mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-03-20 12:07:34 +08:00
Merge branch 'master' of /git/ansible
This commit is contained in:
Nick Bebout
@@ -11,8 +11,14 @@ from __future__ import print_function
|
||||
import argparse
|
||||
import hashlib
|
||||
import os
|
||||
import stat
|
||||
import sys
|
||||
from scandir import scandir
|
||||
|
||||
# Get scandir from whatever module provides it today
|
||||
try:
|
||||
from os import scandir
|
||||
except ImportError:
|
||||
from scandir import scandir
|
||||
|
||||
# productmd is optional, needed only for the imagelist feature
|
||||
try:
|
||||
@@ -21,13 +27,36 @@ except ImportError:
|
||||
SUPPORTED_IMAGE_FORMATS = []
|
||||
|
||||
|
||||
def get_ftype(entry):
|
||||
"""Return a simple indicator of the file type."""
|
||||
if entry.is_symlink():
|
||||
return 'l'
|
||||
if entry.is_dir():
|
||||
return 'd'
|
||||
return 'f'
|
||||
class SEntry(object):
|
||||
"""A simpler DirEntry-like object."""
|
||||
|
||||
def __init__(self, direntry, restricted=False):
|
||||
self.direntry = direntry
|
||||
self.restricted = restricted
|
||||
self.path = direntry.path
|
||||
self.name = direntry.name
|
||||
|
||||
info = direntry.stat(follow_symlinks=False)
|
||||
self.modtime = max(info.st_mtime, info.st_ctime)
|
||||
self.readable_group = info.st_mode & stat.S_IRGRP
|
||||
self.readable_world = info.st_mode & stat.S_IROTH
|
||||
self.size = info.st_size
|
||||
|
||||
ftype = 'f'
|
||||
perm = ''
|
||||
if direntry.is_symlink():
|
||||
ftype = 'l'
|
||||
elif direntry.is_dir():
|
||||
ftype = 'd'
|
||||
|
||||
if self.restricted:
|
||||
perm = '*'
|
||||
|
||||
# Note that we want an unreadable state to override the restricted state
|
||||
if not self.readable_world:
|
||||
perm = '-'
|
||||
|
||||
self.ftype = ftype + perm
|
||||
|
||||
|
||||
def sha1(fname):
|
||||
@@ -42,22 +71,40 @@ def sha1(fname):
|
||||
return sha1.hexdigest()
|
||||
|
||||
|
||||
def recursedir(path='.', skip=[], alwaysskip=['.~tmp~']):
|
||||
"""Just like scandir, but recursively.
|
||||
def recursedir(path='.', skip=[], alwaysskip=['.~tmp~'], in_restricted=False):
|
||||
"""Like scandir, but recursively.
|
||||
|
||||
Will skip everything in the skip array, but only at the top level
|
||||
directory.
|
||||
|
||||
Returns SEntry objects. If in_restricted is true, all returned entries will
|
||||
be marked as restricted even if their permissions are not restricted.
|
||||
"""
|
||||
for entry in scandir(path):
|
||||
if entry.name in skip:
|
||||
for dentry in scandir(path):
|
||||
if dentry.name in skip:
|
||||
continue
|
||||
if entry.name in alwaysskip:
|
||||
if dentry.name in alwaysskip:
|
||||
continue
|
||||
if entry.is_dir(follow_symlinks=False):
|
||||
|
||||
# Skip things which are not at least group readable
|
||||
# Symlinks are followed here so that clients won't see dangling
|
||||
# symlinks to content they can't transfer. It's the default, but to
|
||||
# avoid confusion it's been made explicit.
|
||||
if not (dentry.stat(follow_symlinks=True).st_mode & stat.S_IRGRP):
|
||||
# print('{} is not group readable; skipping.'.format(dentry.path))
|
||||
continue
|
||||
|
||||
se = SEntry(dentry, in_restricted)
|
||||
if dentry.is_dir(follow_symlinks=False):
|
||||
this_restricted = in_restricted
|
||||
if not se.readable_world:
|
||||
# print('{} is not world readable; marking as restricted.'.format(se.path), file=sys.stderr)
|
||||
this_restricted = True
|
||||
|
||||
# Don't pass skip here, because we only skip in the top level
|
||||
for rentry in recursedir(entry.path, alwaysskip=alwaysskip):
|
||||
yield rentry
|
||||
yield entry
|
||||
for re in recursedir(se.path, alwaysskip=alwaysskip, in_restricted=this_restricted):
|
||||
yield re
|
||||
yield se
|
||||
|
||||
|
||||
def parseopts():
|
||||
@@ -97,11 +144,11 @@ def parseopts():
|
||||
opts.skip_files = opts.skip_files or []
|
||||
if opts.skip:
|
||||
if not opts.timelist.name == '<stdout>':
|
||||
opts.skip_files += [opts.timelist.name]
|
||||
opts.skip_files += [os.path.basename(opts.timelist.name)]
|
||||
if not opts.filelist.name == '<stdout>':
|
||||
opts.skip_files += [opts.filelist.name]
|
||||
opts.skip_files += [os.path.basename(opts.filelist.name)]
|
||||
if not opts.imagelist.name == '<stdout>':
|
||||
opts.skip_files += [opts.imagelist.name]
|
||||
opts.skip_files += [os.path.basename(opts.imagelist.name)]
|
||||
|
||||
return opts
|
||||
|
||||
@@ -115,25 +162,27 @@ def main():
|
||||
os.chdir(opts.dir)
|
||||
|
||||
print('[Version]', file=opts.timelist)
