102 lines
2.8 KiB
YAML
102 lines
2.8 KiB
YAML
# create a new mirrorlist server
|
|
# NOTE: should be used with --limit most of the time
|
|
# NOTE: make sure there is room/space for this server on the vmhost
|
|
# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars
|
|
|
|
- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=mirrorlist2:mirrorlist2-stg"
|
|
|
|
- name: make the box be real
|
|
hosts: mirrorlist2:mirrorlist2-stg
|
|
user: root
|
|
gather_facts: True
|
|
|
|
vars_files:
|
|
- /srv/web/infra/ansible/vars/global.yml
|
|
- "/srv/private/ansible/vars.yml"
|
|
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
|
|
|
pre_tasks:
|
|
- name: Install policycoreutils-python
|
|
yum: pkg=policycoreutils-python state=present
|
|
|
|
- name: Create /srv/web/ for all the goodies.
|
|
file: >
|
|
dest=/srv/web state=directory
|
|
owner=root group=root mode=0755
|
|
tags:
|
|
- httpd
|
|
- httpd/website
|
|
|
|
- name: check the selinux context of webdir
|
|
command: matchpathcon /srv/web
|
|
register: webdir
|
|
always_run: yes
|
|
changed_when: "1 != 1"
|
|
tags:
|
|
- config
|
|
- selinux
|
|
- httpd
|
|
- httpd/website
|
|
|
|
- name: /srv/web file contexts
|
|
command: semanage fcontext -a -t httpd_sys_content_t "/srv/web(/.*)?"
|
|
when: webdir.stdout.find('httpd_sys_content_t') == -1
|
|
tags:
|
|
- config
|
|
- selinux
|
|
- httpd
|
|
- httpd/website
|
|
|
|
roles:
|
|
- base
|
|
- rkhunter
|
|
- nagios_client
|
|
- geoip
|
|
- hosts
|
|
- fas_client
|
|
- collectd/base
|
|
- apache
|
|
- httpd/mod_ssl
|
|
|
|
- role: httpd/certificate
|
|
name: wildcard-2014.stg.fedoraproject.org
|
|
SSLCertificateChainFile: wildcard-2014.stg.fedoraproject.org.intermediate.cert
|
|
when: env == "staging"
|
|
|
|
- role: httpd/website
|
|
name: mirrorlist-phx2.stg.phx2.fedoraproject.org
|
|
cert_name: wildcard-2014.stg.fedoraproject.org
|
|
SSLCertificateChainFile: wildcard-2014.stg.fedoraproject.org.intermediate.cert
|
|
when: env == "staging"
|
|
|
|
- role: httpd/certificate
|
|
name: wildcard-2014.fedoraproject.org
|
|
SSLCertificateChainFile: wildcard-2014.fedoraproject.org.intermediate.cert
|
|
when: env != "staging"
|
|
|
|
- role: httpd/website
|
|
name: mirrorlist-phx2.fedoraproject.org
|
|
cert_name: wildcard-2014.fedoraproject.org
|
|
server_aliases:
|
|
- mirrorlist-dedicatedsolutions.fedoraproject.org
|
|
- mirrorlist-host1plus.fedoraproject.org
|
|
- mirrorlist-ibiblio.fedoraproject.org
|
|
- mirrorlist-ibiblio02.fedoraproject.org
|
|
- mirrorlist-osuosl.fedoraproject.org
|
|
when: env != "staging"
|
|
|
|
- mirrormanager/mirrorlist2
|
|
- sudo
|
|
- { role: openvpn/client,
|
|
when: env != "staging" }
|
|
|
|
tasks:
|
|
# this is how you include other task lists
|
|
- include: "{{ tasks }}/yumrepos.yml"
|
|
- include: "{{ tasks }}/2fa_client.yml"
|
|
- include: "{{ tasks }}/motd.yml"
|
|
- include: "{{ tasks }}/mod_wsgi.yml"
|
|
|
|
|
|
handlers:
|
|
- include: "{{ handlers }}/restart_services.yml"
|