[ansible] Few updates for hotness (wip)
by Nicolas Chauvet
commit df401cedeb8f73c48d872117e26e0c99dca11396
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Thu Jan 24 18:52:29 2019 +0100
Few updates for hotness (wip)
playbooks/groups/hotness.yml | 77 ++++++++++++++++++++++++++++++++++++
roles/hotness/templates/hotness.py | 13 +++---
2 files changed, 83 insertions(+), 7 deletions(-)
---
diff --git a/playbooks/groups/hotness.yml b/playbooks/groups/hotness.yml
new file mode 100644
index 0000000..0be155a
--- /dev/null
+++ b/playbooks/groups/hotness.yml
@@ -0,0 +1,77 @@
+# create a new hotness server
+# NOTE: should be used with --limit most of the time
+# NOTE: make sure there is room/space for this server on the vmhost
+# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars
+
+#- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=hotness:hotness-stg"
+
+- name: dole out the generic configuration
+ hosts: hotness:hotness-stg
+ user: root
+ gather_facts: True
+
+ vars_files:
+ - /srv/web/infra/ansible/vars/global.yml
+ - "/srv/private/ansible/vars.yml"
+ - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+ roles:
+ - base
+ - rkhunter
+ - nagios_client
+ - collectd/base
+ - hosts
+ - fas_client
+ - sudo
+ - role: keytab/service
+ service: hotness
+ owner_user: fedmsg
+ # The proxies don't actually need to talk to these hosts so we won't bother
+ # putting them on the vpn.
+ #- { role: openvpn/client,
+ # when: env != "staging" }
+
+ pre_tasks:
+ - import_tasks: "{{ tasks_path }}/yumrepos.yml"
+
+ tasks:
+ - import_tasks: "{{ tasks_path }}/2fa_client.yml"
+ - import_tasks: "{{ tasks_path }}/motd.yml"
+
+ handlers:
+ - import_tasks: "{{ handlers_path }}/restart_services.yml"
+
+- name: set up fedmsg basics
+ hosts: hotness:hotness-stg
+ user: root
+ gather_facts: True
+
+ vars_files:
+ - /srv/web/infra/ansible/vars/global.yml
+ - "/srv/private/ansible/vars.yml"
+ - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+ roles:
+ - fedmsg/base
+
+ handlers:
+ - import_tasks: "{{ handlers_path }}/restart_services.yml"
+
+- name: dole out the service-specific config
+ hosts: hotness:hotness-stg
+ user: root
+ gather_facts: True
+
+ roles:
+ - fedmsg/hub
+ - hotness
+ - role: collectd/fedmsg-service
+ process: fedmsg-hub
+
+ vars_files:
+ - /srv/web/infra/ansible/vars/global.yml
+ - "/srv/private/ansible/vars.yml"
+ - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+ handlers:
+ - import_tasks: "{{ handlers_path }}/restart_services.yml"
diff --git a/roles/hotness/templates/hotness.py b/roles/hotness/templates/hotness.py
index 653a2a2..af3ea45 100644
--- a/roles/hotness/templates/hotness.py
+++ b/roles/hotness/templates/hotness.py
@@ -55,17 +55,16 @@ config = {
{% endif %}
'git_url': 'https://pkgs.rpmfusion.org/git/free/{package}.git',
- 'krb_principal': 'hotness/hotness01{{env_suffix}}.phx2.fedoraproject.org@{{ipa_realm}}',
- 'krb_keytab': '/etc/krb5.hotness_hotness01{{env_suffix}}.phx2.fedoraproject.org.keytab',
- 'krb_ccache': None,
- 'krb_proxyuser': None,
- 'krb_sessionopts': {'timeout': 3600, 'krb_rdns': False},
+ 'authtype': 'ssl',
+ 'cert': '/etc/koji.conf.d/hotness.pem',
+ 'ca': '/etc/pki/tls/certs/rpmfusion-upload-ca.cert',
+ 'serverca': '/etc/pki/tls/certs/rpmfusion-server-ca.cert',
'user_email': ('RPM Fusion Release Monitoring ',
'<release-monitoring(a)rpmfusion.org>'),
'opts': {'scratch': True},
'priority': 30,
- 'target_tag': 'rawhide',
+ 'target_tag': 'rawhide-free',
},
'hotness.anitya': {
@@ -82,7 +81,7 @@ config = {
{% else %}
"hotness.mdapi_url": "https://apps.fedoraproject.org/mdapi",
'hotness.pdc_url': 'https://pdc.fedoraproject.org',