|
||||
# XXX Technically this should be version 3. But old clients will simply
|
||||
# ignore the extended file types for restricted directories, and so we can
|
||||
# add this now and let things simmer for a while before bumping the format
|
||||
# and hard-breaking old clients.
|
||||
print('2', file=opts.timelist)
|
||||
print(file=opts.timelist)
|
||||
print('[Files]', file=opts.timelist)
|
||||
|
||||
for entry in recursedir(skip=opts.skip_files):
|
||||
# opts.filelist.write(entry.path + '\n')
|
||||
print(entry.path, file=opts.filelist)
|
||||
|
||||
# write to filtered list if appropriate
|
||||
imgs = ['.{0}'.format(form) for form in SUPPORTED_IMAGE_FORMATS]
|
||||
if any(entry.path.endswith(img) for img in imgs):
|
||||
print(entry.path, file=opts.imagelist)
|
||||
if entry.name in opts.checksum_files:
|
||||
checksums[entry.path[2:]] = True
|
||||
info = entry.stat(follow_symlinks=False)
|
||||
modtime = max(info.st_mtime, info.st_ctime)
|
||||
size = info.st_size
|
||||
ftype = get_ftype(entry)
|
||||
# opts.timelist.write('{0}\t{1}\t{2}\n'.format(modtime, ftype, entry.path[2:]))
|
||||
print('{0}\t{1}\t{2}\t{3}'.format(modtime, ftype, size, entry.path[2:]), file=opts.timelist)
|
||||
|
||||
print('{0}\t{1}\t{2}\t{3}'.format(entry.modtime, entry.ftype,
|
||||
entry.size, entry.path[2:]),
|
||||
file=opts.timelist)
|
||||
|
||||
print('\n[Checksums SHA1]', file=opts.timelist)
|
||||
|
||||
|
||||
@@ -23,5 +23,5 @@ taiga.fedorainfracloud.org
|
||||
taskotron01.qa.fedoraproject.org
|
||||
nuancier01.phx2.fedoraproject.org
|
||||
piwik.fedorainfracloud.org
|
||||
magazine.fedorainfracloud.org
|
||||
#magazine.fedorainfracloud.org
|
||||
communityblog.fedorainfracloud.org
|
||||
|
||||
@@ -49,6 +49,7 @@ fedora-bootstrap.fedorainfracloud.org
|
||||
glittergallery-dev.fedorainfracloud.org
|
||||
grafana.cloud.fedoraproject.org
|
||||
graphite.fedorainfracloud.org
|
||||
hubs-dev.fedorainfracloud.org
|
||||
iddev.fedorainfracloud.org
|
||||
insim.fedorainfracloud.org
|
||||
java-deptools.fedorainfracloud.org
|
||||
@@ -60,14 +61,14 @@ jenkins-slave-f25.fedorainfracloud.org
|
||||
jenkins-slave-f25-ppc64le.fedorainfracloud.org
|
||||
kolinahr.fedorainfracloud.org
|
||||
lists-dev.fedorainfracloud.org
|
||||
magazine.fedorainfracloud.org
|
||||
magazine2.fedorainfracloud.org
|
||||
modernpaste.fedorainfracloud.org
|
||||
modularity.fedorainfracloud.org
|
||||
piwik.fedorainfracloud.org
|
||||
ppc64le-test.fedorainfracloud.org
|
||||
ppc64-test.fedorainfracloud.org
|
||||
rawhide-test.fedorainfracloud.org
|
||||
regcfp.fedorainfracloud.org
|
||||
regcfp2.fedorainfracloud.org
|
||||
respins.fedorainfracloud.org
|
||||
shumgrepper-dev.fedorainfracloud.org
|
||||
taiga.fedorainfracloud.org
|
||||
|
||||
@@ -5,7 +5,7 @@ _forward_src: "forward_dev"
|
||||
|
||||
# don't forget to update ip in ./copr-keygen-stg, due to custom firewall rules
|
||||
|
||||
copr_backend_ips: ["172.25.32.160", "209.132.184.53"]
|
||||
copr_backend_ips: ["172.25.32.175", "172.25.150.48"]
|
||||
keygen_host: "172.25.32.154"
|
||||
|
||||
resolvconf: "resolv.conf/cloud"
|
||||
|
||||
@@ -131,9 +131,6 @@ phx2_management_limited:
|
||||
- moonshot01-sw2.mgmt.fedoraproject.org
|
||||
- opengear01.mgmt.fedoraproject.org
|
||||
- opengear02.mgmt.fedoraproject.org
|
||||
- ppc8-01-fsp.mgmt.fedoraproject.org
|
||||
- ppc8-02-fsp.mgmt.fedoraproject.org
|
||||
- ppc8-03-fsp.mgmt.fedoraproject.org
|
||||
- qa01.mgmt.fedoraproject.org
|
||||
- qa02.mgmt.fedoraproject.org
|
||||
- qa03.mgmt.fedoraproject.org
|
||||
@@ -161,3 +158,8 @@ phx2_management_limited:
|
||||
- virthost-comm02.mgmt.fedoraproject.org
|
||||
- virthost12.mgmt.fedoraproject.org
|
||||
- virthost14.mgmt.fedoraproject.org
|
||||
|
||||
phx2_management_slowping:
