[ansible] Update restart_services
by Nicolas Chauvet
commit 11d8c422dd8291c4d9159a957619d10ce60dc5cb
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Wed Nov 9 10:23:11 2016 +0100
Update restart_services
handlers/restart_services.yml | 18 ++++++++++++++----
1 files changed, 14 insertions(+), 4 deletions(-)
---
diff --git a/handlers/restart_services.yml b/handlers/restart_services.yml
index 5df3fc1..96f1427 100644
--- a/handlers/restart_services.yml
+++ b/handlers/restart_services.yml
@@ -71,9 +71,6 @@
- name: fix openvpn routing
action: shell /etc/openvpn/fix-routes.sh
-- name: restart postfix
- action: service name=postfix state=restarted
-
- name: restart xinetd
action: service name=xinetd state=restarted
@@ -86,6 +83,12 @@
- name: rebuild postfix transport
command: /usr/sbin/postmap /etc/postfix/transport
+- name: rebuild postfix tls_policy
+ command: /usr/sbin/postmap /etc/postfix/tls_policy
+
+- name: restart postfix
+ service: name=postfix state=restarted
+
- name: restart glusterd
service: name=glusterd state=restarted
@@ -124,9 +127,13 @@
- name: restart stunnel
service: name=stunnel state=restarted
-- name: restart cinder
+- name: restart cinder api
service: name=openstack-cinder-api state=restarted
+
+- name: restart cinder scheduler
service: name=openstack-cinder-scheduler state=restarted
+
+- name: restart cinder volume
service: name=openstack-cinder-volume state=restarted
- name: restart autocloud
@@ -141,6 +148,9 @@
- name: reload NetworkManager-connections
command: nmcli c reload
+- name: restart basset-worker
+ service: name=basset-worker state=restarted
+
- name: apply interface-changes
command: nmcli con up {{ item.split()[1] }}
async: 1
7 years, 5 months
[ansible] Moved to the correct location
by Nicolas Chauvet
commit c71da45c07ccc60a70a1d4151d16a174e240fc53
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Tue Nov 8 19:34:21 2016 +0100
Moved to the correct location
files/hotfix/fas/{ => templates}/error.html | 0
files/hotfix/fas/{ => templates}/home.html | 0
files/hotfix/fas/{ => templates}/login.html | 0
files/hotfix/fas/{ => templates}/welcome.html | 0
roles/ansible-server/templates/ansible.cfg.j2 | 6 +++++-
5 files changed, 5 insertions(+), 1 deletions(-)
---
diff --git a/files/hotfix/fas/error.html b/files/hotfix/fas/templates/error.html
similarity index 100%
rename from files/hotfix/fas/error.html
rename to files/hotfix/fas/templates/error.html
diff --git a/files/hotfix/fas/home.html b/files/hotfix/fas/templates/home.html
similarity index 100%
rename from files/hotfix/fas/home.html
rename to files/hotfix/fas/templates/home.html
diff --git a/files/hotfix/fas/login.html b/files/hotfix/fas/templates/login.html
similarity index 100%
rename from files/hotfix/fas/login.html
rename to files/hotfix/fas/templates/login.html
diff --git a/files/hotfix/fas/welcome.html b/files/hotfix/fas/templates/welcome.html
similarity index 100%
rename from files/hotfix/fas/welcome.html
rename to files/hotfix/fas/templates/welcome.html
diff --git a/roles/ansible-server/templates/ansible.cfg.j2 b/roles/ansible-server/templates/ansible.cfg.j2
