diff options
author | Paul Sokolovsky <paul.sokolovsky@linaro.org> | 2014-10-21 21:27:26 +0300 |
---|---|---|
committer | Paul Sokolovsky <paul.sokolovsky@linaro.org> | 2014-10-21 21:27:26 +0300 |
commit | 6e20f9c259356528acd44c4f1e79769c328309aa (patch) | |
tree | d961d4aa7a949051875ccac72f3858a3c285f00c | |
parent | 091e3d9d44991e64ab690125ce7f0f449895174c (diff) |
ansible: Migrate to http://git.linaro.org/infrastructure/ansible-playbooks.git
Change-Id: Idcc83011c792799ad44c2ad3831bb0287f7192d3
25 files changed, 0 insertions, 504 deletions
diff --git a/ansible/group_vars/all b/ansible/group_vars/all deleted file mode 100644 index ac6742e..0000000 --- a/ansible/group_vars/all +++ /dev/null @@ -1,6 +0,0 @@ -install_base: /srv -apache_user: www-data -git_repo: http://git.linaro.org/git-ro/infrastructure/linaro-license-protection.git -git_repo_config: http://git.linaro.org/git-ro/infrastructure/linaro-license-protection-configs.git -git_tag: HEAD -app_name: linaro-license-protection diff --git a/ansible/host_vars/releases.linaro.org b/ansible/host_vars/releases.linaro.org deleted file mode 100644 index 986e9ad..0000000 --- a/ansible/host_vars/releases.linaro.org +++ /dev/null @@ -1,3 +0,0 @@ -hostname: releases.linaro.org -nickname: releases.linaro.org -django_settings: settings_releases diff --git a/ansible/host_vars/snapshots.linaro.org b/ansible/host_vars/snapshots.linaro.org deleted file mode 100644 index af2e125..0000000 --- a/ansible/host_vars/snapshots.linaro.org +++ /dev/null @@ -1,3 +0,0 @@ -hostname: snapshots.linaro.org -nickname: snapshots.linaro.org -django_settings: settings_snapshots diff --git a/ansible/host_vars/staging.releases.linaro.org b/ansible/host_vars/staging.releases.linaro.org deleted file mode 100644 index aed1925..0000000 --- a/ansible/host_vars/staging.releases.linaro.org +++ /dev/null @@ -1,3 +0,0 @@ -hostname: staging.releases.linaro.org -nickname: staging-releases -django_settings: settings_staging_releases diff --git a/ansible/host_vars/staging.snapshots.linaro.org b/ansible/host_vars/staging.snapshots.linaro.org deleted file mode 100644 index 2a7b867..0000000 --- a/ansible/host_vars/staging.snapshots.linaro.org +++ /dev/null @@ -1,3 +0,0 @@ -hostname: staging.snapshots.linaro.org -nickname: staging-snapshots -django_settings: settings_staging_snapshots diff --git a/ansible/hosts b/ansible/hosts deleted file mode 100644 index d4d31da..0000000 --- a/ansible/hosts +++ /dev/null @@ -1,12 +0,0 @@ -[production] -snapshots.linaro.org -releases.linaro.org - -[staging] -staging.snapshots.linaro.org -staging.releases.linaro.org - -# Hosts which support publishing interface -[publishers] -snapshots.linaro.org -staging.snapshots.linaro.org diff --git a/ansible/publishing.yaml b/ansible/publishing.yaml deleted file mode 100644 index 7acaae8..0000000 --- a/ansible/publishing.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# Set up SSH publishing infrastructure on "snapshots" hosts. -- hosts: publishers - gather_facts: no - vars: - - www_dir: /srv/staging.snapshots.linaro.org/www/ - roles: - - publish-ssh diff --git a/ansible/roles/apache-conf/tasks/main.yml b/ansible/roles/apache-conf/tasks/main.yml deleted file mode 100644 index bcd3c42..0000000 --- a/ansible/roles/apache-conf/tasks/main.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Disable defaults and enable necessary modules. - -- name: Enable Apache modules - command: a2enmod {{ item }} - creates=/etc/apache2/mods-enabled/{{ item }}.load - with_items: - - ssl - - wsgi - - xsendfile - notify: restart-apache - tags: - - install - - apache-conf - -- name: Disable Aapche default website - command: a2dissite default - removes=/etc/apache2/sites-enabled/000-default - notify: restart-apache - tags: - - install - - apache-conf diff --git a/ansible/roles/common/README b/ansible/roles/common/README deleted file mode 100644 index 1fb93c9..0000000 --- a/ansible/roles/common/README +++ /dev/null @@ -1,47 +0,0 @@ -Linaro Ansible Common -===================== - -A container for a common Ansible role. This is meant to be used as a subtree -when starting to work on a new ansible playbook. - -The prefix where this should be stored is under roles/common/ in a role-based -playbook. From the playbook, then just use the "common" role. - -To include it: - - git remote add ansible_common $PATH_TO_THIS_REPO - git fetch ansible_common - git read-tree --prefix=common/ -u ansible_common - -Then commit normally. - -To pull in new changes: - - git fetch ansible_common - git pull -s subtree ansible_common master - -Alternatively, you can use it as an external source for a role. In this case -you need to tell Ansible where to look for roles. Please refer to Ansible -documentation. - -What's Included -=============== - -Apache Handlers ---------------- - -Common Apache2 handlers are include: - * start-apache - * stop-apache - * started-apache - * reload-apache - * restart-apache - -Other handlers might be include, look at the handlers/ folder. - -Tasks ------ - -Some default tasks that should be run on all system. -Look at the tasks/ folder for more information, and at each tasks to see which -are the possible needed default variable names. diff --git a/ansible/roles/common/files/sysctl.conf b/ansible/roles/common/files/sysctl.conf deleted file mode 100644 index c9ee851..0000000 --- a/ansible/roles/common/files/sysctl.conf +++ /dev/null @@ -1,28 +0,0 @@ -# Managed via ansible, do not edit! -# -# /etc/sysctl.conf - Configuration file for setting system variables -# See /etc/sysctl.d/ for additional system variables -# See sysctl.conf (5) for information. -# - -net.core.wmem_max=12582912 -net.core.rmem_max=12582912 -net.core.netdev_max_backlog = 5000 - -net.ipv4.tcp_timestamps = 1 -net.ipv4.tcp_sack = 1 -net.ipv4.tcp_no_metrics_save = 1 -net.ipv4.tcp_slow_start_after_idle = 0 -net.ipv4.tcp_rmem= 10240 87380 12582912 -net.ipv4.tcp_wmem= 10240 87380 12582912 - -# Uncomment the next two lines to enable Spoof protection (reverse-path filter) -# Turn on Source Address Verification in all interfaces to -# prevent some spoofing attacks -net.ipv4.conf.default.rp_filter = 1 -net.ipv4.conf.all.rp_filter = 1 - -# Uncomment the next line to enable TCP/IP SYN cookies -# See http://lwn.net/Articles/277146/ -# Note: This may impact IPv6 TCP sessions too -net.ipv4.tcp_syncookies = 1 diff --git a/ansible/roles/common/handlers/apache.yml b/ansible/roles/common/handlers/apache.yml deleted file mode 100644 index a4b55e3..0000000 --- a/ansible/roles/common/handlers/apache.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- name: reload-apache - service: name=apache2 state=reloaded - -- name: restart-apache - service: name=apache2 state=restarted - -- name: started-apache - service: name=apache2 state=started - -- name: stop-apache - service: name=apache2 state=stopped diff --git a/ansible/roles/common/handlers/main.yml b/ansible/roles/common/handlers/main.yml deleted file mode 100644 index 3021bd9..0000000 --- a/ansible/roles/common/handlers/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: apache.yml -- include: nginx.yml -- include: uwsgi.yml diff --git a/ansible/roles/common/handlers/nginx.yml b/ansible/roles/common/handlers/nginx.yml deleted file mode 100644 index 0f8d59b..0000000 --- a/ansible/roles/common/handlers/nginx.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- name: reload-nginx - service: name=nginx state=reloaded - -- name: restart-nginx - service: name=nginx state=restarted - -- name: started-nginx - service: name=nginx state=started - -- name: stop-nginx - service: name=nginx state=stopped diff --git a/ansible/roles/common/handlers/uwsgi.yml b/ansible/roles/common/handlers/uwsgi.yml deleted file mode 100644 index a52e9ae..0000000 --- a/ansible/roles/common/handlers/uwsgi.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- name: reload-uwsgi - service: name=uwsgi state=reloaded - -- name: restart-uwsgi - service: name=uwsgi state=restarted - -- name: started-uwsgi - service: name=uwsgi state=started - -- name: stop-uwsgi - service: name=uwsgi state=stopped diff --git a/ansible/roles/common/tasks/host-nickname.yml b/ansible/roles/common/tasks/host-nickname.yml deleted file mode 100644 index ad380ae..0000000 --- a/ansible/roles/common/tasks/host-nickname.