|
||||
- ppc8-01-fsp.mgmt.fedoraproject.org
|
||||
- ppc8-02-fsp.mgmt.fedoraproject.org
|
||||
- ppc8-03-fsp.mgmt.fedoraproject.org
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
---
|
||||
# Define resources for this group of hosts here.
|
||||
lvm_size: 20000
|
||||
mem_size: 2048
|
||||
mem_size: 4096
|
||||
num_cpus: 2
|
||||
|
||||
# for systems that do not match the above - specify the same parameter in
|
||||
|
||||
@@ -35,6 +35,7 @@ resultsdb_secret_key: "{{ stg_resultsdb_secret_key }}"
|
||||
|
||||
allowed_hosts:
|
||||
- 10.5.124
|
||||
- 10.5.131
|
||||
|
||||
|
||||
############################################################
|
||||
|
||||
@@ -14,3 +14,4 @@ vpn: true
|
||||
ssh_hostnames:
|
||||
- bastion.fedoraproject.org
|
||||
- bastion02.fedoraproject.org
|
||||
|
||||
|
||||
@@ -42,3 +42,8 @@ copr_hostbase: copr-be
|
||||
|
||||
host_backup_targets: ['/var/lib/copr/public_html/results']
|
||||
_copr_be_conf: copr-be.conf
|
||||
|
||||
nagios_Check_Services:
|
||||
nrpe: true
|
||||
sshd: true
|
||||
httpd: true
|
||||
|
||||
@@ -30,3 +30,7 @@ dbs_to_backup:
|
||||
# Backup db dumps in /backups
|
||||
host_backup_targets: ['/backups']
|
||||
|
||||
nagios_Check_Services:
|
||||
nrpe: true
|
||||
sshd: true
|
||||
httpd: true
|
||||
|
||||
@@ -24,3 +24,7 @@ datacenter: cloud
|
||||
|
||||
# Copr vars
|
||||
copr_hostbase: copr-keygen
|
||||
|
||||
nagios_Check_Services:
|
||||
nrpe: true
|
||||
sshd: true
|
||||
|
||||
@@ -11,3 +11,4 @@ eth0_ip: 204.85.14.1
|
||||
eth0_nm: 255.255.255.192
|
||||
eth1_ip: 172.31.1.1
|
||||
eth1_nm: 255.255.255.0
|
||||
|
||||
|
||||
@@ -10,7 +10,7 @@ inventory_tenant: persistent
|
||||
inventory_instance_name: hubs-dev
|
||||
hostbase: hubs-dev
|
||||
public_ip: 209.132.184.47
|
||||
root_auth_users: sayan
|
||||
root_auth_users: sayanchowdhury abompard
|
||||
description: hubs development instance
|
||||
|
||||
cloud_networks:
|
||||
|
||||
@@ -21,3 +21,8 @@ extra_enablerepos: ''
|
||||
cloud_networks:
|
||||
# persistent-net
|
||||
- net-id: "67b77354-39a4-43de-b007-bb813ac5c35f"
|
||||
|
||||
nagios_Check_Services:
|
||||
nrpe: true
|
||||
sshd: true
|
||||
httpd: true
|
||||
|
||||
28
inventory/host_vars/magazine2.fedorainfracloud.org
Normal file
28
inventory/host_vars/magazine2.fedorainfracloud.org
Normal file
@@ -0,0 +1,28 @@
|
||||
---
|
||||
image: rhel7-20141015
|
||||
instance_type: m1.large
|
||||
keypair: fedora-admin-20130801
|
||||
security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,web-443-anywhere-persistent,allow-nagios-persistent,default,all-icmp-persistent
|
||||
zone: nova
|
||||
tcp_ports: [22, 80, 443]
|
||||
|
||||
inventory_tenant: persistent
|
||||
inventory_instance_name: magazine2
|
||||
hostbase: magazine2
|
||||
public_ip: 209.132.184.52
|
||||
root_auth_users: nb chrisroberts
|
||||
description: Fedora Magazine
|
||||
|
||||
host_backup_targets: ['/backups', '/var/www/html']
|
||||
dbs_to_backup: ['wp']
|
||||
mariadb_root_password: "{{ magazine_mariadb_password }}"
|
||||
extra_enablerepos: ''
|
||||
|
||||
cloud_networks:
|
||||
# persistent-net
|
||||
- net-id: "67b77354-39a4-43de-b007-bb813ac5c35f"
|
||||
|
||||
nagios_Check_Services:
