for updates (dnf) dnf: list=updates register: dnfoutput diff --git a/playbooks/check-for-updates.yml b/playbooks/check-for-updates.yml index 54e76aa0bb..1b093bf783 100644 --- a/playbooks/check-for-updates.yml +++ b/playbooks/check-for-updates.yml @@ -9,20 +9,20 @@ # --- -- name: check for updates +- name: Check for updates hosts: distro_RedHat:distro_CentOS:!ocp*:!worker* gather_facts: false tasks: - - name: check for updates (yum) + - name: Check for updates (yum) yum: list=updates update_cache=true register: yumoutput - debug: msg="{{ inventory_hostname}} {{ yumoutput.results|length }}" when: yumoutput.results|length > 0 -- name: check for updates +- name: Check for updates hosts: distro_Fedora:!ocp*:!worker* gather_facts: false @@ -32,10 +32,10 @@ # We use the command module here because the real module can't expire # - - name: make dnf recheck for new metadata from repos + - name: Make dnf recheck for new metadata from repos command: dnf clean expire-cache - - name: check for updates (dnf) + - name: Check for updates (dnf) dnf: list=updates register: dnfoutput diff --git a/playbooks/check-host.yml b/playbooks/check-host.yml index d4252d9a11..6e4b1cc102 100644 --- a/playbooks/check-host.yml +++ b/playbooks/check-host.yml @@ -9,7 +9,7 @@ tasks: - - name: create temp dir for collecting info + - name: Create temp dir for collecting info shell: mktemp -d register: temp_dir changed_when: false @@ -70,7 +70,7 @@ - services - - name: output enabled service list chkconfig + - name: Output enabled service list chkconfig shell: echo {{enabled_services_chkconfig.stdout_lines}} >> {{temp_dir.stdout}}/eservices when: enabled_services_chkconfig is defined and enabled_services_chkconfig.rc == 0 changed_when: false @@ -78,7 +78,7 @@ - check - services - - name: output disabled loaded service list chkconfig + - name: Output disabled loaded service list chkconfig shell: echo {{disabled_services_chkconfig.stdout_lines}} >> {{temp_dir.stdout}}/dservices when: disabled_services_chkconfig is defined and disabled_services_chkconfig.rc == 0 changed_when: false @@ -87,7 +87,7 @@ - services - - name: output loaded active service list systemctl + - name: Output loaded active service list systemctl shell: echo {{loaded_active_services_systemctl.stdout_lines}} >> {{temp_dir.stdout}}/laservices when: loaded_active_services_systemctl is defined and loaded_active_services_systemctl.rc == 0 changed_when: false @@ -95,7 +95,7 @@ - check - services - - name: output loaded inactive service list systemctl + - name: Output loaded inactive service list systemctl shell: echo {{loaded_inactive_services_systemctl.stdout_lines}} >> {{temp_dir.stdout}}/liservices when: loaded_inactive_services_systemctl is defined and loaded_inactive_services_systemctl.rc == 0 changed_when: false @@ -224,7 +224,7 @@ - selinux - - name: misMatch current SELinux status with boot status + - name: MisMatch current SELinux status with boot status shell: echo "SElinux Current and Boot modes are NOT in sync" >> {{temp_dir.stdout}}/selinux when: ansible_selinux.status != "disabled" and ansible_selinux.config_mode != ansible_selinux.mode changed_when: false @@ -232,40 +232,40 @@ - check - selinux - - name: resolve last persisted dir - if one is present + - name: Resolve last persisted dir - if one is present local_action: shell ls -d -1 {{datadir_prfx_path}}/{{inventory_hostname}}-* 2>/dev/null | sort -r | head -1 register: last_dir changed_when: false ignore_errors: true - - name: get file list + - name: Get file list shell: ls -1 {{temp_dir.stdout}}/* register: file_list changed_when: false - - name: get timestamp + - name: Get timestamp shell: "date +%Y-%m-%d-%H-%M-%S" register: timestamp changed_when: false - - name: create persisting-state directory + - name: Create persisting-state directory local_action: file path=/{{datadir_prfx_path}}/{{inventory_hostname}}-{{timestamp.stdout}} state=directory changed_when: false - - name: fetch file list + - name: Fetch file list fetch: src={{item}} dest=/{{datadir_prfx_path}}/{{inventory_hostname}}-{{timestamp.stdout}}/ flat=true with_items: "{{file_list.stdout_lines}}" changed_when: false - - name: diff the new files with last ones presisted + - name: Diff the new files with last ones presisted local_action: shell for file in {{datadir_prfx_path}}/{{inventory_hostname}}-{{timestamp.stdout}}/*; do filename=$(basename $file); diff {{datadir_prfx_path}}/{{inventory_hostname}}-{{timestamp.stdout}}/$filename {{last_dir.stdout.strip(':')}}/$filename; done ignore_errors: true changed_when: false register: file_diff when: last_dir is defined and last_dir.stdout != "" - - name: display diff + - name: Display diff debug: var=file_diff.stdout_lines ignore_errors: true changed_when: false @@ -273,11 +273,11 @@ # clean up: can also be put as handlers - - name: clean remote temp dir + - name: Clean remote temp dir file: path={{temp_dir.stdout}} state=absent changed_when: false - - name: clean rpm temp file + - name: Clean rpm temp file file: path={{localchanges.stdout}} state=absent changed_when: false diff --git a/playbooks/checks_log_failed_services.yml b/playbooks/checks_log_failed_services.yml index 26e48026f2..447c6ecd59 100644 --- a/playbooks/checks_log_failed_services.yml +++ b/playbooks/checks_log_failed_services.yml @@ -6,18 +6,18 @@ gather_facts: false tasks: - - name: listing failed units + - name: Listing failed units shell: systemctl list-units --state failed --no-legend | awk '{ print $1 }' register: listing_failed - - name: check log with journalctl + - name: Check log with journalctl shell: journalctl -lru {{ item }} -n 50 register: display_log with_items: "{{ listing_failed.stdout_lines[0:] }}" - debug: var=listing_failed.stdout_lines[0:] - - name: display log + - name: Display log debug: var=display_log.stdout_lines ignore_errors: true when: display_log is defined diff --git a/playbooks/clear_memcached.yml b/playbooks/clear_memcached.yml index 0f18b12006..6f14586e8f 100644 --- a/playbooks/clear_memcached.yml +++ b/playbooks/clear_memcached.yml @@ -1,8 +1,8 @@ --- -- name: clear memcache +- name: Clear memcache hosts: memcached:memcached-stg serial: 1 tasks: - - name: clear memcache + - name: Clear memcache command: echo flush_all | nc localhost 11211 diff --git a/playbooks/clear_varnish.yml b/playbooks/clear_varnish.yml index acd6d74532..ab6f3750a8 100644 --- a/playbooks/clear_varnish.yml +++ b/playbooks/clear_varnish.yml @@ -1,9 +1,9 @@ --- -- name: clear varnish cache +- name: Clear varnish cache hosts: proxies user: root serial: 1 tasks: - - name: clear varnish + - name: Clear varnish command: varnishadm -S /etc/varnish/secret -T 127.0.0.1:6082 ban req.url == . diff --git a/playbooks/death_to_postfix.yml b/playbooks/death_to_postfix.yml index d27ac650ec..25f46643c0 100644 --- a/playbooks/death_to_postfix.yml +++ b/playbooks/death_to_postfix.yml @@ -2,7 +2,7 @@ # thanks threebean on this. --- -- name: kills postfix which has been left around alive after update. +- name: Kills postfix which has been left around alive after update. hosts: "{{ target }}" user: root diff --git a/playbooks/destroy_virt_inst.yml b/playbooks/destroy_virt_inst.yml index 162b0c297d..bbbed06377 100644 --- a/playbooks/destroy_virt_inst.yml +++ b/playbooks/destroy_virt_inst.yml @@ -10,37 +10,37 @@ # requires --extra-vars="target=hostspec" --- -- name: destroy and undefine vm +- name: Destroy and undefine vm hosts: "{{ target }}" user: root gather_facts: false tasks: - - name: get vm list on the vmhost + - name: Get vm list on the vmhost delegate_to: "{{ vmhost }}" virt: command=list_vms register: result - - name: fail if the host is not already defined/existent + - name: Fail if the host is not already defined/existent local_action: fail msg="host does not exist on {{ vmhost }}" when: inventory_hostname not in result.list_vms - - name: schedule 30m host downtime in nagios + - name: Schedule 30m host downtime in nagios nagios: action=downtime minutes=60 service=host host={{ inventory_hostname_short }}{{ env_suffix }} delegate_to: noc01.iad2.fedoraproject.org ignore_errors: true - - name: pause for 30s before doing it + - name: Pause for 30s before doing it pause: seconds=30 prompt="Destroying (and lvremove for) vm now {{ target }}, abort if this is wrong" - - name: destroy the vm + - name: Destroy the vm virt: name={{ inventory_hostname }} command=destroy delegate_to: "{{ vmhost }}" - - name: undefine the vm + - name: Undefine the vm virt: name={{ inventory_hostname }} command=undefine delegate_to: "{{ vmhost }}" - - name: destroy the lv + - name: Destroy the lv command: /sbin/lvremove -f {{volgroup}}/{{inventory_hostname}} delegate_to: "{{ vmhost }}" diff --git a/playbooks/groups/backup-server.yml b/playbooks/groups/backup-server.yml index 5e28cd2f86..b1c7d14d62 100644 --- a/playbooks/groups/backup-server.yml +++ b/playbooks/groups/backup-server.yml @@ -4,7 +4,7 @@ # NOTE: most of these vars_path come from group_vars/backup_server or from hostvars --- -- name: make backup server system +- name: Make backup server system hosts: backup user: root gather_facts: true diff --git a/playbooks/groups/build-kcs.yml b/playbooks/groups/build-kcs.yml index 224dc7cdd5..81e07cfc02 100644 --- a/playbooks/groups/build-kcs.yml +++ b/playbooks/groups/build-kcs.yml @@ -4,7 +4,7 @@ # covered by this playbook. --- -- name: enable an ephemeral builder +- name: Enable an ephemeral builder hosts: build_x86_kcs:build_x86_kcs_stg user: root gather_facts: false @@ -19,7 +19,7 @@ - import_tasks: "{{ tasks_path }}/yumrepos.yml" tasks: - - name: make a keytab dir + - name: Make a keytab dir file: dest="/etc/kojid-cloud-scheduler/" state=directory roles: diff --git a/playbooks/groups/copr-backend.yml b/playbooks/groups/copr-backend.yml index 4c9eaf41e9..c3cddcded1 100644 --- a/playbooks/groups/copr-backend.yml +++ b/playbooks/groups/copr-backend.yml @@ -1,5 +1,5 @@ --- -- name: check/create instance +- name: Check/create instance hosts: copr_back_dev_aws:copr_back_aws user: root gather_facts: false @@ -23,7 +23,7 @@ - datacenter == 'aws' - swap_file_size_mb is defined -- name: cloud basic setup +- name: Cloud basic setup hosts: copr_back_dev_aws:copr_back_aws user: root gather_facts: true @@ -43,7 +43,7 @@ # hostname: name="{{copr_hostbase}}.cloud.fedoraproject.org" # when: env != 'production' -- name: provision instance +- name: Provision instance hosts: copr_back_dev_aws:copr_back_aws user: root gather_facts: true diff --git a/playbooks/groups/copr-dist-git.yml b/playbooks/groups/copr-dist-git.yml index f97ab9aa7f..4e64344d76 100644 --- a/playbooks/groups/copr-dist-git.yml +++ b/playbooks/groups/copr-dist-git.yml @@ -1,5 +1,5 @@ --- -- name: check/create instance +- name: Check/create instance hosts: copr_dist_git_dev_aws:copr_dist_git_aws user: root gather_facts: false @@ -18,7 +18,7 @@ - import_tasks: "{{ tasks_path }}/aws_cloud.yml" when: datacenter == 'aws' -- name: cloud basic setup +- name: Cloud basic setup hosts: copr_dist_git_dev_aws:copr_dist_git_aws user: root gather_facts: true @@ -35,11 +35,11 @@ - datacenter == 'aws' - swap_file_size_mb is defined - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" - - name: set hostname (required by some services, at least postfix need it) + - name: Set hostname (required by some services, at least postfix need it) hostname: name="{{copr_hostbase}}.fedorainfracloud.org" when: datacenter != "aws" -- name: provision instance +- name: Provision instance hosts: copr_dist_git_dev_aws:copr_dist_git_aws user: root gather_facts: true diff --git a/playbooks/groups/copr-frontend.yml b/playbooks/groups/copr-frontend.yml index be0afe8cdd..2c9714d09e 100644 --- a/playbooks/groups/copr-frontend.yml +++ b/playbooks/groups/copr-frontend.yml @@ -1,5 +1,5 @@ --- -- name: check/create instance +- name: Check/create instance hosts: copr_front_dev_aws:copr_front_aws user: root gather_facts: false @@ -24,7 +24,7 @@ - datacenter == 'aws' - swap_file_size_mb is defined -- name: cloud basic setup +- name: Cloud basic setup hosts: copr_front_dev_aws:copr_front_aws gather_facts: true vars_files: @@ -36,11 +36,11 @@ tasks: - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" - - name: set hostname (required by some services, at least postfix need it) + - name: Set hostname (required by some services, at least postfix need it) hostname: name="{{copr_hostbase}}.cloud.fedoraproject.org" when: datacenter != "aws" -- name: provision instance +- name: Provision instance hosts: copr_front_dev_aws:copr_front_aws gather_facts: true diff --git a/playbooks/groups/copr-keygen.yml b/playbooks/groups/copr-keygen.yml index f7892c6946..c68fb80a2f 100644 --- a/playbooks/groups/copr-keygen.yml +++ b/playbooks/groups/copr-keygen.yml @@ -1,5 +1,5 @@ --- -- name: check/create instance +- name: Check/create instance hosts: copr_keygen_dev_aws:copr_keygen_aws gather_facts: false @@ -18,16 +18,16 @@ when: datacenter == 'aws' - - name: gather facts + - name: Gather facts setup: check_mode: no ignore_errors: true register: facts - - name: install python2 and dnf stuff + - name: Install python2 and dnf stuff raw: dnf -y install python-dnf libselinux-python yum when: facts is failed -- name: cloud basic setup +- name: Cloud basic setup hosts: copr_keygen_dev_aws:copr_keygen_aws gather_facts: true vars_files: @@ -39,11 +39,11 @@ tasks: - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" - - name: set hostname (required by some services, at least postfix need it) + - name: Set hostname (required by some services, at least postfix need it) hostname: name="{{copr_hostbase}}.cloud.fedoraproject.org" when: datacenter != "aws" -- name: provision instance +- name: Provision instance hosts: copr_keygen_dev_aws:copr_keygen_aws gather_facts: true diff --git a/playbooks/groups/copr-pulp.yml b/playbooks/groups/copr-pulp.yml index 3784354a69..076ab02e6d 100644 --- a/playbooks/groups/copr-pulp.yml +++ b/playbooks/groups/copr-pulp.yml @@ -1,5 +1,5 @@ --- -- name: check/create instance +- name: Check/create instance hosts: copr_pulp_dev_aws:copr_pulp_aws gather_facts: false @@ -24,14 +24,14 @@ - swap_file_size_mb is defined # TODO Remove in favor of base/tasks/main.yml - - name: install platform-python + - name: Install platform-python package: name={{ item }} state=present with_items: - platform-python become: true # TODO Remove in favor of base/tasks/main.yml - - name: symlink /usr/bin/python to /usr/bin/python3 + - name: Symlink /usr/bin/python to /usr/bin/python3 alternatives: name: python link: /usr/bin/python @@ -39,13 +39,13 @@ become: true # TODO Move this to base/tasks/main.yml - - name: install iptables-services + - name: Install iptables-services package: name=iptables-services state=present become: true # TODO Postfix should have probably been installed by base/tasks/main.yml # but it wasn't for this instance - - name: install postfix + - name: Install postfix package: name=postfix state=present become: true @@ -55,7 +55,7 @@ dest: /tmp/pulp_default_admin_password mode: "000" -- name: cloud basic setup +- name: Cloud basic setup hosts: copr_pulp_dev_aws:copr_pulp_aws become: true gather_facts: true @@ -69,11 +69,11 @@ tasks: - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" - - name: set hostname (required by some services, at least postfix need it) + - name: Set hostname (required by some services, at least postfix need it) hostname: name="{{copr_hostbase}}.cloud.fedoraproject.org" when: datacenter != "aws" -- name: provision instance +- name: Provision instance hosts: copr_pulp_dev_aws:copr_pulp_aws become: true gather_facts: true diff --git a/playbooks/groups/db.aws.yml b/playbooks/groups/db.aws.yml index 5f66ac002e..e646a02c8c 100644 --- a/playbooks/groups/db.aws.yml +++ b/playbooks/groups/db.aws.yml @@ -4,7 +4,7 @@ # Once the instance exists, configure it. --- -- name: check/create instance +- name: Check/create instance hosts: db.stg.aws.fedoraproject.org user: root gather_facts: false @@ -25,7 +25,7 @@ - datacenter == 'aws' - swap_file_size_mb is defined -- name: cloud basic setup +- name: Cloud basic setup hosts: db.stg.aws.fedoraproject.org user: root gather_facts: true @@ -39,7 +39,7 @@ tasks: - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" -- name: configure server +- name: Configure server hosts: db.stg.aws.fedoraproject.org user: root gather_facts: true diff --git a/playbooks/groups/logdetective.yml b/playbooks/groups/logdetective.yml index 15a774dd4a..30245f8d0c 100644 --- a/playbooks/groups/logdetective.yml +++ b/playbooks/groups/logdetective.yml @@ -1,5 +1,5 @@ --- -- name: check/create instance +- name: Check/create instance hosts: logdetective user: root gather_facts: false @@ -19,7 +19,7 @@ - datacenter == 'aws' - swap_file_size_mb is defined -- name: provision instance +- name: Provision instance hosts: logdetective become: true become_user: root diff --git a/playbooks/groups/maintainer-test.yml b/playbooks/groups/maintainer-test.yml index 1c71825616..de036a9651 100644 --- a/playbooks/groups/maintainer-test.yml +++ b/playbooks/groups/maintainer-test.yml @@ -26,7 +26,7 @@ # this is how you include other task lists - import_tasks: "{{ tasks_path }}/motd.yml" - - name: install packager tools (dnf) + - name: Install packager tools (dnf) dnf: state=present pkg={{ item }} with_items: - fedora-packager @@ -34,7 +34,7 @@ tags: - packages - - name: allow packagers to use mock + - name: Allow packagers to use mock copy: dest=/etc/pam.d/mock src="{{ files }}/common/mock" tags: - config diff --git a/playbooks/groups/nfs-servers.yml b/playbooks/groups/nfs-servers.yml index 4875d3579c..62a1b75840 100644 --- a/playbooks/groups/nfs-servers.yml +++ b/playbooks/groups/nfs-servers.yml @@ -1,7 +1,7 @@ # This is a basic playbook --- -- name: dole out the basic configuration +- name: Dole out the basic configuration hosts: nfs_servers user: root gather_facts: true @@ -49,7 +49,7 @@ - drives - copr - - name: create copr-be storage + - name: Create copr-be storage lvol: vg=VG_nfs lv=copr-be size=30t shrink=no tags: - drives diff --git a/playbooks/groups/openqa-onebox-test.yml b/playbooks/groups/openqa-onebox-test.yml index fc00db2275..b3e7aac650 100644 --- a/playbooks/groups/openqa-onebox-test.yml +++ b/playbooks/groups/openqa-onebox-test.yml @@ -1,5 +1,5 @@ --- -- name: setup base openQA host +- name: Setup base openQA host hosts: openqa_onebox_test user: root gather_facts: true @@ -29,7 +29,7 @@ handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" -- name: configure openQA +- name: Configure openQA hosts: openqa_onebox_test user: root gather_facts: true diff --git a/playbooks/groups/retrace.yml b/playbooks/groups/retrace.yml index cb72a53d3e..af02ffdce7 100644 --- a/playbooks/groups/retrace.yml +++ b/playbooks/groups/retrace.yml @@ -15,7 +15,7 @@ # fedora-messaging setup -- name: setup RabbitMQ +- name: Setup RabbitMQ hosts: rabbitmq[0]:rabbitmq_stg[0] user: root gather_facts: false @@ -78,7 +78,7 @@ handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" -- name: setup FAF server +- name: Setup FAF server hosts: retrace,retrace_stg gather_facts: true @@ -98,7 +98,7 @@ faf_spool_dir: /srv/faf/ - import_role: name=abrt/faf-post -- name: setup retrace server +- name: Setup retrace server hosts: retrace,retrace_stg gather_facts: true diff --git a/playbooks/host_reboot.yml b/playbooks/host_reboot.yml index 233da105b4..064e56e979 100644 --- a/playbooks/host_reboot.yml +++ b/playbooks/host_reboot.yml @@ -1,28 +1,28 @@ # requires --extra-vars="target=hostspec" --- -- name: reboot hosts +- name: Reboot hosts hosts: "{{ target }}" gather_facts: false user: root serial: 1 tasks: - - name: tell nagios to shush + - name: Tell nagios to shush nagios: action=downtime minutes=60 service=host host={{ inventory_hostname_short }}{{ env_suffix }} delegate_to: noc01.iad2.fedoraproject.org ignore_errors: true - - name: reboot the host + - name: Reboot the host command: /sbin/shutdown -r 1 - - name: wait for host to come back - up to 15 minutes + - name: Wait for host to come back - up to 15 minutes local_action: wait_for host={{ target }} port=22 delay=120 timeout=900 search_regex=OpenSSH -# - name: sync time +# - name: Sync time # command: ntpdate -u 1.rhel.pool.ntp.org - - name: tell nagios to unshush + - name: Tell nagios to unshush nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} delegate_to: noc01.iad2.fedoraproject.org ignore_errors: true diff --git a/playbooks/host_update.yml b/playbooks/host_update.yml index 6deb1efb24..dd31c32462 100644 --- a/playbooks/host_update.yml +++ b/playbooks/host_update.yml @@ -4,30 +4,30 @@ --- -- name: update the system +- name: Update the system hosts: "{{ target }}" gather_facts: false user: root tasks: - - name: expire-caches + - name: Expire-caches command: yum clean expire-cache - - name: yum -y {{ yumcommand }} + - name: Yum -y {{ yumcommand }} command: yum -y {{ yumcommand }} async: 7200 poll: 30 -- name: run rkhunter if installed +- name: Run rkhunter if installed hosts: "{{ target }}" user: root tasks: - - name: check for rkhunter + - name: Check for rkhunter command: /usr/bin/test -f /usr/bin/rkhunter register: rkhunter ignore_errors: true - - name: run rkhunter --propupd + - name: Run rkhunter --propupd command: /usr/bin/rkhunter --propupd when: rkhunter is success diff --git a/playbooks/include/happy_birthday.yml b/playbooks/include/happy_birthday.yml index 9b92aad5f0..0d4d99d048 100644 --- a/playbooks/include/happy_birthday.yml +++ b/playbooks/include/happy_birthday.yml @@ -1,5 +1,5 @@ --- -- name: handle ssh keys on a hosts birthday (new hw machine) +- name: Handle ssh keys on a hosts birthday (new hw machine) hosts: "{{ myhosts }}" gather_facts: false diff --git a/playbooks/include/proxies-fedorahosted.yml b/playbooks/include/proxies-fedorahosted.yml index 5062962f4a..4fee04eff7 100644 --- a/playbooks/include/proxies-fedorahosted.yml +++ b/playbooks/include/proxies-fedorahosted.yml @@ -22,8 +22,8 @@ - '/etc/httpd/conf.d/fedorahosted.org' - '/etc/httpd/conf.d/git.fedorahosted.org' - - name: install special fedorahosted-redirects.conf with fedorahosted redirects + - name: Install special fedorahosted-redirects.conf with fedorahosted redirects copy: src={{ files }}/httpd/fedorahosted-redirects.conf dest=/etc/httpd/conf.d/fedorahosted.org/fedorahosted-redirects.conf - - name: install special git.fedorahosted-redirects.conf with git.fedorahosted redirects + - name: Install special git.fedorahosted-redirects.conf with git.fedorahosted redirects copy: src={{ files }}/httpd/git.fedorahosted-redirects.conf dest=/etc/httpd/conf.d/git.fedorahosted.org/fedorahosted-redirects.conf diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml index f9527308c7..8bae05066a 100644 --- a/playbooks/include/proxies-websites.yml +++ b/playbooks/include/proxies-websites.yml @@ -19,7 +19,7 @@ - httpd - httpd/website - - name: check the selinux context of webdir + - name: Check the selinux context of webdir command: matchpathcon /srv/web register: webdir check_mode: no diff --git a/playbooks/include/virt-create.yml b/playbooks/include/virt-create.yml index 21095fb7c6..0eccb2cb0f 100644 --- a/playbooks/include/virt-create.yml +++ b/playbooks/include/virt-create.yml @@ -1,5 +1,5 @@ --- -- name: make the virtual instance +- name: Make the virtual instance hosts: "{{ myhosts }}" gather_facts: false diff --git a/playbooks/manual/copr/_generic_tasks.yml b/playbooks/manual/copr/_generic_tasks.yml index 96098a7c4e..2944d2a368 100644 --- a/playbooks/manual/copr/_generic_tasks.yml +++ b/playbooks/manual/copr/_generic_tasks.yml @@ -1,8 +1,8 @@ --- -- name: detect package versions +- name: Detect package versions package_facts: manager=auto -- name: assure minimal versions of dnf-plugins-core +- name: Assure minimal versions of dnf-plugins-core dnf: name=dnf-plugins-core state=latest when: ansible_facts.packages['dnf-plugins-core'][0].version is version('4.0.12', '<') diff --git a/playbooks/manual/copr/copr-backend-upgrade.yml b/playbooks/manual/copr/copr-backend-upgrade.yml index 1911e44635..afee40a906 100644 --- a/playbooks/manual/copr/copr-backend-upgrade.yml +++ b/playbooks/manual/copr/copr-backend-upgrade.yml @@ -1,5 +1,5 @@ --- -- name: upgrade copr backend +- name: Upgrade copr backend hosts: copr_back_dev_aws:copr_back_aws user: root gather_facts: true diff --git a/playbooks/manual/copr/copr-dist-git-upgrade.yml b/playbooks/manual/copr/copr-dist-git-upgrade.yml index 016a8d6098..6495d98cd0 100644 --- a/playbooks/manual/copr/copr-dist-git-upgrade.yml +++ b/playbooks/manual/copr/copr-dist-git-upgrade.yml @@ -1,5 +1,5 @@ --- -- name: upgrade copr distgit +- name: Upgrade copr distgit hosts: copr_dist_git_dev_aws:copr_dist_git_aws user: root gather_facts: true diff --git a/playbooks/manual/copr/copr-frontend-upgrade.yml b/playbooks/manual/copr/copr-frontend-upgrade.yml index ac87edc82f..b246e16031 100644 --- a/playbooks/manual/copr/copr-frontend-upgrade.yml +++ b/playbooks/manual/copr/copr-frontend-upgrade.yml @@ -1,5 +1,5 @@ --- -- name: upgrade copr frontend +- name: Upgrade copr frontend hosts: copr_front_dev_aws:copr_front_aws user: root gather_facts: true @@ -22,7 +22,7 @@ changed_when: "frontend_has_update.rc != 0" failed_when: false - - name: make httpd stopped + - name: Make httpd stopped service: name=httpd state=stopped register: httpd_stopped when: frontend_has_update.changed @@ -36,7 +36,7 @@ - copr-selinux - python3-copr-common - - name: upgrade db to head, logs in /var/log/copr-frontend/migrations.log + - name: Upgrade db to head, logs in /var/log/copr-frontend/migrations.log shell: alembic-3 upgrade head &> /var/log/copr-frontend/migrations.log become: yes become_user: copr-fe @@ -44,7 +44,7 @@ chdir: /usr/share/copr/coprs_frontend/ when: frontend_has_update.changed - - name: make httpd started + - name: Make httpd started service: name=httpd state=started when: httpd_stopped.changed diff --git a/playbooks/manual/copr/copr-keygen-upgrade.yml b/playbooks/manual/copr/copr-keygen-upgrade.yml index b8009c4de4..5368a45982 100644 --- a/playbooks/manual/copr/copr-keygen-upgrade.yml +++ b/playbooks/manual/copr/copr-keygen-upgrade.yml @@ -1,5 +1,5 @@ --- -- name: upgrade copr keygen +- name: Upgrade copr keygen hosts: copr_keygen_dev_aws:copr_keygen_aws user: root gather_facts: true diff --git a/playbooks/manual/copr/copr-pulp-upgrade.yml b/playbooks/manual/copr/copr-pulp-upgrade.yml index 99424059bd..9040755509 100644 --- a/playbooks/manual/copr/copr-pulp-upgrade.yml +++ b/playbooks/manual/copr/copr-pulp-upgrade.yml @@ -1,5 +1,5 @@ --- -- name: upgrade copr pulp +- name: Upgrade copr pulp hosts: copr_pulp_dev_aws:copr_pulp_aws user: root gather_facts: true diff --git a/playbooks/manual/fas-readonly/fas-readonly.yml b/playbooks/manual/fas-readonly/fas-readonly.yml index 05754c98cc..558054ab26 100644 --- a/playbooks/manual/fas-readonly/fas-readonly.yml +++ b/playbooks/manual/fas-readonly/fas-readonly.yml @@ -1,5 +1,5 @@ --- -- name: change fas db to readonly for most actions +- name: Change fas db to readonly for most actions hosts: db-fas01.iad2.fedoraproject.org:db-fas01.stg.iad2.fedoraproject.org user: root vars_files: @@ -7,10 +7,10 @@ - "/srv/private/ansible/vars.yml" - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - - name: copy the sql script to file + - name: Copy the sql script to file template: src=fas-readonly.sql dest=/var/lib/pgsql/fas-readonly.sql - - name: change permissions for relevant tables in the fas db + - name: Change permissions for relevant tables in the fas db shell: psql -1 -v ON_ERROR_STOP=1 fas2 The database name on both database server (must be the same) --- -- name: dump the prod db out +- name: Dump the prod db out hosts: "{{ dbhost }}.iad2.fedoraproject.org" user: root become: yes @@ -40,7 +40,7 @@ dest: /var/tmp/ flat: yes -- name: bring staging services down +- name: Bring staging services down hosts: "{{ server or 'batcave01.iad2.fedoraproject.org' }}" user: root any_errors_fatal: false @@ -52,11 +52,11 @@ - import_tasks: "{{ handlers_path }}/restart_services.yml" tasks: - - name: stop apache + - name: Stop apache service: name=httpd state=stopped when: (server is defined) and (server|length > 0) -- name: drop and re-create the staging db entirely +- name: Drop and re-create the staging db entirely hosts: "{{ dbhost }}.stg.iad2.fedoraproject.org" user: root become: yes @@ -72,7 +72,7 @@ tasks: # push dump to stg from batcave - - name: push the DB dump from batcave to the dbhost in stg + - name: Push the DB dump from batcave to the dbhost in stg copy: src: /var/tmp/{{ db }}.dump.xz dest: /var/tmp/{{ db }}.dump.xz @@ -91,7 +91,7 @@ - name: Import the prod db. This will take quite a while. Go get a snack! shell: cat /var/tmp/{{ db }}.dump | psql {{ db }} -- name: bring staging services up +- name: Bring staging services up hosts: "{{ server or 'batcave01.iad2.fedoraproject.org' }}" user: root any_errors_fatal: false @@ -103,7 +103,7 @@ - import_tasks: "{{ handlers_path }}/restart_services.yml" tasks: - - name: restart apache + - name: Restart apache service: name=httpd state=started when: (server is defined) and (server|length > 0) @@ -137,5 +137,5 @@ - import_tasks: "{{ handlers_path }}/restart_services.yml" tasks: - - name: remove the DB dump from batcave + - name: Remove the DB dump from batcave command: rm -f /var/tmp/{{ db }}.dump.xz diff --git a/playbooks/manual/staging-sync/koji.yml b/playbooks/manual/staging-sync/koji.yml index aeab89b68b..9c4b77cdb9 100644 --- a/playbooks/manual/staging-sync/koji.yml +++ b/playbooks/manual/staging-sync/koji.yml @@ -10,7 +10,7 @@ --- -- name: bring staging services down +- name: Bring staging services down hosts: koji_stg user: root vars_files: @@ -25,7 +25,7 @@ - service: name=kojira state=stopped -- name: drop and re-create the staging db entirely +- name: Drop and re-create the staging db entirely hosts: db-koji01.stg.iad2.fedoraproject.org user: root become: yes @@ -35,17 +35,17 @@ - db-sync vars: - builder_groups: - - name: buildvm_stg + - name: Buildvm_stg arches: i386 x86_64 extra_channels: - container - createrepo - livemedia - - name: buildvm_aarch64_stg + - name: Buildvm_aarch64_stg arches: aarch64 - - name: buildvm_ppc64le_stg + - name: Buildvm_ppc64le_stg arches: ppc64le - - name: buildvm_s390x_stg + - name: Buildvm_s390x_stg arches: s390x # Users allowed to use content generators, only in staging - cg_users: @@ -81,12 +81,12 @@ sed '/COPY buildroot_listing /,/\./d' | mbuffer -q -s 16M -m 512M -l /tmp/mbuffer-sed-to-psql.log | psql -v ON_ERROR_STOP=1 - - name: repoint all the prod rpm entries at the secondary volume (and other stuff) + - name: Repoint all the prod rpm entries at the secondary volume (and other stuff) shell: psql -1 -v ON_ERROR_STOP=1 koji 21 and ansible_distribution == 'Fedora' - - name: dnf update {{ package }} from main repo + - name: Dnf update {{ package }} from main repo dnf: name="{{ package }}" state=latest when: not testing and ansible_distribution_major_version|int > 21 and ansible_distribution == 'Fedora' - - name: dnf clean all (since we can't do it when updating) + - name: Dnf clean all (since we can't do it when updating) command: dnf clean all --enablerepo=infrastructure-tags-stg when: testing and ansible_distribution_major_version|int > 21 and ansible_distribution == 'Fedora' - - name: dnf update {{ package }} from testing repo + - name: Dnf update {{ package }} from testing repo dnf: name="{{ package }}" state=latest enablerepo=infrastructure-tags-stg when: testing and ansible_distribution_major_version|int > 21 and ansible_distribution == 'Fedora' diff --git a/playbooks/manual/upgrade/bodhi.yml b/playbooks/manual/upgrade/bodhi.yml index c85178ab51..46ad293cff 100644 --- a/playbooks/manual/upgrade/bodhi.yml +++ b/playbooks/manual/upgrade/bodhi.yml @@ -1,5 +1,5 @@ --- -- name: check to see if a compose is going on before we do anything... +- name: Check to see if a compose is going on before we do anything... hosts: bodhi_backend:bodhi_backend_stg user: root vars_files: @@ -20,7 +20,7 @@ any_errors_fatal: true when: "composes.stdout != '{\"composes\": []}' and env != 'staging'" -- name: push packages out +- name: Push packages out hosts: bodhi_backend:bodhi_backend_stg user: root vars_files: @@ -31,14 +31,14 @@ - import_tasks: "{{ handlers_path }}/restart_services.yml" tasks: - - name: update bodhi-server packages from main repo + - name: Update bodhi-server packages from main repo dnf: name: - bodhi-server - bodhi-composer state: latest update_cache: true - - name: update bodhi-server packages from testing repo + - name: Update bodhi-server packages from testing repo dnf: name: - bodhi-server @@ -48,7 +48,7 @@ update_cache: true when: testing -- name: find out if there are migrations to run +- name: Find out if there are migrations to run hosts: bodhi_backend:bodhi_backend_stg user: root vars_files: @@ -72,7 +72,7 @@ - import_tasks: "{{ handlers_path }}/restart_services.yml" pre_tasks: - - name: tell nagios to shush w.r.t. the frontend + - name: Tell nagios to shush w.r.t. the frontend nagios: action=downtime minutes=15 service=host host={{ inventory_hostname_short }}{{ env_suffix }} delegate_to: noc01.iad2.fedoraproject.org ignore_errors: true @@ -85,7 +85,7 @@ command: oc -n bodhi scale dc/bodhi-web --replicas=0 when: migrations -- name: verify the backends, stop them, and then upgrade the db +- name: Verify the backends, stop them, and then upgrade the db hosts: bodhi_backend:bodhi_backend_stg user: root vars_files: @@ -96,7 +96,7 @@ - import_tasks: "{{ handlers_path }}/restart_services.yml" pre_tasks: - - name: tell nagios to shush w.r.t. the backend + - name: Tell nagios to shush w.r.t. the backend nagios: action=downtime minutes=15 service=host host={{ inventory_hostname_short }}{{ env_suffix }} delegate_to: noc01.iad2.fedoraproject.org ignore_errors: true @@ -127,12 +127,12 @@ - bodhi-celery post_tasks: - - name: tell nagios to unshush w.r.t. the backend + - name: Tell nagios to unshush w.r.t. the backend nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} delegate_to: noc01.iad2.fedoraproject.org ignore_errors: true -- name: restart the frontend +- name: Restart the frontend hosts: os_control[0]:os_control_stg[0] user: root vars_files: @@ -169,7 +169,7 @@ when: env != "staging" post_tasks: - - name: tell nagios to unshush w.r.t. the frontend + - name: Tell nagios to unshush w.r.t. the frontend nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} delegate_to: noc01.iad2.fedoraproject.org ignore_errors: true diff --git a/playbooks/manual/upgrade/bugzilla2fedmsg.yml b/playbooks/manual/upgrade/bugzilla2fedmsg.yml index 6a05fd382d..969d369c80 100644 --- a/playbooks/manual/upgrade/bugzilla2fedmsg.yml +++ b/playbooks/manual/upgrade/bugzilla2fedmsg.yml @@ -1,5 +1,5 @@ --- -- name: push packages out +- name: Push packages out hosts: bugzilla2fedmsg:bugzilla2fedmsg_stg user: root vars_files: @@ -12,17 +12,17 @@ - import_tasks: "{{ handlers_path }}/restart_services.yml" tasks: - - name: clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} + - name: Clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} check_mode: no - - name: update bugzilla2fedmsg packages from main repo + - name: Update bugzilla2fedmsg packages from main repo package: name="python-bugzilla2fedmsg" state=latest when: not testing - - name: update bugzilla2fedmsg packages from testing repo + - name: Update bugzilla2fedmsg packages from testing repo yum: name="python-bugzilla2fedmsg" state=latest enablerepo=infrastructure-tags-stg when: testing -- name: verify the backend and restart it +- name: Verify the backend and restart it hosts: bugzilla2fedmsg:bugzilla2fedmsg_stg user: root vars_files: @@ -33,7 +33,7 @@ - import_tasks: "{{ handlers_path }}/restart_services.yml" pre_tasks: - - name: tell nagios to shush + - name: Tell nagios to shush nagios: action=downtime minutes=60 service=host host={{ inventory_hostname_short }}{{ env_suffix }} delegate_to: noc01.iad2.fedoraproject.org ignore_errors: true @@ -43,7 +43,7 @@ post_tasks: - service: name="moksha-hub" state=restarted - - name: tell nagios to unshush + - name: Tell nagios to unshush nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} delegate_to: noc01.iad2.fedoraproject.org ignore_errors: true diff --git a/playbooks/manual/upgrade/datagrepper.yml b/playbooks/manual/upgrade/datagrepper.yml index e70fd42e1d..78e9b30a9a 100644 --- a/playbooks/manual/upgrade/datagrepper.yml +++ b/playbooks/manual/upgrade/datagrepper.yml @@ -1,5 +1,5 @@ --- -- name: push packages out +- name: Push packages out hosts: datagrepper:datagrepper_stg user: root vars_files: @@ -12,17 +12,17 @@ - import_tasks: "{{ handlers_path }}/restart_services.yml" tasks: - - name: clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} + - name: Clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} check_mode: no - - name: yum update datagrepper packages from main repo + - name: Yum update datagrepper packages from main repo package: name="datagrepper" state=latest when: not testing - - name: yum update datagrepper packages from testing repo + - name: Yum update datagrepper packages from testing repo package: name="datagrepper" state=latest enablerepo=infrastructure-tags-stg when: testing -- name: verify the config and restart it +- name: Verify the config and restart it hosts: datagrepper:datagrepper_stg user: root vars_files: @@ -33,7 +33,7 @@ - import_tasks: "{{ handlers_path }}/restart_services.yml" pre_tasks: - - name: tell nagios to shush + - name: Tell nagios to shush nagios: action=downtime minutes=60 service=host host={{ inventory_hostname_short }}{{ env_suffix }} delegate_to: noc01.iad2.fedoraproject.org ignore_errors: true @@ -44,7 +44,7 @@ post_tasks: - service: name="httpd" state=restarted - - name: tell nagios to unshush + - name: Tell nagios to unshush nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} delegate_to: noc01.iad2.fedoraproject.org ignore_errors: true diff --git a/playbooks/manual/upgrade/fedmsg.yml b/playbooks/manual/upgrade/fedmsg.yml index fc977781c5..1914a65688 100644 --- a/playbooks/manual/upgrade/fedmsg.yml +++ b/playbooks/manual/upgrade/fedmsg.yml @@ -1,5 +1,5 @@ --- -- name: push packages out +- name: Push packages out hosts: - fedmsg-hubs - fedmsg-hubs-stg @@ -34,14 +34,14 @@ - import_tasks: "{{ handlers_path }}/restart_services.yml" tasks: - - name: clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} + - name: Clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} check_mode: no - - name: yum update fedmsg packages from the main repo + - name: Yum update fedmsg packages from the main repo package: name={{item}} state=latest when: not testing with_items: "{{packages}}" - - name: yum update fedmsg packages from testing repo + - name: Yum update fedmsg packages from testing repo package: name={{item}} state=latest enablerepo=infrastructure-tags-stg when: testing with_items: "{{packages}}" @@ -50,7 +50,7 @@ # - import_tasks: "{{tasks_path}}../restart-fedmsg-services.yml" # Also restart the frontend web services -- name: bounce apache +- name: Bounce apache hosts: datagrepper:datagrepper_stg user: root vars_files: diff --git a/playbooks/manual/upgrade/koji.yml b/playbooks/manual/upgrade/koji.yml index 3a3ba513cc..3a2f85a51a 100644 --- a/playbooks/manual/upgrade/koji.yml +++ b/playbooks/manual/upgrade/koji.yml @@ -24,7 +24,7 @@ # - nagios outage stuff didn't seem to work as well as we would want last time. --- -- name: preliminary tasks +- name: Preliminary tasks hosts: koji:koji_stg user: root vars_files: @@ -33,26 +33,26 @@ - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - - name: ask admin if an outage ticket was created. + - name: Ask admin if an outage ticket was created. pause: seconds=30 prompt="Did you file an outage ticket before running this?" - - name: ask admin if an outage ticket was reviewed. + - name: Ask admin if an outage ticket was reviewed. pause: seconds=30 prompt="Did you have someone review that outage ticket? This is koji we're talking about here..." - - name: ask admin if an outage ticket was announced. + - name: Ask admin if an outage ticket was announced. pause: seconds=30 prompt="Did you send the outage announcement to devel-announce? People need to know." - - name: ask admin if no db upgrade script is ok. + - name: Ask admin if no db upgrade script is ok. pause: seconds=30 prompt="You didn't specify a db_upgrade_file extra-var. Are you sure there is no db upgrade required?" when: db_upgrade_file is undefined - - name: tell nagios that everything is fine + - name: Tell nagios that everything is fine nagios: action=downtime minutes=30 service=host host={{ inventory_hostname_short }}{{ env_suffix }} delegate_to: noc01.iad2.fedoraproject.org ignore_errors: true - - name: stop httpd on the koji-hubs. + - name: Stop httpd on the koji-hubs. service: name="httpd" state=stopped -- name: run commands on the database host. +- name: Run commands on the database host. # Note that the hosts are used explicitly here to choose only the "primary". # We don't want to run upgrades on both pgbdr nodes at the same time. # ... is anything special needed to upgrade pgbdr nodes? @@ -79,7 +79,7 @@ package: name=koji state=absent when: db_upgrade_file is defined -- name: update and restart the koji hubs before we touch the builders +- name: Update and restart the koji hubs before we touch the builders hosts: koji:koji_stg user: root vars_files: @@ -88,14 +88,14 @@ - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - package: name=koji-hub state=latest update_cache=yes - - name: restart httpd on the koji-hubs. + - name: Restart httpd on the koji-hubs. service: name="httpd" state=started - - name: unsilence nagios + - name: Unsilence nagios nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} delegate_to: noc01.iad2.fedoraproject.org ignore_errors: true -- name: update and restart the koji builders, now that we're done with the hubs +- name: Update and restart the koji builders, now that we're done with the hubs hosts: builders:builders_stg user: root vars_files: @@ -104,5 +104,5 @@ - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - package: name=koji-builder state=latest update_cache=yes - - name: restart all the builders. so many. + - name: Restart all the builders. so many. service: name="kojid" state=restarted diff --git a/playbooks/manual/upgrade/mote.yml b/playbooks/manual/upgrade/mote.yml index 6a25f2d1a2..cfa85d07b3 100644 --- a/playbooks/manual/upgrade/mote.yml +++ b/playbooks/manual/upgrade/mote.yml @@ -1,5 +1,5 @@ --- -- name: push packages out +- name: Push packages out hosts: value:value_stg user: root vars_files: @@ -12,17 +12,17 @@ - import_tasks: "{{ handlers_path }}/restart_services.yml" tasks: - - name: clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} + - name: Clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} check_mode: no - - name: update mote packages from main repo + - name: Update mote packages from main repo package: name="mote" state=latest when: not testing - - name: update mote packages from testing repo + - name: Update mote packages from testing repo yum: name="mote" state=latest enablerepo=infrastructure-tags-stg when: testing -- name: verify the config and restart it +- name: Verify the config and restart it hosts: value:value_stg user: root vars_files: @@ -33,7 +33,7 @@ - import_tasks: "{{ handlers_path }}/restart_services.yml" pre_tasks: - - name: tell nagios to shush + - name: Tell nagios to shush nagios: action=downtime minutes=60 service=host host={{ inventory_hostname_short }}{{ env_suffix }} delegate_to: noc01.iad2.fedoraproject.org ignore_errors: true @@ -44,7 +44,7 @@ post_tasks: - service: name="httpd" state=restarted - service: name="mote-updater" state=restarted - - name: tell nagios to unshush + - name: Tell nagios to unshush nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} delegate_to: noc01.iad2.fedoraproject.org ignore_errors: true diff --git a/playbooks/manual/upgrade/packages.yml b/playbooks/manual/upgrade/packages.yml index 379bacc2c4..3c1f9e124d 100644 --- a/playbooks/manual/upgrade/packages.yml +++ b/playbooks/manual/upgrade/packages.yml @@ -1,5 +1,5 @@ --- -- name: push packages out +- name: Push packages out hosts: packages:packages_stg user: root vars_files: @@ -12,17 +12,17 @@ - import_tasks: "{{ handlers_path }}/restart_services.yml" tasks: - - name: clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} + - name: Clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} command: dnf clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} check_mode: no - - name: update fedora-packages packages from main repo + - name: Update fedora-packages packages from main repo package: name="fedora-packages" state=latest when: not testing - - name: update fedora-packages packages from testing repo + - name: Update fedora-packages packages from testing repo dnf: name="fedora-packages" state=latest enablerepo=infrastructure-tags-stg when: testing -- name: verify the config and restart it +- name: Verify the config and restart it hosts: packages:packages_stg user: root vars_files: @@ -33,7 +33,7 @@ - import_tasks: "{{ handlers_path }}/restart_services.yml" pre_tasks: - - name: tell nagios to shush + - name: Tell nagios to shush nagios: action=downtime minutes=60 service=host host={{ inventory_hostname_short }}{{ env_suffix }} delegate_to: noc01.iad2.fedoraproject.org ignore_errors: true @@ -48,7 +48,7 @@ - service: name="httpd" state=started - service: name="fedmsg-hub" state=started - - name: tell nagios to unshush + - name: Tell nagios to unshush nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} delegate_to: noc01.iad2.fedoraproject.org ignore_errors: true diff --git a/playbooks/manual/upgrade/pagure.yml b/playbooks/manual/upgrade/pagure.yml index 366a0b2050..53640272a7 100644 --- a/playbooks/manual/upgrade/pagure.yml +++ b/playbooks/manual/upgrade/pagure.yml @@ -6,7 +6,7 @@ # Main task to upgrade pagure --- -- name: upgrade pagure +- name: Upgrade pagure hosts: pagure:pagure_stg user: root vars_files: @@ -19,7 +19,7 @@ - import_tasks: "{{ handlers_path }}/restart_services.yml" pre_tasks: - - name: tell nagios to shush w.r.t. the frontend + - name: Tell nagios to shush w.r.t. the frontend nagios: action=downtime minutes=15 @@ -33,13 +33,13 @@ ## tasks: - - name: yum update pagure packages from main repo + - name: Yum update pagure packages from main repo yum: name="pagure*" state=latest update_cache=yes when: not testing - - name: yum update pagure* packages from testing repo + - name: Yum update pagure* packages from testing repo yum: name="pagure*" state=latest enablerepo=infrastructure-tags-stg @@ -47,7 +47,7 @@ when: testing # This is needed so the alembic will work. - - name: stop the general pagure workers + - name: Stop the general pagure workers service: name: "{{ item }}" state: stopped @@ -60,7 +60,7 @@ - pagure_webhook - pagure_worker - - name: stop the specific workers on pagure.io + - name: Stop the specific workers on pagure.io service: name: "{{ item }}" state: stopped @@ -83,7 +83,7 @@ post_tasks: - - name: start the general pagure workers + - name: Start the general pagure workers service: name: "{{ item }}" state: started @@ -96,7 +96,7 @@ - pagure_webhook - pagure_worker - - name: start_pagure_workers on pagure servers + - name: Start_pagure_workers on pagure servers service: name: "{{ item }}" state: started @@ -115,7 +115,7 @@ ## - - name: tell nagios to unshush w.r.t. the frontend + - name: Tell nagios to unshush w.r.t. the frontend nagios: action=unsilence service=host diff --git a/playbooks/rdiff-backup.yml b/playbooks/rdiff-backup.yml index 8b03292bcd..1cddf6b974 100644 --- a/playbooks/rdiff-backup.yml +++ b/playbooks/rdiff-backup.yml @@ -4,7 +4,7 @@ # this seemed like an obvious cheat --- -- name: rdiff-backup +- name: Rdiff-backup hosts: backup_clients user: root gather_facts: false @@ -20,17 +20,17 @@ - global_backup_targets: ['/etc', '/home'] tasks: - - name: run rdiff-backup hitting all the global targets + - name: Run rdiff-backup hitting all the global targets local_action: "shell rdiff-backup --remote-schema 'ssh -p {{ ansible_port|default(22) }} -C %s rdiff-backup --server' --create-full-path --print-statistics {{ inventory_hostname }}::{{ item }} /fedora_backups/{{ inventory_hostname }}/`basename {{ item }}` | mail -r sysadmin-backup-members@fedoraproject.org -s 'rdiff-backup: {{ inventory_hostname }}:{{ item }}' sysadmin-backup-members@fedoraproject.org" with_items: '{{ global_backup_targets }}' when: global_backup_targets is defined - - name: copy new database dumps into the backup server database dir + - name: Copy new database dumps into the backup server database dir local_action: "shell rsync -a {{ inventory_hostname }}:{{ item }}/ /fedora_backups/databases/{{ inventory_hostname }}/" with_items: '{{ db_backup_dir }}' when: db_backup_dir is defined - - name: run rdiff-backup hitting all the host targets + - name: Run rdiff-backup hitting all the host targets local_action: "shell rdiff-backup --remote-schema 'ssh -p {{ ansible_port|default(22) }} -C %s rdiff-backup --server' --exclude='**git-seed*' --exclude='**git_seed' --exclude='**.snapshot' --create-full-path --print-statistics {{ inventory_hostname }}::{{ item }} /fedora_backups/{{ inventory_hostname }}/`basename {{ item }}` | mail -r sysadmin-backup-members@fedoraproject.org -s 'rdiff-backup: {{ inventory_hostname }}:{{ item }}' sysadmin-backup-members@fedoraproject.org" with_items: '{{ host_backup_targets }}' when: host_backup_targets is defined diff --git a/playbooks/restart_when_failed.yml b/playbooks/restart_when_failed.yml index 9e3fe28086..3526126196 100644 --- a/playbooks/restart_when_failed.yml +++ b/playbooks/restart_when_failed.yml @@ -6,23 +6,23 @@ gather_facts: false tasks: - - name: listing failed units + - name: Listing failed units shell: systemctl list-units --state failed --no-legend | awk '{ print $1 }' register: listing_failed - - name: check log with journalctl + - name: Check log with journalctl shell: journalctl -lru {{ item }} -n 50 register: display_log with_items: "{{ listing_failed.stdout_lines[0:] }}" - debug: var=listing_failed.stdout_lines[0:] - - name: display log + - name: Display log debug: var=display_log.stdout_lines ignore_errors: true when: display_log is defined - - name: restart failed service + - name: Restart failed service systemd: name: "{{ item }}" state: restarted diff --git a/playbooks/rkhunter_only.yml b/playbooks/rkhunter_only.yml index 6f305ebba5..9b6ff0901e 100644 --- a/playbooks/rkhunter_only.yml +++ b/playbooks/rkhunter_only.yml @@ -1,16 +1,16 @@ # requires --extra-vars="target='host1:host2:group etc'" --- -- name: run rkhunter for times when rkhunter didn't seem to run. +- name: Run rkhunter for times when rkhunter didn't seem to run. hosts: "{{ target }}" user: root tasks: - - name: check for rkhunter + - name: Check for rkhunter command: /usr/bin/test -f /usr/bin/rkhunter register: rkhunter ignore_errors: true - - name: run rkhunter --propupd + - name: Run rkhunter --propupd command: /usr/bin/rkhunter --propupd when: rkhunter is success diff --git a/playbooks/rkhunter_update.yml b/playbooks/rkhunter_update.yml index 5e5578ea4d..59680d277f 100644 --- a/playbooks/rkhunter_update.yml +++ b/playbooks/rkhunter_update.yml @@ -1,24 +1,24 @@ # requires --extra-vars="target='host1:host2:group etc' yumcommand=update'" --- -- name: update all run rkhunter if installed +- name: Update all run rkhunter if installed hosts: "{{ target }}" user: root tasks: - - name: expire-caches + - name: Expire-caches command: yum clean expire-cache - - name: yum -y {{ yumcommand }} + - name: Yum -y {{ yumcommand }} command: yum -y {{ yumcommand }} async: 7200 poll: 15 - - name: check for rkhunter + - name: Check for rkhunter command: /usr/bin/test -f /usr/bin/rkhunter register: rkhunter ignore_errors: true - - name: run rkhunter --propupd + - name: Run rkhunter --propupd command: /usr/bin/rkhunter --propupd when: rkhunter is success diff --git a/playbooks/universe_update.yml b/playbooks/universe_update.yml index e3531b7606..185fcf64e5 100644 --- a/playbooks/universe_update.yml +++ b/playbooks/universe_update.yml @@ -3,7 +3,7 @@ # --- -- name: set downtime +- name: Set downtime hosts: all gather_facts: false user: root @@ -11,14 +11,14 @@ tasks: - - name: silence nagios completely + - name: Silence nagios completely nagios: action=silence delegate_to: noc01.iad2.fedoraproject.org ignore_errors: true failed_when: no when: nonagios is not defined or not "true" in nonagios -- name: update the world +- name: Update the world hosts: all gather_facts: true user: root @@ -51,16 +51,16 @@ poll: 30 when: package_excludes is defined -- name: run rkhunter if installed +- name: Run rkhunter if installed hosts: all user: root tasks: - - name: check for rkhunter + - name: Check for rkhunter command: /usr/bin/test -f /usr/bin/rkhunter register: rkhunter ignore_errors: true - - name: run rkhunter --propupd + - name: Run rkhunter --propupd command: /usr/bin/rkhunter --propupd when: rkhunter is success diff --git a/playbooks/update_dns.yml b/playbooks/update_dns.yml index 14be26ec49..7712401d6e 100644 --- a/playbooks/update_dns.yml +++ b/playbooks/update_dns.yml @@ -1,9 +1,9 @@ --- -- name: push dns changes out +- name: Push dns changes out hosts: dns user: root tasks: - - name: push dns changes out + - name: Push dns changes out command: /usr/local/bin/update-dns diff --git a/playbooks/vhost_halt_guests.yml b/playbooks/vhost_halt_guests.yml index 083e3f94cf..0ec5110edb 100644 --- a/playbooks/vhost_halt_guests.yml +++ b/playbooks/vhost_halt_guests.yml @@ -20,34 +20,34 @@ --- -- name: find instances +- name: Find instances hosts: "{{ vhost }}" user: root tasks: - - name: get list of guests + - name: Get list of guests virt: command=list_vms register: vmlist - - name: add them to myvms_new group + - name: Add them to myvms_new group local_action: add_host hostname={{ item }} groupname=myvms_new with_items: "{{ vmlist.list_vms }}" -- name: halt instances +- name: Halt instances hosts: myvms_new user: root serial: 1 tasks: - - name: tell nagios to shush + - name: Tell nagios to shush nagios: action=silence host={{ inventory_hostname_short }} delegate_to: noc01.iad2.fedoraproject.org - - name: echo-y + - name: Echo-y command: /sbin/halt -p ignore_errors: true # if one of them is down we don't care - - name: wait for them to die + - name: Wait for them to die local_action: wait_for port=22 delay=30 timeout=300 state=stopped host={{ inventory_hostname }} diff --git a/playbooks/vhost_poweroff.yml b/playbooks/vhost_poweroff.yml index dd0fad90d5..59dfc08f12 100644 --- a/playbooks/vhost_poweroff.yml +++ b/playbooks/vhost_poweroff.yml @@ -15,50 +15,50 @@ # TODO: Figure out how to compare virt info pre and post boot. --- -- name: find instances +- name: Find instances hosts: "{{ target }}" gather_facts: false user: root tasks: - - name: get list of guests + - name: Get list of guests virt: command=list_vms register: vmlist -# - name: get info on guests (prereboot) +# - name: Get info on guests (prereboot) # virt: command=info # register: vminfo_pre - - name: add them to myvms_new group + - name: Add them to myvms_new group local_action: add_host hostname={{ item }} groupname=myvms_new with_items: "{{ vmlist.list_vms }}" -- name: halt instances +- name: Halt instances hosts: myvms_new user: root gather_facts: false serial: 1 tasks: - - name: halt the vm instances - to poweroff + - name: Halt the vm instances - to poweroff command: /sbin/shutdown -h 1 ignore_errors: true # if one of them is down we don't care -- name: wait for the whole set to die. +- name: Wait for the whole set to die. hosts: myvms_new gather_facts: false user: root tasks: - - name: wait for them to die + - name: Wait for them to die local_action: wait_for port=22 delay=30 timeout=300 state=stopped host={{ inventory_hostname }} -- name: reboot vhost +- name: Reboot vhost hosts: "{{ target }}" gather_facts: false user: root tasks: - - name: halt the virthost + - name: Halt the virthost command: /sbin/shutdown -h 1 diff --git a/playbooks/vhost_update.yml b/playbooks/vhost_update.yml index 693eeab392..2dee94c844 100644 --- a/playbooks/vhost_update.yml +++ b/playbooks/vhost_update.yml @@ -5,9 +5,9 @@ # --- -- name: find instances +- name: Find instances vars_prompt: - - name: target + - name: Target prompt: What is the target vhost private: false hosts: "{{ target }}" @@ -15,21 +15,21 @@ user: root tasks: - - name: get list of guests + - name: Get list of guests virt: command=list_vms register: vmlist - - name: add them to myvms_new group + - name: Add them to myvms_new group local_action: add_host hostname={{ item }} groupname=myvms_new with_items: '{{vmlist.list_vms}}' - - name: add the vmhost to target group + - name: Add the vmhost to target group local_action: add_host hostname={{ target }} groupname=target # Call out to another playbook. Disable any proxies that may live here # - include_playbook: update-proxy-dns.yml status=disable proxies=myvms_new:&proxies -- name: set downtime +- name: Set downtime hosts: "target:myvms_new" gather_facts: false user: root @@ -37,14 +37,14 @@ tasks: - - name: schedule regular host downtime + - name: Schedule regular host downtime nagios: action=downtime minutes=30 service=host host={{ inventory_hostname_short }}{{ env_suffix }} delegate_to: noc01.iad2.fedoraproject.org ignore_errors: true failed_when: no when: nonagios is not defined or not "true" in nonagios -- name: update the system +- name: Update the system hosts: "target:myvms_new" gather_facts: true user: root @@ -77,16 +77,16 @@ poll: 30 when: package_excludes is defined -- name: run rkhunter if installed +- name: Run rkhunter if installed hosts: "target:myvms_new" user: root tasks: - - name: check for rkhunter + - name: Check for rkhunter command: /usr/bin/test -f /usr/bin/rkhunter register: rkhunter ignore_errors: true - - name: run rkhunter --propupd + - name: Run rkhunter --propupd command: /usr/bin/rkhunter --propupd when: rkhunter is success diff --git a/roles/abrt/faf-post/tasks/cron.yml b/roles/abrt/faf-post/tasks/cron.yml index b3230b53fb..b074c0a45d 100644 --- a/roles/abrt/faf-post/tasks/cron.yml +++ b/roles/abrt/faf-post/tasks/cron.yml @@ -27,7 +27,7 @@ special_time: daily state: present - - name: koops_to_xorg.py + - name: Koops_to_xorg.py cron: name: "koops_to_xorg.py" user: faf diff --git a/roles/abrt/faf-pre/tasks/install.yml b/roles/abrt/faf-pre/tasks/install.yml index 11316a7273..78de0812c0 100644 --- a/roles/abrt/faf-pre/tasks/install.yml +++ b/roles/abrt/faf-pre/tasks/install.yml @@ -1,5 +1,5 @@ --- -- name: install postgresql packages +- name: Install postgresql packages package: state: present name: @@ -8,14 +8,14 @@ - postgresql - pg-semver -- name: install ssl packages for https +- name: Install ssl packages for https package: state: present name: - openssl - mod_ssl -- name: memcached rhel +- name: Memcached rhel package: state: present name: @@ -23,7 +23,7 @@ - python3-memcached when: ansible_distribution == "RedHat" and faf_web_cache_type == "memcached" -- name: memcached fedora +- name: Memcached fedora package: state: present name: diff --git a/roles/abrt/faf-pre/tasks/main.yml b/roles/abrt/faf-pre/tasks/main.yml index 68af866df9..3cdec63a37 100644 --- a/roles/abrt/faf-pre/tasks/main.yml +++ b/roles/abrt/faf-pre/tasks/main.yml @@ -17,10 +17,10 @@ owner: faf group: faf -- name: create folders where we place certs for fedora-messaging +- name: Create folders where we place certs for fedora-messaging file: path=/etc/fedora-messaging/faf owner=root group=root mode=0755 state=directory -- name: install certs for fedora-messaging +- name: Install certs for fedora-messaging copy: src={{ item.src }} dest=/etc/fedora-messaging/faf/{{ item.dest }} owner={{ item.owner }} group=root mode={{ item.mode }} @@ -42,61 +42,61 @@ } # landing page -- name: install abrt-server-info-page +- name: Install abrt-server-info-page package: name: abrt-server-info-page state: latest -- name: configure ADMINS +- name: Configure ADMINS lineinfile: dest: /usr/lib/python3.6/site-packages/abrt-server-info-page/config.py regexp: 'ADMINS =' line: ' ADMINS = "infrastructure@lists.fedoraproject.org"' notify: restart httpd -- name: configure MORE_FAF +- name: Configure MORE_FAF lineinfile: dest: /usr/lib/python3.6/site-packages/abrt-server-info-page/config.py regexp: 'MORE_FAF =' line: ' MORE_FAF = "https://github.com/abrt/faf/"' notify: restart httpd -- name: configure MORE_RS +- name: Configure MORE_RS lineinfile: dest: /usr/lib/python3.6/site-packages/abrt-server-info-page/config.py regexp: 'MORE_RS =' line: ' MORE_RS = "https://github.com/abrt/retrace-server"' notify: restart httpd -- name: configure MORE_ABRT +- name: Configure MORE_ABRT lineinfile: dest: /usr/lib/python3.6/site-packages/abrt-server-info-page/config.py regexp: 'MORE_ABRT =' line: ' MORE_ABRT = "https://github.com/abrt/abrt/"' notify: restart httpd -- name: configure MORE_GABRT +- name: Configure MORE_GABRT lineinfile: dest: /usr/lib/python3.6/site-packages/abrt-server-info-page/config.py regexp: 'MORE_GABRT =' line: ' MORE_GABRT = "https://github.com/abrt/gnome-abrt/"' notify: restart httpd -- name: configure MORE_LR +- name: Configure MORE_LR lineinfile: dest: /usr/lib/python3.6/site-packages/abrt-server-info-page/config.py regexp: 'MORE_LR =' line: ' MORE_LR = "https://github.com/abrt/libreport/"' notify: restart httpd -- name: configure MORE_SATYR +- name: Configure MORE_SATYR lineinfile: dest: /usr/lib/python3.6/site-packages/abrt-server-info-page/config.py regexp: 'MORE_SATYR =' line: ' MORE_SATYR = "https://github.com/abrt/satyr/"' notify: restart httpd -- name: configure URL_FOR_FAF +- name: Configure URL_FOR_FAF lineinfile: dest: /usr/lib/python3.6/site-packages/abrt-server-info-page/config.py regexp: 'URL_FOR_FAF =' diff --git a/roles/abrt/faf-pre/tasks/services.yml b/roles/abrt/faf-pre/tasks/services.yml index 38774010e8..06ae10d07e 100644 --- a/roles/abrt/faf-pre/tasks/services.yml +++ b/roles/abrt/faf-pre/tasks/services.yml @@ -1,18 +1,18 @@ --- -- name: start and enable httpd +- name: Start and enable httpd service: name: httpd state: started enabled: yes -- name: start and enable memcached +- name: Start and enable memcached service: name: memcached state: started enabled: yes when: faf_web_cache_type == "memcached" -- name: turn off selinux +- name: Turn off selinux selinux: state: permissive policy: targeted diff --git a/roles/abrt/faf-pre/tasks/setup_db.yml b/roles/abrt/faf-pre/tasks/setup_db.yml index 56e6a1cd2f..4d9d6393ef 100644 --- a/roles/abrt/faf-pre/tasks/setup_db.yml +++ b/roles/abrt/faf-pre/tasks/setup_db.yml @@ -4,77 +4,77 @@ args: creates: "/var/lib/pgsql/data/PG_VERSION" -- name: set max_connections for PostgreSQL +- name: Set max_connections for PostgreSQL lineinfile: path: /var/lib/pgsql/data/postgresql.conf regexp: '^max_connections =' line: 'max_connections = 150' notify: restart postgresql -- name: set shared_buffers for PostgreSQL +- name: Set shared_buffers for PostgreSQL lineinfile: path: /var/lib/pgsql/data/postgresql.conf regexp: '^shared_buffers =' line: 'shared_buffers = 25536MB' notify: restart postgresql -- name: set effective_cache_size for PostgreSQL +- name: Set effective_cache_size for PostgreSQL lineinfile: path: /var/lib/pgsql/data/postgresql.conf regexp: '^effective_cache_size =' line: 'effective_cache_size = 50608MB' notify: restart postgresql -- name: set work_mem for PostgreSQL +- name: Set work_mem for PostgreSQL lineinfile: path: /var/lib/pgsql/data/postgresql.conf regexp: '^work_mem =' line: 'work_mem = 6MB' notify: restart postgresql -- name: set maintenance_work_mem for PostgreSQL +- name: Set maintenance_work_mem for PostgreSQL lineinfile: path: /var/lib/pgsql/data/postgresql.conf regexp: '^maintenance_work_mem =' line: 'maintenance_work_mem = 2GB' notify: restart postgresql -- name: set checkpoint_completion_target for PostgreSQL +- name: Set checkpoint_completion_target for PostgreSQL lineinfile: path: /var/lib/pgsql/data/postgresql.conf regexp: '^checkpoint_completion_target =' line: 'checkpoint_completion_target = 0.9' notify: restart postgresql -- name: set wal_buffers for PostgreSQL +- name: Set wal_buffers for PostgreSQL lineinfile: path: /var/lib/pgsql/data/postgresql.conf regexp: '^wal_buffers =' line: 'wal_buffers = -1' notify: restart postgresql -- name: set default_statistics_target for PostgreSQL +- name: Set default_statistics_target for PostgreSQL lineinfile: path: /var/lib/pgsql/data/postgresql.conf regexp: '^default_statistics_target =' line: 'default_statistics_target = 100' notify: restart postgresql -- name: drop faf database +- name: Drop faf database postgresql_db: name: faf owner: postgres state: absent when: faf_recreate_database|bool -- name: start service postgresql +- name: Start service postgresql service: name: postgresql state: started enabled: yes become: true -- name: pgsql create db faf +- name: Pgsql create db faf postgresql_db: name: faf owner: postgres @@ -82,7 +82,7 @@ become: true become_user: postgres -- name: pgsql create user faf +- name: Pgsql create user faf postgresql_user: db: faf name: faf @@ -92,7 +92,7 @@ become: true become_user: postgres -- name: create extension for faf +- name: Create extension for faf postgresql_ext: name: semver db: faf diff --git a/roles/abrt/faf-pre/tasks/ssl.yml b/roles/abrt/faf-pre/tasks/ssl.yml index 49803e9813..45680cb256 100644 --- a/roles/abrt/faf-pre/tasks/ssl.yml +++ b/roles/abrt/faf-pre/tasks/ssl.yml @@ -1,12 +1,12 @@ --- -- name: check whether we need to initialize letsencrypt first +- name: Check whether we need to initialize letsencrypt first stat: path="/etc/letsencrypt/live/{{ item.key }}" register: le_stat_checks with_dict: "{{ letsencrypt.certificates }}" when: - letsencrypt is defined -- name: stop httpd when letsencrypt has not been run +- name: Stop httpd when letsencrypt has not been run service: name: httpd state: stopped @@ -16,12 +16,12 @@ with_items: "{{ le_stat_checks.results }}" -- name: install letsencrypt ssl certificates for dev +- name: Install letsencrypt ssl certificates for dev include_role: name=copr/certbot tags: - config -- name: install retrace ssl vhost +- name: Install retrace ssl vhost template: src="httpd/retrace_ssl.conf.j2" dest="/etc/httpd/conf.d/retrace_ssl.conf" when: letsencrypt is defined tags: diff --git a/roles/abrt/faf/tasks/celery.yml b/roles/abrt/faf/tasks/celery.yml index 09f03a0e19..9539012edb 100644 --- a/roles/abrt/faf/tasks/celery.yml +++ b/roles/abrt/faf/tasks/celery.yml @@ -1,12 +1,12 @@ --- -- name: install faf web celery packages +- name: Install faf web celery packages package: name: "{{ faf_web_celery_packages }}" state: present tags: - packages -- name: install redis package +- name: Install redis package package: name: - redis @@ -15,7 +15,7 @@ tags: - packages -- name: enable redis service +- name: Enable redis service service: name: redis state: started @@ -23,7 +23,7 @@ tags: - service -- name: enable faf-celery-worker +- name: Enable faf-celery-worker service: name: faf-celery-worker state: started @@ -31,7 +31,7 @@ tags: - service -- name: enable faf-celery-beat +- name: Enable faf-celery-beat service: name: faf-celery-beat state: started diff --git a/roles/abrt/faf/tasks/check.yml b/roles/abrt/faf/tasks/check.yml index e6d18bc753..43a6e20fe2 100644 --- a/roles/abrt/faf/tasks/check.yml +++ b/roles/abrt/faf/tasks/check.yml @@ -22,14 +22,14 @@ become_user: faf changed_when: false -- name: cpf +- name: Cpf copy: src: ureport_sample dest: "{{ faf_spool_dir }}/reports/incoming" owner: faf group: faf -- name: faf +- name: Faf command: faf {{ item }} become: yes become_user: faf diff --git a/roles/abrt/faf/tasks/check_web.yml b/roles/abrt/faf/tasks/check_web.yml index 867ad5f4ee..65aa450af1 100644 --- a/roles/abrt/faf/tasks/check_web.yml +++ b/roles/abrt/faf/tasks/check_web.yml @@ -6,7 +6,7 @@ main_url: "https://{{ ansible_default_ipv4.address }}{{ url_suffix }}" problems_url: "https://{{ ansible_default_ipv4.address }}{{ url_suffix }}/problems/" -- name: check main +- name: Check main uri: url: "{{ main_url }}" return_content: yes @@ -16,7 +16,7 @@ delegate_to: localhost failed_when: "'ABRT' not in uri_res.content" -- name: fetch problems +- name: Fetch problems uri: url: "{{ problems_url }}" return_content: yes diff --git a/roles/abrt/faf/tasks/cleanup.yml b/roles/abrt/faf/tasks/cleanup.yml index f2fb1e26f9..1290cd243a 100644 --- a/roles/abrt/faf/tasks/cleanup.yml +++ b/roles/abrt/faf/tasks/cleanup.yml @@ -1,5 +1,5 @@ --- -- name: remove EOLed opsys +- name: Remove EOLed opsys command: faf releasemod -o "{{ item.opsys | lower }}" --opsys-release "{{ item.release }}" -s EOL loop: "{{ eol_opsys }}" become: yes @@ -7,7 +7,7 @@ failed_when: false changed_when: false -- name: remove EOLed packages +- name: Remove EOLed packages command: faf cleanup-packages "{{ item.opsys }}" "{{ item.release }}" loop: "{{ eol_opsys }}" become: yes @@ -15,7 +15,7 @@ failed_when: false changed_when: false -- name: remove unassigned packages +- name: Remove unassigned packages command: faf cleanup-unassigned -f become: yes become_user: faf diff --git a/roles/abrt/faf/tasks/config.yml b/roles/abrt/faf/tasks/config.yml index 60c84ee018..0ecb28f85f 100644 --- a/roles/abrt/faf/tasks/config.yml +++ b/roles/abrt/faf/tasks/config.yml @@ -1,12 +1,12 @@ --- -- name: provide /etc/faf/faf.conf +- name: Provide /etc/faf/faf.conf template: src: etc-faf-faf.conf.j2 dest: /etc/faf/faf.conf # setup fedora-messaging -- name: create the config folder for fedora-messaging +- name: Create the config folder for fedora-messaging file: path: /etc/fedora-messaging/ owner: root @@ -15,7 +15,7 @@ state: directory when: faf_with_fedmsg|bool -- name: provide configuration for fedora-messaging +- name: Provide configuration for fedora-messaging template: src: etc-fedora-messaging-config.toml.j2 dest: /etc/fedora-messaging/config.toml diff --git a/roles/abrt/faf/tasks/cron.yml b/roles/abrt/faf/tasks/cron.yml index bfce4bf2dc..fda06747ae 100644 --- a/roles/abrt/faf/tasks/cron.yml +++ b/roles/abrt/faf/tasks/cron.yml @@ -1,6 +1,6 @@ --- -- name: cron save-reports +- name: Cron save-reports cron: name: "faf save-reports" user: faf @@ -8,7 +8,7 @@ minute: "*/5" state: present -- name: cron create-problems-speedup +- name: Cron create-problems-speedup cron: name: "faf create-problems-speedup with type {{ item }}" user: faf @@ -23,7 +23,7 @@ - "ruby" - "java" -- name: cron create-problems +- name: Cron create-problems cron: name: "faf create-problems with type {{ item }}" user: faf @@ -39,7 +39,7 @@ - "ruby" - "java" -- name: cron reposync +- name: Cron reposync cron: name: "faf reposync" user: faf @@ -48,7 +48,7 @@ hour: "3" state: present -- name: retrace symbols +- name: Retrace symbols cron: name: "retrace symbols with type {{ item.type }}" user: faf @@ -61,7 +61,7 @@ - { type: "core", day: "2,4,6" } - { type: "kerneloops", day: "1,3,5" } -- name: cron - faf find-crashfn +- name: Cron - faf find-crashfn cron: name: "cron for faf find-crashfn for {{ item }}" user: faf @@ -76,7 +76,7 @@ - "ruby" - "java" -- name: cron pull-releases +- name: Cron pull-releases cron: name: "faf pull-releases {{ item }}" user: faf @@ -86,7 +86,7 @@ state: present loop: "{{ faf_opsys_list }}" -- name: cron pull-components +- name: Cron pull-components cron: name: "faf pull-components {{ item }}" user: faf @@ -96,7 +96,7 @@ state: present loop: "{{ faf_opsys_list }}" -- name: cron - faf find-components +- name: Cron - faf find-components cron: name: "cron for faf find-components -o {{ item }}" user: faf @@ -106,7 +106,7 @@ state: present loop: "{{ faf_opsys_list }}" -- name: cron - faf match-unknown-packages +- name: Cron - faf match-unknown-packages cron: name: "cron for faf match-unknown-packages" user: faf diff --git a/roles/abrt/faf/tasks/first_time_setup.yml b/roles/abrt/faf/tasks/first_time_setup.yml index 4d4fec8c4e..3a4acf81fa 100644 --- a/roles/abrt/faf/tasks/first_time_setup.yml +++ b/roles/abrt/faf/tasks/first_time_setup.yml @@ -1,6 +1,6 @@ --- -- name: check for count of faf tables +- name: Check for count of faf tables shell: psql -c "SELECT COUNT(*) FROM pg_stat_user_tables" register: count_tables changed_when: "( count_tables.stdout_lines[2]|int ) == 0" @@ -10,17 +10,17 @@ # Skip whole block if faf owns atleast 1 table in db - block: - - name: create faf's database schema + - name: Create faf's database schema command: faf-migrate-db --create-all become: yes become_user: faf - - name: stamp database as migrated to latest version + - name: Stamp database as migrated to latest version command: faf-migrate-db --stamp-only become: yes become_user: faf - - name: init faf + - name: Init faf command: faf init become: yes become_user: faf diff --git a/roles/abrt/faf/tasks/install.yml b/roles/abrt/faf/tasks/install.yml index 550b65aee1..457b4f07e3 100644 --- a/roles/abrt/faf/tasks/install.yml +++ b/roles/abrt/faf/tasks/install.yml @@ -1,62 +1,62 @@ --- -- name: enable Copr repo for RHEL +- name: Enable Copr repo for RHEL copy: src: group_abrt-faf-el8-epel-8.repo dest: /etc/yum.repos.d/ when: ansible_distribution == 'RedHat' -- name: enable Copr repo for Fedora +- name: Enable Copr repo for Fedora copy: src: group_abrt-faf-el8-fedora.repo dest: /etc/yum.repos.d/ when: ansible_distribution == 'Fedora' -- name: erase faf packages +- name: Erase faf packages package: name: "faf-*" state: absent when: faf_force_reinstall|bool -- name: install core faf packages +- name: Install core faf packages package: name: "{{ faf_packages }}" state: present -- name: install faf problem packages +- name: Install faf problem packages package: name: "{{ faf_problem_packages }}" state: present -- name: install faf opsys packages +- name: Install faf opsys packages package: name: "{{ faf_opsys_packages }}" state: present -- name: install faf action packages +- name: Install faf action packages package: name: "{{ faf_action_packages }}" state: present -- name: install faf bugtracker packages +- name: Install faf bugtracker packages package: name: "{{ faf_bugtracker_packages }}" state: present when: faf_with_bugtrackers|bool -- name: install faf celery packages +- name: Install faf celery packages package: name: "{{ faf_celery_packages }}" state: present when: faf_with_celery|bool -- name: install faf fedmsg packages +- name: Install faf fedmsg packages package: name: "{{ faf_fedmsg_packages }}" state: present when: faf_with_fedmsg|bool -- name: install faf solutionfinder packages +- name: Install faf solutionfinder packages package: name: "{{ faf_solutionfinder_packages }}" state: present diff --git a/roles/abrt/faf/tasks/migrate_db.yml b/roles/abrt/faf/tasks/migrate_db.yml index a02a43111e..5a3f4fc97d 100644 --- a/roles/abrt/faf/tasks/migrate_db.yml +++ b/roles/abrt/faf/tasks/migrate_db.yml @@ -1,5 +1,5 @@ --- -- name: run database migrations +- name: Run database migrations command: faf-migrate-db become: yes become_user: faf diff --git a/roles/abrt/faf/tasks/update.yml b/roles/abrt/faf/tasks/update.yml index ea97a317c2..f04ed12141 100644 --- a/roles/abrt/faf/tasks/update.yml +++ b/roles/abrt/faf/tasks/update.yml @@ -1,5 +1,5 @@ --- -- name: update faf packages +- name: Update faf packages package: name: "faf*" state: latest diff --git a/roles/abrt/faf/tasks/web.yml b/roles/abrt/faf/tasks/web.yml index 056cde4266..9d77ca53d5 100644 --- a/roles/abrt/faf/tasks/web.yml +++ b/roles/abrt/faf/tasks/web.yml @@ -9,7 +9,7 @@ url_suffix: "/faf" when: not faf_web_on_root|bool -- name: install faf-webui packages +- name: Install faf-webui packages package: name: "{{ faf_web_packages }}" state: present @@ -18,20 +18,20 @@ import_tasks: celery.yml when: faf_with_celery|bool -- name: install faf web symboltransfer packages +- name: Install faf web symboltransfer packages package: name: "{{ faf_web_symboltransfer_packages }}" state: present when: faf_with_symboltransfer|bool -- name: provide /etc/faf/plugins/web.conf +- name: Provide /etc/faf/plugins/web.conf template: src: etc-faf-plugins-web.conf.j2 dest: /etc/faf/plugins/web.conf notify: - restart httpd -- name: put webfaf on root (/) if configured +- name: Put webfaf on root (/) if configured template: src: etc-httpd-conf.d-faf-web.conf.j2 dest: /etc/httpd/conf.d/faf-web.conf diff --git a/roles/abrt/retrace-post/tasks/retrace_setup.yml b/roles/abrt/retrace-post/tasks/retrace_setup.yml index 0bf82b1396..de86110fee 100644 --- a/roles/abrt/retrace-post/tasks/retrace_setup.yml +++ b/roles/abrt/retrace-post/tasks/retrace_setup.yml @@ -1,7 +1,7 @@ --- # long running tasks - run them in background - we do not actually care about the results -- name: reposync for fedora +- name: Reposync for fedora shell: nohup retrace-server-reposync fedora {{ item[0] }} {{ item[1] }} $(mktemp /tmp/ansible.reposync_for_fedoraXXXXXX.log) & loop: "{{ rs_internal_fedora_vers | product(rs_internal_arch_list) | list }}" become: yes @@ -9,7 +9,7 @@ tags: [rs_reposync, rs_fedora] when: env != 'staging' -- name: reposync for centos +- name: Reposync for centos shell: nohup retrace-server-reposync centos {{ item }} x86_64 $(mktemp /tmp/ansible.reposync_for_centosXXXXXX.log) & loop: "{{ rs_internal_centos_vers }}" become: yes diff --git a/roles/abrt/retrace/tasks/check.yml b/roles/abrt/retrace/tasks/check.yml index f9c1285fb5..71ef57a42a 100644 --- a/roles/abrt/retrace/tasks/check.yml +++ b/roles/abrt/retrace/tasks/check.yml @@ -8,7 +8,7 @@ set_fact: settings_url: "https://{{ hostname }}/settings" -- name: fetch settings +- name: Fetch settings uri: url: "{{ settings_url }}" return_content: yes diff --git a/roles/abrt/retrace/tasks/config.yml b/roles/abrt/retrace/tasks/config.yml index 6bfde4d5a5..42c5253c79 100644 --- a/roles/abrt/retrace/tasks/config.yml +++ b/roles/abrt/retrace/tasks/config.yml @@ -1,19 +1,19 @@ --- -- name: configure retrace-server +- name: Configure retrace-server template: src: etc-retrace-server.conf.j2 dest: /etc/retrace-server/retrace-server.conf mode: "0644" notify: restart httpd -- name: retrace-server http config +- name: Retrace-server http config template: src: retrace-server-httpd.conf.j2 dest: /etc/httpd/conf.d/retrace-server-httpd.conf mode: "0644" notify: restart httpd -- name: configure retrace-server hooks config +- name: Configure retrace-server hooks config template: src: etc-retrace-server-hooks.conf.j2 dest: /etc/retrace-server/retrace-server-hooks.conf diff --git a/roles/abrt/retrace/tasks/install.yml b/roles/abrt/retrace/tasks/install.yml index 40209386ac..841da43eb1 100644 --- a/roles/abrt/retrace/tasks/install.yml +++ b/roles/abrt/retrace/tasks/install.yml @@ -1,11 +1,11 @@ --- -- name: erase retrace-server packages +- name: Erase retrace-server packages package: name: retrace-server state: absent when: rs_force_reinstall|bool -- name: install retrace-server package +- name: Install retrace-server package package: name: retrace-server state: present diff --git a/roles/abrt/retrace/tasks/usefafpkgs.yml b/roles/abrt/retrace/tasks/usefafpkgs.yml index 9e6be98f94..af457a25f7 100644 --- a/roles/abrt/retrace/tasks/usefafpkgs.yml +++ b/roles/abrt/retrace/tasks/usefafpkgs.yml @@ -1,9 +1,9 @@ --- -- name: check if faf is installed +- name: Check if faf is installed command: rpm -q faf changed_when: false -- name: add user retrace to faf db +- name: Add user retrace to faf db postgresql_user: db: faf name: retrace diff --git a/roles/ansible-server/tasks/main.yml b/roles/ansible-server/tasks/main.yml index b3bac12aa2..a069d3cb02 100644 --- a/roles/ansible-server/tasks/main.yml +++ b/roles/ansible-server/tasks/main.yml @@ -2,7 +2,7 @@ # # Setup ansible-server instance # -- name: install needed packages +- name: Install needed packages package: name: - ansible-core @@ -19,17 +19,17 @@ - packages - ansible-server -- name: generate default ansible config +- name: Generate default ansible config template: src=ansible.cfg.j2 dest=/etc/ansible/ansible.cfg owner=root group=root mode=0644 tags: - ansible-server -- name: installing the phx2 dns check script +- name: Installing the phx2 dns check script copy: src=dns_check.py dest=/usr/local/bin/dns_check owner=root mode=0755 tags: - ansible-server -- name: install required collections +- name: Install required collections command: ansible-galaxy install -r {{ ansible_base }}/ansible/roles/ansible-server/files/requirements.yml tags: - ansible-server diff --git a/roles/apache/handlers/main.yml b/roles/apache/handlers/main.yml index edb2f0fd42..629970f002 100644 --- a/roles/apache/handlers/main.yml +++ b/roles/apache/handlers/main.yml @@ -1,3 +1,3 @@ --- -- name: restart apache +- name: Restart apache command: /usr/local/bin/conditional-restart.sh httpd httpd diff --git a/roles/apache/tasks/main.yml b/roles/apache/tasks/main.yml index 3dea2d4b79..0b56e4eac5 100644 --- a/roles/apache/tasks/main.yml +++ b/roles/apache/tasks/main.yml @@ -1,6 +1,6 @@ --- # install apache(httpd) -- name: install apache (package) +- name: Install apache (package) package: state: present name: @@ -11,7 +11,7 @@ - apache when: ansible_cmdline.ostree is not defined -- name: install mod_http2 on rhel8 hosts +- name: Install mod_http2 on rhel8 hosts package: state: present name: @@ -21,7 +21,7 @@ - apache when: ansible_distribution_major_version|int >= 8 and ansible_distribution == 'RedHat' -- name: set apache running/enabled +- name: Set apache running/enabled service: name=httpd enabled=yes ignore_errors: true notify: @@ -31,7 +31,7 @@ - apache # install hash randomization hotfix -- name: hotfix - copy over new httpd init script +- name: Hotfix - copy over new httpd init script copy: src="{{ files }}/hotfix/httpd/httpd.init" dest=/etc/init.d/httpd owner=root group=root mode=0755 when: ansible_distribution_major_version|int < 30 and ansible_distribution == 'Fedora' @@ -43,7 +43,7 @@ - apache # install hash randomization hotfix -- name: hotfix - copy over new httpd init script +- name: Hotfix - copy over new httpd init script copy: src="{{ files }}/hotfix/httpd/httpd.init" dest=/etc/init.d/httpd owner=root group=root mode=0755 when: ansible_distribution_major_version|int <= 8 and ansible_distribution == 'RedHat' @@ -54,7 +54,7 @@ - hotfix - apache -- name: add appserver headers.conf +- name: Add appserver headers.conf template: src="{{ files }}/httpd/headers.conf.j2" dest=/etc/httpd/conf.d/headers.conf notify: - reload apache @@ -63,7 +63,7 @@ - apache - apache/headers -- name: add appserver h2.conf +- name: Add appserver h2.conf template: src="{{ files }}/httpd/h2.conf.j2" dest=/etc/httpd/conf.d/h2.conf when: ansible_distribution == 'Fedora' notify: @@ -73,7 +73,7 @@ - apache - h2 -- name: add apache_status location for collectd +- name: Add apache_status location for collectd template: src="{{ files }}/httpd/apachestatus.conf" dest=/etc/httpd/conf.d/apachestatus.conf notify: - reload apache @@ -82,7 +82,7 @@ - apache - apachestatus -- name: setup logrotate to our needs +- name: Setup logrotate to our needs copy: src="{{ files }}/httpd/httpd.logrotate" dest=/etc/logrotate.d/httpd tags: - config diff --git a/roles/apps-fp-o/handlers/main.yml b/roles/apps-fp-o/handlers/main.yml index a7bdf5dd6b..9abd6c57e7 100644 --- a/roles/apps-fp-o/handlers/main.yml +++ b/roles/apps-fp-o/handlers/main.yml @@ -1,6 +1,6 @@ --- -- name: rebuild apps-fp-o html +- name: Rebuild apps-fp-o html shell: /usr/bin/apps-fp-o-yaml2html.py > /srv/web/apps-fp-o/apps-yaml.html -- name: rebuild apps-fp-o json +- name: Rebuild apps-fp-o json shell: /usr/bin/apps-fp-o-yaml2json.py > /srv/web/apps-fp-o/js/data.js diff --git a/roles/base/handlers/main.yml b/roles/base/handlers/main.yml index bf3b26f2c0..2f3d0a0775 100644 --- a/roles/base/handlers/main.yml +++ b/roles/base/handlers/main.yml @@ -1,33 +1,33 @@ --- -- name: apply interface-changes +- name: Apply interface-changes command: nmcli con up {{ item.split()[1] }} async: 1 poll: 0 with_items: - "{{ if_uuid.stdout_lines }}" -- name: restart iptables +- name: Restart iptables service: name=iptables state=restarted -- name: restart ip6tables +- name: Restart ip6tables service: name=ip6tables state=restarted -- name: restart NetworkManager +- name: Restart NetworkManager service: name=NetworkManager state=restarted -- name: reload NetworkManager-connections +- name: Reload NetworkManager-connections command: nmcli c reload -- name: restart postfix +- name: Restart postfix service: name=postfix state=restarted -- name: restart rsyslog +- name: Restart rsyslog service: name=rsyslog state=restarted -- name: restart watchdog +- name: Restart watchdog service: name=watchdog state=restarted -- name: reload libvirtd +- name: Reload libvirtd service: name=libvirtd state=reloaded ignore_errors: true when: ansible_virtualization_role == 'host' diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index df9daa53b7..13f4be348f 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -9,13 +9,13 @@ # On fedora and rhel larger than 7, all we need is policycoreutils-python-utils, # which in turn pulls in python3-policycoreutils # -- name: ensure packages required for semanage are installed (fedora/rhel8) +- name: Ensure packages required for semanage are installed (fedora/rhel8) package: name=policycoreutils-python-utils state=present when: ansible_distribution_major_version|int > 7 tags: - selinux -- name: global default packages to install (dnf) +- name: Global default packages to install (dnf) dnf: state=present name="{{ global_pkgs_inst }}" tags: - packages @@ -24,7 +24,7 @@ ansible_distribution_major_version|int >= 8 and ansible_distribution == 'RedHat' and ansible_cmdline.ostree is not defined -- name: global default packages to install (dnf) +- name: Global default packages to install (dnf) dnf: state=present name="{{ global_pkgs_inst }}" tags: - packages @@ -33,14 +33,14 @@ ansible_distribution_major_version|int > 29 and ansible_distribution == 'Fedora' and ansible_cmdline.ostree is not defined -- name: make sure hostname is set right on all hosts +- name: Make sure hostname is set right on all hosts hostname: name="{{inventory_hostname}}" # # We set builders root password in the koji_builder role, so do not set those here # -- name: set root passwd +- name: Set root passwd user: name=root password={{ rootpw }} state=present tags: - rootpw @@ -49,7 +49,7 @@ - not inventory_hostname.startswith(('buildvm-','buildhw-','bkernel','koji','compose')) - not inventory_hostname.startswith('copr') -- name: add ansible root key +- name: Add ansible root key authorized_key: user=root key="{{ item }}" with_file: - ansible-pub-key @@ -57,7 +57,7 @@ - config - base -- name: dist pkgs to remove (yum) +- name: Dist pkgs to remove (yum) package: state=absent name={{ item }} with_items: - "{{ base_pkgs_erase }}" @@ -66,7 +66,7 @@ - base when: ansible_distribution_major_version|int < 8 and ansible_distribution == 'RedHat' -- name: dist pkgs to install (yum) +- name: Dist pkgs to install (yum) package: state=present name={{ item }} with_items: - "{{ base_pkgs_inst }}" @@ -75,7 +75,7 @@ - base when: ansible_distribution_major_version|int < 8 and ansible_distribution == 'RedHat' -- name: dist pkgs to remove (dnf) +- name: Dist pkgs to remove (dnf) dnf: state=absent name="{{ base_pkgs_erase }}" tags: - packages @@ -84,7 +84,7 @@ ansible_distribution_major_version|int > 29 and ansible_distribution == 'Fedora' and ansible_cmdline.ostree is not defined -- name: dist pkgs to remove (dnf) +- name: Dist pkgs to remove (dnf) dnf: state=absent name="{{ base_pkgs_erase }}" tags: - packages @@ -94,7 +94,7 @@ ansible_distribution == 'RedHat' and ansible_cmdline.ostree is not defined -- name: dist pkgs to install (dnf) +- name: Dist pkgs to install (dnf) dnf: state=present name="{{ base_pkgs_inst }}" tags: - packages @@ -104,7 +104,7 @@ ansible_distribution == 'Fedora' and ansible_cmdline.ostree is not defined -- name: dist pkgs to install (dnf) +- name: Dist pkgs to install (dnf) dnf: state=present name="{{ base_pkgs_inst }}" tags: - packages @@ -114,7 +114,7 @@ ansible_distribution == 'RedHat' and ansible_cmdline.ostree is not defined -- name: dist disabled services +- name: Dist disabled services service: state=stopped enabled=false name={{ item }} with_items: - "{{ service_disabled }}" @@ -123,7 +123,7 @@ - config - base -- name: dist enabled services +- name: Dist enabled services service: state=started enabled=true name={{ item }} with_items: - "{{ service_enabled }}" @@ -148,7 +148,7 @@ - packages - base -- name: setup builder ipset if this is a new install +- name: Setup builder ipset if this is a new install shell: "/usr/sbin/ipset create osbuildapi hash:ip; touch /etc/sysconfig/ipset-osbuildapi" args: creates: /etc/sysconfig/ipset-osbuildapi @@ -157,7 +157,7 @@ - base - iptables -- name: install blocklist update script +- name: Install blocklist update script copy: src: "{{ private }}/files/blocklist/blocklist-update.sh" dest: /usr/local/bin/blocklist-update.sh @@ -170,7 +170,7 @@ - blocklist when: "'iad2' not in inventory_hostname or external | bool " -- name: setup blocklist update cron job +- name: Setup blocklist update cron job cron: name: blocklist-update user: root @@ -183,7 +183,7 @@ - iptables - blocklist -- name: iptables +- name: Iptables template: src: "{{ item }}" dest: /etc/sysconfig/iptables @@ -204,7 +204,7 @@ - config - base -- name: iptables service enabled +- name: Iptables service enabled service: name=iptables state=started enabled=true tags: - iptables @@ -212,7 +212,7 @@ - base when: baseiptables|bool -- name: ip6tables +- name: Ip6tables template: src={{ item }} dest=/etc/sysconfig/ip6tables mode=0600 backup=yes with_first_found: - iptables/ip6tables.{{ datacenter }} @@ -229,7 +229,7 @@ - config - base -- name: ip6tables service enabled +- name: Ip6tables service enabled service: name=ip6tables state=started enabled=true tags: - ip6tables @@ -237,7 +237,7 @@ - base when: baseiptables|bool -- name: enable journald persistence +- name: Enable journald persistence file: path=/var/log/journal state=directory owner=root group=systemd-journal mode=2755 when: ansible_distribution_major_version|int >= 7 and ansible_distribution == 'RedHat' @@ -248,7 +248,7 @@ notify: - flush journald tmpfiles to persistent store -- name: enable journald persistence +- name: Enable journald persistence file: path=/var/log/journal state=directory owner=root group=systemd-journal mode=2755 when: ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora' @@ -259,7 +259,7 @@ notify: - flush journald tmpfiles to persistent store -- name: install rh ca for splunk +- name: Install rh ca for splunk copy: src={{ private }}/files/splunk-certs/2022-IT-Root-CA.pem dest=/etc/pki/tls/certs/2022-IT-Root-CA.pem tags: @@ -268,7 +268,7 @@ - base when: inventory_hostname.startswith('log01') -- name: ensure packages required for rsyslog are installed +- name: Ensure packages required for rsyslog are installed package: name={{ item }} state=present with_items: - rsyslog-gnutls @@ -278,7 +278,7 @@ - base when: inventory_hostname.startswith('log01') -- name: rsyslog.conf +- name: Rsyslog.conf copy: src={{ item }} dest=/etc/rsyslog.conf mode=0644 with_first_found: - rsyslog/rsyslog.conf.{{ inventory_hostname }} @@ -291,7 +291,7 @@ - config - base -- name: rsyslog log rotate for rsyslog servers +- name: Rsyslog log rotate for rsyslog servers copy: src=rsyslog/merged-rsyslog dest=/etc/logrotate.d/merged-rsyslog mode=0644 when: inventory_hostname.startswith('log') notify: @@ -301,7 +301,7 @@ - config - base -- name: add rsyslog config to /etc/rsyslog.d +- name: Add rsyslog config to /etc/rsyslog.d copy: src={{ item }} dest=/etc/rsyslog.d/ owner=root group=root mode=0644 with_fileglob: - rsyslog/*.conf @@ -312,7 +312,7 @@ - config - base -- name: rsyslog-audit.conf +- name: Rsyslog-audit.conf copy: src={{ item }} dest=/etc/rsyslog.d/rsyslog-audit.conf owner=root group=root mode=0644 with_first_found: - rsyslog/rsyslog-audit.conf.{{ datacenter }} @@ -324,7 +324,7 @@ - config - base -- name: log everything to log01 except on mirrorlist, do not log local4 there. +- name: Log everything to log01 except on mirrorlist, do not log local4 there. copy: src=rsyslog/rsyslog-log01 dest=/etc/rsyslog.d/rsyslog-log01.conf mode=0644 when: not inventory_hostname.startswith(('mirrorlist','copr')) tags: @@ -332,7 +332,7 @@ - config - base -- name: log everything to log01 except on mirrorlist, do log local4 there. +- name: Log everything to log01 except on mirrorlist, do log local4 there. copy: src=rsyslog/rsyslog-log01-nolocal4 dest=/etc/rsyslog.d/rsyslog-log01.conf mode=0644 when: inventory_hostname.startswith('mirrorlist') tags: @@ -340,14 +340,14 @@ - config - base -- name: rsyslogd make systemd limits directory for file handles +- name: Rsyslogd make systemd limits directory for file handles file: dest=/etc/systemd/system/rsyslog.service.d/ mode=0755 owner=root group=root state=directory when: inventory_hostname.startswith('log') or inventory_hostname.startswith('people') tags: - rsyslogd - config -- name: rsyslogd put systemd limits directory for file handles +- name: Rsyslogd put systemd limits directory for file handles copy: src=rsyslog/rsyslog-limits-systemd dest=/etc/systemd/system/rsyslog.service.d/limits.conf mode=0644 when: inventory_hostname.startswith('log') or inventory_hostname.startswith('people') @@ -356,14 +356,14 @@ - config # Custom selinux policy to allow rsyslog to read and send audit to log01 -- name: ensure a directory exists for our custom selinux module +- name: Ensure a directory exists for our custom selinux module file: dest=/usr/local/share/rsyslog state=directory tags: - rsyslogd - config - rsyslog-audit -- name: copy over our custom selinux module +- name: Copy over our custom selinux module copy: src=selinux/rsyslog-audit.pp dest=/usr/local/share/rsyslog/rsyslog-audit.pp register: selinux_module tags: @@ -371,7 +371,7 @@ - config - rsyslog-audit -- name: install our custom selinux module +- name: Install our custom selinux module command: semodule -i /usr/local/share/rsyslog/rsyslog-audit.pp when: selinux_module is changed and ansible_distribution_major_version|int > 6 tags: @@ -380,7 +380,7 @@ - rsyslog-audit # Custom selinux policy to allow unix_chkpwd to map PAM database -- name: copy over our custom selinux module +- name: Copy over our custom selinux module copy: src=selinux/mapchkpwd.pp dest=/usr/local/share/mapchkpwd.pp register: selinux_module when: ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora' @@ -389,7 +389,7 @@ - selinux # Custom selinux policy to allow unix_chkpwd to map PAM database -- name: copy over our custom selinux module +- name: Copy over our custom selinux module copy: src=selinux/mapchkpwd.pp dest=/usr/local/share/mapchkpwd.pp register: selinux_module when: ansible_distribution_major_version|int >= 8 and ansible_distribution == 'RedHat' @@ -397,7 +397,7 @@ - config - selinux -- name: install our custom selinux module +- name: Install our custom selinux module command: semodule -i /usr/local/share/mapchkpwd.pp when: selinux_module is changed tags: @@ -436,7 +436,7 @@ # Set PS1 to show stage environment at PS1 # -- name: set PS1 for stage in /etc/profile.d +- name: Set PS1 for stage in /etc/profile.d copy: > src=setstgps1.sh dest="/etc/profile.d/setstgps1.sh" @@ -451,7 +451,7 @@ # Set PS1 to show prod environment at PS1 # -- name: set PS1 for prod in /etc/profile.d +- name: Set PS1 for prod in /etc/profile.d copy: > src=setprodps1.sh dest="/etc/profile.d/setprodps1.sh" @@ -466,7 +466,7 @@ # Set PS1 to show prod-iad2 environment at PS1 # -- name: set PS1 for prod in /etc/profile.d +- name: Set PS1 for prod in /etc/profile.d copy: > src=setprodiad2ps1.sh dest="/etc/profile.d/setprodiad2ps1.sh" @@ -480,7 +480,7 @@ - prompt # Set krb5 conf -- name: configure krb5 +- name: Configure krb5 template: src=krb5.conf.j2 dest=/etc/krb5.conf owner=root group=root mode=0644 when: not inventory_hostname.startswith('ipa') tags: @@ -488,7 +488,7 @@ - config - krb5 -- name: configure krb5 (IPA master) +- name: Configure krb5 (IPA master) template: src=krb5.conf.master.j2 dest=/etc/krb5.conf owner=root group=root mode=0644 when: inventory_hostname.startswith('ipa') tags: @@ -513,7 +513,7 @@ # rhel8 hosts do not have /usr/bin/python, but there are a few things we call # with that because they also run the same on python2 hosts. # So, we set python3 to /usr/bin/python on those hosts: -- name: ensure that platform-python is installed on EL8 boxes +- name: Ensure that platform-python is installed on EL8 boxes package: name={{ item }} state=present with_items: - platform-python @@ -524,7 +524,7 @@ - python3alternative -- name: set /usr/bin/python to python3 on rhel8 hosts +- name: Set /usr/bin/python to python3 on rhel8 hosts alternatives: name: python link: /usr/bin/python @@ -535,7 +535,7 @@ - config - python3alternative -- name: cron jobs to compress logs under /var/log/hosts and /mnt/fedora_stats +- name: Cron jobs to compress logs under /var/log/hosts and /mnt/fedora_stats copy: src=compress-log.cron dest=/etc/cron.d/ mode=0644 tags: - compress @@ -544,7 +544,7 @@ - name: Set crypto-policy to LEGACY on fedora 33 hosts to get 2fa working import_tasks: crypto-policies.yml -- name: proxy log rotate for proxy servers +- name: Proxy log rotate for proxy servers copy: src="{{ files }}/common/rsyslog-logrotate" dest=/etc/logrotate.d/rsyslog mode=0644 when: inventory_hostname.startswith('proxy') notify: diff --git a/roles/base/tasks/postfix.yml b/roles/base/tasks/postfix.yml index ee3e048457..ea785a6721 100644 --- a/roles/base/tasks/postfix.yml +++ b/roles/base/tasks/postfix.yml @@ -17,7 +17,7 @@ - base - smtp_auth_relay -- name: install /etc/postfix/master.cf file +- name: Install /etc/postfix/master.cf file copy: src={{ item }} dest=/etc/postfix/master.cf mode=0644 with_first_found: - "postfix/master.cf/master.cf.{{ inventory_hostname }}" @@ -42,7 +42,7 @@ - config - base -- name: work around s390 privatedevices bug +- name: Work around s390 privatedevices bug ini_file: path: /usr/lib/systemd/system/postfix.service section: Service @@ -56,13 +56,13 @@ - config - base -- name: enable postfix to start +- name: Enable postfix to start service: name=postfix state=started enabled=true tags: - service - base -- name: install /etc/postfix/transport file +- name: Install /etc/postfix/transport file copy: src="postfix/{{ postfix_transport_filename }}" dest=/etc/postfix/transport when: inventory_hostname.startswith(('smtp-mm','bastion','noc02')) and env != 'staging' notify: @@ -73,7 +73,7 @@ - base - config -- name: install /etc/postfix/bysender file +- name: Install /etc/postfix/bysender file copy: src="postfix/bysender" dest=/etc/postfix/bysender when: inventory_hostname.startswith(('bastion')) and env != 'staging' notify: @@ -84,7 +84,7 @@ - base - config -- name: create /etc/postfix/tls_policy +- name: Create /etc/postfix/tls_policy copy: src="postfix/tls_policy" dest=/etc/postfix/tls_policy when: inventory_hostname.startswith(('bastion','smtp-mm','pagure')) and env != 'staging' notify: @@ -96,7 +96,7 @@ # Install gateway tls cert as a pem file. # This has: private key, then cert, then intermediate cert # This cert is a digicert one, renew it there. -- name: install /etc/pki/tls/private/gateway-chain.pem +- name: Install /etc/pki/tls/private/gateway-chain.pem copy: src="{{private}}/files/smtpd/gateway-chain.pem" dest=/etc/pki/tls/private/gateway-chain.pem diff --git a/roles/base/tasks/watchdog.yml b/roles/base/tasks/watchdog.yml index 60f3370a12..5298b3b93a 100644 --- a/roles/base/tasks/watchdog.yml +++ b/roles/base/tasks/watchdog.yml @@ -8,7 +8,7 @@ - block: - - name: install watchdog + - name: Install watchdog package: name={{ item }} state=present with_items: - watchdog @@ -17,7 +17,7 @@ - watchdog - base - - name: watchdog device configuration + - name: Watchdog device configuration copy: src=watchdog.conf dest=/etc/watchdog.conf owner=root group=root mode=0644 tags: - config diff --git a/roles/basessh/handlers/main.yml b/roles/basessh/handlers/main.yml index 0c4def4262..46607f7711 100644 --- a/roles/basessh/handlers/main.yml +++ b/roles/basessh/handlers/main.yml @@ -1,3 +1,3 @@ --- -- name: restart sshd +- name: Restart sshd service: name=sshd state=restarted diff --git a/roles/basessh/tasks/main.yml b/roles/basessh/tasks/main.yml index b61ea24a6b..da1a1c4bd8 100644 --- a/roles/basessh/tasks/main.yml +++ b/roles/basessh/tasks/main.yml @@ -5,27 +5,27 @@ # virtual machines are handled in tasks/virt-instance-create # -- name: make sure there is no old ssh host key for the host still around +- name: Make sure there is no old ssh host key for the host still around local_action: known_hosts path={{item}} host={{ inventory_hostname }} state=absent ignore_errors: true with_items: - /root/.ssh/known_hosts when: birthday is defined -- name: gather ssh host key from new instance +- name: Gather ssh host key from new instance local_action: command ssh-keyscan -t rsa {{ inventory_hostname }} ignore_errors: true register: hostkey when: birthday is defined -- name: add new ssh host key (until we can sign it) +- name: Add new ssh host key (until we can sign it) local_action: known_hosts path={{item}} key="{{ hostkey.stdout }}" host={{ inventory_hostname }} state=present ignore_errors: true with_items: - /root/.ssh/known_hosts when: birthday is defined -- name: make sure libselinux-python is installed +- name: Make sure libselinux-python is installed package: name=libselinux-python state=present tags: - basessh @@ -35,7 +35,7 @@ - selinux when: ansible_distribution == 'RedHat' and ansible_distribution_major_version|int < 8 -- name: make sure python3-libselinux is installed +- name: Make sure python3-libselinux is installed package: name=python3-libselinux state=present tags: - basessh @@ -45,7 +45,7 @@ - selinux when: ( ansible_distribution == 'Fedora' and ansible_distribution_major_version|int >= 30 ) or ( ansible_distribution == 'RedHat' and ansible_distribution_major_version|int >= 8 ) -- name: check if sshd port is already known by selinux +- name: Check if sshd port is already known by selinux shell: semanage port -l | grep ssh register: sshd_selinux_port check_mode: no @@ -59,7 +59,7 @@ - selinux - base -- name: allow alternate sshd port +- name: Allow alternate sshd port command: semanage port -a -t ssh_port_t -p tcp {{ sshd_port }} when: sshd_port in sshd_selinux_port failed_when: false @@ -71,7 +71,7 @@ - selinux - base -- name: sshd_config +- name: Sshd_config template: src=sshd_config dest=/etc/ssh/sshd_config mode=0600 notify: - restart sshd @@ -247,7 +247,7 @@ - sshd - base -- name: make sure there is no old ssh host key for the host still around +- name: Make sure there is no old ssh host key for the host still around local_action: known_hosts path={{item}} host={{ inventory_hostname }} state=absent ignore_errors: true with_items: diff --git a/roles/batcave/tasks/main.yml b/roles/batcave/tasks/main.yml index 30defb5770..65289cc09c 100644 --- a/roles/batcave/tasks/main.yml +++ b/roles/batcave/tasks/main.yml @@ -7,13 +7,13 @@ # --- -- name: create /srv/web/pub for nfs mounts +- name: Create /srv/web/pub for nfs mounts file: dest=/srv/web/pub state=directory mode=0755 tags: - batcave - config -- name: install packages needed +- name: Install packages needed package: name={{ item }} state=present with_items: - srm # secure rm to delete sensitive files. @@ -47,7 +47,7 @@ - config when: inventory_hostname.startswith('batcave01') -- name: setup ssh_known_hosts file +- name: Setup ssh_known_hosts file copy: src=ssh_known_hosts dest=/etc/ssh/ssh_known_hosts mode=0644 tags: - batcave @@ -58,13 +58,13 @@ # This is our ansible master, setup ansible # -- name: setup roots bashrc to note about agents +- name: Setup roots bashrc to note about agents copy: src=root_bashrc dest=/root/.bashrc tags: - batcave - config -- name: run daily logview report for ansible actions. +- name: Run daily logview report for ansible actions. copy: src=logview.cron dest=/etc/cron.daily/logview.cron mode=0755 tags: - batcave @@ -77,21 +77,21 @@ - batcave - config -- name: setup cron for daily ticketkey reollover +- name: Setup cron for daily ticketkey reollover copy: src=ticketkey.cron dest=/etc/cron.hourly/ticketkey.cron mode=0755 tags: - batcave - config when: inventory_hostname.startswith('batcave01') -- name: setup cron for removing old pdr requests +- name: Setup cron for removing old pdr requests copy: src=pdr.cron dest=/etc/cron.d/pdr.cron mode=0644 tags: - batcave - config when: inventory_hostname.startswith('batcave01') -- name: setup cron to expose the rabbitmq certs +- name: Setup cron to expose the rabbitmq certs copy: src: make-rabbitmq-certs-public.sh dest: /etc/cron.daily/make-rabbitmq-certs-public @@ -105,7 +105,7 @@ # Set selinux booleans we need # -- name: set selinux booleans +- name: Set selinux booleans seboolean: name={{ item }} persistent=yes state=yes with_items: - httpd_can_network_connect @@ -121,21 +121,21 @@ # batcave # -- name: install the fedora-messaging configuration file +- name: Install the fedora-messaging configuration file template: src=batcave-messaging.toml dest=/etc/fedora-messaging/batcave-messaging.toml tags: - batcave - config - fedora-messaging -- name: create folder where we'll place the certs +- name: Create folder where we'll place the certs file: path=/etc/pki/rabbitmq/ owner=root group=root mode=0755 state=directory tags: - batcave - config - fedora-messaging -- name: install the rabbitmq certificates for batcave +- name: Install the rabbitmq certificates for batcave copy: src={{ item.src }} dest=/etc/pki/rabbitmq/{{ item.dest }} owner={{ item.owner }} group={{ item.group}} mode={{ item.mode }} @@ -168,7 +168,7 @@ # Hook to notify on git commits used in git repos # -- name: setup git-notifier script +- name: Setup git-notifier script copy: src=git-notifier dest=/usr/local/bin/git-notifier mode=0755 tags: - batcave @@ -176,7 +176,7 @@ # Hook to republish our bare repos for web viewing. -- name: setup syncgittree.sh script +- name: Setup syncgittree.sh script copy: src=syncgittree.sh dest=/usr/local/bin/syncgittree.sh mode=0755 tags: - batcave @@ -193,7 +193,7 @@ # zodbot_channel=$(git config hooks.zodbotchannel) # python $reposource/hooks/zodbot-announce-commits.py $reposource $zodbot_channel $oldrev $newrev ${1#refs/heads/} -- name: install zodbot-announce-commits script +- name: Install zodbot-announce-commits script copy: src=zodbot-announce-commits.py dest=/usr/local/bin/zodbot-announce-commits.py mode=0755 tags: - batcave @@ -204,7 +204,7 @@ # This is another script to announce commits, this time to the fedmsg bus # -- name: install packages needed +- name: Install packages needed package: name: fedora-messaging-git-hook state: present @@ -216,14 +216,14 @@ # This script checks all the virthosts and logs what guests they are running. # -- name: install vmdiff.sh cron +- name: Install vmdiff.sh cron copy: src=vmdiff.sh dest=/etc/cron.hourly/vmdiff.sh mode=0755 tags: - batcave - config when: inventory_hostname.startswith('batcave01') -- name: install infradocs.sh cron +- name: Install infradocs.sh cron copy: src=infradocs.sh dest=/etc/cron.hourly/infradocs.sh mode=0755 tags: - batcave @@ -235,7 +235,7 @@ # Setup public db copy script. # -- name: setup public db copy script +- name: Setup public db copy script copy: src=public-db-copy.sh dest=/usr/local/bin/public-db-copy.sh mode=0755 tags: - batcave @@ -244,7 +244,7 @@ # Setup public db copy cron. # -- name: setup public db copy script +- name: Setup public db copy script copy: src=public-db-copy.cron dest=/etc/cron.d/public-db-copy.cron mode=0644 tags: - batcave @@ -255,7 +255,7 @@ # Setup job that runs a check/diff ansible run over all playbooks each night. # -- name: setup checkdiff ansible job +- name: Setup checkdiff ansible job copy: src=ansible-playbook-check-diff.cron dest=/etc/cron.daily/ansible-playbook-check-diff.cron mode=0755 tags: - batcave @@ -266,7 +266,7 @@ # Setup job that runs letsencrypt on proxies each week # -- name: setup letsencrypt run for proxies +- name: Setup letsencrypt run for proxies copy: src=proxy-certs-check-renew.cron dest=/etc/cron.weekly/proxy-certs-check-renew.cron mode=0755 tags: - batcave @@ -277,7 +277,7 @@ # Setup rhel8 sync script. # -- name: setup rhel8 sync copy script +- name: Setup rhel8 sync copy script copy: src=rhel8-sync dest=/mnt/fedora/app/fi-repo/rhel/rhel8/rhel8-sync mode=0775 tags: - batcave @@ -287,7 +287,7 @@ # Setup rhel9 sync script. # -- name: setup rhel9 sync copy script +- name: Setup rhel9 sync copy script copy: src=rhel9-sync dest=/mnt/fedora/app/fi-repo/rhel/rhel9/rhel9-sync mode=0775 tags: - batcave @@ -297,7 +297,7 @@ # # sync-rhn cron job # -- name: setup sync-rhn cron +- name: Setup sync-rhn cron copy: src=sync-rhn dest=/etc/cron.d/sync-rhn mode=0644 tags: - batcave @@ -308,7 +308,7 @@ # # sync-centos cron job # -- name: setup sync-rhn cron +- name: Setup sync-rhn cron copy: src=sync-centos dest=/etc/cron.d/sync-centos mode=0644 tags: - batcave @@ -319,7 +319,7 @@ # Setup centos 9s sync script. # -- name: setup centos 9s sync script +- name: Setup centos 9s sync script copy: src=centos-9s-sync dest=/mnt/fedora/app/fi-repo/centos/centos-9s-sync mode=0775 tags: - batcave @@ -329,7 +329,7 @@ # Setup centos 10 sync script. # -- name: setup centos 10 sync script +- name: Setup centos 10 sync script copy: src=centos-10-sync dest=/mnt/fedora/app/fi-repo/centos/centos-10-sync mode=0775 tags: - batcave @@ -339,7 +339,7 @@ # # Setup web server config # -- name: install web server config for batcave (mimetypes) +- name: Install web server config for batcave (mimetypes) copy: src=mime-types.conf dest=/etc/httpd/conf.d/mime-types.conf mode=0644 notify: - reload httpd @@ -348,7 +348,7 @@ - config - httpd -- name: install web server config for batcave (access rules) +- name: Install web server config for batcave (access rules) copy: src=allows dest=/etc/httpd/conf.d/allows mode=0644 notify: - reload httpd @@ -357,7 +357,7 @@ - config - httpd -- name: install web server config for batcave (main config) +- name: Install web server config for batcave (main config) template: src=infrastructure.fedoraproject.org.conf.j2 dest=/etc/httpd/conf.d/infrastructure.fedoraproject.org.conf mode=0644 notify: - reload httpd @@ -371,14 +371,14 @@ # this cron job creates a json file from the rhel repos # -- name: create repo2json directory +- name: Create repo2json directory file: dest=/srv/web/repo/json mode=0755 state=directory owner=apache group=apache tags: - batcave - config when: inventory_hostname.startswith('batcave01') -- name: create repo2json cron job +- name: Create repo2json cron job copy: src=repo2json.cron dest=/etc/cron.d/repo2json.cron mode=0644 tags: - batcave @@ -389,7 +389,7 @@ # ansible utils includes our rbac-playbook # -- name: install the ansible_utils/rbac config +- name: Install the ansible_utils/rbac config copy: src={{ private }}/files/rbac/rbac.yaml dest=/etc/ansible_utils/rbac.yaml mode=0540 group=sysadmin tags: - rbac @@ -424,7 +424,7 @@ # set selinux context for /srv/web/infra # -- name: check the selinux context of webdir +- name: Check the selinux context of webdir command: matchpathcon /srv/web register: webdir check_mode: no @@ -450,7 +450,7 @@ # set selinux context for public git repos # -- name: check the selinux context of ansible +- name: Check the selinux context of ansible command: matchpathcon /srv/git/ansible.git register: webdir check_mode: no @@ -472,7 +472,7 @@ - httpd - httpd/website -- name: check the selinux context of badges +- name: Check the selinux context of badges command: matchpathcon /srv/git/badges register: webdir check_mode: no @@ -494,7 +494,7 @@ - httpd - httpd/website -- name: check the selinux context of dns +- name: Check the selinux context of dns command: matchpathcon /srv/git/dns register: webdir check_mode: no @@ -516,7 +516,7 @@ - httpd - httpd/website -- name: check the selinux context of infra-docs +- name: Check the selinux context of infra-docs command: matchpathcon /srv/git/infra-docs register: webdir check_mode: no @@ -556,21 +556,21 @@ - koji - batcave -- name: create some tmp dirs +- name: Create some tmp dirs file: path=/tmp-inst mode=000 owner=root group=root state=directory tags: - config - batcave - selinux -- name: create some tmp dirs +- name: Create some tmp dirs file: path=/var/tmp-inst mode=000 owner=root group=root