[ansible] Add sigul configuration on koji
by Nicolas Chauvet
commit b908bd7fa5854156374608041bc7379c98daa36b
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Tue Nov 24 10:37:58 2020 +0100
Add sigul configuration on koji
inventory/group_vars/koji | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
---
diff --git a/inventory/group_vars/koji b/inventory/group_vars/koji
index 6b6a4b8..a2782f5 100644
--- a/inventory/group_vars/koji
+++ b/inventory/group_vars/koji
@@ -6,7 +6,9 @@ num_cpus: 16
# for systems that do not match the above - specify the same parameter in
# the host_vars/$hostname file
-tcp_ports: [ 80, 443]
+tcp_ports: [ 80, 443, 44334]
+
+custom_rules: [ '-A INPUT -p tcp -m tcp --dport=44333 -i eth1 -j ACCEPT' ]
udp_ports: []
4 years
[ansible] Update sigul
by Nicolas Chauvet
commit 584cbe87518c9b5b9874b21aaa470d3e47dab0bc
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Thu Nov 19 22:29:10 2020 +0100
Update sigul
roles/sigul/server/templates/server.conf.j2 | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/roles/sigul/server/templates/server.conf.j2 b/roles/sigul/server/templates/server.conf.j2
index 271a961..604ffd4 100644
--- a/roles/sigul/server/templates/server.conf.j2
+++ b/roles/sigul/server/templates/server.conf.j2
@@ -11,7 +11,7 @@ bridge-port: 44333
# Maximum accepted size of payload stored on disk
max-file-payload-size: 5147483648
# Maximum accepted size of payload stored in server's memory
-max-memory-payload-size: 1048576
+max-memory-payload-size: 10485760
# Whether to relax the CN vs username check
#lenient-username-check: yes
4 years, 1 month
[ansible] Update playbooks
by Nicolas Chauvet
commit 06ce729c5a3900491ea7b974da71c209e5c5c8d5
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Thu Nov 19 20:05:25 2020 +0100
Update playbooks
playbooks/groups/bodhi-backend.yml | 9 +++++----
playbooks/groups/buildhw.yml | 2 +-
playbooks/groups/osbs/deploy-cluster.yml | 18 ++++--------------
playbooks/groups/sign-bridge.yml | 4 ++--
4 files changed, 12 insertions(+), 21 deletions(-)
---
diff --git a/playbooks/groups/bodhi-backend.yml b/playbooks/groups/bodhi-backend.yml
index 1ef32ce..84524fa 100644
--- a/playbooks/groups/bodhi-backend.yml
+++ b/playbooks/groups/bodhi-backend.yml
@@ -1,6 +1,6 @@
-# create a new bodhi_backend system
+# create a new bodhi-backend system
#
-# This group makes bodhi_backend servers.
+# This group makes bodhi-backend servers.
# They are used by releng to push updates with bodhi.
# They also run some misc releng scripts.
#
@@ -9,8 +9,8 @@
# Once the instance exists, configure it.
-- name: make bodhi_backend server system
- hosts: bodhi_backend:bodhi_backend-stg
+- name: make bodhi-backend server system
+ hosts: bodhi_backend:bodhi_backend_stg
user: root
gather_facts: True
@@ -20,6 +20,7 @@
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
pre_tasks:
+ - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
roles:
diff --git a/playbooks/groups/buildhw.yml b/playbooks/groups/buildhw.yml
index 5272d61..adcbfce 100644
--- a/playbooks/groups/buildhw.yml
+++ b/playbooks/groups/buildhw.yml
@@ -3,7 +3,7 @@
# NOTE: most of these vars_path come from group_vars/buildhw or from hostvars
- name: make koji builder(s) on raw hw
