infrastructure-playbook/dnbd3.yml at master · usegalaxy-eu/infrastructure-playbook · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
---
- name: DNBD3 Infrastructure
  hosts: dnbd3primary,dnbd3proxy
  become: true
  vars_files:
    - secret_group_vars/all.yml

  pre_tasks:
    - name: Install dependencies
      ansible.builtin.package:
        name:
          - git
        state: present
    - name: Create dnbd3 user
      ansible.builtin.group:
        name: "{{ dnbd3_group }}"
        state: present
    - name: Create dnbd3 user
      ansible.builtin.user:
        name: "{{ dnbd3_user }}"
        group: "{{ dnbd3_group }}"
        shell: /bin/false
        create_home: false
    - name: Grant access to dnbd3 root directory
      ansible.builtin.file:
        mode: "770"
        path: "{{ dnbd3_base_path }}"
        state: directory
        owner: "{{ dnbd3_user }}"
        group: "{{ dnbd3_group }}"

  post_tasks:
    - name: Create SELinux rule for apache to access http dir
      community.general.sefcontext:
        target: '{{ dnbd3_base_path }}/http(/.*)?'
        setype: httpd_sys_rw_content_t
        state: present

  roles:
    - usegalaxy-eu.dynmotd
    - usegalaxy-eu.autoupdates # keep all of our packages up to date
    - influxdata.chrony # Keep our time in sync.
    - dj-wasabi.telegraf
    - role: usegalaxy-eu.autofs
      when: "'dnbd3primary' in group_names"
    - role: usegalaxy_eu.handy.os_setup
      vars:
        hostname: "{{ inventory_hostname }}"
        enable_hostname: true
        enable_powertools: true
      when: "'dnbd3_primary' in group_names"
    - role: usegalaxy_eu.dnbd3
    - role: usegalaxy_eu.tftp
      when: "'dnbd3primary' in group_names"
    - role: geerlingguy.apache
      when: "'dnbd3primary' in group_names"
    - role: usegalaxy_eu.dnbd3-primary
      when: "'dnbd3primary' in group_names"
    - role: usegalaxy_eu.firewall