|
||||
nrpe: true
|
||||
sshd: true
|
||||
httpd: true
|
||||
12
inventory/host_vars/os-control01.stg.phx2.fedoraproject.org
Normal file
12
inventory/host_vars/os-control01.stg.phx2.fedoraproject.org
Normal file
@@ -0,0 +1,12 @@
|
||||
---
|
||||
nm: 255.255.255.0
|
||||
gw: 10.5.128.254
|
||||
dns: 10.5.126.21
|
||||
|
||||
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
|
||||
ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
|
||||
|
||||
volgroup: /dev/vg_guests
|
||||
eth0_ip: 10.5.128.100
|
||||
vmhost: virthost04.phx2.fedoraproject.org
|
||||
datacenter: phx2
|
||||
19
inventory/host_vars/os-master01.stg.phx2.fedoraproject.org
Normal file
19
inventory/host_vars/os-master01.stg.phx2.fedoraproject.org
Normal file
@@ -0,0 +1,19 @@
|
||||
---
|
||||
nm: 255.255.255.0
|
||||
gw: 10.5.128.254
|
||||
dns: 10.5.126.21
|
||||
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-atomic-rhel-7
|
||||
ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
|
||||
volgroup: /dev/vg_guests
|
||||
eth0_ip: 10.5.128.101
|
||||
vmhost: virthost11.phx2.fedoraproject.org
|
||||
datacenter: phx2
|
||||
host_group: os-stg
|
||||
|
||||
nrpe_procs_warn: 900
|
||||
nrpe_procs_crit: 1000
|
||||
|
||||
lvm_size: 120g
|
||||
mem_size: 8192
|
||||
max_mem_size: 8192
|
||||
num_cpus: 4
|
||||
19
inventory/host_vars/os-master02.stg.phx2.fedoraproject.org
Normal file
19
inventory/host_vars/os-master02.stg.phx2.fedoraproject.org
Normal file
@@ -0,0 +1,19 @@
|
||||
---
|
||||
nm: 255.255.255.0
|
||||
gw: 10.5.128.254
|
||||
dns: 10.5.126.21
|
||||
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-atomic-host-rhel-7
|
||||
ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
|
||||
volgroup: /dev/vg_guests
|
||||
eth0_ip: 10.5.128.102
|
||||
vmhost: virthost04.phx2.fedoraproject.org
|
||||
datacenter: phx2
|
||||
host_group: os-stg
|
||||
|
||||
nrpe_procs_warn: 900
|
||||
nrpe_procs_crit: 1000
|
||||
|
||||
lvm_size: 120g
|
||||
mem_size: 8192
|
||||
max_mem_size: 16384
|
||||
num_cpus: 4
|
||||
19
inventory/host_vars/os-master03.stg.phx2.fedoraproject.org
Normal file
19
inventory/host_vars/os-master03.stg.phx2.fedoraproject.org
Normal file
@@ -0,0 +1,19 @@
|
||||
---
|
||||
nm: 255.255.255.0
|
||||
gw: 10.5.128.254
|
||||
dns: 10.5.126.21
|
||||
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-atomic-host-rhel-7
|
||||
ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
|
||||
volgroup: /dev/vg_guests
|
||||
eth0_ip: 10.5.128.103
|
||||
vmhost: virthost04.phx2.fedoraproject.org
|
||||
datacenter: phx2
|
||||
host_group: os-stg
|
||||
|
||||
nrpe_procs_warn: 900
|
||||
nrpe_procs_crit: 1000
|
||||
|
||||
lvm_size: 120g
|
||||
mem_size: 8192
|
||||
max_mem_size: 16384
|
||||
num_cpus: 4
|
||||
19
inventory/host_vars/os-node01.stg.phx2.fedoraproject.org
Normal file
19
inventory/host_vars/os-node01.stg.phx2.fedoraproject.org
Normal file
@@ -0,0 +1,19 @@
|
||||
---
|
||||
nm: 255.255.255.0
|
||||
gw: 10.5.128.254
|
||||
dns: 10.5.126.21
|
||||
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-atomic-host-rhel-7
|
||||
ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
|
||||
volgroup: /dev/vg_guests
|
||||
eth0_ip: 10.5.128.104
|
||||
vmhost: virthost11.phx2.fedoraproject.org
|
||||
datacenter: phx2
|
||||
host_group: os-nodes-stg
|
||||
|
||||
nrpe_procs_warn: 900
|
||||
nrpe_procs_crit: 1000
|
||||
|
||||
lvm_size: 120g
|
||||
mem_size: 8192
|
||||
max_mem_size: 16384
|
||||
num_cpus: 4
|
||||
19
inventory/host_vars/os-node02.stg.phx2.fedoraproject.org
Normal file
19
inventory/host_vars/os-node02.stg.phx2.fedoraproject.org