index cea9069..7242eab 100644
--- a/roles/ansible-server/templates/ansible.cfg.j2
+++ b/roles/ansible-server/templates/ansible.cfg.j2
@@ -24,6 +24,10 @@ poll_interval = 15
#remote_port = 22
#module_lang = C
+# We don't always want to be required to specify a name to get useful info
+# https://github.com/ansible/ansible/issues/14554
+display_args_to_stdout = True
+
# plays will gather facts by default, which contain information about
# the remote system.
#
@@ -33,7 +37,7 @@ poll_interval = 15
gathering = smart
# additional paths to search for roles in, colon separated
-roles_path = {{ ansible_base }}/ansible/roles
+roles_path = {{ ansible_base }}/ansible/roles:{{ ansible_base }}/openshift-ansible/roles
# uncomment this to disable SSH key host checking
#host_key_checking = False
7 years, 5 months
[ansible] Sync ansible template with fedora
by Nicolas Chauvet
commit 568d28658caf0a49dec3efefa104d673b0817e0d
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Tue Nov 8 19:23:37 2016 +0100
Sync ansible template with fedora
roles/ansible-server/templates/ansible.cfg.j2 | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)
---
diff --git a/roles/ansible-server/templates/ansible.cfg.j2 b/roles/ansible-server/templates/ansible.cfg.j2
index 966d8da..cea9069 100644
--- a/roles/ansible-server/templates/ansible.cfg.j2
+++ b/roles/ansible-server/templates/ansible.cfg.j2
@@ -43,6 +43,13 @@ roles_path = {{ ansible_base }}/ansible/roles
# enable additional callbacks
callback_whitelist = fedmsg_callback2,profile_tasks,logdetail2
+# Determine whether includes in tasks and handlers are "static" by
+# default. As of 2.0, includes are dynamic by default. Setting these
+# values to True will make includes behave more like they did in the
+# 1.x versions.
+#task_includes_static = True
+handler_includes_static = True
+
# change this for alternative sudo implementations
#sudo_exe = sudo
7 years, 5 months
[ansible] Add tag override
by Nicolas Chauvet
commit 9b269dcdd2977ce5af4762f1d9e33332440b9191
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Tue Nov 8 18:56:56 2016 +0100
Add tag override
roles/koji_hub/templates/hub.conf.j2 | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
---
diff --git a/roles/koji_hub/templates/hub.conf.j2 b/roles/koji_hub/templates/hub.conf.j2
index df25a09..661ba67 100644
--- a/roles/koji_hub/templates/hub.conf.j2
+++ b/roles/koji_hub/templates/hub.conf.j2
@@ -77,6 +77,7 @@ tag =
tag *-candidate :: allow
tag *-free :: allow
tag *-nonfree :: allow
+ tag *-override :: allow
all :: deny
channel =
7 years, 5 months
[ansible] Update pkgdb2.cfg
by Nicolas Chauvet
commit 0639141a9b0e193c3788862dd08426d97ebfd543
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Tue Nov 8 12:32:17 2016 +0100
Update pkgdb2.cfg
roles/pkgdb2/templates/pkgdb2.cfg | 16 +++++-----------
1 files changed, 5 insertions(+), 11 deletions(-)
---
diff --git a/roles/pkgdb2/templates/pkgdb2.cfg b/roles/pkgdb2/templates/pkgdb2.cfg
index ae4609c..967d291 100644
--- a/roles/pkgdb2/templates/pkgdb2.cfg
+++ b/roles/pkgdb2/templates/pkgdb2.cfg
@@ -21,9 +21,7 @@ AUTO_APPROVE = ['watchcommits', 'watchbugzilla']
### List of FAS user that can be automatically approved w/o checking if they
### are packagers
-AUTOAPPROVE_PKGERS = [
- 'kwizart', 'nchauvet',
-]
+AUTOAPPROVE_PKGERS = []
#### FAS group for the pkgdb admins
{% if env == 'staging' %}