- hosts: builders
+ hosts: buildhw:bkernel
remote_user: root
gather_facts: True
diff --git a/playbooks/groups/osbs/deploy-cluster.yml b/playbooks/groups/osbs/deploy-cluster.yml
index 8464a60..fe3e8b6 100644
--- a/playbooks/groups/osbs/deploy-cluster.yml
+++ b/playbooks/groups/osbs/deploy-cluster.yml
@@ -140,22 +140,10 @@
name:
- tar
- rsync
- - dbus-python
+ - python3-dbus
- NetworkManager
- - libselinux-python
- - python2-pyyaml
- when: env == "staging"
- - name: Install necessary packages that openshift-ansible needs
- package:
- state: installed
- name:
- - tar
- - rsync
- - dbus-python
- - NetworkManager
- - libselinux-python
+ - python3-libselinux
- python3-PyYAML
- when: env == "production"
- name: Deploy controller public ssh keys to osbs cluster hosts
authorized_key:
@@ -234,6 +222,7 @@
openshift_master_public_api_url: "https://{{ osbs_url }}:8443"
openshift_release: "v3.11"
openshift_version: "v3.11"
+ openshift_pkg_version: "-3.11*"
openshift_ansible_path: "/root/openshift-ansible"
openshift_ansible_pre_playbook: "playbooks/prerequisites.yml"
openshift_ansible_playbook: "playbooks/deploy_cluster.yml"
@@ -274,6 +263,7 @@
openshift_master_public_api_url: "https://{{ osbs_url }}:8443"
openshift_release: "v3.11"
openshift_version: "v3.11"
+ openshift_pkg_version: "-3.11.2"
openshift_ansible_path: "/root/openshift-ansible"
openshift_ansible_pre_playbook: "playbooks/prerequisites.yml"
openshift_ansible_playbook: "playbooks/deploy_cluster.yml"
diff --git a/playbooks/groups/sign-bridge.yml b/playbooks/groups/sign-bridge.yml
index e1906fb..6da8a09 100644
--- a/playbooks/groups/sign-bridge.yml
+++ b/playbooks/groups/sign-bridge.yml
@@ -30,8 +30,8 @@
# owner_group: sigul
- sigul/bridge
- pre_tasks:
- - import_tasks: "{{ tasks_path
+ pre_tasks:
+ - import_tasks: "{{ tasks_path }}/yumrepos.yml"
tasks:
- import_tasks: "{{ tasks_path }}/motd.yml"
4 years, 1 month
[ansible] Sync pkgdb02
by Nicolas Chauvet
commit d90609d6d89709b30bad495056df50a86f399b13
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Thu Nov 19 19:30:47 2020 +0100
Sync pkgdb02
roles/pkgdb2/templates/pkgdb2.cfg | 30 +++++++++++++++++-------------
1 files changed, 17 insertions(+), 13 deletions(-)
---
diff --git a/roles/pkgdb2/templates/pkgdb2.cfg b/roles/pkgdb2/templates/pkgdb2.cfg
index 5c8e048..89a0a38 100644
--- a/roles/pkgdb2/templates/pkgdb2.cfg
+++ b/roles/pkgdb2/templates/pkgdb2.cfg
@@ -25,9 +25,9 @@ AUTOAPPROVE_PKGERS = []
#### FAS group for the pkgdb admins
{% if env == 'staging' %}
-ADMIN_GROUP = ['cvsadmin']
+ADMIN_GROUP = ['sysadmin-releng']
{% else %}
-ADMIN_GROUP = ['sysadmin-main', 'cvsadmin']
+ADMIN_GROUP = ['sysadmin-main', 'sysadmin-releng']
{% endif %}
# Current packager group in RPM Fusion
@@ -69,7 +69,7 @@ PKGDB2_BUGZILLA_PASSWORD = '{{ bugzilla_password }}'
# Settings specific to the ``pkgdb-sync-bugzilla`` script/cron
PKGDB2_BUGZILLA_NOTIFY_EMAIL = [
'root(a)rpmfusion.org']
-BUGZILLA_COMPONENT_API = "component.get"
+BUGZILLA_COMPONENT_API = "getcomponentsdetails"
PKGDB2_BUGZILLA_NOTIFY_USER = '{{ bugzilla_user }}'
PKGDB2_BUGZILLA_NOTIFY_PASSWORD = '{{ bugzilla_password }}'
PKGDB2_BUGZILLA_DRY_RUN = False
@@ -179,16 +179,20 @@ FEDOCAL_CALENDAR_SHIELD = 'vacation'
REPO_MAP = [
