Initial commit of files for ansible-izing keyserver

2013-08-15 22:27:42 +00:00 · 2013-08-15 22:27:42 +00:00 · 81d0789fb4
commit 81d0789fb4
parent 82a6edbbf3
4 changed files with 114 additions and 0 deletions
--- a/files/keyserver/membership
+++ b/files/keyserver/membership
@ -0,0 +1,41 @@
+a.sks.srv.scientia.net		11370 # root@sks.srv.scientia.net
+eagle.jhcloos.com  		11370 # James Cloos <cloos@jhcloos.com>  0xED7DAEA6
+key.adeti.org			11370 # Marco RODRIGUES <marco@adeti.org> 0x7CE697FC
+key.ip6.li			11370 # Christian Felsing <hostmaster@ip6.li> 0x5386E2A0
+keys2.kfwebs.net		11370 # 0x0B7F8B60E3EDFAE3
+#keys.christensenplace.us	11370 # Eric Christensen <eric@christensenplace.us> 0x024BB3D1
+keyserver.cns.vt.edu		11370 # Phil Benchoff <benchoff@vt.edu> <keymaster@cns.vt.edu>
+#keyserver.computer42.org	11370 # H.-Dirk Schmitt <dirk@computer42.org> 0x6A017B17
+keyserver.dacr.hu  		11370 # David Horvath <dacr@dacr.hu> 0x00CBC81A
+keyserver.gingerbear.net	11370 # John P. Clizbe <John@Gingerbear.net> 0xD6569825
+keyserver.kim-minh.com		11370 # Kim Minh Kaplan<kaplan+sks@kim-minh.com> 0xAF1E829C
+keyserver.kjsl.org		11370 # Javier Henderson <javier@kjsl.org> 0x9BF88EE5
+keyserver.nausch.org		11370 # Michael Nausch <michael@nausch.org> 0x2384C849 
+key-server.nl			11370 # Wijnand Modderman-Lenstra <maze@key-server.nl> 0x294DF221
+keyserver.saol.no-ip.com	11370 # Peter <peter@saol.no-ip.com> 0x39E97290
+keyserver.secretresearchfacility.com 11370 # Stephan Seitz <s.seitz@secretresearchfacility.com> 0xAB83B1C3
+keyserver.serviz.fr		11370 # robert <sks(at)serviz(pt)fr> 0xEF333C7E
+keyserver.sincer.us 		11370 # Petru Ghita <petrutz@venaver.info> 0x7CF29D04
+keyserver.skoopsmedia.net	11370 # unknown
+#keyservers.org			11370 # Rob Hansen <rjh@sixdemonbag.org>
+keyserver.stack.nl		11370 # Johan van Selst <johans@stack.nl> 0xD3AE8D3A
+keyserver.ut.mephi.ru		11370 # Dmitry Yu Okunev <dyokunev@ut.mephi.ru> 0x8E30679C, pks team <pks@ut.mephi.ru>
+keys.exosphere.de		11370 # Christoph Gebhardt <chris@exosphere.de> 0xE1C2E92C
+keys.niif.hu			11370 # Gabor Kiss <kissg@ssg.ki.iif.hu>
+keys.thoma.cc			11370 # Maximilian Thoma <keys@thoma.cc> 0xB480AC4B
+keys.wuschelpuschel.org		11370 # 0x017D1C3D Peter Kornherr <peter@wuschelpuschel.org>
+openpgp1.claruscomms.net	11370 # unknown
+pgp.circl.lu			11370 # CIRCL - info@circl.lu - 0x22BD4CD5
+#pgp.codelabs.ru		11370 # Eygene Ryabinkin <rea@codelabs.ru> 0x8152ECFB
+pgp.jjim.de			11370 # Joel Garske <admin@pgp.jjim.de> 0xA921EB20
+pgpkeys.mallos.nl		11370 # Arnold Schekkerman <arnold@mallos.nl> 0xB66BBBAA
+pgp.megagod.net			11370 # Kullawat Chaowanawatee (0xC19EAE3A)
+pgp.rediris.es			11370 # Francisco.monserrat <francisco.monserrat@rediris.es> 0xD3A42C61
+#pki.colliertech.org		11370 # C.J. Adams-Collier <cjac@uw.edu> 0x8E562765BA27A83C
+ranger.ky9k.org			11370 # Brian D Heaton <pgp-keymaster@ky9k.org>       0x9A016118
+sks.ecks.ca			11370 # Eric Benoit <eric@ecks.ca> 0x69E65D2C
+sks.es.net			11370 # keymaster@es.net
+sks.karotte.org			11370 # Sebastian Wiesinger <sebastian@karotte.org> 0x93A0B9CE
+sks.keyservers.net		11370 # John P. Clizbe <John@Gingerbear.net> 0xD6569825
+sks-peer.spodhuis.org		11370 # Phil Pennock <keyserver@spodhuis.org> 0x3903637F
+sks.pkqs.net			11370 # Stephan Beyer <s-beyer@gmx.net> 0xFCC5040F
--- a/files/keyserver/sksconf
+++ b/files/keyserver/sksconf
@ -0,0 +1,10 @@
+basedir: /srv/sks
+hostname: keys.fedoraproject.org
+hkp_port: 11371
+recon_port: 11370
+gossip_interval: 1440
+stat_hour: 00
+initial_stat:
+membership_reload_interval: 1
+disable_mailsync:
+server_contact: 0x110810E9
--- a/playbooks/groups/keyserver.yml
+++ b/playbooks/groups/keyserver.yml
@ -0,0 +1,48 @@
+# create a new sks keyserver
+# NOTE: should be used with --limit most of the time
+# NOTE: make sure there is room/space for this server on the vmhost
+# NOTE: most of these vars come from group_vars/gallery-web* or from hostvars
+
+- name: make sks keyserver
+  hosts: keys01
+  user: root
+  gather_facts: False
+
+  vars_files: 
+   - /srv/web/infra/ansible/vars/global.yml
+   - ${private}/vars.yml
+   - ${vars}/${ansible_distribution}.yml
+
+  tasks:
+  - include: $tasks/virt_instance_create.yml
+
+  handlers:
+  - include: $handlers/restart_services.yml
+
+- name: make the box be real
+  hosts: keys01
+  user: root
+  gather_facts: True
+
+  vars_files: 
+   - /srv/web/infra/ansible/vars/global.yml
+   - ${private}/vars.yml
+   - ${vars}/${ansible_distribution}.yml
+
+  tasks:
+  - include: $tasks/hosts.yml
+  - include: $tasks/yumrepos.yml
+  - include: $tasks/base.yml
+  - include: $tasks/fas_client.yml
+  - include: $tasks/2fa_client.yml
+  - include: $tasks/motd.yml
+  - include: $tasks/sudo.yml
+  - include: $tasks/rkhunter.yml
+  - include: $tasks/denyhosts.yml
+  - include: $tasks/nagios_client.yml
+  - include: $tasks/fedmsg_base.yml
+  - include: $tasks/apache.yml
+  - include: $tasks/keyserver.yml
+
+  handlers:
+  - include: $handlers/restart_services.yml
--- a/tasks/keyserver.yml
+++ b/tasks/keyserver.yml
@ -0,0 +1,15 @@
+---
+- name: install sks
+  yum: name=sks state=installed
+  tags:
+  - packages
+
+- name: /srv/sks/membership
+  copy: src=$files/keyserver/membership dest=/srv/sks/membership mode=0644
+  tags:
+  - config
+
+- name: /srv/sks/sksconf
+  copy: src=$files/keyserver/sksconf dest=/srv/sks/sksconf mode=0644
+  tags:
+  - config