From 9087421403928ae7b2009b37fbdeb10836f9aae2 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Sun, 9 Aug 2015 19:37:57 +0000 Subject: [PATCH 01/14] Drop prerelease redirect in stg. --- playbooks/include/proxies-redirects.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/playbooks/include/proxies-redirects.yml b/playbooks/include/proxies-redirects.yml index 99b636d509..eba564daea 100644 --- a/playbooks/include/proxies-redirects.yml +++ b/playbooks/include/proxies-redirects.yml @@ -136,11 +136,12 @@ # back to the main release. # This should be disabled when there is a prerelease # - name: prerelease-to-final - website: getfedora.org - regex: /(.*)/prerelease.*$ - target: https://stg.getfedora.org/$1 - when: env == 'staging' +# - role: httpd/redirectmatch +# name: prerelease-to-final +# website: getfedora.org +# regex: /(.*)/prerelease.*$ +# target: https://stg.getfedora.org/$1 +# when: env == 'staging' - role: httpd/redirectmatch name: prerelease-to-final From d0f4e6f6f956133da4116025eead691d4d96fbb7 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Mon, 10 Aug 2015 22:29:44 +0000 Subject: [PATCH 02/14] HOTFIX: Make sure that only fas01clears sessions This will prevent deadlocks in the SQL server --- roles/fas_server/files/controllers.py | 263 ++++++++++++++++++++++++++ roles/fas_server/tasks/main.yml | 9 + 2 files changed, 272 insertions(+) create mode 100644 roles/fas_server/files/controllers.py diff --git a/roles/fas_server/files/controllers.py b/roles/fas_server/files/controllers.py new file mode 100644 index 0000000000..6b15a46ad6 --- /dev/null +++ b/roles/fas_server/files/controllers.py @@ -0,0 +1,263 @@ +# -*- coding: utf-8 -*- +# +# Copyright © 2008 Ricky Zhou +# Copyright © 2008-2014 Red Hat, Inc. +# +# This copyrighted material is made available to anyone wishing to use, modify, +# copy, or redistribute it subject to the terms and conditions of the GNU +# General Public License v.2. This program is distributed in the hope that it +# will be useful, but WITHOUT ANY WARRANTY expressed or implied, including the +# implied warranties of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# See the GNU General Public License for more details. You should have +# received a copy of the GNU General Public License along with this program; +# if not, write to the Free Software Foundation, Inc., 51 Franklin Street, +# Fifth Floor, Boston, MA 02110-1301, USA. Any Red Hat trademarks that are +# incorporated in the source code or documentation are not subject to the GNU +# General Public License and may only be used or replicated with the express +# permission of Red Hat, Inc. +# +# Author(s): Ricky Zhou +# Mike McGrath +# Toshio Kuratomi +# +from bunch import Bunch + +from turbogears import expose, config, identity, redirect +from turbogears.database import session +from cherrypy import request + +import turbogears +import cherrypy +import time + +from fedora.tg import controllers as f_ctrlers +from fedora.tg.utils import request_format + +from fas import release +from fas.user import User +from fas.group import Group +from fas.configs import Config +from fas.fpca import FPCA +from fas.json_request import JsonRequest +from fas.help import Help +from fas.model import Session, People +from fas.model import SessionTable + + +from fas.auth import undeprecated_cla_done +from fas.util import available_languages + +from fas import plugin + +import os + +import datetime + +import socket + +try: + import cPickle as pickle +except ImportError: + import pickle + +class SQLAlchemyStorage: + def __init__(self): + pass + + def load(self, session_id): + s = Session.query.get(session_id) + if not s: + return None + expiration_time = s.expiration_time + pickled_data = s.data + data = pickle.loads(pickled_data.encode('utf-8')) + return (data, expiration_time) + + # This is an iffy one. CherryPy's built in session + # storage classes use delete(self, id=None), but it + # isn't called from anywhere in cherrypy. I think we + # can do this as long as we're careful about how we call it. + def delete(self, session_id=None): + if session_id is None: + session_id = cherrypy.session.id + s = Session.query.get(session_id) + session.delete(s) + session.flush() + + def save(self, session_id, data, expiration_time): + pickled_data = pickle.dumps(data) + s = Session.query.get(session_id) + if not s: + s = Session() + s.id = session_id + s.data = pickled_data + s.expiration_time = expiration_time + session.flush() + + def acquire_lock(self): + pass + + def release_lock(self): + pass + + def clean_up(self, sess): + # This is to make sure that only one server cleans up sessions + if socket.gethostname() != 'fas01.phx2.fedoraproject.org': + return + result = SessionTable.delete( + SessionTable.c.expiration_time.__lt__(datetime.datetime.now()) + ).execute() + +config.update({'session_filter.storage_class': SQLAlchemyStorage}) + +def get_locale(locale=None): + if locale: + return locale + try: + return turbogears.identity.current.user.locale + except AttributeError: + pass + try: + return cherrypy.request.simple_cookie['fas_locale'].value + except KeyError: + pass + + default_language = config.get('default_language', + turbogears.i18n.utils._get_locale()) + return default_language + +config.update({'i18n.get_locale': get_locale}) + + +def add_custom_stdvars(variables): + return variables.update({'gettext': _, "lang": get_locale(), + 'available_languages': available_languages(), + 'fas_version': release.VERSION, + 'webmaster_email': config.get('webmaster_email')}) +turbogears.view.variable_providers.append(add_custom_stdvars) + +# from fas import json +# import logging +# log = logging.getLogger("fas.controllers") + +#TODO: Appropriate flash icons for errors, etc. +# mmcgrath wonders if it will be handy to expose an encrypted mailer with fas +# over json for our apps + +class Root(plugin.RootController): + + user = User() + group = Group() + fpca = FPCA() + json = JsonRequest() + config = Config() + help = Help() + + def __init__(self): + # TODO: Find a better place for this. + os.environ['GNUPGHOME'] = config.get('gpghome') + plugin.RootController.__init__(self) + + def getpluginident(self): + return 'fas' + + @expose(template="fas.templates.welcome", allow_json=True) + def index(self): + if turbogears.identity.not_anonymous(): + if request_format() == 'json': + # redirects don't work with JSON calls. This is a bit of a + # hack until we can figure out something better. + return dict() + turbogears.redirect('/home') + return dict(now=time.ctime()) + + @identity.require(identity.not_anonymous()) + @expose(template="fas.templates.home", allow_json=True) + def home(self): + user_name = turbogears.identity.current.user_name + person = People.by_username(user_name) + (cla_done, undeprecated_cla) = undeprecated_cla_done(person) + + person = person.filter_private() + return dict(person=person, memberships=person['memberships'], cla=undeprecated_cla) + + @expose(template="fas.templates.about") + def about(self): + return dict() + + @expose(template="fas.templates.login", allow_json=True) + def login(self, forward_url=None, *args, **kwargs): + '''Page to become authenticated to the Account System. + + This shows a small login box to type in your username and password + from the Fedora Account System. + + :kwarg forward_url: The url to send to once authentication