Specify the nfs_mount_opts when mounting /pub/archive on secondary01

playbooks/groups/darkserver.yml

@@ -1,68 +0,0 @@
-# create a new darkserver server
-# NOTE: should be used with --limit most of the time
-# NOTE: make sure there is room/space for this server on the vmhost
-# NOTE: most of these vars_path come from group_vars/darkserver* or from hostvars
-
-- name: make darkserver
-  hosts: darkserver
-  user: root
-  gather_facts: False
-
-  vars_files: 
-   - /srv/web/infra/ansible/vars/global.yml
-   - "{{ private }}/vars.yml"
-   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
-
-  tasks:
-  - include: "{{ tasks }}/virt_instance_create.yml"
-
-  handlers:
-  - include: "{{ handlers }}/restart_services.yml"
-
-- name: make the box be real
-  hosts: darkserver
-  user: root
-  gather_facts: True
-
-  vars_files: 
-   - /srv/web/infra/ansible/vars/global.yml
-   - "{{ private }}/vars.yml"
-   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
-
-  roles:
-  - base
-  - rkhunter
-  - { role: denyhosts, when: ansible_distribution_major_version != '7' }
-  - nagios_client
-  - hosts
-  - fas_client
-  - rsyncd
-  - sudo
-  - { role: openvpn/client,
-      when: env != "staging" }
-
-  tasks:
-  - include: "{{ tasks }}/yumrepos.yml"
-  - include: "{{ tasks }}/2fa_client.yml"
-  - include: "{{ tasks }}/motd.yml"
-  - include: "{{ tasks }}/apache.yml"
-  - include: "{{ tasks }}/mod_wsgi.yml"
-
-  handlers:
-  - include: "{{ handlers }}/restart_services.yml"
-
-- name: deploy darkserver itself
-  hosts: darkserver
-  user: root
-  gather_facts: True
-
-  vars_files:
-   - /srv/web/infra/ansible/vars/global.yml
-   - "{{ private }}/vars.yml"
-   - "{{ vars_path }}/{{ ansible_distribution }}.yml"
-
-  roles:
-  - darkserver
-
-  handlers:
-  - include: "{{ handlers }}/restart_services.yml"

playbooks/hosts/secondary01.phx2.fedoraproject.org.yml

@@ -0,0 +1,93 @@
+# create a new server for secondary arch
+# NOTE: should be used with --limit most of the time
+# NOTE: make sure there is room/space for this server on the vmhost
+# NOTE: most of these vars_path come from group_vars/secondary* or from hostvars
+
+- name: make the servers
+  hosts: secondary01
+  user: root
+  gather_facts: False
+
+  vars_files:
+   - /srv/web/infra/ansible/vars/global.yml
+   - "{{ private }}/vars.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  tasks:
+  - include: "{{ tasks }}/virt_instance_create.yml"
+
+  handlers:
+  - include: "{{ handlers }}/restart_services.yml"
+
+- name: make the boxen be real for real
+  hosts: secondary01
+  user: root
+  gather_facts: True
+
+  vars_files:
+   - /srv/web/infra/ansible/vars/global.yml
+   - "{{ private }}/vars.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  roles:
+  - base
+  - rkhunter
+  - { role: denyhosts, when: ansible_distribution_major_version != '7' }
+  - nagios_client
+  - hosts
+  - fas_client
+  - sudo
+  - { role: nfs/client,
+      when: datacenter == "phx2",
+      mnt_dir: '/srv/pub/alt',
+      nfs_src_dir: '/vol/fedora_ftp/fedora.redhat.com/pub/alt'
+    }
+  - { role: nfs/client,
+      when: datacenter == "phx2",
+      mnt_dir: '/srv/pub/archive',
+      nfs_src_dir: '/vol/fedora_ftp/fedora.redhat.com/pub/archive',
+      nfs_mount_opts: 'ro,hard,bg,intr,noatime,nodev,nosuid'
+    }
+  - { role: nfs/client,
+      when: datacenter == "phx2",
+      mnt_dir: '/srv/pub/fedora-secondary',
+      nfs_src_dir: '/vol/fedora_ftp/fedora.redhat.com/pub/fedora-secondary'
+    }
+
+  tasks:
+  - include: "{{ tasks }}/yumrepos.yml"
+  - include: "{{ tasks }}/2fa_client.yml"
+
+  handlers:
+  - include: "{{ handlers }}/restart_services.yml"
+
+- name: Set up the rest of the box as desired
+  hosts: secondary01
+  user: root
+  gather_facts: True
+
+  vars_files:
+   - /srv/web/infra/ansible/vars/global.yml
+   - "{{ private }}/vars.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  tasks:
+  - name: clean yum metadata
+    action: yum clean all
+    tags:
+    - packages
+
+  - name: install needed packages
+    yum: pkg={{ item }} state=present
+    with_items:
+    - nfs-utils
+    - koji
+    tags:
+    - packages
+
+  - name: set sebooleans so httpd can use nfs
+    action: seboolean name={{ item }}
+                      state=true
+                      persistent=true
+    with_items:
+    - httpd_use_nfs

roles/darkserver/tasks/main.yml

@@ -1,29 +0,0 @@
----
-# Configuration for the fedocal webapp
-
-- name: clean yum metadata
-  command: yum clean all
-  tags:
-  - packages
-
-- name: install needed packages
-  yum: pkg={{ item }} state=present
-  with_items:
-  - darkserver
-  - darkserver-importer
-  tags:
-  - packages
-
-- name: Install all the configuration file of darkserver
-  template: src={{ item.file }}
-            dest={{ item.location }}/{{ item.file }}
-            owner=apache group=apache mode=0640
-  with_items:
-  - { file: darkserverweb.conf, location: /etc/darkserver/darkserverweb.conf }
-  - { file: darkjobworker.conf, location: /etc/darkserver/darkjobworker.conf }
-  - { file: email.json, location: /etc/darkserver/email.json }
-  tags:
-  - config
-  notify:
-  - restart apache
-

roles/darkserver/templates/darkjobworker.conf

@@ -1,12 +0,0 @@
-[darkserver]
-{% if env == 'staging' %}
-host=db-darkserver.stg
-{% else %}
-host=db-darkserver
-{% endid %}
-database=darkserver
-user=darkwriter
-password={{ darkserverWriterDBPassword }}
-port=3306
-unique=127.0.0.1
-

roles/darkserver/templates/darkserver.conf

@@ -1,11 +0,0 @@
-[darkserver]
-{% if env == 'staging' %}
-host=db-darkserver.stg
-{% else %}
-host=db-darkserver
-{% endid %}
-user=darkserver-koji
-password={{ darkserverKojiPluginDBPassword }}
-database=darkserver
-port=3306
-

roles/darkserver/templates/darkserverweb.conf

@@ -1,10 +0,0 @@
-[darkserverweb]
-{% if env == 'staging' %}
-host=db-darkserver.stg
-{% else %}
-host=db-darkserver
-{% endif %}
-user=darkreader
-password={{ darkserverReaderDBPassword }}
-database=darkserver
-

roles/darkserver/templates/email.json

@@ -1 +0,0 @@
-"sysadmin-darkserver-members@fedoraproject.org"