commit 07911e4402dfe536763e43b1ae7d0a6b6716a2ce Author: Nicolas Chauvet <kwizart(a)gmail.com&gt; Date: Wed Jun 10 15:31:37 2020 +0200 Refresh playbooks playbooks/groups/logserver.yml | 11 ++++-- playbooks/groups/mailman.yml | 16 +++++---- playbooks/groups/mariadb-server.yml | 8 +++-- playbooks/groups/memcached.yml | 8 +++-- playbooks/groups/mirrormanager.yml | 19 +++++++---- playbooks/groups/noc.yml | 25 +++++++++++---- playbooks/groups/packages.yml | 53 +------------------------------ playbooks/groups/pkgs.yml | 7 ++-- playbooks/groups/postgresql-server.yml | 1 + 9 files changed, 63 insertions(+), 85 deletions(-) --- diff --git a/playbooks/groups/logserver.yml b/playbooks/groups/logserver.yml index ccac185..9375181 100644 --- a/playbooks/groups/logserver.yml +++ b/playbooks/groups/logserver.yml @@ -1,7 +1,7 @@ -#- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=log01.rpmfusion.org" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=logging" - name: make the box be real - hosts: hv01.online.rpmfusion.org + hosts: logging user: root gather_facts: True @@ -23,14 +23,17 @@ - epylog - awstats - tasks: + pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" + + + tasks: - import_tasks: "{{ tasks_path }}/2fa_client.yml" - import_tasks: "{{ tasks_path }}/motd.yml" # # We exclude some dirs from restorecon on updates on logservers as they are very large -# and it takes a long long time to run restorecon over them. +# and it takes a long long time to run restorecon over them. # - name: exclude some directories from selinux relabeling on updates copy: src="{{ files }}/logserver/fixfiles_exclude_dirs" dest=/etc/selinux/fixfiles_exclude_dirs owner=root mode=0644 diff --git a/playbooks/groups/mailman.yml b/playbooks/groups/mailman.yml index c59075b..5c90468 100644 --- a/playbooks/groups/mailman.yml +++ b/playbooks/groups/mailman.yml @@ -23,14 +23,15 @@ - collectd/base - sudo - spamassassin - - apache + - mod_wsgi + + pre_tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" tasks: # this is how you include other task lists - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - import_tasks: "{{ tasks_path }}/2fa_client.yml" - import_tasks: "{{ tasks_path }}/motd.yml" - - import_tasks: "{{ tasks_path }}/mod_wsgi.yml" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" @@ -47,7 +48,7 @@ tasks: - name: install psycopg2 for the postgresql ansible modules - yum: pkg=python-psycopg2 state=present + package: name=python-psycopg2 state=present tags: - packages @@ -100,9 +101,10 @@ tasks: - name: install more needed packages - yum: pkg={{ item }} state=present - with_items: - - tar + package: + state: present + name: + - tar tags: - packages diff --git a/playbooks/groups/mariadb-server.yml b/playbooks/groups/mariadb-server.yml index 8261b86..f5e19e0 100644 --- a/playbooks/groups/mariadb-server.yml +++ b/playbooks/groups/mariadb-server.yml @@ -4,14 +4,14 @@ - import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=db03.rpmfusion.org:db03.stg.rpmfusion.org" -# Once the instance exists, configure it. +# Once the instance exists, configure it. - name: configure mariadb server system hosts: db03.rpmfusion.org:db03.stg.rpmfusion.org user: root gather_facts: True - vars_files: + vars_files: - /srv/web/infra/ansible/vars/global.yml - "/srv/private/ansible/vars.yml" - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml @@ -26,8 +26,10 @@ - collectd/base - sudo - tasks: + pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" + + tasks: - import_tasks: "{{ tasks_path }}/2fa_client.yml" - import_tasks: "{{ tasks_path }}/motd.yml" diff --git a/playbooks/groups/memcached.yml b/playbooks/groups/memcached.yml index 1314671..e59989b 100644 --- a/playbooks/groups/memcached.yml +++ b/playbooks/groups/memcached.yml @@ -1,7 +1,7 @@ -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=memcached:memcached-stg" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=memcached:memcached_stg" - name: make the box be real - hosts: memcached:memcached-stg + hosts: memcached:memcached_stg user: root gather_facts: True @@ -21,8 +21,10 @@ - sudo - memcached - tasks: + pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" + + tasks: - import_tasks: "{{ tasks_path }}/2fa_client.yml" - import_tasks: "{{ tasks_path }}/motd.yml" diff --git a/playbooks/groups/mirrormanager.yml b/playbooks/groups/mirrormanager.yml index 50f50a8..f091d02 100644 --- a/playbooks/groups/mirrormanager.yml +++ b/playbooks/groups/mirrormanager.yml @@ -1,7 +1,7 @@ -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=mm:mm-stg" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=mm:mm_stg" - name: make the boxe be real for real - hosts: mm:mm-stg + hosts: mm:mm_stg user: root gather_facts: True @@ -21,8 +21,10 @@ - { role: openvpn/client, when: env != "staging" and inventory_hostname.startswith('mm-frontend') } - { role: nfs/client, when: inventory_hostname.startswith('mm-backend01'), mnt_dir: '/srv/pub', nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' } - tasks: + pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" + + tasks: - import_tasks: "{{ tasks_path }}/2fa_client.yml" - import_tasks: "{{ tasks_path }}/motd.yml" @@ -30,7 +32,7 @@ - import_tasks: "{{ handlers_path }}/restart_services.yml" - name: Deploy the backend - hosts: mm-backend:mm-backend-stg + hosts: mm_backend:mm_backend_stg user: root gather_facts: True @@ -39,6 +41,9 @@ - "/srv/private/ansible/vars.yml" - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + pre_tasks: + - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README + roles: - mirrormanager/backend - s3-mirror @@ -48,7 +53,7 @@ - import_tasks: "{{ handlers_path }}/restart_services.yml" - name: Deploy the crawler - hosts: mm-crawler:mm-crawler-stg + hosts: mm_crawler:mm_crawler_stg user: root gather_facts: True @@ -67,7 +72,7 @@ - import_tasks: "{{ handlers_path }}/restart_services.yml" - name: Deploy the frontend (web-app) - hosts: mm-frontend:mm-frontend-stg + hosts: mm_frontend:mm_frontend_stg user: root gather_facts: True @@ -85,7 +90,7 @@ # Do this one last, since the mirrormanager user needs to exist so that it can # own the fedmsg certs we put in place here. - name: Put fedmsg stuff in place - hosts: mm:mm-stg + hosts: mm:mm_stg user: root gather_facts: True diff --git a/playbooks/groups/noc.yml b/playbooks/groups/noc.yml index 06f808f..c958505 100644 --- a/playbooks/groups/noc.yml +++ b/playbooks/groups/noc.yml @@ -1,15 +1,19 @@ -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=nagios:nagios-stg" +# This is a basic playbook +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=nagios" - name: make the box be real - hosts: nagios:nagios-stg + hosts: nagios user: root gather_facts: True - vars_files: + vars_files: - /srv/web/infra/ansible/vars/global.yml - "/srv/private/ansible/vars.yml" - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + pre_tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + roles: - base - rkhunter @@ -21,13 +25,11 @@ - sudo - { role: openvpn/client, when: env != "staging" } - - apache + - mod_wsgi tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - import_tasks: "{{ tasks_path }}/2fa_client.yml" - import_tasks: "{{ tasks_path }}/motd.yml" - - import_tasks: "{{ tasks_path }}/mod_wsgi.yml" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" @@ -37,7 +39,7 @@ user: root gather_facts: True - vars_files: + vars_files: - /srv/web/infra/ansible/vars/global.yml - "/srv/private/ansible/vars.yml" - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml @@ -51,3 +53,12 @@ - { role: tftp_server, when: datacenter == 'online' } - nagios/server - fedmsg/base + + + tasks: + - name: install some packages which arent in playbooks + package: + state: present + name: + - nmap + - tcpdump diff --git a/playbooks/groups/packages.yml b/playbooks/groups/packages.yml index 941673e..d47ac1a 100644 --- a/playbooks/groups/packages.yml +++ b/playbooks/groups/packages.yml @@ -29,66 +29,17 @@ - sudo - { role: openvpn/client, when: env != "staging" } - - apache + - mod_wsgi tasks: - import_tasks: "{{ tasks_path }}/2fa_client.yml" - import_tasks: "{{ tasks_path }}/motd.yml" - - import_tasks: "{{ tasks_path }}/mod_wsgi.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - -- name: set up gluster server on prod - hosts: packages - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: gluster/server - name: gluster - username: "{{ packagesglusterusername }}" - password: "{{ packagesglusterpassword }}" - owner: root - group: root - datadir: /srv/glusterfs/packages - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - -- name: set up gluster client on prod - hosts: packages - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - fedmsg/base - - role: gluster/client - name: gluster - servers: - - packages03.rpmfusion.org - - packages04.rpmfusion.org - username: "{{ packagesglusterusername }}" - password: "{{ packagesglusterpassword }}" - owner: apache - group: fedmsg - mountdir: /var/cache/fedoracommunity handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" - name: dole out the new service specific config - hosts: packages:packages-stg + hosts: packages:packages_stg user: root gather_facts: True diff --git a/playbooks/groups/pkgs.yml b/playbooks/groups/pkgs.yml index 6aaa38c..c6df840 100644 --- a/playbooks/groups/pkgs.yml +++ b/playbooks/groups/pkgs.yml @@ -1,7 +1,7 @@ -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=pkgs-stg:pkgs02.rpmfusion.org" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=pkgs_stg:pkgs" - name: make the box be real - hosts: pkgs-stg:pkgs01.online.rpmfusion.net + hosts: pkgs_stg:pkgs user: root gather_facts: True @@ -12,6 +12,7 @@ roles: - base + - hosts - rkhunter - nagios_client - fas_client @@ -48,7 +49,7 @@ - import_playbook: /srv/web/infra/ansible/playbooks/include/proxies-fedora-web.yml - name: setup fedmsg on pkgs - hosts: pkgs-stg:pkgs01.online.rpmfusion.net + hosts: pkgs_stg:pkgs01.online.rpmfusion.net user: root gather_facts: True diff --git a/playbooks/groups/postgresql-server.yml b/playbooks/groups/postgresql-server.yml index 2b7c379..7cedcd9 100644 --- a/playbooks/groups/postgresql-server.yml +++ b/playbooks/groups/postgresql-server.yml @@ -17,6 +17,7 @@ - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml pre_tasks: + - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - import_tasks: "{{ tasks_path }}/yumrepos.yml" roles: