[ansible] Add ns3.osuosl.org
by Nicolas Chauvet
commit 7e4c1b70b646744e36b06b95566445ef5488a242
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Thu Feb 8 18:49:01 2018 +0100
Add ns3.osuosl.org
roles/base/files/resolv.conf/osuosl | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
---
diff --git a/roles/base/files/resolv.conf/osuosl b/roles/base/files/resolv.conf/osuosl
index 2952466..2cd2a6b 100644
--- a/roles/base/files/resolv.conf/osuosl
+++ b/roles/base/files/resolv.conf/osuosl
@@ -1,4 +1,5 @@
search osuosl.rpmfusion.net
nameserver 140.211.166.130
nameserver 140.211.166.131
+nameserver 216.165.191.54
options rotate timeout:1
6 years, 10 months
[ansible] Add osuosl 02 builders
by Nicolas Chauvet
commit 791289a3bd0a9e3e5ea3aa809c2512cc661a4574
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Thu Feb 8 18:45:33 2018 +0100
Add osuosl 02 builders
inventory/builders | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/inventory/builders b/inventory/builders
index 0d8d03a..1f54118 100644
--- a/inventory/builders
+++ b/inventory/builders
@@ -17,11 +17,11 @@ buildvm-04.online.rpmfusion.net
[buildvm-ppc64]
buildppc-01.osuosl.rpmfusion.net ansible_user=fedora ansible_become=yes
-#buildppc-02.osuosl.rpmfusion.net ansible_user=fedora ansible_become=yes
+buildppc-02.osuosl.rpmfusion.net ansible_user=fedora ansible_become=yes
[buildvm-ppc64le]
buildppcle-01.osuosl.rpmfusion.net ansible_user=fedora ansible_become=yes
-#buildppcle-02.osuosl.rpmfusion.net ansible_user=fedora ansible_become=yes
+buildppcle-02.osuosl.rpmfusion.net ansible_user=fedora ansible_become=yes
[buildvmhost]
6 years, 10 months
[ansible] fixup
by Nicolas Chauvet
commit 99229682dbbc23f1d150e618cb9f8ee43ad6ec60
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Thu Feb 8 18:45:05 2018 +0100
fixup
roles/squid/tasks/main.yml | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/roles/squid/tasks/main.yml b/roles/squid/tasks/main.yml
index a2b9737..7bea338 100644
--- a/roles/squid/tasks/main.yml
+++ b/roles/squid/tasks/main.yml
@@ -35,7 +35,7 @@
- name: squid.conf
template: src={{item}} dest=/etc/squid/squid.conf mode=0640 owner=root group=squid
with_first_found:
- - "{{files}}/squid/squid.conf.{{ansible_hostname}}"
+ - "{{files}}/squid/squid.conf.{{inventory_hostname}}"
- "{{files}}/squid/squid.conf.{{datacenter}}"
- "{{files}}/squid/squid.conf"
notify:
6 years, 10 months
[ansible] Add squid.conf for bastion03
by Nicolas Chauvet
commit 03a87dfb958dbabb8f41cac5bc67c4cc9d74cee3
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Wed Feb 7 17:24:23 2018 +0100
Add squid.conf for bastion03
.../squid/squid.conf.bastion03.virt.rpmfusion.net | 81 ++++++++++++++++++++
1 files changed, 81 insertions(+), 0 deletions(-)
---
diff --git a/files/squid/squid.conf.bastion03.virt.rpmfusion.net b/files/squid/squid.conf.bastion03.virt.rpmfusion.net
new file mode 100644
index 0000000..02f1c4b
--- /dev/null
+++ b/files/squid/squid.conf.bastion03.virt.rpmfusion.net
@@ -0,0 +1,81 @@
+#
+# Recommended minimum configuration:
+#
+
+# Example rule allowing access from your local networks.