state=directory tags: - config - batcave - selinux -- name: put in place namespace.conf file +- name: Put in place namespace.conf file copy: src=namespace.conf dest=/etc/security/namespace.conf mode=644 owner=root group=root tags: - config @@ -612,7 +612,7 @@ # install psql to allow for some ro queries against db-datanommer02 # -- name: enable the postgresql 12 module for psql on batcave +- name: Enable the postgresql 12 module for psql on batcave copy: dest: /etc/dnf/modules.d/postgresql.module content: | @@ -625,7 +625,7 @@ - batcave - postgres -- name: install psql client +- name: Install psql client package: name=postgresql state=present tags: - batcave @@ -642,7 +642,7 @@ # # keep this until ansible-core updates to 2.15.x # -- name: apply uri module patch to ansible +- name: Apply uri module patch to ansible ansible.posix.patch: src: urls.py.patch basedir: /usr/lib/python3.9/site-packages/ansible/module_utils/ diff --git a/roles/bkernel/tasks/main.yml b/roles/bkernel/tasks/main.yml index dcf5a1cd1c..a0ff5a4089 100644 --- a/roles/bkernel/tasks/main.yml +++ b/roles/bkernel/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: add pkgs for bkernel boxes +- name: Add pkgs for bkernel boxes package: state: present name: @@ -12,24 +12,24 @@ tags: - bkernel -- name: enable pcscd +- name: Enable pcscd service: name=pcscd state=started enabled=true tags: - bkernel -- name: setup opensc in pcscd +- name: Setup opensc in pcscd shell: modutil -dbdir /etc/pki/pesign -list | grep -q OpenSC || modutil -force -dbdir /etc/pki/pesign -add opensc -libfile /usr/lib64/pkcs11/opensc-pkcs11.so check_mode: no changed_when: "1 != 1" tags: - bkernel -- name: setup pesign users config +- name: Setup pesign users config copy: src=pesign-users dest=/etc/pesign/users mode=0600 owner=root group=root tags: - bkernel -- name: enable pesign +- name: Enable pesign service: name=pesign state=started enabled=true tags: - bkernel @@ -54,12 +54,12 @@ tags: - bkernel -- name: when you awake you will remember nothing +- name: When you awake you will remember nothing copy: src=history_off.sh dest=/etc/profile.d/history_off.sh mode=0644 tags: - bkernel -- name: mock site-defaults.cfg +- name: Mock site-defaults.cfg template: src: bkernel-site-defaults.cfg dest: /etc/mock/site-defaults.cfg diff --git a/roles/blockerbugs/tasks/main.yml b/roles/blockerbugs/tasks/main.yml index 1a6c1672d6..2764f6243b 100644 --- a/roles/blockerbugs/tasks/main.yml +++ b/roles/blockerbugs/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: install needed packages for blockerbugs +- name: Install needed packages for blockerbugs package: state=present name={{ item }} with_items: - libselinux-python3 @@ -11,7 +11,7 @@ - packages - blockerbugs -- name: setup blockerbugs apache conf +- name: Setup blockerbugs apache conf copy: src=blockerbugs.conf dest=/etc/httpd/conf.d/blockerbugs.conf mode=644 notify: - reload httpd @@ -28,7 +28,7 @@ - blockerbugs - config -- name: create the `blockerbugs` user +- name: Create the `blockerbugs` user user: name: blockerbugs group: blockerbugs @@ -38,7 +38,7 @@ - blockerbugs - config -- name: setup blockerbugs app settings file +- name: Setup blockerbugs app settings file template: src=blockerbugs-settings.py.j2 dest=/etc/blockerbugs/settings.py mode=640 notify: - reload httpd @@ -47,7 +47,7 @@ - httpd - blockerbugs -- name: grant blockerbugs and apache read access to the settings file +- name: Grant blockerbugs and apache read access to the settings file acl: name=/etc/blockerbugs/settings.py entity={{ item }} etype=user permissions="r" state=present with_items: - blockerbugs @@ -59,19 +59,19 @@ - httpd - blockerbugs -- name: allow httpd to connect to network, enabling openid +- name: Allow httpd to connect to network, enabling openid seboolean: name=httpd_can_network_connect state=true persistent=true tags: - config - blockerbugs -- name: set sebooleans so blockerbugs can talk to the db +- name: Set sebooleans so blockerbugs can talk to the db seboolean: name=httpd_can_network_connect_db state=true persistent=true tags: - config - blockerbugs -- name: setup blockerbugs cron (master node only) +- name: Setup blockerbugs cron (master node only) copy: src=blockerbugs.cron dest=/etc/cron.d/blockerbugs when: master_blockerbugs_node tags: @@ -79,7 +79,7 @@ - blockerbugs # this is a "short-term" patch that won't be needed for future versions of blockerbugs -- name: patch bz_interface to work with rhbz changes +- name: Patch bz_interface to work with rhbz changes copy: src=20210914-patched-bz_interface.py dest=/usr/lib/python3.9/site-packages/blockerbugs/util/bz_interface.py when: master_blockerbugs_node tags: diff --git a/roles/bodhi2/backend/tasks/main.yml b/roles/bodhi2/backend/tasks/main.yml index dccfe43624..2f21d819c7 100644 --- a/roles/bodhi2/backend/tasks/main.yml +++ b/roles/bodhi2/backend/tasks/main.yml @@ -3,16 +3,16 @@ # This is the base set of files needed for bodhi/composer # The ftpsync group and user are needed to sync the files to the master mirror -- name: add ftpsync group +- name: Add ftpsync group group: name=ftpsync gid=263 system=yes state=present tags: - bodhi -- name: add ftpsync user +- name: Add ftpsync user user: name=ftpsync uid=263 group=ftpsync createhome=yes system=yes state=present tags: - bodhi -- name: install needed packages +- name: Install needed packages package: name: - bodhi-composer @@ -43,7 +43,7 @@ - packages - bodhi -- name: update bodhi composer +- name: Update bodhi composer when: env == 'staging' package: name: @@ -54,7 +54,7 @@ - bodhi -- name: add apache user to the masher group so it can talk to the monitoring socket +- name: Add apache user to the masher group so it can talk to the monitoring socket user: name=apache groups=ftpsync append=yes tags: - bodhi @@ -104,14 +104,14 @@ # # cron job that syncs packages to koji # -- name: put owner-sync-pagure in place +- name: Put owner-sync-pagure in place template: src=owner-sync-pagure.j2 dest=/usr/local/bin/owner-sync-pagure mode="0755" tags: - config - bodhi - cron -- name: sync packages from pagure-on-dist-git to koji (all branches) +- name: Sync packages from pagure-on-dist-git to koji (all branches) # XXX If you modify this taglist. Please also modify the other copy in # bodhi2/backend/files/koji_sync_listener.py # This cronjob runs only once a day. The listener script runs reactively. @@ -137,7 +137,7 @@ set_fact: py3ver: "{{ _python3_version_result.stdout | trim }}" -- name: put the koji sync listener script in place +- name: Put the koji sync listener script in place copy: src: koji_sync_listener.py dest: /usr/lib/python{{ py3ver }}/site-packages/koji_sync_listener.py @@ -147,7 +147,7 @@ - bodhi - koji-sync -- name: put the koji sync listener config file in place +- name: Put the koji sync listener config file in place template: src: koji_sync_listener.toml dest: /etc/fedora-messaging/koji_sync_listener.toml @@ -159,7 +159,7 @@ - bodhi - koji-sync -- name: start the fm-consumer@koji_sync_listener service +- name: Start the fm-consumer@koji_sync_listener service service: name=fm-consumer@koji_sync_listener enabled=yes state=started when: env == "production" tags: @@ -169,7 +169,7 @@ # cron job that syncs updates to master mirror # -- name: put new-updates-sync in place +- name: Put new-updates-sync in place copy: src=new-updates-sync dest=/usr/local/bin/new-updates-sync mode="0755" when: env == "production" tags: @@ -177,7 +177,7 @@ - bodhi - cron -- name: put bodhi-automated-pushes.py in place +- name: Put bodhi-automated-pushes.py in place copy: src=bodhi-automated-pushes.py dest=/usr/local/bin/bodhi-automated-pushes.py mode="0755" when: env == "production" tags: @@ -186,14 +186,14 @@ - cron # These next two are used by quick-fedora-mirror -- name: put update-fullfiletimelist in place +- name: Put update-fullfiletimelist in place copy: src="{{ files }}/scripts/update-fullfiletimelist" dest=/usr/local/bin/update-fullfiletimelist mode="0755" when: env == "production" tags: - config - bodhi - cron -- name: add create-filelist script from quick-fedora-mirror +- name: Add create-filelist script from quick-fedora-mirror copy: src="{{ files }}/scripts/create-filelist" dest=/usr/local/bin/create-filelist mode="0755" when: env == "production" tags: @@ -218,7 +218,7 @@ - cron # This generates https://dl.fedoraproject.org/pub/DIRECTORY_SIZES.txt -- name: directory sizes update cron job. +- name: Directory sizes update cron job. cron: name="directory-sizes-update" minute="30" hour="19" user="ftpsync" job="/usr/bin/find /pub/alt/ /pub/archive/ /pub/fedora-secondary/ /pub/fedora/ /pub/epel/ -type d ! -path '/pub/alt/screenshots/f21/source' | grep -v snapshot | /usr/bin/xargs -n 1 /usr/bin/du --exclude=.snapshot -sh > /tmp/DIRECTORY_SIZES.txt 2> /dev/null; cp /tmp/DIRECTORY_SIZES.txt /pub/" cron_file=directory-sizes-update @@ -230,7 +230,7 @@ # Bodhi cron jobs, disabled on staging because we replaced them with celery-beat -- name: bodhi-approve-testing cron job. +- name: Bodhi-approve-testing cron job. cron: name: bodhi-approve-testing minute: "*/3" @@ -243,7 +243,7 @@ - bodhi - cron -- name: bodhi-check-policies cron job. +- name: Bodhi-check-policies cron job. cron: name: bodhi-check-policies hour: "*/1" @@ -257,7 +257,7 @@ - bodhi - cron -- name: bodhi-clean-old-composes cron job. +- name: Bodhi-clean-old-composes cron job. cron: name: bodhi-clean-old-composes hour: "03" @@ -271,7 +271,7 @@ - bodhi - cron -- name: bodhi-expire-overrides cron job. +- name: Bodhi-expire-overrides cron job. cron: name: bodhi-expire-overrides hour: "*" @@ -381,7 +381,7 @@ - config - bodhi -- name: make a mnt/koji link +- name: Make a mnt/koji link file: state=link src=/mnt/fedora_koji/koji dest=/mnt/koji force=yes tags: - bodhi @@ -423,12 +423,12 @@ - bodhi - config -- name: ensure apache is disabled on the backend +- name: Ensure apache is disabled on the backend service: name=httpd enabled=no state=stopped tags: - bodhi -- name: ensure fedora-messaging and celery are enabled and started on the backend +- name: Ensure fedora-messaging and celery are enabled and started on the backend service: name: "{{ item }}" enabled: yes diff --git a/roles/btrfs/handlers/main.yml b/roles/btrfs/handlers/main.yml index c55eee4c16..2077071730 100644 --- a/roles/btrfs/handlers/main.yml +++ b/roles/btrfs/handlers/main.yml @@ -1,5 +1,5 @@ --- -- name: restart btrfs-balance +- name: Restart btrfs-balance service: name: btrfs-balance.timer state: restarted diff --git a/roles/bugzilla2fedmsg/tasks/main.yml b/roles/bugzilla2fedmsg/tasks/main.yml index bd9b3da9b8..92a360968b 100644 --- a/roles/bugzilla2fedmsg/tasks/main.yml +++ b/roles/bugzilla2fedmsg/tasks/main.yml @@ -1,7 +1,7 @@ --- # Setup a fedmsg-hub -- name: install needed packages +- name: Install needed packages package: name={{ item }} state=present with_items: - python-moksha-hub @@ -59,7 +59,7 @@ tags: - bugzilla2fedmsg -- name: moksha-hub service +- name: Moksha-hub service service: name=moksha-hub state=stopped enabled=no tags: - bugzilla2fedmsg diff --git a/roles/builder_repo/tasks/main.yml b/roles/builder_repo/tasks/main.yml index 806ebd6949..960b15ff7b 100644 --- a/roles/builder_repo/tasks/main.yml +++ b/roles/builder_repo/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: add builder infra yum repo +- name: Add builder infra yum repo file: dest=/etc/yum.repos.d/builder-infrastructure.repo state=absent tags: - builder_infra diff --git a/roles/cgit/base/tasks/main.yml b/roles/cgit/base/tasks/main.yml index 6bbc9150a3..a85d98ea94 100644 --- a/roles/cgit/base/tasks/main.yml +++ b/roles/cgit/base/tasks/main.yml @@ -1,7 +1,7 @@ --- # tasklist for setting up CGit -- name: install the needed packages +- name: Install the needed packages package: name={{item}} state=present with_items: - cgit @@ -33,16 +33,16 @@ - images/t.png tags: cgit -- name: put cgitrc in place for people +- name: Put cgitrc in place for people copy: src=cgitrc.people dest=/etc/cgitrc owner=root mode=0644 when: inventory_hostname.startswith('people') tags: cgit -- name: put cgitrc in place for batcave +- name: Put cgitrc in place for batcave copy: src=cgitrc.batcave dest=/etc/cgitrc owner=root mode=0644 when: inventory_hostname.startswith('batcave') tags: cgit -# - name: install the libravatar filter +# - name: Install the libravatar filter # copy: src=email-libravatar-korg.lua dest=/usr/libexec/cgit/filters/email-libravatar-korg.lua owner=root group=root mode=0755 # tags: cgit diff --git a/roles/cgit/clean_lock_cron/tasks/main.yml b/roles/cgit/clean_lock_cron/tasks/main.yml index 9a189f65c0..d6e80291ec 100644 --- a/roles/cgit/clean_lock_cron/tasks/main.yml +++ b/roles/cgit/clean_lock_cron/tasks/main.yml @@ -1,6 +1,6 @@ --- # tasklist for setting up the Cron job cleaning CGit locks -- name: install the cron file +- name: Install the cron file copy: src=clean-lock.cron dest=/etc/cron.d/cgit-clean-lock.cron mode=0644 tags: cgit diff --git a/roles/cgit/make_pkgs_list/tasks/main.yml b/roles/cgit/make_pkgs_list/tasks/main.yml index 0fb73f7675..608eaeaff5 100644 --- a/roles/cgit/make_pkgs_list/tasks/main.yml +++ b/roles/cgit/make_pkgs_list/tasks/main.yml @@ -1,24 +1,24 @@ --- # tasklist for setting up the CGit file list -- name: install semanage +- name: Install semanage package: name=/usr/sbin/semanage state=present tags: cgit -- name: create the git root directory (/srv/git) +- name: Create the git root directory (/srv/git) file: dest=/srv/git state=directory mode=0755 tags: cgit -- name: ensure the repo list file exists +- name: Ensure the repo list file exists copy: content="" dest=/srv/git/pkgs-git-repos-list force=no owner=apache group=apache mode=0644 tags: cgit -- name: install the script +- name: Install the script copy: src=make-cgit-pkgs-list.sh dest=/usr/local/bin/make-cgit-pkgs-list.sh mode=0755 when: inventory_hostname.startswith('pkgs') tags: cgit -- name: install the script for fedorapeople +- name: Install the script for fedorapeople copy: src=make-people-git.sh dest=/usr/local/bin/make-people-git.sh mode=0755 when: inventory_hostname.startswith('people') tags: cgit @@ -26,12 +26,12 @@ # # For the batcave we just have a small static list # -- name: install the file for batcave +- name: Install the file for batcave copy: src=cgit-projects-batcave dest=/etc/cgit-projects-batcave mode=0644 when: inventory_hostname.startswith('batcave') tags: cgit -- name: install the cron job +- name: Install the cron job cron: > name="make-cgit-pkgs-list" cron_file="ansible-make-cgit-pkgs-list" minute=*/10 @@ -40,7 +40,7 @@ when: inventory_hostname.startswith('pkgs') tags: cgit -- name: install the cron job for fedora people cgit +- name: Install the cron job for fedora people cgit cron: > name="make-people-git" cron_file="make-people-git" minute=*/10 @@ -49,7 +49,7 @@ when: inventory_hostname.startswith('people') tags: cgit -- name: check the selinux context of the repo list +- name: Check the selinux context of the repo list command: matchpathcon /srv/git/pkgs-git-repos-list register: gitlistcontext check_mode: no @@ -59,7 +59,7 @@ - cgit - selinux -- name: set the SELinux policy for the repo list +- name: Set the SELinux policy for the repo list command: semanage fcontext -a -t git_content_t "/srv/git/pkgs-git-repos-list" when: gitlistcontext.stdout.find('git_content_t') == -1 tags: diff --git a/roles/chrony/tasks/main.yml b/roles/chrony/tasks/main.yml index 67d4a4677f..769099972f 100644 --- a/roles/chrony/tasks/main.yml +++ b/roles/chrony/tasks/main.yml @@ -1,12 +1,12 @@ --- -- name: install chrony +- name: Install chrony package: name=chrony state=present tags: - chrony - package - base -- name: install chrony.conf +- name: Install chrony.conf template: src=chrony.conf.j2 dest=/etc/chrony.conf notify: - restart chronyd diff --git a/roles/clamav/tasks/main.yml b/roles/clamav/tasks/main.yml index 1647546b5b..5b560fd12f 100644 --- a/roles/clamav/tasks/main.yml +++ b/roles/clamav/tasks/main.yml @@ -13,7 +13,7 @@ # - clamscan_month (optional) # - clamscan_weekday (optional) -- name: install the needed packages +- name: Install the needed packages package: name={{item}} state=present with_items: - clamav @@ -21,22 +21,22 @@ - clamav-update - cronie-anacron -- name: setup the freshclam configuration +- name: Setup the freshclam configuration copy: src=freshclam.conf dest=/etc/freshclam.conf -- name: enable freshclam by fixing the stupid default sysconfig +- name: Enable freshclam by fixing the stupid default sysconfig copy: src=freshclam-sysconfig dest=/etc/sysconfig/freshclam -- name: setup the freshclam cron job +- name: Setup the freshclam cron job copy: src=freshclam-cron dest=/etc/cron.daily/freshclam -- name: setup the periodic clam scan script +- name: Setup the periodic clam scan script template: > src=clamscan.sh.j2 dest=/usr/local/bin/clamscan.sh mode=0755 -- name: setup cron job for clam scan +- name: Setup cron job for clam scan cron: > name="clamscan" user=root diff --git a/roles/collectd/base/tasks/main.yml b/roles/collectd/base/tasks/main.yml index ce0b303504..0a89fd37e6 100644 --- a/roles/collectd/base/tasks/main.yml +++ b/roles/collectd/base/tasks/main.yml @@ -2,35 +2,35 @@ # install pkg --- -- name: install collectd +- name: Install collectd package: name=collectd state=present tags: - collectd when: ansible_distribution_major_version|int <= 7 and ansible_distribution == 'RedHat' # install pkg -- name: install collectd +- name: Install collectd dnf: name=collectd state=present tags: - collectd when: ansible_distribution_major_version|int > 7 and ansible_distribution == 'RedHat' # install pkg -- name: install collectd +- name: Install collectd dnf: name=collectd state=present tags: - collectd when: ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora' # install collectd-disk (it was split out) -- name: install collectd-disk +- name: Install collectd-disk dnf: name=collectd-disk state=present tags: - collectd when: ansible_distribution_major_version|int > 7 and ansible_distribution == 'RedHat' # install collectd-disk on F25+ (it was split out) -- name: install collectd-disk +- name: Install collectd-disk dnf: name=collectd-disk state=present tags: - collectd @@ -63,7 +63,7 @@ when: inventory_hostname.startswith('log') # apache - localhost only - pretty much any apache server -- name: install collectd-apache (yum) +- name: Install collectd-apache (yum) package: state=present name=collectd-apache tags: - collectd @@ -71,7 +71,7 @@ - restart collectd when: collectd_apache and ansible_distribution_major_version|int <= 7 and ansible_distribution == 'RedHat' -- name: install collectd-apache (dnf) +- name: Install collectd-apache (dnf) dnf: state=present name=collectd-apache tags: - collectd @@ -79,7 +79,7 @@ - restart collectd when: collectd_apache and ansible_distribution_major_version|int > 7 and ansible_distribution == 'RedHat' -- name: install collectd-apache (dnf) +- name: Install collectd-apache (dnf) dnf: state=present name=collectd-apache tags: - collectd @@ -110,7 +110,7 @@ - restart collectd when: ( collectd_apache is defined ) and ansible_selinux.status != "disabled" -- name: enable collectd nfs module +- name: Enable collectd nfs module copy: src=nfs.conf dest=/etc/collectd.d/nfs.conf tags: - collectd @@ -118,13 +118,13 @@ - restart collectd # Three tasks for handling our (two) custom selinux modules. -- name: ensure a directory exists for our custom selinux module +- name: Ensure a directory exists for our custom selinux module file: dest=/usr/share/collectd state=directory tags: - collectd - selinux -- name: copy over our general collectd selinux module +- name: Copy over our general collectd selinux module copy: src=selinux/fi-collectd.pp dest=/usr/share/collectd/fi-collectd.pp register: ficgeneral_module tags: @@ -132,7 +132,7 @@ - selinux # TODO: consider using selinux_modules from https://galaxy.ansible.com/linux-system-roles/selinux instead -- name: check to see what version is installed (if any) +- name: Check to see what version is installed (if any) shell: "semodule -l -m | grep fi-collectd | cut -d: -f2" register: ficgeneral_installed_version check_mode: no @@ -142,7 +142,7 @@ - selinux # This cmd comes from the last example of the semodule man page -- name: check to see what version we have +- name: Check to see what version we have shell: /usr/libexec/selinux/hll/pp /usr/share/collectd/fi-collectd.pp | sha256sum | cut -d ' ' -f1 register: ficgeneral_local_version check_mode: no @@ -151,21 +151,21 @@ - collectd - selinux -- name: install our general collectd selinux module +- name: Install our general collectd selinux module command: semodule -i /usr/share/collectd/fi-collectd.pp when: ficgeneral_module is changed or ficgeneral_installed_version != ficgeneral_local_version tags: - collectd - selinux -- name: copy over our pstorefs/collectd selinux module (rhel6 has no pstorefs) +- name: Copy over our pstorefs/collectd selinux module (rhel6 has no pstorefs) copy: src=selinux/fi-pstorefs.pp dest=/usr/share/collectd/fi-pstorefs.pp register: ficpstorefs_module tags: - collectd - selinux -- name: check to see if its even installed yet +- name: Check to see if its even installed yet shell: semodule -l | grep fi-pstorefs | wc -l register: ficpstorefs_grep check_mode: no @@ -174,7 +174,7 @@ - collectd - selinux -- name: install our pstorefs/collectd selinux module +- name: Install our pstorefs/collectd selinux module command: semodule -i /usr/share/collectd/fi-pstorefs.pp when: (ficpstorefs_module is changed or ficpstorefs_grep is changed) tags: @@ -205,7 +205,7 @@ # webproxy # enable collectd -- name: enable collectd svc +- name: Enable collectd svc service: state=started enabled=true name=collectd tags: - collectd diff --git a/roles/collectd/bind/tasks/main.yml b/roles/collectd/bind/tasks/main.yml index 878140cd97..d5bb273867 100644 --- a/roles/collectd/bind/tasks/main.yml +++ b/roles/collectd/bind/tasks/main.yml @@ -1,6 +1,6 @@ --- -- name: install collectd-bind +- name: Install collectd-bind package: name=collectd-bind state=present tags: - packages diff --git a/roles/collectd/fcomm-queue/tasks/main.yml b/roles/collectd/fcomm-queue/tasks/main.yml index f2bd7c3c9c..bf9b25bec1 100644 --- a/roles/collectd/fcomm-queue/tasks/main.yml +++ b/roles/collectd/fcomm-queue/tasks/main.yml @@ -1,6 +1,6 @@ --- -- name: install python-retask +- name: Install python-retask package: name=python-retask state=present tags: - collectd @@ -23,20 +23,20 @@ notify: restart collectd # Three tasks for handling our custom selinux module. -- name: ensure a directory exists for our custom selinux module +- name: Ensure a directory exists for our custom selinux module file: dest=/usr/share/collectd state=directory tags: - collectd - selinux -- name: copy over our fcomm collectd selinux module +- name: Copy over our fcomm collectd selinux module copy: src=selinux/fi-collectd-fcomm.pp dest=/usr/share/collectd/fi-collectd-fcomm.pp register: ficfcomm_module tags: - collectd - selinux -- name: check to see if its even installed yet +- name: Check to see if its even installed yet shell: semodule -l | grep fi-collectd-fcomm | wc -l register: ficfcomm_grep check_mode: no @@ -45,14 +45,14 @@ - collectd - selinux -- name: install our fcomm collectd selinux module +- name: Install our fcomm collectd selinux module command: semodule -i /usr/share/collectd/fi-collectd-fcomm.pp when: ficfcomm_module is changed or ficfcomm_grep is changed tags: - collectd - selinux -- name: lastly, set some selinux booleans +- name: Lastly, set some selinux booleans seboolean: name={{item}} persistent=yes state=yes with_items: - collectd_tcp_network_connect diff --git a/roles/collectd/memcached/tasks/main.yml b/roles/collectd/memcached/tasks/main.yml index 4d6700c0fb..dd25cfa182 100644 --- a/roles/collectd/memcached/tasks/main.yml +++ b/roles/collectd/memcached/tasks/main.yml @@ -8,7 +8,7 @@ - memcached notify: restart collectd -- name: lastly, set some selinux booleans +- name: Lastly, set some selinux booleans seboolean: name=collectd_tcp_network_connect persistent=yes state=yes tags: - collectd/memcached diff --git a/roles/collectd/rabbitmq/tasks/main.yml b/roles/collectd/rabbitmq/tasks/main.yml index 9f514ee968..6ee1f8cf93 100644 --- a/roles/collectd/rabbitmq/tasks/main.yml +++ b/roles/collectd/rabbitmq/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: install collectd-rabbitmq +- name: Install collectd-rabbitmq package: state: present name: python3-collectd-rabbitmq-monitoring @@ -7,7 +7,7 @@ - packages - collectd -- name: install collectd-python +- name: Install collectd-python package: state: present name: collectd-python @@ -15,7 +15,7 @@ - packages - collectd -- name: install collectd rabbitmq config +- name: Install collectd rabbitmq config template: src: "rabbitmq.collectd.conf.j2" dest: "/etc/collectd.d/rabbitmq.conf" diff --git a/roles/collectd/server/tasks/main.yml b/roles/collectd/server/tasks/main.yml index 1b7a02449e..7ec258713e 100644 --- a/roles/collectd/server/tasks/main.yml +++ b/roles/collectd/server/tasks/main.yml @@ -2,7 +2,7 @@ # collectd server setup # install pkg -- name: install collectd server packages (rhel 7) +- name: Install collectd server packages (rhel 7) package: name={{ item }} state=present with_items: - collectd-rrdtool @@ -15,7 +15,7 @@ - collectd/server when: ansible_distribution_major_version|int == 7 -- name: install collectd server packages (rhel 8) +- name: Install collectd server packages (rhel 8) package: name={{ item }} state=present with_items: - collectd-rrdtool @@ -30,7 +30,7 @@ when: ansible_distribution_major_version|int == 8 # install collectd types -- name: install collectd types +- name: Install collectd types copy: src: "{{ item }}" dest: /usr/share/collectd/{{ item }} @@ -43,7 +43,7 @@ - collectd/server # install collectd configs -- name: install collectd config +- name: Install collectd config copy: src: "{{ item }}" dest: /etc/collectd.d/{{ item }} @@ -58,28 +58,28 @@ - collectd/server # install apache config -- name: install collectd apache config +- name: Install collectd apache config copy: src=collectd.conf dest=/etc/httpd/conf.d/collectd.conf tags: - config - collectd/server # install upgrade target -- name: install collect upgrade target to handle v4 clients +- name: Install collect upgrade target to handle v4 clients copy: src=vfive-upgrade.conf dest=/etc/collectd.d/vfive-upgrade.conf tags: - config - collectd/server # create /var/log/collectd as it's on a larger volume -- name: create /var/log/collectd +- name: Create /var/log/collectd file: path=/var/log/collectd owner=root group=root mode=0755 state=directory tags: - config - collectd/server # push our custom config file for the graph CGIs -- name: push the collection.conf file +- name: Push the collection.conf file copy: src: collection.conf dest: /etc/collection.conf @@ -87,7 +87,7 @@ - config - collectd/server -- name: create the service configuration directory +- name: Create the service configuration directory file: path: /etc/systemd/system/collectd.service.d state: directory @@ -95,7 +95,7 @@ - config - collectd/server -- name: override the timeout for stopping collectd +- name: Override the timeout for stopping collectd copy: src: service.timeout.conf dest: /etc/systemd/system/collectd.service.d/timeout.conf diff --git a/roles/copr/backend/tasks/aws.yml b/roles/copr/backend/tasks/aws.yml index 794661490c..4b9602fdb7 100644 --- a/roles/copr/backend/tasks/aws.yml +++ b/roles/copr/backend/tasks/aws.yml @@ -1,8 +1,8 @@ --- -- name: install aws client +- name: Install aws client dnf: state=present name=awscli -- name: create aws HOME config directory +- name: Create aws HOME config directory file: state=directory path="{{ item.homedir }}/.aws" owner={{ item.user }} @@ -12,7 +12,7 @@ - {user: copr, homedir: /home/copr} - {user: resalloc, homedir: /var/lib/resallocserver} -- name: install aws credentials file +- name: Install aws credentials file template: src=aws-credentials dest="{{ item.homedir }}/.aws/credentials" owner={{ item.user }} @@ -22,7 +22,7 @@ - {user: copr, homedir: /home/copr} - {user: resalloc, homedir: /var/lib/resallocserver} -- name: install aws config file +- name: Install aws config file template: src=aws-config dest="{{ item.homedir }}/.aws/config" owner={{ item.user }} diff --git a/roles/copr/backend/tasks/copr-ping.yml b/roles/copr/backend/tasks/copr-ping.yml index 523ff4d634..9b7adef545 100644 --- a/roles/copr/backend/tasks/copr-ping.yml +++ b/roles/copr/backend/tasks/copr-ping.yml @@ -10,11 +10,11 @@ register: ping_log_check tags: copr_ping -- name: create the user ping user +- name: Create the user ping user user: name={{ ping_user }} tags: copr_ping -- name: pre-create ping log file +- name: Pre-create ping log file file: path: "{{ ping_log }}" owner: "{{ ping_user }}" @@ -25,11 +25,11 @@ when: not ping_log_check.stat.exists tags: copr_ping -- name: install copr-cli package +- name: Install copr-cli package dnf: name=copr-cli state=latest tags: copr_ping -- name: install the ping script +- name: Install the ping script template: dest: "{{ ping_homedir }}/{{ ping_script }}" src: "{{ ping_script }}.j2" @@ -38,7 +38,7 @@ mode: "0700" tags: copr_ping -- name: install the check script +- name: Install the check script template: dest: "/usr/bin/copr-ping-check.py" src: "copr-ping-check.py.j2" @@ -47,7 +47,7 @@ mode: "0750" tags: copr_ping -- name: selinux - allow nrpe_t to read ping_log +- name: Selinux - allow nrpe_t to read ping_log sefcontext: target: "{{ ping_log }}" setype: nrpe_var_run_t @@ -55,12 +55,12 @@ register: semanage_run tags: copr_ping -- name: restorecon ping_log +- name: Restorecon ping_log shell: restorecon -irv "{{ ping_log }}" when: semanage_run.changed or ping_log_created.changed tags: copr_ping -- name: create home/.config dir +- name: Create home/.config dir file: path: "{{ ping_homedir }}/.config" owner: "{{ ping_user }}" @@ -69,7 +69,7 @@ state: directory tags: copr_ping -- name: install the Copr API token +- name: Install the Copr API token copy: content: | [copr-cli] @@ -84,7 +84,7 @@ tags: copr_ping when: not devel -- name: rebuild the copr-ping package periodically +- name: Rebuild the copr-ping package periodically ansible.builtin.cron: # NOTE: sync with CRON_PERIOD in roles/copr/backend/templates/copr-ping-check.py.j2 name: build the ping package diff --git a/roles/copr/backend/tasks/install_cloud_cert.yml b/roles/copr/backend/tasks/install_cloud_cert.yml index 461be9f73a..442b86b550 100644 --- a/roles/copr/backend/tasks/install_cloud_cert.yml +++ b/roles/copr/backend/tasks/install_cloud_cert.yml @@ -1,8 +1,8 @@ --- -- name: copy .pem +- name: Copy .pem copy: src=../../files/fedora-cloud/fed-cloud09.pem dest=/etc/pki/ca-trust/source/anchors/ register: cloud_pem_copied -- name: update certificates +- name: Update certificates command: /usr/bin/update-ca-trust when: cloud_pem_copied.changed diff --git a/roles/copr/backend/tasks/main.yml b/roles/copr/backend/tasks/main.yml index e636cc7db2..0b58db4fef 100644 --- a/roles/copr/backend/tasks/main.yml +++ b/roles/copr/backend/tasks/main.yml @@ -1,24 +1,24 @@ --- -- name: mount fs +- name: Mount fs import_tasks: "mount_fs.yml" -- name: setup networking +- name: Setup networking import_tasks: "network.yml" when: datacenter != 'aws' -- name: create obsrun group for `sign' command +- name: Create obsrun group for `sign' command group: name=obsrun # pre-create copr user and group with predefined uid and gid - group: name=copr gid=986 - user: name=copr group=copr uid=989 groups=obsrun -- name: install copr-backend and copr-selinux +- name: Install copr-backend and copr-selinux dnf: state: present name: copr-backend -- name: add additional packages for copr-backend +- name: Add additional packages for copr-backend dnf: state: present name: @@ -34,31 +34,31 @@ tags: - packages -# - name: patch for prunerepo, issue 1090 +# - name: Patch for prunerepo, issue 1090 # patch: src=patches/prunerepo-dataloss.patch # dest=/usr/bin/prunerepo # tags: patches -- name: install openstackclient for image preparation +- name: Install openstackclient for image preparation dnf: state=present name=python3-openstackclient when: devel|bool -- name: make copr dirs +- name: Make copr dirs file: state=directory path={{ item }} with_items: - /var/lib/copr/jobs - /var/lib/copr/public_html/results -- name: setup dirs there +- name: Setup dirs there file: state=directory path="/home/copr/{{ item }}" owner=copr group=copr mode=0700 with_items: - cloud - .ssh -- name: setup privkey for copr user +- name: Setup privkey for copr user copy: src="{{ private }}/files/copr/buildsys.priv" dest=/home/copr/.ssh/id_rsa owner=copr group=copr mode=600 -- name: setup copr user ssh config file +- name: Setup copr user ssh config file template: src: "ssh_config.j2" dest: /home/copr/.ssh/config @@ -69,31 +69,31 @@ - backend_to_hv_ssh_config - provision_config -- name: check known_hosts file +- name: Check known_hosts file command: stat /home/copr/.ssh/known_hosts register: hostsstat check_mode: no changed_when: "1 != 1" ignore_errors: yes -- name: create empty known_hosts +- name: Create empty known_hosts file: state=touch dest=/home/copr/.ssh/known_hosts owner=copr group=copr mode=600 when: hostsstat.rc == 1 -- name: replace bashrc for copr user +- name: Replace bashrc for copr user copy: src="copr_bashrc" dest=/home/copr/.bashrc owner=copr group=copr mode=600 -- name: auth_key so we can login to localhost as the copr user from the copr user +- name: Auth_key so we can login to localhost as the copr user from the copr user authorized_key: user=copr key="{{ item }}" no_log: true with_file: - "provision/files/buildsys.pub" -- name: copy .boto file +- name: Copy .boto file copy: src="boto" dest=/home/copr/.boto owner=copr group=copr # setup webserver -- name: install lighttpd.conf +- name: Install lighttpd.conf template: src="lighttpd/lighttpd.conf" dest=/etc/lighttpd/lighttpd.conf owner=root group=root mode=0644 notify: - restart lighttpd @@ -101,27 +101,27 @@ - config - lighttpd_config -- name: add gzip content-encoding header by lua script +- name: Add gzip content-encoding header by lua script template: src="lighttpd/content-encoding-gzip-if-exists.lua" dest=/etc/lighttpd/content-encoding-gzip-if-exists.lua owner=root group=root mode=0644 notify: - restart lighttpd tags: - config -- name: letsencrypt cert +- name: Letsencrypt cert include_role: name=copr/certbot tags: - config - certbot -- name: allow lighttpd set fds limit +- name: Allow lighttpd set fds limit seboolean: name=httpd_setrlimit state=yes persistent=yes -- name: create directory for compress module of lighttpd +- name: Create directory for compress module of lighttpd file: path=/var/cache/lighttpd/compress owner=lighttpd group=lighttpd mode=0644 state=directory # mime default to text/plain and enable dirlisting for indexes -- name: update lighttpd configs +- name: Update lighttpd configs copy: src="lighttpd/{{ item }}" dest="/etc/lighttpd/conf.d/{{ item }}" owner=root group=root mode=0644 with_items: - dirlisting.conf @@ -131,17 +131,17 @@ tags: - config -- name: install custom lighttpd template for directory listings +- name: Install custom lighttpd template for directory listings template: src="lighttpd/dir-generator.php.j2" dest="/var/lib/copr/public_html/dir-generator.php" owner=copr group=copr mode=0755 -- name: install resalloc CGI script +- name: Install resalloc CGI script copy: src: cgi-resalloc dest: /var/www/ setype: httpd_sys_script_exec_t mode: "0755" -- name: install the helper scripts for lighttpd log rotation +- name: Install the helper scripts for lighttpd log rotation copy: src: "{{ item }}" dest: /usr/local/bin/{{ item }} @@ -154,20 +154,20 @@ register: logrotate_scripts tags: logrotate -- name: fix selinux context on helper scripts +- name: Fix selinux context on helper scripts command: restorecon -irv /usr/local/bin/copr-lighty* when: logrotate_scripts.changed tags: logrotate -- name: install custom logrotate config for lighttpd +- name: Install custom logrotate config for lighttpd template: src="logrotate/lighttpd.j2" dest=/etc/logrotate.d/lighttpd owner=root group=root mode=644 tags: logrotate -- name: start webserver +- name: Start webserver service: state=started enabled=yes name=lighttpd # setup dirs for the ansible execution off of provisioning -# - name: dirs from provision +# - name: Dirs from provision # file: state=directory path="/home/copr/provision/{{ item }}" owner=copr group=copr # with_items: # - action_plugins @@ -175,7 +175,7 @@ # tags: # - provision_config # -- name: calculate the maximum resalloc workers per architecture +- name: Calculate the maximum resalloc workers per architecture set_fact: "max_{{ item }}_workers={{ builders | community.general.json_query('*.'+item+'[0]') | sum() }}" with_items: - aarch64 @@ -185,12 +185,12 @@ tags: - provision_config -- name: calculate max number of workers +- name: Calculate max number of workers set_fact: "max_workers={{ max_x86_64_workers|int + max_aarch64_workers|int + max_ppc64le_workers|int + max_s390x_workers|int }}" tags: - provision_config -- name: print max arch workers +- name: Print max arch workers debug: "var=max_{{ item }}_workers" with_items: - x86_64 @@ -200,23 +200,23 @@ tags: - provision_config -- name: resalloc +- name: Resalloc import_tasks: resalloc.yml tags: - resalloc -- name: put ansible.cfg for all this into /etc/ansible/ on the system +- name: Put ansible.cfg for all this into /etc/ansible/ on the system copy: src="provision/ansible.cfg" dest=/etc/ansible/ansible.cfg tags: - provision_config -- name: install .ansible.cfg for copr user +- name: Install .ansible.cfg for copr user copy: src=ansible.cfg dest=/home/copr/.ansible.cfg owner=copr group=copr mode=600 tags: - provision_config -- name: setup provision directory +- name: Setup provision directory include_tasks: setup_provisioning_environment.yml vars: cloud_vars: true @@ -225,7 +225,7 @@ tags: - always -- name: copy image preparation scripts +- name: Copy image preparation scripts copy: src="{{ item }}" dest=/usr/local/bin/ owner=root mode=755 with_fileglob: @@ -234,11 +234,11 @@ tags: - provision_config -- name: testing fixture +- name: Testing fixture copy: dest="/home/copr/cloud/ec2rc.variable" content="" when: devel|bool -- name: copy copr-be.conf +- name: Copy copr-be.conf template: src="copr-be.conf.j2" dest=/etc/copr/copr-be.conf owner=root group=copr mode=640 notify: - restart copr-backend @@ -247,13 +247,13 @@ - copr_infrastructure_password - provision_config -- name: create messaging config directory +- name: Create messaging config directory file: dest=/etc/copr/msgbuses state=directory owner=copr group=copr mode=0700 when: copr_messaging tags: - config -- name: install messaging config +- name: Install messaging config template: src="fedora-messaging.conf.j2" dest=/etc/copr/msgbuses/fedora-messaging.conf owner=copr group=copr mode=0600 @@ -263,17 +263,17 @@ tags: - config -- name: copy sign.conf +- name: Copy sign.conf template: src=sign.conf dest=/etc/sign.conf owner=root group=copr mode=640 tags: - config -- name: get owner for results dir +- name: Get owner for results dir stat: path=/var/lib/copr/public_html check_mode: no register: copr_results_dir_st -- name: change owner for results dir if it isn't copr +- name: Change owner for results dir if it isn't copr shell: "chown -R copr:copr /var/lib/copr/public_html" when: '"copr" not in copr_results_dir_st.stat.pw_name' @@ -282,27 +282,27 @@ check_mode: no changed_when: false -- name: update selinux context for results if root folder does not have proper type +- name: Update selinux context for results if root folder does not have proper type command: "restorecon -vvRF /var/lib/copr/public_html/" when: "public_html_ls is defined and 'copr_data_t' not in public_html_ls.stdout" -# - name: install cert to access fed-cloud09 +# - name: Install cert to access fed-cloud09 # # TODO: remove this when fed-cloud09 receives external cert # import_tasks: install_cloud_cert.yml -- name: enable and run copr-backend services +- name: Enable and run copr-backend services service: name="{{ item }}" enabled=yes state=started when: not services_disabled|bool with_items: - redis # TODO: .service in copr-backend should depend on redis - "{{ copr_backend_target }}" -- name: access.redhat.com offline token file +- name: Access.redhat.com offline token file set_fact: "rhn_offline_token_file=/var/lib/resallocserver/.access.redhat.com-copr-team" tags: - clean_rh_subscriptions -- name: install offline token for copr-team in RHSM +- name: Install offline token for copr-team in RHSM copy: content: "{{ copr_red_hat_subscription_offline_token }}" dest: "{{ rhn_offline_token_file }}" @@ -312,7 +312,7 @@ tags: - clean_rh_subscriptions -- name: install cleanup-unused-vms script +- name: Install cleanup-unused-vms script template: src: "{{ item }}" dest: /usr/local/bin/{{ item }} @@ -323,28 +323,28 @@ tags: - clean_rh_subscriptions -- name: setup crontab for VMs +- name: Setup crontab for VMs cron: name="cleanup nova VMs periodically" job="/usr/bin/cleanup_vm_nova.py" minute="*/20" user=copr state=absent -- name: setup crontab for cleaning up redis +- name: Setup crontab for cleaning up redis cron: name="prune redis VM db periodically" job="/usr/local/bin/cleanup-unused-vms-from-redis &>> /var/log/copr-backend/cleanup-redis-vms.log" minute="50" user=copr state=absent -- name: crontab for cleaning resalloc VMs +- name: Crontab for cleaning resalloc VMs cron: name="cleanup nova VMs periodically" job="true /usr/local/bin/cleanup-vms-aws-resalloc &>> /var/log/resallocserver/cron-cleanup-vms-aws.log" minute="*/10" user=resalloc state=absent -- name: crontab for cleaning-up unused subscriptions +- name: Crontab for cleaning-up unused subscriptions cron: name="cleanup unused Red Hat subscribed systems" job="/usr/local/bin/cleanup-unused-redhat-subscriptions &>> /var/log/resallocserver/cron-cleanup-rh-subscriptions.log" minute="*/30" @@ -352,49 +352,49 @@ tags: - clean_rh_subscriptions -- name: setup monitoring +- name: Setup monitoring import_tasks: "monitoring.yml" # Three tasks for handling our custom selinux module -- name: ensure a directory exists for our custom selinux module +- name: Ensure a directory exists for our custom selinux module file: dest=/usr/local/share/copr state=directory -- name: copy over our custom selinux module +- name: Copy over our custom selinux module copy: src=selinux/copr_rules.pp dest=/usr/local/share/copr/copr_rules.pp register: selinux_module -- name: install our custom selinux module +- name: Install our custom selinux module command: semodule -i /usr/local/share/copr/copr_rules.pp when: selinux_module is changed -- name: setup AWS access +- name: Setup AWS access import_tasks: "aws.yml" tags: - config - aws_config -- name: setup Pulp +- name: Setup Pulp import_tasks: "pulp.yml" tags: - config - pulp -- name: copr-ping-account +- name: Copr-ping-account import_tasks: copr-ping.yml tags: copr_ping -- name: add lighttpd user to the resalloc group +- name: Add lighttpd user to the resalloc group user: name: lighttpd groups: resalloc append: yes -- name: install daily custom copr-backend crontab +- name: Install daily custom copr-backend crontab copy: src=cron.daily/copr-backend dest=/etc/cron.daily/ mode=0755 tags: [cron_tasks] -- name: configure options in node exporter +- name: Configure options in node exporter lineinfile: path: /etc/default/prometheus-node-exporter regexp: '^ARGS=' diff --git a/roles/copr/backend/tasks/monitoring.yml b/roles/copr/backend/tasks/monitoring.yml index 6bae609441..60b13bea78 100644 --- a/roles/copr/backend/tasks/monitoring.yml +++ b/roles/copr/backend/tasks/monitoring.yml @@ -1,9 +1,9 @@ --- -- name: install nrpe +- name: Install nrpe dnf: name=nrpe state=present -- name: set acl for nrpe on /etc/copr +- name: Set acl for nrpe on /etc/copr acl: name=/etc/copr entity=nrpe etype=user permissions=rx state=present -- name: set acl for nrpe on /etc/copr/copr-be.conf +- name: Set acl for nrpe on /etc/copr/copr-be.conf acl: name=/etc/copr/copr-be.conf entity=nrpe etype=user permissions=r state=present diff --git a/roles/copr/backend/tasks/mount_fs.yml b/roles/copr/backend/tasks/mount_fs.yml index f466409958..073466f191 100644 --- a/roles/copr/backend/tasks/mount_fs.yml +++ b/roles/copr/backend/tasks/mount_fs.yml @@ -1,13 +1,13 @@ --- -- name: install the lvm2 package +- name: Install the lvm2 package dnf: state=present name=lvm2 -- name: early stat for the ext4 filesystem +- name: Early stat for the ext4 filesystem stat: path=/dev/disk/by-label/copr-repo register: stat_repo_fs_early tags: mdadm -- name: install LVM and RAID utilities +- name: Install LVM and RAID utilities package: name: - lvm2 @@ -19,41 +19,41 @@ tags: mdadm when: not stat_repo_fs_early.stat.exists block: - - name: stat the raid volumes + - name: Stat the raid volumes stat: path: "/dev/disk/by-id/{{ item }}" register: stat_raid loop: "{{ copr_backend_data_raid10_volumes + copr_backend_data_2_raid1_volumes }}" - - name: fail if raid volumes do not exist + - name: Fail if raid volumes do not exist debug: msg=checked failed_when: not item.stat.exists loop: "{{ stat_raid.results }}" - - name: stat the ext4 filesystem + - name: Stat the ext4 filesystem stat: path=/dev/disk/by-label/copr-repo register: stat_repo_fs - - name: scan and assemble raid volumes and activate volume groups + - name: Scan and assemble raid volumes and activate volume groups when: not stat_repo_fs.stat.exists shell: mdadm --assemble --scan && sleep 10 && vgchange -a y && sleep 5 && vgchange copr-backend-data --setautoactivation y && sleep 5 - - name: stat the ext4 filesystem + - name: Stat the ext4 filesystem stat: path=/dev/disk/by-label/copr-repo register: stat_repo_fs - - name: fail if ext4 filesystem is not found by devmapper + - name: Fail if ext4 filesystem is not found by devmapper debug: msg=checked failed_when: not stat_repo_fs.stat.exists -- name: decrease the RAID checks frequency in AWS +- name: Decrease the RAID checks frequency in AWS tags: - mdadm - raid - raid_check when: datacenter == 'aws' block: - - name: install the drop-in raid-check.timer override + - name: Install the drop-in raid-check.timer override copy: dest: /etc/systemd/system/raid-check.timer content: | @@ -69,11 +69,11 @@ WantedBy=timers.target notify: systemctl daemon-reload -- name: prepare mount point +- name: Prepare mount point file: state=directory path=/var/lib/copr/public_html -- name: mount up disk of copr repo +- name: Mount up disk of copr repo mount: name=/var/lib/copr/public_html src='LABEL=copr-repo' fstype=ext4 state=mounted opts=nofail -- name: mount /tmp/ +- name: Mount /tmp/ mount: name=/tmp src='tmpfs' fstype=tmpfs state=mounted diff --git a/roles/copr/backend/tasks/network.yml b/roles/copr/backend/tasks/network.yml index f19a678dec..eefe5946b0 100644 --- a/roles/copr/backend/tasks/network.yml +++ b/roles/copr/backend/tasks/network.yml @@ -1,8 +1,8 @@ --- -- name: copy ifcfg-eth1 +- name: Copy ifcfg-eth1 copy: src="ifcfg-eth1" dest=/etc/sysconfig/network-scripts/ owner=root group=root mode=644 -- name: enable network-manager to use the /etc/sysconfig/network-scripts +- name: Enable network-manager to use the /etc/sysconfig/network-scripts ini_file: path: /etc/NetworkManager/NetworkManager.conf section: main @@ -12,8 +12,8 @@ notify: - restart NetworkManager -- name: set up gateway +- name: Set up gateway lineinfile: dest=/etc/sysconfig/network line="GATEWAYDEV=eth0" -- name: restart network +- name: Restart network meta: flush_handlers diff --git a/roles/copr/backend/tasks/resalloc.yml b/roles/copr/backend/tasks/resalloc.yml index 6ede5f6f94..bb1440f14d 100644 --- a/roles/copr/backend/tasks/resalloc.yml +++ b/roles/copr/backend/tasks/resalloc.yml @@ -1,5 +1,5 @@ --- -- name: install packages needed by resalloc server +- name: Install packages needed by resalloc server dnf: state: present name: @@ -17,7 +17,7 @@ - virt-install - yq -- name: install IP to YAML spawner script +- name: Install IP to YAML spawner script copy: content: | #! /bin/sh -ex @@ -29,7 +29,7 @@ dest: /usr/local/bin/copr-resalloc-vm-ip-to-yaml tags: provision_config -- name: install a copr specific IP checker +- name: Install a copr specific IP checker copy: content: | #!/usr/bin/sh @@ -55,14 +55,14 @@ stat: path=/var/lib/pgsql/data/PG_VERSION register: postgres_initialized -- name: init postgresql +- name: Init postgresql shell: "postgresql-setup initdb" when: not postgres_initialized.stat.exists -- name: enable PostgreSQL service +- name: Enable PostgreSQL service service: state=started enabled=yes name=postgresql -- name: allow system users to conenct into the database +- name: Allow system users to conenct into the database lineinfile: path: /var/lib/pgsql/data/pg_ident.conf line: "{{ item }}" @@ -74,7 +74,7 @@ - "all resalloc resalloc" - "all lighttpd resalloc" -- name: configure access to the resalloc database +- name: Configure access to the resalloc database postgresql_pg_hba: dest: /var/lib/pgsql/data/pg_hba.conf contype: local @@ -99,7 +99,7 @@ tags: - always -- name: setup provision directory +- name: Setup provision directory include_tasks: setup_provisioning_environment.yml tags: - always @@ -107,18 +107,18 @@ cloud_vars: true provision_user: resalloc -- name: install .ansible.cfg for {{ provision_user }} user +- name: Install .ansible.cfg for {{ provision_user }} user copy: src=ansible.cfg dest=/var/lib/resallocserver/.ansible.cfg owner=resalloc group=resalloc mode=600 tags: - provision_config -- name: resalloc, sync resalloc provisioning files +- name: Resalloc, sync resalloc provisioning files synchronize: src="resalloc_provision/" dest="/var/lib/resallocserver/resalloc_provision/" tags: - provision_config -- name: resalloc, scripts +- name: Resalloc, scripts template: src="resalloc/{{ item }}.j2" dest="/var/lib/resallocserver/resalloc_provision/{{ item }}" mode=755 with_items: @@ -130,7 +130,7 @@ tags: - provision_config -- name: resalloc, ssh directory +- name: Resalloc, ssh directory file: path: /var/lib/resallocserver/.ssh state: directory @@ -138,7 +138,7 @@ owner: resalloc group: resalloc -- name: resalloc, copy backend ssh identity +- name: Resalloc, copy backend ssh identity copy: src: "{{ private }}/files/copr/buildsys.priv" dest: /var/lib/resallocserver/.ssh/id_rsa @@ -146,7 +146,7 @@ group: resalloc mode: "0600" -- name: resalloc, ssh config file +- name: Resalloc, ssh config file template: src: "ssh_config.j2" dest: /var/lib/resallocserver/.ssh/config @@ -157,7 +157,7 @@ - backend_to_hv_ssh_config - provision_config -- name: resalloc, server config +- name: Resalloc, server config template: src: "resalloc/{{ item }}" dest: "/etc/resallocserver/{{ item }}" @@ -171,14 +171,14 @@ - provision_config - resalloc_config -- name: start/enable resalloc server +- name: Start/enable resalloc server service: name: resalloc state: started enabled: yes when: not services_disabled|bool -- name: shortcuts around resalloc-aws-start +- name: Shortcuts around resalloc-aws-start template: src="{{ roles_path }}/copr/backend/templates/provision/copr-resalloc-aws-new.j2" dest="/usr/local/bin/copr-resalloc-aws-new-{{ item }}" mode=0755 @@ -189,7 +189,7 @@ - provision_config - provision_config_resalloc_aws -- name: shortcut for creating s390x images in cloud +- name: Shortcut for creating s390x images in cloud copy: src: copr-prepare-s390x-image-builder dest: /usr/local/bin/copr-prepare-s390x-image-builder @@ -197,10 +197,10 @@ tags: - images_s390x -- name: sometimes it is worth having the copr.py ansible plugin +- name: Sometimes it is worth having the copr.py ansible plugin package: name=ansible-collection-community-general state=latest -- name: install IBM Cloud token file +- name: Install IBM Cloud token file copy: content: "IBMCLOUD_API_KEY={{ copr_cloud_ibm_token | default('unset') }}" dest: "{{ ibmcloud_token_file }}" diff --git a/roles/copr/backend/tasks/setup_provisioning_environment.yml b/roles/copr/backend/tasks/setup_provisioning_environment.yml index fbf44c703a..f2c263b600 100644 --- a/roles/copr/backend/tasks/setup_provisioning_environment.yml +++ b/roles/copr/backend/tasks/setup_provisioning_environment.yml @@ -1,5 +1,5 @@ --- -- name: default copr_builder_fedora_version +- name: Default copr_builder_fedora_version set_fact: copr_builder_fedora_version: 0 when: @@ -9,20 +9,20 @@ # Warning: this file is included also from copr-hv playbook(s), so keep the # source file arguments absolute (not relative to this role) -- name: sync copr provisioning files +- name: Sync copr provisioning files synchronize: src="{{ roles_path }}/copr/backend/files/provision/" dest="{{ provision_directory }}/" tags: - provision_config -- name: "sync copr provisioning files [remove mock config leftovers]" +- name: "Sync copr provisioning files [remove mock config leftovers]" synchronize: src="{{ roles_path }}/copr/backend/files/provision/files/mock/" dest="{{ provision_directory }}/files/mock/" delete=yes tags: - provision_config -- name: resalloc, generate vars.yml file +- name: Resalloc, generate vars.yml file template: src: "{{ roles_path }}/copr/backend/templates/provision/{{ item }}" dest: "{{ provision_directory }}/{{ item }}" @@ -31,7 +31,7 @@ tags: - provision_config -- name: templated provision scripts +- name: Templated provision scripts template: src: "{{ roles_path }}/copr/backend/templates/provision/{{ item }}" dest: "{{ provision_directory }}/{{ item }}" @@ -44,7 +44,7 @@ # for the hypervisor use-case - cloud_vars is not defined -- name: templated provision scripts +- name: Templated provision scripts template: src: "{{ roles_path }}/copr/backend/templates/provision/{{ item }}" dest: "{{ provision_directory }}/{{ item }}" @@ -56,7 +56,7 @@ when: - cloud_vars is defined and cloud_vars -- name: generate cloud-oriented vars files +- name: Generate cloud-oriented vars files template: src: "{{ roles_path }}/copr/backend/templates/provision/{{ item }}" dest: "{{ provision_directory }}/{{ item }}" @@ -67,7 +67,7 @@ when: - cloud_vars is defined and cloud_vars -- name: put copr-rpmbuild configuration file into the provision subdir +- name: Put copr-rpmbuild configuration file into the provision subdir template: src="{{ roles_path }}/copr/backend/templates/provision/copr-rpmbuild/main.ini.j2" dest="{{ provision_directory }}/files/main.ini" tags: @@ -75,19 +75,19 @@ - copr_rpmbuild_main_ini when: "'copr_hypervisor' not in group_names" -- name: put rpkg configuration file into the provision subdir +- name: Put rpkg configuration file into the provision subdir template: src="{{ roles_path }}/copr/backend/templates/provision/rpkg.conf.j2" dest="{{ provision_directory }}/files/rpkg.conf" tags: - provision_config -- name: remove currently unused and broken os_nova filter +- name: Remove currently unused and broken os_nova filter file: state=absent path="{{ provision_directory }}/filter_plugins/os_nova.py" tags: - provision_config -- name: install the Oregon State University OpenStack token file on BE/HV +- name: Install the Oregon State University OpenStack token file on BE/HV template: src: "{{ roles_path }}/copr/backend/templates/provision/rc-osuosl.sh.j2" dest: "{{ provision_directory }}/.rc-osuosl.sh" diff --git a/roles/copr/base/tasks/main.yml b/roles/copr/base/tasks/main.yml index 1129ab87c3..21b533f2d1 100644 --- a/roles/copr/base/tasks/main.yml +++ b/roles/copr/base/tasks/main.yml @@ -9,28 +9,28 @@ # - import_tasks: "{{ tasks_path }}/postfix_basic.yml" # To late to do it here ( -# - name: setup correct hostname for copr machine +# - name: Setup correct hostname for copr machine # hostname: name="{{ copr_hostbase }}.cloud.fedoraproject.org" # # hostname: name="{{ hostbase|regex_replace('.