Normal file
@@ -0,0 +1,19 @@
|
||||
---
|
||||
nm: 255.255.255.0
|
||||
gw: 10.5.128.254
|
||||
dns: 10.5.126.21
|
||||
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-atomic-host-7
|
||||
ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
|
||||
volgroup: /dev/vg_guests
|
||||
eth0_ip: 10.5.128.105
|
||||
vmhost: virthost04.phx2.fedoraproject.org
|
||||
datacenter: phx2
|
||||
host_group: os-nodes-stg
|
||||
|
||||
nrpe_procs_warn: 900
|
||||
nrpe_procs_crit: 1000
|
||||
|
||||
lvm_size: 120g
|
||||
mem_size: 8192
|
||||
max_mem_size: 16384
|
||||
num_cpus: 4
|
||||
@@ -12,3 +12,32 @@ datacenter: phx2
|
||||
|
||||
# Need a eth0/eth1 install here.
|
||||
virt_install_command: "{{ virt_install_command_two_nic }}"
|
||||
|
||||
# We override fedmsg_certs here because pkgs02.stg doesn't have pagure on it.
|
||||
# These are consumed by a task in roles/fedmsg/base/main.yml
|
||||
fedmsg_certs:
|
||||
- service: shell
|
||||
owner: root
|
||||
group: sysadmin
|
||||
can_send:
|
||||
- logger.log
|
||||
- git.branch
|
||||
- git.mass_branch.complete
|
||||
- git.mass_branch.start
|
||||
- git.pkgdb2branch.complete
|
||||
- git.pkgdb2branch.start
|
||||
- service: scm
|
||||
owner: root
|
||||
group: packager
|
||||
can_send:
|
||||
- git.branch
|
||||
- git.mass_branch.complete
|
||||
- git.mass_branch.start
|
||||
- git.pkgdb2branch.complete
|
||||
- git.pkgdb2branch.start
|
||||
- git.receive
|
||||
- service: lookaside
|
||||
owner: root
|
||||
group: apache
|
||||
can_send:
|
||||
- git.lookaside.new
|
||||
|
||||
@@ -2,15 +2,15 @@
|
||||
image: rhel7-20141015
|
||||
instance_type: m1.medium
|
||||
keypair: fedora-admin-20130801
|
||||
security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,web-443-anywhere-persistent,default,all-icmp-persistent
|
||||
security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,web-443-anywhere-persistent,default,all-icmp-persistent,allow-nagios-persistent
|
||||
zone: nova
|
||||
tcp_ports: [22, 80, 443]
|
||||
|
||||
inventory_tenant: persistent
|
||||
inventory_instance_name: regcfp
|
||||
hostbase: regcfp
|
||||
inventory_instance_name: regcfp2
|
||||
hostbase: regcfp2
|
||||
public_ip: 209.132.184.127
|
||||
root_auth_users: puiterwijk pfrields
|
||||
root_auth_users: puiterwijk pfrields duffy
|
||||
description: Flock registration software
|
||||
|
||||
cloud_networks:
|
||||
@@ -1,5 +1,5 @@
|
||||
---
|
||||
faf_server_name: retrace.fedoraproject.org
|
||||
faf_server_name: retrace.fedoraproject.org/faf
|
||||
rs_use_faf_packages: true
|
||||
|
||||
# we do not have enough storage on stg
|
||||
|
||||
@@ -13,7 +13,7 @@ mem_size: 4096
|
||||
max_mem_size: 16384
|
||||
num_cpus: 2
|
||||
|
||||
faf_server_name: retrace01.stg.phx2.fedoraproject.org
|
||||
faf_server_name: retrace01.stg.phx2.fedoraproject.org/faf
|
||||
rs_use_faf_packages: false
|
||||
|
||||
# we do not have enough storage on stg
|
||||
|
||||
@@ -9,3 +9,4 @@ postfix_group: vpn
|
||||
br0_ip: 204.85.14.4
|
||||
br0_nm: 255.255.255.192
|
||||
vpn: true
|
||||
|
||||
|
||||
@@ -15,9 +15,6 @@ qa02.qa.fedoraproject.org
|
||||
qa08.qa.fedoraproject.org
|
||||
qa04.qa.fedoraproject.org
|
||||
|
||||
[qadevel]
|
||||
qadevel.qa.fedoraproject.org:222
|
||||
|
||||
[qa-prod]
|
||||
qa-prod01.qa.fedoraproject.org
|
||||
|
||||
@@ -269,7 +266,7 @@ autocloud-backend01.stg.phx2.fedoraproject.org
|
||||
autocloud-backend02.stg.phx2.fedoraproject.org
|
||||
|
||||
[autosign]
|
||||
autosign01.phx2.fedoraproject.org
|
||||
#autosign01.phx2.fedoraproject.org
|
||||
|
||||
[autosign-stg]