+# Adapt to list your (internal) IP networks from where browsing
+# should be allowed
+acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
+acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN)
+acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN)
+acl localhet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines
+acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN)
+acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN)
+acl localnet src fc00::/7 # RFC 4193 local private network range
+acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
+
+acl SSL_ports port 443
+acl Safe_ports port 80 # http
+acl Safe_ports port 21 # ftp
+acl Safe_ports port 443 # https
+acl Safe_ports port 70 # gopher
+acl Safe_ports port 210 # wais
+acl Safe_ports port 1025-65535 # unregistered ports
+acl Safe_ports port 280 # http-mgmt
+acl Safe_ports port 488 # gss-http
+acl Safe_ports port 591 # filemaker
+acl Safe_ports port 777 # multiling http
+acl CONNECT method CONNECT
+
+#
+# Recommended minimum Access Permission configuration:
+#
+# Deny requests to certain unsafe ports
+http_access deny !Safe_ports
+
+# Deny CONNECT to other than secure SSL ports
+http_access deny CONNECT !SSL_ports
+
+# Only allow cachemgr access from localhost
+http_access allow localhost manager
+http_access deny manager
+
+# We strongly recommend the following be uncommented to protect innocent
+# web applications running on the proxy server who think the only
+# one who can access services on "localhost" is a local user
+http_access deny to_localhost
+
+#
+# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
+#
+
+# Example rule allowing access from your local networks.
+# Adapt localnet in the ACL section to list your (internal) IP networks
+# from where browsing should be allowed
+http_access allow localnet
+http_access allow localhost
+
+# And finally deny all other access to this proxy
+http_access deny all
+
+# Squid normally listens to port 3128
+http_port 3128
+
+# Uncomment and adjust the following to add a disk cache directory.
+maximum_object_size 1 GB
+cache_dir ufs /var/spool/squid 100000 16 256
+
+cache_peer proxy.vpn.rpmfusion.net parent 3128 0 no-query
+
+acl nonCacheURL urlpath_regex .*/repodata/repomd.xml$
+cache deny nonCacheURL
+
+# Leave coredumps in the first cache dir
+coredump_dir /var/spool/squid
+
+#
+# Add any of your own refresh_pattern entries above these.
+#
+refresh_pattern -i \.rpm$ 604800 90% 604800
+refresh_pattern -i \.(bz2|gz|xml)$ 172800 90% 259200
+refresh_pattern . 0 20% 4320
6 years, 10 months
[ansible] fixup path
by Nicolas Chauvet
commit a47af0ce09d7c7d27acf523e6bb34021afaf953b
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Wed Feb 7 15:34:14 2018 +0100
fixup path
playbooks/groups/squid.xml | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/playbooks/groups/squid.xml b/playbooks/groups/squid.xml
index 7306b2a..2b16af0 100644
--- a/playbooks/groups/squid.xml
+++ b/playbooks/groups/squid.xml
@@ -28,6 +28,6 @@
- include: "{{ tasks_path }}/motd.yml"
handlers:
- - include: "{{ handlers }}/restart_services.yml"
+ - include: "{{ handlers_path }}/restart_services.yml"
6 years, 10 months
[ansible] Various fixed from inventory
by Nicolas Chauvet
commit 40ea62aaed1fac204a10a519860368f6bb488304
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Wed Feb 7 15:32:58 2018 +0100
Various fixed from inventory
inventory/group_vars/all | 2 +-
inventory/group_vars/buildvm | 4 ++--
inventory/inventory | 2 ++
3 files changed, 5 insertions(+), 3 deletions(-)
---
diff --git a/inventory/group_vars/all b/inventory/group_vars/all
index 07889ee..542e6ff 100644
--- a/inventory/group_vars/all