('rawhide-free', 'free/fedora/development/rawhide/Everything/source/SRPMS/'),
('rawhide-nonfree', 'nonfree/fedora/development/rawhide/Everything/source/SRPMS/'),
- ('f27-free', 'free/fedora/development/27/Everything/source/SRPMS/'),
- ('f27-nonfree', 'nonfree/fedora/development/27/Everything/source/SRPMS/'),
- ('f26-free', 'free/fedora/releases/26/Everything/source/SRPMS/'),
- ('f26-free-up', 'free/fedora/updates/26/SRPMS/'),
- ('f26-nonfree', 'nonfree/fedora/releases/26/Everything/source/SRPMS/'),
- ('f26-nonfree-up', 'nonfree/fedora/updates/26/SRPMS/'),
- ('f25-free', 'free/fedora/releases/25/Everything/source/SRPMS/'),
- ('f25-free-up', 'free/fedora/updates/25/SRPMS/'),
- ('f25-nonfree', 'nonfree/fedora/releases/25/Everything/source/SRPMS/'),
- ('f25-nonfree-up', 'nonfree/fedora/updates/25/SRPMS/'),
+{% if env == 'staging' %}
+ ('f34-free', 'free/fedora/development/34/Everything/source/SRPMS/'),
+ ('f34-nonfree', 'nonfree/fedora/development/34/Everything/source/SRPMS/'),
+{% endif %}
+ ('f33-free', 'free/fedora/releases/33/Everything/source/SRPMS/'),
+ ('f33-free-up', 'free/fedora/updates/33/SRPMS/'),
+ ('f33-nonfree', 'nonfree/fedora/releases/33/Everything/source/SRPMS/'),
+ ('f33-nonfree-up', 'nonfree/fedora/updates/33/SRPMS/'),
+ ('f32-free', 'free/fedora/releases/32/Everything/source/SRPMS/'),
+ ('f32-free-up', 'free/fedora/updates/32/SRPMS/'),
+ ('f32-nonfree', 'nonfree/fedora/releases/32/Everything/source/SRPMS/'),
+ ('f32-nonfree-up', 'nonfree/fedora/updates/32/SRPMS/'),
+ ('el8-free', 'free/el/updates/8/SRPMS/'),
+ ('el8-nonfree', 'nonfree/el/updates/8/SRPMS/'),
('el7-free', 'free/el/updates/7/SRPMS/'),
('el7-nonfree', 'nonfree/el/updates/7/SRPMS/'),
('el6-free', 'free/el/updates/6/SRPMS/'),
4 years, 1 month
[ansible] sync sudo
by Nicolas Chauvet
commit f5eb06c89ec6f762c50df02f2d85eb27d8016494
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Thu Nov 19 18:56:49 2020 +0100
sync sudo
roles/sudo/tasks/main.yml | 11 +++++------
1 files changed, 5 insertions(+), 6 deletions(-)
---
diff --git a/roles/sudo/tasks/main.yml b/roles/sudo/tasks/main.yml
index 5d0b156..aede6ad 100644
--- a/roles/sudo/tasks/main.yml
+++ b/roles/sudo/tasks/main.yml
@@ -39,12 +39,11 @@
copy: src={{ item }} dest=/etc/sudoers.d/{{ item | basename | replace('.', '_') }}
owner=root group=root mode=0600
with_first_found:
- - files:
- - "{{ sudoers }}"
- - "{{ private }}/files/sudo/{{ inventory_hostname }}-sudoers"
- - "{{ private }}/files/sudo/{{ ansible_hostname }}-sudoers"
- - "{{ private }}/files/sudo/{{ ansible_domain }}-sudoers"
- skip: true
+ - "{{ sudoers }}"
+ - "{{ private }}/files/sudo/{{ inventory_hostname }}-sudoers"
+ - "{{ private }}/files/sudo/{{ ansible_hostname }}-sudoers"
+ - "{{ private }}/files/sudo/{{ ansible_domain }}-sudoers"
+ - "{{ private }}/files/sudo/default"
tags:
- config
- sudo
4 years, 1 month
[ansible] Sync rkhunter
by Nicolas Chauvet
commit eff5d883ae7d4e1af4ea90be8664b4b6ab53de94
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Thu Nov 19 18:55:59 2020 +0100
Sync rkhunter
roles/rkhunter/tasks/main.yml | 11 -----------
roles/rkhunter/templates/rkhunter.conf.j2 | 23 +++++++++++++++--------
2 files changed, 15 insertions(+), 19 deletions(-)
---