*-$', '')}}.cloud.fedoraproject.org" # tags: # - config -- name: enable epel for non-fedora hosts +- name: Enable epel for non-fedora hosts package: state=present pkg="epel-release" when: ansible_distribution != 'Fedora' -- name: copy .forward file +- name: Copy .forward file copy: src="{{ _forward_src }}" dest="/root/.forward" owner=root group=root tags: - config -- name: deploy /etc/hosts file +- name: Deploy /etc/hosts file copy: src="hosts" dest=/etc/ owner=root group=root mode=644 tags: - config # https://bugzilla.redhat.com/show_bug.cgi?id=1941170 -- name: mask the systemd-oomd service +- name: Mask the systemd-oomd service systemd: name: systemd-oomd state: stopped @@ -38,11 +38,11 @@ masked: yes when: ansible_distribution == 'Fedora' -- name: configure crond +- name: Configure crond copy: src=sysconfig.crond dest=/etc/sysconfig/crond notify: restart crond -- name: install base copr packages +- name: Install base copr packages package: name: - acl # useful for ansible acl module @@ -56,11 +56,11 @@ tags: packages -- name: install rsyslog-logrotate +- name: Install rsyslog-logrotate package: name=rsyslog-logrotate state=present when: ansible_distribution == 'Fedora' -- name: configure anacrond to not send mails to root user +- name: Configure anacrond to not send mails to root user lineinfile: dest=/etc/anacrontab backup=yes state=present @@ -68,38 +68,38 @@ regexp="^MAILTO" notify: restart crond -- name: override the default rsyslog logrotate file +- name: Override the default rsyslog logrotate file copy: src=syslog-logrotate dest=/etc/logrotate.d/rsyslog tags: - logrotate when: ansible_distribution == 'Fedora' -- name: install copr-selinux +- name: Install copr-selinux package: state: latest name: copr-selinux tags: - packages -- name: start node exporter +- name: Start node exporter service: state=started enabled=yes name=node_exporter when: - "'pulp' not in inventory_hostname" -# - name: check offloading +# - name: Check offloading # shell: "ethtool -k ens5 | egrep -q 'tcp-segmentation-offload: on|generic-receive-offload: on|generic-segmentation-offload: on'" # register: offloading # failed_when: offloading.rc == 2 # changed_when: "1 != 1" # check_mode: no # -# - name: disable offloading +# - name: Disable offloading # command: ethtool -K ens5 tso off gro off gso off # when: # - offloading.rc == 0 # - ansible_distribution == 'Fedora' # -# - name: disable offloading (persitently) +# - name: Disable offloading (persitently) # shell: "nmcli con modify '{{ aws_ipv6_con }}' ethtool.feature-tso off ethtool.feature-gro off ethtool.feature-gso off" # when: # - offloading.rc == 0 @@ -107,7 +107,7 @@ # tags: # - config # -# - name: check we have the needed ipv6 +# - name: Check we have the needed ipv6 # shell: "nmcli con show '{{ aws_ipv6_con }}' | grep ipv6.addresses | grep {{ aws_ipv6_addr }}" # register: ipv6_config_check # failed_when: false @@ -116,7 +116,7 @@ # - aws_ipv6_addr is defined # tags: ipv6_config # -# - name: setup ipv6 networking +# - name: Setup ipv6 networking # shell: | # nmcli con modify '{{ aws_ipv6_con }}' ipv6.method auto ipv6.may-fail yes ipv6.never-default no ipv6.addresses '{{ aws_ipv6_addr }}' # nmcli con up '{{ aws_ipv6_con }}' @@ -125,7 +125,7 @@ # - ipv6_config_check.changed # tags: ipv6_config -- name: install nrpe checks +- name: Install nrpe checks template: src=copr_nrpe.cfg dest=/etc/nrpe.d/copr_nrpe.cfg notify: @@ -135,7 +135,7 @@ - copr_cdn - copr_ping -# - name: enable and run logrotate service +# - name: Enable and run logrotate service # service: name="logrotate" state=started # https://github.com/fedora-copr/copr/issues/3439 diff --git a/roles/copr/certbot/tasks/letsencrypt.yml b/roles/copr/certbot/tasks/letsencrypt.yml index fcd1fdd65f..306cc6f222 100644 --- a/roles/copr/certbot/tasks/letsencrypt.yml +++ b/roles/copr/certbot/tasks/letsencrypt.yml @@ -6,18 +6,18 @@ tags: - certbot -- name: install certbot package +- name: Install certbot package package: name=certbot state=present tags: - certbot -- name: install certbot config +- name: Install certbot config template: src=certbot.j2 dest=/etc/sysconfig/certbot mode=0644 tags: - certbot -- name: install certbot deploy script +- name: Install certbot deploy script template: src={{ letsencrypt.predefined_deploy_script }} dest=/usr/libexec/auto-certbot-deploy mode=0755 @@ -25,14 +25,14 @@ tags: - certbot -- name: check whether we need to initialize letsencrypt first +- name: Check whether we need to initialize letsencrypt first stat: path="/etc/letsencrypt/live/{{ item.key }}" register: le_stat_checks with_dict: "{{ letsencrypt.certificates }}" tags: - certbot -- name: check if we already have the backup +- name: Check if we already have the backup delegate_to: localhost stat: path: "{{ le_backup_path }}/{{ (letsencrypt.certificates|dictsort)[0][0] }}" @@ -40,7 +40,7 @@ tags: - certbot -- name: restore the certificates from backup (backed up on batcave) +- name: Restore the certificates from backup (backed up on batcave) synchronize: src: "{{ le_backup_path }}/{{ (letsencrypt.certificates|dictsort)[0][0] }}/" dest: "{{ le_source_path }}" @@ -52,7 +52,7 @@ - le_stat_backup_dir.stat.exists register: some_cert_restored -- name: initialize certbot configuration +- name: Initialize certbot configuration shell: | certbot certonly --standalone \ -w {{ item.item.value.challenge_dir }} \ @@ -68,7 +68,7 @@ tags: - certbot -- name: configure certbot to use webroot next time +- name: Configure certbot to use webroot next time ini_file: dest="/etc/letsencrypt/renewal/{{ item.item.key }}.conf" section=renewalparams option=authenticator @@ -77,7 +77,7 @@ tags: - certbot -- name: configure certbot to use webroot next time +- name: Configure certbot to use webroot next time ini_file: dest="/etc/letsencrypt/renewal/{{ item.item.key }}.conf" section=renewalparams option=webroot_path @@ -86,7 +86,7 @@ tags: - certbot -- name: post init script +- name: Post init script shell: | /usr/libexec/auto-certbot-deploy \ --init {{ item.item.key }} @@ -112,7 +112,7 @@ # following issues: # https://pagure.io/copr/copr/issue/2001 Resolves: # https://pagure.io/fedora-infrastructure/issue/10391 -- name: allow lighttpd to step into certbots directories +- name: Allow lighttpd to step into certbots directories acl: path: "{{ item }}" entity: lighttpd @@ -128,7 +128,7 @@ tags: - certbot -- name: prepare the certbot backup directory on batcave +- name: Prepare the certbot backup directory on batcave delegate_to: localhost file: path: "{{ le_backup_path }}" @@ -140,7 +140,7 @@ tags: certbot -- name: backup the letsencrypt certs to batcave directory +- name: Backup the letsencrypt certs to batcave directory synchronize: src: "{{ le_source_path }}/" dest: "{{ le_backup_path }}/{{ item.key }}" diff --git a/roles/copr/dist_git/tasks/main.yml b/roles/copr/dist_git/tasks/main.yml index 65c78c9968..2863ad219e 100644 --- a/roles/copr/dist_git/tasks/main.yml +++ b/roles/copr/dist_git/tasks/main.yml @@ -6,10 +6,10 @@ - group: name="copr-dist-git" state=present gid=1003 - group: name="apache" state=present gid=48 -- name: create user for git repos and copr-dist-git service +- name: Create user for git repos and copr-dist-git service user: name="copr-dist-git" group=copr-dist-git groups=packager,apache uid=1002 -- name: install packages +- name: Install packages dnf: state: present name: @@ -24,7 +24,7 @@ tags: - packages -- name: install latest dist-git and copr-dist-git +- name: Install latest dist-git and copr-dist-git dnf: state: present name: @@ -32,15 +32,15 @@ - dist-git-selinux - copr-dist-git -- name: switch selinux to enforcing +- name: Switch selinux to enforcing selinux: policy=targeted state=enforcing -- name: make sure directories are owned by copr-dist-git user +- name: Make sure directories are owned by copr-dist-git user file: path={{ item }} owner=copr-dist-git group=copr-dist-git state=directory recurse=yes with_items: - /var/log/copr-dist-git/ -- name: install config for copr-dist-git +- name: Install config for copr-dist-git template: src=copr-dist-git.conf.j2 dest=/etc/copr/copr-dist-git.conf mode=0644 tags: - config @@ -48,13 +48,13 @@ notify: - restart copr-dist-git -- name: set git variables for copr-dist-git user +- name: Set git variables for copr-dist-git user copy: src=".gitconfig" dest="/home/copr-dist-git/.gitconfig" -- name: set git config username +- name: Set git config username git_config: name=user.name scope=global value="Copr dist git" -- name: install httpd config needed for COPR lookaside cache +- name: Install httpd config needed for COPR lookaside cache copy: src="httpd/dist-git/{{ item }}" dest="/etc/httpd/conf.d/dist-git/{{ item }}" with_items: - lookaside-copr.conf @@ -63,13 +63,13 @@ notify: - reload httpd -- name: letsencrypt for copr-dist-git +- name: Letsencrypt for copr-dist-git include_role: name=copr/certbot tags: - config - certbot -- name: install copr-dist-git httpd config +- name: Install copr-dist-git httpd config copy: src="httpd/{{ item }}" dest="/etc/httpd/conf.d/{{ item }}" with_items: - copr-dist-git.conf @@ -78,34 +78,34 @@ notify: - reload httpd -- name: install /etc/httpd/conf.d/ssl.conf +- name: Install /etc/httpd/conf.d/ssl.conf template: src="ssl.conf.j2" dest="/etc/httpd/conf.d/ssl.conf" owner=root group=root mode=0644 notify: - reload httpd -- name: temporary logrotation fix until copr-dist-git 0.26 is released & deployed +- name: Temporary logrotation fix until copr-dist-git 0.26 is released & deployed copy: src="logrotate.d/copr-dist-git" dest="/etc/logrotate.d/copr-dist-git" -- name: install /etc/dist-git/dist-git.conf file +- name: Install /etc/dist-git/dist-git.conf file copy: src="dist-git.conf" dest="/etc/dist-git/dist-git.conf" mode=0644 tags: - config -- name: install cgitrc +- name: Install cgitrc template: src="cgitrc" dest="/etc/cgitrc" owner=root group=root mode=0644 -- name: allow httpd to run cgit +- name: Allow httpd to run cgit seboolean: name=httpd_enable_cgi state=true persistent=true -- name: install robots.txt +- name: Install robots.txt copy: src="robots.txt" dest="/var/www/html/" mode=0644 tags: - config -- name: set up tmpwatch cron job +- name: Set up tmpwatch cron job cron: name="clean tmp" minute="0" job="/usr/sbin/tmpwatch 2h /tmp/" -- name: ensure that services are enabled and started +- name: Ensure that services are enabled and started service: name="{{ item }}" enabled=yes state=started with_items: - "httpd" @@ -113,16 +113,16 @@ - "copr-dist-git" when: not services_disabled|bool -- name: create place for our custom SELinux policy +- name: Create place for our custom SELinux policy file: path=/usr/local/share/selinux state=directory -- name: copy over our custom selinux policy for cgit +- name: Copy over our custom selinux policy for cgit copy: src=git_script_t.pp dest=/usr/local/share/selinux/git_script_t.pp register: cgit_selinux_module tags: - selinux -- name: install our custom selinux policy for cgit +- name: Install our custom selinux policy for cgit command: semodule -i /usr/local/share/selinux/git_script_t.pp when: cgit_selinux_module is changed tags: @@ -131,13 +131,13 @@ - name: Create CGIT config file if it does not exist (takes almost an hour) command: /usr/bin/copr-dist-git-refresh-cgit creates=/var/cache/cgit/repo-configuration.rc -- name: ensure that .config directory exists +- name: Ensure that .config directory exists file: path=/home/copr-dist-git/.config state=directory -- name: install .config/copr for copr-dist-git user (required for pruning) +- name: Install .config/copr for copr-dist-git user (required for pruning) template: src="copr.conf" dest="/home/copr-dist-git/.config/copr" owner=copr-dist-git group=copr-dist-git -- name: install the helper cron scripts +- name: Install the helper cron scripts copy: src: "{{ item }}" dest: "/usr/local/bin/{{ item }}" @@ -148,19 +148,19 @@ loop: - test-too-soon -- name: install copr-dist-git.daily cron file +- name: Install copr-dist-git.daily cron file copy: src="copr-dist-git.daily" dest="/etc/cron.daily/copr-dist-git" mode=755 tags: - config - cron -- name: install copr-dist-git.weekly cron file +- name: Install copr-dist-git.weekly cron file copy: src="copr-dist-git.weekly" dest="/etc/cron.weekly/copr-dist-git" mode=755 tags: - config - cron -- name: drop monthly cron job +- name: Drop monthly cron job file: path: /etc/cron.monthly/copr-dist-git state: absent @@ -168,5 +168,5 @@ - config - cron -- name: install /etc/gitconfig file +- name: Install /etc/gitconfig file copy: src="gitconfig" dest="/etc/gitconfig" diff --git a/roles/copr/dist_git/tasks/mount_fs.yml b/roles/copr/dist_git/tasks/mount_fs.yml index f6fe458cb1..619f23189c 100644 --- a/roles/copr/dist_git/tasks/mount_fs.yml +++ b/roles/copr/dist_git/tasks/mount_fs.yml @@ -1,18 +1,18 @@ --- -- name: prepare mount point +- name: Prepare mount point file: state=directory path=/var/lib/dist-git -- name: mount up disk of copr repo +- name: Mount up disk of copr repo mount: name=/var/lib/dist-git src='LABEL=copr-dist-git' fstype=ext4 state=mounted -- name: prepare mount point +- name: Prepare mount point file: state=directory path=/var/lib/copr-dist-git -- name: create symlink for per-task-logs +- name: Create symlink for per-task-logs file: state: link src: /var/lib/dist-git/per-task-logs path: /var/lib/copr-dist-git/per-task-logs -- name: mount tmp on tmpfs +- name: Mount tmp on tmpfs mount: name=/tmp src=tmpfs fstype=tmpfs state=mounted opts=defaults,size=39G,nr_inodes=2g diff --git a/roles/copr/frontend/tasks/httpd.yml b/roles/copr/frontend/tasks/httpd.yml index 005721fd76..f98b844b57 100644 --- a/roles/copr/frontend/tasks/httpd.yml +++ b/roles/copr/frontend/tasks/httpd.yml @@ -1,6 +1,6 @@ --- -- name: copy apache files to conf.d (templates) +- name: Copy apache files to conf.d (templates) template: src="httpd/{{ item }}" dest="/etc/httpd/conf.d/{{ item }}" with_items: - "coprs.conf" @@ -10,7 +10,7 @@ - config - certbot -- name: drop old and now unused coprs_ssl.conf +- name: Drop old and now unused coprs_ssl.conf file: path=/etc/httpd/conf.d/coprs_ssl.conf state=absent notify: - reload httpd diff --git a/roles/copr/frontend/tasks/main.yml b/roles/copr/frontend/tasks/main.yml index cdeb1470e3..0623701b47 100644 --- a/roles/copr/frontend/tasks/main.yml +++ b/roles/copr/frontend/tasks/main.yml @@ -1,31 +1,31 @@ --- - import_tasks: "mount_fs.yml" -- name: register security context for pgsql directory +- name: Register security context for pgsql directory command: "ls -dZ /var/lib/pgsql" register: pgsql_ls changed_when: false # `ls' command is not changing anything -- name: update selinux context for postgress db dir if it's wrong +- name: Update selinux context for postgress db dir if it's wrong command: "restorecon -vvRF /var/lib/pgsql" when: pgsql_ls.stdout is defined and 'postgresql_db_t' not in pgsql_ls.stdout -- name: install weekly custom copr-frontend-crontab +- name: Install weekly custom copr-frontend-crontab copy: src=cron.weekly/copr-frontend-optional dest=/etc/cron.weekly/ mode=0755 tags: [cron_tasks] -- name: install daily custom copr-frontend-crontab +- name: Install daily custom copr-frontend-crontab copy: src=cron.daily/copr-frontend-optional dest=/etc/cron.daily/ mode=0755 tags: [cron_tasks] -- name: install hourly custom copr-frontend-crontab +- name: Install hourly custom copr-frontend-crontab copy: src=cron.hourly/copr-frontend-optional dest=/etc/cron.hourly/ mode=0755 tags: [cron_tasks] -- name: install copr-frontend and copr-selinux +- name: Install copr-frontend and copr-selinux dnf: state: present name: @@ -54,7 +54,7 @@ - cron_tasks # we install python-alembic because https://bugzilla.redhat.com/show_bug.cgi?id=1536058 -- name: install additional pkgs for copr-frontend +- name: Install additional pkgs for copr-frontend dnf: state: present pkg: @@ -70,20 +70,20 @@ tags: - packages -# - name: patch for issue XXX +# - name: Patch for issue XXX # patch: src=patches/xxx.patch # dest=/the/patched/file.py # tags: patches -- name: directory for postgresql dumps +- name: Directory for postgresql dumps file: state=directory path=/var/www/html/db_dumps/ owner=copr-fe mode=755 -- name: directory for usage graphs +- name: Directory for usage graphs file: state=directory path=/var/www/html/usage/ owner=copr-fe mode=755 -- name: install copr configs +- name: Install copr configs template: src="copr.conf" dest=/etc/copr/copr.conf mode=600 notify: - reload httpd @@ -92,7 +92,7 @@ - config - copr_infrastructure_password -- name: install config for 'copr-frontend chroots-template' +- name: Install config for 'copr-frontend chroots-template' copy: src="chroots.conf" dest=/etc/copr/chroots.conf mode=600 owner=copr-fe group=copr-fe register: chroots_conf_installed @@ -102,7 +102,7 @@ - import_tasks: "psql_setup.yml" -- name: upgrade db to head +- name: Upgrade db to head command: alembic-3 upgrade head become: yes become_user: copr-fe @@ -111,7 +111,7 @@ register: alembic_result changed_when: alembic_result.stdout is search("Running upgrade") -- name: apply the config comments +- name: Apply the config comments command: copr-frontend chroots-template become: yes become_user: copr-fe @@ -122,7 +122,7 @@ - config - chroots_config -- name: enable and start redis # TODO: .service in copr-backend should depend on redis +- name: Enable and start redis # TODO: .service in copr-backend should depend on redis service: name=redis enabled=yes state=started when: not services_disabled|bool @@ -135,7 +135,7 @@ state: no persistent: yes -- name: install letsencrypt ssl certificates for dev +- name: Install letsencrypt ssl certificates for dev include_role: name=copr/certbot tags: - config @@ -143,23 +143,23 @@ - import_tasks: "httpd.yml" -- name: enable services +- name: Enable services service: state=started enabled=yes name={{ item }} with_items: - httpd - crond when: not services_disabled|bool -- name: set dev banner for dev instance +- name: Set dev banner for dev instance when: devel|bool copy: src=banner-include.html dest=/var/lib/copr/ -- name: disallow robots on dev instance +- name: Disallow robots on dev instance when: devel|bool copy: src=robots.txt dest=/var/www/html/ -- name: register whether indexes rebuild is required +- name: Register whether indexes rebuild is required command: copr-frontend update_indexes_required become: yes become_user: copr-fe @@ -167,7 +167,7 @@ changed_when: false failed_when: false -- name: rebuild indexes +- name: Rebuild indexes command: ./manage.py update_indexes become: yes become_user: copr-fe @@ -175,45 +175,45 @@ chdir: /usr/share/copr/coprs_frontend/ when: update_indexes_required_result.rc != 0 -- name: make sure /etc/fedora-messaging directory exists +- name: Make sure /etc/fedora-messaging directory exists file: path=/etc/fedora-messaging state=directory -- name: install fedora messaging config for Copr +- name: Install fedora messaging config for Copr template: src="fedora-messaging/copr_messaging.toml" dest="/etc/fedora-messaging/copr_messaging.toml" notify: - restart copr-fe-fedora-messaging-reader tags: - config -- name: detect copr-frontend version +- name: Detect copr-frontend version package_facts: manager=auto -- name: install custom systemd service files +- name: Install custom systemd service files copy: src=systemd dest=/etc notify: - reload httpd -- name: compress rotated httpd logs +- name: Compress rotated httpd logs copy: src="httpd.logrotate" dest="/etc/logrotate.d/httpd" tags: [logrotate_tasks] -- name: start logrotate service +- name: Start logrotate service service: name=logrotate.timer state=started enabled=yes when: not services_disabled|bool -- name: start fm-consumer service +- name: Start fm-consumer service service: state=started enabled=yes name="fm-consumer@copr_messaging" when: - not services_disabled|bool -- name: install bash_profile file to ease some admin tasks +- name: Install bash_profile file to ease some admin tasks copy: content: | export PGUSER=copr-fe export PGDATABASE=coprdb dest: "{{ copr_fe_homedir }}/.bash_profile" -- name: configure options in node exporter +- name: Configure options in node exporter lineinfile: path: /etc/default/prometheus-node-exporter regexp: '^ARGS=' @@ -221,10 +221,10 @@ backrefs: yes notify: restart node_exporter -- name: install nrpe +- name: Install nrpe dnf: name=nrpe state=present -- name: install the check script +- name: Install the check script template: dest: "/usr/bin/copr-cdn-check.py" src: "copr-cdn-check.py.j2" @@ -234,7 +234,7 @@ api_key: "{{ copr_uptimerobot_api_key_ro | default('not-configured') }}" tags: copr_cdn -- name: install gai.conf +- name: Install gai.conf copy: src=gai.conf dest=/etc notify: - reload httpd diff --git a/roles/copr/frontend/tasks/mount_fs.yml b/roles/copr/frontend/tasks/mount_fs.yml index 7d9f2991ca..d8b774cd4b 100644 --- a/roles/copr/frontend/tasks/mount_fs.yml +++ b/roles/copr/frontend/tasks/mount_fs.yml @@ -1,6 +1,6 @@ --- -- name: mount up disk of copr fe +- name: Mount up disk of copr fe mount: name=/srv/copr-fe src='LABEL=copr-fe' fstype=ext4 state=mounted -- name: mount up bind mount for postgres +- name: Mount up bind mount for postgres mount: src=/srv/copr-fe/pgsqldb name=/var/lib/pgsql fstype=auto opts=bind state=mounted diff --git a/roles/copr/frontend/tasks/psql_setup.yml b/roles/copr/frontend/tasks/psql_setup.yml index 95f40cdb63..fd1c0268a9 100644 --- a/roles/copr/frontend/tasks/psql_setup.yml +++ b/roles/copr/frontend/tasks/psql_setup.yml @@ -1,5 +1,5 @@ --- -- name: install postresql +- name: Install postresql package: state=present pkg={{ item }} with_items: - "postgresql-server" @@ -10,11 +10,11 @@ stat: path=/var/lib/pgsql/data/PG_VERSION register: postgres_initialized -- name: init postgresql +- name: Init postgresql shell: "postgresql-setup initdb" when: not postgres_initialized.stat.exists -- name: copy pg_hba.conf +- name: Copy pg_hba.conf copy: src="pg/pg_hba.conf" dest=/var/lib/pgsql/data/pg_hba.conf owner=postgres group=postgres mode=0600 notify: - restart postgresql @@ -43,7 +43,7 @@ tags: - config -- name: enable Pg service +- name: Enable Pg service service: state=started enabled=yes name=postgresql - name: Create db @@ -56,7 +56,7 @@ become: yes become_user: postgres -- name: set shared_buffers for PostgreSQL +- name: Set shared_buffers for PostgreSQL lineinfile: path: /var/lib/pgsql/data/postgresql.conf regexp: '^shared_buffers =' @@ -65,7 +65,7 @@ tags: - config -- name: set effective_cache_size for PostgreSQL +- name: Set effective_cache_size for PostgreSQL lineinfile: path: /var/lib/pgsql/data/postgresql.conf regexp: '^effective_cache_size =' @@ -74,7 +74,7 @@ tags: - config -- name: set work_mem for PostgreSQL +- name: Set work_mem for PostgreSQL lineinfile: path: /var/lib/pgsql/data/postgresql.conf regexp: '^work_mem =' @@ -83,7 +83,7 @@ tags: - config -- name: set maintenance_work_mem for PostgreSQL +- name: Set maintenance_work_mem for PostgreSQL lineinfile: path: /var/lib/pgsql/data/postgresql.conf regexp: '^maintenance_work_mem =' @@ -92,7 +92,7 @@ tags: - config -- name: set checkpoint_completion_target for PostgreSQL +- name: Set checkpoint_completion_target for PostgreSQL lineinfile: path: /var/lib/pgsql/data/postgresql.conf regexp: '^checkpoint_completion_target =' @@ -101,7 +101,7 @@ tags: - config -- name: set log_min_duration_statement for PostgreSQL +- name: Set log_min_duration_statement for PostgreSQL lineinfile: path: /var/lib/pgsql/data/postgresql.conf regexp: '^log_min_duration_statement =' @@ -110,7 +110,7 @@ tags: - config -- name: set max_connections for PostgreSQL +- name: Set max_connections for PostgreSQL lineinfile: path: /var/lib/pgsql/data/postgresql.conf regexp: '^max_connections =' @@ -119,7 +119,7 @@ tags: - config -- name: install psqlrc file +- name: Install psqlrc file copy: content: | \pset linestyle unicode @@ -134,7 +134,7 @@ group: copr-fe mode: "0600" -- name: install pgpass file +- name: Install pgpass file copy: content: | localhost:*:coprdb:copr-fe:{{ copr_database_password }} @@ -146,7 +146,7 @@ - stat: path="{{ copr_fe_homedir }}/.psql_history" register: history_file -- name: install pghistory file +- name: Install pghistory file file: path="{{ copr_fe_homedir }}/.psql_history" state=touch owner=copr-fe group=copr-fe mode=0600 when: not history_file.stat.exists diff --git a/roles/copr/hypervisor/tasks/main.yml b/roles/copr/hypervisor/tasks/main.yml index 3cd9b44dcd..76f4282bc9 100644 --- a/roles/copr/hypervisor/tasks/main.yml +++ b/roles/copr/hypervisor/tasks/main.yml @@ -14,23 +14,23 @@ - config - openstack -# - name: enable swap in fstab +# - name: Enable swap in fstab # mount: name=none src=LABEL=swap # fstype=swap opts=sw passno=0 dump=0 # state=present # register: fstab_swap_entry # tags: swap -# - name: mount the swap +# - name: Mount the swap # shell: swapon -a # when: fstab_swap_entry.changed # tags: swap -- name: install the default profile script +- name: Install the default profile script copy: src=profile.sh dest=/etc/profile.d/copr-hypervisor.sh tags: profile_scripts -- name: install libvirt packages +- name: Install libvirt packages package: name={{ item }} state=present with_items: - qemu-kvm @@ -45,7 +45,7 @@ - packages - libvirtd -- name: install libvirtd.conf +- name: Install libvirtd.conf copy: src="{{ files }}/virthost/libvirtd.conf" dest=/etc/libvirt/libvirtd.conf notify: - restart libvirtd @@ -56,18 +56,18 @@ - set_fact: image_pool_dir=/libvirt-images image_pool_name=images tags: libvirtd -- name: create libvirt image directory +- name: Create libvirt image directory file: path={{ image_pool_dir }} owner=qemu group=qemu mode=ug=rwx,g+s state=directory tags: libvirtd -- name: mount libvirt image partition +- name: Mount libvirt image partition mount: name={{ image_pool_dir }} src='LABEL=vmvolumes' fstype=ext4 state=mounted tags: libvirtd -- name: correct selinux +- name: Correct selinux sefcontext: target: "{{ image_pool_dir }}(/.*)?" setype: virt_image_t @@ -75,25 +75,25 @@ register: semanage_run tags: libvirtd -- name: restorecon +- name: Restorecon shell: restorecon -irv "{{ image_pool_dir }}" when: semanage_run.changed tags: libvirtd -- name: check host-bridge in libvirt +- name: Check host-bridge in libvirt shell: virsh net-info host-bridge register: libvirt_bridge_exists failed_when: false changed_when: libvirt_bridge_exists.rc != 0 tags: libvirtd -- name: copy host-bridge config file to host +- name: Copy host-bridge config file to host copy: src=libvirt-net-bridge.xml dest=/root/.tmp-ansible-file.xml when: libvirt_bridge_exists.changed tags: libvirtd -- name: define host-bridge in libvirt +- name: Define host-bridge in libvirt shell: | virsh net-define /root/.tmp-ansible-file.xml virsh net-start host-bridge @@ -102,20 +102,20 @@ notify: restart libvirtd tags: libvirtd -- name: check if image pool exists +- name: Check if image pool exists shell: virsh pool-info "{{ image_pool_name }}" register: libvirt_pool_exists failed_when: false changed_when: libvirt_pool_exists.rc != 0 tags: libvirtd -- name: copy image pool config file to host +- name: Copy image pool config file to host template: src=libvirt-pool-images.xml dest=/root/.tmp-ansible-file.xml when: libvirt_pool_exists.changed tags: libvirtd -- name: define image pool in libvirt +- name: Define image pool in libvirt shell: | virsh pool-define /root/.tmp-ansible-file.xml virsh pool-start "{{ image_pool_name }}" @@ -124,7 +124,7 @@ notify: restart libvirtd tags: libvirtd -- name: allow copr user controlling libvirt +- name: Allow copr user controlling libvirt ini_file: path: /usr/lib/systemd/system/libvirtd.socket section: Socket @@ -136,15 +136,15 @@ - restart libvirtd.socket tags: libvirtd -- name: create the copr user +- name: Create the copr user user: name=copr uid=11666 group=libvirt groups=qemu password_lock=true -- name: assure that copr-be can ssh there as copr@... +- name: Assure that copr-be can ssh there as copr@... authorized_key: user=copr key="{{ item }}" with_file: - buildsys.pub -- name: add @copr keys for sysadmin-main and other allowed users +- name: Add @copr keys for sysadmin-main and other allowed users authorized_key: user=copr key="{{ item }}" with_lines: - "{{ auth_keys_from_fas }} @sysadmin-copr" @@ -154,14 +154,14 @@ - sshkeys # todo: generate it's own key -- name: make sure hostA can ssh to hostB +- name: Make sure hostA can ssh to hostB copy: src: "{{ private }}/files/copr/buildsys.priv" dest: /home/copr/.ssh/id_rsa owner: copr mode: "0600" -- name: provide pub key, too, so we can install them to generated builder images +- name: Provide pub key, too, so we can install them to generated builder images copy: src=buildsys.pub dest=/home/copr/.ssh/id_rsa.pub owner=copr mode=0600 @@ -176,13 +176,13 @@ - update_helpers - packages -- name: install the latest helper package +- name: Install the latest helper package package: name=praiskup-helpers state=latest tags: - update_helpers - packages -- name: install configuration for /bin/copr-image +- name: Install configuration for /bin/copr-image copy: dest: /etc/eimg/eimg.sh content: | @@ -194,7 +194,7 @@ tags: provision_config -- name: setup provision directory +- name: Setup provision directory include_tasks: "{{ roles_path }}/copr/backend/tasks/setup_provisioning_environment.yml" vars: provision_directory: /home/copr/provision diff --git a/roles/copr/keygen/tasks/main.yml b/roles/copr/keygen/tasks/main.yml index 2f505a7bf2..fb04d417e3 100644 --- a/roles/copr/keygen/tasks/main.yml +++ b/roles/copr/keygen/tasks/main.yml @@ -1,38 +1,38 @@ --- -- name: prepare mount point +- name: Prepare mount point file: state=directory path=/var/lib/copr-keygen -- name: mount up disk of copr repo +- name: Mount up disk of copr repo mount: name=/var/lib/copr-keygen src='LABEL=copr-keygen' fstype=ext4 state=mounted register: keychain_mounted -- name: install copr-keygen +- name: Install copr-keygen dnf: state=present name=copr-keygen notify: - restart haveged -- name: change owner of data to copr-signer +- name: Change owner of data to copr-signer file: path=/var/lib/copr-keygen owner=copr-signer group=copr-signer recurse=yes when: keychain_mounted.changed -- name: put keygen vhost for httpd +- name: Put keygen vhost for httpd copy: src="httpd/copr-keygen.conf" dest="/etc/httpd/conf.d/copr-keygen.conf" notify: - reload httpd tags: - config -- name: put config for signd +- name: Put config for signd template: src="sign.conf" dest="/etc/sign.conf" notify: - restart obs-signd tags: - config -- name: add Install section for signd systemd unit +- name: Add Install section for signd systemd unit lineinfile: dest="/usr/lib/systemd/system/signd.service" line="[Install]" state=present -- name: ensure services are running +- name: Ensure services are running service: name={{ item }} state=started enabled=yes when: not services_disabled|bool with_items: @@ -40,19 +40,19 @@ - haveged - signd -- name: setup backup +- name: Setup backup when: not devel import_tasks: "setup_backup.yml" # Three tasks for handling our custom selinux module -- name: ensure a directory exists for our custom selinux module +- name: Ensure a directory exists for our custom selinux module file: dest=/usr/local/share/copr state=directory -- name: copy over our custom selinux module +- name: Copy over our custom selinux module copy: src=selinux/copr_rules.pp dest=/usr/local/share/copr/copr_rules.pp register: selinux_module -- name: install our custom selinux module +- name: Install our custom selinux module command: semodule -i /usr/local/share/copr/copr_rules.pp when: selinux_module is changed diff --git a/roles/copr/keygen/tasks/setup_backup.yml b/roles/copr/keygen/tasks/setup_backup.yml index 84fe243592..1fde699551 100644 --- a/roles/copr/keygen/tasks/setup_backup.yml +++ b/roles/copr/keygen/tasks/setup_backup.yml @@ -1,9 +1,9 @@ --- -- name: ensure /backup dir +- name: Ensure /backup dir file: path=/backup state=directory -- name: copy pubkey for backup encryption +- name: Copy pubkey for backup encryption copy: src="{{ private }}/files/copr/keygen/backup_key.asc" dest="/root/backup_key.asc" -- name: copy backup script +- name: Copy backup script copy: src="backup_keyring.sh" dest="/etc/cron.hourly/backup_keyring.sh" owner=root group=root mode=755 diff --git a/roles/copr/pre/tasks/main.yml b/roles/copr/pre/tasks/main.yml index e5eeba6b40..b5e37ea857 100644 --- a/roles/copr/pre/tasks/main.yml +++ b/roles/copr/pre/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: setup the root password +- name: Setup the root password ansible.builtin.user: name: root password: "{{ copr_root_passwords[deployment_type][copr_machine_type] }}" @@ -7,14 +7,14 @@ - root_password - rootpw -- name: create copr-signer group +- name: Create copr-signer group group: name="copr-signer" state=present gid=989 when: "'copr_keygen_aws' in group_names or 'copr_keygen_dev_aws' in group_names" -- name: pre-create the apache group so it can be assigned to copr-signer +- name: Pre-create the apache group so it can be assigned to copr-signer group: name="apache" state=present gid=48 when: "'copr_keygen_aws' in group_names or 'copr_keygen_dev_aws' in group_names" -- name: create copr-signer user +- name: Create copr-signer user user: name="copr-signer" group=copr-signer groups=apache uid=992 when: "'copr_keygen_aws' in group_names or 'copr_keygen_dev_aws' in group_names" diff --git a/roles/developer/build/tasks/main.yml b/roles/developer/build/tasks/main.yml index e76417be84..38deb37e9a 100644 --- a/roles/developer/build/tasks/main.yml +++ b/roles/developer/build/tasks/main.yml @@ -25,7 +25,7 @@ tags: - developer.fedoraproject.org -- name: install rss.py script +- name: Install rss.py script copy: src=rss.py dest=/usr/local/bin/rss.py mode=0755 owner=root group=root tags: - developer.fedoraproject.org diff --git a/roles/dhcp_server/tasks/main.yml b/roles/dhcp_server/tasks/main.yml index 21e3c6093c..7c007b18ed 100644 --- a/roles/dhcp_server/tasks/main.yml +++ b/roles/dhcp_server/tasks/main.yml @@ -1,12 +1,12 @@ --- -- name: install dhcp server package +- name: Install dhcp server package package: state=present name=dhcp-server tags: - packages - base - dhcp_server -- name: setup dhcpd.conf +- name: Setup dhcpd.conf copy: src=dhcpd.conf.{{ inventory_hostname }} dest=/etc/dhcp/dhcpd.conf mode=644 notify: - restart dhcpd @@ -16,7 +16,7 @@ - sshd - dhcp_server -- name: enable dhcpd service +- name: Enable dhcpd service service: state=started enabled=true name=dhcpd tags: - service diff --git a/roles/distgit/pagure/tasks/main.yml b/roles/distgit/pagure/tasks/main.yml index 36cfb83e42..cdd9d076e1 100644 --- a/roles/distgit/pagure/tasks/main.yml +++ b/roles/distgit/pagure/tasks/main.yml @@ -1,7 +1,7 @@ --- # Configuration for the pagure webapp -- name: install needed packages +- name: Install needed packages package: name={{ item }} state=present with_items: - pagure @@ -19,7 +19,7 @@ - pagure - packages -- name: install needed packages +- name: Install needed packages package: name={{ item }} state=present with_items: - pagure-theme-srcfpo @@ -37,7 +37,7 @@ # Set-up stunnel for the event source server -# - name: install stunnel service definition +# - name: Install stunnel service definition # copy: src=stunnel.service # dest=/usr/lib/systemd/system/stunnel.service # owner=root group=root mode=0755 @@ -48,14 +48,14 @@ # - pagure # - stunnel -# - name: ensure old stunnel init file is gone +# - name: Ensure old stunnel init file is gone # file: dest=/etc/init.d/stunnel/stunnel.init state=absent # tags: # - pagure # - stunnel # - config -# - name: install stunnel.conf +# - name: Install stunnel.conf # template: src={{ item.file }} # dest={{ item.dest }} # owner=root group=root mode=0600 @@ -92,7 +92,7 @@ tags: - pagure -- name: create the /var/log/pagure folder where to store the logs +- name: Create the /var/log/pagure folder where to store the logs file: state=directory path=/var/log/pagure owner=pagure group=packager mode=u+rwx,g+rwxs,o+rx @@ -112,14 +112,14 @@ - pagure - fix_log -- name: create the /srv/tmp folder where to clone repos +- name: Create the /srv/tmp folder where to clone repos file: state=directory path=/srv/tmp owner=pagure group=pagure mode=0775 tags: - pagure -- name: copy sundry pagure configuration +- name: Copy sundry pagure configuration template: src={{ item.file }} dest={{ item.location }}/{{ item.file }} owner=pagure group=postfix mode=0640 @@ -139,7 +139,7 @@ notify: - restart apache -- name: pagure configuration for the hooks +- name: Pagure configuration for the hooks template: src={{ item.file }} dest={{ item.location }}/{{ item.file }} owner=pagure group=packager mode=0640 @@ -153,7 +153,7 @@ notify: - restart apache -- name: create the database scheme +- name: Create the database scheme command: /usr/bin/python3 /usr/share/pagure/pagure_createdb.py changed_when: "1 != 1" environment: @@ -162,7 +162,7 @@ - web - pagure -- name: create all the directories where we store the git repos +- name: Create all the directories where we store the git repos file: state=directory path={{ item }} owner=root group=packager mode=2775 @@ -175,7 +175,7 @@ - gitolite - pagure -- name: create the remotes folder so pagure can clone remote repos +- name: Create the remotes folder so pagure can clone remote repos file: state=directory path={{ item }} owner=root group=packager mode=2775 @@ -270,7 +270,7 @@ notify: - restart apache -- name: create the /srv/cache/extras folder for the crons +- name: Create the /srv/cache/extras folder for the crons file: state=directory path=/srv/cache/extras owner=apache group=apache mode=0775 @@ -312,7 +312,7 @@ # setup fedora-messaging -- name: install fedora-messaging as a dependency +- name: Install fedora-messaging as a dependency package: name={{ item }} state=present with_items: - fedora-messaging @@ -320,13 +320,13 @@ - pagure - fedora-messaging -- name: create the config folder for fedora-messaging +- name: Create the config folder for fedora-messaging file: path=/etc/fedora-messaging/ owner=root group=root mode=0755 state=directory tags: - pagure - fedora-messaging -- name: install the configuration file for fedora-messaging +- name: Install the configuration file for fedora-messaging template: src=fedora-messaging.toml dest=/etc/fedora-messaging/config.toml @@ -334,13 +334,13 @@ - pagure - fedora-messaging -- name: create folder where we'll place the certs +- name: Create folder where we'll place the certs file: path=/etc/pki/rabbitmq/pagurecert/ owner=root group=root mode=0755 state=directory tags: - pagure - fedora-messaging -- name: deploy pagure/rabbitmq certificate +- name: Deploy pagure/rabbitmq certificate copy: src={{ item.src }} dest=/etc/pki/rabbitmq/pagurecert/{{ item.dest }} owner={{ item.owner }} group={{ item.group}} mode={{ item.mode }} @@ -395,7 +395,7 @@ - GDPR - pagure -- name: override the default syslog logrotate file +- name: Override the default syslog logrotate file copy: src=syslog-logrotate dest=/etc/logrotate.d/syslog tags: - pagure diff --git a/roles/distgit/tasks/main.yml b/roles/distgit/tasks/main.yml index 9cf380810e..e757bcd545 100644 --- a/roles/distgit/tasks/main.yml +++ b/roles/distgit/tasks/main.yml @@ -15,7 +15,7 @@ profiles= state=enabled -- name: install the needed packages +- name: Install the needed packages package: name={{item}} state=present with_items: - git @@ -27,14 +27,14 @@ tags: - distgit -- name: install the mod_auth_openidc configuration +- name: Install the mod_auth_openidc configuration template: src=auth_openidc.conf dest=/etc/httpd/conf.d/auth_openidc.conf notify: - reload httpd tags: - distgit -- name: install the http push configuration +- name: Install the http push configuration template: src=httppush.conf dest=/etc/httpd/conf.d/httpush.conf notify: - reload httpd @@ -64,7 +64,7 @@ tags: - distgit -- name: install the mod_ssl configuration +- name: Install the mod_ssl configuration copy: src=ssl.conf dest=/etc/httpd/conf.d/ssl.conf notify: - reload httpd @@ -80,7 +80,7 @@ - distgit - letsencrypt -- name: install the keytab +- name: Install the keytab copy: src="{{ private }}/files/keytabs/{{env}}/pkgs" dest=/etc/httpd.keytab owner=apache @@ -91,12 +91,12 @@ tags: - distgit -- name: allow httpd to access the files on NFS +- name: Allow httpd to access the files on NFS seboolean: name=httpd_use_nfs state=yes persistent=yes tags: - distgit -- name: allow httpd to access git user content +- name: Allow httpd to access git user content seboolean: name=httpd_read_user_content state=yes persistent=yes tags: - distgit @@ -110,7 +110,7 @@ # We use a wrapper to let packager ssh in while restricting the command they can # do, this installs that wrapper (which is otherwise configured in sshd_config) -- name: install the ssh_wrapper wrapper script +- name: Install the ssh_wrapper wrapper script copy: src=ssh_wrapper dest=/usr/local/bin/ssh_wrapper mode=0755 tags: - config @@ -120,7 +120,7 @@ # -- Dist Git -------------------------------------------- # This is the Git setup itself: group, root directory, scripts,... -- name: install dist-git +- name: Install dist-git package: name={{item}} state=present with_items: - dist-git @@ -128,7 +128,7 @@ tags: - distgit -- name: install the dist-git config +- name: Install the dist-git config copy: src=dist-git.conf dest=/etc/dist-git/dist-git.conf tags: - config @@ -167,13 +167,13 @@ - distgit when: inventory_hostname.startswith('batcave') -- name: create the distgit root directory (/srv/git) +- name: Create the distgit root directory (/srv/git) file: dest=/srv/git state=directory mode=0755 tags: - distgit # These should all map to pkgdb namespaces -- name: create our namespace directories inside there.. +- name: Create our namespace directories inside there.. file: dest=/srv/git/repositories/{{item}} state=directory mode=2775 group=packager with_items: - rpms @@ -195,7 +195,7 @@ tags: - distgit -- name: install the DistGit related httpd config +- name: Install the DistGit related httpd config copy: src=git-smart-http.conf dest=/etc/httpd/conf.d/dist-git/git-smart-http.conf notify: - reload httpd @@ -209,7 +209,7 @@ tags: - distgit -- name: schedule the update hook check +- name: Schedule the update hook check cron: > name="check-update-hooks" cron_file="ansible-check-update-hooks" minute=0 hour=0 weekday=3 @@ -223,7 +223,7 @@ tags: - distgit -- name: install the two scripts needed for mass-branching +- name: Install the two scripts needed for mass-branching copy: src={{item}} dest=/usr/local/bin/{{item}} owner=root group=root mode=0755 with_items: - mass-branching-git.py @@ -235,7 +235,7 @@ # -- Lookaside Cache ------------------------------------- # This is the annex to Dist Git, where we host source tarballs. -- name: install the Lookaside Cache httpd configs +- name: Install the Lookaside Cache httpd configs template: src={{item}} dest=/etc/httpd/conf.d/dist-git/{{item}} with_items: - lookaside.conf @@ -246,13 +246,13 @@ - distgit - sslciphers -- name: create the Lookaside Cache root directory +- name: Create the Lookaside Cache root directory file: dest=/srv/cache/lookaside/pkgs state=directory owner=apache group=apache tags: - distgit -- name: set the selinux boolean git_cgi_use_nfs +- name: Set the selinux boolean git_cgi_use_nfs seboolean: name=git_cgi_use_nfs persistent=yes state=yes tags: - distgit @@ -260,14 +260,14 @@ - selinux # Not sure why, but fixes https://fedorahosted.org/fedora-infrastructure/ticket/4825 -- name: set the selinux boolean git_system_enable_homedirs +- name: Set the selinux boolean git_system_enable_homedirs seboolean: name=git_system_enable_homedirs persistent=yes state=yes tags: - distgit - config - selinux -- name: check the selinux context of the Lookaside Cache root directory +- name: Check the selinux context of the Lookaside Cache root directory command: matchpathcon /srv/cache register: lcachecontext check_mode: no @@ -278,7 +278,7 @@ - selinux - distgit -- name: set the SELinux policy for the Lookaside Cache root directory +- name: Set the SELinux policy for the Lookaside Cache root directory command: semanage fcontext -a -t nfs_t "/srv/cache(/.*)?" when: lcachecontext.stdout.find('nfs_t') == -1 and env != "staging" tags: @@ -287,12 +287,12 @@ - selinux - distgit -- name: install the fedora-ca.cert +- name: Install the fedora-ca.cert copy: src={{private}}/files/fedora-ca.cert dest=/etc/httpd/conf/cacert.pem tags: - distgit -- name: install the pkgs cert +- name: Install the pkgs cert copy: src={{private}}/files/pkgs.fedoraproject.org_key_and_cert.pem dest=/etc/httpd/conf/pkgs.fedoraproject.org_key_and_cert.pem owner=apache mode=0400 @@ -300,7 +300,7 @@ tags: - distgit -- name: install the pkgs.stg cert +- name: Install the pkgs.stg cert copy: src={{private}}/files/pkgs.stg.fedoraproject.org_key_and_cert.pem dest=/etc/httpd/conf/pkgs.fedoraproject.org_key_and_cert.pem owner=apache mode=0400 @@ -309,26 +309,26 @@ - distgit # Three tasks for handling our selinux policy for upload.cgi -- name: ensure a directory exists for our SELinux policy +- name: Ensure a directory exists for our SELinux policy file: dest=/usr/local/share/selinux/ state=directory tags: selinux -- name: copy over our custom selinux policy +- name: Copy over our custom selinux policy copy: src=upload_cgi.pp dest=/usr/local/share/selinux/upload_cgi.pp register: selinux_module tags: selinux -- name: install our custom selinux policy +- name: Install our custom selinux policy command: semodule -i /usr/local/share/selinux/upload_cgi.pp when: selinux_module is changed tags: selinux -- name: copy over our custom nfs selinux policy +- name: Copy over our custom nfs selinux policy copy: src=cgi-nfs.pp dest=/usr/local/share/selinux/cgi-nfs.pp register: nfs_selinux_module tags: selinux -- name: install our custom nfs selinux policy +- name: Install our custom nfs selinux policy command: semodule -i /usr/local/share/selinux/cgi-nfs.pp when: nfs_selinux_module is changed tags: selinux @@ -342,19 +342,19 @@ tags: - selinux -- name: setup grokmirror for repos +- name: Setup grokmirror for repos package: name=python3-grokmirror state=installed tags: - grokmirror - pkgs -- name: make dir for grokmirror manifest +- name: Make dir for grokmirror manifest file: path=/srv/git/grokmirror state=directory owner=root group=packager mode=2775 tags: - grokmirror - pkgs -- name: set acls for grokmirror +- name: Set acls for grokmirror acl: path: /srv/git/grokmirror etype: group @@ -364,7 +364,7 @@ - grokmirror - pkgs -- name: run initial grokmirror run +- name: Run initial grokmirror run command: /usr/bin/grok-manifest -m /srv/git/grokmirror/manifest.js.gz -t /srv/git/repositories/ creates=/srv/git/grokmirror/manifest.js.gz when: env != "staging" tags: diff --git a/roles/dns/tasks/main.yml b/roles/dns/tasks/main.yml index 16e880d7d0..01e9319d53 100644 --- a/roles/dns/tasks/main.yml +++ b/roles/dns/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: install packages +- name: Install packages package: name={{ item }} state=present with_items: - bind @@ -9,7 +9,7 @@ - packages - dns -- name: copy rndc config +- name: Copy rndc config copy: src=rndc.conf dest=/etc/rndc.conf notify: - restart named @@ -17,7 +17,7 @@ - config - dns -- name: copy rndc key +- name: Copy rndc key copy: src={{ private }}/files/dns/rndc.key dest=/etc/rndc.key notify: - restart named @@ -25,7 +25,7 @@ - config - dns -- name: copy named cache +- name: Copy named cache copy: src=named.ca dest=/var/named/named.ca notify: - restart named @@ -33,7 +33,7 @@ - config - dns -- name: copy geoip.py +- name: Copy geoip.py copy: src=geoip.py dest=/usr/local/bin/geoip.py mode=0755 notify: - restart named @@ -41,7 +41,7 @@ - config - dns -- name: copy GeoIP.sh +- name: Copy GeoIP.sh copy: src=GeoIP.sh dest=/var/named/GeoIP.sh mode=0755 notify: - restart named @@ -49,7 +49,7 @@ - config - dns -# - name: create GeoIP acl +# - name: Create GeoIP acl # command: /var/named/GeoIP.sh # changed_when: "1 != 1" # notify: @@ -57,7 +57,7 @@ # tags: # - dns -- name: copy update-dns +- name: Copy update-dns copy: src=update-dns dest=/usr/local/bin/update-dns mode=0755 notify: - restart named @@ -65,7 +65,7 @@ - config - dns -- name: copy zones +- name: Copy zones copy: src=zones.conf dest=/etc/named/zones.conf owner=root group=root mode=0644 notify: - restart named @@ -73,7 +73,7 @@ - config - dns -- name: copy named config +- name: Copy named config copy: src=named.conf dest=/etc/named.conf mode=0644 owner=root group=root notify: - restart named @@ -81,7 +81,7 @@ - config - dns -- name: update dns +- name: Update dns command: /usr/local/bin/update-dns changed_when: "1 != 1" notify: @@ -90,7 +90,7 @@ - config - dns -- name: update dns cron +- name: Update dns cron cron: name="update dns" job="/usr/local/bin/update-dns >/dev/null" minute=0,15,30,45 tags: - dns @@ -102,7 +102,7 @@ - config - dns -- name: check semanage ports +- name: Check semanage ports command: semanage port -l register: semanageoutput check_mode: no @@ -110,7 +110,7 @@ tags: - dns -- name: set ports so bind statistics-channel can bind to 8053 +- name: Set ports so bind statistics-channel can bind to 8053 command: semanage port -a -t dns_port_t -p tcp 8053 when: semanageoutput.stdout.find("8053") == -1 notify: @@ -118,7 +118,7 @@ tags: - dns -- name: named service +- name: Named service service: name=named state=started enabled=yes tags: - dns diff --git a/roles/docker-distribution/handlers/main.yml b/roles/docker-distribution/handlers/main.yml index ce8771fdb9..055dd8ed24 100644 --- a/roles/docker-distribution/handlers/main.yml +++ b/roles/docker-distribution/handlers/main.yml @@ -1,4 +1,4 @@ --- # handlers file for docker-distribution -- name: restart docker-distribution +- name: Restart docker-distribution service: name=docker-distribution state=restarted diff --git a/roles/docker-distribution/tasks/main.yml b/roles/docker-distribution/tasks/main.yml index 44366b5063..d5a8c649fd 100644 --- a/roles/docker-distribution/tasks/main.yml +++ b/roles/docker-distribution/tasks/main.yml @@ -1,17 +1,17 @@ --- # tasks file for docker-distribution -- name: install docker-distribution +- name: Install docker-distribution action: "{{ ansible_pkg_mgr }} name=docker-distribution state=present" tags: - docker-distribution -- name: start and enable docker-distribution +- name: Start and enable docker-distribution service: name=docker-distribution state=started enabled=yes tags: - docker-distribution -- name: configure docker-distribution +- name: Configure docker-distribution template: src: config.yml.j2 dest: "{{ conf_path }}" @@ -19,7 +19,7 @@ tags: - docker-distribution -- name: ensure docker certs dir exists +- name: Ensure docker certs dir exists file: path: "{{ cert.dest_dir }}" state: directory @@ -31,7 +31,7 @@ tags: - docker-distribution -- name: install tls cert for docker +- name: Install tls cert for docker copy: src: "{{ cert.cert_src }}" dest: "{{ cert.dest_dir}}/{{ cert.cert_dest }}" @@ -39,7 +39,7 @@ tags: - docker-distribution -- name: install tls key for docker +- name: Install tls key for docker copy: src: "{{ cert.key_src }}" dest: "{{ cert.dest_dir}}/{{ cert.key_dest }}" @@ -47,7 +47,7 @@ tags: - docker-distribution -- name: override the default syslog logrotate file +- name: Override the default syslog logrotate file copy: src=syslog-logrotate dest=/etc/logrotate.d/rsyslog diff --git a/roles/download/tasks/main.yml b/roles/download/tasks/main.yml index 206f5c91bb..62196b3b24 100644 --- a/roles/download/tasks/main.yml +++ b/roles/download/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: install needed packages +- name: Install needed packages package: name={{ item }} state=present update_cache=yes with_items: - bzip2 @@ -17,7 +17,7 @@ - name: Set httpd_use_nfs seboolean seboolean: name=httpd_use_nfs state=yes persistent=yes -- name: check the selinux context rsyncd log +- name: Check the selinux context rsyncd log command: matchpathcon /var/log/rsyncd-fedora.log register: rsyncdlog check_mode: no @@ -39,7 +39,7 @@ - name: Configure logrotate for /var/log/rsyncd-fedora.log copy: src=logrotate-rsync-fedora dest=/etc/logrotate.d/rsync-fedora -- name: check the selinux context pubdir +- name: Check the selinux context pubdir command: matchpathcon /srv/pub register: pubdir check_mode: no diff --git a/roles/fas2discourse/tasks/create-discourse-apikey-secret.yml b/roles/fas2discourse/tasks/create-discourse-apikey-secret.yml index dd0c4edfa7..f93a43a7a6 100644 --- a/roles/fas2discourse/tasks/create-discourse-apikey-secret.yml +++ b/roles/fas2discourse/tasks/create-discourse-apikey-secret.yml @@ -1,11 +1,11 @@ --- # generate the templates for project to be created -- name: create the templates +- name: Create the templates template: src: "secret-discourse-apikey.yml" dest: "/root/ocp4/openshift-apps/fas2discourse-operator/secret-discourse-apikey.yml" mode: "0770" # apply created openshift resources -- name: oc apply resources +- name: Oc apply resources command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/fas2discourse-operator/secret-discourse-apikey.yml" diff --git a/roles/fas2discourse/tasks/create-keytab-secret.yml b/roles/fas2discourse/tasks/create-keytab-secret.yml index 5fc7366083..9d9cea620a 100644 --- a/roles/fas2discourse/tasks/create-keytab-secret.yml +++ b/roles/fas2discourse/tasks/create-keytab-secret.yml @@ -1,6 +1,6 @@ --- # generate the templates for project to be created -- name: fetch keytab to location used in create template step +- name: Fetch keytab to location used in create template step ansible.builtin.fetch: src: "/etc/openshift_apps/fas2discourse/fas2discourse{{ env_suffix }}-keytab.kt" dest: "/etc/openshift_apps/fas2discourse/fas2discourse{{ env_suffix }}-keytab.kt" @@ -8,7 +8,7 @@ mode: "0600" # generate the templates for project to be created -- name: copy the templates to the host +- name: Copy the templates to the host template: src: "secret-keytab.yml" dest: "/root/ocp4/openshift-apps/fas2discourse-operator/secret-keytab.yml" @@ -20,5 +20,5 @@ }}" # apply created openshift resources -- name: oc apply resources +- name: Oc apply resources command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/fas2discourse-operator/secret-keytab.yml" diff --git a/roles/fas2discourse/tasks/create-operator-namespace.yml b/roles/fas2discourse/tasks/create-operator-namespace.yml index e94fcf6088..35dd352f04 100644 --- a/roles/fas2discourse/tasks/create-operator-namespace.yml +++ b/roles/fas2discourse/tasks/create-operator-namespace.yml @@ -1,11 +1,11 @@ --- # generate the templates for project to be created -- name: create the templates +- name: Create the templates template: src: "namespace.yml" dest: "/root/ocp4/openshift-apps/fas2discourse-operator/namespace.yml" mode: "0770" # apply created openshift resources -- name: oc apply resources +- name: Oc apply resources command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/fas2discourse-operator/namespace.yml" diff --git a/roles/fasjson/tasks/main.yml b/roles/fasjson/tasks/main.yml index 6f5af41058..d5b71b4ee0 100644 --- a/roles/fasjson/tasks/main.yml +++ b/roles/fasjson/tasks/main.yml @@ -4,7 +4,7 @@ # It installs the fasjson-client package and a cron job update. # -- name: install fasjson-client +- name: Install fasjson-client package: state: present name: @@ -13,21 +13,21 @@ - packages - fasjson -- name: fasjson-aliases script +- name: Fasjson-aliases script template: src=fasjson-aliases.j2 dest=/usr/local/bin/fasjson-aliases owner=root mode=0755 tags: - config - fasjson when: fasjson_aliases is defined -- name: fasjson-aliases cron job +- name: Fasjson-aliases cron job copy: src=fasjson-aliases.cron dest=/etc/cron.d/fasjson-aliases owner=root mode=0644 tags: - config - fasjson when: fasjson_aliases is defined -- name: fasjson-aliases base static file +- name: Fasjson-aliases base static file copy: src=aliases.static dest=/etc/aliases.static owner=root mode=0644 tags: - config diff --git a/roles/fedmsg/base/tasks/main.yml b/roles/fedmsg/base/tasks/main.yml index d1af6bf805..e81d958dc3 100644 --- a/roles/fedmsg/base/tasks/main.yml +++ b/roles/fedmsg/base/tasks/main.yml @@ -2,7 +2,7 @@ # tasklist for setting up fedmsg # This is the base set of files needed for fedmsg -- name: install needed packages +- name: Install needed packages package: state: present name: @@ -13,27 +13,27 @@ - fedmsg/base when: ansible_distribution_major_version|int < 8 -- name: install python2 fedmsg package +- name: Install python2 fedmsg package package: name=fedmsg state=present when: "'python34_fedmsg' not in group_names and ansible_distribution_major_version|int < 22" tags: fedmsg/base -- name: install python2 fedmsg package +- name: Install