+++ b/inventory/group_vars/all
@@ -49,7 +49,7 @@ custom6_rules: []
# defaults for virt installs
ks_url: http://infrastructure.rpmfusion.org/repo/rhel/ks/kvm-rhel-7
ks_repo: http://mirror.centos.org/centos/7/os/x86_64/
-mem_size: 1024
+mem_size: 2048
num_cpus: 1
lvm_size: 20000
diff --git a/inventory/group_vars/buildvm b/inventory/group_vars/buildvm
index 210e263..c306d3e 100644
--- a/inventory/group_vars/buildvm
+++ b/inventory/group_vars/buildvm
@@ -5,10 +5,10 @@ lvm_size: 40000
mem_size: 4096
num_cpus: 2
ks_url: http://192.168.181.254/install/ks/buildvm-01.ks
-ks_repo: http://dl.fedoraproject.org/pub/fedora/linux/releases/23/Server/x86_64/os/
+ks_repo: http://dl.fedoraproject.org/pub/fedora/linux/releases/27/Server/x86_64/os/
nm: 255.255.255.0
gw: 192.168.181.254
-dns: 62.210.16.6
+dns: 8.8.8.8
virt_install_command: "{{ virt_install_command_one_nic }}"
# for systems that do not match the above - specify the same parameter in
diff --git a/inventory/inventory b/inventory/inventory
index f3f9a3d..fc8fd3f 100644
--- a/inventory/inventory
+++ b/inventory/inventory
@@ -1,6 +1,7 @@
[bastion]
hv01.online.rpmfusion.net
bastion02.linaro.rpmfusion.net
+bastion03.virt.rpmfusion.net
[bodhi2]
bodhi01.online.rpmfusion.net
@@ -64,6 +65,7 @@ sign-vault01.online.rpmfusion.net
hv01.online.rpmfusion.net
proxy01.scaleway.rpmfusion.net
bastion02.linaro.rpmfusion.net ansible_user=centos ansible_become=yes
+bastion03.virt.rpmfusion.net
buildppc-01.osuosl.rpmfusion.net
buildppcle-01.osuosl.rpmfusion.net
6 years, 10 months
[ansible] Add virt resolv.conf
by Nicolas Chauvet
commit 2efb5354fc7e0a594971b028c843cbf42aab19f4
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Wed Feb 7 15:28:49 2018 +0100
Add virt resolv.conf
roles/base/files/resolv.conf/virt | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
---
diff --git a/roles/base/files/resolv.conf/virt b/roles/base/files/resolv.conf/virt
new file mode 100644
index 0000000..1edd098
--- /dev/null
+++ b/roles/base/files/resolv.conf/virt
@@ -0,0 +1,2 @@
+domain virt.rpmfusion.net
+nameserver 192.168.122.1
6 years, 10 months
[ansible] Update playbook include
by Nicolas Chauvet
commit 88900ab716d9c683ea6d68171da1135d85e8c95e
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Tue Feb 6 23:19:26 2018 +0100
Update playbook include
playbooks/include/happy_birthday.yml | 15 +++++++++++++++
playbooks/include/proxies-websites.yml | 4 ++--
2 files changed, 17 insertions(+), 2 deletions(-)
---
diff --git a/playbooks/include/happy_birthday.yml b/playbooks/include/happy_birthday.yml
new file mode 100644
index 0000000..f9ba7e6
--- /dev/null
+++ b/playbooks/include/happy_birthday.yml
@@ -0,0 +1,15 @@
+- name: handle ssh keys on a hosts birthday (new hw machine)
+ hosts: "{{ myhosts }}"
+ gather_facts: False
+
+ vars_files:
+ - /srv/web/infra/ansible/vars/global.yml
+ - "/srv/private/ansible/vars.yml"
+ - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+ tasks:
+ - import_tasks: "{{ tasks_path }}/happy_birthday.yml"
+
+ handlers:
+ - import_tasks: "{{ handlers_path }}/restart_services.yml"
+
diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml
index d01ea87..2d9e52b 100644
--- a/playbooks/include/proxies-websites.yml
+++ b/playbooks/include/proxies-websites.yml
@@ -14,7 +14,7 @@
pre_tasks:
- name: Install policycoreutils-python
- yum: pkg=policycoreutils-python state=present
+ package: name=policycoreutils-python state=present
- name: Create /srv/web/ for all the goodies.
file: >
@@ -27,7 +27,7 @@
- name: check the selinux context of webdir
command: matchpathcon /srv/web
register: webdir
- always_run: yes
+ check_mode: no
changed_when: "1 != 1"
tags:
- config
6 years, 10 months