@@ -50,7 +48,7 @@ FEDMENU_DATA_URL = 'https://apps.fedoraproject.org/js/data.js'
PKGDB2_CACHE_BACKEND = 'dogpile.cache.memcached'
PKGDB2_CACHE_KWARGS = {
'arguments': {
- 'url': ["memcached01:11211"],
+ 'url': ["localhost:11211"],
'distributed_lock': True,
}
}
@@ -70,8 +68,7 @@ PKGDB2_BUGZILLA_PASSWORD = '{{ bugzilla_password }}'
# Settings specific to the ``pkgdb-sync-bugzilla`` script/cron
PKGDB2_BUGZILLA_NOTIFY_EMAIL = [
- 'kwizart(a)gmail.com',
- 'noreply(a)rpmfusion.org']
+ 'root(a)rpmfusion.org']
BUGZILLA_COMPONENT_API = "component.get"
PKGDB2_BUGZILLA_NOTIFY_USER = '{{ bugzilla_user }}'
PKGDB2_BUGZILLA_NOTIFY_PASSWORD = '{{ bugzilla_password }}'
@@ -82,7 +79,7 @@ PKGDB2_BUGZILLA_DRY_RUN = False
## URL to the FAS instance to query
{% if env == 'staging' %}
-PKGDB2_FAS_URL = 'https://admin.stg.fedoraproject.org/accounts'
+PKGDB2_FAS_URL = 'http://fas01.online.rpmfusion.net/accounts'
PKGDB2_FAS_INSECURE = True
SITE_ROOT = 'https://admin.rpmfusion.org'
SITE_URL = '%s/pkgdb' % SITE_ROOT
@@ -90,7 +87,7 @@ SITE_URL = '%s/pkgdb' % SITE_ROOT
PKGDB2_BUGZILLA_NOTIFICATION = False
FAS_OPENID_ENDPOINT = 'https://id.rpmfusion.org/'
{% else %}
-PKGDB2_FAS_URL = 'https://admin.rpmfusion.org/accounts'
+PKGDB2_FAS_URL = 'http://fas01.online.rpmfusion.net/accounts'
PKGDB2_FAS_INSECURE = True
SITE_ROOT = 'https://admin.rpmfusion.org'
SITE_URL = '%s/pkgdb' % SITE_ROOT
@@ -175,7 +172,6 @@ Your prompt attention in this matter is appreciated.
The RPM Fusion admins.
"""
-{% if env != 'staging' %}
FEDOCAL_URL = 'https://apps.fedoraproject.org/calendar'
FEDOCAL_CALENDAR_SHIELD = 'vacation'
@@ -201,12 +197,10 @@ REPO_MAP = [
]
BASE_REPO_URL = 'http://download1.rpmfusion.org/%s/'
-{% endif %}
# URLs used in the package's info page
# Watch for the `%s` in the URL it is mandatory and in each of these, it
# will be replaced by the package's name
-#PKGS_BUG_URL = 'https://apps.rpmfusion.org/packages/%s/bugs'
PKGS_BUG_URL = 'https://bugzilla.rpmfusion.org/buglist.cgi?query_format=specific&order=re...'
PKGS_PKG_URL = 'http://rpmfusion.org/Package/%s'
CGIT_URL = 'https://pkgs.rpmfusion.org/cgit/?q=%s'
7 years, 5 months
[ansible] Update openvpn_client
by Nicolas Chauvet
commit 09a00e26a56fc31247151c0b660bec59317757e7
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Sat Nov 5 17:52:31 2016 +0100
Update openvpn_client
tasks/openvpn_client.yml | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
---
diff --git a/tasks/openvpn_client.yml b/tasks/openvpn_client.yml
index 6625dc5..5249ad5 100644
--- a/tasks/openvpn_client.yml
+++ b/tasks/openvpn_client.yml
@@ -44,3 +44,4 @@
service: name=openvpn state=running enabled=true
tags:
- service
+ when: ansible_distribution_major_version|int == 6
7 years, 5 months
[ansible] Switch to kojifiles
by Nicolas Chauvet
commit dd8ef9bc6440e9bf62bfc1e32a6b22b19b70b880
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Sat Nov 5 17:50:55 2016 +0100
Switch to kojifiles
group_vars/buildhw | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/group_vars/buildhw b/group_vars/buildhw
index 63077de..cdc06cb 100644
--- a/group_vars/buildhw
+++ b/group_vars/buildhw
@@ -7,7 +7,7 @@ freezes: true
koji_hub_nfs: "rpmfusion_koji"
koji_server_url: "http://koji.rpmfusion.org/kojihub"
koji_weburl: "http://koji.rpmfusion.org/koji"
-koji_topurl: "http://kojipkgs.rpmfusion.org/"
+koji_topurl: "http://koji.rpmfusion.org/kojifiles"
