Migrate a bunch of things to roles. Thanks to misc!

.gitignore

@@ -1 +1,2 @@
 *.swp
+*.pyc

handlers/restart_services.yml

@@ -26,9 +26,6 @@
 - name: restart crond
   action: service name=crond state=restarted
 
-- name: restart denyhosts
-  action: service name=denyhosts state=restarted
-
 - name: restart httpd
   action: service name=httpd state=restarted
 
@@ -59,9 +56,6 @@
 - name: restart nfslock
   action: service name=nfslock state=restarted
 
-- name: restart nrpe
-  action: service name=nrpe state=restarted
-
 - name: restart ntpd
   action: service name=ntpd state=restarted
 
@@ -71,9 +65,6 @@
 - name: restart postfix
   action: service name=postfix state=restarted
 
-- name: restart postgresql
-  service: name=postgresql state=restarted
-
 - name: restart rpcbind
   action: service name=rpcbind state=restarted
 
@@ -92,11 +83,7 @@
 - name: restart sshd
   action: service name=sshd state=restarted
 
-- name: restart supervisord
-  action: service name=supervisord state=restarted
-
 - name: restart xinetd
   action: service name=xinetd state=restarted
 
-- name: run fasclient
+
-  action: command /usr/bin/fasClient -i

playbooks/groups/arm-packager.yml

@@ -11,17 +11,19 @@
    - ${private}/vars.yml
    - ${vars}/${ansible_distribution}.yml
 
+  roles:
+  - rkhunter
+  - denyhosts
+  - fas_client
+
   tasks:
   # this is how you include other task lists
   - include: $tasks/hosts.yml
   - include: $tasks/yumrepos.yml
   - include: $tasks/base.yml
-  - include: $tasks/fas_client.yml
   - include: $tasks/2fa_client.yml
   - include: $tasks/motd.yml
   - include: $tasks/sudo.yml
-  - include: $tasks/rkhunter.yml
-  - include: $tasks/denyhosts.yml
 
   handlers:
   - include: $handlers/restart_services.yml

playbooks/groups/arm-qa.yml

@@ -11,17 +11,19 @@
    - ${private}/vars.yml
    - ${vars}/${ansible_distribution}.yml
 
+  roles:
+  - rkhunter
+  - denyhosts
+  - fas_client
+
   tasks:
   # this is how you include other task lists
   - include: $tasks/hosts.yml
   - include: $tasks/yumrepos.yml
   - include: $tasks/base.yml
-  - include: $tasks/fas_client.yml
   - include: $tasks/2fa_client.yml
   - include: $tasks/motd.yml
   - include: $tasks/sudo.yml
-  - include: $tasks/rkhunter.yml
-  - include: $tasks/denyhosts.yml
 
   handlers:
   - include: $handlers/restart_services.yml

playbooks/groups/arm-releng.yml

@@ -10,9 +10,10 @@
    - /srv/web/infra/ansible/vars/global.yml
    - ${private}/vars.yml
 
+  roles:
+  - fas_client
+
   tasks:
-  # This task sets up fas_client for user management
-  - include: $tasks/fas_client.yml
   # This task sets up /etc/hosts for us
   - include: $tasks/hosts.yml
   # This task includes our common scripts

playbooks/groups/backup-server.yml

@@ -13,18 +13,19 @@
    - ${private}/vars.yml
    - ${vars}/${ansible_distribution}.yml
 
-  tasks:
+  roles:
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+
   tasks:
   - include: $tasks/hosts.yml
   - include: $tasks/yumrepos.yml
   - include: $tasks/base.yml
-  - include: $tasks/fas_client.yml
   - include: $tasks/2fa_client.yml
   - include: $tasks/motd.yml
   - include: $tasks/sudo.yml
-  - include: $tasks/rkhunter.yml
-  - include: $tasks/denyhosts.yml
-  - include: $tasks/nagios_client.yml
   - include: $tasks/mysql_server.yml
   - include: $tasks/bacula_server.yml
   - include: $tasks/rdiff_backup_server.yml

playbooks/groups/badges-backend.yml

@@ -29,17 +29,19 @@
    - ${private}/vars.yml
    - ${vars}/${ansible_distribution}.yml
 