- 'hotness.dist_git_url': 'https://src.fedoraproject.org',
+ 'hotness.dist_git_url': 'https://pkgs.rpmfusion.org/git/free',
{% endif %}
'hotness.yumconfig': '/etc/hotness-yum.conf',
5 years, 8 months
[ansible] Fix few vpn ip
by Nicolas Chauvet
commit 930b7a8e436b2020cc59e05c7f2b5dfca8da7170
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Thu Jan 24 17:29:13 2019 +0100
Fix few vpn ip
.../files/ccd/aarch64-01.linaro.rpmfusion.net | 2 ++
.../files/ccd/aarch64-02.linaro.rpmfusion.net | 2 ++
.../files/ccd/arm-builder01.scaleway.rpmfusion.net | 2 ++
.../files/ccd/arm-builder02.scaleway.rpmfusion.net | 2 ++
.../files/ccd/arm-builder09.home.rpmfusion.net | 2 ++
.../files/ccd/arm-builder11.home.rpmfusion.net | 2 ++
.../files/ccd/arm-builder12.home.rpmfusion.net | 2 ++
.../files/ccd/buildvm-03.online.rpmfusion.net | 2 ++
.../server/files/ccd/buildvm-07.virt.rpmfusion.net | 2 ++
.../files/ccd/proxy01.scaleway.rpmfusion.net | 2 ++
10 files changed, 20 insertions(+), 0 deletions(-)
---
diff --git a/roles/openvpn/server/files/ccd/aarch64-01.linaro.rpmfusion.net b/roles/openvpn/server/files/ccd/aarch64-01.linaro.rpmfusion.net
new file mode 100644
index 0000000..edd3927
--- /dev/null
+++ b/roles/openvpn/server/files/ccd/aarch64-01.linaro.rpmfusion.net
@@ -0,0 +1,2 @@
+# ifconfig-push actualIP PtPIP
+ifconfig-push 192.168.182.22 192.168.182.21
diff --git a/roles/openvpn/server/files/ccd/aarch64-02.linaro.rpmfusion.net b/roles/openvpn/server/files/ccd/aarch64-02.linaro.rpmfusion.net
new file mode 100644
index 0000000..226b439
--- /dev/null
+++ b/roles/openvpn/server/files/ccd/aarch64-02.linaro.rpmfusion.net
@@ -0,0 +1,2 @@
+# ifconfig-push actualIP PtPIP
+ifconfig-push 192.168.182.6 192.168.182.5
diff --git a/roles/openvpn/server/files/ccd/arm-builder01.scaleway.rpmfusion.net b/roles/openvpn/server/files/ccd/arm-builder01.scaleway.rpmfusion.net
new file mode 100644
index 0000000..8aec52b
--- /dev/null
+++ b/roles/openvpn/server/files/ccd/arm-builder01.scaleway.rpmfusion.net
@@ -0,0 +1,2 @@
+# ifconfig-push actualIP PtPIP
+ifconfig-push 192.168.182.34 192.168.182.33
diff --git a/roles/openvpn/server/files/ccd/arm-builder02.scaleway.rpmfusion.net b/roles/openvpn/server/files/ccd/arm-builder02.scaleway.rpmfusion.net
new file mode 100644
index 0000000..55f5c8c
--- /dev/null
+++ b/roles/openvpn/server/files/ccd/arm-builder02.scaleway.rpmfusion.net
@@ -0,0 +1,2 @@
+# ifconfig-push actualIP PtPIP
+ifconfig-push 192.168.182.42 192.168.182.41
diff --git a/roles/openvpn/server/files/ccd/arm-builder09.home.rpmfusion.net b/roles/openvpn/server/files/ccd/arm-builder09.home.rpmfusion.net
new file mode 100644
index 0000000..68ae31c
--- /dev/null
+++ b/roles/openvpn/server/files/ccd/arm-builder09.home.rpmfusion.net
@@ -0,0 +1,2 @@
+# ifconfig-push actualIP PtPIP
+ifconfig-push 192.168.182.50 192.168.182.49
diff --git a/roles/openvpn/server/files/ccd/arm-builder11.home.rpmfusion.net b/roles/openvpn/server/files/ccd/arm-builder11.home.rpmfusion.net
new file mode 100644
index 0000000..9c0fe49
--- /dev/null
+++ b/roles/openvpn/server/files/ccd/arm-builder11.home.rpmfusion.net
@@ -0,0 +1,2 @@
+# ifconfig-push actualIP PtPIP
+ifconfig-push 192.168.182.14 192.168.182.13
diff --git a/roles/openvpn/server/files/ccd/arm-builder12.home.rpmfusion.net b/roles/openvpn/server/files/ccd/arm-builder12.home.rpmfusion.net
new file mode 100644
index 0000000..9b2638d
--- /dev/null
+++ b/roles/openvpn/server/files/ccd/arm-builder12.home.rpmfusion.net
@@ -0,0 +1,2 @@
+# ifconfig-push actualIP PtPIP
+ifconfig-push 192.168.182.12 192.168.182.11
diff --git a/roles/openvpn/server/files/ccd/buildvm-03.online.rpmfusion.net b/roles/openvpn/server/files/ccd/buildvm-03.online.rpmfusion.net