succeeds + ''' + actual_login_dict = f_ctrlers.login(forward_url=forward_url, *args, **kwargs) + + try: + login_dict = Bunch() + login_dict['user'] = Bunch() + for field in People.allow_fields['complete']: + login_dict['user'][field] = None + for field in People.allow_fields['self']: + login_dict['user'][field] = getattr(actual_login_dict['user'], field) + # Strip out things that the user shouldn't see about their own + # login + login_dict['user']['internal_comments'] = None + login_dict['user']['emailtoken'] = None + login_dict['user']['security_answer'] = None + login_dict['user']['alias_enabled'] = None + login_dict['user']['passwordtoken'] = None + + # Add things that are needed by some other apps + login_dict['user'].approved_memberships = list( + actual_login_dict['user'].approved_memberships) + login_dict['user'].memberships = list(actual_login_dict['user'].memberships) + login_dict['user'].unapproved_memberships = list( + actual_login_dict['user'].unapproved_memberships) + login_dict['user'].group_roles = list(actual_login_dict['user'].group_roles) + login_dict['user'].roles = list(actual_login_dict['user'].roles) + login_dict['user'].groups = [g.name for g in actual_login_dict['user'].approved_memberships] + return login_dict + except KeyError, e: + # No problem, this usually means that we failed to login and + # therefore we don't have a user field. + login_dict = actual_login_dict + + if not identity.current.anonymous and identity.was_login_attempted() \ + and not identity.get_identity_errors(): + # Success that needs to be passed back via json + return login_dict + + if identity.was_login_attempted() and request.fas_provided_username: + if request.fas_identity_failure_reason == 'status_inactive': + turbogears.flash(_('Your old password has expired. Please' + ' reset your password below.')) + if request_format() != 'json': + redirect('/user/resetpass') + if request.fas_identity_failure_reason == 'status_account_disabled': + turbogears.flash(_('Your account is currently disabled. For' + ' more information, please contact %(admin_email)s' % + {'admin_email': config.get('accounts_email')})) + if request_format() != 'json': + redirect('/login') + + return login_dict + + @expose(allow_json=True) + def logout(self): + return f_ctrlers.logout() + + @expose() + def language(self, locale): + if locale not in available_languages(): + turbogears.flash(_('The language \'%s\' is not available.') % locale) + redirect(request.headers.get("Referer", "/")) + return dict() + #turbogears.i18n.set_session_locale(locale) + cherrypy.response.simple_cookie['fas_locale'] = locale + redirect(request.headers.get("Referer", "/")) + return dict() + diff --git a/roles/fas_server/tasks/main.yml b/roles/fas_server/tasks/main.yml index 57370a8704..980013def3 100644 --- a/roles/fas_server/tasks/main.yml +++ b/roles/fas_server/tasks/main.yml @@ -355,3 +355,12 @@ - config - fas - hotfixfas + +- name: HOTFIX make sure only fas01 cleans up sessions + copy: src={{ roles }}/fas_server/files/controllers.py + dest=/usr/lib/python2.6/site-packages/fas/controllers.py + mode=644 owner=root group=root + tags: + - config + - fas + - hotfixfas From ce2e75b630ccfeb4d605eeff3518ce0725e5d8b5 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Tue, 11 Aug 2015 12:42:45 +0000 Subject: [PATCH 03/14] Drop prerelease redirect in production too. --- playbooks/include/proxies-redirects.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/playbooks/include/proxies-redirects.yml b/playbooks/include/proxies-redirects.yml index eba564daea..d4ad30f0bd 100644 --- a/playbooks/include/proxies-redirects.yml +++ b/playbooks/include/proxies-redirects.yml @@ -143,12 +143,12 @@ # target: https://stg.getfedora.org/$1 # when: env == 'staging' - - role: httpd/redirectmatch - name: prerelease-to-final - website: getfedora.org - regex: /(.