[ansible] Update alias template
by Nicolas Chauvet
commit 4a1e61ff1d03edf18a278edc4058a1e300425a51
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Wed Mar 27 21:59:02 2019 +0100
Update alias template
files/aliases.template | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
---
diff --git a/files/aliases.template b/files/aliases.template
index 258f7f6..3c017a9 100644
--- a/files/aliases.template
+++ b/files/aliases.template
@@ -81,7 +81,6 @@ ftp-admin: ftp
www: webmaster
webmaster: root
noc: root
-security: root
hostmaster: root
@@ -106,6 +105,6 @@ gecko-bugs-nobody: /dev/null
# Services Accounts
twitter: twitter-members
paypal: paypal-members
-
+security: security-members
# Account System
5 years, 9 months
[ansible] Update builders for python3
by Nicolas Chauvet
commit f57534d9373c39a085f5d37349823e9c236aea84
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Wed Mar 27 21:22:49 2019 +0100
Update builders for python3
inventory/builders | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
---
diff --git a/inventory/builders b/inventory/builders
index d462907..cfbf0c0 100644
--- a/inventory/builders
+++ b/inventory/builders
@@ -1,8 +1,8 @@
[buildaarch64]
-aarch64-01.linaro.rpmfusion.net ansible_user=fedora ansible_become=yes
-aarch64-02.linaro.rpmfusion.net ansible_user=fedora ansible_become=yes
-aarch64-03.linaro.rpmfusion.net ansible_user=fedora ansible_become=yes
-aarch64-04.linaro.rpmfusion.net ansible_user=fedora ansible_become=yes
+aarch64-01.linaro.rpmfusion.net ansible_user=fedora ansible_become=yes ansible_python_interpreter=/usr/bin/python3
+aarch64-02.linaro.rpmfusion.net ansible_user=fedora ansible_become=yes ansible_python_interpreter=/usr/bin/python3
+aarch64-03.linaro.rpmfusion.net ansible_user=fedora ansible_become=yes ansible_python_interpreter=/usr/bin/python3
+aarch64-04.linaro.rpmfusion.net ansible_user=fedora ansible_become=yes ansible_python_interpreter=/usr/bin/python3
aarch64-jetson-tx1.home.rpmfusion.net
[buildppc]
5 years, 9 months
[ansible] Switch dnf-utils for builders
by Nicolas Chauvet
commit 953e9be2cfaa08eafdcc46b487544209eaf1ba48
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Wed Mar 27 19:32:58 2019 +0100
Switch dnf-utils for builders
roles/koji_builder/tasks/main.yml | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/roles/koji_builder/tasks/main.yml b/roles/koji_builder/tasks/main.yml
index 69af3c0..9fcbd88 100644
--- a/roles/koji_builder/tasks/main.yml
+++ b/roles/koji_builder/tasks/main.yml
@@ -63,7 +63,7 @@
- name: add pkgs
dnf: state=present pkg={{ item }}
with_items:
- - yum-utils
+ - dnf-utils
- koji-builder
- python2-koji
- python-osbs-client
5 years, 9 months
[ansible] Add collectd
by Nicolas Chauvet
commit 46629c6e85463b20252d4b04948e938f070cbe5d
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Wed Mar 27 19:31:47 2019 +0100
Add collectd
roles/collectd/base/tasks/main.yml | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/roles/collectd/base/tasks/main.yml b/roles/collectd/base/tasks/main.yml
index e3082d8..8848459 100644
--- a/roles/collectd/base/tasks/main.yml
+++ b/roles/collectd/base/tasks/main.yml
@@ -113,7 +113,7 @@
- name: check to see if its even installed yet
shell: semodule -l | grep fi-collectd | wc -l
register: ficgeneral_grep
- always_run: true
+ check_mode: False
changed_when: "'0' in ficgeneral_grep.stdout"
tags:
- collectd
@@ -138,7 +138,7 @@
shell: semodule -l | grep fi-pstorefs | wc -l
when: ansible_distribution_major_version|int != 6
register: ficpstorefs_grep
- always_run: true
+ check_mode: False
changed_when: "'0' in ficpstorefs_grep.stdout"
tags:
- collectd
5 years, 9 months
[ansible] Remove fedmsg
by Nicolas Chauvet
commit 04debbc6cdda47f3843e9cfb8e51469fbcdafd9b
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Wed Mar 27 19:30:57 2019 +0100
Remove fedmsg
callback_plugins/fedmsg_callback.py | 98 ----------------------------
callback_plugins/fedmsg_callback2.py | 116 ----------------------------------
2 files changed, 0 insertions(+), 214 deletions(-)
5 years, 9 months
[ansible] Update base tasks
by Nicolas Chauvet
commit aeb5ace3f464130ceb6c16aa53b3a92f5355650e
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Wed Mar 27 19:29:24 2019 +0100
Update base tasks
roles/base/tasks/main.yml | 48 ++++++++++++++++++++++++--------------------
1 files changed, 26 insertions(+), 22 deletions(-)
---
diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
index f3b63c4..d562ee6 100644
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -7,17 +7,15 @@
- name: ensure packages required for semanage are installed (yum)
package: name={{ item }} state=present
- when: ansible_distribution_major_version|int < 22
with_items:
- policycoreutils-python
tags:
- selinux
+ when: ansible_distribution_major_version|int != 8
- name: ensure packages required for semanage are installed (dnf)
- dnf: name={{ item }} state=present
+ dnf: name=['policycoreutils-python-utils'] state=present
when: ansible_distribution_major_version|int > 21 and ansible_cmdline.ostree is not defined
- with_items:
- - policycoreutils-python-utils
tags:
- selinux
@@ -54,7 +52,7 @@
ini_file: dest=/etc/NetworkManager/NetworkManager.conf section=main option=dns value=none
notify:
- restart NetworkManager
- when: ansible_distribution_major_version|int >=7 and nmclitest.rc == 0 and ( not ansible_ifcfg_blacklist) and not nm_controlled_resolv
+ when: ansible_distribution_major_version|int >=7 and nmclitest is success and ( not ansible_ifcfg_blacklist) and not nm_controlled_resolv
tags:
- config
- resolvconf
@@ -62,12 +60,12 @@
- ifcfg
- name: get interface uuid
- shell: nmcli -f "DEVICE,UUID" c show --active | grep -E '^eth|^br|^en'
+ shell: nmcli -f "DEVICE,UUID" c show --active | grep -E '^eth|^br|^em'
register: if_uuid
changed_when: false
failed_when: 'if_uuid.stdout == ""'
check_mode: no
- when: ansible_distribution_major_version|int >=7 and nmclitest.rc == 0 and ( not ansible_ifcfg_blacklist )
+ when: ansible_distribution_major_version|int >=7 and nmclitest is success and ( not ansible_ifcfg_blacklist )
tags:
- config
- ifcfg
@@ -81,7 +79,7 @@
# - restart NetworkManager
- reload NetworkManager-connections
- apply interface-changes
- when: (virthost is not defined) and (item.startswith(('eth','br','enc'))) and (hostvars[inventory_hostname]['ansible_' + item.replace('-','_')]['type'] == 'ether') and (ansible_distribution_major_version|int >=7) and hostvars[inventory_hostname]['ansible_' + item.replace('-','_')]['active'] and nmclitest.rc == 0 and ( not ansible_ifcfg_blacklist ) and ( ansible_ifcfg_whitelist is not defined or item in ansible_ifcfg_whitelist )
+ when: (virthost is not defined) and (item.startswith(('eth','br','enc','em'))) and (hostvars[inventory_hostname]['ansible_' + item.replace('-','_')]['type'] == 'ether') and (ansible_distribution_major_version|int >=7) and hostvars[inventory_hostname]['ansible_' + item.replace('-','_')]['active'] and nmclitest is success and ( not ansible_ifcfg_blacklist ) and ( ansible_ifcfg_whitelist is not defined or item in ansible_ifcfg_whitelist )
tags:
- config
- ifcfg
@@ -94,12 +92,10 @@
tags:
- packages
- base
- when: ansible_distribution_major_version|int < 22
+ when: ansible_distribution_major_version|int < 22 and ansible_distribution_major_version|int != 8
- name: global default packages to install (dnf)
- dnf: state=present name={{ item }}
- with_items:
- - "{{ global_pkgs_inst }}"
+ dnf: state=present name="{{ global_pkgs_inst }}"
tags:
- packages
- base
@@ -153,18 +149,14 @@
when: ansible_distribution_major_version|int < 22
- name: dist pkgs to remove (dnf)
- dnf: state=absent name={{ item }}
- with_items:
- - "{{ base_pkgs_erase }}"
+ dnf: state=absent name="{{ base_pkgs_erase }}"
tags:
- packages
- base
when: ansible_distribution_major_version|int > 21 and ansible_cmdline.ostree is not defined
- name: dist pkgs to install (dnf)
- dnf: state=present name={{ item }}
- with_items:
- - "{{ base_pkgs_inst }}"
+ dnf: state=present name="{{ base_pkgs_inst }}"
tags:
- packages
- base
@@ -189,7 +181,7 @@
- base
- name: iptables
- template: src={{ item }} dest=/etc/sysconfig/iptables mode=0600 validate="/sbin/iptables-restore %s"
+ template: src={{ item }} dest=/etc/sysconfig/iptables mode=0600 validate="/sbin/iptables-restore --test %s"
with_first_found:
- iptables/iptables.{{ datacenter }}
- iptables/iptables.{{ inventory_hostname }}
@@ -284,6 +276,18 @@
- config
- base
+- name: rsyslog-audit.conf
+ copy: src={{ item }} dest=/etc/rsyslog.d/rsyslog-audit.conf owner=root group=root mode=0644
+ with_first_found:
+ - rsyslog/rsyslog-audit.conf.{{ datacenter }}
+ - rsyslog/rsyslog-audit.conf.default
+ notify:
+ - restart rsyslog
+ tags:
+ - rsyslogd
+ - config
+ - base
+
- name: log everything to log01 except on mirrorlist, do not log local4 there.
copy: src=rsyslog/rsyslog-log01 dest=/etc/rsyslog.d/rsyslog-log01.conf mode=0644
when: not inventory_hostname.startswith(('mirrorlist','copr','jenkins'))
@@ -332,7 +336,7 @@
- name: install our custom selinux module
command: semodule -i /usr/local/share/rsyslog/rsyslog-audit.pp
- when: selinux_module|changed
+ when: selinux_module is changed
tags:
- rsyslogd
- config
@@ -349,7 +353,7 @@
- name: install our custom selinux module
command: semodule -i /usr/local/share/mapchkpwd.pp
- when: selinux_module|changed
+ when: selinux_module is changed
tags:
- selinux
- config
@@ -389,7 +393,7 @@
#
- name: Blacklist cdc_ether module
copy: src=blacklist-cdc_ether.conf dest=/etc/modprobe.d/blacklist-cdc_ether.conf
- when: ansible_virtualization_role == 'host'
+ when: ansible_virtualization_role is defined and ansible_virtualization_role == 'host'
tags:
- config
- base
5 years, 9 months