new file mode 100644
index 0000000..7931967
--- /dev/null
+++ b/roles/openvpn/server/files/ccd/buildvm-03.online.rpmfusion.net
@@ -0,0 +1,2 @@
+# ifconfig-push actualIP PtPIP
+ifconfig-push 192.168.182.66 192.168.182.65
diff --git a/roles/openvpn/server/files/ccd/buildvm-07.virt.rpmfusion.net b/roles/openvpn/server/files/ccd/buildvm-07.virt.rpmfusion.net
new file mode 100644
index 0000000..490ad4b
--- /dev/null
+++ b/roles/openvpn/server/files/ccd/buildvm-07.virt.rpmfusion.net
@@ -0,0 +1,2 @@
+# ifconfig-push actualIP PtPIP
+ifconfig-push 192.168.182.38 192.168.182.37
diff --git a/roles/openvpn/server/files/ccd/proxy01.scaleway.rpmfusion.net b/roles/openvpn/server/files/ccd/proxy01.scaleway.rpmfusion.net
new file mode 100644
index 0000000..7314b3e
--- /dev/null
+++ b/roles/openvpn/server/files/ccd/proxy01.scaleway.rpmfusion.net
@@ -0,0 +1,2 @@
+# ifconfig-push actualIP PtPIP
+ifconfig-push 192.168.182.18 192.168.182.17
5 years, 8 months
[ansible] sync ansible.cfg.j2
by Nicolas Chauvet
commit 033f9dccd82bc81db7d8705934ecfc158f94623a
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Thu Jan 24 13:39:38 2019 +0100
sync ansible.cfg.j2
roles/ansible-server/templates/ansible.cfg.j2 | 11 +++++++----
1 files changed, 7 insertions(+), 4 deletions(-)
---
diff --git a/roles/ansible-server/templates/ansible.cfg.j2 b/roles/ansible-server/templates/ansible.cfg.j2
index 3f553e7..d197372 100644
--- a/roles/ansible-server/templates/ansible.cfg.j2
+++ b/roles/ansible-server/templates/ansible.cfg.j2
@@ -16,7 +16,7 @@ inventory = {{ ansible_base }}/ansible/inventory
#library = /usr/share/my_modules/
library = {{ ansible_base }}/ansible/library:/usr/share/ansible
#module_utils = /usr/share/my_module_utils/
-#remote_tmp = ~/.ansible/tmp
+remote_tmp = /tmp
#local_tmp = ~/.ansible/tmp
#forks = 5
forks = 150
@@ -35,7 +35,7 @@ forks = 150
# smart - gather by default, but don't regather if already gathered
# implicit - gather by default, turn off with gather_facts: False
# explicit - do not gather by default, must say gather_facts: True
-#gathering = implicit
+gathering = smart
# This only affects the gathering done by a play's gather_facts directive,
# by default gathering retrieves all facts subsets
@@ -241,7 +241,9 @@ filter_plugins = /srv/web/infra/ansible/filter_plugins:/usr/lib/python2.7/si
# without having to talk to them in the same playbook run to get their
# current IP information.
#fact_caching = memory
-
+fact_caching = jsonfile
+fact_caching_connection = ~/.ansible_facts_cache
+fact_caching_timeout = 86400
# retry files
# When a playbook fails by default a .retry file will be created in ~/
@@ -325,6 +327,7 @@ retry_files_enabled = False
[inventory]
# enable inventory plugins, default: 'host_list', 'script', 'yaml', 'ini'
#enable_plugins = host_list, virtualbox, yaml, constructed
+enable_plugins = ini, constructed
# ignore these extensions when parsing a directory as inventory source
#ignore_extensions = '.pyc', '.pyo', '.swp', '.bak', '~', '.rpm', '.md', '.txt', '~', '.orig', '.ini', '.cfg', '.retry'
@@ -459,7 +462,7 @@ pipelining = True
# file systems that require special treatment when dealing with security context
# the default behaviour that copies the existing context or uses the user default
# needs to be changed to use the file system dependent context.
-#special_context_filesystems=nfs,vboxsf,fuse,ramfs,9p
+special_context_filesystems=nfs,vboxsf,fuse,ramfs,9p,fuse.glusterfs
# Set this to yes to allow libvirt_lxc connections to work without SELinux.
#libvirt_lxc_noseclabel = yes
5 years, 8 months