python2 fedmsg package dnf: pkg=fedmsg state=present when: "'python34_fedmsg' not in group_names and ansible_distribution_major_version|int > 21" tags: fedmsg/base -- name: install the python34 fedmsg package (yum) +- name: Install the python34 fedmsg package (yum) package: name=python34-fedmsg-core state=present when: "'python34_fedmsg' in group_names and ansible_distribution_major_version|int < 22" tags: fedmsg/base -- name: install the python3 fedmsg package (dnf) +- name: Install the python3 fedmsg package (dnf) dnf: pkg=python3-fedmsg state=present when: "'python34_fedmsg' in group_names and ansible_distribution_major_version|int > 21" tags: fedmsg/base -- name: install needed packages +- name: Install needed packages dnf: name: ['libsemanage-python', 'python-psutil'] state: present @@ -42,13 +42,13 @@ - fedmsg/base when: ansible_distribution_major_version|int < 31 and ansible_distribution == 'Fedora' -- name: setup /etc/fedmsg.d directory +- name: Setup /etc/fedmsg.d directory file: path=/etc/fedmsg.d owner=root group=root mode=0755 state=directory tags: - config - fedmsg/base -- name: remove any old static endpoints files +- name: Remove any old static endpoints files file: dest="/etc/fedmsg.d/{{item}}" state=absent with_items: - endpoints-bodhi.py @@ -68,7 +68,7 @@ # Our handlers in handlers/restart_services.yml are smart enough to # *conditionally* restart these services, only if they are installed on the # system. -- name: setup basic /etc/fedmsg.d/ contents for internal hosts +- name: Setup basic /etc/fedmsg.d/ contents for internal hosts template: > src="{{ item }}.j2" dest="/etc/fedmsg.d/{{ item }}" @@ -99,7 +99,7 @@ - restart fedmsg-irc - restart fedmsg-relay -- name: dynamically generate policy from group/host vars. +- name: Dynamically generate policy from group/host vars. template: > src="{{ item }}.j2" dest="/etc/fedmsg.d/{{ item }}" @@ -121,7 +121,7 @@ - restart fedmsg-irc - restart fedmsg-relay -- name: setup basic /etc/fedmsg.d/ contents for firewalled/external hosts +- name: Setup basic /etc/fedmsg.d/ contents for firewalled/external hosts template: > src="{{ item }}.j2" dest="/etc/fedmsg.d/{{ item }}" @@ -145,7 +145,7 @@ - restart fedmsg-irc - restart fedmsg-relay -- name: install fedmsg-relay in case we're in debug mode. +- name: Install fedmsg-relay in case we're in debug mode. package: name=fedmsg-relay state=present when: fedmsg_debug_loopback == true and ansible_distribution_major_version|int < 22 tags: @@ -158,7 +158,7 @@ - restart fedmsg-irc - restart fedmsg-relay -- name: install fedmsg-relay in case we're in debug mode. +- name: Install fedmsg-relay in case we're in debug mode. dnf: name=fedmsg-relay state=present when: fedmsg_debug_loopback == true and ansible_distribution_major_version|int > 21 tags: @@ -171,7 +171,7 @@ - restart fedmsg-irc - restart fedmsg-relay -- name: destroy standard config to make way for debug loopback. +- name: Destroy standard config to make way for debug loopback. file: dest=/etc/fedmsg.d/{{item}} state=absent with_items: - relay.py @@ -187,7 +187,7 @@ - restart fedmsg-irc - restart fedmsg-relay -- name: overwrite standard config with local fedmsg debugging loopback +- name: Overwrite standard config with local fedmsg debugging loopback copy: src=relay-debug-loopback.py dest=/etc/fedmsg.d/relay.py when: fedmsg_debug_loopback == true tags: @@ -200,20 +200,20 @@ - restart fedmsg-irc - restart fedmsg-relay -- name: start fedmsg-relay, only for loopback testing +- name: Start fedmsg-relay, only for loopback testing service: name=fedmsg-relay state=started when: fedmsg_debug_loopback == true tags: - fedmsg_loopback - fedmsg/base -- name: setup /etc/pki/fedmsg directory +- name: Setup /etc/pki/fedmsg directory file: path=/etc/pki/fedmsg owner=root group=root mode=0755 state=directory tags: - config - fedmsg/base -- name: install fedmsg ca.cert +- name: Install fedmsg ca.cert copy: > src="{{ private }}/files/fedmsg-certs/keys/ca.crt" dest=/etc/pki/fedmsg/ca.crt @@ -224,7 +224,7 @@ - config - fedmsg/base -- name: fedmsg certs +- name: Fedmsg certs copy: > src="{{ private }}/files/fedmsg-certs/keys/{{item['service']}}-{{fedmsg_fqdn | default(inventory_hostname)}}.crt" dest=/etc/pki/fedmsg/ @@ -238,7 +238,7 @@ - config - fedmsg/base -- name: fedmsg keys +- name: Fedmsg keys copy: > src="{{ private }}/files/fedmsg-certs/keys/{{item['service']}}-{{fedmsg_fqdn | default(inventory_hostname)}}.key" dest=/etc/pki/fedmsg/ @@ -253,18 +253,18 @@ - fedmsg/base # Three tasks for handling our custom selinux module -- name: ensure a directory exists for our custom selinux module +- name: Ensure a directory exists for our custom selinux module file: dest=/usr/local/share/fedmsg state=directory tags: - fedmsg/base -- name: copy over our custom selinux module +- name: Copy over our custom selinux module copy: src=selinux/fedmsg.pp dest=/usr/local/share/fedmsg/fedmsg.pp register: selinux_module tags: - fedmsg/base -- name: install our custom selinux module +- name: Install our custom selinux module command: semodule -i /usr/local/share/fedmsg/fedmsg.pp when: selinux_module is changed tags: @@ -272,7 +272,7 @@ # Also, label the ports that we commonly use for fedmsg under mod_wsgi # to be http_port_t so selinux lets apache bind there. -- name: check semanage ports +- name: Check semanage ports command: semanage port -l register: semanageoutput check_mode: no @@ -280,7 +280,7 @@ tags: - fedmsg/base -- name: set ports so httpd can bind to fedmsg endpoints +- name: Set ports so httpd can bind to fedmsg endpoints command: semanage port -a -t http_port_t -p tcp 3000-3100 when: semanageoutput.stdout.find("3000-3100") == -1 tags: diff --git a/roles/fedmsg/gateway/slave/tasks/main.yml b/roles/fedmsg/gateway/slave/tasks/main.yml index c1c9d57b05..c048cf5cea 100644 --- a/roles/fedmsg/gateway/slave/tasks/main.yml +++ b/roles/fedmsg/gateway/slave/tasks/main.yml @@ -2,7 +2,7 @@ # Tasks to set up fedmsg-gateway-slave -- name: install needed packages +- name: Install needed packages package: state: present name: @@ -14,7 +14,7 @@ - fedmsg/gateway/slave when: (ansible_distribution == 'RedHat' and ansible_distribution_major_version|int < 8) or (ansible_distribution_major_version|int < 30 and ansible_distribution == 'Fedora') -- name: install needed packages in a python 3 manner +- name: Install needed packages in a python 3 manner package: state: present name: @@ -45,7 +45,7 @@ - fedmsg/gateway - fedmsg/gateway/slave -- name: install /etc/fedmsg.d/fedmsg-gateway-slave.py +- name: Install /etc/fedmsg.d/fedmsg-gateway-slave.py template: src={{ item.file }} dest={{ item.dest }} owner=root group=root mode=0644 @@ -60,7 +60,7 @@ # Stunnel specific bits -- name: create directories +- name: Create directories file: path=/etc/{{ item }} state=directory with_items: - stunnel @@ -68,7 +68,7 @@ - fedmsg/gateway - fedmsg/gateway/slave -- name: install stunnel service definition +- name: Install stunnel service definition copy: src=stunnel.service dest=/usr/lib/systemd/system/stunnel.service owner=root group=root mode=0644 @@ -79,13 +79,13 @@ - fedmsg/gateway - fedmsg/gateway/slave -- name: ensure old stunnel init file is gone +- name: Ensure old stunnel init file is gone file: dest=/etc/init.d/stunnel/stunnel.init state=absent tags: - fedmsg/gateway - fedmsg/gateway/slave -- name: install stunnel.conf +- name: Install stunnel.conf template: src={{ item.file }} dest={{ item.dest }} owner=root group=root mode=0600 @@ -96,7 +96,7 @@ - fedmsg/gateway - fedmsg/gateway/slave -- name: put our combined cert in place +- name: Put our combined cert in place copy: > src={{private}}/files/httpd/wildcard-2024.fedoraproject.org.combined.cert dest=/etc/pki/tls/certs/wildcard-2024.fedoraproject.org.combined.cert @@ -106,27 +106,27 @@ - fedmsg/gateway - fedmsg/gateway/slave -- name: start the gateway for raw zeromq traffic +- name: Start the gateway for raw zeromq traffic service: name=fedmsg-gateway state=started enabled=yes tags: - fedmsg/gateway - fedmsg/gateway/slave when: (ansible_distribution == 'RedHat' and ansible_distribution_major_version|int < 8) or (ansible_distribution_major_version|int < 30 and ansible_distribution == 'Fedora') -- name: start the gateway for raw zeromq traffic +- name: Start the gateway for raw zeromq traffic service: name=fedmsg-gateway-3 state=started enabled=yes tags: - fedmsg/gateway - fedmsg/gateway/slave when: (ansible_distribution_major_version|int >= 30 and ansible_distribution == 'Fedora') or (ansible_distribution == 'RedHat' and ansible_distribution_major_version|int >= 8) -- name: start stunnel for websockets traffic +- name: Start stunnel for websockets traffic service: name=stunnel state=started enabled=yes tags: - fedmsg/gateway - fedmsg/gateway/slave -- name: ensure that nrpe has rights to monitor us +- name: Ensure that nrpe has rights to monitor us user: name: nrpe append: yes diff --git a/roles/fedmsg/gateway/tasks/main.yml b/roles/fedmsg/gateway/tasks/main.yml index 6a6196f770..44bf525a91 100644 --- a/roles/fedmsg/gateway/tasks/main.yml +++ b/roles/fedmsg/gateway/tasks/main.yml @@ -1,11 +1,11 @@ --- -- name: install fedmsg-gateway +- name: Install fedmsg-gateway package: name=fedmsg-gateway state=present tags: - packages - fedmsg/gateway -- name: ensure that nrpe has rights to monitor us +- name: Ensure that nrpe has rights to monitor us file: > dest=/var/run/fedmsg/monitoring-fedmsg-gateway.socket mode=0775 @@ -16,7 +16,7 @@ tags: - fedmsgmonitor -- name: setup fedmsg-gateway config file +- name: Setup fedmsg-gateway config file copy: src=gateway.py dest=/etc/fedmsg.d/gateway.py tags: - config @@ -24,14 +24,14 @@ notify: - restart fedmsg-gateway -- name: create systemd drop-in directory +- name: Create systemd drop-in directory file: > dest=/etc/systemd/system/fedmsg-gateway.service.d state=directory tags: - fedmsg/gateway -- name: bump fs limits by installing a drop-in systemd config +- name: Bump fs limits by installing a drop-in systemd config copy: > src=fs-limits.conf dest=/etc/systemd/system/fedmsg-gateway.service.d/fs-limits.conf @@ -41,7 +41,7 @@ notify: - restart fedmsg-gateway -- name: enable on boot and start fedmsg-gateway +- name: Enable on boot and start fedmsg-gateway service: name: fedmsg-gateway state: started @@ -51,7 +51,7 @@ - fedmsg/gateway when: env != "staging" -- name: disable fedmsg-gateway on staging +- name: Disable fedmsg-gateway on staging service: name: fedmsg-gateway state: stopped diff --git a/roles/fedmsg/hub/tasks/main.yml b/roles/fedmsg/hub/tasks/main.yml index 98743f5524..f3ec0772a5 100644 --- a/roles/fedmsg/hub/tasks/main.yml +++ b/roles/fedmsg/hub/tasks/main.yml @@ -1,45 +1,45 @@ --- # Setup a fedmsg-hub -- name: install needed packages - py2 +- name: Install needed packages - py2 package: name=fedmsg-hub state=present tags: - packages when: "'python34_fedmsg' not in group_names" -- name: install the python34 fedmsg package (yum) +- name: Install the python34 fedmsg package (yum) package: name=python34-fedmsg-core state=present when: "'python34_fedmsg' in group_names and ansible_distribution_major_version|int < 22" tags: fedmsg/base -- name: install the python3 fedmsg package (dnf) +- name: Install the python3 fedmsg package (dnf) dnf: pkg=python3-fedmsg state=present when: "'python34_fedmsg' in group_names and ansible_distribution_major_version|int > 21" tags: fedmsg/base -- name: fedmsg-hub service +- name: Fedmsg-hub service service: name=fedmsg-hub state=started enabled=yes when: "'python34_fedmsg' not in group_names and env == 'production'" -- name: fedmsg-hub service +- name: Fedmsg-hub service service: name=fedmsg-hub state=stopped enabled=no when: "'python34_fedmsg' not in group_names and env == 'staging'" -- name: fedmsg-hub-3 service +- name: Fedmsg-hub-3 service service: name=fedmsg-hub-3 state=started enabled=yes when: "'python34_fedmsg' in group_names" -- name: enable the websocket server if we should +- name: Enable the websocket server if we should copy: src=websockets.py dest=/etc/fedmsg.d/websockets.py when: enable_websocket_server notify: restart fedmsg-hub -- name: disable the websocket server if we should.. +- name: Disable the websocket server if we should.. file: dest=/etc/fedmsg.d/websockets.py state=absent when: not enable_websocket_server notify: restart fedmsg-hub -- name: set fedmsg ownership on /var/run/fedmsg +- name: Set fedmsg ownership on /var/run/fedmsg file: > dest=/var/run/fedmsg/ mode=2775 @@ -49,7 +49,7 @@ tags: - fedmsgmonitor -- name: ensure that nrpe has rights to monitor us +- name: Ensure that nrpe has rights to monitor us file: > dest=/var/run/fedmsg/monitoring-fedmsg-hub.socket mode=0775 @@ -62,7 +62,7 @@ tags: - fedmsgmonitor -- name: create systemd config directoryies +- name: Create systemd config directoryies file: path="/etc/systemd/system/{{ item }}.service.d" state=directory with_items: - fedmsg-hub @@ -72,7 +72,7 @@ tags: - fedmsg/hub -- name: install systemd config file +- name: Install systemd config file template: src: fedmsg-hub-systemd.conf.j2 dest: "/etc/systemd/system/{{ item }}.service.d/systemd.conf" diff --git a/roles/fedmsg/irc/tasks/main.yml b/roles/fedmsg/irc/tasks/main.yml index c8203e150f..f3634a567c 100644 --- a/roles/fedmsg/irc/tasks/main.yml +++ b/roles/fedmsg/irc/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: install package for fedmsg-irc +- name: Install package for fedmsg-irc package: state: present name: @@ -10,7 +10,7 @@ - packages - fedmsg/irc -- name: ensure that nrpe has rights to monitor us +- name: Ensure that nrpe has rights to monitor us file: > dest=/var/run/fedmsg/monitoring-fedmsg-irc.socket mode=0775 @@ -21,7 +21,7 @@ tags: - fedmsgmonitor -- name: setup fedmsg-irc config file +- name: Setup fedmsg-irc config file template: src=ircbot.py dest=/etc/fedmsg.d/ircbot.py tags: - config @@ -29,7 +29,7 @@ notify: - restart fedmsg-irc -- name: setup fas credentials config file +- name: Setup fas credentials config file template: > src=fas-credentials.py dest=/etc/fedmsg.d/fas-credentials.py @@ -42,7 +42,7 @@ notify: - restart fedmsg-irc -- name: enable on boot and start fedmsg-irc +- name: Enable on boot and start fedmsg-irc service: name=fedmsg-irc state=started enabled=true tags: - services diff --git a/roles/fedmsg/relay/tasks/main.yml b/roles/fedmsg/relay/tasks/main.yml index c347d24688..ad849728a5 100644 --- a/roles/fedmsg/relay/tasks/main.yml +++ b/roles/fedmsg/relay/tasks/main.yml @@ -2,21 +2,21 @@ # correctly is actually included as part of the fedmsg/base role. --- -- name: install fedmsg-relay (yum) +- name: Install fedmsg-relay (yum) package: name=fedmsg-relay state=present tags: - packages - fedmsg/relay when: ansible_distribution_major_version|int < 22 -- name: install fedmsg-relay (dnf) +- name: Install fedmsg-relay (dnf) dnf: pkg=fedmsg-relay state=present tags: - packages - fedmsg/relay when: ansible_distribution_major_version|int > 21 -- name: ensure that nrpe has rights to monitor us +- name: Ensure that nrpe has rights to monitor us file: > dest=/var/run/fedmsg/monitoring-fedmsg-relay.socket mode=0775 @@ -27,7 +27,7 @@ tags: - fedmsgmonitor -- name: enable on boot and start fedmsg-relay +- name: Enable on boot and start fedmsg-relay service: name=fedmsg-relay state=started enabled=true tags: - services @@ -36,7 +36,7 @@ - restart fedmsg-relay when: env != "staging" -- name: enable on boot and start fedmsg-relay +- name: Enable on boot and start fedmsg-relay service: name=fedmsg-relay state=stopped enabled=false tags: - services diff --git a/roles/fedora-messaging-utils/tasks/crontab_path.yml b/roles/fedora-messaging-utils/tasks/crontab_path.yml index ae05755933..95bae69216 100644 --- a/roles/fedora-messaging-utils/tasks/crontab_path.yml +++ b/roles/fedora-messaging-utils/tasks/crontab_path.yml @@ -3,7 +3,7 @@ ##################################################### --- -- name: check if PATH is set in crontab +- name: Check if PATH is set in crontab lineinfile: path: /etc/crontab state: absent @@ -12,7 +12,7 @@ changed_when: false register: path_set_in_crontab -- name: add PATH if not set in crontab +- name: Add PATH if not set in crontab lineinfile: path: /etc/crontab state: present @@ -20,7 +20,7 @@ line: 'PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin' when: not path_set_in_crontab.found -- name: check if PATH in crontab contains /usr/local/bin +- name: Check if PATH in crontab contains /usr/local/bin lineinfile: path: /etc/crontab state: absent @@ -30,7 +30,7 @@ register: local_in_path_in_crontab when: path_set_in_crontab.found -- name: append /usr/local/bin to PATH in crontab if missing +- name: Append /usr/local/bin to PATH in crontab if missing lineinfile: path: /etc/crontab state: present diff --git a/roles/fedora-messaging-utils/tasks/main.yml b/roles/fedora-messaging-utils/tasks/main.yml index 06474d3517..1096876d76 100644 --- a/roles/fedora-messaging-utils/tasks/main.yml +++ b/roles/fedora-messaging-utils/tasks/main.yml @@ -1,10 +1,10 @@ --- -- name: install messaging script for our improvized tracing +- name: Install messaging script for our improvized tracing copy: src=simple_message_to_bus dest=/usr/local/bin/ mode=0755 tags: - fedora-messaging -- name: ensure PATH in crontab contains /usr/local/bin +- name: Ensure PATH in crontab contains /usr/local/bin import_tasks: crontab_path.yml tags: - fedora-messaging diff --git a/roles/fedora-web/build/tasks/main.yml b/roles/fedora-web/build/tasks/main.yml index 8656043540..7f3a70b678 100644 --- a/roles/fedora-web/build/tasks/main.yml +++ b/roles/fedora-web/build/tasks/main.yml @@ -74,7 +74,7 @@ tags: - fedora-web -- name: make fmw dir +- name: Make fmw dir file: state: directory path: /srv/web/fmw @@ -87,7 +87,7 @@ - fedora-web when: env != 'staging' -- name: make fmw dir +- name: Make fmw dir file: state: directory path: /srv/web/fmw diff --git a/roles/fedora-web/fedora.im/tasks/main.yml b/roles/fedora-web/fedora.im/tasks/main.yml index e589b7b80b..2cd4a89449 100644 --- a/roles/fedora-web/fedora.im/tasks/main.yml +++ b/roles/fedora-web/fedora.im/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: make /srv/web/fedora.im dir +- name: Make /srv/web/fedora.im dir file: state=directory path=/srv/web/fedora.im owner=apache @@ -23,7 +23,7 @@ - fedora-web - fedora-web/fedora.im -- name: copy in some matrix files +- name: Copy in some matrix files copy: > src={{item}} dest=/srv/web/fedora.im/{{item}} owner=root group=root mode=0644 @@ -34,7 +34,7 @@ - fedora-web - fedora-web/fedora.im -- name: grab some images from design +- name: Grab some images from design copy: > src={{item.src_name}} dest=/srv/web/fedora.im/{{item.dest}} owner=root group=root mode=0644 diff --git a/roles/fedora-web/ostree/tasks/main.yml b/roles/fedora-web/ostree/tasks/main.yml index e1b76f6b1f..55220427d1 100644 --- a/roles/fedora-web/ostree/tasks/main.yml +++ b/roles/fedora-web/ostree/tasks/main.yml @@ -7,7 +7,7 @@ - fedora-web - ostree -- name: make ostree dir +- name: Make ostree dir file: state=directory path=/srv/web/ostree owner=apache @@ -20,7 +20,7 @@ - ostree when: env != 'staging' -- name: make ostree dir +- name: Make ostree dir file: state=directory path=/srv/web/ostree owner=apache @@ -42,7 +42,7 @@ - fedora-web - ostree -- name: make IoT ostree dir +- name: Make IoT ostree dir file: state=directory path=/srv/web/ostree/iot owner=apache @@ -55,7 +55,7 @@ - ostree when: env != 'staging' -- name: make IoT ostree dir +- name: Make IoT ostree dir file: state=directory path=/srv/web/ostree/iot owner=apache diff --git a/roles/fedora-web/registry/tasks/main.yml b/roles/fedora-web/registry/tasks/main.yml index 3c4cc18e34..35fc02e435 100644 --- a/roles/fedora-web/registry/tasks/main.yml +++ b/roles/fedora-web/registry/tasks/main.yml @@ -1,10 +1,10 @@ --- -- name: make registry-signatures dir +- name: Make registry-signatures dir file: state=directory path=/srv/web/registry-signatures owner=apache group=sysadmin-releng mode=2775 setype=httpd_sys_content_t seuser=system_u tags: - fedora-web -- name: make registry-index dir +- name: Make registry-index dir file: state=directory path=/srv/web/registry-index owner=apache group=apache mode=755 setype=httpd_sys_content_t seuser=system_u tags: - fedora-web diff --git a/roles/flatpak-cache/tasks/main.yml b/roles/flatpak-cache/tasks/main.yml index 51ae84df78..e3415f7409 100644 --- a/roles/flatpak-cache/tasks/main.yml +++ b/roles/flatpak-cache/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: install packages needed +- name: Install packages needed package: name={{ item }} state=present with_items: - squid diff --git a/roles/freemedia/tasks/main.yml b/roles/freemedia/tasks/main.yml index 595f61e80f..7449af628a 100644 --- a/roles/freemedia/tasks/main.yml +++ b/roles/freemedia/tasks/main.yml @@ -1,7 +1,7 @@ --- # Tasklist for setting up freemedia cgi. -- name: install needed php packages +- name: Install needed php packages package: state: present name: @@ -11,12 +11,12 @@ tags: - packages -- name: setup /srv/web/freemedia directory +- name: Setup /srv/web/freemedia directory file: path=/srv/web/freemedia owner=root group=root mode=0755 state=directory tags: - config -- name: install /etc/httpd/conf.d/freemedia-app.conf file +- name: Install /etc/httpd/conf.d/freemedia-app.conf file copy: > src="freemedia-app.conf" dest="/etc/httpd/conf.d/freemedia-app.conf" @@ -28,7 +28,7 @@ tags: - config -- name: install /srv/web/freemedia/FreeMedia-form.html file +- name: Install /srv/web/freemedia/FreeMedia-form.html file copy: > src="FreeMedia-close.html" dest="/srv/web/freemedia/FreeMedia-form.html" @@ -38,7 +38,7 @@ tags: - config -- name: install /srv/web/freemedia/process.php file +- name: Install /srv/web/freemedia/process.php file copy: > src="process.php" dest="/srv/web/freemedia/process.php" @@ -48,7 +48,7 @@ tags: - config -- name: install /srv/web/freemedia/FreeMedia-error.html file +- name: Install /srv/web/freemedia/FreeMedia-error.html file copy: > src="FreeMedia-error.html" dest="/srv/web/freemedia/FreeMedia-error.html" @@ -58,7 +58,7 @@ tags: - config -- name: install /srv/web/freemedia/FreeMedia-error-embargoed-destination.html file +- name: Install /srv/web/freemedia/FreeMedia-error-embargoed-destination.html file copy: > src="FreeMedia-error-embargoed-destination.html" dest="/srv/web/freemedia/FreeMedia-error-embargoed-destination.html" @@ -68,7 +68,7 @@ tags: - config -- name: check the selinux context freemedia +- name: Check the selinux context freemedia command: matchpathcon /srv/web/freemedia register: freemediacontext check_mode: no diff --git a/roles/geoip-city-wsgi/app/tasks/main.yml b/roles/geoip-city-wsgi/app/tasks/main.yml index 3c4177fe65..4966f18624 100644 --- a/roles/geoip-city-wsgi/app/tasks/main.yml +++ b/roles/geoip-city-wsgi/app/tasks/main.yml @@ -4,7 +4,7 @@ # This is the role for geoip-city-wsgi. # # install necessary packages -- name: install python-paste-deploy geolite2-city python2-iso3166 python2-geoip2 +- name: Install python-paste-deploy geolite2-city python2-iso3166 python2-geoip2 package: name: - python-paste-deploy @@ -14,7 +14,7 @@ state: present when: ansible_distribution_major_version|int < 8 and ansible_distribution == 'RedHat' -- name: install python3-paste-deploy geolite2-city python3-iso3166 python3-geoip2 +- name: Install python3-paste-deploy geolite2-city python3-iso3166 python3-geoip2 package: name: - python3-paste-deploy @@ -25,7 +25,7 @@ when: ansible_distribution_major_version|int >= 8 and ansible_distribution == 'RedHat' -- name: install geoip-city-wsgi.conf file +- name: Install geoip-city-wsgi.conf file copy: > src="geoip-city-wsgi.conf" dest="/etc/httpd/conf.d/geoip-city-wsgi.conf" @@ -40,7 +40,7 @@ - geoip-city-wsgi - geoip-city-wsgi/app -- name: setup /usr/share/geoip-city-wsgi directory +- name: Setup /usr/share/geoip-city-wsgi directory file: > path=/usr/share/geoip-city-wsgi owner=root @@ -53,7 +53,7 @@ - geoip-city-wsgi - geoip-city-wsgi/app -- name: install geoip-city.wsgi file +- name: Install geoip-city.wsgi file copy: > src="geoip-city.wsgi" dest="/usr/share/geoip-city-wsgi/geoip-city.wsgi" diff --git a/roles/geoip/tasks/main.yml b/roles/geoip/tasks/main.yml index 735149a161..f5c72da854 100644 --- a/roles/geoip/tasks/main.yml +++ b/roles/geoip/tasks/main.yml @@ -1,18 +1,18 @@ --- # install python-geoIP -- name: install python-GeoIP +- name: Install python-GeoIP package: name=python-GeoIP state=present tags: - packages when: (ansible_distribution == 'RedHat' and ansible_distribution_major_version|int < 8) or (ansible_distribution_major_version|int < 30 and ansible_distribution == 'Fedora') -- name: install python3-geoip2 (RHEL8) +- name: Install python3-geoip2 (RHEL8) package: name=python3-geoip2 state=present tags: - packages when: (ansible_distribution == 'RedHat' and ansible_distribution_major_version|int >= 8) -- name: make sure the /usr/share/GeoIP/ directory exists +- name: Make sure the /usr/share/GeoIP/ directory exists file: path: /usr/share/GeoIP/ state: directory @@ -22,14 +22,14 @@ tags: - geoip -- name: push over the older geoip db +- name: Push over the older geoip db copy: src={{ item }} dest=/usr/share/GeoIP/ with_fileglob: - "{{ bigfiles }}/geoip/*.dat" tags: - geoip -- name: push over the newer geoip db +- name: Push over the newer geoip db copy: src={{ item }} dest=/usr/share/GeoIP/ with_fileglob: - "{{ bigfiles }}/geoip/*.mmdb" @@ -37,5 +37,5 @@ - geoip # comment out 2022-05-19. Script does not work since 2018. -# - name: geoip syncing script via cron +# - name: Geoip syncing script via cron # copy: src=geoip_sync dest=/etc/cron.d/geoip_sync mode=0644 diff --git a/roles/git/checks/tasks/main.yml b/roles/git/checks/tasks/main.yml index 55f14b534d..8228e50439 100644 --- a/roles/git/checks/tasks/main.yml +++ b/roles/git/checks/tasks/main.yml @@ -5,13 +5,13 @@ # it checks more than perms), and various other roles can then use it in cron # jobs, triggered by fedmsg, etc... -- name: install the needed packages +- name: Install the needed packages package: name=git state=present tags: - git - git/checks -- name: install the script +- name: Install the script copy: > src=check-perms.py dest=/usr/local/bin/git-check-perms owner=root group=root mode=0755 @@ -19,7 +19,7 @@ - git - git/checks -- name: install post-receive check script +- name: Install post-receive check script copy: > src=distgit_check_hook.py dest=/usr/local/bin/distgit_check_hook.py owner=root group=root mode=0755 diff --git a/roles/git/hooks/tasks/main.yml b/roles/git/hooks/tasks/main.yml index 7c79a2f5af..b28e5001a5 100644 --- a/roles/git/hooks/tasks/main.yml +++ b/roles/git/hooks/tasks/main.yml @@ -1,7 +1,7 @@ --- # tasklist for setting up git mail hooks -- name: install needed packages +- name: Install needed packages package: state: present name: @@ -17,7 +17,7 @@ - packages -- name: install the git hooks +- name: Install the git hooks copy: src={{item}} dest=/usr/share/git-core/ mode=0755 with_items: - post-receive-chained @@ -28,7 +28,7 @@ - git - git/hooks -- name: install the git mail hooks +- name: Install the git mail hooks copy: src={{item}} dest=/usr/share/git-core/mail-hooks/ mode=0755 with_items: - util.py diff --git a/roles/git/make_checkout_seed/tasks/main.yml b/roles/git/make_checkout_seed/tasks/main.yml index 15bf36d6f8..87c82f7274 100644 --- a/roles/git/make_checkout_seed/tasks/main.yml +++ b/roles/git/make_checkout_seed/tasks/main.yml @@ -1,25 +1,25 @@ --- # tasklist for setting up the Git checkout seed -- name: make sure packages needed are installed +- name: Make sure packages needed are installed package: name={{ item }} state=present with_items: - tar - python2 -- name: create the destination directory +- name: Create the destination directory file: dest=/srv/git_seed owner=root group=root mode=0755 state=directory when: env != 'staging' -- name: install the production version of the script and schedule its execution +- name: Install the production version of the script and schedule its execution copy: src=make-git-checkout-seed.sh dest=/usr/local/bin/make-git-checkout-seed.sh mode=0755 when: env != 'staging' -- name: install the alternative arch report script +- name: Install the alternative arch report script copy: src=alternative_arch_report.py dest=/usr/local/bin/alternative_arch_report.py mode=0755 when: env != 'staging' -- name: install cron job. +- name: Install cron job. cron: > name="make-git-checkout-seed" cron_file="ansible-make-git-checkout-seed" minute=0 hour=2 diff --git a/roles/git/server/tasks/main.yml b/roles/git/server/tasks/main.yml index 787a3bf1c3..95a37701da 100644 --- a/roles/git/server/tasks/main.yml +++ b/roles/git/server/tasks/main.yml @@ -1,22 +1,22 @@ --- # tasklist for setting up a git server (git:// access) -- name: install the git-daemon package +- name: Install the git-daemon package package: name=git-daemon state=present tags: git/server # If NOT using xinetd -- name: delete stock git daemon config +- name: Delete stock git daemon config file: path="/usr/lib/systemd/system/git.service" state=absent when: ansible_distribution_major_version|int >= 7 and ansible_distribution == 'RedHat' tags: git/server -- name: delete stock git daemon config +- name: Delete stock git daemon config file: path="/usr/lib/systemd/system/git.service" state=absent when: ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora' tags: git/server -- name: configure git daemon +- name: Configure git daemon template: > src="git@.service.j2" dest="/usr/lib/systemd/system/git@.service" @@ -24,7 +24,7 @@ when: ansible_distribution_major_version|int >= 7 and ansible_distribution == 'RedHat' tags: git/server -- name: configure git daemon +- name: Configure git daemon template: > src="git@.service.j2" dest="/usr/lib/systemd/system/git@.service" @@ -33,12 +33,12 @@ tags: git/server # If using xinetd -- name: install xinetd +- name: Install xinetd package: name=xinetd state=present when: ansible_distribution_major_version|int == 6 and ansible_distribution == 'RedHat' tags: git/server -- name: install the xinetd config file +- name: Install the xinetd config file template: > src="git.j2" dest="/etc/xinetd.d/git" diff --git a/roles/github2fedmsg/tasks/main.yml b/roles/github2fedmsg/tasks/main.yml index 082bdc2735..fd99685366 100644 --- a/roles/github2fedmsg/tasks/main.yml +++ b/roles/github2fedmsg/tasks/main.yml @@ -1,7 +1,7 @@ --- # Configuration for the tahrir webapp -- name: install needed packages +- name: Install needed packages package: name={{ item }} state=present with_items: - github2fedmsg @@ -12,7 +12,7 @@ - packages - github2fedmsg -- name: make some directories +- name: Make some directories file: dest="{{item}}" mode=0755 state=directory with_items: - /etc/github2fedmsg @@ -20,7 +20,7 @@ tags: - github2fedmsg -- name: copy github2fedmsg app configuration +- name: Copy github2fedmsg app configuration template: > src={{ item }} dest="/etc/github2fedmsg/{{ item }}" owner=apache group=apache mode=0600 @@ -32,7 +32,7 @@ notify: - restart apache -- name: copy github2fedmsg wsgi script +- name: Copy github2fedmsg wsgi script copy: > src={{ item }} dest="/usr/share/github2fedmsg/{{ item }}" owner=apache group=apache mode=0644 @@ -44,7 +44,7 @@ notify: - restart apache -- name: copy github2fedmsg httpd config +- name: Copy github2fedmsg httpd config template: > src={{ item }} dest="/etc/httpd/conf.d/{{ item }}" owner=apache group=apache mode=0644 @@ -56,7 +56,7 @@ notify: - restart apache -- name: hotfix - allow velruse to do stateless openid +- name: Hotfix - allow velruse to do stateless openid copy: > src=openid.py dest=/usr/lib/python2.7/site-packages/velruse/providers/openid.py @@ -68,7 +68,7 @@ - restart apache # Fix for https://pagure.io/fedora-infrastructure/issue/11776 -- name: hotfix - Fix the KeyError when looking for user in github event +- name: Hotfix - Fix the KeyError when looking for user in github event ansible.posix.patch: src: 11776.patch dest: /usr/lib/python2.7/site-packages/github2fedmsg/views/webhooks.py @@ -78,7 +78,7 @@ notify: - restart apache -- name: ensure selinux lets httpd talk to postgres +- name: Ensure selinux lets httpd talk to postgres seboolean: name=httpd_can_network_connect_db persistent=yes state=yes tags: - selinux diff --git a/roles/gitolite/base/tasks/main.yml b/roles/gitolite/base/tasks/main.yml index 96bf006b3e..fac27da3be 100644 --- a/roles/gitolite/base/tasks/main.yml +++ b/roles/gitolite/base/tasks/main.yml @@ -1,11 +1,11 @@ --- # tasklist for setting up a basic gitolite -- name: install the needed packages +- name: Install the needed packages package: name={{item}} state=present with_items: - gitolite3 - perl-Sys-Syslog -- name: ensure the /etc/gitolite directory +- name: Ensure the /etc/gitolite directory file: path=/etc/gitolite owner=root group=root mode=0755 state=directory diff --git a/roles/gitolite/check_fedmsg_hooks/tasks/main.yml b/roles/gitolite/check_fedmsg_hooks/tasks/main.yml index 757df7eca7..957dc65dc1 100644 --- a/roles/gitolite/check_fedmsg_hooks/tasks/main.yml +++ b/roles/gitolite/check_fedmsg_hooks/tasks/main.yml @@ -1,7 +1,7 @@ --- # tasklist for setting up Gitolite Fedmsg checks -- name: schedule check execution +- name: Schedule check execution cron: > name=git-check-perms cron_file=ansible-git-check-perms diff --git a/roles/grobisplitter/tasks/main.yml b/roles/grobisplitter/tasks/main.yml index db3012d41b..41fa9cccdc 100644 --- a/roles/grobisplitter/tasks/main.yml +++ b/roles/grobisplitter/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: install python packages +- name: Install python packages package: name={{ item }} state=present with_items: - createrepo_c @@ -10,12 +10,12 @@ tags: - grobi -- name: make sure that /usr/local/bin exists +- name: Make sure that /usr/local/bin exists file: path=/usr/local/bin state=directory tags: - grobi -- name: copy local/bin files +- name: Copy local/bin files copy: src={{item}} dest=/usr/local/bin/ mode=0755 with_items: - splitter.py @@ -23,7 +23,7 @@ tags: - grobi -- name: daily cron job to split and merge repos +- name: Daily cron job to split and merge repos copy: src={{item}} dest=/etc/cron.d/ mode=0644 with_items: - rhel8-split.cron diff --git a/roles/grokmirror_mirror/tasks/main.yml b/roles/grokmirror_mirror/tasks/main.yml index 6fd853eeef..1f723c639f 100644 --- a/roles/grokmirror_mirror/tasks/main.yml +++ b/roles/grokmirror_mirror/tasks/main.yml @@ -3,35 +3,35 @@ # Setup a host to mirror our various git repos with grokmirror # -- name: install grokmirror +- name: Install grokmirror package: name=python3-grokmirror state=installed tags: - grokmirror-mirror -- name: create grokmirror user to own mirrored file and run scripts +- name: Create grokmirror user to own mirrored file and run scripts user: name=grokmirror local=true -- name: create directory to mirror repos to +- name: Create directory to mirror repos to file: dest={{grokmirror_topdir}} mode=0755 state=directory owner=grokmirror tags: - grokmirror-mirror -- name: create directory to mirror site to +- name: Create directory to mirror site to file: dest={{grokmirror_topdir}}/src.fedoraproject.org mode=0755 state=directory owner=grokmirror tags: - grokmirror-mirror -- name: install grokmirror config file from template +- name: Install grokmirror config file from template template: src=grokmirror.conf dest={{grokmirror_topdir}}/grokmirror.conf owner=root group=root mode=644 tags: - grokmirror-mirror -- name: install grokmirror repos cron job +- name: Install grokmirror repos cron job template: src=grokmirror.cron dest=/etc/cron.d/grokmirror.cron owner=root group=root mode=644 tags: - grokmirror-mirror -- name: install grokmirror fsck cron job +- name: Install grokmirror fsck cron job template: src=grokfsck.cron dest=/etc/cron.d/grokfsck.cron owner=root group=root mode=644 tags: - grokmirror-mirror diff --git a/roles/haproxy/handlers/main.yml b/roles/haproxy/handlers/main.yml index 2de15f4574..33f02d42ee 100644 --- a/roles/haproxy/handlers/main.yml +++ b/roles/haproxy/handlers/main.yml @@ -1,3 +1,3 @@ --- -- name: restart haproxy +- name: Restart haproxy service: name=haproxy state=restarted diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml index dff61ca1d5..d576ef9fa5 100644 --- a/roles/haproxy/tasks/main.yml +++ b/roles/haproxy/tasks/main.yml @@ -1,7 +1,7 @@ --- # Tasks to set up haproxy -- name: install needed packages +- name: Install needed packages package: name={{ item }} state=present with_items: - haproxy @@ -10,7 +10,7 @@ - packages - haproxy -- name: install haproxy/cfg +- name: Install haproxy/cfg template: src={{ item.file }} dest={{ item.dest }} owner=root group=root mode=0600 @@ -21,7 +21,7 @@ tags: - haproxy -- name: install limits.conf and 503.http +- name: Install limits.conf and 503.http copy: src={{ item.file }} dest={{ item.dest }} owner=root group=root mode=0600 @@ -31,7 +31,7 @@ tags: - haproxy -- name: install pem cert +- name: Install pem cert copy: src={{ item.file }} dest={{ item.dest }} owner=root group=root mode=0600 @@ -41,14 +41,14 @@ tags: - haproxy -- name: install ocp api pem cert +- name: Install ocp api pem cert copy: src={{ private }}/files/httpd/api-int.ocp{{ env_suffix }}.fedoraproject.org.pem dest=/etc/haproxy/ocp4.pem owner=root group=root mode=0600 tags: - haproxy -- name: install libsemanage +- name: Install libsemanage package: state: present name: @@ -58,7 +58,7 @@ - selinux when: (ansible_distribution == 'RedHat' and ansible_distribution_major_version|int < 8) or (ansible_distribution_major_version|int < 30 and ansible_distribution == 'Fedora') -- name: install libsemanage in a python3 manner +- name: Install libsemanage in a python3 manner package: state: present name: @@ -78,20 +78,20 @@ # These following four tasks are used for copying over our custom selinux # module. -- name: ensure a directory exists for our custom selinux module +- name: Ensure a directory exists for our custom selinux module file: dest=/usr/share/haproxy state=directory tags: - haproxy - selinux -- name: copy over our general haproxy selinux module +- name: Copy over our general haproxy selinux module copy: src=selinux/fi-haproxy.pp dest=/usr/share/haproxy/fi-haproxy.pp register: fi_haproxy_module tags: - haproxy - selinux -- name: check to see if its even installed yet +- name: Check to see if its even installed yet shell: semodule -l | grep fi-haproxy | wc -l register: fi_haproxy_grep check_mode: no @@ -100,7 +100,7 @@ - haproxy - selinux -- name: install our general haproxy selinux module +- name: Install our general haproxy selinux module command: semodule -i /usr/share/haproxy/fi-haproxy.pp when: fi_haproxy_module is changed or fi_haproxy_grep is changed tags: @@ -108,7 +108,7 @@ - selinux -- name: check haproxy cfg to make sure it is valid +- name: Check haproxy cfg to make sure it is valid command: haproxy -c -f /etc/haproxy/haproxy.cfg check_mode: no register: haproxyconfigcheck diff --git a/roles/hosts/tasks/main.yml b/roles/hosts/tasks/main.yml index 538e337e99..b059b5e7af 100644 --- a/roles/hosts/tasks/main.yml +++ b/roles/hosts/tasks/main.yml @@ -9,7 +9,7 @@ # This will move a /etc/hosts in place if it's setup in files for that host/domain # Note that if it's not set it will just skip this play and do nothing. # -- name: setup /etc/hosts for some clients that are not on the vpn or are and in iad2 +- name: Setup /etc/hosts for some clients that are not on the vpn or are and in iad2 copy: src={{ item }} dest=/etc/hosts with_first_found: - "{{ inventory_hostname }}-hosts" @@ -23,7 +23,7 @@ - config - hosts -- name: setup /etc/hosts for some clients on the vpn, that are not in iad2 +- name: Setup /etc/hosts for some clients on the vpn, that are not in iad2 copy: src={{ item }} dest=/etc/hosts with_first_found: - "{{ inventory_hostname }}-hosts" diff --git a/roles/httpd/proxy/tasks/main.yml b/roles/httpd/proxy/tasks/main.yml index d6269d4756..1904ad49e8 100644 --- a/roles/httpd/proxy/tasks/main.yml +++ b/roles/httpd/proxy/tasks/main.yml @@ -45,7 +45,7 @@ - httpd - httpd/proxy -- name: set the apache mpm to use event MPM +- name: Set the apache mpm to use event MPM copy: src=00-mpm.conf dest=/etc/httpd/conf.modules.d/00-mpm.conf notify: - reload proxyhttpd @@ -53,7 +53,7 @@ - httpd - httpd/proxy -- name: install libsemanage +- name: Install libsemanage package: state: present name: @@ -64,7 +64,7 @@ - selinux when: (ansible_distribution == 'RedHat' and ansible_distribution_major_version|int < 8) or (ansible_distribution_major_version|int < 30 and ansible_distribution == 'Fedora') -- name: install libsemanage in a python3 manner +- name: Install libsemanage in a python3 manner package: state: present name: @@ -92,21 +92,21 @@ - httpd - httpd/proxy -- name: disable systemd-oomd we do not need or want it +- name: Disable systemd-oomd we do not need or want it service: name=systemd-oomd state=stopped enabled=no tags: - httpd - httpd/proxy - disablesystemdoomd -- name: create systemd drop in dir for httpd +- name: Create systemd drop in dir for httpd file: path=/etc/systemd/system/httpd.service.d/ state=directory tags: - httpd - httpd/proxy - httpdoverride -- name: create systemd drop in dir for httpd +- name: Create systemd drop in dir for httpd copy: src=httpdoverride.conf dest=/etc/systemd/system/httpd.service.d/httpdoverride.conf tags: - httpd diff --git a/roles/ipa/client/handlers/main.yml b/roles/ipa/client/handlers/main.yml index d821acf113..86b6dbb84d 100644 --- a/roles/ipa/client/handlers/main.yml +++ b/roles/ipa/client/handlers/main.yml @@ -1,6 +1,6 @@ --- -- name: clean sss caches +- name: Clean sss caches command: sss_cache -E -- name: restart sssd +- name: Restart sssd shell: systemctl restart sssd diff --git a/roles/ipa/client/tasks/hbac.yml b/roles/ipa/client/tasks/hbac.yml index a903e8f272..16c77b8129 100644 --- a/roles/ipa/client/tasks/hbac.yml +++ b/roles/ipa/client/tasks/hbac.yml @@ -41,7 +41,7 @@ loop: "{{ ipa_servers }}" when: ipa_servers is defined -- name: print ipa_servers +- name: Print ipa_servers debug: "var=ipa_servers" - name: "Let everybody run sudo" diff --git a/roles/ipa/service/tasks/main.yml b/roles/ipa/service/tasks/main.yml index 9b0ab60511..7503708085 100644 --- a/roles/ipa/service/tasks/main.yml +++ b/roles/ipa/service/tasks/main.yml @@ -22,7 +22,7 @@ - config - krb5 -- name: fail only when krbprincipalname isn't already defined +- name: Fail only when krbprincipalname isn't already defined fail: msg: "Failed to define ipa/service {{ service }}/{{ host }}" when: diff --git a/roles/ipsilon/handlers/main.yml b/roles/ipsilon/handlers/main.yml index c21d1696ff..c52037cae3 100644 --- a/roles/ipsilon/handlers/main.yml +++ b/roles/ipsilon/handlers/main.yml @@ -1,5 +1,5 @@ --- -- name: restart sssd +- name: Restart sssd service: name: sssd state: restarted diff --git a/roles/ipsilon/tasks/main.yml b/roles/ipsilon/tasks/main.yml index 2df6ace7a6..72e612c1ee 100644 --- a/roles/ipsilon/tasks/main.yml +++ b/roles/ipsilon/tasks/main.yml @@ -1,7 +1,7 @@ --- # Configuration for the ipsilon webapp -- name: install needed packages +- name: Install needed packages package: state: present update_cache: yes @@ -94,7 +94,7 @@ - ipsilon - patches -- name: make sure /etc/ipsilon/root is owned correctly +- name: Make sure /etc/ipsilon/root is owned correctly file: path: "/etc/ipsilon/root" owner: ipsilon @@ -105,7 +105,7 @@ - ipsilon - config -- name: copy ipsilon configuration +- name: Copy ipsilon configuration template: src: "ipsilon.conf" dest: "/etc/ipsilon/root/ipsilon.conf" @@ -118,7 +118,7 @@ notify: - restart apache -- name: copy ipsilon admin configuration +- name: Copy ipsilon admin configuration template: src: "configuration.conf" dest: "/etc/ipsilon/root/configuration.conf" @@ -131,7 +131,7 @@ notify: - restart apache -- name: copy ipsilon OIDC client config +- name: Copy ipsilon OIDC client config copy: src: "{{ private }}/files/ipsilon/openidc.{{env}}.static" dest: /etc/ipsilon/root/openidc.static.cfg @@ -145,7 +145,7 @@ notify: - restart apache -- name: copy ipsilon httpd config +- name: Copy ipsilon httpd config template: src: "httpd.conf.j2" dest: /etc/ipsilon/root/idp.conf @@ -155,7 +155,7 @@ notify: - restart apache -- name: copy OIDC private key +- name: Copy OIDC private key copy: src: "{{ private }}/files/ipsilon/openidc{{ env_suffix }}.key" dest: /etc/ipsilon/root/openidc.key @@ -165,7 +165,7 @@ tags: - ipsilon -- name: create SAML2 dir +- name: Create SAML2 dir file: path: /etc/ipsilon/root/saml2 state: directory @@ -176,7 +176,7 @@ tags: - ipsilon -- name: copy SAML2 private key +- name: Copy SAML2 private key copy: src: "{{ private }}/files/saml2/{{ env }}/keys/idp.key" dest: /etc/ipsilon/root/saml2/idp.key @@ -186,7 +186,7 @@ tags: - ipsilon -- name: copy SAML2 public key +- name: Copy SAML2 public key copy: src: "{{ private }}/files/saml2/{{ env }}/keys/idp.crt" dest: /etc/ipsilon/root/saml2/idp.crt @@ -196,7 +196,7 @@ tags: - ipsilon -- name: copy saml2 metadata script +- name: Copy saml2 metadata script template: src: prepare-saml2-metadata.py dest: /usr/local/bin/prepare-saml2-metadata @@ -206,7 +206,7 @@ tags: - ipsilon -- name: generate the saml2 metadata +- name: Generate the saml2 metadata become_user: ipsilon become: yes command: @@ -215,7 +215,7 @@ tags: - ipsilon -- name: set sebooleans so ipsilon can talk to the db +- name: Set sebooleans so ipsilon can talk to the db seboolean: name: httpd_can_network_connect_db state: true @@ -223,7 +223,7 @@ tags: - ipsilon -- name: set sebooleans so ipsilon can talk to IPA for the openid extension +- name: Set sebooleans so ipsilon can talk to IPA for the openid extension seboolean: name: httpd_can_network_connect state: true @@ -231,7 +231,7 @@ tags: - ipsilon -- name: set sebooleans so ipsilon can talk to sssd +- name: Set sebooleans so ipsilon can talk to sssd seboolean: name: httpd_dbus_sssd state: true @@ -239,7 +239,7 @@ tags: - ipsilon -- name: set sebooleans so ipsilon can use python-pam +- name: Set sebooleans so ipsilon can use python-pam seboolean: name: "{{ item }}" state: true @@ -250,14 +250,14 @@ tags: - ipsilon -- name: apply selinux type to the wsgi file +- name: Apply selinux type to the wsgi file file: dest: /usr/libexec/ipsilon setype: httpd_sys_content_t tags: - ipsilon -- name: copy SSSd configuration +- name: Copy SSSd configuration template: src: sssd.conf dest: /etc/sssd/sssd.conf diff --git a/roles/ipsilon/tasks/patches.yml b/roles/ipsilon/tasks/patches.yml index f6baed00f3..621946658d 100644 --- a/roles/ipsilon/tasks/patches.yml +++ b/roles/ipsilon/tasks/patches.yml @@ -1,22 +1,22 @@ --- -- name: install patch and filterdiff +- name: Install patch and filterdiff dnf: name: - patch - patchutils -- name: prepare the patches directory +- name: Prepare the patches directory file: path: /opt/ipsilon-patches state: directory -- name: download patches +- name: Download patches copy: > src=/srv/web/infra/bigfiles/hotfixes/ipsilon/{{ item }} dest=/opt/ipsilon-patches/{{item}}.patch owner=root group=root mode=0644 loop: "{{ ipsilon_patches }}" -- name: apply patches +- name: Apply patches ansible.builtin.shell: chdir: "{{ ansible_facts['python3']['sitelib'] }}" cmd: filterdiff --include '?/ipsilon/*' /opt/ipsilon-patches/{{item}}.patch | patch -p1 --forward --fuzz=0 --reject-file=- --batch diff --git a/roles/iscsi_client/tasks/main.yml b/roles/iscsi_client/tasks/main.yml index e7b10fe3e3..09ef20ac78 100644 --- a/roles/iscsi_client/tasks/main.yml +++ b/roles/iscsi_client/tasks/main.yml @@ -3,7 +3,7 @@ # This task sets up iscsid and mpathd on a machine. # # -- name: install packages needed for iscsi_client (yum) +- name: Install packages needed for iscsi_client (yum) package: state: present name: @@ -13,7 +13,7 @@ - packages when: ansible_distribution_major_version|int < 8 and ansible_distribution == "RedHat" -- name: install packages needed for iscsi_client (dnf) +- name: Install packages needed for iscsi_client (dnf) package: state: present name: @@ -23,7 +23,7 @@ - packages when: ansible_distribution_major_version|int >= 29 and ansible_distribution == "Fedora" and ansible_cmdline.ostree is not defined -- name: install packages needed for iscsi_client (dnf) +- name: Install packages needed for iscsi_client (dnf) package: state: present name: @@ -33,44 +33,44 @@ - packages when: ansible_distribution_major_version|int >= 8 and ansible_distribution == "RedHat" and ansible_cmdline.ostree is not defined -- name: enable iscsi service +- name: Enable iscsi service service: state=started enabled=yes name=iscsi tags: - services -- name: enable multipathd service +- name: Enable multipathd service service: state=started enabled=yes name=multipathd tags: - services -- name: setup multipath.conf file +- name: Setup multipath.conf file copy: src=multipath.conf dest=/etc/multipath.conf tags: - config -- name: setup initiatorname.iscsi +- name: Setup initiatorname.iscsi template: src=initiatorname.iscsi.j2 dest=/etc/iscsi/initiatorname.iscsi tags: - config -- name: set up iscsi interface for EL8 +- name: Set up iscsi interface for EL8 command: creates=/var/lib/iscsi/ifaces/{{ netapp_iscsi_interface_iad2 }} iscsiadm -m iface -I {{ netapp_iscsi_interface_iad2 }} --op=new when: ansible_distribution_major_version|int >= 8 and ansible_distribution == "RedHat" and datacenter == 'iad2' tags: - config -- name: run iscsiadm command for initial connect to PHX2 vtap-fedora-iscsi01 +- name: Run iscsiadm command for initial connect to PHX2 vtap-fedora-iscsi01 command: creates=/var/lib/iscsi/nodes/{{ netapp_iscsi_name }}/{{ netapp_iscsi_portal }},3260 /sbin/iscsiadm --mode node --targetname --portal {{ netapp_iscsi_portal }} -o new ; /sbin/iscsiadm --mode node --targetname {{ netapp_iscsi_name }} --portal {{ netapp_iscsi_portal }} --login tags: - config -- name: run iscsiadm command for initial connect to IAD2 vtap-fedora-iscsi01 +- name: Run iscsiadm command for initial connect to IAD2 vtap-fedora-iscsi01 command: creates=/var/lib/iscsi/nodes/{{ netapp_iscsi_name_iad2 }}/{{ netapp_iscsi_portal_iad2 }},3260 /sbin/iscsiadm --mode node --targetname --portal {{ netapp_iscsi_portal_iad2 }} -o new ; /sbin/iscsiadm --mode node --targetname {{ netapp_iscsi_name_iad2 }} --portal {{ netapp_iscsi_portal_iad2 }} --login when: ansible_distribution_major_version|int >= 8 and ansible_distribution == "RedHat" and datacenter == 'iad2' tags: - config -# - name: run iscsiadm command for initial connect to vtap-fedora-nfs01 +# - name: Run iscsiadm command for initial connect to vtap-fedora-nfs01 # command: creates=/var/lib/iscsi/nodes/{{ netapp_nfs01_iscsi_name }}/{{ netapp_nfs01_iscsi_portal }},3260 /sbin/iscsiadm --mode node --targetname --portal {{ netapp_nfs01_iscsi_portal }} -o new ; /sbin/iscsiadm --mode node --targetname {{ netapp_nfs01_iscsi_name }} --portal {{ netapp_nfs01_iscsi_portal }} --login # tags: # - config diff --git a/roles/keepalived/handlers/main.yml b/roles/keepalived/handlers/main.yml index 2ac9fe3e5a..861cdb5561 100644 --- a/roles/keepalived/handlers/main.yml +++ b/roles/keepalived/handlers/main.yml @@ -1,3 +1,3 @@ --- -- name: restart keepalived +- name: Restart keepalived service: name=keepalived state=restarted diff --git a/roles/kerneltest/tasks/main.yml b/roles/kerneltest/tasks/main.yml index 33d0f05706..8c823571a8 100644 --- a/roles/kerneltest/tasks/main.yml +++ b/roles/kerneltest/tasks/main.yml @@ -1,7 +1,7 @@ --- # Configuration for the kerneltest webapp -- name: install needed packages +- name: Install needed packages package: name={{ item }} state=present update_cache=yes with_items: - kerneltest @@ -35,7 +35,7 @@ notify: - restart apache -- name: create the database scheme +- name: Create the database scheme when: inventory_hostname.startswith('kerneltest01') command: /usr/bin/python2 /usr/share/kerneltest/kerneltest_createdb.py environment: @@ -43,19 +43,19 @@ tags: - kerneltest -- name: set sebooleans so the app can talk to the db and send emails +- name: Set sebooleans so the app can talk to the db and send emails seboolean: name=httpd_can_network_connect state=true persistent=true tags: - kerneltest - selinux -- name: set sebooleans so the app can talk to the db and send emails +- name: Set sebooleans so the app can talk to the db and send emails seboolean: name=httpd_can_network_connect_db persistent=yes state=yes tags: - kerneltest - selinux -- name: apply selinux type to log files +- name: Apply selinux type to log files file: > dest=/var/www/logs setype=httpd_sys_rw_content_t diff --git a/roles/koji_builder/handlers/main.yml b/roles/koji_builder/handlers/main.yml index 407cf29da4..51c09d6c9c 100644 --- a/roles/koji_builder/handlers/main.yml +++ b/roles/koji_builder/handlers/main.yml @@ -1,3 +1,3 @@ --- -- name: restart kojid +- name: Restart kojid action: service name=kojid state=restarted diff --git a/roles/koji_builder/tasks/main.yml b/roles/koji_builder/tasks/main.yml index ce0d085e28..2b9ffb0280 100644 --- a/roles/koji_builder/tasks/main.yml +++ b/roles/koji_builder/tasks/main.yml @@ -2,58 +2,58 @@ # This is a base koji_builder role. # --- -- name: set hostname +- name: Set hostname hostname: name="{{inventory_hostname}}" tags: - koji_builder -- name: set root passwd +- name: Set root passwd user: name=root password={{ builder_rootpw }} state=present tags: - koji_builder - rootpw -- name: add mock user as 425 +- name: Add mock user as 425 user: name=mock uid=425 state=present home=/var/lib/mock createhome=yes system=yes tags: - koji_builder -- name: make mock homedir perms +- name: Make mock homedir perms file: state=directory path=/var/lib/mock mode=2775 owner=root group=mock tags: - koji_builder -- name: add mock ssh dir +- name: Add mock ssh dir file: state=directory path=/var/lib/mock/.ssh mode=700 owner=mock group=mock tags: - koji_builder -- name: add mock ssh keys +- name: Add mock ssh keys copy: src=mock_auth_keys dest=/var/lib/mock/.ssh/authorized_keys mode=640 owner=mock group=mock tags: - koji_builder -- name: add kojibuilder +- name: Add kojibuilder user: name=kojibuilder groups=mock tags: - koji_builder -- name: add mockbuilder +- name: Add mockbuilder user: name=mockbuilder groups=mock tags: - koji_builder -- name: mockbuilder .ssh dir +- name: Mockbuilder .ssh dir file: state=directory path=/home/mockbuilder/.ssh mode=700 owner=mockbuilder group=mockbuilder tags: - koji_builder -- name: mockbuilder ssh key +- name: Mockbuilder ssh key copy: src=ftbfs_auth_keys dest=/home/mockbuilder/.ssh/authorized_keys mode=644 owner=mockbuilder group=mockbuilder tags: - koji_builder -- name: make a bunch of dirs +- name: Make a bunch of dirs file: state=directory path={{ item }} with_items: - /pub @@ -102,7 +102,7 @@ # rpmautospec plugin # -- name: remove koji builder rpmautospec plugin +- name: Remove koji builder rpmautospec plugin package: name: - koji-builder-plugin-rpmautospec @@ -114,7 +114,7 @@ - koji_builder - rpmautospec -- name: remove obsolete configuration of rpmautospec +- name: Remove obsolete configuration of rpmautospec file: path: "/etc/kojid/plugins/{{ item }}" state: absent @@ -127,12 +127,12 @@ - koji_builder - rpmautospec -- name: install Flatpak builder plugin +- name: Install Flatpak builder plugin package: name=koji-flatpak-builder state=present tags: - koji_builder -- name: configure flatpak-builder plugin +- name: Configure flatpak-builder plugin template: src=flatpak.conf dest=/etc/kojid/plugins/flatpak.conf vars: candidate_registry: "candidate-registry{{ env_suffix }}.fedoraproject.org" @@ -147,12 +147,12 @@ - koji_builder when: "ansible_architecture is defined and ansible_architecture == 'aarch64'" -- name: enable virtlogd service +- name: Enable virtlogd service service: name=virtlogd state=started enabled=yes tags: - koji_builder -- name: build /etc/kojid/kojid.conf from group vars +- name: Build /etc/kojid/kojid.conf from group vars template: src=kojid.conf dest=/etc/kojid/kojid.conf notify: - restart kojid @@ -166,7 +166,7 @@ - koji_builder - koji_builder_osbuild -- name: build /etc/koji-osbuild/builder.conf +- name: Build /etc/koji-osbuild/builder.conf template: src=builder.conf{{env_suffix}} dest=/etc/koji-osbuild/builder.conf notify: - restart kojid @@ -174,12 +174,12 @@ - koji_builder - koji_builder_osbuild -- name: build /etc/koji/koji.conf from group vars +- name: Build /etc/koji/koji.conf from group vars template: src=koji.conf dest=/etc/koji.conf tags: - koji_builder -- name: config for the kojid runroot plugin (only some builders) +- name: Config for the kojid runroot plugin (only some builders) template: src=runroot.conf.j2 dest=/etc/kojid/plugins/runroot.conf when: "'runroot' in group_names" notify: @@ -187,7 +187,7 @@ tags: - koji_builder -- name: override kojid.service file to set TasksMax to unlimited +- name: Override kojid.service file to set TasksMax to unlimited copy: src=kojid.service dest=/etc/systemd/system/kojid.service notify: - reload systemd @@ -196,29 +196,29 @@ - koji_builder # setup for oz/imagefactory -- name: make .psphere dir +- name: Make .psphere dir file: state=directory path=/root/.psphere mode=775 owner=root group=root tags: - koji_builder -- name: make .psphere/templates dir +- name: Make .psphere/templates dir file: state=directory path=/root/.psphere/templates mode=775 owner=root group=root tags: - koji_builder -- name: copy over /root/.psphere/config.yaml +- name: Copy over /root/.psphere/config.yaml copy: src={{ private }}/files/koji/config.yaml dest=/root/.psphere/config.yaml tags: - koji_builder # done oz/imagefactory -- name: copy over /etc/security/limits.conf +- name: Copy over /etc/security/limits.conf copy: src=limits.conf dest=/etc/security/limits.conf tags: - koji_builder # oz.cfg upstream ram and cpu definitions are not enough -- name: oz.cfg +- name: Oz.cfg template: src=oz.cfg.j2 dest=/etc/oz/oz.cfg tags: - koji_builder @@ -229,7 +229,7 @@ # This provides us with the ability to use virt-manager from non root accounts. # This is useful in the oz/imagefactory context for debugging -- name: install libvirtd.conf +- name: Install libvirtd.conf copy: src="{{ files }}/virthost/libvirtd.conf" dest=/etc/libvirt/libvirtd.conf tags: - koji_builder @@ -243,7 +243,7 @@ # away from oz/Imagefactory so we don't need virt instances for image builds # anymore. -- name: install libvirt/network.conf +- name: Install libvirt/network.conf copy: src=network.conf dest=/etc/libvirt/network.conf notify: - restart virtnetworkd @@ -255,13 +255,13 @@ # On primary we want to make a /mnt/koji link to /mnt/fedora_koji/koji # -- name: make a mnt/koji link +- name: Make a mnt/koji link file: state=link src=/mnt/fedora_koji/koji dest=/mnt/koji when: koji_hub_nfs is defined and koji_hub_nfs == "fedora_koji" and createrepo == True tags: - koji_builder -- name: make a mnt/koji link +- name: Make a mnt/koji link file: state=link src=/mnt/fedora_koji/koji dest=/mnt/koji force=yes when: inventory_hostname.startswith(('buildvm-s390x-11', 'buildvm-s390x-12', 'buildvm-s390x-13')) tags: @@ -271,13 +271,13 @@ # alternative arch builders however want to link to just /mnt/fedora_koji # -- name: make a mnt/koji link +- name: Make a mnt/koji link file: state=link src=/mnt/fedora_koji dest=/mnt/koji when: koji_hub_nfs is defined and koji_hub_nfs != "fedora_koji" and createrepo == True tags: - koji_builder -- name: mock site-defaults.cfg +- name: Mock site-defaults.cfg template: src=builders/site-defaults.cfg dest=/etc/mock/site-defaults.cfg mode=0644 owner=root group=mock when: not inventory_hostname.startswith(('bkernel')) tags: @@ -286,7 +286,7 @@ # x86_64 builders run both x86_64 and i686 builds, that requires multilib # version of nosync installed to fully take advantage of nosync -- name: special pkgs for the x86_64 builders +- name: Special pkgs for the x86_64 builders package: state: present name: @@ -325,7 +325,7 @@ - koji_builder - removehttpd -- name: make sure we are in permissive selinux mode +- name: Make sure we are in permissive selinux mode selinux: policy=targeted state=permissive tags: - koji_builder @@ -343,7 +343,7 @@ when: env == "staging" # https://pagure.io/fedora-infrastructure/issue/6636 -- name: install libkcapi to get increased sockets on armv7 +- name: Install libkcapi to get increased sockets on armv7 dnf: name=libkcapi enablerepo=updates-testing state=present tags: - koji_builder @@ -352,7 +352,7 @@ # set highmem_is_dirtyable in compose armv7 machines. # see: https://bugzilla.redhat.com/show_bug.cgi?id=1504264 # -- name: set highmem_is_dirtyable on armv7 builders that are in the compose channel. +- name: Set highmem_is_dirtyable on armv7 builders that are in the compose channel. sysctl: name=vm.highmem_is_dirtyable value=1 state=present sysctl_set=yes reload=yes tags: - koji_builder @@ -375,25 +375,25 @@ - koji_builder/rngd when: ansible_architecture == 'x86_64' -- name: disable systemd-oomd we do not need or want it +- name: Disable systemd-oomd we do not need or want it systemd: name=systemd-oomd state=stopped enabled=no masked=true tags: - koji_builder - koji_builder/oomd -- name: install script to update osbuild api ip in the firewall +- name: Install script to update osbuild api ip in the firewall template: src=osbuildapi-update.sh dest=/usr/local/bin/osbuildapi-update.sh mode=755 tags: - koji_builder - koji_builder/osbuildapi -- name: install cron job to run osbuild api ip update script every minute. +- name: Install cron job to run osbuild api ip update script every minute. template: src=osbuildapi-update.cron dest=/etc/cron.d/osbuildapi-update.cron mode=644 tags: - koji_builder - koji_builder/osbuildapi -- name: create override dir for systemd-nspawn containers config +- name: Create override dir for systemd-nspawn containers config file: state: directory owner: root @@ -405,7 +405,7 @@ - koji_builder - koji_builder/nspawn -- name: create override config for systemd-nspawn containers to allow coredumps +- name: Create override config for systemd-nspawn containers to allow coredumps template: src=nspawn-override.conf dest=/etc/systemd/system/machine-.scope.d/80-infra.conf mode=0644 when: inventory_hostname.startswith(('buildhw-a64')) tags: diff --git a/roles/koji_db/tasks/main.yml b/roles/koji_db/tasks/main.yml index 8723bb4dd1..84b9a9fe10 100644 --- a/roles/koji_db/tasks/main.yml +++ b/roles/koji_db/tasks/main.yml @@ -5,7 +5,7 @@ # # create a koji db user to own the db with the kojidatabasepassword from private # -- name: koji db user +- name: Koji db user postgresql_user: name=koji password={{ aarch64kojidatabasepassword }} tags: - db @@ -13,7 +13,7 @@ # # create a koji database if not already created # -- name: databases creation +- name: Databases creation postgresql_db: name=koji owner=koji encoding=UTF-8 tags: - db @@ -21,7 +21,7 @@ # # Load the initial schema and create a file to note that it's loaded now. # -- name: load initial schema +- name: Load initial schema shell: creates=/var/lib/pgql/koji-schema psql koji koji < /usr/share/doc/koji*/docs/schema.sql tags: - db diff --git a/roles/koji_hub/tasks/main.yml b/roles/koji_hub/tasks/main.yml index 30d6e504d1..7116d364dd 100644 --- a/roles/koji_hub/tasks/main.yml +++ b/roles/koji_hub/tasks/main.yml @@ -2,7 +2,7 @@ # # Setup koji hub server. # -- name: install koji hub server packages +- name: Install koji hub server packages package: name={{ item }} state=present with_items: - koji-hub @@ -23,7 +23,7 @@ # # Setup koji hub osbuild plugin. # -- name: install image builder server packages +- name: Install image builder server packages package: name={{ item }} state=present with_items: - koji-osbuild-hub @@ -34,10 +34,10 @@ - koji_hub - koji_hub_osbuild -- name: make koji pki directory +- name: Make koji pki directory file: state=directory path=/etc/pki/koji/ owner=root group=root -- name: make koji pki subdirectories +- name: Make koji pki subdirectories file: state=directory path=/etc/pki/koji/{{ item }} owner=root group=root with_items: - certs @@ -46,7 +46,7 @@ tags: - koji_hub -- name: fedmenu shim +- name: Fedmenu shim template: src=fedmenu-extra-footer.html dest=/usr/share/koji-web/static/extra-footer.html tags: koji_hub notify: reload httpd @@ -56,7 +56,7 @@ # https://lists.fedoraproject.org/pipermail/buildsys/2015-April/004636.html when: env == 'staging' -- name: set the apache mpm to use event MPM +- name: Set the apache mpm to use event MPM copy: src=00-mpm.conf dest=/etc/httpd/conf.modules.d/00-mpm.conf notify: - reload proxyhttpd @@ -64,7 +64,7 @@ - config - koji_hub -- name: hub config +- name: Hub config template: src=hub.conf.j2 dest=/etc/koji-hub/hub.conf owner=apache group=apache mode=600 tags: - config @@ -72,28 +72,28 @@ - koji_hub_osbuild notify: reload httpd -- name: kojiweb config +- name: Kojiweb config template: src=web.conf.j2 dest=/etc/kojiweb/web.conf owner=apache group=apache mode=600 tags: - config - koji_hub notify: reload httpd -- name: enable httpd_can_network_connect SELinux boolean for fedmsg +- name: Enable httpd_can_network_connect SELinux boolean for fedmsg seboolean: name=httpd_can_network_connect state=yes persistent=yes tags: - config - selinux - koji_hub -- name: enable httpd_use_nfs SELinux boolean for fedmsg +- name: Enable httpd_use_nfs SELinux boolean for fedmsg seboolean: name=httpd_use_nfs state=yes persistent=yes tags: - config - selinux - koji_hub -- name: install fedora-messaging as a dependency for the plugin (fedora) +- name: Install fedora-messaging as a dependency for the plugin (fedora) package: name={{ item }} state=present with_items: - python3-fedora-messaging @@ -103,13 +103,13 @@ - fedora-messaging when: ansible_distribution == "Fedora" -- name: create the config folder for fedora-messaging +- name: Create the config folder for fedora-messaging file: path=/etc/fedora-messaging/ owner=root group=root mode=0755 state=directory tags: - koji_hub - fedora-messaging -- name: install the configuration file for fedora-messaging +- name: Install the configuration file for fedora-messaging template: src=fedora-messaging.toml dest=/etc/fedora-messaging/config.toml @@ -118,14 +118,14 @@ - koji_hub - fedora-messaging -- name: create folder where we'll place the certs +- name: Create folder where we'll place the certs file: path=/etc/pki/rabbitmq/kojicert/ owner=root group=root mode=0755 state=directory tags: - config - koji_hub - fedora-messaging -- name: deploy koji/rabbitmq certificate +- name: Deploy koji/rabbitmq certificate copy: src={{ item.src }} dest=/etc/pki/rabbitmq/kojicert/{{ item.dest }} owner={{ item.owner }} group=root mode={{ item.mode }} @@ -148,7 +148,7 @@ - fedora-messaging # install the plugin with the rpm from infra repo on stg -- name: install fedora-messaging schemas and plugin +- name: Install fedora-messaging schemas and plugin package: name={{ item }} state=present with_items: - koji-fedoramessaging @@ -162,7 +162,7 @@ when: ansible_distribution == "Fedora" -- name: install the configuration file for the sidetag plugin +- name: Install the configuration file for the sidetag plugin copy: src: sidetag.conf dest: /etc/koji-hub/plugins/sidetag.conf @@ -173,7 +173,7 @@ # rpmautospec plugin # -- name: uninstall koji hub rpmautospec plugin +- name: Uninstall koji hub rpmautospec plugin package: name={{ item }} state=absent with_items: - koji-hub-plugin-rpmautospec @@ -182,7 +182,7 @@ - koji_hub - rpmautospec -- name: remove obsolete configuration for rpmautospec +- name: Remove obsolete configuration for rpmautospec file: path: "/etc/koji-hub/plugins/{{ item }}" state: absent @@ -195,7 +195,7 @@ - koji_hub - rpmautospec -- name: install Flatpak hub plugin +- name: Install Flatpak hub plugin package: name=koji-flatpak-hub state=present tags: - koji_hub @@ -204,7 +204,7 @@ # install keytabs # -- name: install koji-hub keytab +- name: Install koji-hub keytab copy: src={{ private }}/files/keytabs/{{ env }}/koji-hub-{{ fedmsg_koji_instance }} dest=/etc/koji-hub/koji-hub.keytab owner=apache group=apache mode=0600 notify: @@ -213,7 +213,7 @@ - config - koji_hub -- name: install GSSAPI keytab +- name: Install GSSAPI keytab copy: src={{ private }}/files/keytabs/{{ env }}/koji-gssapi dest=/etc/koji-hub/gssapi.keytab owner=apache group=apache mode=0600 notify: @@ -225,7 +225,7 @@ # # install production certs and keys # -- name: install kojiweb_cert_key.pem +- name: Install kojiweb_cert_key.pem copy: src={{ private }}/files/koji/kojiweb_cert_key.pem dest=/etc/pki/tls/private/kojiweb_cert_key.pem owner=apache mode=600 notify: - reload httpd @@ -234,7 +234,7 @@ - koji_hub when: env != 'staging' and ansible_hostname.startswith('koji') -- name: install production koji_cert.pem +- name: Install production koji_cert.pem copy: src={{ private }}/files/koji/koji_cert.pem dest=/etc/pki/tls/certs/koji_cert.pem owner=apache mode=600 notify: - reload httpd @@ -243,7 +243,7 @@ - koji_hub when: env != 'staging' and ansible_hostname.startswith('koji') -- name: install production koji_key.pem +- name: Install production koji_key.pem copy: src={{ private }}/files/koji/koji_key.pem dest=/etc/pki/tls/private/koji_key.pem owner=apache mode=600 notify: - reload httpd @@ -252,7 +252,7 @@ - koji_hub when: env != 'staging' and ansible_hostname.startswith('koji') -- name: instaall fedora-ca.cert in various places +- name: Instaall fedora-ca.cert in various places copy: src={{ private }}/files/fedora-ca.cert dest={{ item }} owner=apache with_items: - /etc/kojira/extras_cacert.pem @@ -263,13 +263,13 @@ - config - koji_hub -- name: install kojira_cert_key +- name: Install kojira_cert_key copy: src={{ private }}/files/koji/kojira_cert_key.pem dest=/etc/kojira/kojira_cert_key.pem owner=apache mode=600 tags: - config - koji_hub -- name: koji web common config files +- name: Koji web common config files copy: src={{ item }} dest=/etc/httpd/conf.d/{{ item }} owner=root group=root with_items: - mash.conf @@ -280,7 +280,7 @@ - koji_hub notify: reload httpd -- name: koji web hub specific config files +- name: Koji web hub specific config files template: src={{ item }}.j2 dest=/etc/httpd/conf.d/{{ item }} owner=root group=root with_items: - kojiweb.conf @@ -290,7 +290,7 @@ - koji_hub notify: reload httpd -- name: koji web staging config files +- name: Koji web staging config files copy: src=kojiweb.conf.stg dest=/etc/httpd/conf.d/kojiweb-stg.conf owner=root group=root tags: - config @@ -298,21 +298,21 @@ notify: reload httpd when: env == "staging" -- name: koji robots.txt config +- name: Koji robots.txt config copy: src=robots.txt dest=/var/www/html/robots.txt tags: - config - koji_hub notify: reload httpd -- name: kojira log dir +- name: Kojira log dir file: dest=/var/log/kojira owner=root group=root mode=0750 state=directory tags: - config - koji_hub - kojira -- name: kojira config +- name: Kojira config template: src=kojira.conf.j2 dest=/etc/kojira/kojira.conf tags: - config @@ -320,19 +320,19 @@ notify: - restart kojira -- name: make an empty /mnt/fedora_koji for stg. +- name: Make an empty /mnt/fedora_koji for stg. file: state=directory path=/mnt/fedora_koji/koji owner=root group=root tags: - koji_hub when: env == "staging" and ansible_hostname.startswith('koji') -- name: make mnt/koji directory +- name: Make mnt/koji directory file: state=link src=/mnt/fedora_koji/koji dest=/mnt/koji owner=root group=root tags: - koji_hub when: ansible_hostname.startswith('koji') -- name: check selinux default context for /mnt/fedora_koji in staging +- name: Check selinux default context for /mnt/fedora_koji in staging command: matchpathcon /mnt/fedora_koji register: mnt_fedora_koji_context when: env == "staging" @@ -350,26 +350,26 @@ - koji_hub - selinux -- name: set sebooleans so koji can talk to the db +- name: Set sebooleans so koji can talk to the db seboolean: name=httpd_can_network_connect_db state=true persistent=true tags: - selinux - koji_hub -- name: set sebooleans so koji can run the fedora-messaging plugin +- name: Set sebooleans so koji can run the fedora-messaging plugin seboolean: name=httpd_execmem state=true persistent=true tags: - selinux - koji_hub -- name: set sebooleans so koji can anon write +- name: Set sebooleans so koji can anon write seboolean: name=httpd_anon_write state=true persistent=true tags: - selinux - koji_hub when: ansible_distribution == "RedHat" and ansible_distribution_major_version|int == 7 -- name: make httpd override directory +- name: Make httpd override directory file: state: directory path: /etc/systemd/system/httpd.service.d @@ -380,7 +380,7 @@ - service - koji_hub -- name: set httpd service override for fedora-messaging to work +- name: Set httpd service override for fedora-messaging to work copy: src=httpd-override.conf dest=/etc/systemd/system/httpd.service.d/override.conf notify: - reload httpd @@ -405,17 +405,17 @@ - koji_hub when: ansible_hostname.startswith('koji02') -- name: install koji-gc.conf +- name: Install koji-gc.conf template: src=koji-gc.conf.j2 dest=/etc/koji-gc/koji-gc.conf tags: - koji_hub -- name: install prune-signed-copies-protected-tags config for prunesigs +- name: Install prune-signed-copies-protected-tags config for prunesigs template: src=prune-signed-copies-protected-tags.j2 dest=/etc/prune-signed-copies-protected-tags tags: - koji_hub -- name: install cron jobs in /usr/local/etc/ +- name: Install cron jobs in /usr/local/etc/ copy: src={{ item }} dest=/usr/local/etc/{{ item }} with_items: - koji-directory-cleanup @@ -426,7 +426,7 @@ - files - koji_hub -- name: enable crons on koji02 normally. +- name: Enable crons on koji02 normally. copy: src={{ item }} dest=/etc/cron.d/{{ item }} with_items: - koji-directory-cleanup @@ -444,7 +444,7 @@ - files - koji_hub -- name: disable systemd-oomd we do not need or want it +- name: Disable systemd-oomd we do not need or want it service: name=systemd-oomd state=stopped enabled=no tags: - koji_hub diff --git a/roles/kojipkgs/handlers/main.yml b/roles/kojipkgs/handlers/main.yml index 54e5791b19..e92c92f700 100644 --- a/roles/kojipkgs/handlers/main.yml +++ b/roles/kojipkgs/handlers/main.yml @@ -1,3 +1,3 @@ --- -- name: restart squid +- name: Restart squid service: name=squid state=restarted diff --git a/roles/kojipkgs/tasks/main.yml b/roles/kojipkgs/tasks/main.yml index af8f4e82d9..bc722ce392 100644 --- a/roles/kojipkgs/tasks/main.yml +++ b/roles/kojipkgs/tasks/main.yml @@ -1,10 +1,10 @@ --- -- name: set seboolean for nfs httpd +- name: Set seboolean for nfs httpd seboolean: name=httpd_use_nfs state=true persistent=true tags: - kojipkgs -- name: install apache config files for local apache +- name: Install apache config files for local apache copy: src={{ item }} dest=/etc/httpd/conf.d/{{ item }} owner=root group=root mode=644 with_items: - infrastructure.conf @@ -13,7 +13,7 @@ tags: - kojipkgs -- name: install apache config templates for local apache +- name: Install apache config templates for local apache template: src={{ item }} dest=/etc/httpd/conf.d/{{ item }} owner=root group=root mode=644 with_items: - kojipkgs.conf @@ -22,24 +22,24 @@ tags: - kojipkgs -- name: make sure httpd listens on port 8080 +- name: Make sure httpd listens on port 8080 lineinfile: dest=/etc/httpd/conf/httpd.conf state=present regexp="^Listen 80" line="Listen 8080" notify: - reload httpd tags: - kojipkgs -- name: make a mnt/koji link +- name: Make a mnt/koji link file: state=link src=/mnt/fedora_koji/koji dest=/mnt/koji tags: - kojipkgs -- name: disable welcome.conf giving a 403 on / (needed for monitoring) +- name: Disable welcome.conf giving a 403 on / (needed for monitoring) copy: content="# welcome.conf disabled" dest=/etc/httpd/conf.d/welcome.conf tags: - kojipkgs -- name: make systemd drop-in override dir +- name: Make systemd drop-in override dir file: name=/etc/systemd/system/varnish.service.d state=directory recurse=yes @@ -47,7 +47,7 @@ tags: - kojipkgs -- name: override varnish service to restart on failure +- name: Override varnish service to restart on failure copy: dest=/etc/systemd/system/varnish.service.d/restart-on-fail.conf src=restart-on-fail.conf notify: diff --git a/roles/letsencrypt/tasks/main.yml b/roles/letsencrypt/tasks/main.yml index cea01d3798..a5a8c70d8a 100644 --- a/roles/letsencrypt/tasks/main.yml +++ b/roles/letsencrypt/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: setup defaults file +- name: Setup defaults file delegate_to: "certgetter01.iad2.fedoraproject.org" copy: > dest=/etc/letsencrypt/cli.ini diff --git a/roles/log-detective-backup/tasks/main.yml b/roles/log-detective-backup/tasks/main.yml index 20c8c46283..e950677253 100644 --- a/roles/log-detective-backup/tasks/main.yml +++ b/roles/log-detective-backup/tasks/main.yml @@ -7,7 +7,7 @@ tags: - log_detective_backup -- name: create the log-detective.com backup directory +- name: Create the log-detective.com backup directory ansible.builtin.file: path: "{{ ld_backup_path }}" state: directory @@ -17,7 +17,7 @@ tags: - log_detective_backup -- name: install the log-detective-backup package dependencies +- name: Install the log-detective-backup package dependencies package: name: - wget @@ -25,7 +25,7 @@ tags: - log_detective_backup -- name: install the backup script +- name: Install the backup script template: src: backup.sh.j2 dest: "{{ ld_backup_script }}" @@ -33,7 +33,7 @@ tags: - log_detective_backup -- name: install the cron job downloading the log-detective dumps +- name: Install the cron job downloading the log-detective dumps ansible.builtin.cron: name: "download log-detective data dump" minute: "0" diff --git a/roles/login-registry/tasks/main.yml b/roles/login-registry/tasks/main.yml index 61de5d3a1f..a2a3767484 100644 --- a/roles/login-registry/tasks/main.yml +++ b/roles/login-registry/tasks/main.yml @@ -3,12 +3,12 @@ # This role is used to login to a registry using the # podman client. -- name: install podman +- name: Install podman package: name: podman state: present -- name: login into a registry +- name: Login into a registry command: podman login {{candidate_registry}} -u {{candidate_registry_osbs_username}} -p {{candidate_registry_osbs_password}} --authfile .docker/config.json args: creates: .docker/config.json diff --git a/roles/mariadb_server/handlers/main.yml b/roles/mariadb_server/handlers/main.yml index 6f737d9130..75a5564199 100644 --- a/roles/mariadb_server/handlers/main.yml +++ b/roles/mariadb_server/handlers/main.yml @@ -1,3 +1,3 @@ --- -- name: restart mariadb +- name: Restart mariadb service: name=mariadb state=restarted diff --git a/roles/mariadb_server/tasks/main.yml b/roles/mariadb_server/tasks/main.yml index 428abc5559..d4278999db 100644 --- a/roles/mariadb_server/tasks/main.yml +++ b/roles/mariadb_server/tasks/main.yml @@ -1,19 +1,19 @@ --- -- name: ensure packages required for mariadb are installed +- name: Ensure packages required for mariadb are installed package: state: present name: - mariadb-server when: ansible_cmdline.ostree is not defined -- name: ensure packages required for mariadb are installed (el8) +- name: Ensure packages required for mariadb are installed (el8) package: state: present name: - python3-PyMySQL when: ansible_distribution_major_version|int >= 8 -- name: copy my.cnf +- name: Copy my.cnf copy: src={{ item }} dest=/etc/my.cnf owner=root group=root mode=0644 with_first_found: - "{{ mariadb_config }}" @@ -26,10 +26,10 @@ notify: - restart mariadb -- name: enable and start mariadb database +- name: Enable and start mariadb database service: name=mariadb enabled=yes state=started -- name: set mariaddb root user password +- name: Set mariaddb root user password no_log: true mysql_user: name: root @@ -40,7 +40,7 @@ login_unix_socket: /var/lib/mysql/mysql.sock check_implicit_admin: true -- name: create .my.cnf file for future logins +- name: Create .my.cnf file for future logins template: src=dotmy.cnf.j2 dest=/root/.my.cnf owner=root group=root mode=0700 - name: Ensure mariadb has a place to backup to @@ -64,5 +64,5 @@ - cron - mariadb-server -- name: set domain_can_mmap_files so collectd and nagios work +- name: Set domain_can_mmap_files so collectd and nagios work seboolean: name=domain_can_mmap_files state=yes persistent=yes diff --git a/roles/mediawiki/tasks/main.yml b/roles/mediawiki/tasks/main.yml index 7761bd25cf..74c86b4b1f 100644 --- a/roles/mediawiki/tasks/main.yml +++ b/roles/mediawiki/tasks/main.yml @@ -1,40 +1,40 @@ --- -- name: allow Apache to remotely connect to mysql +- name: Allow Apache to remotely connect to mysql seboolean: name=httpd_can_network_connect_db state=yes persistent=yes tags: - mediawiki -- name: allow Apache to remotely connect to wiki +- name: Allow Apache to remotely connect to wiki seboolean: name=httpd_can_network_connect state=yes persistent=yes tags: - mediawiki -- name: allow Apache to remotely connect to Memcached +- name: Allow Apache to remotely connect to Memcached seboolean: name=httpd_can_network_memcache state=yes persistent=yes tags: - mediawiki -- name: allow Apache to talk to the wiki uploads dir over nfs +- name: Allow Apache to talk to the wiki uploads dir over nfs seboolean: name=httpd_use_nfs state=yes persistent=yes tags: - mediawiki -- name: set sebooleans so apache can send emails +- name: Set sebooleans so apache can send emails seboolean: name=httpd_can_sendmail state=yes persistent=yes tags: - mediawiki -- name: set sebooleans so apache can build svgs +- name: Set sebooleans so apache can build svgs seboolean: name=httpd_setrlimit state=yes persistent=yes tags: - mediawiki -- name: set sebooleans so apache can map files +- name: Set sebooleans so apache can map files seboolean: name=domain_can_mmap_files state=yes persistent=yes tags: - mediawiki -- name: install needed packages +- name: Install needed packages package: state: present name: @@ -58,7 +58,7 @@ # mediawiki-OpenIDConnect here is pulled from the infra repo, which is also patched to add # the FPCA check, and returns the message to the user: # "You need to have signed the FPCA to log into the wiki" -- name: install needed packages (fedora only) +- name: Install needed packages (fedora only) package: name={{ item }} state=present with_items: - "{{ wikiver }}-skin-fedora" @@ -132,7 +132,7 @@ - mediawiki - fedora-messaging -- name: startup apache +- name: Startup apache service: name=httpd enabled=yes state=started tags: - mediawiki @@ -143,96 +143,96 @@ - config - mediawiki -- name: creating wiki dir +- name: Creating wiki dir file: path=/srv/web/{{wikiname}}-wiki owner=root group=root mode=755 state=directory tags: - mediawiki -# - name: creating config dir +# - name: Creating config dir # file: src=/usr/share/{{ wikiver }}/config dest=/srv/web/{{wikiname}}/config owner=apache group=apache mode=755 state=directory # tags: # - mediawiki # This doesn't seem to exist anymore in upstream.... -# - name: install utils +# - name: Install utils # file: src=/usr/share/{{ wikiver }}/install-utils.inc dest=/srv/web/{{wikiname}}-wiki/install-utils.inc state=link # tags: # - mediawiki -- name: install localsettings +- name: Install localsettings template: src=LocalSettings.php.{{wikiname}}.j2 dest=/srv/web/{{wikiname}}-wiki/LocalSettings.php owner=apache group=apache mode=600 setype=httpd_sys_content_t notify: reload httpd tags: - mediawiki - localsettings -- name: httpd conf +- name: Httpd conf template: src=mediawiki-app.conf.j2 dest=/etc/httpd/conf.d/{{wikiname}}.conf notify: reload httpd tags: - mediawiki -- name: linking index.php +- name: Linking index.php file: dest=/srv/web/{{wikiname}}-wiki/index.php src=/usr/share/{{ wikiver }}/index.php state=link tags: - mediawiki -- name: linkng api.php +- name: Linkng api.php file: dest=/srv/web/{{wikiname}}-wiki/api.php src=/usr/share/{{ wikiver }}/api.php state=link tags: - mediawiki -- name: linking opensearch +- name: Linking opensearch file: dest=/srv/web/{{wikiname}}-wiki/opensearch_desc.php src=/usr/share/{{ wikiver }}/opensearch_desc.php state=link tags: - mediawiki -- name: linking extensions +- name: Linking extensions file: dest=/srv/web/{{wikiname}}-wiki/extensions src=/usr/share/{{ wikiver }}/extensions state=link tags: - mediawiki -- name: linking includes +- name: Linking includes file: dest=/srv/web/{{wikiname}}-wiki/includes src=/usr/share/{{ wikiver }}/includes state=link tags: - mediawiki -- name: linking languages +- name: Linking languages file: dest=/srv/web/{{wikiname}}-wiki/languages src=/usr/share/{{ wikiver }}/languages state=link tags: - mediawiki -- name: linking maintenance +- name: Linking maintenance file: dest=/srv/web/{{wikiname}}-wiki/maintenance src=/usr/share/{{ wikiver }}/maintenance state=link tags: - mediawiki -# - name: linking serialized +# - name: Linking serialized # file: dest=/srv/web/{{wikiname}}-wiki/serialized src=/usr/share/{{ wikiver }}/serialized state=link # tags: # - mediawiki -- name: linking skins +- name: Linking skins file: dest=/srv/web/{{wikiname}}-wiki/skins src=/usr/share/{{ wikiver }}/skins state=link tags: - mediawiki -- name: linking load +- name: Linking load file: dest=/srv/web/{{wikiname}}-wiki/load.php src=/usr/share/{{ wikiver }}/load.php state=link tags: - mediawiki -- name: linking resources +- name: Linking resources file: dest=/srv/web/{{wikiname}}-wiki/resources src=/usr/share/{{ wikiver }}/resources state=link tags: - mediawiki -- name: linking vendor +- name: Linking vendor file: dest=/srv/web/{{wikiname}}-wiki/vendor src=/usr/share/{{ wikiver }}/vendor state=link tags: - mediawiki -- name: download the Fedora Messaging extension +- name: Download the Fedora Messaging extension git: repo: https://github.com/fedora-infra/mediawiki-fedora-messaging.git dest: /usr/share/{{ wikiver }}/extensions/FedoraMessaging @@ -255,7 +255,7 @@ - mediawiki - fedora-messaging -- name: install the php dependencies +- name: Install the php dependencies become: yes become_user: apache command: @@ -267,18 +267,18 @@ - mediawiki - fedora-messaging -- name: ensure a directory exists for our SELinux policy +- name: Ensure a directory exists for our SELinux policy file: dest=/usr/local/share/selinux/ state=directory tags: selinux -- name: copy over our custom selinux policy +- name: Copy over our custom selinux policy copy: src=selinux/mediawiki.pp dest=/usr/local/share/selinux/mediawiki.pp register: selinux_module tags: - selinux - mediawiki -- name: install our custom selinux policy +- name: Install our custom selinux policy command: semodule -i /usr/local/share/selinux/mediawiki.pp when: selinux_module is changed tags: diff --git a/roles/memcached/tasks/main.yml b/roles/memcached/tasks/main.yml index 9ac3d68a8f..e303adfb46 100644 --- a/roles/memcached/tasks/main.yml +++ b/roles/memcached/tasks/main.yml @@ -1,11 +1,11 @@ --- -- name: install memcached server package +- name: Install memcached server package package: state=present name=memcached tags: - packages - memcached -- name: setup memcached sysconfig +- name: Setup memcached sysconfig template: src=memcached dest=/etc/sysconfig/memcached mode=644 notify: - restart memcached @@ -13,20 +13,20 @@ - config - memcached -- name: enable memcached service +- name: Enable memcached service service: state=started enabled=true name=memcached tags: - service - config - memcached -- name: make systemd override dir +- name: Make systemd override dir file: state=directory path=/etc/systemd/system/memcached.service.d mode=0755 owner=root group=root tags: - memcached when: ansible_distribution == 'RedHat' and ansible_distribution_major_version|int == 7 -- name: make systemd override config +- name: Make systemd override config copy: src=memcached-systemdoverride.conf dest=/etc/systemd/system/memcached.service.d/ tags: - memcached diff --git a/roles/messaging/base/tasks/main.yml b/roles/messaging/base/tasks/main.yml index 817b7f04e6..38a3086355 100644 --- a/roles/messaging/base/tasks/main.yml +++ b/roles/messaging/base/tasks/main.yml @@ -1,17 +1,17 @@ --- -- name: install the messaging packages +- name: Install the messaging packages package: name={{ item }} state=present with_items: - fedora-messaging tags: - fedora-messaging -- name: create rabitmq directory +- name: Create rabitmq directory file: path=/etc/pki/rabbitmq/ owner=root group=root mode=0755 state=directory tags: - fedora-messaging -- name: "create key/cert directory" +- name: "Create key/cert directory" file: path=/etc/pki/rabbitmq/{{ item.username }}/ owner={{ item.username }} group={{ item.username }} mode=0700 state=directory @@ -19,7 +19,7 @@ tags: - fedora-messaging -- name: "copy fedora messaging key" +- name: "Copy fedora messaging key" copy: src={{ private }}/files/rabbitmq/{{ env }}/pki/private/{{ item.key }}{% if env == 'staging' %}.stg{% endif %}.key dest=/etc/pki/rabbitmq/{{ item.username }}/{{ item.key }}.key owner={{ item.username }} group=root mode=0600 @@ -27,7 +27,7 @@ tags: - fedora-messaging -- name: "copy fedora messaging certificate" +- name: "Copy fedora messaging certificate" copy: src={{ private }}/files/rabbitmq/{{ env }}/pki/issued/{{ item.key }}{% if env == 'staging' %}.stg{% endif %}.crt dest=/etc/pki/rabbitmq/{{ item.username }}/{{ item.key }}.crt owner={{ item.username }} group=root mode=0644 @@ -35,7 +35,7 @@ tags: - fedora-messaging -- name: "copy fedora messaging ca.crt for readers" +- name: "Copy fedora messaging ca.crt for readers" copy: src={{ private }}/files/rabbitmq/{{ env }}/pki/ca.crt dest=/etc/pki/rabbitmq/{{ item.username }}/ca.crt owner={{ item.username }} group=root mode=0644 @@ -43,7 +43,7 @@ tags: - fedora-messaging -- name: "install the toml configuration file" +- name: "Install the toml configuration file" template: src="messaging.toml.j2" dest="/etc/fedora-messaging/{{ item.username }}.toml" owner=root group=root mode=644 vars: @@ -53,7 +53,7 @@ tags: - fedora-messaging -- name: "make sure the user exists on broker" +- name: "Make sure the user exists on broker" include_role: name=rabbit/user vars: - user_name: "{{ item.username }}{{ env_suffix }}" diff --git a/roles/mirror_pagure_ansible/tasks/main.yml b/roles/mirror_pagure_ansible/tasks/main.yml index f532699891..78472a08a6 100644 --- a/roles/mirror_pagure_ansible/tasks/main.yml +++ b/roles/mirror_pagure_ansible/tasks/main.yml @@ -22,7 +22,7 @@ # Ensure the user can write to where we want to store the mirror -- name: give access to mirror_pagure_ansible to /srv +- name: Give access to mirror_pagure_ansible to /srv command: setfacl -m d:u:mirror_pagure_ansible:rwx /srv -m u:mirror_pagure_ansible:rwx /srv/ tags: - config @@ -42,7 +42,7 @@ - config - mirror_pagure_ansible -- name: deploy pagure/rabbitmq certificate +- name: Deploy pagure/rabbitmq certificate copy: src={{ item.src }} dest=/etc/pki/fedora-messaging/{{ item.dest }} owner={{ item.owner }} group={{ item.group}} mode={{ item.mode }} diff --git a/roles/mirrormanager/mirrorlist_proxy/tasks/main.yml b/roles/mirrormanager/mirrorlist_proxy/tasks/main.yml index 4d836a27f9..a40b56daae 100644 --- a/roles/mirrormanager/mirrorlist_proxy/tasks/main.yml +++ b/roles/mirrormanager/mirrorlist_proxy/tasks/main.yml @@ -2,20 +2,20 @@ # tasklist for setting up the mirrorlist app on the proxies -- name: add mirrormanager user - uid {{ mirrormanager_uid }} +- name: Add mirrormanager user - uid {{ mirrormanager_uid }} user: name=mirrormanager uid={{ mirrormanager_uid }} state=present home=/home/mirrormanager createhome=yes tags: - mirrorlist_proxy # mirrormanager user ssh key(s) -- name: add authorized_keys for mirrormanager +- name: Add authorized_keys for mirrormanager authorized_key: key="{{ item }}" user=mirrormanager state=present with_file: - mm-authorized_key tags: - mirrorlist_proxy -- name: setup directories +- name: Setup directories file: dest="{{item}}" mode=0755 state=directory with_items: - /srv/mirrorlist @@ -26,7 +26,7 @@ tags: - mirrorlist_proxy -- name: make sure the /usr/share/GeoIP/ directory exists +- name: Make sure the /usr/share/GeoIP/ directory exists file: path: /usr/share/GeoIP/ state: directory @@ -36,14 +36,14 @@ tags: - mirrorlist_proxy -- name: push over the newer geoip db +- name: Push over the newer geoip db copy: src={{ item }} dest=/usr/share/GeoIP/ with_fileglob: - "{{ bigfiles }}/geoip/*.mmdb" tags: - mirrorlist_proxy -- name: make sure mirrormanager user can write new protobuf based cache file +- name: Make sure mirrormanager user can write new protobuf based cache file file: dest="{{item}}" owner=mirrormanager group=mirrormanager with_items: - /srv/mirrorlist/data @@ -52,7 +52,7 @@ tags: - mirrorlist_proxy -- name: for the rust based mirrorlist server chown directories +- name: For the rust based mirrorlist server chown directories file: dest="{{item}}" owner=mirrormanager group=mirrormanager with_items: - /var/log/mirrormanager @@ -67,7 +67,7 @@ tags: - mirrorlist_proxy -- name: for the rust based mirrorlist server chown log files +- name: For the rust based mirrorlist server chown log files file: dest="{{item}}" owner=mirrormanager group=mirrormanager with_items: - /var/log/mirrormanager/mirrorlist1.service.log @@ -75,17 +75,17 @@ tags: - mirrorlist_proxy -- name: set logrotate_read_inside_containers so logrotate works +- name: Set logrotate_read_inside_containers so logrotate works seboolean: name=logrotate_read_inside_containers state=yes persistent=yes tags: - mirrorlist_proxy -- name: setup logrotate log for mirrormanager log files +- name: Setup logrotate log for mirrormanager log files copy: src=logrotate-mirrormanager dest=/etc/logrotate.d/mirrormanager tags: - mirrorlist_proxy -- name: install mirrorlist-server package +- name: Install mirrorlist-server package package: name={{ item }} state=present with_items: - mirrorlist-server @@ -117,7 +117,7 @@ - mirrorlist_proxy # install our cron script to handle hourly new protbuf cache changes. -- name: install script to restart mirrorlist processes on protobuf cache changes +- name: Install script to restart mirrorlist processes on protobuf cache changes copy: src=restart-mirrorlist-processes dest=/usr/local/bin/restart-mirrorlist-processes mode=0755 tags: - mirrorlist_proxy @@ -138,27 +138,27 @@ - mirrorlist_proxy # Custom selinux policy to allow logrotate to rotate our mirrorlist logs -- name: ensure a directory exists for our custom selinux module +- name: Ensure a directory exists for our custom selinux module file: dest=/usr/local/share/mirrorlist-logrotate state=directory tags: - selinux - mirrorlist_proxy -- name: copy over our custom selinux module +- name: Copy over our custom selinux module copy: src=selinux/mirrorlist-logrotate.pp dest=/usr/local/share/mirrorlist-logrotate/mirrorlist-logrotate.pp register: selinux_module tags: - selinux - mirrorlist_proxy -- name: install our custom selinux module +- name: Install our custom selinux module command: semodule -i /usr/local/share/mirrorlist-logrotate/mirrorlist-logrotate.pp when: selinux_module is changed tags: - selinux - mirrorlist_proxy -- name: check for mirrorlist files +- name: Check for mirrorlist files stat: path=/srv/mirrorlist/data/mirrorlist1/mirrorlist_cache.proto register: mirrorlist_cache_status tags: diff --git a/roles/mod_wsgi/tasks/main.yml b/roles/mod_wsgi/tasks/main.yml index b1cf38ec22..91a14b350b 100644 --- a/roles/mod_wsgi/tasks/main.yml +++ b/roles/mod_wsgi/tasks/main.yml @@ -1,6 +1,6 @@ --- # install mod_wsgi -- name: install mod_wsgi +- name: Install mod_wsgi package: name: mod_wsgi state: present @@ -8,7 +8,7 @@ - packages when: ansible_distribution_major_version|int < 8 and ansible_distribution == 'RedHat' -- name: install mod_wsgi +- name: Install mod_wsgi package: name: python3-mod_wsgi state: present @@ -16,7 +16,7 @@ - packages when: ansible_distribution_major_version|int >= 8 and ansible_distribution == 'RedHat' -- name: install mod_wsgi +- name: Install mod_wsgi package: name: mod_wsgi state: present @@ -24,7 +24,7 @@ - packages when: ansible_distribution == 'Fedora' -- name: wsgi.conf +- name: Wsgi.conf copy: src="wsgi.conf" dest=/etc/httpd/conf.d/wsgi.conf notify: - restart apache diff --git a/roles/mote/handlers/main.yml b/roles/mote/handlers/main.yml index 607fe3e566..afa88ec40c 100644 --- a/roles/mote/handlers/main.yml +++ b/roles/mote/handlers/main.yml @@ -1,3 +1,3 @@ --- -- name: nuke mote json cache +- name: Nuke mote json cache file: dest=/var/cache/httpd/mote/cache.json state=absent diff --git a/roles/mote/tasks/main.yml b/roles/mote/tasks/main.yml index b06c548edd..66ddf12c7e 100644 --- a/roles/mote/tasks/main.yml +++ b/roles/mote/tasks/main.yml @@ -1,7 +1,7 @@ --- # Configuration for the mote webapp -- name: install needed packages +- name: Install needed packages package: name={{ item }} state=present with_items: - mote @@ -10,7 +10,7 @@ - packages - mote -- name: set the memcached sysconfig file +- name: Set the memcached sysconfig file copy: src: memcached.sysconfig dest: /etc/sysconfig/memcached @@ -19,7 +19,7 @@ notify: - restart memcached -- name: make systemd override dir +- name: Make systemd override dir file: state: directory path: /etc/systemd/system/memcached.service.d @@ -29,7 +29,7 @@ tags: - mote -- name: make systemd override config +- name: Make systemd override config copy: src: memcached.override dest: /etc/systemd/system/memcached.service.d/override.conf @@ -41,7 +41,7 @@ - meta: flush_handlers -- name: start memcached +- name: Start memcached service: state: started enabled: yes @@ -49,7 +49,7 @@ tags: - mote -- name: replace the mote configuration file by the one with the normal user +- name: Replace the mote configuration file by the one with the normal user template: src={{ item.file }} dest="{{ item.location }}/{{ item.file }}" owner=apache group=apache mode=0600 @@ -71,13 +71,13 @@ tags: - mote -- name: start mote-updater service +- name: Start mote-updater service service: name=mote-updater state=started enabled=yes tags: - services - mote -- name: apply selinux type to static files +- name: Apply selinux type to static files file: > dest=/usr/lib/python2.7/site-packages/mote/static/ setype=httpd_sys_content_t @@ -87,7 +87,7 @@ - mote - selinux -- name: apply selinux type to meetbot files +- name: Apply selinux type to meetbot files file: > dest=/srv/web/meetbot/ setype=httpd_sys_content_t @@ -97,7 +97,7 @@ - mote - selinux -- name: set sebooleans so apache can use memcached +- name: Set sebooleans so apache can use memcached seboolean: name=httpd_can_network_memcache state=true persistent=true @@ -105,7 +105,7 @@ - mote - selinux -- name: set sebooleans so apache can use nfs +- name: Set sebooleans so apache can use nfs seboolean: name=httpd_use_nfs state=true persistent=true @@ -113,7 +113,7 @@ - mote - selinux -- name: apply selinux type to the wsgi file +- name: Apply selinux type to the wsgi file file: > dest=/usr/share/mote/mote.wsgi setype=httpd_sys_content_t @@ -121,7 +121,7 @@ - mote - selinux -- name: apply selinux type to the name mappings file +- name: Apply selinux type to the name mappings file file: > dest=/usr/share/mote/name_mappings.json setype=httpd_sys_content_t @@ -131,7 +131,7 @@ - mote - selinux -- name: apply selinux type to the category mappings file +- name: Apply selinux type to the category mappings file file: > dest=/usr/share/mote/category_mappings.json setype=httpd_sys_content_t diff --git a/roles/nagios_client/handlers/main.yml b/roles/nagios_client/handlers/main.yml index 11c84acd9b..fa63196832 100644 --- a/roles/nagios_client/handlers/main.yml +++ b/roles/nagios_client/handlers/main.yml @@ -1,3 +1,3 @@ --- -- name: restart nrpe +- name: Restart nrpe service: name=nrpe state=restarted diff --git a/roles/nagios_client/tasks/main.yml b/roles/nagios_client/tasks/main.yml index e0efd154de..e1e0549a4c 100644 --- a/roles/nagios_client/tasks/main.yml +++ b/roles/nagios_client/tasks/main.yml @@ -14,7 +14,7 @@ - nagios_client # install pkgs: -- name: install nagios client pkgs +- name: Install nagios client pkgs package: name={{ item }} state=present with_items: - nrpe @@ -30,14 +30,14 @@ - packages - nagios_client -- name: install nagios tcp check for mirrorlist proxies +- name: Install nagios tcp check for mirrorlist proxies package: name=nagios-plugins-tcp state=present tags: - packages - nagios_client when: "'mailman' in group_names or 'mirrorlist_proxies' in group_names" -- name: install local nrpe check scripts that are not packaged +- name: Install local nrpe check scripts that are not packaged copy: src="scripts/{{ item }}" dest="{{ libdir }}/nagios/plugins/{{ item }}" mode=0755 owner=nagios group=nagios with_items: - check_haproxy_conns.py @@ -64,7 +64,7 @@ tags: - nagios_client -- name: install nrpe check for systemd unit +- name: Install nrpe check for systemd unit copy: src="scripts/{{ item }}" dest="{{ libdir }}/nagios/plugins/{{ item }}" mode=0775 owner=nagios group=nagios with_items: - check_systemd_units @@ -82,13 +82,13 @@ # Three tasks for handling our custom selinux module -- name: ensure a directory exists for our custom selinux module +- name: Ensure a directory exists for our custom selinux module file: dest=/usr/share/nrpe state=directory tags: - config - nagios_client -- name: copy over our custom selinux module +- name: Copy over our custom selinux module copy: src=selinux/fi-nrpe.pp dest=/usr/share/nrpe/fi-nrpe.pp register: selinux_module tags: @@ -96,7 +96,7 @@ - nagios_client - selinux -- name: install our custom selinux module +- name: Install our custom selinux module command: semodule -i /usr/share/nrpe/fi-nrpe.pp when: ansible_distribution_major_version|int == 7 and ansible_distribution == 'RedHat' and selinux_module is changed tags: @@ -104,7 +104,7 @@ - nagios_client - selinux -- name: copy over our custom selinux module for mirrorlist +- name: Copy over our custom selinux module for mirrorlist copy: src=selinux/fi-nrpe.pp dest=/usr/share/nrpe/mirrormanager_container.pp register: selinux_module_mirrorlist when: "'proxy' in inventory_hostname" @@ -113,7 +113,7 @@ - nagios_client - selinux -- name: install our custom selinux module for mirrorlist +- name: Install our custom selinux module for mirrorlist command: semodule -i /usr/share/nrpe/mirrormanager_container.pp when: "'proxy' in inventory_hostname and selinux_module is changed" tags: @@ -135,7 +135,7 @@ # The actual items files here end in .j2 (they are templates) # So when adding or modifying them change the .j2 version in git. # -- name: install nrpe client configs +- name: Install nrpe client configs template: src={{ item }}.j2 dest=/etc/nrpe.d/{{ item }} owner=root group=root mode=0644 with_items: - check_raid.cfg @@ -175,7 +175,7 @@ # The actual items files here end in .j2 (they are templates) # So when adding or modifying them change the .j2 version in git. # -- name: install nrpe openvpn check config +- name: Install nrpe openvpn check config template: src=check_openvpn_link.cfg.j2 dest=/etc/nrpe.d/check_openvpn_link.cfg owner=root group=root mode=0644 when: vpn == true notify: @@ -186,7 +186,7 @@ # The actual items files here end in .j2 (they are templates) # So when adding or modifying them change the .j2 version in git. # -- name: install nrpe merged log check script on log01 +- name: Install nrpe merged log check script on log01 template: src=check_merged_file_age.cfg.j2 dest=/etc/nrpe.d/check_merged_file_age.cfg owner=root group=root mode=0644 when: inventory_hostname.startswith('log0') notify: @@ -197,7 +197,7 @@ # The actual items files here end in .j2 (they are templates) # So when adding or modifying them change the .j2 version in git. # -- name: install nrpe check_mysql config for mariadb servers +- name: Install nrpe check_mysql config for mariadb servers template: src=check_mysql.cfg.j2 dest=/etc/nrpe.d/check_mysql.cfg owner=root group=root mode=0644 when: inventory_hostname.startswith('db03') notify: @@ -205,7 +205,7 @@ tags: - nagios_client -- name: install nrpe checks for mailman01 +- name: Install nrpe checks for mailman01 template: src={{ item }}.j2 dest=/etc/nrpe.d/{{ item }} owner=root group=root mode=0644 with_items: - check_mailman_api.cfg @@ -215,7 +215,7 @@ tags: - nagios_client -- name: install nrpe checks for proxies +- name: Install nrpe checks for proxies template: src={{ item }}.j2 dest=/etc/nrpe.d/{{ item }} owner=root group=root mode=0644 with_items: - check_happroxy_conns.cfg @@ -226,7 +226,7 @@ tags: - nagios_client -- name: install nrpe checks for sigul_bridge +- name: Install nrpe checks for sigul_bridge template: src={{ item }}.j2 dest=/etc/nrpe.d/{{ item }} owner=root group=root mode=0644 with_items: - check_sigul_bridge_proc.cfg @@ -236,7 +236,7 @@ tags: - nagios_client -- name: install nrpe checks for sundries/websites +- name: Install nrpe checks for sundries/websites template: src={{ item }}.j2 dest=/etc/nrpe.d/{{ item }} owner=root group=root mode=0644 with_items: - check_websites_buildtime.cfg @@ -246,7 +246,7 @@ tags: - nagios_client -- name: install CRL check for bastions +- name: Install CRL check for bastions when: inventory_hostname.startswith('bastion') tags: - nagios_client @@ -262,7 +262,7 @@ - name: Set facls so nrpe can check the crl (file) acl: default=no etype=user entity=nrpe permissions="r" name=/etc/openvpn/server/crl.pem state=present -- name: install nrpe config for the RabbitMQ checks +- name: Install nrpe config for the RabbitMQ checks template: src: "rabbitmq_args.ini.j2" dest: "/etc/nrpe.d/rabbitmq_args.ini" @@ -273,7 +273,7 @@ tags: - nagios_client -- name: install nrpe checks for the RabbitMQ cluster +- name: Install nrpe checks for the RabbitMQ cluster template: src: "{{ item }}.j2" dest: "/etc/nrpe.d/{{ item }}" @@ -294,13 +294,13 @@ tags: - nagios_client -- name: nrpe service start +- name: Nrpe service start service: name=nrpe state=started enabled=true tags: - service - nagios_client -- name: install nrpe check for rsyslogd +- name: Install nrpe check for rsyslogd template: src={{ item }}.j2 dest=/etc/nrpe.d/{{ item }} owner=root group=root mode=0644 with_items: @@ -310,7 +310,7 @@ tags: - nagios_client -- name: install nrpe check for systemd units +- name: Install nrpe check for systemd units template: src={{ item }}.j2 dest=/etc/nrpe.d/{{ item }} owner=root group=root mode=0644 with_items: diff --git a/roles/nagios_server/handlers/main.yml b/roles/nagios_server/handlers/main.yml index 11c84acd9b..fa63196832 100644 --- a/roles/nagios_server/handlers/main.yml +++ b/roles/nagios_server/handlers/main.yml @@ -1,3 +1,3 @@ --- -- name: restart nrpe +- name: Restart nrpe service: name=nrpe state=restarted diff --git a/roles/nagios_server/tasks/main.yml b/roles/nagios_server/tasks/main.yml index 9c628e9edf..509d66c89a 100644 --- a/roles/nagios_server/tasks/main.yml +++ b/roles/nagios_server/tasks/main.yml @@ -62,7 +62,7 @@ - mod_ssl when: env == "production" and nagios_location == "external" -- name: set sebooleans so nagios can talk to the certgetter01 for ssl certs +- name: Set sebooleans so nagios can talk to the certgetter01 for ssl certs seboolean: name=httpd_can_network_connect state=true persistent=true @@ -551,7 +551,7 @@ - nagios_server # enable and run the nagios service -- name: enable and run the nagios service +- name: Enable and run the nagios service service: name=nagios.service state=started enabled=yes check_mode: no failed_when: false diff --git a/roles/nfs/client/tasks/main.yml b/roles/nfs/client/tasks/main.yml index 99323eb519..1943b29d66 100644 --- a/roles/nfs/client/tasks/main.yml +++ b/roles/nfs/client/tasks/main.yml @@ -1,6 +1,6 @@ # Setup our idmapd.conf file. It should be loaded automagically. --- -- name: idmapd.conf +- name: Idmapd.conf copy: src=idmapd.conf dest=/etc/idmapd.conf tags: - nfs/client @@ -8,7 +8,7 @@ # if we need to reload nm, we should do it now, not after roles. - meta: flush_handlers # on builders re-up eth0 to make sure systemd-resolved has updated info -- name: nmcli c up eth0 on buildvms +- name: Nmcli c up eth0 on buildvms command: nmcli c up eth0 check_mode: no changed_when: false @@ -28,7 +28,7 @@ tags: - nfs/client -- name: enable rpcbind services and run them (rhel 7+ and Fedora) +- name: Enable rpcbind services and run them (rhel 7+ and Fedora) service: name={{ item }} enabled=true state=started with_items: - rpcbind @@ -36,7 +36,7 @@ tags: - nfs/client -- name: enable nfs-lock service and run them (rhel 7 and Fedora) +- name: Enable nfs-lock service and run them (rhel 7 and Fedora) service: name={{ item }} enabled=true state=started with_items: - nfs-lock @@ -44,7 +44,7 @@ tags: - nfs/client -- name: nfs mount points (iad2) +- name: Nfs mount points (iad2) mount: > name={{ mnt_dir }} src=ntap-iad2-c02-fedora01-nfs01a:/{{ nfs_src_dir }} @@ -57,7 +57,7 @@ tags: - nfs/client -- name: nfs mount points (rdu) +- name: Nfs mount points (rdu) mount: > name={{ mnt_dir }} src=172.31.1.11:/{{ nfs_src_dir }} @@ -78,7 +78,7 @@ # should revisit how this role works. # -- name: nfs mount points (stg) staging koji +- name: Nfs mount points (stg) staging koji mount: > name=/mnt/fedora_koji src=10.3.167.64:/mnt/fedora_koji @@ -91,7 +91,7 @@ tags: - nfs/client -- name: nfs mount points (stg) production koji ro +- name: Nfs mount points (stg) production koji ro mount: > name=/mnt/fedora_koji_prod src=ntap-iad2-c02-fedora01-nfs01a:/fedora_koji diff --git a/roles/nfs/server/tasks/main.yml b/roles/nfs/server/tasks/main.yml index 675f974e2a..819712edd9 100644 --- a/roles/nfs/server/tasks/main.yml +++ b/roles/nfs/server/tasks/main.yml @@ -10,13 +10,13 @@ tags: - nfs/server -- name: setup /etc/exports +- name: Setup /etc/exports copy: src={{ inventory_hostname }}-exports dest=/etc/exports register: exports tags: - nfs/server -- name: enable nfs-related services and run them (fedora) +- name: Enable nfs-related services and run them (fedora) service: name={{ item }} enabled=true state=started with_items: - rpc-statd @@ -24,7 +24,7 @@ tags: - nfs/server -- name: enable nfs-related services and run them (rhel) +- name: Enable nfs-related services and run them (rhel) service: name={{ item }} enabled=true state=started with_items: - rpcbind @@ -33,7 +33,7 @@ tags: - nfs/server -- name: enable nfs-related services and run them (rhel) 7/8 +- name: Enable nfs-related services and run them (rhel) 7/8 service: name={{ item }} enabled=true state=started with_items: - nfs-lock diff --git a/roles/nfs/server/tasks/storinator-cloud.yml b/roles/nfs/server/tasks/storinator-cloud.yml index 53e7647a02..1cd4314d06 100644 --- a/roles/nfs/server/tasks/storinator-cloud.yml +++ b/roles/nfs/server/tasks/storinator-cloud.yml @@ -1,11 +1,11 @@ --- -- name: create copr storage +- name: Create copr storage lvol: vg=VG_nfs lv=copr-dist-git size=10t shrink=no - name: Create FS for copr filesystem: fstype=xfs dev=/dev/VG_nfs/copr-dist-git -- name: create 5 GB communishift logical volumes +- name: Create 5 GB communishift logical volumes lvol: vg=VG_nfs lv=openshift-05gb-{{item}} size=5g shrink=no with_items: ["00", "01", "02", "03", "04", "05", "06", "07", "08", "09"] @@ -13,7 +13,7 @@ filesystem: fstype=xfs dev=/dev/VG_nfs/openshift-05gb-{{item}} with_items: ["00", "01", "02", "03", "04", "05", "06", "07", "08", "09"] -- name: create 10 GB communishift logical volumes +- name: Create 10 GB communishift logical volumes lvol: vg=VG_nfs lv=openshift-10gb-{{item}} size=10g shrink=no with_items: ["00", "01", "02", "03", "04", "05", "06", "07", "08", "09"] @@ -21,7 +21,7 @@ filesystem: fstype=xfs dev=/dev/VG_nfs/openshift-10gb-{{item}} with_items: ["00", "01", "02", "03", "04", "05", "06", "07", "08", "09"] -- name: create 25 GB communishift logical volumes +- name: Create 25 GB communishift logical volumes lvol: vg=VG_nfs lv=openshift-25gb-{{item}} size=25g shrink=no with_items: ["00", "01", "02", "03", "04", "05", "06", "07", "08", "09"] diff --git a/roles/opendkim/tasks/main.yml b/roles/opendkim/tasks/main.yml index 5a4bd1f1c9..334e80a742 100644 --- a/roles/opendkim/tasks/main.yml +++ b/roles/opendkim/tasks/main.yml @@ -1,53 +1,53 @@ --- -- name: install opendkim +- name: Install opendkim package: name=opendkim state=present tags: - opendkim - package -- name: install opendkim.conf +- name: Install opendkim.conf copy: src=opendkim.conf dest=/etc/opendkim.conf tags: - opendkim - config - base -- name: install opendkim KeyTable file +- name: Install opendkim KeyTable file copy: src=KeyTable dest=/etc/opendkim/KeyTable mode=644 owner=opendkim group=opendkim tags: - opendkim - config - base -- name: install opendkim SigningTable file +- name: Install opendkim SigningTable file copy: src=SigningTable dest=/etc/opendkim/SigningTable mode=644 owner=opendkim group=opendkim tags: - opendkim - config - base -- name: install opendkim trusted hosts file +- name: Install opendkim trusted hosts file copy: src=TrustedHosts