+  roles:
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+
   tasks:
   - include: $tasks/hosts.yml
   - include: $tasks/yumrepos.yml
   - include: $tasks/base.yml
-  - include: $tasks/fas_client.yml
   - include: $tasks/2fa_client.yml
   - include: $tasks/motd.yml
   - include: $tasks/sudo.yml
-  - include: $tasks/rkhunter.yml
-  - include: $tasks/denyhosts.yml
-  - include: $tasks/nagios_client.yml
   - include: $tasks/openvpn_client.yml
     only_if: "'$env' != 'staging'"
   - include: $tasks/fedmsg_base.yml

playbooks/groups/badges-web.yml

@@ -32,17 +32,19 @@
    - ${private}/vars.yml
    - ${vars}/${ansible_distribution}.yml
 
+  roles:
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+
   tasks:
   - include: $tasks/hosts.yml
   - include: $tasks/yumrepos.yml
   - include: $tasks/base.yml
-  - include: $tasks/fas_client.yml
   - include: $tasks/2fa_client.yml
   - include: $tasks/motd.yml
   - include: $tasks/sudo.yml
-  - include: $tasks/rkhunter.yml
-  - include: $tasks/denyhosts.yml
-  - include: $tasks/nagios_client.yml
   - include: $tasks/openvpn_client.yml
     only_if: "'$env' != 'staging'"
   - include: $tasks/fedmsg_base.yml

playbooks/groups/beaker.yml

@@ -28,19 +28,21 @@
    - ${private}/vars.yml
    - ${vars}/${ansible_distribution}.yml
 
+  roles:
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+
   tasks:
   # this is how you include other task lists
   - include: $tasks/hosts.yml
   - include: $tasks/yumrepos.yml
   - include: $tasks/base.yml
-  - include: $tasks/fas_client.yml
   - include: $tasks/2fa_client.yml
   - include: $tasks/collectd/client.yml
   - include: $tasks/motd.yml
   - include: $tasks/sudo.yml
-  - include: $tasks/rkhunter.yml
-  - include: $tasks/denyhosts.yml
-  - include: $tasks/nagios_client.yml
 
   handlers:
   - include: $handlers/restart_services.yml

playbooks/groups/gallery.yml

@@ -29,17 +29,19 @@
    - ${private}/vars.yml
    - ${vars}/${ansible_distribution}.yml
 
+  roles:
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+
   tasks:
   - include: $tasks/hosts.yml
   - include: $tasks/yumrepos.yml
   - include: $tasks/base.yml
-  - include: $tasks/fas_client.yml
   - include: $tasks/2fa_client.yml
   - include: $tasks/motd.yml
   - include: $tasks/sudo.yml
-  - include: $tasks/rkhunter.yml
-  - include: $tasks/denyhosts.yml
-  - include: $tasks/nagios_client.yml
   - include: $tasks/fedmsg_base.yml
   - include: $tasks/apache.yml
 

playbooks/groups/kernel-qa.yml

@@ -12,18 +12,20 @@
    - ${private}/vars.yml
    - ${vars}/${ansible_distribution}.yml
 
+  roles:
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+
   tasks:
   # this is how you include other task lists
   - include: $tasks/hosts.yml
   - include: $tasks/yumrepos.yml
   - include: $tasks/base.yml
-  - include: $tasks/fas_client.yml
   - include: $tasks/2fa_client.yml
   - include: $tasks/motd.yml
   - include: $tasks/sudo.yml
-  - include: $tasks/rkhunter.yml
-  - include: $tasks/denyhosts.yml
-  - include: $tasks/nagios_client.yml
 
 
   handlers:

playbooks/groups/keyserver.yml

@@ -29,17 +29,19 @@
    - ${private}/vars.yml
    - ${vars}/${ansible_distribution}.yml
 
+  roles:
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+
   tasks:
   - include: $tasks/hosts.yml
   - include: $tasks/yumrepos.yml
   - include: $tasks/base.yml
-  - include: $tasks/fas_client.yml
   - include: $tasks/2fa_client.yml
   - include: $tasks/motd.yml
   - include: $tasks/sudo.yml
-  - include: $tasks/rkhunter.yml
-  - include: $tasks/denyhosts.yml
-  - include: $tasks/nagios_client.yml
   - include: $tasks/fedmsg_base.yml
   - include: $tasks/apache.yml
   - include: $tasks/keyserver.yml

playbooks/groups/koji-hub.yml

@@ -30,17 +30,19 @@
    - ${private}/vars.yml
    - ${vars}/${ansible_distribution}.yml
 
