ansible/playbooks/groups/secondary.yml

74 lines
2.4 KiB
YAML

- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=secondary"
- name: setup secondary arch download server
hosts: secondary
user: root
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml"
roles:
- base
- rkhunter
- nagios_client
- hosts
- fas_client
- collectd/base
- download
- rsyncd
- sudo
- { role: nfs/client,
mnt_dir: '/srv/pub/archive',
nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub/archive' }
- { role: nfs/client,
mnt_dir: '/srv/pub/alt',
nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4",
nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub/alt' }
- { role: nfs/client,
mnt_dir: '/srv/pub/fedora-secondary',
nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4",
nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub/fedora-secondary' }
- role: apache
- role: httpd/mod_ssl
- role: httpd/certificate
name: "{{wildcard_cert_name}}"
SSLCertificateChainFile: "{{wildcard_int_file}}"
- role: httpd/website
name: secondary.fedoraproject.org
cert_name: "{{wildcard_cert_name}}"
server_aliases:
- archive.fedoraproject.org
- archives.fedoraproject.org
tasks:
- include: "{{ tasks_path }}/yumrepos.yml"
- include: "{{ tasks_path }}/2fa_client.yml"
- include: "{{ tasks_path }}/motd.yml"
- name: Install some misc packages needed for various tasks
yum: pkg={{ item }} state=present
with_items:
- createrepo
- koji
- python-scandir
- python2-productmd
- name: add create-filelist script from quick-fedora-mirror
copy: src="{{ files }}/scripts/create-filelist" dest=/usr/local/bin/create-filelist mode=0755
- name: add cron script to update fullfiletimelist
copy: src="{{ files }}/scripts/update-fullfiletimelist" dest=/usr/local/bin/update-fullfiletimelist mode=0755
- name: Update fullfiletimelist job
cron: name="update-fullfiletimelist" hour="*" minute="55" user="root"
job="/usr/local/bin/lock-wrapper update-fullfiletimelist '/usr/local/bin/update-fullfiletimelist -l /tmp/update-fullfiletimelist.lock -t /srv/pub alt'"
cron_file=update-fullfiletimelist
handlers:
- include: "{{ handlers_path }}/restart_services.yml"