dest=/etc/opendkim/TrustedHosts tags: - opendkim - config - base -- name: install bastion opendkim key from private +- name: Install bastion opendkim key from private copy: src={{ private }}/files/opendkim/bastion.key dest=/etc/opendkim/keys/bastion.key mode=0600 owner=opendkim group=opendkim tags: - opendkim - config - base -- name: install bastion-iad opendkim key from private +- name: Install bastion-iad opendkim key from private copy: src={{ private }}/files/opendkim/bastion-iad.key dest=/etc/opendkim/keys/bastion-iad.key mode=0600 owner=opendkim group=opendkim tags: - opendkim - config - base -- name: install pagure opendkim key from private +- name: Install pagure opendkim key from private copy: src={{ private }}/files/opendkim/pagure.key dest=/etc/opendkim/keys/pagure.key mode=0600 owner=opendkim group=opendkim tags: - opendkim diff --git a/roles/openqa/dispatcher/tasks/main.yml b/roles/openqa/dispatcher/tasks/main.yml index 54f62d0e45..6fb891b359 100644 --- a/roles/openqa/dispatcher/tasks/main.yml +++ b/roles/openqa/dispatcher/tasks/main.yml @@ -230,7 +230,7 @@ # someone other than root and then we'd need another token file for # them, as we used to have for the fedmsg user. But for now they run # as root and use this one. -- name: openQA client config +- name: OpenQA client config template: src=client.conf.j2 dest=/etc/openqa/client.conf owner=root group=root mode=0640 tags: - config diff --git a/roles/openqa/server/tasks/main.yml b/roles/openqa/server/tasks/main.yml index 7c9898e512..41fc0462f8 100644 --- a/roles/openqa/server/tasks/main.yml +++ b/roles/openqa/server/tasks/main.yml @@ -296,7 +296,7 @@ # sets it 0640, so we don't enforce ownership here and set mode to # 0640 so we don't wind up ping-ponging it between server and # dispatcher roles. -- name: openQA client config +- name: OpenQA client config template: src=client.conf.j2 dest=/etc/openqa/client.conf mode=0640 tags: - config diff --git a/roles/openqa/worker/tasks/main.yml b/roles/openqa/worker/tasks/main.yml index 791062977d..f5952c0ec6 100644 --- a/roles/openqa/worker/tasks/main.yml +++ b/roles/openqa/worker/tasks/main.yml @@ -199,12 +199,12 @@ - packages when: openqa_tap -- name: openQA client config +- name: OpenQA client config template: src=client.conf.j2 dest=/etc/openqa/client.conf owner=_openqa-worker group=root mode=0600 tags: - config -- name: openQA worker config +- name: OpenQA worker config template: src=workers.ini.j2 dest=/etc/openqa/workers.ini owner=_openqa-worker group=root mode=0644 notify: - restart openqa workers @@ -214,11 +214,11 @@ - include_tasks: createhdds.yml when: openqa_hdds_worker|bool -- name: override kernel scheduler configuration - rhbz#2009585 +- name: Override kernel scheduler configuration - rhbz#2009585 copy: src=60-block-scheduler.rules dest=/etc/udev/rules.d/60-block-scheduler.rules owner=root group=root mode=0644 when: "deployment_type is defined" -- name: remove wrongly-named kernel scheduler config file +- name: Remove wrongly-named kernel scheduler config file file: path=/etc/udev/rules.d/60-block-scheduler-override.rules state=absent - name: Enable and start worker services diff --git a/roles/openshift-apps/coreos-ci/tasks/main.yaml b/roles/openshift-apps/coreos-ci/tasks/main.yaml index 1c7cb23ec1..ec10dd22ce 100644 --- a/roles/openshift-apps/coreos-ci/tasks/main.yaml +++ b/roles/openshift-apps/coreos-ci/tasks/main.yaml @@ -9,7 +9,7 @@ recurse: true # generate the templates for project to be created -- name: create the templates +- name: Create the templates template: src: "{{ item }}" dest: "/root/ocp4/openshift-apps/{{project_name}}/{{ item }}" @@ -17,12 +17,12 @@ with_items: "{{ project_templates }}" # apply created openshift resources -- name: oc apply resources +- name: Oc apply resources command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/{{project_name}}/{{ item }}" with_items: "{{ project_templates }}" # create the service account -- name: create service account +- name: Create service account command: "/root/bin/oc create sa {{ project_service_account }} -n {{ project_name }}" register: sa_resource_create failed_when: sa_resource_create.stderr != '' and 'already exists' not in sa_resource_create.stderr diff --git a/roles/openshift-apps/fedora-coreos-pipeline/tasks/main.yaml b/roles/openshift-apps/fedora-coreos-pipeline/tasks/main.yaml index 89ca8b42f9..c2dd0463d6 100644 --- a/roles/openshift-apps/fedora-coreos-pipeline/tasks/main.yaml +++ b/roles/openshift-apps/fedora-coreos-pipeline/tasks/main.yaml @@ -9,7 +9,7 @@ recurse: true # generate the templates for project to be created -- name: create the templates +- name: Create the templates template: src: "{{ item }}" dest: "/root/ocp4/openshift-apps/{{project_name}}/{{ item }}" @@ -17,6 +17,6 @@ with_items: "{{ project_templates }}" # apply created openshift resources -- name: oc apply resources +- name: Oc apply resources command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/{{project_name}}/{{ item }}" with_items: "{{ project_templates }}" diff --git a/roles/openshift-apps/firmitas/tasks/create-buildconfig.yml b/roles/openshift-apps/firmitas/tasks/create-buildconfig.yml index 9edda83f9b..78f130c5e7 100644 --- a/roles/openshift-apps/firmitas/tasks/create-buildconfig.yml +++ b/roles/openshift-apps/firmitas/tasks/create-buildconfig.yml @@ -1,15 +1,15 @@ --- # generate the templates for project to be created -- name: create the buildconfig template +- name: Create the buildconfig template template: src: "buildconfig.yml.j2" dest: "/root/ocp4/openshift-apps/firmitas/buildconfig.yml" mode: "0770" # apply created openshift resources -- name: oc apply resources +- name: Oc apply resources command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/firmitas/buildconfig.yml" # Start a build -- name: "oc start-build {{ firmitas_application_name }}-build" +- name: "Run oc start-build {{ firmitas_application_name }}-build" command: "/root/bin/oc start-build {{ firmitas_application_name }}-build -n {{ firmitas_namespace }}" diff --git a/roles/openshift-apps/firmitas/tasks/create-cronjob.yml b/roles/openshift-apps/firmitas/tasks/create-cronjob.yml index e4312adacb..423aa81ac3 100644 --- a/roles/openshift-apps/firmitas/tasks/create-cronjob.yml +++ b/roles/openshift-apps/firmitas/tasks/create-cronjob.yml @@ -1,13 +1,13 @@ --- # generate the templates for project to be created -- name: create the cronjob template +- name: Create the cronjob template template: src: "cronjob.yml.j2" dest: "/root/ocp4/openshift-apps/firmitas/cronjob.yml" mode: "0770" # apply created openshift resources -- name: oc apply resources +- name: Oc apply resources command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/firmitas/cronjob.yml" retries: 3 delay: 5 diff --git a/roles/openshift-apps/firmitas/tasks/create-deployment.yml b/roles/openshift-apps/firmitas/tasks/create-deployment.yml index 5b93c21dfe..1958e7eaa6 100644 --- a/roles/openshift-apps/firmitas/tasks/create-deployment.yml +++ b/roles/openshift-apps/firmitas/tasks/create-deployment.yml @@ -1,13 +1,13 @@ --- # generate the templates for project to be created -- name: create the deployment template +- name: Create the deployment template template: src: "deployment.yml.j2" dest: "/root/ocp4/openshift-apps/firmitas/deployment.yml" mode: "0770" # apply created openshift resources -- name: oc apply resources +- name: Oc apply resources command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/firmitas/deployment.yml" retries: 3 delay: 5 diff --git a/roles/openshift-apps/firmitas/tasks/create-firmitas-configuration-secret.yml b/roles/openshift-apps/firmitas/tasks/create-firmitas-configuration-secret.yml index 480fbc48ca..5c5261d23d 100644 --- a/roles/openshift-apps/firmitas/tasks/create-firmitas-configuration-secret.yml +++ b/roles/openshift-apps/firmitas/tasks/create-firmitas-configuration-secret.yml @@ -21,12 +21,12 @@ tags: - firmitas-configuration-secret -- name: read remote values.txt +- name: Read remote values.txt register: firmitas_myconfig_py_file ansible.builtin.slurp: src: "/root/ocp4/openshift-apps/firmitas/myconfig.py" -- name: read remote values.txt +- name: Read remote values.txt register: firmitas_certlist_yml_file ansible.builtin.slurp: src: "/root/ocp4/openshift-apps/firmitas/certlist.yml" @@ -34,7 +34,7 @@ # Create the Secret from this file # generate the templates for project to be created -- name: copy the templates to the host +- name: Copy the templates to the host template: src: "secret-configuration.yml.j2" dest: "/root/ocp4/openshift-apps/firmitas/secret-configuration.yml" @@ -42,7 +42,7 @@ # apply the openshift resources -- name: oc apply resources +- name: Oc apply resources command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/firmitas/secret-configuration.yml" tags: - firmitas-configuration-secret diff --git a/roles/openshift-apps/firmitas/tasks/create-imagestream.yml b/roles/openshift-apps/firmitas/tasks/create-imagestream.yml index 2ccb0aa7a6..4c59389dc8 100644 --- a/roles/openshift-apps/firmitas/tasks/create-imagestream.yml +++ b/roles/openshift-apps/firmitas/tasks/create-imagestream.yml @@ -1,11 +1,11 @@ --- # generate the templates for project to be created -- name: create the imagestream template +- name: Create the imagestream template template: src: "imagestream.yml.j2" dest: "/root/ocp4/openshift-apps/firmitas/imagestream.yml" mode: "0770" # apply created openshift resources -- name: oc apply resources +- name: Oc apply resources command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/firmitas/imagestream.yml" diff --git a/roles/openshift-apps/firmitas/tasks/create-namespace.yml b/roles/openshift-apps/firmitas/tasks/create-namespace.yml index 777a8adf0a..12788f3066 100644 --- a/roles/openshift-apps/firmitas/tasks/create-namespace.yml +++ b/roles/openshift-apps/firmitas/tasks/create-namespace.yml @@ -1,11 +1,11 @@ --- # generate the templates for project to be created -- name: create the namespace template +- name: Create the namespace template template: src: "namespace.yml.j2" dest: "/root/ocp4/openshift-apps/firmitas/namespace.yml" mode: "0770" # apply created openshift resources -- name: oc apply resources +- name: Oc apply resources command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/firmitas/namespace.yml" diff --git a/roles/openshift-apps/firmitas/tasks/create-pagure-apikey-secret.yml b/roles/openshift-apps/firmitas/tasks/create-pagure-apikey-secret.yml index 2dff5332c5..e2dcc83b3b 100644 --- a/roles/openshift-apps/firmitas/tasks/create-pagure-apikey-secret.yml +++ b/roles/openshift-apps/firmitas/tasks/create-pagure-apikey-secret.yml @@ -1,11 +1,11 @@ --- # generate the templates for project to be created -- name: create the pagure api secret template +- name: Create the pagure api secret template template: src: "secret-pagure-apikey.yml.j2" dest: "/root/ocp4/openshift-apps/firmitas/secret-pagure-apikey.yml" mode: "0770" # apply created openshift resources -- name: oc apply resources +- name: Oc apply resources command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/firmitas/secret-pagure-apikey.yml" diff --git a/roles/openshift-apps/firmitas/tasks/create-persistent-volume-claim.yml b/roles/openshift-apps/firmitas/tasks/create-persistent-volume-claim.yml index 90a13570b4..0eacb6a06b 100644 --- a/roles/openshift-apps/firmitas/tasks/create-persistent-volume-claim.yml +++ b/roles/openshift-apps/firmitas/tasks/create-persistent-volume-claim.yml @@ -1,12 +1,12 @@ --- # generate the templates for project to be created -- name: create the persistent volume template +- name: Create the persistent volume template template: src: "persistent-volume-claim.yml.j2" dest: "/root/ocp4/openshift-apps/firmitas/persistent-volume-claim.yml" mode: "0770" # apply created openshift resources -- name: oc apply resources +- name: Oc apply resources command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/firmitas/persistent-volume-claim.yml" ignore_errors: true diff --git a/roles/openshift-apps/firmitas/tasks/main.yml b/roles/openshift-apps/firmitas/tasks/main.yml index e9f4730421..b1e4527231 100644 --- a/roles/openshift-apps/firmitas/tasks/main.yml +++ b/roles/openshift-apps/firmitas/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: ensures /root/ocp4/openshift-apps/firmitas/ dir exists +- name: Ensures /root/ocp4/openshift-apps/firmitas/ dir exists file: path: "/root/ocp4/openshift-apps/firmitas/" state: directory diff --git a/roles/openshift/imagestream/tasks/main.yml b/roles/openshift/imagestream/tasks/main.yml index eda34bf69f..770115d29c 100644 --- a/roles/openshift/imagestream/tasks/main.yml +++ b/roles/openshift/imagestream/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: imagestream-{{imagestream_imagename}}.yml +- name: Imagestream-{{imagestream_imagename}}.yml include_role: name: openshift/object vars: diff --git a/roles/openshift/project/tasks/main.yml b/roles/openshift/project/tasks/main.yml index 4b55db69e1..b16817379c 100644 --- a/roles/openshift/project/tasks/main.yml +++ b/roles/openshift/project/tasks/main.yml @@ -22,7 +22,7 @@ shell: oc apply --validate=strict -f /etc/openshift_apps/{{project_app}}/project.yml when: "'not found' in project_exists.stderr" -- name: deployer.yml +- name: Deployer.yml include_role: name: openshift/object vars: @@ -30,7 +30,7 @@ object_objectname: deployer.yml object_template_fullpath: "{{roles_path}}/openshift/project/templates/deployer.yml.j2" -- name: imagebuilder.yml +- name: Imagebuilder.yml include_role: name: openshift/object vars: @@ -38,7 +38,7 @@ object_objectname: imagebuilder.yml object_template_fullpath: "{{roles_path}}/openshift/project/templates/imagebuilder.yml.j2" -- name: imagepuller.yml +- name: Imagepuller.yml include_role: name: openshift/object vars: @@ -46,7 +46,7 @@ object_objectname: imagepuller.yml object_template_fullpath: "{{roles_path}}/openshift/project/templates/imagepuller.yml.j2" -- name: role-appowners.yml +- name: Role-appowners.yml include_role: name: openshift/object vars: @@ -54,7 +54,7 @@ object_objectname: role-appowners.yml object_template_fullpath: "{{roles_path}}/openshift/project/templates/role-appowners.yml.j2" -- name: appowners.yml +- name: Appowners.yml include_role: name: openshift/object vars: @@ -62,7 +62,7 @@ object_objectname: appowners.yml object_template_fullpath: "{{roles_path}}/openshift/project/templates/appowners.yml.j2" -- name: alertmanager.yml +- name: Alertmanager.yml include_role: name: openshift/object vars: @@ -70,7 +70,7 @@ object_objectname: alertmanager.yml object_template_fullpath: "{{roles_path}}/openshift/project/templates/alertmanager.yml.j2" -- name: prometheusRules.yml +- name: PrometheusRules.yml include_role: name: openshift/object vars: diff --git a/roles/openshift/route/tasks/main.yml b/roles/openshift/route/tasks/main.yml index bd2a1b72ae..18d1ac1bac 100644 --- a/roles/openshift/route/tasks/main.yml +++ b/roles/openshift/route/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: route-{{route_name}}.yml +- name: Route-{{route_name}}.yml include_role: name: openshift/object vars: diff --git a/roles/openshift/sysadmin-openshift/tasks/resources.yaml b/roles/openshift/sysadmin-openshift/tasks/resources.yaml index fa33c86903..b35fd70b03 100644 --- a/roles/openshift/sysadmin-openshift/tasks/resources.yaml +++ b/roles/openshift/sysadmin-openshift/tasks/resources.yaml @@ -11,7 +11,7 @@ - create-resources # generate the templates for project to be created -- name: create the templates +- name: Create the templates template: src: "{{ item }}" dest: "/root/ocp4/openshift-apps/{{sysadmin_openshift_project_name}}/{{ item }}" @@ -21,7 +21,7 @@ - create-resources # apply created openshift resources -- name: oc apply resources +- name: Oc apply resources command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/{{sysadmin_openshift_project_name}}/{{ item }}" with_items: "{{ sysadmin_openshift_project_templates }}" tags: diff --git a/roles/openvpn/base/tasks/main.yml b/roles/openvpn/base/tasks/main.yml index 9b9fd8a065..fa8e816aab 100644 --- a/roles/openvpn/base/tasks/main.yml +++ b/roles/openvpn/base/tasks/main.yml @@ -39,7 +39,7 @@ # - restart openvpn (Fedora) when: inventory_hostname.startswith('bastion0') -- name: install fix-routes.sh script +- name: Install fix-routes.sh script copy: src=fix-routes.sh dest=/etc/openvpn/fix-routes.sh owner=root group=root mode=0755 diff --git a/roles/openvpn/client/tasks/main.yml b/roles/openvpn/client/tasks/main.yml index 87bda5b7d8..09c8501b3d 100644 --- a/roles/openvpn/client/tasks/main.yml +++ b/roles/openvpn/client/tasks/main.yml @@ -43,7 +43,7 @@ - service - openvpn -- name: enable openvpn service for Fedora +- name: Enable openvpn service for Fedora service: name=openvpn-client@openvpn state=started enabled=true when: is_fedora is defined tags: diff --git a/roles/openvpn/server/tasks/main.yml b/roles/openvpn/server/tasks/main.yml index 35de8b3012..9650882f30 100644 --- a/roles/openvpn/server/tasks/main.yml +++ b/roles/openvpn/server/tasks/main.yml @@ -50,14 +50,14 @@ tags: - openvpn -- name: disable old openvpn service for rhel 7 or Fedora +- name: Disable old openvpn service for rhel 7 or Fedora service: name=openvpn@openvpn state=stopped enabled=false when: ( ansible_distribution_version[0] == 7 or is_fedora is defined ) and openvpn_master is defined tags: - service - openvpn -- name: enable openvpn service for rhel 7 or Fedora +- name: Enable openvpn service for rhel 7 or Fedora service: name=openvpn-server@openvpn state=started enabled=true when: ( ansible_distribution_version[0] == 7 or is_fedora is defined ) and openvpn_master is defined tags: diff --git a/roles/packager_alias/tasks/main.yml b/roles/packager_alias/tasks/main.yml index 008f85a608..91710da371 100644 --- a/roles/packager_alias/tasks/main.yml +++ b/roles/packager_alias/tasks/main.yml @@ -41,7 +41,7 @@ # Since this host has mail aliases, it's a mail hub. Compress logs since there will be a ton of them # -- name: install modified logrotate syslog script to compress maillog on mailhub +- name: Install modified logrotate syslog script to compress maillog on mailhub copy: src=syslog dest=/etc/logrotate.d/syslog owner=root group=root tags: - install diff --git a/roles/packages3/web/tasks/main.yml b/roles/packages3/web/tasks/main.yml index 2c85d68478..0490f8356a 100644 --- a/roles/packages3/web/tasks/main.yml +++ b/roles/packages3/web/tasks/main.yml @@ -1,7 +1,7 @@ --- # # Configuration for the fedora-packages webapp -- name: install needed packages +- name: Install needed packages package: name={{ item }} state=present with_items: - fedora-packages @@ -81,7 +81,7 @@ - packages - packages/web -- name: permanently hotfix the distmappings file +- name: Permanently hotfix the distmappings file copy: > src=distmappings.py dest="{{pythonsitelib}}/fedoracommunity/search/distmappings.py" @@ -129,7 +129,7 @@ - packages/web - icon -- name: hotfix the fedmsg-hub executable to pick up forward compat packages +- name: Hotfix the fedmsg-hub executable to pick up forward compat packages copy: src=fedmsg-hub-forward-compat dest=/usr/bin/fedmsg-hub tags: - packages @@ -138,7 +138,7 @@ when: ansible_distribution_major_version|int < 7 and ansible_distribution == 'RedHat' # Lastly, here's some selinux stuff. -- name: set some selinux booleans +- name: Set some selinux booleans seboolean: name={{item}} persistent=yes state=yes with_items: - httpd_tmp_exec diff --git a/roles/pager_server/tasks/main.yml b/roles/pager_server/tasks/main.yml index 8fdb8f0af5..0fbc0a290c 100644 --- a/roles/pager_server/tasks/main.yml +++ b/roles/pager_server/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: setup pager app config +- name: Setup pager app config copy: src=pager-app.conf dest=/etc/httpd/conf.d/pager-app.conf mode=644 notify: - reload httpd @@ -7,7 +7,7 @@ - config - pager_server -- name: install pager app +- name: Install pager app copy: src={{ private}}/pager/pager.py dest=/srv/web/pager.py mode=755 setype=httpd_sys_script_exec_t tags: - config diff --git a/roles/pagure/handlers/main.yml b/roles/pagure/handlers/main.yml index 62b144e24b..850dfa874b 100644 --- a/roles/pagure/handlers/main.yml +++ b/roles/pagure/handlers/main.yml @@ -1,3 +1,3 @@ --- -- name: restart pagure_milter +- name: Restart pagure_milter service: name=pagure_milter state=restarted diff --git a/roles/pagure/tasks/main.yml b/roles/pagure/tasks/main.yml index ab86f781a0..25aa89c397 100644 --- a/roles/pagure/tasks/main.yml +++ b/roles/pagure/tasks/main.yml @@ -1,6 +1,6 @@ --- # Configuration for the pagure webapp -- name: install needed packages +- name: Install needed packages package: name={{ item }} state=present with_items: - pagure @@ -34,7 +34,7 @@ tags: - pagure -- name: create the pagure DB user +- name: Create the pagure DB user become_user: postgres become: true postgresql_user: @@ -45,7 +45,7 @@ - postgresql when: env != 'pagure-staging' -- name: create the pagure DB user +- name: Create the pagure DB user become_user: postgres become: true postgresql_user: @@ -56,7 +56,7 @@ - postgresql when: env != 'pagure-staging' -- name: create the pagure database creation +- name: Create the pagure database creation become_user: postgres become: true postgresql_db: @@ -68,7 +68,7 @@ - postgresql when: env != 'pagure-staging' -- name: create the pagure DB user +- name: Create the pagure DB user become_user: postgres become: true postgresql_user: @@ -79,7 +79,7 @@ - postgresql when: env == 'pagure-staging' -- name: create the pagure DB user +- name: Create the pagure DB user become_user: postgres become: true postgresql_user: @@ -90,7 +90,7 @@ - postgresql when: env == 'pagure-staging' -- name: create the pagure database creation +- name: Create the pagure database creation become_user: postgres become: true postgresql_db: @@ -113,14 +113,14 @@ tags: - pagure -- name: create the /attachments folder +- name: Create the /attachments folder file: state=directory path=/srv/attachments owner=git group=git mode=0775 tags: - pagure -- name: create the /var/log/pagure folder where to store the logs +- name: Create the /var/log/pagure folder where to store the logs file: state=directory path=/var/log/pagure owner=git group=git mode=0775 @@ -147,7 +147,7 @@ # tags: # - gitolite -- name: create all the directories where we store the git repos +- name: Create all the directories where we store the git repos file: state=directory path={{ item }} owner=git group=git mode=0775 @@ -161,7 +161,7 @@ tags: - pagure -- name: create the /srv/tmp folder where to clone repos +- name: Create the /srv/tmp folder where to clone repos file: state=directory path=/srv/tmp owner=git group=git mode=0775 @@ -179,7 +179,7 @@ # Set things up for the mirroring feature -- name: create the `paguremirroring` group +- name: Create the `paguremirroring` group group: name: paguremirroring state: present @@ -187,7 +187,7 @@ - pagure - mirror -- name: create the `paguremirroring` user +- name: Create the `paguremirroring` user user: name: paguremirroring group: paguremirroring @@ -212,7 +212,7 @@ # Override pagure_ev systemd service file -- name: install pagure_ev service definition +- name: Install pagure_ev service definition copy: src=pagure_ev.service dest=/usr/lib/systemd/system/pagure_ev.service owner=root group=root mode=0644 @@ -225,7 +225,7 @@ # Set-up stunnel for the event source server -- name: install stunnel service definition +- name: Install stunnel service definition copy: src=stunnel.service dest=/usr/lib/systemd/system/stunnel.service owner=root group=root mode=0644 @@ -236,7 +236,7 @@ - pagure - stunnel -- name: install stunnel.conf +- name: Install stunnel.conf template: src={{ item.file }} dest={{ item.dest }} owner=root group=root mode=0600 @@ -264,7 +264,7 @@ # setup fedora-messaging -- name: install fedora-messaging as a dependency +- name: Install fedora-messaging as a dependency package: name={{ item }} state=present with_items: - python3-fedora-messaging @@ -272,13 +272,13 @@ - pagure - fedora-messaging -- name: create the config folder for fedora-messaging +- name: Create the config folder for fedora-messaging file: path=/etc/fedora-messaging/ owner=root group=root mode=0755 state=directory tags: - pagure - fedora-messaging -- name: install the configuration file for fedora-messaging +- name: Install the configuration file for fedora-messaging template: src=fedora-messaging.toml dest=/etc/fedora-messaging/config.toml @@ -286,13 +286,13 @@ - pagure - fedora-messaging -- name: create folder where we'll place the certs +- name: Create folder where we'll place the certs file: path=/etc/pki/rabbitmq/pagurecert/ owner=root group=root mode=0755 state=directory tags: - pagure - fedora-messaging -- name: deploy pagure/rabbitmq certificate +- name: Deploy pagure/rabbitmq certificate copy: src={{ item.src }} dest=/etc/pki/rabbitmq/pagurecert/{{ item.dest }} owner={{ item.owner }} group={{ item.group}} mode={{ item.mode }} @@ -317,7 +317,7 @@ - pagure - fedora-messaging -- name: deploy pagure/rabbitmq certificate +- name: Deploy pagure/rabbitmq certificate copy: src={{ item.src }} dest=/etc/pki/rabbitmq/pagurecert/{{ item.dest }} owner={{ item.owner }} group={{ item.group}} mode={{ item.mode }} @@ -345,7 +345,7 @@ # Set-up Pagure -- name: create the folders used for releases and archives +- name: Create the folders used for releases and archives file: state=directory path={{ item }} owner=git group=git mode=0775 @@ -356,7 +356,7 @@ - pagure - web -- name: copy sundry pagure configuration +- name: Copy sundry pagure configuration template: src={{ item.file }} dest={{ item.location }}/{{ item.file }} owner=git group=postfix mode=0640 @@ -380,7 +380,7 @@ - pagure -- name: create the database scheme +- name: Create the database scheme command: /usr/bin/python3 /usr/share/pagure/pagure_createdb.py changed_when: "1 != 1" environment: @@ -417,7 +417,7 @@ notify: - restart apache -- name: let paguremirroring read the pagure config +- name: Let paguremirroring read the pagure config command: /usr/bin/setfacl -m user:paguremirroring:rx /etc/pagure/pagure.cfg tags: - pagure @@ -491,7 +491,7 @@ - service - postfix -- name: setup logrotate to our needs +- name: Setup logrotate to our needs copy: src="{{ files }}/httpd/httpd.logrotate" dest=/etc/logrotate.d/httpd tags: - config @@ -504,7 +504,7 @@ - GDPR - pagure -- name: override the default syslog logrotate file +- name: Override the default syslog logrotate file copy: src=syslog-logrotate dest=/etc/logrotate.d/syslog tags: - pagure diff --git a/roles/pagure/tasks/selinux.yml b/roles/pagure/tasks/selinux.yml index 0ed4517efc..3411713e72 100644 --- a/roles/pagure/tasks/selinux.yml +++ b/roles/pagure/tasks/selinux.yml @@ -1,5 +1,5 @@ --- -- name: check the selinux context of the git repo directory +- name: Check the selinux context of the git repo directory command: matchpathcon /srv/git register: distgitcontext check_mode: no @@ -9,19 +9,19 @@ - pagure - selinux -- name: show the output of distgitcontext +- name: Show the output of distgitcontext debug: var: distgitcontext.stdout tags: - selinux -- name: show if we find gitosis_var_lib_t in distgitcontext +- name: Show if we find gitosis_var_lib_t in distgitcontext debug: var: distgitcontext.stdout.find('gitosis_var_lib_t') tags: - selinux -- name: set the SELinux policy for the distgit root directory +- name: Set the SELinux policy for the distgit root directory command: semanage fcontext -a -t gitosis_var_lib_t "/srv/git(/.*)?" when: distgitcontext.stdout.find('gitosis_var_lib_t') == -1 tags: @@ -29,7 +29,7 @@ - pagure - selinux -- name: check the selinux context of the releases directory +- name: Check the selinux context of the releases directory command: matchpathcon /var/www/releases register: distgitcontext check_mode: no @@ -40,7 +40,7 @@ - selinux # Note: On Fedora its httpd_sys_content_rw_t - Don't we love confusions? -- name: set the SELinux policy for the releases directory +- name: Set the SELinux policy for the releases directory command: semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/releases(/.*)?" when: distgitcontext.stdout.find('httpd_sys_rw_content_t') == -1 tags: @@ -59,7 +59,7 @@ - config - pagure -- name: set sebooleans so pagure can talk to the network (db + redis) +- name: Set sebooleans so pagure can talk to the network (db + redis) seboolean: name=httpd_can_network_connect state=true persistent=true @@ -68,7 +68,7 @@ - selinux - pagure -- name: set sebooleans so apache can send emails +- name: Set sebooleans so apache can send emails seboolean: name=httpd_can_sendmail state=true persistent=true @@ -77,7 +77,7 @@ - selinux - pagure -- name: set sebooleans so pygit2 can read the git repos +- name: Set sebooleans so pygit2 can read the git repos seboolean: name=httpd_execmem state=true persistent=true @@ -86,7 +86,7 @@ - selinux - pagure -- name: set sebooleans so ssh can retrieve access info from apache +- name: Set sebooleans so ssh can retrieve access info from apache seboolean: name=nis_enabled state=true persistent=true @@ -95,7 +95,7 @@ - selinux - pagure -- name: set sebooleans so allow nagios/nrpe to call sudo from NRPE utils scripts +- name: Set sebooleans so allow nagios/nrpe to call sudo from NRPE utils scripts seboolean: name=nagios_run_sudo state=true persistent=true diff --git a/roles/people/tasks/main.yml b/roles/people/tasks/main.yml index 81fc4f9559..c373c070de 100644 --- a/roles/people/tasks/main.yml +++ b/roles/people/tasks/main.yml @@ -2,7 +2,7 @@ # # Install packages needed for fedora people # -- name: install packages needed for fedora people +- name: Install packages needed for fedora people package: name={{ item }} state=present with_items: - cvs @@ -17,13 +17,13 @@ - packages - people -- name: install main httpd config +- name: Install main httpd config template: src=people.conf dest=/etc/httpd/conf.d/people.conf tags: - people - sslciphers -- name: install httpd config +- name: Install httpd config copy: src={{item}} dest=/etc/httpd/conf.d/{{item}} with_items: - cgit.conf @@ -59,12 +59,12 @@ tags: - people -- name: start httpd +- name: Start httpd service: name="httpd" state=started tags: - people -- name: set selinux booleans needed for people +- name: Set selinux booleans needed for people seboolean: name={{ item }} state=true persistent=true with_items: - httpd_enable_homedirs @@ -75,7 +75,7 @@ tags: - people -- name: check the selinux context of the users home git dirs +- name: Check the selinux context of the users home git dirs command: matchpathcon "/home/fedora/someone/public_git" register: gitcontext check_mode: no @@ -84,14 +84,14 @@ - config - selinux -- name: set the SELinux policy for the users home git dirs +- name: Set the SELinux policy for the users home git dirs command: semanage fcontext -a -t git_user_content_t "/home/fedora/(.*)/public_git(.*)" when: gitcontext.stdout.find('git_user_content_t') == -1 tags: - config - selinux -- name: check the selinux context of the project dirs +- name: Check the selinux context of the project dirs command: matchpathcon "/project" register: gitcontext check_mode: no @@ -100,14 +100,14 @@ - config - selinux -- name: set the SELinux policy for the project dirs +- name: Set the SELinux policy for the project dirs command: semanage fcontext -a -t httpd_sys_content_t "/project(.*)" when: gitcontext.stdout.find('httpd_sys_content_t') == -1 tags: - config - selinux -- name: check the selinux context of the web dir +- name: Check the selinux context of the web dir command: matchpathcon "/srv/web" register: gitcontext check_mode: no @@ -116,14 +116,14 @@ - config - selinux -- name: set the SELinux policy for the web dir +- name: Set the SELinux policy for the web dir command: semanage fcontext -a -t httpd_sys_content_t "/srv/web(/.*)?" when: gitcontext.stdout.find('httpd_sys_content_t') == -1 tags: - config - selinux -- name: check the selinux context of the people dir +- name: Check the selinux context of the people dir command: matchpathcon "/srv/people" register: gitcontext check_mode: no @@ -132,7 +132,7 @@ - config - selinux -- name: set the SELinux policy for the web dir +- name: Set the SELinux policy for the web dir command: semanage fcontext -a -t httpd_sys_content_t "/srv/people(/.*)?" when: gitcontext.stdout.find('httpd_sys_content_t') == -1 tags: @@ -141,7 +141,7 @@ # This is a file context alias, to let ansible know that /home and /srv/home # are equal as far as contexts are concerned. -- name: check the selinux context alias of the home dir +- name: Check the selinux context alias of the home dir command: matchpathcon "/srv/home" register: gitcontext check_mode: no @@ -150,7 +150,7 @@ - config - selinux -- name: set the SELinux policy alias for the home dir +- name: Set the SELinux policy alias for the home dir command: semanage fcontext -a -e /home /srv/home when: gitcontext.stdout.find('home_root_t') == -1 tags: @@ -171,7 +171,7 @@ # This sets the default, it's safe to always run. # Default quota for users is 2gb # -- name: set default xfs quotas on /srv +- name: Set default xfs quotas on /srv command: xfs_quota -x -c 'limit bsoft=2g bhard=2g -d' /srv check_mode: no register: xfs_quotaoutput @@ -184,7 +184,7 @@ # This sets quotas for people who requested more than default # It's also safe to aways run. # -- name: set quotas for people who have more set +- name: Set quotas for people who have more set command: >- xfs_quota -x -c 'limit bsoft={{ item.quota }} bhard={{ item.quota }} {{ item.user }}' /srv with_items: @@ -235,67 +235,67 @@ - people - peoplequotas -- name: create repos directory +- name: Create repos directory file: path=/project/repos state=directory owner=root group=fedora-contributor mode=0775 tags: - people -- name: create repos link +- name: Create repos link file: state=link src=/project/repos dest=/srv/repos tags: - people -- name: create groups link +- name: Create groups link file: state=link src=/project dest=/srv/groups tags: - people -- name: setup script to grab download stats for some groups. +- name: Setup script to grab download stats for some groups. copy: src=grab-daily-logs.sh dest=/usr/local/bin/grab-daily-logs.sh mode=0755 tags: - people -- name: setup cron job to gather download stats +- name: Setup cron job to gather download stats copy: src=grab-daily-logs.cron dest=/etc/cron.daily/grab-daily-logs mode=0755 tags: - people -- name: copy robots.txt for fedorapeople.org +- name: Copy robots.txt for fedorapeople.org copy: src=robots.txt dest=/srv/people/site/robots.txt tags: - people -- name: copy static files to make main fedorapeople.org index page +- name: Copy static files to make main fedorapeople.org index page copy: src=static/ dest=/srv/people/site/static tags: - people -- name: copy static files for user pages +- name: Copy static files for user pages copy: src=userdefs/ dest=/srv/people/site/userdefs tags: - people -- name: setup script to make main fedorapeople.org index page +- name: Setup script to make main fedorapeople.org index page copy: src=make-people-page.py dest=/usr/local/bin/make-people-page.py mode=755 tags: - people -- name: setup script check for broken planet confs +- name: Setup script check for broken planet confs copy: src=check-broken-planet.py dest=/usr/local/bin/check-broken-planet.py mode=755 tags: - people -- name: setup cron to run make fedorapeople.org main index page +- name: Setup cron to run make fedorapeople.org main index page copy: src=make-people-page.cron dest=/etc/cron.d/make-people-page.cron mode=644 tags: - people -- name: setup cron to run the check for broken planet confs +- name: Setup cron to run the check for broken planet confs copy: src=check-broken-planet.cron dest=/etc/cron.d/check-broken-planet.cron mode=644 tags: - people -- name: copy SSSd configuration +- name: Copy SSSd configuration template: src: sssd.conf dest: /etc/sssd/sssd.conf diff --git a/roles/planet/tasks/main.yml b/roles/planet/tasks/main.yml index c04bc74a95..86b82e752a 100644 --- a/roles/planet/tasks/main.yml +++ b/roles/planet/tasks/main.yml @@ -2,22 +2,22 @@ # tasks to setup a planet server # -- name: add planet group +- name: Add planet group group: name=planet-user gid=104 system=yes state=present tags: - planet_server -- name: add planet user +- name: Add planet user user: name=planet-user uid=104 group=planet-user home=/srv/planet comment="People Planet Eater" createhome=yes system=yes shell=/bin/bash tags: - planet_server -- name: add apache to planet group +- name: Add apache to planet group user: name=apache append=yes groups=planet-user tags: - planet_server -- name: install the planet packages (and fedora-messaging) +- name: Install the planet packages (and fedora-messaging) package: pkg={{item}} state=present with_items: - venus @@ -25,35 +25,35 @@ tags: - planet_server -- name: add base planet config directory +- name: Add base planet config directory file: path=/etc/planet state=directory owner=root group=root mode=0775 tags: - planet_server -- name: copy the planet http config file +- name: Copy the planet http config file template: src=planet.conf dest=/etc/httpd/conf.d/planet.conf tags: - planet_server - sslciphers -- name: copy the run planet-config script into /usr/local/bin +- name: Copy the run planet-config script into /usr/local/bin copy: src=pull-run-planet-config.sh dest=/usr/local/bin/pull-run-planet-config.sh mode=755 tags: - planet_server -- name: copy the planetconfigbuilder.py script into /usr/local/bin +- name: Copy the planetconfigbuilder.py script into /usr/local/bin copy: src=planetconfigbuilder.py dest=/usr/local/bin/planetconfigbuilder.py mode=755 tags: - planet_server -- name: create planet directory +- name: Create planet directory file: path={{ item }} state=directory owner=planet-user group=web mode=0775 with_items: - /srv/planet - /srv/planet/site - /srv/planet/config -- name: check the selinux context of the planet dir +- name: Check the selinux context of the planet dir command: matchpathcon "/srv/planet" register: gitcontext check_mode: no @@ -63,7 +63,7 @@ - selinux - planet_server -- name: set the SELinux policy for the planet dir +- name: Set the SELinux policy for the planet dir command: semanage fcontext -a -t httpd_sys_content_t "/srv/planet(/.*)?" when: gitcontext.stdout.find('httpd_sys_content_t') == -1 tags: @@ -71,7 +71,7 @@ - selinux - planet_server -- name: copy the run-planet script +- name: Copy the run-planet script copy: src=run-planet dest=/srv/planet/config/run-planet tags: - planet_server @@ -80,18 +80,18 @@ # base planet.fedoraproject.org planet # -- name: create planet directory (people) +- name: Create planet directory (people) file: path={{ item }} state=directory owner=planet-user group=web mode=0775 with_items: - /etc/planet/people - /srv/planet/config/people -- name: base planet config files +- name: Base planet config files copy: src=people_base_config dest=/etc/planet/people_base_config mode=0644 owner=root group=root tags: - planet_server -- name: copy the planet cron job (people) +- name: Copy the planet cron job (people) copy: src=planet-cron dest=/etc/cron.d/planet-cron tags: - planet_server @@ -100,7 +100,7 @@ # design # -- name: create planet directory (design) +- name: Create planet directory (design) file: path={{ item }} state=directory owner=planet-user group=web mode=0775 with_items: - /etc/planet/design @@ -108,17 +108,17 @@ - /srv/planet/config/design/cache - /srv/planet/site/design -- name: copy the planet cron job (design) +- name: Copy the planet cron job (design) copy: src=sub-planets/design/planet-group.cron dest=/etc/cron.d/planet-design.cron tags: - planet_server -- name: copy the planet fpbulder.conf (design) +- name: Copy the planet fpbulder.conf (design) copy: src=sub-planets/design/fpbuilder.conf dest=/etc/planet/design/fpbuilder.conf tags: - planet_server -- name: copy the planet base_config (design) +- name: Copy the planet base_config (design) copy: src=sub-planets/design/base_config dest=/etc/planet/design/base_config mode=0644 owner=root group=root tags: - planet_server @@ -127,7 +127,7 @@ # desktop # -- name: create planet directory (desktop) +- name: Create planet directory (desktop) file: path={{ item }} state=directory owner=planet-user group=web mode=0775 with_items: - /etc/planet/desktop @@ -135,17 +135,17 @@ - /srv/planet/config/desktop/cache - /srv/planet/site/desktop -- name: copy the planet cron job (desktop) +- name: Copy the planet cron job (desktop) copy: src=sub-planets/desktop/planet-group.cron dest=/etc/cron.d/planet-desktop.cron tags: - planet_server -- name: copy the planet fpbulder.conf (desktop) +- name: Copy the planet fpbulder.conf (desktop) copy: src=sub-planets/desktop/fpbuilder.conf dest=/etc/planet/desktop/fpbuilder.conf tags: - planet_server -- name: copy the planet base_config (desktop) +- name: Copy the planet base_config (desktop) copy: src=sub-planets/desktop/base_config dest=/etc/planet/desktop/base_config mode=0644 owner=root group=root tags: - planet_server @@ -154,7 +154,7 @@ # edited # -- name: create planet directory (edited) +- name: Create planet directory (edited) file: path={{ item }} state=directory owner=planet-user group=web mode=0775 with_items: - /etc/planet/edited @@ -162,17 +162,17 @@ - /srv/planet/config/edited/cache - /srv/planet/site/edited -- name: copy the planet cron job (edited) +- name: Copy the planet cron job (edited) copy: src=sub-planets/edited/planet-group.cron dest=/etc/cron.d/planet-edited.cron tags: - planet_server -- name: copy the planet fpbulder.conf (edited) +- name: Copy the planet fpbulder.conf (edited) copy: src=sub-planets/edited/fpbuilder.conf dest=/etc/planet/edited/fpbuilder.conf tags: - planet_server -- name: copy the planet base_config (edited) +- name: Copy the planet base_config (edited) copy: src=sub-planets/edited/base_config dest=/etc/planet/edited/base_config mode=0644 owner=root group=root tags: - planet_server @@ -181,7 +181,7 @@ # people # -- name: create planet directory (people) +- name: Create planet directory (people) file: path={{ item }} state=directory owner=planet-user group=web mode=0775 with_items: - /etc/planet/people @@ -189,14 +189,14 @@ - /srv/planet/config/people/cache - /srv/planet/site/people -- name: copy templates (people) +- name: Copy templates (people) copy: src=sub-planets/people/{{ item }} dest=/srv/planet/config/people/ owner=planet-user group=planet-user with_items: - templates tags: - planet_server -- name: copy the css and images (people) +- name: Copy the css and images (people) synchronize: src=sub-planets/people/{{ item }}/ dest=/srv/planet/site/{{ item }}/ with_items: - css-v2 @@ -204,7 +204,7 @@ tags: - planet_server -- name: copy the planet fpbulder.conf (people) +- name: Copy the planet fpbulder.conf (people) copy: src=fpbuilder.conf dest=/etc/planet/fpbuilder.conf tags: - planet_server @@ -213,7 +213,7 @@ # security # -- name: create planet directory (security) +- name: Create planet directory (security) file: path={{ item }} state=directory owner=planet-user group=web mode=0775 with_items: - /etc/planet/security @@ -221,17 +221,17 @@ - /srv/planet/config/security/cache - /srv/planet/site/security -- name: copy the planet cron job (security) +- name: Copy the planet cron job (security) copy: src=sub-planets/security/planet-group.cron dest=/etc/cron.d/planet-security.cron tags: - planet_server -- name: copy the planet fpbulder.conf (security) +- name: Copy the planet fpbulder.conf (security) copy: src=sub-planets/security/fpbuilder.conf dest=/etc/planet/security/fpbuilder.conf tags: - planet_server -- name: copy the planet base_config (security) +- name: Copy the planet base_config (security) copy: src=sub-planets/security/base_config dest=/etc/planet/security/base_config mode=0644 owner=root group=root tags: - planet_server @@ -240,7 +240,7 @@ # summer-coding # -- name: create planet directory (summer-coding) +- name: Create planet directory (summer-coding) file: path={{ item }} state=directory owner=planet-user group=web mode=0775 with_items: - /etc/planet/summer-coding @@ -248,17 +248,17 @@ - /srv/planet/config/summer-coding/cache - /srv/planet/site/summer-coding -- name: copy the planet cron job (summer-coding) +- name: Copy the planet cron job (summer-coding) copy: src=sub-planets/summer-coding/planet-group.cron dest=/etc/cron.d/planet-summer-coding.cron tags: - planet_server -- name: copy the planet fpbulder.conf (summer-coding) +- name: Copy the planet fpbulder.conf (summer-coding) copy: src=sub-planets/summer-coding/fpbuilder.conf dest=/etc/planet/summer-coding/fpbuilder.conf tags: - planet_server -- name: copy the planet base_config (summer-coding) +- name: Copy the planet base_config (summer-coding) copy: src=sub-planets/summer-coding/base_config dest=/etc/planet/summer-coding/base_config mode=0644 owner=root group=root tags: - planet_server @@ -267,7 +267,7 @@ # QA # -- name: create planet directory (quality) +- name: Create planet directory (quality) file: path={{ item }} state=directory owner=planet-user group=web mode=0775 with_items: - /etc/planet/quality @@ -275,17 +275,17 @@ - /srv/planet/config/quality/cache - /srv/planet/site/quality -- name: copy the planet cron job (quality) +- name: Copy the planet cron job (quality) copy: src=sub-planets/quality/planet-group.cron dest=/etc/cron.d/planet-quality.cron tags: - planet_server -- name: copy the planet fpbulder.conf (quality) +- name: Copy the planet fpbulder.conf (quality) copy: src=sub-planets/quality/fpbuilder.conf dest=/etc/planet/quality/fpbuilder.conf tags: - planet_server -- name: copy the planet base_config (quality) +- name: Copy the planet base_config (quality) copy: src=sub-planets/quality/base_config dest=/etc/planet/quality/base_config mode=0644 owner=root group=root tags: - planet_server diff --git a/roles/postfix_logreport/tasks/main.yml b/roles/postfix_logreport/tasks/main.yml index 97d31f0698..1615fecadd 100644 --- a/roles/postfix_logreport/tasks/main.yml +++ b/roles/postfix_logreport/tasks/main.yml @@ -2,13 +2,13 @@ # tasklist for setting up postfix/logreport # This is the base set of files needed for postfix/logreport -- name: install postfix-perl-scripts package +- name: Install postfix-perl-scripts package package: name=postfix-perl-scripts state=present tags: - postfix - packages -- name: install /usr/sbin/pflogsumm +- name: Install /usr/sbin/pflogsumm copy: src={{ item }} dest="/usr/sbin/{{ item }}" mode=0755 with_item: - pflogsumm @@ -16,7 +16,7 @@ - postfix - config -- name: install /etc/cron.d/postfix-log.cron +- name: Install /etc/cron.d/postfix-log.cron copy: src={{ item }} dest="/etc/cron.d/{{ item }}" with_item: - postfix-log.cron diff --git a/roles/postgresql_server/handlers/main.yml b/roles/postgresql_server/handlers/main.yml index c51e7d1cc8..8d894fb8c3 100644 --- a/roles/postgresql_server/handlers/main.yml +++ b/roles/postgresql_server/handlers/main.yml @@ -1,3 +1,3 @@ --- -- name: restart postgresql +- name: Restart postgresql service: name=postgresql state=restarted diff --git a/roles/postgresql_server/tasks/datanommer.yml b/roles/postgresql_server/tasks/datanommer.yml index 5ceef7ec92..70fdac6557 100644 --- a/roles/postgresql_server/tasks/datanommer.yml +++ b/roles/postgresql_server/tasks/datanommer.yml @@ -25,24 +25,24 @@ - block: # Users - - name: create the main DB user + - name: Create the main DB user postgresql_user: name: "{{ datanommerDBUser }}" password: "{{ (env == 'production')|ternary(datanommerDBPassword, datanommer_stg_db_password) }}" - - name: create the RO DB user + - name: Create the RO DB user postgresql_user: name: datanommer_ro password: "{{ datanommer_ro_password }}" # Databases - - name: create the datanommer database + - name: Create the datanommer database postgresql_db: name: datanommer2 owner: "{{ datanommerDBUser }}" encoding: UTF-8 - - name: grant datanommer_ro read only access to datanommer2 + - name: Grant datanommer_ro read only access to datanommer2 postgresql_privs: database: datanommer2 privs: SELECT @@ -50,7 +50,7 @@ roles: datanommer_ro # Enable timescaledb - - name: enable timescaledb + - name: Enable timescaledb postgresql_ext: name: timescaledb db: datanommer2 diff --git a/roles/postgresql_server/tasks/main.yml b/roles/postgresql_server/tasks/main.yml index 954a66de12..4aaef242af 100644 --- a/roles/postgresql_server/tasks/main.yml +++ b/roles/postgresql_server/tasks/main.yml @@ -2,7 +2,7 @@ # # Setup postgresql server. # -- name: on rhel8 hosts enable the postgresql 12 module. +- name: On rhel8 hosts enable the postgresql 12 module. copy: dest: /etc/dnf/modules.d/postgresql.module content: | @@ -13,7 +13,7 @@ state=enabled when: ansible_distribution_major_version|int == 8 -- name: on db-koji01 and db-riscv-koji01 and db01.stg and db-fas01 and db01 and db-openqa01 enable the postgresql 15 module. +- name: On db-koji01 and db-riscv-koji01 and db01.stg and db-fas01 and db01 and db-openqa01 enable the postgresql 15 module. copy: dest: /etc/dnf/modules.d/postgresql.module content: | @@ -24,7 +24,7 @@ state=enabled when: inventory_hostname.startswith(('db-koji01','db-riscv-koji01','db01.stg','db-fas01','db01','db-openqa01')) -- name: install postgresql server packages (EL < 8) +- name: Install postgresql server packages (EL < 8) package: state: present name: @@ -38,7 +38,7 @@ - packages - postgresql -- name: install postgresql server packages (Fedora) +- name: Install postgresql server packages (Fedora) package: state: present name: @@ -52,7 +52,7 @@ - packages - postgresql -- name: install postgresql server packages (EL >= 8) +- name: Install postgresql server packages (EL >= 8) package: state: present name: @@ -104,7 +104,7 @@ - config - postgresql -- name: postgresql config template (el7 / postgresql 9.2) +- name: Postgresql config template (el7 / postgresql 9.2) template: dest=/var/lib/pgsql/data/postgresql.conf src=postgresql.conf when: ansible_distribution_major_version|int < 8 and ansible_distribution == 'RedHat' notify: @@ -113,7 +113,7 @@ - config - postgresql -- name: postgresql config template (Fedora / el8 / postgresql 12) +- name: Postgresql config template (Fedora / el8 / postgresql 12) template: dest=/var/lib/pgsql/data/postgresql.conf src=postgresql.conf-12 when: (ansible_distribution_major_version|int == 8 and ansible_distribution == 'RedHat') or ansible_distribution != 'RedHat' notify: @@ -122,7 +122,7 @@ - config - postgresql -- name: postgresql config template (el9 / postgresql 15) +- name: Postgresql config template (el9 / postgresql 15) template: dest=/var/lib/pgsql/data/postgresql.conf src=postgresql.conf-15 when: (ansible_distribution_major_version|int == 9 and ansible_distribution == 'RedHat') notify: diff --git a/roles/push-container-registry/tasks/main.yml b/roles/push-container-registry/tasks/main.yml index 6e48080be8..40afd5149e 100644 --- a/roles/push-container-registry/tasks/main.yml +++ b/roles/push-container-registry/tasks/main.yml @@ -5,7 +5,7 @@ # Note : push to the candidate-registry is done using docker login # see the login-registry role. -- name: install necessary packages +- name: Install necessary packages package: name: "{{item}}" state: present @@ -14,14 +14,14 @@ tags: - push-container-registry -- name: ensure cert dir exists +- name: Ensure cert dir exists file: path: "{{cert_dest_dir}}" state: directory tags: - push-container-registry -- name: install client cert for registry +- name: Install client cert for registry copy: src: "{{cert_src}}" dest: "{{cert_dest_dir}}/client.cert" @@ -31,7 +31,7 @@ tags: - push-container-registry -- name: install client key for registry +- name: Install client key for registry copy: src: "{{key_src}}" dest: "{{cert_dest_dir}}/client.key" diff --git a/roles/rabbitmq/tasks/main.yml b/roles/rabbitmq/tasks/main.yml index 61b34c6893..662bf05a0e 100644 --- a/roles/rabbitmq/tasks/main.yml +++ b/roles/rabbitmq/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: install needed packages +- name: Install needed packages package: name={{ item }} state=present with_items: - rabbitmq-server @@ -7,7 +7,7 @@ - rabbitmq - packages -- name: install the configuration +- name: Install the configuration copy: src={{item}} dest=/etc/rabbitmq/{{item}} owner=root group=root mode=0644 with_items: - rabbitmq.config @@ -16,6 +16,6 @@ - rabbitmq - config -- name: start rabbitmq +- name: Start rabbitmq service: name=rabbitmq-server state=started enabled=yes tags: rabbitmq diff --git a/roles/rabbitmq_cluster/tasks/apps.yml b/roles/rabbitmq_cluster/tasks/apps.yml index 6c02bc4bd4..7ed58de2f0 100644 --- a/roles/rabbitmq_cluster/tasks/apps.yml +++ b/roles/rabbitmq_cluster/tasks/apps.yml @@ -66,7 +66,7 @@ queue_routing_keys: - "org.centos.ci.