|
||||
autosign01.stg.phx2.fedoraproject.org
|
||||
@@ -779,6 +776,12 @@ osbs-node02.stg.phx2.fedoraproject.org
|
||||
docker-registry01.stg.phx2.fedoraproject.org
|
||||
docker-registry02.stg.phx2.fedoraproject.org
|
||||
docker-candidate-registry01.stg.phx2.fedoraproject.org
|
||||
os-control01.stg.phx2.fedoraproject.org
|
||||
os-master01.stg.phx2.fedoraproject.org
|
||||
os-master02.stg.phx2.fedoraproject.org
|
||||
os-master03.stg.phx2.fedoraproject.org
|
||||
os-node01.stg.phx2.fedoraproject.org
|
||||
os-node02.stg.phx2.fedoraproject.org
|
||||
|
||||
# This is a list of hosts that are a little "friendly" with staging.
|
||||
# They are exempted from the iptables wall between staging and prod.
|
||||
@@ -1118,9 +1121,10 @@ faitout.fedorainfracloud.org
|
||||
# Community Blog
|
||||
communityblog.fedorainfracloud.org
|
||||
# Fedora Magazine
|
||||
magazine.fedorainfracloud.org
|
||||
#magazine.fedorainfracloud.org
|
||||
magazine2.fedorainfracloud.org
|
||||
# Flock RegCfp instance
|
||||
regcfp.fedorainfracloud.org
|
||||
regcfp2.fedorainfracloud.org
|
||||
# Modularity (ticket 5390)
|
||||
modularity.fedorainfracloud.org
|
||||
# Fedora Bootstrap VM
|
||||
@@ -1326,6 +1330,17 @@ osbs-master01.stg.phx2.fedoraproject.org
|
||||
osbs-node01.stg.phx2.fedoraproject.org
|
||||
osbs-node02.stg.phx2.fedoraproject.org
|
||||
|
||||
[os-control-stg]
|
||||
os-control01.stg.phx2.fedoraproject.org
|
||||
|
||||
[os-master-stg]
|
||||
os-master01.stg.phx2.fedoraproject.org
|
||||
os-master02.stg.phx2.fedoraproject.org
|
||||
os-master03.stg.phx2.fedoraproject.org
|
||||
|
||||
[os-node-stg]
|
||||
os-node01.stg.phx2.fedoraproject.org
|
||||
os-node02.stg.phx2.fedoraproject.org
|
||||
|
||||
# Docker (docker-distribution) registries
|
||||
[docker-registry]
|
||||
|
||||
@@ -110,9 +110,7 @@
|
||||
- include: /srv/web/infra/ansible/playbooks/groups/taskotron-client-hosts.yml
|
||||
- include: /srv/web/infra/ansible/playbooks/groups/taskotron-prod.yml
|
||||
- include: /srv/web/infra/ansible/playbooks/groups/taskotron-dev.yml
|
||||
# we're poking around with taskotron-stg right now and a full playbook run would disrupt the testing
|
||||
# 2017-03-03 tflink
|
||||
#- include: /srv/web/infra/ansible/playbooks/groups/taskotron-stg.yml
|
||||
- include: /srv/web/infra/ansible/playbooks/groups/taskotron-stg.yml
|
||||
- include: /srv/web/infra/ansible/playbooks/groups/torrent.yml
|
||||
- include: /srv/web/infra/ansible/playbooks/groups/twisted-buildbots.yml
|
||||
- include: /srv/web/infra/ansible/playbooks/groups/unbound.yml
|
||||
|
||||
@@ -14,7 +14,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- sudo
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- collectd/base
|
||||
|
||||
@@ -18,7 +18,7 @@
|
||||
- rkhunter
|
||||
- hosts
|
||||
- fas_client
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- collectd/base
|
||||
- fedmsg/base
|
||||
- sudo
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- collectd/base
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- sudo
|
||||
|
||||
@@ -18,7 +18,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- collectd/base
|
||||
|
||||
@@ -18,7 +18,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- collectd/base
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- collectd/base
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- sudo
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- ansible-server
|
||||
|
||||
@@ -17,7 +17,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- collectd/base
|
||||
|
||||
@@ -17,7 +17,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- collectd/base
|
||||
|
||||
@@ -14,7 +14,7 @@
|
||||
- base
|
||||
- hosts
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- collectd/base
|
||||
|
||||
@@ -21,7 +21,7 @@
|
||||
|
||||
roles:
|
||||
- base
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- collectd/base
|
||||
- hosts
|
||||
- builder_repo
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- sudo
|
||||
|
||||
@@ -18,7 +18,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- collectd/base
|
||||
- hosts
|
||||
- fas_client
|
||||
|
||||
@@ -18,7 +18,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- sudo
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- collectd/base
|
||||
|
||||
@@ -42,3 +42,4 @@
|
||||
- base
|
||||
- fedmsg/base
|
||||
- copr/backend
|
||||
- nagios_client
|
||||
|
||||
@@ -39,3 +39,4 @@
|
||||
- base
|
||||
- copr/frontend
|
||||
- copr/mbs
|
||||
- nagios_client
|
||||
|
||||
@@ -46,3 +46,4 @@
|
||||
roles:
|
||||
- base
|
||||
- copr/keygen
|
||||
- nagios_client
|
||||
|
||||
@@ -21,7 +21,7 @@
|
||||
- collectd/base
|
||||
- fas_client
|
||||
- hosts
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- rsyncd
|
||||
- sudo
|
||||
- rkhunter
|
||||
|
||||
@@ -21,7 +21,7 @@
|
||||
- collectd/base
|
||||
- fas_client
|
||||
- hosts
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- rkhunter
|
||||
- rsyncd
|
||||
- sudo
|
||||
|
||||
@@ -22,7 +22,7 @@
|
||||
- fas_client
|
||||
- rkhunter
|
||||
- hosts
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- rsyncd
|
||||
- sudo
|
||||
