diff --git a/playbooks/groups/darkserver.yml b/playbooks/groups/darkserver.yml new file mode 100644 index 0000000000..4bb0fa5dd1 --- /dev/null +++ b/playbooks/groups/darkserver.yml @@ -0,0 +1,68 @@ +# create a new darkserver server +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/darkserver* or from hostvars + +- name: make darkserver + hosts: darkserver + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: make the box be real + hosts: darkserver + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - { role: denyhosts, when: ansible_distribution_major_version != '7' } + - nagios_client + - hosts + - fas_client + - rsyncd + - sudo + - { role: openvpn/client, + when: env != "staging" } + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/apache.yml" + - include: "{{ tasks }}/mod_wsgi.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: deploy darkserver itself + hosts: darkserver + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "{{ private }}/vars.yml" + - "{{ vars_path }}/{{ ansible_distribution }}.yml" + + roles: + - darkserver + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/roles/darkserver/tasks/main.yml b/roles/darkserver/tasks/main.yml new file mode 100644 index 0000000000..584f7b73c9 --- /dev/null +++ b/roles/darkserver/tasks/main.yml @@ -0,0 +1,29 @@ +--- +# Configuration for the fedocal webapp + +- name: clean yum metadata + command: yum clean all + tags: + - packages + +- name: install needed packages + yum: pkg={{ item }} state=present + with_items: + - darkserver + - darkserver-importer + tags: + - packages + +- name: Install all the configuration file of darkserver + template: src={{ item.file }} + dest={{ item.location }}/{{ item.file }} + owner=apache group=apache mode=0640 + with_items: + - { file: darkserverweb.conf, location: /etc/darkserver/darkserverweb.conf } + - { file: darkjobworker.conf, location: /etc/darkserver/darkjobworker.conf } + - { file: email.json, location: /etc/darkserver/email.json } + tags: + - config + notify: + - restart apache + diff --git a/roles/darkserver/templates/darkjobworker.conf b/roles/darkserver/templates/darkjobworker.conf new file mode 100644 index 0000000000..ae1bafeca0 --- /dev/null +++ b/roles/darkserver/templates/darkjobworker.conf @@ -0,0 +1,12 @@ +[darkserver] +{% if env == 'staging' %} +host=db-darkserver.stg +{% else %} +host=db-darkserver +{% endid %} +database=darkserver +user=darkwriter +password={{ darkserverWriterDBPassword }} +port=3306 +unique=127.0.0.1 + diff --git a/roles/darkserver/templates/darkserver.conf b/roles/darkserver/templates/darkserver.conf new file mode 100644 index 0000000000..a49a2459b2 --- /dev/null +++ b/roles/darkserver/templates/darkserver.conf @@ -0,0 +1,11 @@ +[darkserver] +{% if env == 'staging' %} +host=db-darkserver.stg +{% else %} +host=db-darkserver +{% endid %} +user=darkserver-koji +password={{ darkserverKojiPluginDBPassword }} +database=darkserver +port=3306 + diff --git a/roles/darkserver/templates/darkserverweb.conf b/roles/darkserver/templates/darkserverweb.conf new file mode 100644 index 0000000000..e209657934 --- /dev/null +++ b/roles/darkserver/templates/darkserverweb.conf @@ -0,0 +1,10 @@ +[darkserverweb] +{% if env == 'staging' %} +host=db-darkserver.stg +{% else %} +host=db-darkserver +{% endif %} +user=darkreader +password={{ darkserverReaderDBPassword }} +database=darkserver + diff --git a/roles/darkserver/templates/email.json b/roles/darkserver/templates/email.json new file mode 100644 index 0000000000..4e7ed3a55a --- /dev/null +++ b/roles/darkserver/templates/email.json @@ -0,0 +1 @@ +"sysadmin-darkserver-members@fedoraproject.org"