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Set a sane visible nickname for the host. Since with Amazon it is not always -# possible to change the hostname if we do not have a registered DNS name -# associated with it, the other way to set it, as reported also by Amazon docs, -# is to set a NICKNAME variable, and tweak the PS1 variable to show that -# instead. -# This will only work for new users, already existing users will have to tweak -# their bashrc file accordingly. -# -# This role requires the variable 'nickname' to be set. - -- name: Test if we can install nickname file - shell: test -f /etc/profile.d/host-nickname.sh - register: host_nickname - ignore_errors: True - -- name: Install host nickname shell definition - template: src=host-nickname.sh - dest=/etc/profile.d/host-nickname.sh - owner=root - group=root - mode=0444 - when: host_nickname.rc|int == 1 - -- name: Install a default bashrc for new users - template: src=base-bashrc - dest=/etc/skel/.bashrc - owner=root - group=root - mode=0644 - when: host_nickname.rc|int == 1 diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml deleted file mode 100644 index 9049e2a..0000000 --- a/ansible/roles/common/tasks/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- include: host-nickname.yml -- include: net-sysctl.yml diff --git a/ansible/roles/common/tasks/net-sysctl.yml b/ansible/roles/common/tasks/net-sysctl.yml deleted file mode 100644 index 30b9262..0000000 --- a/ansible/roles/common/tasks/net-sysctl.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Tweak kernel network configuration for performance - copy: src=sysctl.conf - dest=/etc/sysctl.conf - owner=root - group=root - mode=0644 diff --git a/ansible/roles/common/templates/base-bashrc b/ansible/roles/common/templates/base-bashrc deleted file mode 100644 index de88aa8..0000000 --- a/ansible/roles/common/templates/base-bashrc +++ /dev/null @@ -1,112 +0,0 @@ -# ~/.bashrc: executed by bash(1) for non-login shells. -# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc) -# for examples - -# If not running interactively, don't do anything -[ -z "$PS1" ] && return - -# don't put duplicate lines or lines starting with space in the history. -# See bash(1) for more options -HISTCONTROL=ignoreboth - -# append to the history file, don't overwrite it -shopt -s histappend - -# for setting history length see HISTSIZE and HISTFILESIZE in bash(1) -HISTSIZE=1000 -HISTFILESIZE=2000 - -# check the window size after each command and, if necessary, -# update the values of LINES and COLUMNS. -shopt -s checkwinsize - -# If set, the pattern "**" used in a pathname expansion context will -# match all files and zero or more directories and subdirectories. -#shopt -s globstar - -# make less more friendly for non-text input files, see lesspipe(1) -[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)" - -# set variable identifying the chroot you work in (used in the prompt below) -if [ -z "$debian_chroot" ] && [ -r /etc/debian_chroot ]; then - debian_chroot=$(cat /etc/debian_chroot) -fi - -# set a fancy prompt (non-color, unless we know we "want" color) -case "$TERM" in - xterm-color) color_prompt=yes;; -esac - -# uncomment for a colored prompt, if the terminal has the capability; turned -# off by default to not distract the user: the focus in a terminal window -# should be on the output of commands, not on the prompt -#force_color_prompt=yes - -if [ -n "$force_color_prompt" ]; then - if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then - # We have color support; assume it's compliant with Ecma-48 - # (ISO/IEC-6429). (Lack of such support is extremely rare, and such - # a case would tend to support setf rather than setaf.) - color_prompt=yes - else - color_prompt= - fi -fi - -if [ "$color_prompt" = yes ]; then - PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' -else - PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ ' -fi -unset color_prompt force_color_prompt - -# If this is an xterm set the title to user@host:dir -case "$TERM" in -xterm*|rxvt*) - PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1" - ;; -*) - ;; -esac - -# enable color support of ls and also add handy aliases -if [ -x /usr/bin/dircolors ]; then - test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" - alias ls='ls --color=auto' - #alias