WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-28 20:42:20 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
15aa64b80784bbd34d7b6f85e3a9ce43cfc94de4
fedora-infra_ansible/playbooks/groups/docker-registry.yml
Kevin Fenzi afef097a3d switch all the include tasks to import tasks
2017-10-17 17:37:03 +00:00

161 lines
4.4 KiB
YAML
Raw Blame History

# create an osbs server
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=docker-registry:docker-registry-stg"
- name: make the box be real
hosts: docker-registry:docker-registry-stg
user: root
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- base
- rkhunter
- nagios_client
- hosts
- fas_client
- collectd/base
- rsyncd
- sudo
- { role: openvpn/client,
when: env != "staging" }
tasks:
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
- import_tasks: "{{ tasks_path }}/2fa_client.yml"
- import_tasks: "{{ tasks_path }}/motd.yml"
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"
- name: set up gluster on stg
hosts:
- docker-registry01.stg.phx2.fedoraproject.org
- docker-registry02.stg.phx2.fedoraproject.org
user: root
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- role: gluster/server
name: gluster
username: "{{ registry_gluster_username_stg }}"
password: "{{ registry_gluster_password_stg }}"
owner: root
group: root
datadir: /srv/glusterfs/registry-stg
- role: gluster/client
name: gluster
servers:
- docker-registry01.stg.phx2.fedoraproject.org
- docker-registry02.stg.phx2.fedoraproject.org
username: "{{ registry_gluster_username_stg }}"
password: "{{ registry_gluster_password_stg }}"
owner: root
group: root
mountdir: "/srv/docker"
- name: set up gluster on prod
hosts:
- docker-registry02.phx2.fedoraproject.org
- docker-registry03.phx2.fedoraproject.org
user: root
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- role: gluster/server
name: gluster
username: "{{ registry_gluster_username_prod }}"
password: "{{ registry_gluster_password_prod }}"
owner: root
group: root
datadir: /srv/glusterfs/registry
- role: gluster/client
name: gluster
servers:
- docker-registry02.phx2.fedoraproject.org
- docker-registry03.phx2.fedoraproject.org
username: "{{ registry_gluster_username_prod }}"
password: "{{ registry_gluster_password_prod }}"
owner: root
group: root
mountdir: "/srv/docker"
- name: setup docker distribution registry
hosts: docker-registry:docker-registry-stg
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- /srv/private/ansible/vars.yml
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
# NOTE: tls is disabled for docker-distribution because we are listening only
# on localhost and all external connections will be through httpd which
# will be SSL enalbed.
roles:
- {
role: docker-distribution,
conf_path: "/etc/docker-distribution/registry/config.yml",
tls: {
enabled: False,
},
log: {
fields: {
service: "registry"
}
},
storage: {
filesystem: {
rootdirectory: "/srv/"
}
},
http: {
addr: ":5000"
}
}
# Setup compose-x86-01 push docker images to registry
- {
role: push-docker,
docker_cert_name: "containerstable",
docker_cert_dir: "/etc/docker/certs.d/registry.stg.fedoraproject.org",
when: env == "staging",
delegate_to: compose-x86-01.phx2.fedoraproject.org
}
- {
role: push-docker,
docker_cert_name: "containerbuild",
docker_cert_dir: "/etc/docker/certs.d/candidate-registry.stg.fedoraproject.org",
when: env == "staging",
delegate_to: compose-x86-01.phx2.fedoraproject.org
}
- {
role: push-docker,
docker_cert_name: "containerstable",
docker_cert_dir: "/etc/docker/certs.d/registry.fedoraproject.org",
when: env == "production",
delegate_to: compose-x86-01.phx2.fedoraproject.org
}
- {
role: push-docker,
docker_cert_name: "containerbuild",
docker_cert_dir: "/etc/docker/certs.d/candidate-registry.fedoraproject.org",
when: env == "production",
delegate_to: compose-x86-01.phx2.fedoraproject.org
}
Reference in New Issue View Git Blame Copy Permalink