- { role: openvpn/client, when: env != "staging" }
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- collectd/base
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- collectd/base
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
- base
|
||||
- hosts
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- fas_client
|
||||
- collectd/base
|
||||
- collectd/bind
|
||||
|
||||
@@ -14,7 +14,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- collectd/base
|
||||
|
||||
@@ -29,7 +29,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- collectd/base
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- rsyncd
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
- base
|
||||
- hosts
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- fas_client
|
||||
- collectd/base
|
||||
- rsyncd
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
- base
|
||||
- hosts
|
||||
- rkhunter
|
||||
#- nagios/client
|
||||
#- nagios_client
|
||||
- fas_client
|
||||
- collectd/base
|
||||
- rsyncd
|
||||
|
||||
@@ -17,7 +17,7 @@
|
||||
- base
|
||||
- rkhunter
|
||||
- fas_client
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- collectd/base
|
||||
- fedmsg/base
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- rsyncd
|
||||
|
||||
@@ -18,7 +18,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- collectd/base
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- sudo
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- sudo
|
||||
|
||||
@@ -18,7 +18,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- collectd/base
|
||||
- hosts
|
||||
- fas_client
|
||||
|
||||
@@ -14,7 +14,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- sudo
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- rsyncd
|
||||
|
||||
@@ -18,7 +18,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- rsyncd
|
||||
|
||||
@@ -18,7 +18,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- collectd/base
|
||||
|
||||
@@ -18,7 +18,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- sudo
|
||||
|
||||
@@ -23,7 +23,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- builder_repo
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- sudo
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- builder_repo
|
||||
|
||||
@@ -14,7 +14,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- collectd/base
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- apache
|
||||
|
||||
@@ -17,7 +17,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- collectd/base
|
||||
|
||||
@@ -17,7 +17,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- collectd/base
|
||||
|
||||
@@ -20,7 +20,7 @@
|
||||
- base
|
||||
- rkhunter
|
||||
- fas_client
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- mariadb_server
|
||||
- collectd/base
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- rsyncd
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- rsyncd
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- collectd/base
|
||||
|
||||
@@ -50,7 +50,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- geoip
|
||||
- hosts
|
||||
- fas_client
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- sudo
|
||||
|
||||
@@ -18,7 +18,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- sudo
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- collectd/base
|
||||
|
||||
@@ -20,7 +20,7 @@
|
||||
- rkhunter
|
||||
- hosts
|
||||
- fas_client
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- collectd/base
|
||||
- fedmsg/base
|
||||
- sudo
|
||||
|
||||
@@ -18,7 +18,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- collectd/base
|
||||
|
||||
@@ -18,7 +18,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- collectd/base
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
roles:
|
||||
- { role: base, tags: ['base'] }
|
||||
- { role: rkhunter, tags: ['rkhunter'] }
|
||||
- { role: nagios/client, tags: ['nagios/client'] }
|
||||
- { role: nagios_client, tags: ['nagios_client'] }
|
||||
- { role: hosts, tags: ['hosts']}
|
||||
- { role: fas_client, tags: ['fas_client'] }
|
||||
- { role: collectd/base, tags: ['collectd_base'] }
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
roles:
|
||||
- { role: base, tags: ['base'] }
|
||||
- { role: rkhunter, tags: ['rkhunter'] }
|
||||
- { role: nagios/client, tags: ['nagios/client'] }
|
||||
- { role: nagios_client, tags: ['nagios_client'] }
|
||||
- { role: hosts, tags: ['hosts']}
|
||||
- { role: fas_client, tags: ['fas_client'] }
|
||||
- { role: collectd/base, tags: ['collectd_base'] }
|
||||
|
||||
@@ -14,7 +14,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- fas_client
|
||||
- collectd/base
|
||||
- sudo
|
||||
|
||||
158
playbooks/groups/os-cluster.yml
Normal file
158
playbooks/groups/os-cluster.yml
Normal file
@@ -0,0 +1,158 @@
|
||||
# create an os server
|
||||
- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=os-control-stg:os-control"
|
||||
- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=os-nodes-stg:os-masters-stg:os-nodes:os-masters"
|
||||
|
||||
- name: make the box be real
|
||||
hosts: os-control:os-control-stg:os-masters-stg:os-nodes-stg:os-masters:os-nodes
|
||||
user: root
|
||||
