diff options
author | Kelley Spoon <kelley.spoon@linaro.org> | 2018-06-12 08:35:28 -0500 |
---|---|---|
committer | Kelley Spoon <kelley.spoon@linaro.org> | 2018-06-12 18:16:12 +0000 |
commit | 890543b8a9f3f18eb24585e6be90c3c0671e08c6 (patch) | |
tree | 3e985b7d13d8ad6dcaee4bf9e8717d5a1c3a0656 | |
parent | 87842adf9fc8f35c6c8b01b3e6fc78369d98a8af (diff) |
OBS: add in fixes for deployment
This change catches the obs playbooks up with
the relocation of the ssh_ldap_bindpw var into
the groups/all secrets file. It also removes
ldap support for the obs-servers (docker instances)
and fixes a problem caused by Debian 9's move to
unscd.
Change-Id: I98ba73a94a49661cba21c168aa58694042491c54
Reviewed-on: https://review.linaro.org/25816
Reviewed-by: Benjamin Copeland <ben.copeland@linaro.org>
Reviewed-by: Riku Voipio <riku.voipio@linaro.org>
Reviewed-by: Kelley Spoon <kelley.spoon@linaro.org>
-rw-r--r-- | group_vars/obs | 2 | ||||
-rw-r--r-- | obs-cn1.yml | 8 | ||||
-rw-r--r-- | obs-us1.yml | 5 | ||||
-rw-r--r-- | roles/ssh-ldap/tasks/main.yml | 7 |
4 files changed, 13 insertions, 9 deletions
diff --git a/group_vars/obs b/group_vars/obs index fb60ced4..6336ae21 100644 --- a/group_vars/obs +++ b/group_vars/obs @@ -4,4 +4,4 @@ login_groups: sudo_groups: - systems - - users + - team-builds-and-baselines diff --git a/obs-cn1.yml b/obs-cn1.yml index 1b4896d9..82896156 100644 --- a/obs-cn1.yml +++ b/obs-cn1.yml @@ -53,6 +53,9 @@ - name: Configure firewall and OBS container hosts: obs-bastion-cn1.linaro.cloud + vars_files: + - "{{secrets_dir}}/group_vars/all" + - vars/empty.yml become: yes roles: - role: ssh-ldap @@ -71,8 +74,6 @@ vars_files: - "{{secrets_dir}}/host_vars/{{inventory_hostname}}" roles: - - role: ssh-ldap - tags: [ssh-ldap] - role: letsencrypt email: riku.voipio@linaro.org - role: obs @@ -81,11 +82,8 @@ hosts: obs-worker-cn1.linaro.cloud become: yes roles: - - role: ssh-ldap - tags: [ssh-ldap] - role: obs-worker OBS_IP: 192.168.1.10 OBS_JOBS: 2 OBS_PORT: 5454 OBS_TMPFS: 0 - diff --git a/obs-us1.yml b/obs-us1.yml index d4025c63..4b529ebb 100644 --- a/obs-us1.yml +++ b/obs-us1.yml @@ -53,6 +53,9 @@ - name: Configure firewall and OBS container hosts: obs-bastion-us1.linaro.cloud + vars_files: + - "{{secrets_dir}}/group_vars/all" + - vars/empty.yml become: yes roles: - role: ssh-ldap @@ -74,8 +77,6 @@ vars_files: - "{{secrets_dir}}/host_vars/{{inventory_hostname}}" roles: - - role: ssh-ldap - tags: [ssh-ldap] - role: restic backup_host: 211.148.24.209 backup_user: obs-backup diff --git a/roles/ssh-ldap/tasks/main.yml b/roles/ssh-ldap/tasks/main.yml index f7e58911..511f8409 100644 --- a/roles/ssh-ldap/tasks/main.yml +++ b/roles/ssh-ldap/tasks/main.yml @@ -38,9 +38,14 @@ # Debian has nscd enabled and running by default. We need this off to work. - name: Disable nscd for Debian - when: ansible_distribution == 'Debian' + when: ansible_distribution == 'Debian' and ansible_lsb.major_release|int < 9 service: name=nscd enabled=no state=stopped +# Debian 9 apparently changed the service to unscd +- name: Disable nscd for Debian + when: ansible_distribution == 'Debian' and ansible_lsb.major_release|int <= 9 + service: name=unscd enabled=no state=stopped + - name: See if offline LDAP cache exists stat: path=/var/lib/misc/group.db notify: |