*)/prerelease.*$ - target: https://getfedora.org/$1 - when: env != 'staging' +# - role: httpd/redirectmatch +# name: prerelease-to-final +# website: getfedora.org +# regex: /(.*)/prerelease.*$ +# target: https://getfedora.org/$1 +# when: env != 'staging' - role: httpd/redirect name: store From fde133456a4fb528b454800cd14ea43da52b171c Mon Sep 17 00:00:00 2001 From: Valentin Gologuzov Date: Tue, 11 Aug 2015 16:06:25 +0200 Subject: [PATCH 04/14] [copr][dist-git] make sure that cgitrc doesn't have cache-size --- roles/copr/dist_git/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/copr/dist_git/tasks/main.yml b/roles/copr/dist_git/tasks/main.yml index 91e06ded51..c18193da02 100644 --- a/roles/copr/dist_git/tasks/main.yml +++ b/roles/copr/dist_git/tasks/main.yml @@ -66,6 +66,7 @@ - copy: src="ssh_config" dest="/home/copr-service/.ssh/config" owner=copr-service group=copr-service mode=0600 +- lineinfile: dest=/etc/cgitrc state=absent regexp="^cache-size" - lineinfile: dest=/etc/cgitrc regexp="^project-list=" line="project-list=/var/lib/copr-dist-git/cgit_pkg_list" - lineinfile: dest=/etc/cgitrc regexp="^scan-path=" line="scan-path=/var/lib/dist-git/git/rpms" From 6c44ca50ffc43f87e89ea81d6e1e5d186f8f19d0 Mon Sep 17 00:00:00 2001 From: Stephen Smoogen Date: Wed, 12 Aug 2015 18:14:07 +0000 Subject: [PATCH 05/14] add python tools for geoip --- playbooks/hosts/data-analysis01.phx2.fedoraproject.org.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/playbooks/hosts/data-analysis01.phx2.fedoraproject.org.yml b/playbooks/hosts/data-analysis01.phx2.fedoraproject.org.yml index 824a144de2..85640504d3 100644 --- a/playbooks/hosts/data-analysis01.phx2.fedoraproject.org.yml +++ b/playbooks/hosts/data-analysis01.phx2.fedoraproject.org.yml @@ -40,6 +40,7 @@ roles: - { role: nfs/client, mnt_dir: '/srv/fedora_stats', nfs_src_dir: 'fedora_stats' } + - geoip tasks: - name: install needed packages @@ -54,4 +55,6 @@ - emacs-nox - emacs-git - git + - bc + - python-geoip-geolite2 ## From 9a0582889fffd89dba42e0c32afcab1187ac47da Mon Sep 17 00:00:00 2001 From: Stephen Smoogen Date: Wed, 12 Aug 2015 20:25:06 +0000 Subject: [PATCH 06/14] it is like python. spaces count. --- playbooks/hosts/data-analysis01.phx2.fedoraproject.org.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/hosts/data-analysis01.phx2.fedoraproject.org.yml b/playbooks/hosts/data-analysis01.phx2.fedoraproject.org.yml index 85640504d3..2b85bcbb8f 100644 --- a/playbooks/hosts/data-analysis01.phx2.fedoraproject.org.yml +++ b/playbooks/hosts/data-analysis01.phx2.fedoraproject.org.yml @@ -40,7 +40,7 @@ roles: - { role: nfs/client, mnt_dir: '/srv/fedora_stats', nfs_src_dir: 'fedora_stats' } - - geoip + - geoip tasks: - name: install needed packages From 09e4f8bdbb1ac436194913cf1682f9713054890d Mon Sep 17 00:00:00 2001 From: Pierre-Yves Chibon Date: Thu, 13 Aug 2015 03:46:04 +0200 Subject: [PATCH 07/14] Document the different cloud instance sizes available in the README --- README.cloud | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/README.cloud b/README.cloud index 43996b27fc..f46dd01902 100644 --- a/README.cloud +++ b/README.cloud @@ -38,6 +38,19 @@ openstack is smart enough to just return the current ip of that instance and go on. This way you can re-run if you want to reconfigure it without reprovisioning it. + +Sizes options +------------- + +Name Memory_MB Disk VCPUs +m1.tiny 512 0 1 +m1.small 2048 20 1 +m1.medium 4096 40 2 +m1.large 8192 80 4 +m1.xlarge 16384 160 8 +m1.builder 5120 50 