+  roles:
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+
   tasks:
   - include: $tasks/hosts.yml
   - include: $tasks/yumrepos.yml
   - include: $tasks/base.yml
-  - include: $tasks/fas_client.yml
   - include: $tasks/2fa_client.yml
   - include: $tasks/motd.yml
   - include: $tasks/sudo.yml
-  - include: $tasks/rkhunter.yml
-  - include: $tasks/denyhosts.yml
-  - include: $tasks/nagios_client.yml
   - include: $tasks/collectd/client.yml
   - include: $tasks/koji/koji_hub.yml
 

playbooks/groups/mailman.yml

@@ -28,19 +28,21 @@
    - ${private}/vars.yml
    - ${vars}/${ansible_distribution}.yml
 
+  roles:
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+
   tasks:
   # this is how you include other task lists
   - include: $tasks/hosts.yml
   - include: $tasks/yumrepos.yml
   - include: $tasks/base.yml
-  - include: $tasks/fas_client.yml
   - include: $tasks/2fa_client.yml
   - include: $tasks/collectd/client.yml
   - include: $tasks/motd.yml
   - include: $tasks/sudo.yml
-  - include: $tasks/rkhunter.yml
-  - include: $tasks/denyhosts.yml
-  - include: $tasks/nagios_client.yml
 
   handlers:
   - include: $handlers/restart_services.yml

playbooks/groups/mirrorlist.yml

@@ -38,24 +38,26 @@
    - ${private}/vars.yml
    - ${vars}/${ansible_distribution}.yml
 
+  roles:
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - geoip
+  - fas_client
+  - mirrorlist
+
   tasks:
   # this is how you include other task lists
   - include: $tasks/hosts.yml
   - include: $tasks/yumrepos.yml
   - include: $tasks/base.yml
-  - include: $tasks/fas_client.yml
   - include: $tasks/2fa_client.yml
   - include: $tasks/collectd/client.yml
   - include: $tasks/openvpn_client.yml
   - include: $tasks/motd.yml
   - include: $tasks/sudo.yml
-  - include: $tasks/rkhunter.yml
-  - include: $tasks/denyhosts.yml
-  - include: $tasks/nagios_client.yml
   - include: $tasks/apache.yml
   - include: $tasks/mod_wsgi.yml
-  - include: $tasks/geoip.yml
-  - include: $tasks/mirrorlist.yml
 
 
   handlers:

playbooks/groups/postgresl-server.yml

@@ -30,20 +30,21 @@
    - ${private}/vars.yml
    - ${vars}/${ansible_distribution}.yml
 
-  tasks:
+  roles:
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - postgresql_server
+  - fas_client
+
   tasks:
   - include: $tasks/hosts.yml
   - include: $tasks/yumrepos.yml
   - include: $tasks/base.yml
-  - include: $tasks/fas_client.yml
   - include: $tasks/2fa_client.yml
   - include: $tasks/motd.yml
   - include: $tasks/sudo.yml
-  - include: $tasks/rkhunter.yml
-  - include: $tasks/denyhosts.yml
-  - include: $tasks/nagios_client.yml
   - include: $tasks/collectd/client.yml
-  - include: $tasks/postgresql_server.yml
 
 # TODO: add iscsi task
 

playbooks/groups/releng.yml

@@ -31,10 +31,12 @@
   - ${private}/vars.yml
   - ${vars}/${ansible_distribution}.yml
 
+  roles:
+  - nagios_client
+
   tasks:
   - include: $tasks/koji/releng_config.yml
   - include: $tasks/motd.yml
-  - include: $tasks/nagios_client.yml
 
   handlers:
   - include: $handlers/restart_services.yml

playbooks/groups/sign.yml

@@ -19,9 +19,11 @@
   tasks:
   - include: $tasks/base.yml
   - include: $tasks/serialgetty.yml
-  - include: $tasks/rkhunter.yml
   - include: $tasks/motd.yml
   - include: $tasks/sign_setup.yml
 
+  roles:
+  - rkhunter
+
   handlers:
   - include: $handlers/restart_services.yml

playbooks/groups/taskbot.yml

@@ -28,19 +28,21 @@
    - ${private}/vars.yml
    - ${vars}/${ansible_distribution}.yml
 
+  roles:
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+
   tasks:
   # this is how you include other task lists
   - include: $tasks/hosts.yml
   - include: $tasks/yumrepos.yml
   - include: $tasks/base.yml
-  - include: $tasks/fas_client.yml
   - include: $tasks/2fa_client.yml
   - include: $tasks/collectd/client.yml
   - include: $tasks/motd.yml
   - include: $tasks/sudo.yml
-  - include: $tasks/rkhunter.yml
-  - include: $tasks/denyhosts.yml
-  - include: $tasks/nagios_client.yml
 
   handlers:
   - include: $handlers/restart_services.yml

playbooks/groups/virthost.yml

@@ -12,18 +12,19 @@
    - ${private}/vars.yml
    - ${vars}/${ansible_distribution}.yml
 
-  tasks:
+  roles:
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+
   tasks:
   - include: $tasks/hosts.yml
   - include: $tasks/yumrepos.yml
   - include: $tasks/base.yml
-  - include: $tasks/fas_client.yml
   - include: $tasks/2fa_client.yml
   - include: $tasks/motd.yml
   - include: $tasks/sudo.yml
-  - include: $tasks/rkhunter.yml
-  - include: $tasks/denyhosts.yml
-  - include: $tasks/nagios_client.yml
   - include: $tasks/collectd/client.yml
   - include: $tasks/virthost.yml
 

playbooks/rkhunter_update.yml

@@ -6,20 +6,20 @@
 
   tasks:
   - name: expire-caches
-    action: command yum clean expire-cache
+    command: yum clean expire-cache
     
   - name: yum -y ${yumcommand}
-    action: command yum -y ${yumcommand}
+    command: yum -y ${yumcommand}
     async: 7200
     poll: 15
 
   - name: check for rkhunter
-    action: command /usr/bin/test -f /usr/bin/rkhunter
+    command: /usr/bin/test -f /usr/bin/rkhunter
     register: rkhunter
     ignore_errors: true
   
   - name: run rkhunter --propupd
-    action: command /usr/bin/rkhunter --propupd
+    command: /usr/bin/rkhunter --propupd
     when: rkhunter|success
 
 

roles/denyhosts/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: restart denyhosts
+  action: service name=denyhosts state=restarted

roles/denyhosts/tasks/main.yml

@@ -6,14 +6,14 @@
   - packages
 
 - name: /etc/denyhosts.conf
-  copy: src=$files/denyhosts/denyhosts.conf dest=/etc/denyhosts.conf
+  copy: src=denyhosts.conf dest=/etc/denyhosts.conf
   notify:
   - restart denyhosts
   tags:
   - config
 
 - name: /var/lib/denyhosts/allowed-hosts
-  copy: src=$files/denyhosts/allowed-hosts dest=/var/lib/denyhosts/allowed-hosts
+  copy: src=allowed-hosts dest=/var/lib/denyhosts/allowed-hosts
   notify:
   - restart denyhosts
   tags:

roles/fas_client/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: run fasclient
+  action: command /usr/bin/fasClient -i

roles/fas_client/tasks/main.yml

@@ -9,7 +9,7 @@
 # nss_db is needed to store user/group info.
 #
 - name: install package needed for fas-client
-  action: yum state=installed name=$item
+  yum: state=installed name=$item
   with_items:
   - fas-clients
   - cronie
@@ -27,7 +27,7 @@
   - packages
 
 - name: install nss_db on rhel hosts only
-  action: yum state=installed name=nss_db
+  yum: state=installed name=nss_db
   only_if: "'${ansible_distribution}' == 'RedHat'"
   tags:
   - packages
@@ -36,7 +36,7 @@
 # setup /etc/nsswitch.conf to use nssdb
 #
 - name: setup /etc/nsswitch.conf for client use
-  action: copy src=$files/fas-client/nsswitch.conf  dest=/etc/nsswitch.conf owner=root mode=644
+  copy: src=nsswitch.conf  dest=/etc/nsswitch.conf owner=root mode=644
   tags:
   - config
 