dir='dir --color=auto' - #alias vdir='vdir --color=auto' - - alias grep='grep --color=auto' - alias fgrep='fgrep --color=auto' - alias egrep='egrep --color=auto' -fi - -# some more ls aliases -alias ll='ls -alF' -alias la='ls -A' -alias l='ls -CF' - -# Add an "alert" alias for long running commands. Use like so: -# sleep 10; alert -alias alert='notify-send --urgency=low -i "$([ $? = 0 ] && echo terminal || echo error)" "$(history|tail -n1|sed -e '\''s/^\s*[0-9]\+\s*//;s/[;&|]\s*alert$//'\'')"' - -# Alias definitions. -# You may want to put all your additions into a separate file like -# ~/.bash_aliases, instead of adding them here directly. -# See /usr/share/doc/bash-doc/examples in the bash-doc package. - -if [ -f ~/.bash_aliases ]; then - . ~/.bash_aliases -fi - -# enable programmable completion features (you don't need to enable -# this, if it's already enabled in /etc/bash.bashrc and /etc/profile -# sources /etc/bash.bashrc). -if [ -f /etc/bash_completion ] && ! shopt -oq posix; then - . /etc/bash_completion -fi - -# NICKNAME -if [ "$NICKNAME" ]; then - PS1=$(echo "$PS1" | sed 's.\\h.$NICKNAME.g') -fi diff --git a/ansible/roles/common/templates/host-nickname.sh b/ansible/roles/common/templates/host-nickname.sh deleted file mode 100644 index bf6177e..0000000 --- a/ansible/roles/common/templates/host-nickname.sh +++ /dev/null @@ -1,2 +0,0 @@ -# Managed via ansible. -export NICKNAME={{ nickname }} diff --git a/ansible/roles/install-deps/tasks/main.yml b/ansible/roles/install-deps/tasks/main.yml deleted file mode 100644 index cac09af..0000000 --- a/ansible/roles/install-deps/tasks/main.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -- name: Install OS dependencies - apt: name={{ item }} - update_cache=yes - state=latest - with_items: - - apache2 - - git - - libapache2-mod-python - - libapache2-mod-wsgi - - libapache2-mod-xsendfile - - python-beautifulsoup - - python-django - - python-django-openid-auth - - python-django-south - - python-requests - - python-textile - tags: - - install - - update diff --git a/ansible/roles/install-llp/tasks/main.yml b/ansible/roles/install-llp/tasks/main.yml deleted file mode 100644 index 5282734..0000000 --- a/ansible/roles/install-llp/tasks/main.yml +++ /dev/null @@ -1,112 +0,0 @@ ---- -- name: Create base directory for installation - file: path={{ install_base }}/{{ hostname }} - owner={{ apache_user }} - group={{ apache_user }} - mode=0755 - state=directory - tags: - - install - - update - -- name: Checkout linaro-license-protection code - git: repo={{ git_repo }} - dest={{ install_base }}/{{ hostname }}/{{ app_name }} - version={{ git_tag }} - update=yes - notify: restart-apache - tags: - - install - - update - -- name: Checkout linaro-license-protection-configs - git: repo={{ git_repo_config }} - dest={{ install_base }}/{{ hostname }}/configs - version={{ git_tag }} - update=yes - tags: - - install - - update - -- name: Create db/ directory - file: path={{ install_base }}/{{ hostname }}/db - state=directory - owner={{ apache_user }} - group={{ apache_user }} - mode=755 - recurse=yes - tags: - - install - - update - -- name: Run syncdb command - django_manage: app_path="{{ install_base }}/{{ hostname }}/{{ app_name }}" - pythonpath="{{ install_base }}/{{ hostname }}:{{ install_base }}/{{ hostname }}/{{ app_name }}:/{{ install_base }}/{{ hostname }}/configs/django" - settings="{{ django_settings }}" - command=syncdb - environment: - PYTHONPATH: "{{ install_base }}/{{ hostname }}:{{ install_base }}/{{ hostname }}/{{ app_name }}:/{{ install_base }}/{{ hostname }}/configs/django" - DJANGO_SETTINGS_MODULE: "{{ django_settings }}" - tags: - - install - - update - - django - -# the app was originally deployed without support for south migrations -# this checks if we need to set up a fake migration to get things going -- name: Run fake migration if needed - shell: ./manage.py migrate license_protected_downloads 0001 --fake --settings={{ django_settings }} && touch "{{ install_base }}/{{ hostname }}/db/.south-setup" - args: - chdir: "{{ install_base }}/{{ hostname }}/{{ app_name }}" - creates: "{{ install_base }}/{{ hostname }}/db/.south-setup" - environment: - PYTHONPATH: "{{ install_base }}/{{ hostname }}:{{ install_base }}/{{ hostname }}/{{ app_name }}:{{ install_base }}/{{ hostname }}/configs/django" - tags: - - update - - django - -- name: Run south DB migration command - django_manage: app_path="{{ install_base }}/{{ hostname }}/{{ app_name }}" - pythonpath="{{ install_base }}/{{ hostname }}:{{ install_base }}/{{ hostname }}/{{ app_name }}:/{{ install_base }}/{{ hostname }}/configs/django" - settings="{{ django_settings }}" - command=migrate - environment: - PYTHONPATH: "{{ install_base }}/{{ hostname }}:{{ install_base }}/{{ hostname }}/{{ app_name }}:/{{ install_base }}/{{ hostname }}/configs/django" - DJANGO_SETTINGS_MODULE: "{{ django_settings }}" - tags: - - install - - update - - django - -- name: Run collectstatic command - django_manage: app_path="{{ install_base }}/{{ hostname }}/{{ app_name }}" - pythonpath="{{ install_base }}/{{ hostname }}:{{ install_base }}/{{ hostname }}/{{ app_name }}:/{{ install_base }}/{{ hostname }}/configs/django" - settings="{{ django_settings }}" - command=collectstatic - environment: - PYTHONPATH: "{{ install_base }}/{{ hostname }}:{{ install_base }}/{{ hostname }}/{{ app_name }}:/{{ install_base }}/{{ hostname }}/configs/django" - DJANGO_SETTINGS_MODULE: "{{ django_settings }}" - tags: - - install - - update - - django - -- name: Fix directory permissions - file: path={{ install_base }}/{{ hostname }}/{{ app_name }} - owner={{ apache_user }} - group={{ apache_user }} - state=directory - recurse=yes - tags: - - install - - update - -- name: Fix configs directory permissions - file: path={{ install_base }}/{{ hostname }}/configs - owner={{ apache_user }} - group={{ apache_user }} - recurse=yes - state=directory - tags: - - install - - update diff --git a/ansible/roles/publish-ssh/files/sudoers/linaro-android-build-publish-trigger b/ansible/roles/publish-ssh/files/sudoers/linaro-android-build-publish-trigger deleted file mode 100644 index 70a790d..0000000 --- a/ansible/roles/publish-ssh/files/sudoers/linaro-android-build-publish-trigger +++ /dev/null @@ -1 +0,0 @@ -linaro-android-build-publish-trigger ALL=(linaro-android-build-publish) NOPASSWD: /srv/snapshots.linaro.org/linaro-license-protection/scripts/publish_to_snapshots.py diff --git a/ansible/roles/publish-ssh/files/sudoers/linaro-ci-publish-trigger b/ansible/roles/publish-ssh/files/sudoers/linaro-ci-publish-trigger deleted file mode 100644 index 9047128..0000000 --- a/ansible/roles/publish-ssh/files/sudoers/linaro-ci-publish-trigger +++ /dev/null @@ -1 +0,0 @@ -linaro-ci-publish-trigger ALL=(linaro-ci-publish) NOPASSWD: /srv/snapshots.linaro.org/linaro-license-protection/scripts/publish_to_snapshots.py diff --git a/ansible/roles/publish-ssh/tasks/main.yaml b/ansible/roles/publish-ssh/tasks/main.yaml deleted file mode 100644 index 4f8b437..0000000 --- a/ansible/roles/publish-ssh/tasks/main.yaml +++ /dev/null @@ -1,32 +0,0 @@ -- name: Set up sudoers files for move trigger users - copy: src=sudoers/{{item}} dest=/etc/sudoers.d/{{item}} mode=0440 backup=yes - with_items: - - linaro-android-build-publish-trigger - - linaro-ci-publish-trigger - sudo: yes - -- name: Set top-level upload dir permissions - file: dest=/home/linaro-android-build-publish/uploads/ state=directory - owner=linaro-android-build-publish group=bot-publishers - mode=0775 - #recurse=yes - sudo: yes - -- name: Set Android upload dir permissions - file: dest=/home/linaro-android-build-publish/uploads/android/ state=directory - owner=linaro-android-build-publish group=bot-publishers - mode=0775 - #recurse=yes - sudo: yes - -# file recurse=yes is *very* slow in Ansible ;-( -#- name: Set download dir permissions -# file: dest={{www_dir}} state=directory -# owner=linaro-ci-publish group=bot-publishers -# recurse=yes -# #mode=0775 -# sudo: yes - -- name: Set download dir permissions - command: chown -R linaro-ci-publish:bot-publishers {{www_dir}} - sudo: yes diff --git a/ansible/site.yml b/ansible/site.yml deleted file mode 100644 index be08002..0000000 --- a/ansible/site.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- hosts: all - gather_facts: no - sudo: yes - roles: - - common - - install-deps - - install-llp - - apache-conf |