3 + + === Persistent cloud instances === Persistent cloud instances are ones that we want to always have up and From 14c0478c164a33b40937cc945447767dca762133 Mon Sep 17 00:00:00 2001 From: Ricky Elrod Date: Thu, 13 Aug 2015 21:58:21 +0000 Subject: [PATCH 08/14] add back sysadmin-dns to sudo on nameservers Signed-off-by: Ricky Elrod --- inventory/group_vars/dns | 2 ++ 1 file changed, 2 insertions(+) diff --git a/inventory/group_vars/dns b/inventory/group_vars/dns index f32edc5a82..17da9d09bf 100644 --- a/inventory/group_vars/dns +++ b/inventory/group_vars/dns @@ -14,3 +14,5 @@ fas_client_groups: sysadmin-main,sysadmin-dns nrpe_procs_warn: 300 nrpe_procs_crit: 500 + +sudoers: "{{ private }}/files/sudo/sysadmin-dns" From 2bbe7852920c8ca5210b38fa59afc35100b9266d Mon Sep 17 00:00:00 2001 From: Pierre-Yves Chibon Date: Fri, 14 Aug 2015 00:21:56 +0200 Subject: [PATCH 09/14] Make pagure.io be before pagure.org so that we always server that SSL cert by default --- roles/pagure/frontend/templates/0_pagure.conf | 45 ++++++++++--------- 1 file changed, 24 insertions(+), 21 deletions(-) diff --git a/roles/pagure/frontend/templates/0_pagure.conf b/roles/pagure/frontend/templates/0_pagure.conf index ec26dad4a4..792a74e049 100644 --- a/roles/pagure/frontend/templates/0_pagure.conf +++ b/roles/pagure/frontend/templates/0_pagure.conf @@ -28,27 +28,6 @@ WSGIDaemonProcess paguredocs user=git group=git maximum-requests=1000 display-na {% endif %} - -{% if env == 'pagure-staging' %} - ServerName stg.pagure.org -{% else %} - ServerName pagure.org -{% endif %} - - SSLEngine on - SSLProtocol all -SSLv2 -SSLv3 - # Use secure TLSv1.1 and TLSv1.2 ciphers - Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" - - SSLCertificateFile /etc/pki/tls/certs/docs.pagure.org.crt - SSLCertificateChainFile /etc/pki/tls/certs/docs.pagure.org.intermediate.crt - SSLCertificateKeyFile /etc/pki/tls/certs/docs.pagure.org.key -{% if env == 'pagure-staging' %} - Redirect permanent / https://stg.pagure.io/ -{% else %} - Redirect permanent / https://pagure.io/ -{% endif %} - ## End of redirects http -> https @@ -117,6 +96,30 @@ WSGIDaemonProcess paguredocs user=git group=git maximum-requests=1000 display-na + + +{% if env == 'pagure-staging' %} + ServerName stg.pagure.org +{% else %} + ServerName pagure.org +{% endif %} + + SSLEngine on + SSLProtocol all -SSLv2 -SSLv3 + # Use secure TLSv1.1 and TLSv1.2 ciphers + Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" + + SSLCertificateFile /etc/pki/tls/certs/docs.pagure.org.crt + SSLCertificateChainFile /etc/pki/tls/certs/docs.pagure.org.intermediate.crt + SSLCertificateKeyFile /etc/pki/tls/certs/docs.pagure.org.key +{% if env == 'pagure-staging' %} + Redirect permanent / https://stg.pagure.io/ +{% else %} + Redirect permanent / https://pagure.io/ +{% endif %} + + + {% if env == 'pagure-staging' %} ServerName docs.stg.pagure.org From 29c757575e6753a1021450d492ba309965d6a2f6 Mon Sep 17 00:00:00 2001 From: Valentin Gologuzov Date: Fri, 14 Aug 2015 18:06:24 +0200 Subject: [PATCH 10/14] [copr][dist-git] Removed systemd unit, use one for rpm package. --- roles/copr/dist_git/tasks/main.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/roles/copr/dist_git/tasks/main.yml b/roles/copr/dist_git/tasks/main.yml index c18193da02..50234e982e 100644 --- a/roles/copr/dist_git/tasks/main.yml +++ b/roles/copr/dist_git/tasks/main.yml @@ -70,10 +70,6 @@ - lineinfile: dest=/etc/cgitrc regexp="^project-list=" line="project-list=/var/lib/copr-dist-git/cgit_pkg_list" - lineinfile: dest=/etc/cgitrc regexp="^scan-path=" line="scan-path=/var/lib/dist-git/git/rpms" -- name: install systemd unit - copy: src="systemd/copr_distgit_updater.service" dest="/etc/systemd/system/" - -- command: "systemctl daemon-reload" - command: "/usr/share/dist-git/dist_git_sync.sh" - name: ensure that services are enabled and started @@ -81,5 +77,5 @@ with_items: - "httpd" - "dist-git.socket" - - "copr_distgit_updater" + - "copr-dist-git" From bf6554b06d89b38b27cb83bed59a7609e6f1d468 Mon Sep 17 00:00:00 2001 From: Chris Roberts Date: Fri, 14 Aug 2015 17:25:42 +0000 Subject: [PATCH 11/14] changing stg on fedmag --- roles/fedora-web/magazine/templates/fedoramagazine-web.