#" -- name: copr +- name: Copr run_once: true include_role: name: rabbit/user @@ -148,7 +148,7 @@ # ELN BEGIN -- name: eln queue +- name: Eln queue run_once: true include_role: name: rabbit/queue @@ -169,7 +169,7 @@ # ELN CS BEGIN # -# - name: eln cs queue +# - name: Eln cs queue # run_once: true # include_role: # name: rabbit/queue diff --git a/roles/rabbitmq_cluster/tasks/main.yml b/roles/rabbitmq_cluster/tasks/main.yml index 2a0782cfa7..bc2f17af83 100644 --- a/roles/rabbitmq_cluster/tasks/main.yml +++ b/roles/rabbitmq_cluster/tasks/main.yml @@ -18,7 +18,7 @@ - yumrepos when: ansible_distribution_major_version|int == 8 -- name: install needed packages +- name: Install needed packages package: state: present name: @@ -28,7 +28,7 @@ - rabbitmq_cluster - packages -- name: deploy CA certificate +- name: Deploy CA certificate copy: src="{{private}}/files/rabbitmq/{{env}}/pki/ca.crt" dest=/etc/rabbitmq/ca.crt owner=root group=root mode=0644 @@ -36,13 +36,13 @@ - rabbitmq_cluster - config -- name: create node cert directory +- name: Create node cert directory file: path=/etc/rabbitmq/nodecert/ owner=root group=root mode=0755 state=directory tags: - rabbitmq_cluster - config -- name: deploy node certificate +- name: Deploy node certificate copy: src="{{private}}/files/rabbitmq/{{env}}/pki/issued/{{inventory_hostname}}.crt" dest=/etc/rabbitmq/nodecert/node.crt owner=root group=root mode=0644 @@ -50,7 +50,7 @@ - rabbitmq_cluster - config -- name: deploy node private key +- name: Deploy node private key copy: src="{{private}}/files/rabbitmq/{{env}}/pki/private/{{inventory_hostname}}.key" dest=/etc/rabbitmq/nodecert/node.key owner=rabbitmq group=rabbitmq mode=0600 @@ -58,14 +58,14 @@ - rabbitmq_cluster - config -- name: build combined node key +- name: Build combined node key assemble: src=/etc/rabbitmq/nodecert/ dest=/etc/rabbitmq/nodecert.combined.pem owner=rabbitmq group=rabbitmq mode=0600 tags: - rabbitmq_cluster - config -- name: deploy configuration +- name: Deploy configuration template: src={{item}} dest=/etc/rabbitmq/{{item}} owner=root group=root mode=0644 with_items: - rabbitmq.config @@ -76,7 +76,7 @@ - rabbitmq_cluster - config -- name: deploy staging cookie +- name: Deploy staging cookie copy: content="{{rabbitmq_cluster_cookie_staging}}" dest=/var/lib/rabbitmq/.erlang.cookie owner=rabbitmq group=rabbitmq mode=0400 when: "env == 'staging'" @@ -86,7 +86,7 @@ - rabbitmq_cluster - config -- name: deploy production cookie +- name: Deploy production cookie copy: content="{{rabbitmq_cluster_cookie_production}}" dest=/var/lib/rabbitmq/.erlang.cookie owner=rabbitmq group=rabbitmq mode=0400 when: "env == 'production'" @@ -124,7 +124,7 @@ - rabbitmq_cluster - config -- name: start rabbitmq +- name: Start rabbitmq service: name=rabbitmq-server state=started enabled=yes tags: - rabbitmq_cluster @@ -398,13 +398,13 @@ - rabbitmq_cluster - config -- name: create pubsub_federation cert directory +- name: Create pubsub_federation cert directory file: path=/etc/rabbitmq/pubsub_federation/ owner=root group=root mode=0755 state=directory tags: - rabbitmq_cluster - config -- name: deploy pubsub_federation certificate +- name: Deploy pubsub_federation certificate copy: src="{{private}}/files/rabbitmq/{{env}}/pki/issued/pubsub_federation.crt" dest=/etc/rabbitmq/pubsub_federation/client_cert.pem owner=root group=root mode=0644 @@ -412,7 +412,7 @@ - rabbitmq_cluster - config -- name: deploy node private key +- name: Deploy node private key copy: src="{{private}}/files/rabbitmq/{{env}}/pki/private/pubsub_federation.key" dest=/etc/rabbitmq/pubsub_federation/client_key.pem owner=rabbitmq group=rabbitmq mode=0600 @@ -461,19 +461,19 @@ vhost: /public_pubsub # SELinux: allow the Nagios NRPE plugin to access the management interface -- name: install the selinux module compilation script +- name: Install the selinux module compilation script copy: src: selinux-load.sh dest: /etc/nagios/selinux-load.sh mode: "0755" -- name: copy over our custom selinux module +- name: Copy over our custom selinux module copy: src: nrpe_rabbitmq.te dest: /etc/nagios/nrpe_rabbitmq.te register: selinux_module -- name: compile and install our custom selinux module +- name: Compile and install our custom selinux module command: /etc/nagios/selinux-load.sh when: selinux_module is changed diff --git a/roles/redis/tasks/main.yml b/roles/redis/tasks/main.yml index 62acb107ee..dac2b032c4 100644 --- a/roles/redis/tasks/main.yml +++ b/roles/redis/tasks/main.yml @@ -1,10 +1,10 @@ --- -- name: install needed packages +- name: Install needed packages package: name={{ item }} state=present with_items: - redis tags: redis -- name: start redis +- name: Start redis service: name=redis state=started enabled=yes tags: redis diff --git a/roles/rkhunter/tasks/main.yml b/roles/rkhunter/tasks/main.yml index 2bdb48e538..5b9d6d269f 100644 --- a/roles/rkhunter/tasks/main.yml +++ b/roles/rkhunter/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: install rkhunter (dnf) +- name: Install rkhunter (dnf) package: name=rkhunter state=present notify: - run rkhunter @@ -7,7 +7,7 @@ - rkhunter - packages -- name: rkhunter.conf +- name: Rkhunter.conf template: src=rkhunter.conf.j2 dest=/etc/rkhunter.conf mode=0640 notify: - run rkhunter @@ -15,7 +15,7 @@ - rkhunter - config -- name: rkhunter sysconfig +- name: Rkhunter sysconfig copy: src=rkhunter.sysconfig dest=/etc/sysconfig/rkhunter mode=0640 notify: - run rkhunter diff --git a/roles/robosignatory/handlers/main.yml b/roles/robosignatory/handlers/main.yml index 10f1d79294..9a1cda7589 100644 --- a/roles/robosignatory/handlers/main.yml +++ b/roles/robosignatory/handlers/main.yml @@ -1,5 +1,5 @@ --- -- name: restart robosignatory +- name: Restart robosignatory service: name: robosignatory state: restarted diff --git a/roles/rsnapshot-push/tasks/main.yml b/roles/rsnapshot-push/tasks/main.yml index a9ec3ca17a..be92cc73ee 100644 --- a/roles/rsnapshot-push/tasks/main.yml +++ b/roles/rsnapshot-push/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: backup script +- name: Backup script template: src: client-backup-script.sh.j2 dest: "/usr/local/bin/{{ item.value.command }}" @@ -10,14 +10,14 @@ - "{{ rsnapshot_push.cases }}" tags: rsnapshot_push -- name: install rsnapshot package +- name: Install rsnapshot package package: name: rsnapshot state: present delegate_to: "{{ rsnapshot_push.server_host }}" tags: rsnapshot_push -- name: server-side case-specific backup dir +- name: Server-side case-specific backup dir file: path: "{{ '/'.join([rsnapshot_push.backup_dir, item.key]) }}" state: directory @@ -29,7 +29,7 @@ delegate_to: "{{ rsnapshot_push.server_host }}" tags: rsnapshot_push -- name: server-side custom rsnapshot daemon script +- name: Server-side custom rsnapshot daemon script template: src: server-daemon.sh.j2 dest: "{{ '/'.join([rsnapshot_push.backup_dir, item.key, 'sync-daemon']) }}" @@ -41,7 +41,7 @@ delegate_to: "{{ rsnapshot_push.server_host }}" tags: rsnapshot_push -- name: install authorized key entry +- name: Install authorized key entry authorized_key: user: "{{ item.value.user }}" state: present @@ -52,7 +52,7 @@ - "{{ rsnapshot_push.cases }}" tags: rsnapshot_push -- name: rsnapshot call wrapper +- name: Rsnapshot call wrapper template: src: server-rsnapshot.py.j2 dest: "{{ '/'.join([rsnapshot_push.backup_dir, item.key, 'rsnapshot']) }}" @@ -64,7 +64,7 @@ delegate_to: "{{ rsnapshot_push.server_host }}" tags: rsnapshot_push -- name: cronjob run twice a week to trigger the backup (and rotation) +- name: Cronjob run twice a week to trigger the backup (and rotation) cron: name: "rsnapshot_push backup - {{ item.key }}" minute: "1" diff --git a/roles/rsyncd/handlers/main.yml b/roles/rsyncd/handlers/main.yml index 3effd5db1b..5e32c7a1a8 100644 --- a/roles/rsyncd/handlers/main.yml +++ b/roles/rsyncd/handlers/main.yml @@ -1,6 +1,6 @@ --- -- name: restart xinetd +- name: Restart xinetd service: name=xinetd state=restarted -- name: restart daemon +- name: Restart daemon service: name=rsyncd daemon_reload=yes state=restarted diff --git a/roles/rsyncd/tasks/main.yml b/roles/rsyncd/tasks/main.yml index 96a8b69514..d7c92f48b9 100644 --- a/roles/rsyncd/tasks/main.yml +++ b/roles/rsyncd/tasks/main.yml @@ -3,7 +3,7 @@ # This role sets up rsyncd on a server # -- name: install necessary packages +- name: Install necessary packages package: state: present name: @@ -15,7 +15,7 @@ - rsyncd when: ansible_distribution == 'RedHat' and ansible_distribution_major_version|int < 8 -- name: install necessary packages +- name: Install necessary packages package: state: present name: @@ -27,7 +27,7 @@ - rsyncd when: ansible_distribution == 'RedHat' and ansible_distribution_major_version|int == 8 -- name: install necessary packages for fedora or rhel9 +- name: Install necessary packages for fedora or rhel9 package: state: present name: @@ -38,7 +38,7 @@ - rsyncd when: ansible_distribution == 'Fedora' or (ansible_distribution == 'RedHat' and ansible_distribution_major_version|int > 8) -- name: rsyncd.conf file for non download servers +- name: Rsyncd.conf file for non download servers copy: src={{ item }} dest=/etc/rsyncd.conf mode=0644 with_first_found: - "{{ rsyncd_conf }}" @@ -54,7 +54,7 @@ - config - rsyncd -- name: rsyncd.conf file for download servers +- name: Rsyncd.conf file for download servers template: src=rsyncd.conf.download.j2 dest=/etc/rsyncd.conf mode=0644 notify: - restart daemon @@ -63,7 +63,7 @@ - config - rsyncd -- name: xinetd rsync file for rhel8 +- name: Xinetd rsync file for rhel8 copy: src={{ item }} dest=/etc/xinetd.d/rsync mode=0644 with_first_found: - "{{ rsync }}" @@ -78,7 +78,7 @@ - config - rsyncd -- name: systemd rsync file for fedora and rhel9 +- name: Systemd rsync file for fedora and rhel9 copy: src=rsyncd.service dest=/usr/lib/systemd/system/rsyncd.service mode=0644 when: ansible_distribution == 'Fedora' or (ansible_distribution == 'RedHat' and ansible_distribution_major_version|int > 8) notify: @@ -87,21 +87,21 @@ - config - rsyncd -- name: make sure xinetd is started on rhel8 +- name: Make sure xinetd is started on rhel8 service: name=xinetd state=started enabled=true when: ansible_distribution_major_version|int < 9 and ansible_distribution == 'RedHat' tags: - services - rsyncd -- name: make sure rsync daemon is started on Fedora and rhel9 +- name: Make sure rsync daemon is started on Fedora and rhel9 service: name=rsyncd enabled=true state=started when: ansible_distribution == 'Fedora' or (ansible_distribution == 'RedHat' and ansible_distribution_major_version|int > 8) tags: - services - rsyncd -- name: set sebooleans so rsync can read dirs +- name: Set sebooleans so rsync can read dirs seboolean: name=rsync_export_all_ro state=true persistent=true diff --git a/roles/selinux/module/tasks/main.yml b/roles/selinux/module/tasks/main.yml index b61d6a59dc..fbc361f51c 100644 --- a/roles/selinux/module/tasks/main.yml +++ b/roles/selinux/module/tasks/main.yml @@ -11,7 +11,7 @@ # - policy_name (str): the name of the custom SELinux policy to build and # install. -- name: copy over our custom selinux module for {{ policy_name }} +- name: Copy over our custom selinux module for {{ policy_name }} copy: src="{{ policy_file }}" dest="/usr/local/share/{{ policy_name }}.te" register: selinux_module tags: @@ -32,7 +32,7 @@ - selinux - selinux/module -- name: install our custom selinux module +- name: Install our custom selinux module command: semodule -i /usr/local/share/{{ policy_name }}.pp when: selinux_module is changed tags: diff --git a/roles/serial-console/tasks/main.yml b/roles/serial-console/tasks/main.yml index d5f27ecf59..59f9ea52f4 100644 --- a/roles/serial-console/tasks/main.yml +++ b/roles/serial-console/tasks/main.yml @@ -2,7 +2,7 @@ # This role sets up serial console on ttyS1 # --- -- name: check for grub serial setup +- name: Check for grub serial setup shell: grep options /boot/loader/entries/* register: serial check_mode: no @@ -11,14 +11,14 @@ tags: - serial-console -- name: set grub to use serial console +- name: Set grub to use serial console command: /sbin/grubby --update-kernel=ALL --args="console=tty0 console=ttyS0,115200 console=ttyS1,115200" when: serial is defined and serial.stdout.find("console=tty0 console=ttyS0,115200 console=ttyS1,115200") == -1 failed_when: '1 != 1' tags: - serial-console -- name: enable and start getty on both serial ports +- name: Enable and start getty on both serial ports systemd: name: serial-getty@ttyS0 state: started @@ -27,7 +27,7 @@ tags: - serial-console -- name: enable and start getty on both serial ports +- name: Enable and start getty on both serial ports systemd: name: serial-getty@ttyS1 state: started diff --git a/roles/sigul/server/tasks/main.yml b/roles/sigul/server/tasks/main.yml index 9d642342b2..d5fd84035f 100644 --- a/roles/sigul/server/tasks/main.yml +++ b/roles/sigul/server/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: put rhel AH repos on rhel systems +- name: Put rhel AH repos on rhel systems copy: src="{{ files }}/common/rhel7ah.repo" dest="/etc/yum.repos.d/rhel7ah.repo" when: ansible_distribution == 'RedHat' tags: @@ -27,7 +27,7 @@ - name: Enable pcscd service: name=pcscd state=started enabled=yes -- name: install rhel7 only packages +- name: Install rhel7 only packages package: state=present name={{ item }} with_items: - gnupg1 @@ -35,7 +35,7 @@ tags: - packages -- name: install gnupg packages +- name: Install gnupg packages package: state=present name={{ item }} with_items: - gnupg @@ -43,7 +43,7 @@ tags: - packages -- name: install gnupg packages +- name: Install gnupg packages package: state=present name={{ item }} with_items: - gnupg @@ -61,7 +61,7 @@ file: state=link src=/usr/bin/gpg1 dest=/usr/bin/gpg when: ansible_distribution_major_version|int == 7 and ansible_distribution == 'RedHat' -- name: add polkit rules to allow sigul user to access the smartcard/yubikey +- name: Add polkit rules to allow sigul user to access the smartcard/yubikey copy: src=00-sigul.rules dest=/etc/polkit-1/rules.d/00-sigul.rules tags: - config @@ -76,7 +76,7 @@ tags: - config -- name: mask tmpfs tmp +- name: Mask tmpfs tmp systemd: masked=yes name=tmp.mount tags: - config diff --git a/roles/smtp-auth-relay/tasks/main.yml b/roles/smtp-auth-relay/tasks/main.yml index 81340823c5..86113f269d 100644 --- a/roles/smtp-auth-relay/tasks/main.yml +++ b/roles/smtp-auth-relay/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: install the needed packages +- name: Install the needed packages package: name: - postfix @@ -8,7 +8,7 @@ tags: - smtp_auth_relay -- name: create the password file +- name: Create the password file copy: dest: /etc/postfix/sasl_passwd content: "{{ smtp_auth_relay_host }} {{ smtp_auth_relay_user }}:{{ smtp_auth_relay_password }}" @@ -17,7 +17,7 @@ tags: - smtp_auth_relay -- name: regenerate the password db file +- name: Regenerate the password db file shell: postmap /etc/postfix/sasl_passwd when: smtp_relay_password_file.changed notify: restart postfix diff --git a/roles/spamassassin/handlers/main.yml b/roles/spamassassin/handlers/main.yml index 34a588a7e6..6ed1e70616 100644 --- a/roles/spamassassin/handlers/main.yml +++ b/roles/spamassassin/handlers/main.yml @@ -1,3 +1,3 @@ --- -- name: restart spamassassin +- name: Restart spamassassin action: service name=spamassassin state=restarted diff --git a/roles/spamassassin/tasks/main.yml b/roles/spamassassin/tasks/main.yml index 7866f16002..98771c7068 100644 --- a/roles/spamassassin/tasks/main.yml +++ b/roles/spamassassin/tasks/main.yml @@ -1,7 +1,7 @@ --- # tasklist for setting up a SpamAssassin server -- name: install the package +- name: Install the package package: name={{ item }} state=present with_items: - spamassassin @@ -9,41 +9,41 @@ tags: - packages -- name: create the specific group +- name: Create the specific group group: name=spammy system=yes tags: - config -- name: create the specific user +- name: Create the specific user user: name=spammy comment="spamassassin user" home=/home/spammy group=spammy createhome=yes system=yes shell=/sbin/nologin tags: - config -- name: setup the sysconfig file +- name: Setup the sysconfig file copy: src=sysconfig dest=/etc/sysconfig/spamassassin notify: - restart spamassassin tags: - config -- name: setup the config file +- name: Setup the config file copy: src=local.cf dest=/etc/mail/spamassassin/local.cf notify: - restart spamassassin tags: - config -- name: setup the cron job +- name: Setup the cron job copy: src=sa-update dest=/etc/cron.d/sa-update tags: - config -- name: set the service running/enabled +- name: Set the service running/enabled service: name=spamassassin enabled=true state=started tags: - service -- name: setup logrotate to our needs +- name: Setup logrotate to our needs copy: src="spamassassin.logrotate" dest=/etc/logrotate.d/spamassassin tags: - config diff --git a/roles/sudo/tasks/main.yml b/roles/sudo/tasks/main.yml index 8dffd377db..d0b80b6b63 100644 --- a/roles/sudo/tasks/main.yml +++ b/roles/sudo/tasks/main.yml @@ -6,7 +6,7 @@ # # Put in place the default sysadmin-main sudoers file. # -- name: setup /etc/sudoers.d/01-sysadmin-main +- name: Setup /etc/sudoers.d/01-sysadmin-main copy: src="{{ private }}/files/sudo/sysadmin-main" dest=/etc/sudoers.d/01-sysadmin-main owner=root group=root mode=0600 when: "sudoers_main is not defined and (primary_auth_source | default('fas')) == 'fas'" tags: @@ -17,7 +17,7 @@ # # Put in place the default sysadmin-main sudoers file. (nopasswd edition) # -- name: setup /etc/sudoers.d/01-sysadmin-main (nopasswd) +- name: Setup /etc/sudoers.d/01-sysadmin-main (nopasswd) copy: src="{{ private }}/files/sudo/sysadmin-main-nopasswd" dest=/etc/sudoers.d/01-sysadmin-main owner=root group=root mode=0600 when: sudoers_main is defined and sudoers_main == 'nopasswd' tags: @@ -25,7 +25,7 @@ - sudo - sudoers -- name: remove old sysadmin-main file if its still around +- name: Remove old sysadmin-main file if its still around file: dest=/etc/sudoers.d/sysadmin-main state=absent tags: - config @@ -35,7 +35,7 @@ # # This will move a /etc/sudoers.d/ file in place # -- name: setup /etc/sudoers.d/sudoer file for client use +- name: Setup /etc/sudoers.d/sudoer file for client use copy: src={{ item }} dest=/etc/sudoers.d/{{ item | basename | replace('.', '_') }} owner=root group=root mode=0600 with_first_found: diff --git a/roles/supybot/tasks/main.yml b/roles/supybot/tasks/main.yml index b55ab67a94..3b2efa6bb2 100644 --- a/roles/supybot/tasks/main.yml +++ b/roles/supybot/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: install limnoria package +- name: Install limnoria package package: name={{ item }} state=present enablerepo=epel-testing with_items: - limnoria @@ -13,7 +13,7 @@ - set_fact: botname={{ botnames[env] }} -- name: creating zodbot log dir +- name: Creating zodbot log dir file: path={{ item }} state=directory owner=daemon with_items: - /var/lib/{{ botname }} @@ -24,19 +24,19 @@ - /srv/web/meetbot tags: supybot -- name: create teams directory +- name: Create teams directory file: path=/srv/web/meetbot/teams state=directory owner=apache group=apache mode=0755 tags: supybot -- name: create archives directory +- name: Create archives directory file: path=/srv/web/meetbot/archives state=directory owner=apache group=apache mode=0755 tags: supybot -- name: setup meetings_by_team script +- name: Setup meetings_by_team script copy: src=meetings_by_team.sh dest=/usr/local/bin/meetings_by_team.sh mode=755 tags: supybot -- name: teams cron job +- name: Teams cron job cron: name: meetings-by-team hour: "23" @@ -46,11 +46,11 @@ state: "{{ 'present' if inventory_hostname.startswith('value02') else 'absent' }}" tags: supybot -- name: setup archive script +- name: Setup archive script copy: src=archive.sh dest=/usr/local/bin/archive.sh mode=755 tags: supybot -- name: teams cron job +- name: Teams cron job cron: name: archive hour: "23" @@ -61,11 +61,11 @@ tags: supybot when: inventory_hostname.startswith('value02') -- name: setup meetbot.conf apache config +- name: Setup meetbot.conf apache config copy: src=meetbot.conf dest=/etc/httpd/conf.d/meetbot.conf mode=644 tags: supybot -- name: check the selinux context of the /srv/web/meetbot dir +- name: Check the selinux context of the /srv/web/meetbot dir command: matchpathcon /srv/web/meetbot register: context check_mode: no @@ -162,7 +162,7 @@ tags: - config -- name: setup zodbot systemd service file (prod) +- name: Setup zodbot systemd service file (prod) copy: src=zodbot.service dest=/etc/systemd/system/zodbot.service when: env == "production" notify: @@ -171,14 +171,14 @@ - config - supybot -- name: enable zodbot service (prod) +- name: Enable zodbot service (prod) service: name=zodbot state=started enabled=true when: env == "production" and inventory_hostname.startswith('value02') tags: - config - supybot -- name: setup ursabot systemd service file (stg) +- name: Setup ursabot systemd service file (stg) copy: src=ursabot.service dest=/etc/systemd/system/ursabot.service when: env == "staging" notify: @@ -187,14 +187,14 @@ - config - supybot -- name: enable ursabot service (stg) +- name: Enable ursabot service (stg) service: name=ursabot state=started enabled=true when: env == "staging" tags: - config - supybot -- name: setup the SAR script for the meetbot logs +- name: Setup the SAR script for the meetbot logs copy: src=meetbot_sar.py dest=/usr/local/bin/meetbot_sar.py owner=root group=root mode=0700 tags: diff --git a/roles/tang/tasks/main.yml b/roles/tang/tasks/main.yml index 8a98aff3d1..fc016fbc1e 100644 --- a/roles/tang/tasks/main.yml +++ b/roles/tang/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: install tang +- name: Install tang package: name=tang state=present tags: - tang diff --git a/roles/testdays/tasks/main.yml b/roles/testdays/tasks/main.yml index f390a4f6b6..a69c7cf523 100644 --- a/roles/testdays/tasks/main.yml +++ b/roles/testdays/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: ensure packages required for testdays are installed +- name: Ensure packages required for testdays are installed package: name={{ item }} state=present with_items: - testdays @@ -7,27 +7,27 @@ - python-psycopg2 - python-fedora -- name: ensure database is created +- name: Ensure database is created delegate_to: "{{ testdays_db_host }}" become_user: postgres become: true postgresql_db: db={{ testdays_db_name }} -- name: ensure testdays db user has access to database +- name: Ensure testdays db user has access to database delegate_to: "{{ testdays_db_host }}" become_user: postgres become: true postgresql_user: db={{ testdays_db_name }} user={{ testdays_db_user }} password={{ testdays_db_password }} role_attr_flags=NOSUPERUSER -- name: ensure selinux lets httpd talk to postgres +- name: Ensure selinux lets httpd talk to postgres seboolean: name=httpd_can_network_connect_db persistent=yes state=yes -- name: generate testdays config +- name: Generate testdays config template: src=settings.py.j2 dest=/etc/testdays/settings.py owner=root group=root mode=0644 notify: - reload httpd -- name: generate testdays apache config +- name: Generate testdays apache config template: src=testdays.conf.j2 dest=/etc/httpd/conf.d/testdays.conf owner=root group=root mode=0644 notify: - reload httpd diff --git a/roles/tftp_server/tasks/main.yml b/roles/tftp_server/tasks/main.yml index b6610c9ff7..3213e72a07 100644 --- a/roles/tftp_server/tasks/main.yml +++ b/roles/tftp_server/tasks/main.yml @@ -1,37 +1,37 @@ --- -- name: install tftp server package +- name: Install tftp server package package: state=present name=tftp-server tags: - packages - tftp_server -- name: install syslinux package +- name: Install syslinux package package: state=present name=syslinux tags: - packages - tftp_server -- name: setup pxelinux.cfg dir +- name: Setup pxelinux.cfg dir file: path=/var/lib/tftpboot/pxelinux.cfg mode=755 state=directory tags: - config - tftp_server -- name: setup pxelinux.cfg default file +- name: Setup pxelinux.cfg default file copy: src=default.{{ inventory_hostname }} dest=/var/lib/tftpboot/pxelinux.cfg/default mode=644 tags: - config - tftp_server when: datacenter != 'iad2' -- name: enable tftp socket service +- name: Enable tftp socket service service: state=started enabled=true name=tftp.socket tags: - service - config - tftp_server -- name: fill up the tftpboot directory +- name: Fill up the tftpboot directory synchronize: src="{{ bigfiles }}/tftpboot/" dest=/var/lib/tftpboot/ tags: - tftp_server @@ -53,7 +53,7 @@ - tftp_server when: datacenter == 'iad2' -# - name: generate custom configs +# - name: Generate custom configs # template: src=grubhost.cfg.j2 dest="/var/lib/tftpboot/uefi/{{ hostvars[item].install_mac }}" # with_items: "{{ groups['all'] }}" # when: "hostvars[item].install_noc == inventory_hostname" diff --git a/roles/torrent/tasks/main.yml b/roles/torrent/tasks/main.yml index 9d83232dfd..8b063d62f4 100644 --- a/roles/torrent/tasks/main.yml +++ b/roles/torrent/tasks/main.yml @@ -1,7 +1,7 @@ --- # Configuration for the torrent tracker -- name: install needed packages +- name: Install needed packages package: name={{ item }} state=present with_items: - httpd @@ -13,12 +13,12 @@ tags: - packages -- name: add torrent group +- name: Add torrent group group: name=torrent state=present system=yes local=true tags: - config -- name: add torrent user +- name: Add torrent user user: name=torrent state=present home=/var/spool/bittorrent createhome=yes system=yes local=true group=torrent tags: - config @@ -35,7 +35,7 @@ tags: - config -- name: install the files for the tracker +- name: Install the files for the tracker copy: src={{ item.file }} dest={{ item.dest }} mode={{ item.mode }} with_items: - { file: torrent_generator.conf, dest: /etc/torrent_generator.conf, mode: 644 } @@ -58,17 +58,17 @@ tags: - config -- name: set opentracker-ivp4 to start +- name: Set opentracker-ivp4 to start service: name=opentracker-ipv4 state=started enabled=yes tags: - config -- name: set opentracker-ivp6 to start +- name: Set opentracker-ivp6 to start service: name=opentracker-ipv6 state=started enabled=yes tags: - config -- name: check the selinux context of webdir +- name: Check the selinux context of webdir command: matchpathcon /srv/web register: webdir check_mode: no diff --git a/roles/varnish/handlers/main.yml b/roles/varnish/handlers/main.yml index 5c7854da6b..82b6d5d3a7 100644 --- a/roles/varnish/handlers/main.yml +++ b/roles/varnish/handlers/main.yml @@ -1,3 +1,3 @@ --- -- name: restart varnish +- name: Restart varnish service: name=varnish state=restarted diff --git a/roles/varnish/tasks/main.yml b/roles/varnish/tasks/main.yml index d08f7c8793..74b8d2913a 100644 --- a/roles/varnish/tasks/main.yml +++ b/roles/varnish/tasks/main.yml @@ -1,7 +1,7 @@ --- # Tasks to set up varnish -- name: install needed packages +- name: Install needed packages package: name={{ item }} state=present with_items: - varnish @@ -10,19 +10,19 @@ - varnish - packages -- name: set some varnishd selinux boolean +- name: Set some varnishd selinux boolean seboolean: name=varnishd_connect_any persistent=yes state=yes tags: - varnish - selinux -- name: set domain_can_mmap_files selinux boolean +- name: Set domain_can_mmap_files selinux boolean seboolean: name=domain_can_mmap_files persistent=yes state=yes tags: - varnish - selinux -- name: install varnish /etc/systemd/system/varnish.service file (fedora 29+) +- name: Install varnish /etc/systemd/system/varnish.service file (fedora 29+) template: src=varnish.f29.j2 dest=/etc/systemd/system/varnish.service owner=root group=root notify: - reload systemd @@ -31,14 +31,14 @@ - varnish when: ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora' -- name: install /etc/varnish/default.vcl (proxies) +- name: Install /etc/varnish/default.vcl (proxies) template: src={{ varnish_group }}.vcl.j2 dest=/etc/varnish/default.vcl owner=root group=root notify: - restart varnish tags: - varnish -- name: make sure varnish is set to enabled on boot +- name: Make sure varnish is set to enabled on boot service: enabled=yes name=varnish tags: - varnish diff --git a/roles/virthost/tasks/main.yml b/roles/virthost/tasks/main.yml index 935eb8bdee..20a4ecf1ae 100644 --- a/roles/virthost/tasks/main.yml +++ b/roles/virthost/tasks/main.yml @@ -1,11 +1,11 @@ --- # tasklist for setting up the virthost server. -- name: set selinux to enforcing +- name: Set selinux to enforcing selinux: policy=targeted state=enforcing # enable the advanced virt module -- name: enable the advanced virt module +- name: Enable the advanced virt module copy: dest: /etc/dnf/modules.d/virt.module content: | @@ -18,7 +18,7 @@ - virthost when: ansible_distribution == 'RedHat' and ansible_distribution_major_version|int == 8 -- name: install libvirt packages on virthost +- name: Install libvirt packages on virthost package: name={{ item }} state=present with_items: - qemu-kvm @@ -30,7 +30,7 @@ # # Disable lvmetad as it causes lots of problems with iscsi shared lvm and caching. # -- name: disable lvmetad +- name: Disable lvmetad lineinfile: dest=/etc/lvm/lvm.conf regexp="^(.*)use_lvmetad = 1" line="\1use_lvmetad = 0" backrefs=yes failed_when: false tags: @@ -38,7 +38,7 @@ - nolvmetad # Also kill the service with fire -- name: disable lvm2-lvmetad socket +- name: Disable lvm2-lvmetad socket service: name=lvm2-lvmetad.socket state=stopped enabled=no check_mode: no failed_when: false @@ -50,18 +50,18 @@ # Some virthosts we want to use nested virt (a tech preview in rhel 7.2) # We need this module option set and then need to tweak the libvirt xml to enable it # -- name: setup nested virt on virthosts with nested=true variable (x86_64) +- name: Setup nested virt on virthosts with nested=true variable (x86_64) copy: src=kvm_intel.conf dest=/etc/modprobe.d/kvm_intel.conf when: nested == true and ansible_architecture == 'x86_64' -- name: setup nested virt on virthosts with nested=true variable (s390x) +- name: Setup nested virt on virthosts with nested=true variable (s390x) copy: src=kvm.conf dest=/etc/modprobe.d/kvm.conf when: nested == true and ansible_architecture == 's390x' # # On some hosts in the fedorainfracloud network we want to add some users to be able to manage # their own vms. -- name: add copr user to some virthosts that will run copr builders +- name: Add copr user to some virthosts that will run copr builders user: name=copr password_lock=true group=libvirt when: copr_build_virthost diff --git a/roles/web-data-analysis/tasks/main.yml b/roles/web-data-analysis/tasks/main.yml index 80c9645ee2..2c740d1f19 100644 --- a/roles/web-data-analysis/tasks/main.yml +++ b/roles/web-data-analysis/tasks/main.yml @@ -1,95 +1,95 @@ --- -- name: install python3-pandas package +- name: Install python3-pandas package package: state=present name=python3-pandas tags: - packages - web-data -- name: make sure the /usr/local/share/web-data-analysis directory exists +- name: Make sure the /usr/local/share/web-data-analysis directory exists file: path=/usr/local/share/web-data-analysis state=directory tags: - web-data -- name: make the data directory +- name: Make the data directory file: path=/mnt/fedora_stats/data state=directory mode=0755 tags: - web-data -- name: make the data subdirs +- name: Make the data subdirs file: path=/mnt/fedora_stats/data/{{item}} state=directory mode=0755 with_items: [mirrors] tags: - web-data -- name: copy over website index. +- name: Copy over website index. copy: src=html/main-index.html dest=/var/www/html/index.html mode=0644 tags: - web-data -- name: make a css tree +- name: Make a css tree file: path=/var/www/html/css/ state=directory mode=0755 tags: - web-data -- name: css files +- name: Css files copy: src={{item}} dest=/var/www/html/css/ mode=0644 with_items: [html/css/data-reports.css, html/css/normalize.css] tags: - web-data -- name: make the web directory exists +- name: Make the web directory exists file: path=/var/www/html/csv-reports/ state=directory mode=0755 tags: - web-data -- name: make the web subdirs +- name: Make the web subdirs file: path=/var/www/html/csv-reports/{{item}} state=directory mode=0755 with_items: [images, mirrors] tags: - web-data -- name: make the web directory summary. +- name: Make the web directory summary. copy: src=html/summary.html dest=/var/www/html/csv-reports/images/ mode=0644 tags: - web-data -- name: clean out non-useful images +- name: Clean out non-useful images ansible.builtin.file: path="/var/www/html/csv-reports/images/{{item}}" state=absent with_items: [hotspot-all.png, fedora-rev-latest-stacked.png] -- name: scripts to condense data down for further processing +- name: Scripts to condense data down for further processing copy: src={{item}} dest=/usr/local/bin/ mode=0755 with_items: [condense-mirrorlogs.sh] tags: - web-data -- name: python scripts to calculate various data +- name: Python scripts to calculate various data copy: src={{item}} dest=/usr/local/bin/ mode=0755 with_items: [mirrorlist.py] tags: - web-data -- name: awk files for csv creation +- name: Awk files for csv creation copy: src={{item}} dest=/usr/local/share/web-data-analysis mode=0644 with_items: [mirrors-data.awk] tags: - web-data -- name: gnuplot file for image creation +- name: Gnuplot file for image creation copy: src={{item}} dest=/usr/local/share/web-data-analysis mode=0644 with_items: [mirrors-data.gp] tags: - web-data -- name: daily cron file to run the log files +- name: Daily cron file to run the log files copy: src={{item}} dest=/etc/cron.d/ mode=0644 with_items: [condense-mirrorlogs.cron] tags: - web-data - cron -- name: install package deps for mirrors-countme +- name: Install package deps for mirrors-countme package: # tqdm is optional but it gives nice progress meters for interactive use name: ['python3-pip', 'python3-setuptools', 'python3-tqdm'] @@ -98,13 +98,13 @@ - packages - web-data -- name: make countme group +- name: Make countme group group: name: countme tags: - web-data -- name: make countme user +- name: Make countme user user: name: countme group: countme @@ -114,7 +114,7 @@ tags: - web-data -- name: install the python3.11-mirrors-countme RPM package +- name: Install the python3.11-mirrors-countme RPM package package: name: python3.11-mirrors-countme state: present @@ -123,7 +123,7 @@ - packages -- name: remove local mirrors-countme git repo, scripts and Python package +- name: Remove local mirrors-countme git repo, scripts and Python package # Using `shell` here because `file` doesn't know wild cards shell: >- shopt -s nullglob; @@ -143,39 +143,39 @@ tags: - web-data -- name: make countme web subdir +- name: Make countme web subdir file: path=/var/www/html/csv-reports/countme state=directory mode=0775 owner=countme group=countme tags: - web-data -- name: make countme local data dir +- name: Make countme local data dir file: path=/var/lib/countme state=directory mode=0775 owner=countme group=countme tags: - web-data -- name: ensure messaging script is installed +- name: Ensure messaging script is installed import_role: name=fedora-messaging-utils tags: - web-data - cron -- name: install countme script to parse new logs & update totals +- name: Install countme script to parse new logs & update totals copy: src=countme-update.sh dest=/usr/local/bin/ mode=0755 tags: - web-data -- name: install CentOS countme script to parse new logs & update totals +- name: Install CentOS countme script to parse new logs & update totals copy: src=countme-centos-update.sh dest=/usr/local/bin/ mode=0755 tags: - web-data -- name: install cron file to run countme-update.sh daily +- name: Install cron file to run countme-update.sh daily copy: src=countme-update.cron dest=/etc/cron.d/ mode=0644 tags: - web-data - cron -- name: remove old syncHttpLogs.sh cron script only on log01 +- name: Remove old syncHttpLogs.sh cron script only on log01 file: path: /etc/cron.daily/syncHttpLogs.sh state: absent @@ -184,7 +184,7 @@ - web-data - cron -- name: write configuration file for script to sync httpd logs +- name: Write configuration file for script to sync httpd logs template: src: sync-http-logs.yaml.j2 dest: /etc/sync-http-logs.yaml @@ -193,7 +193,7 @@ - web-data - config -- name: install a script to sync httpd logs via cron only on log01 +- name: Install a script to sync httpd logs via cron only on log01 copy: src: sync-http-logs.py dest: /usr/local/bin/sync-http-logs.py @@ -203,7 +203,7 @@ - web-data - cron -- name: remove sync-http-logs.py from cron.daily directory +- name: Remove sync-http-logs.py from cron.daily directory file: path: /etc/cron.daily/sync-http-logs.py state: absent @@ -212,24 +212,24 @@ - web-data - cron -- name: install awstats package +- name: Install awstats package package: state=present name=awstats tags: - packages - web-data -- name: make the awstats directory +- name: Make the awstats directory file: path=/var/www/html/awstats-reports state=directory tags: - web-data -- name: proxy log merge script (log01) +- name: Proxy log merge script (log01) copy: src=combineHttpLogs.sh dest=/usr/local/bin/ mode=0755 tags: - config - web-data -- name: remove separate daily cron job to merge old logs +- name: Remove separate daily cron job to merge old logs file: path: /etc/cron.d/combineHttp.cron state: absent @@ -237,7 +237,7 @@ - web-data - cron -- name: install daily cron job to sync and merge log files +- name: Install daily cron job to sync and merge log files copy: src: sync-http-logs-and-merge.sh dest: /etc/cron.daily diff --git a/roles/weblate-backup/tasks/main.yml b/roles/weblate-backup/tasks/main.yml index f67c30e19b..feb5c4395e 100644 --- a/roles/weblate-backup/tasks/main.yml +++ b/roles/weblate-backup/tasks/main.yml @@ -13,7 +13,7 @@ tags: - weblate_backup -- name: create a .ssh dir for that user +- name: Create a .ssh dir for that user file: dest: "/home/_backup_weblate/.ssh" mode: "0700" diff --git a/roles/yubikey/tasks/main.yml b/roles/yubikey/tasks/main.yml index def07ac93e..9929e6edab 100644 --- a/roles/yubikey/tasks/main.yml +++ b/roles/yubikey/tasks/main.yml @@ -1,7 +1,7 @@ --- # Tasks to set up yubikey_verifier -- name: install needed packages +- name: Install needed packages package: name={{ item }} state=present with_items: - yubikey-ksm @@ -10,7 +10,7 @@ tags: - packages -- name: install /etc/ykksm/ykksm-config.php and /etc/ykval/ykval-config.php +- name: Install /etc/ykksm/ykksm-config.php and /etc/ykval/ykval-config.php template: src={{ item.file }} dest={{ item.dest }} owner=apache group=apache mode=0640 @@ -18,20 +18,20 @@ - { file: ykksm-config.php, dest: /etc/ykksm/ykksm-config.php } - { file: ykval-config.php, dest: /etc/ykval/ykval-config.php } -- name: symlink the configuration files to /usr/share/... +- name: Symlink the configuration files to /usr/share/... file: src={{item.file}} dest={{ item.dest }} state=link with_items: - {file: /etc/ykval/ykval-config.php, dest: /usr/share/ykval/ykval-config.php } - {file: /etc/ykksm/ykksm-config.php, dest: /usr/share/ykksm/ykksm-config.php } -- name: install the apache configuration files +- name: Install the apache configuration files copy: src={{ item.file }} dest={{ item.dest}} with_items: - { file: yk-ksm.conf, dest: /etc/httpd/conf.d/yk-ksm.conf } - { file: yk-val.conf, dest: /etc/httpd/conf.d/yk-val.conf } -- name: enable httpd_can_network_connect selinux boolean +- name: Enable httpd_can_network_connect selinux boolean seboolean: name=httpd_can_network_connect state=yes persistent=yes tags: - config diff --git a/roles/zabbix/zabbix_agent/tasks/main.yml b/roles/zabbix/zabbix_agent/tasks/main.yml index 2387edde19..0c1572d410 100644 --- a/roles/zabbix/zabbix_agent/tasks/main.yml +++ b/roles/zabbix/zabbix_agent/tasks/main.yml @@ -34,7 +34,7 @@ tags: - zabbix_agent -- name: reload custom selinux files +- name: Reload custom selinux files shell: /usr/sbin/semodule -u "/etc/selinux/centos/centos-zabbix-agent.pp" when: ansible_distribution == "Centos" and ansible_selinux.status == "enabled" and sepolicy.changed tags: diff --git a/tasks/aws_cloud.yml b/tasks/aws_cloud.yml index 8427cf3fc3..f37aa364ba 100644 --- a/tasks/aws_cloud.yml +++ b/tasks/aws_cloud.yml @@ -4,13 +4,13 @@ --- - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README -- name: check if the server is up, needs to be pre-started +- name: Check if the server is up, needs to be pre-started local_action: shell nc -w 5 {{ inventory_hostname }} 22 < /dev/null register: host_is_up changed_when: false check_mode: no -- name: birthday=on - drop the old known host entries +- name: Birthday=on - drop the old known host entries local_action: known_hosts path={{item}} host={{ inventory_hostname }} state=absent @@ -18,7 +18,7 @@ - /root/.ssh/known_hosts when: birthday is defined -- name: birthday=on - drop other known host entries +- name: Birthday=on - drop other known host entries local_action: known_hosts path={{ item.0 }} host={{ item.1 }} state=absent @@ -31,7 +31,7 @@ - additional_known_hosts_cleanup is defined - additional_known_hosts_cleanup[inventory_hostname] is defined -- name: gather the temporary ssh host key from the new instance +- name: Gather the temporary ssh host key from the new instance local_action: command ssh-keyscan -t {{ item }} {{ inventory_hostname }} register: hostkey loop: @@ -39,7 +39,7 @@ - ed25519 when: birthday is defined -- name: add new ssh host key (until we can sign it) +- name: Add new ssh host key (until we can sign it) local_action: known_hosts path={{item.0}} key="{{ item.1.stdout }}" host={{ inventory_hostname }} state=present with_nested: @@ -47,7 +47,7 @@ - "{{ hostkey.results }}" when: birthday is defined -- name: find old signatures done against the other hostname +- name: Find old signatures done against the other hostname find: paths: /etc/ssh file_type: file @@ -58,7 +58,7 @@ - additional_known_hosts_cleanup is defined - additional_known_hosts_cleanup[inventory_hostname] is defined -- name: remove old signed certificates +- name: Remove old signed certificates file: path: "{{ item.path }}" state: absent @@ -67,7 +67,7 @@ - found_ssh_certs is not skipped # from https://github.com/praiskup/ansible-role-fix-root-ssh -- name: allow root ssh connections +- name: Allow root ssh connections lineinfile: path: /etc/cloud/cloud.cfg regexp: '^disable_root:' @@ -77,7 +77,7 @@ become_user: root when: birthday is defined -- name: use the same authorized_keys +- name: Use the same authorized_keys replace: path: /root/.ssh/authorized_keys regexp: '.*Please login as the user.* ssh-rsa ' @@ -92,7 +92,7 @@ # Next we try and gather facts. If the host doesn't have python2 this will fail. # -- name: gather facts +- name: Gather facts setup: check_mode: no ignore_errors: true @@ -102,7 +102,7 @@ # If that failed, then we use the raw module to install things # -- name: install python3 and dnf stuff +- name: Install python3 and dnf stuff raw: sudo dnf -y install python3-dnf python3-libselinux python3 when: - birthday is defined diff --git a/tasks/cloud_setup_basic.yml b/tasks/cloud_setup_basic.yml index 81dfd1d307..ea0a19cf66 100644 --- a/tasks/cloud_setup_basic.yml +++ b/tasks/cloud_setup_basic.yml @@ -24,12 +24,12 @@ - name: Include basessh include_role: name=basessh -# - name: edit hostname to be instance name - prefix hostbase var if it exists +# - name: Edit hostname to be instance name - prefix hostbase var if it exists # shell: hostname {{ hostbase }}`curl -s http://169.254.169.254/latest/meta-data/instance-id` # tags: # - config -- name: add ansible root key +- name: Add ansible root key authorized_key: user=root key="{{ item }}" with_file: - /srv/web/infra/ansible/roles/base/files/ansible-pub-key @@ -37,7 +37,7 @@ - config - sshkeys -- name: add root keys for sysadmin-main and other allowed users +- name: Add root keys for sysadmin-main and other allowed users authorized_key: user=root key="{{ item }}" with_lines: - "/srv/web/infra/ansible/scripts/auth-keys-from-fas @sysadmin-main {{ root_auth_users }}" @@ -47,44 +47,44 @@ # https://pagure.io/fedora-infrastructure/issue/10509 ignore_errors: true -- name: enable ssh_sysadm_login sebool +- name: Enable ssh_sysadm_login sebool seboolean: name=ssh_sysadm_login state=yes persistent=yes ignore_errors: true # note - kinda should be a handler - but handlers need args -- name: restorecon +- name: Restorecon file: path=/root/.ssh setype=ssh_home_t recurse=yes tags: - config -- name: update all +- name: Update all command: yum -y update creates=/etc/sysconfig/global-update-applied register: updated when: ansible_distribution_major_version|int < 8 and ansible_distribution == 'RedHat' tags: - packages -- name: update all +- name: Update all command: dnf -y update creates=/etc/sysconfig/global-update-applied register: updated when: ansible_distribution_major_version|int > 7 and ansible_distribution == 'RedHat' and ansible_cmdline.ostree is not defined tags: - packages -- name: update all +- name: Update all command: dnf -y update creates=/etc/sysconfig/global-update-applied register: updated when: ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora' and ansible_cmdline.ostree is not defined tags: - packages -- name: write out global-update-applied file if we updated +- name: Write out global-update-applied file if we updated copy: content="updated" dest=/etc/sysconfig/global-update-applied when: updated is defined tags: - packages -- name: ensure tmp.mount is not masked, logrotate start would fail +- name: Ensure tmp.mount is not masked, logrotate start would fail systemd: name: tmp.mount masked: no diff --git a/tasks/confine_ssh.yml b/tasks/confine_ssh.yml index 914d5ad1eb..2fa860de74 100644 --- a/tasks/confine_ssh.yml +++ b/tasks/confine_ssh.yml @@ -1,5 +1,5 @@ --- -- name: install the confine-ssh script +- name: Install the confine-ssh script copy: > src={{files}}/scripts/confine-ssh.sh dest=/usr/local/bin/confine-ssh.sh diff --git a/tasks/happy_birthday.yml b/tasks/happy_birthday.yml index 927b4ba555..24dae23f7c 100644 --- a/tasks/happy_birthday.yml +++ b/tasks/happy_birthday.yml @@ -1,5 +1,5 @@ --- -- name: gather ssh host key from new instance +- name: Gather ssh host key from new instance local_action: command ssh-keyscan -t rsa {{ inventory_hostname }} ignore_errors: true register: hostkey diff --git a/tasks/motd.yml b/tasks/motd.yml index dcbc59376a..5963d8c4ed 100644 --- a/tasks/motd.yml +++ b/tasks/motd.yml @@ -1,5 +1,5 @@ --- -- name: add motd to system +- name: Add motd to system template: src=/srv/web/infra/hosts/motd.j2 dest=/etc/motd tags: - motd diff --git a/tasks/openvpn_client.yml b/tasks/openvpn_client.yml index abb5fc6fd2..02e4c65d94 100644 --- a/tasks/openvpn_client.yml +++ b/tasks/openvpn_client.yml @@ -1,6 +1,6 @@ --- # openvpn - ftw - or something -- name: install openvpn +- name: Install openvpn package: name=openvpn state=present tags: - packages @@ -40,7 +40,7 @@ notify: - restart openvpn -- name: enable openvpn service for rhel 6 +- name: Enable openvpn service for rhel 6 service: name=openvpn state=started enabled=true tags: - service diff --git a/tasks/openvpn_client_7.yml b/tasks/openvpn_client_7.yml index d91b18165a..e27e111eaa 100644 --- a/tasks/openvpn_client_7.yml +++ b/tasks/openvpn_client_7.yml @@ -1,6 +1,6 @@ --- # openvpn - ftw - or something -- name: install openvpn +- name: Install openvpn package: name=openvpn state=present tags: - packages @@ -40,7 +40,7 @@ notify: - restart openvpn 7 -- name: enable openvpn service for rhel or fedora +- name: Enable openvpn service for rhel or fedora service: name=openvpn@openvpn state=started enabled=true tags: - service diff --git a/tasks/persistent_cloud.yml b/tasks/persistent_cloud.yml index f672287148..ebb3463549 100644 --- a/tasks/persistent_cloud.yml +++ b/tasks/persistent_cloud.yml @@ -2,14 +2,14 @@ --- - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README -- name: check it out +- name: Check it out local_action: shell nc -w 5 {{ inventory_hostname }} 22 < /dev/null register: host_is_up ignore_errors: true changed_when: false check_mode: no -- name: spin UP VM using nova_compute +- name: Spin UP VM using nova_compute become: false local_action: module: nova_compute @@ -53,24 +53,24 @@ failed_when: false when: volumes is defined and volume_available is defined and item.changed -- name: wait for he host to be hot +- name: Wait for he host to be hot local_action: wait_for host={{ public_ip }} port=22 delay=1 timeout=600 when: host_is_up is failed # SSH is up and running, however cloud-init still did not deployed ssh keypair # we have to wait some time. 10 sec is usually enough, but not always. -- name: waiting for cloud-init +- name: Waiting for cloud-init pause: seconds=30 when: host_is_up is failed -- name: gather ssh host key from new instance +- name: Gather ssh host key from new instance local_action: command ssh-keyscan -t rsa {{ inventory_hostname }} ignore_errors: true register: hostkey when: host_is_up is failed -- name: add new ssh host key (until we can sign it) +- name: Add new ssh host key (until we can sign it) local_action: known_hosts path={{item}} key="{{ hostkey.stdout }}" host={{ inventory_hostname }} state=present ignore_errors: true with_items: @@ -81,7 +81,7 @@ # Next we try and gather facts. If the host doesn't have python2 this will fail. # -- name: gather facts +- name: Gather facts setup: check_mode: no ignore_errors: true @@ -91,13 +91,13 @@ # If that failed, then we use the raw module to install things # -- name: install python2 and dnf stuff +- name: Install python2 and dnf stuff raw: dnf -y install python-dnf libselinux-python when: facts is failed # TODO - somehow guess when keypair is finally deployed and return little bit earlier ## We need to specify user, here we trying with fedora or root -# - name: wait until ssh is available +# - name: Wait until ssh is available # # local_action: shell false; until [ "$?" -eq "0" ]; do sleep 2; ssh -o PasswordAuthentication=no fedora@{{ public_ip }} 'echo foobar' || ssh -o PasswordAuthentication=no root@{{ public_ip }} 'echo foobar'; done # # local_action: shell false; until [ "$?" -eq "0" ]; do sleep 2; ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o PasswordAuthentication=no fedora@{{ public_ip }} 'echo foobar'; done # local_action: shell whoami && ssh -vvvv -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o PasswordAuthentication=no fedora@{{ public_ip }} 'echo foobar' diff --git a/tasks/postfix_basic.yml b/tasks/postfix_basic.yml index da430325a4..926b5d2885 100644 --- a/tasks/postfix_basic.yml +++ b/tasks/postfix_basic.yml @@ -1,5 +1,5 @@ --- -- name: install postfix +- name: Install postfix package: name=postfix state=present tags: - postfix @@ -21,7 +21,7 @@ - postfix - config -- name: enable postfix to start +- name: Enable postfix to start service: name=postfix state=started enabled=true tags: - service diff --git a/tasks/rdiff_backup_server.yml b/tasks/rdiff_backup_server.yml index c3eeff1eba..4bbb44b3f9 100644 --- a/tasks/rdiff_backup_server.yml +++ b/tasks/rdiff_backup_server.yml @@ -1,6 +1,6 @@ --- # tasklist for setting up a rdiff backup server. -- name: install rdiff-backup +- name: Install rdiff-backup package: name={{ item }} state=present with_items: - rdiff-backup @@ -9,12 +9,12 @@ tags: - packages -- name: setup rdiff backup script +- name: Setup rdiff backup script copy: src="{{ files }}/rdiff-backup/run-rdiff-backups" dest=/usr/local/bin/run-rdiff-backups mode=755 tags: - config -- name: setup rdiff backup cron +- name: Setup rdiff backup cron copy: src="{{ files }}/rdiff-backup/run-rdiff-backups.cron" dest=/etc/cron.d/run-rdiff-backups tags: - config diff --git a/tasks/reg-server.yml b/tasks/reg-server.yml index c40ffcf2c7..bef12665fa 100644 --- a/tasks/reg-server.yml +++ b/tasks/reg-server.yml @@ -1,5 +1,5 @@ --- -- name: install reg-server +- name: Install reg-server package: name: reg tags: diff --git a/tasks/serialgetty.yml b/tasks/serialgetty.yml index 969bb6e0ce..1311cbc87f 100644 --- a/tasks/serialgetty.yml +++ b/tasks/serialgetty.yml @@ -1,6 +1,6 @@ --- -- name: upstart serial setup +- name: Upstart serial setup copy: src="{{ files }}/common/ttyS0.conf" dest=/etc/init/ttyS0.conf when: is_rhel is defined tags: diff --git a/tasks/swap.yml b/tasks/swap.yml index 3fd5ee80e1..846aba3db1 100644 --- a/tasks/swap.yml +++ b/tasks/swap.yml @@ -78,7 +78,7 @@ - swap notify: restart swap.swap -- name: remove zram-generator-defaults +- name: Remove zram-generator-defaults package: name: zram-generator-defaults state: absent @@ -87,7 +87,7 @@ - swap.file.dropzrampackage - swap -- name: disable zram0 +- name: Disable zram0 shell: swapoff /dev/zram0 tags: - swap diff --git a/tasks/virt_instance_create.yml b/tasks/virt_instance_create.yml index 59aa220cbe..67b79fa4a5 100644 --- a/tasks/virt_instance_create.yml +++ b/tasks/virt_instance_create.yml @@ -4,28 +4,28 @@ --- - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README -- name: get vm list +- name: Get vm list delegate_to: "{{ vmhost }}" virt: command=list_vms register: result check_mode: no -- name: ensure no old facts exist +- name: Ensure no old facts exist delegate_to: localhost file: path=/root/.ansible_facts_cache/{{ inventory_hostname }} state=absent when: inventory_hostname not in result.list_vms -- name: ensure the lv for the guest is made +- name: Ensure the lv for the guest is made lvol: lv={{ inventory_hostname }} vg={{ volgroup }} size={{ lvm_size }} state=present delegate_to: "{{ vmhost }}" when: inventory_hostname not in result.list_vms -- name: run the virt-install +- name: Run the virt-install shell: "{{ virt_install_command }}" delegate_to: "{{ vmhost }}" when: inventory_hostname not in result.list_vms -- name: wait for the install to finish -> {{ inventory_hostname }} +- name: Wait for the install to finish -> {{ inventory_hostname }} virt: command=status name={{ inventory_hostname }} register: vmstatus until: vmstatus.status == 'shutdown' @@ -34,36 +34,36 @@ delay: 20 when: inventory_hostname not in result.list_vms -- name: start the vm up and set it to autostart +- name: Start the vm up and set it to autostart virt: state=running name={{ inventory_hostname }} autostart=True delegate_to: "{{ vmhost }}" when: inventory_hostname not in result.list_vms -- name: make sure there is no old ssh host key for the host still around +- name: Make sure there is no old ssh host key for the host still around local_action: known_hosts path={{item}} host={{ inventory_hostname }} state=absent ignore_errors: true with_items: - /root/.ssh/known_hosts when: inventory_hostname not in result.list_vms -- name: wait for ssh on the vm to start back +- name: Wait for ssh on the vm to start back local_action: wait_for delay=10 host={{ inventory_hostname }} port=22 state=started timeout=1200 when: inventory_hostname not in result.list_vms -- name: gather ssh host key from new instance +- name: Gather ssh host key from new instance local_action: command ssh-keyscan -t rsa {{ inventory_hostname }} ignore_errors: true register: hostkey when: inventory_hostname not in result.list_vms -- name: add new ssh host key (until we can sign it) +- name: Add new ssh host key (until we can sign it) local_action: known_hosts path={{item}} key="{{ hostkey.stdout }}" host={{ inventory_hostname }} state=present ignore_errors: true with_items: - /root/.ssh/known_hosts when: inventory_hostname not in result.list_vms -- name: gather facts +- name: Gather facts setup: check_mode: no ignore_errors: true diff --git a/tasks/yumrepos.yml b/tasks/yumrepos.yml index 43a47fc181..78e586a4a7 100644 --- a/tasks/yumrepos.yml +++ b/tasks/yumrepos.yml @@ -8,7 +8,7 @@ - packages - yumrepos -- name: enable repos for archived Fedora releases +- name: Enable repos for archived Fedora releases set_fact: archive_if_archived: >- {{ @@ -26,7 +26,7 @@ - packages - yumrepos -- name: put rhel repos on rhel systems +- name: Put rhel repos on rhel systems copy: src="{{ files }}/common/rhel{{ ansible_distribution_major_version|int }}.repo" dest="/etc/yum.repos.d/rhel{{ ansible_distribution_major_version|int }}.repo" when: ansible_distribution == 'RedHat' and not inventory_hostname.startswith('ppc9') and datacenter != "aws" tags: @@ -34,7 +34,7 @@ - packages - yumrepos -- name: put rhel repos on rhel systems (power9) +- name: Put rhel repos on rhel systems (power9) copy: src="{{ files }}/common/rhel{{ ansible_distribution_major_version|int }}-power9.repo" dest="/etc/yum.repos.d/rhel{{ ansible_distribution_major_version|int }}.repo" when: ansible_distribution == 'RedHat' and inventory_hostname.startswith('ppc9') and datacenter != "aws" tags: @@ -42,7 +42,7 @@ - packages - yumrepos -- name: put epel repos on el systems +- name: Put epel repos on el systems copy: src="{{ files }}/common/epel{{ ansible_distribution_major_version|int }}.repo" dest="/etc/yum.repos.d/epel{{ ansible_distribution_major_version|int }}.repo" when: ((ansible_distribution == 'RedHat' or ansible_distribution == 'CentOS') and use_default_epel) and datacenter != "aws" tags: @@ -50,7 +50,7 @@ - packages - yumrepos -- name: put epel repos on el systems (aws) +- name: Put epel repos on el systems (aws) copy: src="{{ files }}/common/original-epel{{ ansible_distribution_major_version|int }}.repo" dest="/etc/yum.repos.d/epel{{ ansible_distribution_major_version|int }}.repo" when: ((ansible_distribution == 'RedHat' or ansible_distribution == 'CentOS') and use_default_epel) and datacenter == "aws" tags: @@ -58,7 +58,7 @@ - packages - yumrepos -- name: put epel gpg key on el systems (aws) +- name: Put epel gpg key on el systems (aws) copy: src="{{ files }}/common/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version|int }}" dest="/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version|int }}" when: ((ansible_distribution == 'RedHat' or ansible_distribution == 'CentOS') and use_default_epel) and datacenter == "aws" tags: @@ -66,7 +66,7 @@ - packages - yumrepos -- name: epel release on el systems (aws) +- name: Epel release on el systems (aws) package: name: 'epel-release' state: present @@ -76,7 +76,7 @@ - packages - yumrepos -- name: put fedora repos on primary architecture systems +- name: Put fedora repos on primary architecture systems template: src="{{ files }}/common/{{ item }}" dest="/etc/yum.repos.d/{{ item }}" with_items: - fedora.repo @@ -88,7 +88,7 @@ - packages - yumrepos -- name: put fedora repos on secondary architecture systems +- name: Put fedora repos on secondary architecture systems template: src="{{ files }}/common/{{ item }}-secondary" dest="/etc/yum.repos.d/{{ item }}" with_items: - fedora.repo @@ -100,7 +100,7 @@ - packages - yumrepos -- name: add infrastructure tags repo - RHEL +- name: Add infrastructure tags repo - RHEL copy: src="{{ files }}/common/rhel-infra-tags.repo" dest="/etc/yum.repos.d/infra-tags.repo" when: ((ansible_distribution == 'RedHat' or ansible_distribution == 'CentOS')) tags: @@ -108,7 +108,7 @@ - packages - yumrepos -- name: add infrastructure STAGING tags repo - RHEL +- name: Add infrastructure STAGING tags repo - RHEL copy: src="{{ files }}/common/rhel-infra-tags-stg.repo" dest="/etc/yum.repos.d/infra-tags-stg.repo" when: (ansible_distribution == 'RedHat' or ansible_distribution == 'CentOS') and env in ['staging', 'pagure-staging'] tags: @@ -116,7 +116,7 @@ - packages - yumrepos -- name: add infrastructure tags repo - Fedora +- name: Add infrastructure tags repo - Fedora copy: src="{{ files }}/common/fedora-infra-tags.repo" dest="/etc/yum.repos.d/infra-tags.repo" when: ansible_distribution == 'Fedora' tags: @@ -124,7 +124,7 @@ - packages - yumrepos -- name: add infrastructure STAGING tags repo - Fedora +- name: Add infrastructure STAGING tags repo - Fedora copy: src="{{ files }}/common/fedora-infra-tags-stg.repo" dest="/etc/yum.repos.d/infra-tags-stg.repo" when: ansible_distribution == 'Fedora' and env in ['staging', 'pagure-staging'] tags: