215 lines
6.6 KiB
YAML
215 lines
6.6 KiB
YAML
- name: check/create instance
|
|
hosts: 209.132.184.142
|
|
user: root
|
|
gather_facts: False
|
|
|
|
vars_files:
|
|
- /srv/web/infra/ansible/vars/global.yml
|
|
- "{{ private }}/vars.yml"
|
|
|
|
tasks:
|
|
- include: "{{ tasks }}/persistent_cloud.yml"
|
|
- include: "{{ tasks }}/growroot_cloud.yml"
|
|
|
|
- name: provision instance
|
|
hosts: 209.132.184.142
|
|
user: root
|
|
gather_facts: True
|
|
|
|
vars_files:
|
|
- /srv/web/infra/ansible/vars/global.yml
|
|
- "{{ private }}/vars.yml"
|
|
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
|
|
|
# Roles are run first, before tasks, regardless of where you place them here.
|
|
roles:
|
|
- fedmsg/base
|
|
|
|
tasks:
|
|
- include: "{{ tasks }}/cloud_setup_basic.yml"
|
|
- include: "{{ tasks }}/iptables.yml"
|
|
|
|
- name: prepare mount point
|
|
action: file state=directory path=/var/lib/copr/public_html
|
|
|
|
- name: mount up disk of copr repo
|
|
action: mount name=/var/lib/copr/public_html src='LABEL=copr-repo' fstype=ext4 state=mounted
|
|
|
|
# We cannot use repo pointing to ourselfs :(
|
|
#- name: copy copr.repo
|
|
# action: copy src=$files/copr/fe/yum/copr.repo dest=/etc/yum.repos.d/copr.repo
|
|
|
|
- name: set the hostname
|
|
shell: hostname copr-be.cloud.fedoraproject.org
|
|
|
|
- name: copy .forward file
|
|
action: copy src="{{ files }}/copr/forward" dest=/root/.forward owner=root group=root
|
|
|
|
# packages needed
|
|
- name: add packages for copr-be
|
|
action: yum state=present name={{ item }}
|
|
with_items:
|
|
- copr-selinux
|
|
- copr-backend
|
|
- git
|
|
- screen
|
|
- fail2ban
|
|
- system-config-firewall-base
|
|
|
|
|
|
- name: make copr dirs
|
|
file: state=directory path={{ item }}
|
|
with_items:
|
|
- /var/lib/copr/jobs
|
|
- /var/lib/copr/public_html/results
|
|
|
|
- name: Umask results
|
|
action: command /usr/bin/umask 0000 chdir=/var/lib/copr/public_html/results
|
|
|
|
- name: setup dirs there
|
|
action: file state=directory path="/home/copr/{{ item }}" owner=copr group=copr mode=0700
|
|
with_items:
|
|
- cloud
|
|
- .ssh
|
|
|
|
- name: add copr-buildsys keys to copr user path
|
|
action: copy src={{ item }} dest=/home/copr/cloud/ owner=copr group=copr mode=0600
|
|
with_fileglob:
|
|
- "{{ private }}/files/openstack/copr-copr/*"
|
|
|
|
- name: setup privkey for copr user
|
|
action: copy src="{{ private }}/files/copr/buildsys.priv" dest=/home/copr/.ssh/id_rsa owner=copr group=copr mode=600
|
|
|
|
- name: setup copr user ssh config file
|
|
action: copy src="{{ files }}/copr/ssh_config" dest=/home/copr/.ssh/config owner=copr group=copr mode=600
|
|
|
|
- name: create empty known_hosts
|
|
action: copy src=/dev/null dest=/home/copr/.ssh/known_hosts owner=copr group=copr mode=600
|
|
|
|
- name: replace bashrc for copr user
|
|
action: copy src="{{ files }}/copr/copr_bashrc" dest=/home/copr/.bashrc owner=copr group=copr mode=600
|
|
|
|
- name: auth_key so we can login to localhost as the copr user from the copr user
|
|
action: authorized_key user=copr key="{{ item }}"
|
|
with_file:
|
|
- "{{ files }}/copr/provision/files/buildsys.pub"
|
|
|
|
- name: copy .boto file
|
|
action: copy src="{{ files }}/copr/boto" dest=/home/copr/.boto owner=copr group=copr
|
|
|
|
# setup webserver
|
|
- name: add config for copr-repo path
|
|
action: copy src="{{ files }}/copr/lighttpd/lighttpd.conf" dest=/etc/lighttpd/lighttpd.conf owner=root group=root mode=0644
|
|
notify:
|
|
- restart lighttpd
|
|
|
|
# - name: copy httpd ssl certificates
|
|
# action: copy src="{{ puppet_private }}/httpd/{{ item }}" dest="/etc/lighttpd/{{ item }}" owner=root group=root mode=0600
|
|
# with_items:
|
|
# - coprs-be.fedoraproject.org.key
|
|
# - coprs-be.fedoraproject.org.crt
|
|
# notify:
|
|
# - concate ssl certs
|
|
# tags:
|
|
# - config
|
|
|
|
# mime default to text/plain and enable dirlisting for indexes
|
|
- name: update lighttpd configs
|
|
action: copy src="{{ files }}/copr/lighttpd/{{ item }}" dest="/etc/lighttpd/conf.d/{{ item }}" owner=root group=root mode=0644
|
|
with_items:
|
|
- dirlisting.conf
|
|
- mime.conf
|
|
notify:
|
|
- restart lighttpd
|
|
|
|
- name: start webserver
|
|
service: state=running enabled=yes name=lighttpd
|
|
|
|
- name: start fail2ban
|
|
service: state=running enabled=yes name=fail2ban
|
|
|
|
# setup dirs for the ansible execution off of provisioning
|
|
- name: dirs from provision
|
|
action: file state=directory path="/home/copr/provision/{{ item }}" owner=copr group=copr
|
|
with_items:
|
|
- action_plugins
|
|
- library
|
|
- files
|
|
- files/mock
|
|
tags:
|
|
- provision_config
|
|
|
|
- name: put ansible.cfg for all this into /etc/ansible/ on the system
|
|
action: copy src="{{ files }}/copr/provision/ansible.cfg" dest=/etc/ansible/ansible.cfg
|
|
tags:
|
|
- provision_config
|
|
|
|
|
|
- name: put some files into the provision subdir
|
|
action: copy src="{{ files }}/copr/provision/{{ item }}" dest="/home/copr/provision/{{ item }}"
|
|
with_items:
|
|
- inventory
|
|
- builderpb.yml
|
|
- terminatepb.yml
|
|
tags:
|
|
- provision_config
|
|
|
|
- name: put files into the files subdir off of provisioning
|
|
action: copy src={{ item }} dest=/home/copr/provision/files/
|
|
with_fileglob:
|
|
- "{{ files }}/copr/provision/files/*"
|
|
tags:
|
|
- provision_config
|
|
|
|
# ansible lacks a recurse - so we need this until then
|
|
- name: put files into the files/mock subdir off of provisioning
|
|
action: copy src={{ item }} dest=/home/copr/provision/files/mock
|
|
with_fileglob:
|
|
- "{{ files }}/copr/provision/files/mock/*"
|
|
tags:
|
|
- provision_config
|
|
|
|
- name: copy copr-be.conf
|
|
template: src="{{ files }}/copr/copr-be.conf" dest=/etc/copr/copr-be.conf owner=root group=copr mode=640
|
|
notify:
|
|
- restart copr-backend
|
|
tags:
|
|
- config
|
|
|
|
- name: fedmsg certs
|
|
copy: >
|
|
src="{{ private }}/files/fedmsg-certs/keys/copr-copr-be.cloud.fedoraproject.org.crt"
|
|
dest=/etc/pki/fedmsg/
|
|
mode=644
|
|
owner=root
|
|
group=copr
|
|
|
|
- name: fedmsg keys
|
|
copy: >
|
|
src="{{ private }}/files/fedmsg-certs/keys/copr-copr-be.cloud.fedoraproject.org.key"
|
|
dest=/etc/pki/fedmsg/
|
|
mode=0640
|
|
owner=root
|
|
group=copr
|
|
|
|
# open up ports (22, 80, 443)
|
|
- name: poke holes in the firewall
|
|
action: command lokkit {{ item }}
|
|
with_items:
|
|
- --service=ssh
|
|
- --service=https
|
|
- --service=http
|
|
|
|
handlers:
|
|
- include: "{{ handlers }}/restart_services.yml"
|
|
- name: concate ssl certs
|
|
action: command cat /etc/lighttpd/coprs-be.fedoraproject.org.key /etc/lighttpd/coprs-be.fedoraproject.org.crt > /etc/lighttpd/coprs-be.fedoraproject.org.pem
|
|
notify:
|
|
- chmod_key
|
|
- restart lighttpd
|
|
- name: chmod_key
|
|
action: file path=/etc/lighttpd/coprs-be.fedoraproject.org.pem owner=root group=root mode=0600
|
|
- name: restart copr-backend
|
|
service: name=copr-backend state=restarted
|
|
- name: restart lighttpd
|
|
service: name=lighttpd state=restarted
|