# These variables are pushed into /etc/system_identification by the base role.
# Groups and individual hosts should ovveride them with specific info.
7 years, 5 months
[ansible] Add bugzilla apache httpd config
by Nicolas Chauvet
commit 5191d26e86c72495412a8afa78084e0b20731146
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Sat Nov 5 14:51:06 2016 +0100
Add bugzilla apache httpd config
roles/bugzilla/files/bugzilla-httpd.conf | 60 ++++++++++++++++++++++++++++++
roles/bugzilla/tasks/main.yml | 4 ++
2 files changed, 64 insertions(+), 0 deletions(-)
---
diff --git a/roles/bugzilla/files/bugzilla-httpd.conf b/roles/bugzilla/files/bugzilla-httpd.conf
new file mode 100644
index 0000000..4c6100a
--- /dev/null
+++ b/roles/bugzilla/files/bugzilla-httpd.conf
@@ -0,0 +1,60 @@
+#Alias /var/lib/bugzilla/data/webdot /var/lib/bugzilla/data/webdot
+#Alias /bugzilla /usr/share/bugzilla
+
+ DocumentRoot /usr/share/bugzilla
+
+ RewriteEngine On
+ RewriteRule ^/([0-9]+)$ /show_bug.cgi?id=$1 [L,R]
+ RewriteRule ^/bugzilla/(.*)$ /$1 [L,R]
+
+<Directory /usr/share/bugzilla>
+
+ <IfModule mod_authz_core.c>
+ # Bugzilla will be accessible to all machines in your network
+ # Replace with "Require local" if you want access to be restricted
+ # to this machine.
+ Require all granted
+ </IfModule>
+
+ AddHandler cgi-script .cgi
+ Options +Indexes +ExecCGI +FollowSymLinks
+ DirectoryIndex index.cgi index.html
+ AllowOverride None
+ AddType application/vnd.mozilla.xul+xml .xul
+ AddType application/rdf+xml .rdf
+</Directory>
+
+<Directory /var/lib/bugzilla/data>
+ Require all denied
+</Directory>
+
+<Directory /var/lib/bugzilla/data/webdot>
+# Restrict access to .dot files to the public webdot server at research.att.com
+# if research.att.com ever changes their IP, or if you use a different
+# webdot server, you'll need to edit this
+ <FilesMatch \.dot$>
+ #Require ip 192.20.225.0/24
+ Require all denied
+ </FilesMatch>
+
+# Allow access to .png files created by a local copy of 'dot'
+ <FilesMatch \.png$>
+ Require all granted
+ </FilesMatch>
+
+# And no directory listings, either.
+ Require all denied
+</Directory>
+
+<Directory /var/lib/bugzilla/assets>
+ Require all granted
+</Directory>
+
+<Directory /var/lib/bugzilla/graphs>
+ <FilesMatch (\.gif|\.png)$>
+ Require all granted
+ </FilesMatch>
+ Require all denied
+</Directory>
+
+Include conf.d/trace.inc
diff --git a/roles/bugzilla/tasks/main.yml b/roles/bugzilla/tasks/main.yml
index 45cc69c..fa99e46 100644
--- a/roles/bugzilla/tasks/main.yml
+++ b/roles/bugzilla/tasks/main.yml
@@ -41,4 +41,8 @@
- config
- bugzilla
+- name: install apache httpd bugzilla
+ copy: src="bugzilla-httpd.conf" dest="/etc/httpd/conf.d/bugzilla.conf" owner=root group=root
+ tags:
+ - config
7 years, 5 months
[ansible] Fix typo
by Nicolas Chauvet
commit 01fe53896168d1545240d1cba636088c4a8deee1
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Sat Nov 5 13:45:26 2016 +0100
Fix typo
roles/bugzilla/templates/localconfig | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/roles/bugzilla/templates/localconfig b/roles/bugzilla/templates/localconfig
index e62bd55..5a54917 100644
--- a/roles/bugzilla/templates/localconfig
+++ b/roles/bugzilla/templates/localconfig
@@ -51,7 +51,7 @@ $db_driver = '{{ bugzilla_db_driver }}';
# The DNS name or IP address of the host that the database server runs on.
{% if bugzilla_db_host == 'localhost' %}
-$db_host = ''
+$db_host = '';
{% else %}
$db_host = '{{ bugzilla_db_host }}';
{% endif %}
7 years, 5 months