@@ -54,12 +54,12 @@
 # Currently the default template is used, but could be modified on a host basis. 
 #
 - name: setup /etc/fas.conf for client use
-  action: template src=$item dest=/etc/fas.conf owner=root mode=600
+  template: src=$item dest=/etc/fas.conf owner=root mode=600
   with_first_found:
-  - $files/fas-client/${ansible_fqdn}.fas.conf.j2 
+  - ${ansible_fqdn}.fas.conf.j2 
-  - $files/fas-client/${ansible_hostname}.fas.conf.j2 
+  - ${ansible_hostname}.fas.conf.j2 
-  - $files/fas-client/${ansible_hostname}.fas.conf.j2 
+  - ${ansible_hostname}.fas.conf.j2 
-  - $files/fas-client/fas.conf.j2
+  - fas.conf.j2
   tags:
   - config
   notify:
@@ -75,6 +75,6 @@
 #  - config
 
 - name: fas_client cron job
-  action: copy src=$files/fas-client/fas-client.cron dest=/etc/cron.d/fas-client owner=root mode=644
+  copy: src=fas-client.cron dest=/etc/cron.d/fas-client owner=root mode=644
   tags:
   - config

roles/geoip/tasks/main.yml

@@ -10,6 +10,4 @@
   with_fileglob: $bigfiles/geoip/*.dat
 
 - name: geoip syncing script via cron
-  copy: src=$files/geoip/geoip_sync dest=/etc/cron.d/geoip_sync mode=0644
+  copy: src=geoip_sync dest=/etc/cron.d/geoip_sync mode=0644
-
-

roles/mirrorlist/tasks/main.yml

@@ -16,11 +16,11 @@
 - name: add authorized_keys for mirrormanager
   authorized_key: key="{{ item }}" user=mirrormanager state=present
   with_file:
-  - $files/mirrorlist/mm-authorized_key
+  - mm-authorized_key
 
 # install mirrorlist-server.conf apache config
 - name: mirrorlist-server apache conf
-  copy: src=$files/mirrorlist/mirrorlist-server.conf dest=/etc/httpd/conf.d/mirrorlist-server.conf
+  copy: src=mirrorlist-server.conf dest=/etc/httpd/conf.d/mirrorlist-server.conf
   notify:
   - restart apache
   tags:
@@ -39,7 +39,7 @@
 
 # setup and configure supervisord
 - name: /etc/supervisord.conf
-  copy: src=$files/mirrorlist/supervisord.conf dest=/etc/supervisord.conf mode=0644
+  copy: src=supervisord.conf dest=/etc/supervisord.conf mode=0644
   notify:
   - restart supervisord
 

roles/nagios_client/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: restart nrpe
+  action: service name=nrpe state=restarted

roles/nagios_client/tasks/main.yml

@@ -18,7 +18,7 @@
   - packages
 
 - name: install local nrpe check scripts that are not packaged
-  copy: src=$files/nagios/client/scripts/$item dest=/usr/lib64/nagios/plugins/$item mode=0755 owner=nagios group=nagios
+  copy: src=scripts/$item dest=/usr/lib64/nagios/plugins/$item mode=0755 owner=nagios group=nagios
   with_items:
   - check_postfix_queue
   - check_raid.py
@@ -36,14 +36,14 @@
 # FIXME? figure out nrpe selinux policy of DOOM is needed
 
 - name: /etc/nagios/nrpe.cfg
-  template: src=$files/nagios/client/nrpe.cfg dest=/etc/nagios/nrpe.cfg
+  template: src=nrpe.cfg dest=/etc/nagios/nrpe.cfg
   notify:
   - restart nrpe
   tags:
   - config
 
 - name: install nrpe client configs
-  template: src=$files/nagios/client/$item dest=/etc/nrpe.d/$item
+  template: src=$item dest=/etc/nrpe.d/$item
   with_items:
   - check_mirrorlist_cache.cfg
   - check_raid.cfg

roles/postgresql_server/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: restart postgresql
+  service: name=postgresql state=restarted

roles/rkhunter/tasks/main.yml

@@ -6,12 +6,12 @@
   - packages
 
 - name: rkhunter.conf
-  template: src=$files/rkhunter/rkhunter.conf.j2 dest=/etc/rkhunter.conf mode=0640
+  template: src=rkhunter.conf.j2 dest=/etc/rkhunter.conf mode=0640
   tags:
   - config
 
 - name: rkhunter sysconfig
-  copy: src=$files/rkhunter/rkhunter.sysconfig dest=/etc/sysconfig/rkhunter mode=0640
+  copy: src=rkhunter.sysconfig dest=/etc/sysconfig/rkhunter mode=0640
   tags:
   - config