gather_facts: True
|
||||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- "/srv/private/ansible/vars.yml"
|
||||
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
||||
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- collectd/base
|
||||
- rsyncd
|
||||
- sudo
|
||||
|
||||
tasks:
|
||||
- include: "{{ tasks_path }}/yumrepos.yml"
|
||||
- include: "{{ tasks_path }}/2fa_client.yml"
|
||||
- include: "{{ tasks_path }}/motd.yml"
|
||||
|
||||
handlers:
|
||||
- include: "{{ handlers_path }}/restart_services.yml"
|
||||
|
||||
- name: OSBS control hosts pre-req setup
|
||||
hosts: os-control:os-control-stg
|
||||
tags:
|
||||
- os-cluster-prereq
|
||||
user: root
|
||||
gather_facts: True
|
||||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- "/srv/private/ansible/vars.yml"
|
||||
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
||||
|
||||
tasks:
|
||||
- name: deploy private key to control hosts
|
||||
copy:
|
||||
src: "{{private}}/files/os/{{env}}/control_key"
|
||||
dest: "/root/.ssh/id_rsa"
|
||||
owner: root
|
||||
mode: 0600
|
||||
|
||||
- name: set ansible to use pipelining
|
||||
ini_file:
|
||||
dest: /etc/ansible/ansible.cfg
|
||||
section: ssh_connection
|
||||
option: pipelining
|
||||
value: "True"
|
||||
|
||||
- name: Setup cluster masters pre-reqs
|
||||
hosts: os-masters-stg:os-masters
|
||||
tags:
|
||||
- os-cluster-prereq
|
||||
user: root
|
||||
gather_facts: True
|
||||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- "/srv/private/ansible/vars.yml"
|
||||
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
||||
|
||||
tasks:
|
||||
- name: ensure origin conf dir exists
|
||||
file:
|
||||
path: "/etc/origin"
|
||||
state: "directory"
|
||||
|
||||
- name: create cert dir for openshift public facing REST API SSL
|
||||
file:
|
||||
path: "/etc/origin/master/named_certificates"
|
||||
state: "directory"
|
||||
|
||||
- name: install cert for openshift public facing REST API SSL
|
||||
copy:
|
||||
src: "{{private}}/files/os/{{env}}/os-internal.pem"
|
||||
dest: "/etc/origin/master/named_certificates/{{os}}.pem"
|
||||
|
||||
- name: install key for openshift public facing REST API SSL
|
||||
copy:
|
||||
src: "{{private}}/files/os/{{env}}/os-internal.key"
|
||||
dest: "/etc/origin/master/named_certificates/{{os}}.key"
|
||||
|
||||
- name: place htpasswd file
|
||||
copy:
|
||||
src: "{{private}}/files/httpd/os-{{env}}.htpasswd"
|
||||
dest: /etc/origin/htpasswd
|
||||
|
||||
|
||||
- name: Setup cluster hosts pre-reqs
|
||||
hosts: os-masters-stg:os-nodes-stg:os-masters:os-nodes
|
||||
tags:
|
||||
- os-cluster-prereq
|
||||
user: root
|
||||
gather_facts: True
|
||||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- "/srv/private/ansible/vars.yml"
|
||||
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
||||
|
||||
handlers:
|
||||
- name: restart NetworkManager
|
||||
service:
|
||||
name: NetworkManager
|
||||
state: restarted
|
||||
|
||||
tasks:
|
||||
- name: Install necessary packages that openshift-ansible needs
|
||||
package: name="{{ item }}" state=installed
|
||||
with_items:
|
||||
- tar
|
||||
- rsync
|
||||
- dbus-python
|
||||
- NetworkManager
|
||||
- libselinux-python
|
||||
- origin
|
||||
|
||||
- name: Deploy controller public ssh keys to os cluster hosts
|
||||
authorized_key:
|
||||
user: root
|
||||
key: "{{ lookup('file', '{{private}}/files/os/{{env}}/control_key.pub') }}"
|
||||
|
||||
# This is required for OpenShift built-in SkyDNS inside the overlay network
|
||||
# of the cluster
|
||||
- name: ensure NM_CONTROLLED is set to "yes" for os cluster
|
||||
lineinfile:
|
||||
dest: "/etc/sysconfig/network-scripts/ifcfg-eth0"
|
||||
line: "NM_CONTROLLED=yes"
|
||||
notify:
|
||||
- restart NetworkManager
|
||||
|
||||
# This is required for OpenShift built-in SkyDNS inside the overlay network
|
||||
# of the cluster
|
||||
- name: ensure NetworkManager is enabled and started
|
||||
service:
|
||||
name: NetworkManager
|
||||
state: started
|
||||
enabled: yes
|
||||
|
||||
- name: cron entry to clean up docker storage
|
||||
copy:
|
||||
src: "{{files}}/os/cleanup-docker-storage"
|
||||
dest: "/etc/cron.d/cleanup-docker-storage"
|
||||
|
||||
- name: copy docker-storage-setup config
|
||||
copy:
|
||||
src: "{{files}}/os/docker-storage-setup"
|
||||
dest: "/etc/sysconfig/docker-storage-setup"
|
||||
@@ -15,7 +15,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- collectd/base
|
||||
|
||||
@@ -18,7 +18,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- collectd/base
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- sudo
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- collectd/base
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- collectd/base
|
||||
- hosts
|
||||
- fas_client
|
||||
|
||||
@@ -59,7 +59,7 @@
|
||||
- collectd/base
|
||||
- fas_client
|
||||
- hosts
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- rkhunter
|
||||
- rsyncd
|
||||
- sudo
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios/client
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- collectd/base
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user