WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-25 22:41:53 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
94dea17712828d4a56bdd262db0dfd2998edc1fc
fedora-infra_ansible/roles/base/tasks/main.yml
Kevin Fenzi d206ef0f46 Finally make the fedora infra cloud playbook idempotent 
Don't set root password in base and again later in host playbook.
Download rpms and make sure they are installed rather than using url in yum module.
Move cinder restart to a handler.
2015-06-15 19:14:55 +00:00

319 lines
8.2 KiB
YAML
Raw Blame History

---
#
# This is the base role for all machines.
# Things in here are things we want to do to every machine no matter what.
#
# XXX fixme # a datacenter 'fact' from setup
- name: /etc/resolv.conf
copy: src={{ item }} dest=/etc/resolv.conf
with_first_found:
- "{{ resolvconf }}"
- resolv.conf/{{ ansible_fqdn }}
- resolv.conf/{{ host_group }}
- resolv.conf/{{ datacenter }}
- resolv.conf/resolv.conf
tags:
- config
- resolvconf
- base
- name: global default packages to install
yum: state=present name={{ item }}
with_items:
- "{{ global_pkgs_inst }}"
tags:
- packages
- base
- debug: msg="{{ansible_nodename}} {{inventory_hostname}} {{ansible_distribution_major_version|int}}"
- name: make sure hostname is set right on rhel7 hosts
command: hostnamectl set-hostname {{ inventory_hostname }}
when: ( ansible_nodename != inventory_hostname ) and ansible_distribution_major_version|int == 7
- name: sshd_config
copy: src={{ item }} dest=/etc/ssh/sshd_config mode=600
with_first_found:
- "{{ sshd_config }}"
- ssh/sshd_config.{{ ansible_fqdn }}
- ssh/sshd_config.{{ host_group }}
- ssh/sshd_config.{{ dist_tag }}
- ssh/sshd_config.{{ ansible_distribution }}
- ssh/sshd_config.{{ ansible_distribution_version }}
- ssh/sshd_config.default
notify:
- restart sshd
tags:
- sshd_config
- config
- sshd
- base
- name: set root passwd
user: name=root password={{ rootpw }} state=present
tags:
- rootpw
- base
when: not (inventory_hostname.startswith('rawhide') or inventory_hostname.startswith('branched') or inventory_hostname.startswith('compose') or inventory_hostname.startswith('build') or inventory_hostname.startswith('arm') or inventory_hostname.startswith('bkernel') or inventory_hostname.startswith('koji01.stg') or inventory_hostname.startswith('aarch64') or inventory_hostname.startswith('s390') or inventory_hostname.startswith('fed-cloud09'))
- name: add ansible root key
authorized_key: user=root key="{{ item }}"
with_file:
- ansible-pub-key
tags:
- config
- base
- name: make sure our resolv.conf is the one being used - set RESOLV_MODS=no in /etc/sysconfig/network
lineinfile: dest=/etc/sysconfig/network create=yes backup=yes state=present line='RESOLV_MODS=no' regexp=^RESOLV_MODS=
tags:
- config
- base
- name: dist pkgs to remove
yum: state=absent name={{ item }}
with_items:
- "{{ base_pkgs_erase }}"
tags:
- packages
- base
- name: dist pkgs to install
yum: state=present name={{ item }}
with_items:
- "{{ base_pkgs_inst }}"
tags:
- packages
- base
- name: dist disabled services
service: state=stopped enabled=false name={{ item }}
with_items:
- "{{ service_disabled }}"
tags:
- service
- config
- base
- name: dist enabled services
service: state=running enabled=true name={{ item }}
with_items:
- "{{ service_enabled }}"
tags:
- service
- config
- base
- name: iptables
template: src={{ item }} dest=/etc/sysconfig/iptables mode=600 backup=yes
with_first_found:
- ../templates/iptables/iptables.{{ datacenter }}
- ../templates/iptables/iptables.{{ ansible_fqdn }}
- ../templates/iptables/iptables.{{ host_group }}
- ../templates/iptables/iptables.{{ env }}
- ../templates/iptables/iptables
when: not inventory_hostname.startswith('fed-cloud09')
notify:
- restart iptables
- reload libvirtd
tags:
- iptables
- config
- base
- name: iptables service enabled
service: name=iptables state=started enabled=true
tags:
- iptables
- service
- base
- name: ip6tables
template: src={{ item }} dest=/etc/sysconfig/ip6tables mode=600 backup=yes
with_first_found:
- ../templates/iptables/ip6tables.{{ datacenter }}
- ../templates/iptables/ip6tables.{{ ansible_fqdn }}
- ../templates/iptables/ip6tables.{{ host_group }}
- ../templates/iptables/ip6tables.{{ env }}
- ../templates/iptables/ip6tables
when: not inventory_hostname.startswith('fed-cloud09')
notify:
- restart ip6tables
- reload libvirtd
tags:
- ip6tables
- config
- base
- name: ip6tables service enabled
service: name=ip6tables state=started enabled=true
tags:
- ip6tables
- service
- base
- name: rsyslog.conf
copy: src={{ item }} dest=/etc/rsyslog.conf mode=644
with_first_found:
- rsyslog/rsyslog.conf.{{ ansible_fqdn }}
- rsyslog/rsyslog.conf.{{ dist_tag }}
- rsyslog/rsyslog.conf.default
notify:
- restart rsyslog
tags:
- rsyslogd
- config
- base
- name: rsyslog log rotate for rsyslog servers
copy: src=rsyslog/merged-rsyslog dest=/etc/logrotate.d/merged-rsyslog mode=644
when: inventory_hostname.startswith('log')
notify:
- restart rsyslog
tags:
- rsyslogd
- config
- base
- name: add rsyslog config to /etc/rsyslog.d
copy: src={{ item }} dest=/etc/rsyslog.d/ owner=root group=root mode=0644
with_fileglob:
- rsyslog/*.conf
notify:
- restart rsyslog
tags:
- rsyslogd
- config
- base
- name: log everything to log02 except on mirrorlist, do not log local4 there.