diff --git a/roles/rkhunter/tasks/main.yml b/roles/rkhunter/tasks/main.yml
index 83788c3..2bdb48e 100644
--- a/roles/rkhunter/tasks/main.yml
+++ b/roles/rkhunter/tasks/main.yml
@@ -1,13 +1,4 @@
---
-- name: install rkhunter (yum)
- package: name=rkhunter state=present
- notify:
- - run rkhunter
- tags:
- - rkhunter
- - packages
- when: ansible_distribution_major_version|int < 22
-
- name: install rkhunter (dnf)
package: name=rkhunter state=present
notify:
@@ -15,8 +6,6 @@
tags:
- rkhunter
- packages
- when: ansible_distribution_major_version|int > 21 and ansible_cmdline.ostree is not defined
-
- name: rkhunter.conf
template: src=rkhunter.conf.j2 dest=/etc/rkhunter.conf mode=0640
diff --git a/roles/rkhunter/templates/rkhunter.conf.j2 b/roles/rkhunter/templates/rkhunter.conf.j2
index 9e30994..f44c45e 100644
--- a/roles/rkhunter/templates/rkhunter.conf.j2
+++ b/roles/rkhunter/templates/rkhunter.conf.j2
@@ -165,13 +165,8 @@ ALLOW_SSH_ROOT_USER=without-password
# configuration file, then a value of '2' may be set here in order to
# suppress a warning message. This option has a default value of '0'.
#
-{% if ansible_distribution == 'Fedora' and ansible_distribution_major_version|int < 22 %}
-# Fedora 21 doesn't set protocol in ssh config
-ALLOW_SSH_PROT_V1=2
-{% else %}
# For RHEL and Fedora 22+ we set proto to v2 only
ALLOW_SSH_PROT_V1=0
-{% endif %}
#
# This setting tells rkhunter the directory containing the SSH configuration
@@ -391,6 +386,7 @@ ALLOWDEVFILE=/dev/md/autorebuild.pid
{% if ansible_hostname == 'notifs-backend01' %}
ALLOWDEVFILE=/dev/shm/fmn-cache.dbm
{% endif %}
+{% if ansible_hostname.startswith('kojipkgs') %}
ALLOWDEVFILE=/dev/shm/squid-squid-page-pool.shm
ALLOWDEVFILE=/dev/shm/squid-cache_mem.shm
ALLOWDEVFILE=/dev/shm/squid-ssl_session_cache.shm
@@ -401,7 +397,8 @@ ALLOWDEVFILE=/dev/shm/squid-cache_mem_space.shm
ALLOWDEVFILE=/dev/shm/squid-cf__readers.shm
ALLOWDEVFILE=/dev/shm/squid-cf__queues.shm
ALLOWDEVFILE=/dev/shm/squid-cf__metadata.shm
-{% if inventory_hostname in groups['virtservers'] or inventory_hostname in groups['openqa_workers'] or inventory_hostname in groups['openqa_stg_workers'] or inventory_hostname in groups['taskotron_stg_client_hosts'] or inventory_hostname in groups['taskotron_dev_client_hosts'] %}
+{% endif %}
+{% if inventory_hostname in groups['virtservers'] or inventory_hostname in groups['openqa_workers'] or inventory_hostname in groups['openqa_lab_workers'] %}
# libvirt spice device makes a /dev/shm/spice file
ALLOWDEVFILE=/dev/shm/spice.*
{% endif %}
@@ -411,7 +408,7 @@ ALLOWDEVFILE=/dev/shm/sem.slapd*.stats
{% if inventory_hostname in groups['proxies'] or inventory_hostname in groups['proxies_stg'] %}
ALLOWDEVFILE=/dev/shm/libpod_lock
{% endif %}
-{% if inventory_hostname in groups['pgbdr'] or inventory_hostname in groups['pgbdr_stg'] or inventory_hostname == 'ci-cc-rdu01.fedoraproject.org' or inventory_hostname == 'hubs01.stg.phx2.fedoraproject.org' or inventory_hostname == 'db-koji01.stg.phx2.fedoraproject.org' or inventory_hostname == 'db-qa03.qa.fedoraproject.org' %}
+{% if inventory_hostname in groups['dbserver'] or inventory_hostname in groups['pkgs'] or inventory_hostname in groups['pagure'] %}
ALLOWDEVFILE=/dev/shm/PostgreSQL*
