mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-02-02 20:59:02 +08:00
ff252cea44
do let me know if you think it will. Before we merge this, we will need to adjust things in mirrormanager to not provide http links most likely (although I suppose the redirects will work for http clients). Signed-off-by: Kevin Fenzi kevin@scrye.com
94 lines
3.1 KiB
YAML
94 lines
3.1 KiB
YAML
---
|
|
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
|
|
vars:
|
|
myhosts: "secondary"
|
|
|
|
- name: Setup secondary arch download server
|
|
hosts: secondary
|
|
user: root
|
|
gather_facts: true
|
|
|
|
vars_files:
|
|
- /srv/web/infra/ansible/vars/global.yml
|
|
- "/srv/private/ansible/vars.yml"
|
|
- "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml"
|
|
|
|
roles:
|
|
- base
|
|
- rkhunter
|
|
- nagios_client
|
|
- hosts
|
|
- zabbix/zabbix_agent
|
|
- ipa/client
|
|
- collectd/base
|
|
- download
|
|
- rsyncd
|
|
- sudo
|
|
- { role: nfs/client,
|
|
mnt_dir: '/srv/pub/archive',
|
|
nfs_src_dir: 'fedora_ftp_archive' }
|
|
- { role: nfs/client,
|
|
mnt_dir: '/srv/pub/alt',
|
|
nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4",
|
|
nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub/alt' }
|
|
- { role: nfs/client,
|
|
mnt_dir: '/srv/pub/fedora-secondary',
|
|
nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4",
|
|
nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub/fedora-secondary' }
|
|
|
|
- role: apache
|
|
|
|
- role: httpd/mod_ssl
|
|
|
|
- role: httpd/certificate
|
|
certname: "{{wildcard_cert_name}}"
|
|
SSLCertificateChainFile: "{{wildcard_int_file}}"
|
|
|
|
- role: httpd/website
|
|
vars:
|
|
- site_name: secondary.fedoraproject.org
|
|
- cert_name: "{{wildcard_cert_name}}"
|
|
- sslonly: true
|
|
server_aliases:
|
|
- archive.fedoraproject.org
|
|
- archives.fedoraproject.org
|
|
|
|
pre_tasks:
|
|
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
|
|
|
|
tasks:
|
|
- name: Install some misc packages needed for various tasks
|
|
ansible.builtin.package:
|
|
state: present
|
|
name:
|
|
- createrepo
|
|
- koji
|
|
- python3-productmd
|
|
- isomd5sum
|
|
|
|
- name: Add create-filelist script from quick-fedora-mirror
|
|
ansible.builtin.copy: src="{{ files }}/scripts/create-filelist.py2" dest=/usr/local/bin/create-filelist mode=0755
|
|
|
|
- name: Add cron script to update fullfiletimelist
|
|
ansible.builtin.copy: src="{{ files }}/scripts/update-fullfiletimelist" dest=/usr/local/bin/update-fullfiletimelist mode=0755
|
|
|
|
- name: Add cron script to prune old logs at /srv/pub/alt/linuxsystemroles/logs
|
|
ansible.builtin.copy: src="{{ files }}/scripts/linuxsystemroles-logs-clean" dest=/usr/local/bin/linuxsystemroles-logs-clean mode=0755
|
|
|
|
- name: Update fullfiletimelist job
|
|
cron: name="update-fullfiletimelist" hour="*/2" minute="55" user="root"
|
|
job="/usr/local/bin/lock-wrapper update-fullfiletimelist '/usr/local/bin/update-fullfiletimelist -l /tmp/update-fullfiletimelist.lock -t /srv/pub alt'"
|
|
cron_file=update-fullfiletimelist
|
|
|
|
- name: Prune old logs at /srv/pub/alt/linuxsystemroles/logs
|
|
cron: name="linuxsystemroles-logs-clean" hour="0" minute="15" user="root"
|
|
job="/usr/local/bin/linuxsystemroles-logs-clean /srv/pub/alt/linuxsystemroles/logs >/dev/null"
|
|
cron_file=linuxsystemroles-logs-clean
|
|
|
|
- name: Set MAILTO for the previous cron job
|
|
cron: env=true name=MAILTO value="systemroles-owner@lists.fedorahosted.org"
|
|
cron_file=linuxsystemroles-logs-clean user=root
|
|
|
|
handlers:
|
|
- import_tasks: "{{ handlers_path }}/restart_services.yml"
|