copy: src=rsyslog/rsyslog-log02 dest=/etc/rsyslog.d/rsyslog-log02.conf mode=644
when: not inventory_hostname.startswith('mirrorlist')
tags:
- rsyslogd
- config
- base
- name: log everything to log02 except on mirrorlist, do not log local4 there.
copy: src=rsyslog/rsyslog-log02-nolocal4 dest=/etc/rsyslog.d/rsyslog-log02.conf mode=644
when: inventory_hostname.startswith('mirrorlist')
tags:
- rsyslogd
- config
- name: log everything to log01 except on mirrorlist, do not log local4 there.
copy: src=rsyslog/rsyslog-log01 dest=/etc/rsyslog.d/rsyslog-log01.conf mode=644
when: not inventory_hostname.startswith('mirrorlist')
tags:
- rsyslogd
- config
- base
- name: log everything to log01 except on mirrorlist, do not log local4 there.
copy: src=rsyslog/rsyslog-log01-nolocal4 dest=/etc/rsyslog.d/rsyslog-log01.conf mode=644
when: inventory_hostname.startswith('mirrorlist')
tags:
- rsyslogd
- config
- base
- base
- name: /etc/postfix/main.cf
copy: src={{ item }} dest=/etc/postfix/main.cf
with_first_found:
- "{{ postfix_maincf }}"
- "postfix/main.cf/main.cf.{{ ansible_fqdn }}"
- "postfix/main.cf/main.cf.{{ host_group }}"
- "postfix/main.cf/main.cf.{{ postfix_group }}"
- "postfix/main.cf/main.cf.{{ datacenter }}"
- "postfix/main.cf/main.cf"
notify:
- restart postfix
tags:
- postfix
- config
- base
- name: install /etc/postfix/master.cf file
copy: src={{ item }} dest=/etc/postfix/master.cf mode=0644
with_first_found:
- "{{ postfix_mastercf }}"
- "postfix/master.cf/master.cf.{{ ansible_fqdn }}"
- "postfix/master.cf/master.cf.{{ inventory_hostname }}"
- "postfix/master.cf/master.cf.{{ host_group }}"
- "postfix/master.cf/master.cf.{{ postfix_group }}"
- "postfix/master.cf/master.cf"
when: inventory_hostname.startswith('smtp-mm')
notify:
- restart postfix
tags:
- postfix
- config
- base
- name: enable postfix to start
service: name=postfix state=running enabled=true
tags:
- service
- base
- name: install /etc/postfix/transport file
copy: src="postfix/{{ postfix_transport_filename }}" dest=/etc/postfix/transport
when: inventory_hostname.startswith(('smtp-mm','bastion'))
notify:
- restart postfix
- rebuild postfix transport
tags:
- postfix
- base
- config
- name: install ntp.conf
copy: src=ntp/ntp.conf dest=/etc/ntp.conf
tags:
- ntp
- config
- base
- name: install ntp step-tickers
copy: src=ntp/step-tickers dest=/etc/ntp/step-tickers
tags:
- ntp
- config
- base
- name: Start ntpd
service: name=ntpd state=running enabled=true
tags:
- ntp
- service
- base
#
# This task installs some common scripts to /usr/local/bin
# scripts are under roles/base/files/common-scripts
#
- name: Install common scripts
copy: src={{ item }} dest=/usr/local/bin/ owner=root group=root mode=0755
with_fileglob:
- common-scripts/*
tags:
- config
- base
- name: install a sync httpd logs cron script only on log01
copy: src=syncHttpLogs.sh dest=/etc/cron.daily/syncHttpLogs.sh mode=755
when: inventory_hostname.startswith('log01')
tags:
- config
- base
- name: Drop in a little system_identification note
template: src=system_identification dest=/etc/system_identification
tags:
- config
- base
Reference in New Issue View Git Blame Copy Permalink