{% endif %}
@@ -625,7 +622,7 @@ OS_VERSION_FILE=/etc/{{ ansible_distribution|lower }}-release
#
#RTKT_DIR_WHITELIST=""
#RTKT_FILE_WHITELIST=""
-{% if inventory_hostname in groups['ipa'] %}
+{% if inventory_hostname in groups['ipa'] or inventory_hostname in groups['ipa_stg'] %}
RTKT_FILE_WHITELIST="/var/log/pki/pki-tomcat/ca/system"
RTKT_FILE_WHITELIST="/var/log/pki/pki-tomcat/kra/system"
{% endif %}
@@ -648,5 +645,15 @@ SCRIPTWHITELIST=/usr/bin/whatis
SCRIPTWHITELIST=/usr/bin/ldd
SCRIPTWHITELIST=/usr/bin/groups
SCRIPTWHITELIST=/usr/bin/GET
+{% if ansible_distribution_major_version|int >= 30 %}
+# no network-scripts on newest fedora
+#SCRIPTWHITELIST=/sbin/ifup
+#SCRIPTWHITELIST=/sbin/ifdown
+{% else %}
SCRIPTWHITELIST=/sbin/ifup
SCRIPTWHITELIST=/sbin/ifdown
+{% endif %}
+{% if inventory_hostname.startswith(('db','pagure','retrace','anitya','upstream')) %}
+# Set this size very large on postgres running servers.
+IPC_SEG_SIZE=100000000000
+{% endif %}
4 years, 1 month
[ansible] Update koji-hub policy
by Nicolas Chauvet
commit e8e3d7a429421569d463b32d9d7fdc6bd2bee039
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Thu Nov 19 18:35:58 2020 +0100
Update koji-hub policy
roles/koji_hub/templates/hub.conf.j2 | 8 +++++---
1 files changed, 5 insertions(+), 3 deletions(-)
---
diff --git a/roles/koji_hub/templates/hub.conf.j2 b/roles/koji_hub/templates/hub.conf.j2
index 1293341..c38dc94 100644
--- a/roles/koji_hub/templates/hub.conf.j2
+++ b/roles/koji_hub/templates/hub.conf.j2
@@ -22,7 +22,7 @@ CheckClientIP = False
## the client username is the common name of the subject of their client certificate
DNUsernameComponent = CN
## separate multiple DNs with |
-ProxyDNs = emailAddress=rpmfusion-buildsys(a)rpmfusion.org,CN=kojiweb,O=RPM Fusion,ST=Province,C=EU|emailAddress=rpmfusion-buildsys(a)lists.rpmfusion.org,CN=sign-bridge1,O=RPM Fusion Project,ST=Province,C=EU
+ProxyDNs = emailAddress=rpmfusion-buildsys(a)rpmfusion.org,CN=kojiweb,O=RPM Fusion,ST=Province,C=EU|emailAddress=rpmfusion-buildsys(a)lists.rpmfusion.org,CN=sign-bridge1,O=RPM Fusion Project,ST=Province,C=EU|emailAddress=rpmfusion-buildsys(a)lists.rpmfusion.org,CN=sigul,O=RPM Fusion Project,ST=Province,C=EU
## end SSL client certificate auth configuration
@@ -39,7 +39,7 @@ KojiWebURL = http://arm.koji.rpmfusion.org/koji
# when creating email notifications
EmailDomain = rpmfusion.org
# Disable sending all notifications from koji, people need to use FMN now
-DisableNotifications = False
+DisableNotifications = True
## If KojiDebug is on, the hub will be /very/ verbose and will report exception
## details to clients for anticipated errors (i.e. koji's own exceptions --
@@ -93,13 +93,15 @@ channel =
method createdistrepo :: use createrepo
method buildContainer :: use powerbuilder
buildtag *-rpi :: use powerbuilder
- method buildSRPMFromSCM && buildtag *rpi :: use powerbuilder
method buildSRPMFromSCM :: use createrepo
+ method buildSRPMFromSCM && buildtag *rpi :: use powerbuilder
has req_channel && has_perm customchannel :: req
is_child_task :: parent
# Policy to move build to powerfull builders
+ source */chromium-* && bool scratch :: deny
source */chromium-* :: use powerbuilder
source */kodi* :: use powerbuilder
+ source */libopenshot* :: use powerbuilder
source */qt5-qtwebengine-freeworld* :: use powerbuilder
source */telegram-desktop* :: use powerbuilder
4 years, 1 month
[ansible] Sync base role
by Nicolas Chauvet
commit cf87115cd4875ae0ab9bf86d48d737f886f03921
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Thu Nov 19 18:28:15 2020 +0100
Sync base role
roles/base/files/common-scripts/lock-wrapper | 5 ++++-
roles/base/templates/ifcfg.j2 | 4 ++++
2 files changed, 8 insertions(+), 1 deletions(-)
---
diff --git a/roles/base/files/common-scripts/lock-wrapper b/roles/base/files/common-scripts/lock-wrapper
index abec9f3..33950ac 100755
--- a/roles/base/files/common-scripts/lock-wrapper
+++ b/roles/base/files/common-scripts/lock-wrapper
@@ -11,8 +11,11 @@ SCRIPT=$2
SILENT="no"
if [ $# -ge 3 -a "$3" == "--silent" ]; then
SILENT="yes"
+ shift
fi
+shift 2
+
LOCKDIR="/var/tmp/$NAME"
PIDFILE="$LOCKDIR/pid"
@@ -44,5 +47,5 @@ trap cleanup EXIT SIGQUIT SIGHUP SIGTERM
echo $$ > "$PIDFILE"
$RESTORE_UMASK
-eval "$SCRIPT"
+eval "$SCRIPT $*"
diff --git a/roles/base/templates/ifcfg.j2 b/roles/base/templates/ifcfg.j2
index d04dc31..ccf2103 100644
--- a/roles/base/templates/ifcfg.j2
+++ b/roles/base/templates/ifcfg.j2
@@ -10,8 +10,12 @@ ONBOOT="no"
{% else %}
IPADDR="{{ hostvars[inventory_hostname][item + '_ip'] }}"
NETMASK="{{ hostvars[inventory_hostname][item + '_nm'] }}"
+{% if hostvars[inventory_hostname][item +'_off'] is defined %}
+ONBOOT="no"
+{% else %}
ONBOOT="yes"
{% endif %}
+{% endif %}
TYPE="Ethernet"
DEVICE="{{item}}"
{% for line in if_uuid.stdout_lines %}
4 years, 1 month
[ansible] Update hosts role
by Nicolas Chauvet
commit 1637341f2648270597074c8467cf0a7891132908
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Thu Nov 19 18:27:48 2020 +0100
Update hosts role
roles/hosts/files/base | 2 ++
roles/hosts/tasks/main.yml | 18 ++++++++----------
2 files changed, 10 insertions(+), 10 deletions(-)
---
diff --git a/roles/hosts/files/base b/roles/hosts/files/base
new file mode 100644
index 0000000..849c10d
--- /dev/null
+++ b/roles/hosts/files/base
@@ -0,0 +1,2 @@
+127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
diff --git a/roles/hosts/tasks/main.yml b/roles/hosts/tasks/main.yml
index 55c7537..248b770 100644
--- a/roles/hosts/tasks/main.yml
+++ b/roles/hosts/tasks/main.yml
@@ -1,25 +1,23 @@
---
#
-# This task sets up /etc/hosts on a machine.
+# This task sets up /etc/hosts on a machine.
#
# This should only be used in rare cases
#
#
# This will move a /etc/hosts in place if it's setup in files for that host/domain
-# Note that if it's not set it will just skip this play and do nothing.
+# Note that if it's not set it will just skip this play and do nothing.
#
- name: setup /etc/hosts for some clients
copy: src={{ item }} dest=/etc/hosts
with_first_found:
- - files:
- - "{{ inventory_hostname }}-hosts"
- - "{{ ansible_fqdn }}-hosts"
- - "{{ ansible_hostname }}-hosts"
- - "{{ host_group }}-hosts"
- - "{{ ansible_domain }}-hosts"
- - "{{ datacenter }}-hosts"
- skip: true
+ - "{{ inventory_hostname }}-hosts"
+ - "{{ ansible_hostname }}-hosts"
+ - "{{ host_group }}-hosts"
+ - "{{ ansible_domain }}-hosts"
+ - "{{ datacenter }}-hosts"
+ - base
tags:
- config
- hosts
4 years, 1 month