Add the darkserver playbook

playbooks/groups/darkserver.yml

@@ -0,0 +1,68 @@
+# create a new darkserver server
+# NOTE: should be used with --limit most of the time
+# NOTE: make sure there is room/space for this server on the vmhost
+# NOTE: most of these vars_path come from group_vars/darkserver* or from hostvars
+
+- name: make darkserver
+  hosts: darkserver
+  user: root
+  gather_facts: False
+
+  vars_files: 
+   - /srv/web/infra/ansible/vars/global.yml
+   - "{{ private }}/vars.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  tasks:
+  - include: "{{ tasks }}/virt_instance_create.yml"
+
+  handlers:
+  - include: "{{ handlers }}/restart_services.yml"
+
+- name: make the box be real
+  hosts: darkserver
+  user: root
+  gather_facts: True
+
+  vars_files: 
+   - /srv/web/infra/ansible/vars/global.yml
+   - "{{ private }}/vars.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  roles:
+  - base
+  - rkhunter
+  - { role: denyhosts, when: ansible_distribution_major_version != '7' }
+  - nagios_client
+  - hosts
+  - fas_client
+  - rsyncd
+  - sudo
+  - { role: openvpn/client,
+      when: env != "staging" }
+
+  tasks:
+  - include: "{{ tasks }}/yumrepos.yml"
+  - include: "{{ tasks }}/2fa_client.yml"
+  - include: "{{ tasks }}/motd.yml"
+  - include: "{{ tasks }}/apache.yml"
+  - include: "{{ tasks }}/mod_wsgi.yml"
+
+  handlers:
+  - include: "{{ handlers }}/restart_services.yml"
+
+- name: deploy darkserver itself
+  hosts: darkserver
+  user: root
+  gather_facts: True
+
+  vars_files:
+   - /srv/web/infra/ansible/vars/global.yml
+   - "{{ private }}/vars.yml"
+   - "{{ vars_path }}/{{ ansible_distribution }}.yml"
+
+  roles:
+  - darkserver
+
+  handlers:
+  - include: "{{ handlers }}/restart_services.yml"

roles/darkserver/tasks/main.yml

@@ -0,0 +1,29 @@
+---
+# Configuration for the fedocal webapp
+
+- name: clean yum metadata
+  command: yum clean all
+  tags:
+  - packages
+
+- name: install needed packages
+  yum: pkg={{ item }} state=present
+  with_items:
+  - darkserver
+  - darkserver-importer
+  tags:
+  - packages
+
+- name: Install all the configuration file of darkserver
+  template: src={{ item.file }}
+            dest={{ item.location }}/{{ item.file }}
+            owner=apache group=apache mode=0640
+  with_items:
+  - { file: darkserverweb.conf, location: /etc/darkserver/darkserverweb.conf }
+  - { file: darkjobworker.conf, location: /etc/darkserver/darkjobworker.conf }
+  - { file: email.json, location: /etc/darkserver/email.json }
+  tags:
+  - config
+  notify:
+  - restart apache
+

roles/darkserver/templates/darkjobworker.conf

@@ -0,0 +1,12 @@
+[darkserver]
+{% if env == 'staging' %}
+host=db-darkserver.stg
+{% else %}
+host=db-darkserver
+{% endid %}
+database=darkserver
+user=darkwriter
+password={{ darkserverWriterDBPassword }}
+port=3306
+unique=127.0.0.1
+

roles/darkserver/templates/darkserver.conf

@@ -0,0 +1,11 @@
+[darkserver]
+{% if env == 'staging' %}
+host=db-darkserver.stg
+{% else %}
+host=db-darkserver
+{% endid %}
+user=darkserver-koji
+password={{ darkserverKojiPluginDBPassword }}
+database=darkserver
+port=3306
+

roles/darkserver/templates/darkserverweb.conf

@@ -0,0 +1,10 @@
+[darkserverweb]
+{% if env == 'staging' %}
+host=db-darkserver.stg
+{% else %}
+host=db-darkserver
+{% endif %}
+user=darkreader
+password={{ darkserverReaderDBPassword }}
+database=darkserver
+

roles/darkserver/templates/email.json

@@ -0,0 +1 @@
+"sysadmin-darkserver-members@fedoraproject.org"