mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-03-20 03:57:02 +08:00
7855344443
Seems like we set this up many years ago for staging, but then we added a comment to do it for prod and never did. This is needed in todays rdu3 setup. The pagure user needs to be local so it can sudo with the local sudo config instead of the ipa sudo config. Signed-off-by: Kevin Fenzi <kevin@scrye.com>
99 lines
2.4 KiB
YAML
99 lines
2.4 KiB
YAML
---
|
|
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
|
|
vars:
|
|
myhosts: "pkgs_stg:pkgs"
|
|
|
|
- name: Make the box be real
|
|
hosts: pkgs_stg:pkgs
|
|
user: root
|
|
gather_facts: true
|
|
|
|
vars_files:
|
|
- /srv/web/infra/ansible/vars/global.yml
|
|
- "/srv/private/ansible/vars.yml"
|
|
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
|
|
|
roles:
|
|
- base
|
|
- hosts
|
|
- rkhunter
|
|
- nagios_client
|
|
- zabbix/zabbix_agent
|
|
- ipa/client
|
|
- collectd/base
|
|
- sudo
|
|
- apache
|
|
|
|
tasks:
|
|
- name: Copy keytab
|
|
ansible.builtin.copy: src={{private}}/files/keytabs/{{env}}/pkgs
|
|
dest=/etc/httpd.keytab
|
|
owner=apache group=apache mode=0600
|
|
tags:
|
|
- krb5
|
|
|
|
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
|
|
|
|
handlers:
|
|
- import_tasks: "{{ handlers_path }}/restart_services.yml"
|
|
|
|
- name: Setup users on pkgs
|
|
hosts: pkgs_stg:pkgs
|
|
user: root
|
|
gather_facts: true
|
|
|
|
tasks:
|
|
- name: Setup pagure user
|
|
tags: pagure-user
|
|
user:
|
|
name: pagure
|
|
uid: "{{ pagure_static_uid }}"
|
|
shell: /sbin/nologin
|
|
comment: "Pagure User"
|
|
|
|
- name: Setup dist-git on the box
|
|
hosts: pkgs_stg:pkgs
|
|
user: root
|
|
gather_facts: true
|
|
|
|
vars_files:
|
|
- /srv/web/infra/ansible/vars/global.yml
|
|
- "/srv/private/ansible/vars.yml"
|
|
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
|
|
|
roles:
|
|
- {role: git/make_checkout_seed, when: env != "staging"}
|
|
- git/hooks
|
|
- git/checks
|
|
- clamav
|
|
- {
|
|
role: nfs/client,
|
|
when: env != "staging",
|
|
mnt_dir: '/srv/cache/lookaside',
|
|
nfs_src_dir:
|
|
'fedora_sourcecache',
|
|
nfs_mount_opts='rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3' # yamllint disable-line rule:commas rule:indentation
|
|
}
|
|
- {
|
|
role: nfs/client,
|
|
when: env == "staging" and inventory_hostname.startswith('pkgs01'),
|
|
mount_stg: true,
|
|
mnt_dir: '/srv/cache/lookaside_prod',
|
|
nfs_src_dir:
|
|
'fedora_sourcecache',
|
|
nfs_mount_opts='ro,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3' # yamllint disable-line rule:commas rule:indentation
|
|
}
|
|
# Set up for fedora-messaging
|
|
- role: rabbit/user
|
|
user_name: "pkgs{{ env_suffix }}"
|
|
user_sent_topics:
|
|
^org\.fedoraproject\.{{ env_short }}\.(pagure|git|logger)\..*
|
|
|
|
- role: distgit/pagure
|
|
- role: distgit
|
|
tags: distgit
|
|
- {role: hosts, when: env == "staging"}
|
|
|
|
handlers:
|
|
- import_tasks: "{{ handlers_path }}/restart_services.yml"
|