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/fedora-web/magazine/templates/fedoramagazine-web.conf b/roles/fedora-web/magazine/templates/fedoramagazine-web.conf index 6f0cd2e686..96e5211a3a 100644 --- a/roles/fedora-web/magazine/templates/fedoramagazine-web.conf +++ b/roles/fedora-web/magazine/templates/fedoramagazine-web.conf @@ -12,6 +12,6 @@ ProxyPass / http://66.226.72.63/ ProxyPassReverse / http://66.226.72.63/ {% else %} # In staging we point to the staging version of the magazine -ProxyPass / http://104.207.133.220/ -ProxyPassReverse / http://104.207.133.220/ +ProxyPass / http://66.226.72.133/ +ProxyPassReverse / http://66.226.72.133/ {% endif %} From 65b92e77d31dcc4feec85fb689fb1ee3c1e0fe54 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Fri, 14 Aug 2015 18:14:34 +0000 Subject: [PATCH 12/14] Add a virt-create playbook --- playbooks/include/virt-create.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 playbooks/include/virt-create.yml diff --git a/playbooks/include/virt-create.yml b/playbooks/include/virt-create.yml new file mode 100644 index 0000000000..7de5069c40 --- /dev/null +++ b/playbooks/include/virt-create.yml @@ -0,0 +1,15 @@ +- name: make fedocal + hosts: "{{ myhosts }}" + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/virt_instance_create.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + From 3b84d57b91f268f52a51200303c2000e23803c58 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Fri, 14 Aug 2015 18:23:40 +0000 Subject: [PATCH 13/14] Drop all the docker polling that kubernettes does --- roles/epylog/files/merged/weed_local.cf | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/epylog/files/merged/weed_local.cf b/roles/epylog/files/merged/weed_local.cf index e9dab712a5..55d5f3b40e 100644 --- a/roles/epylog/files/merged/weed_local.cf +++ b/roles/epylog/files/merged/weed_local.cf @@ -40,6 +40,7 @@ dhclient.*: Listening on.* dhclient.*: Sending on.* dhclient.*: Sending on.* dhclient.*: $ +docker.* fedmsg-hub.* moksha-hub.* mailman3.* From acd33a7ff65540618dfd337d918e3beb1300a8cf Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Fri, 14 Aug 2015 18:26:33 +0000 Subject: [PATCH 14/14] Look, we can collapse this down to one line. Thanks Toshio --- playbooks/groups/fedocal.yml | 21 +-------------------- 1 file changed, 1 insertion(+), 20 deletions(-) diff --git a/playbooks/groups/fedocal.yml b/playbooks/groups/fedocal.yml index 9f0252d136..7d9a060779 100644 --- a/playbooks/groups/fedocal.yml +++ b/playbooks/groups/fedocal.yml @@ -1,23 +1,4 @@ -# create a new fedocal server -# NOTE: should be used with --limit most of the time -# NOTE: make sure there is room/space for this server on the vmhost -# NOTE: most of these vars_path come from group_vars/fedocal* or from hostvars - -- name: make fedocal - hosts: fedocal-stg;fedocal - user: root - gather_facts: False - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - include: "{{ tasks }}/virt_instance_create.yml" - - handlers: - - include: "{{ handlers }}/restart_services.yml" +- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=fedocal-stg:fedocal" - name: make the box be real hosts: fedocal-stg;fedocal