Skip to content

Commit 22b427b

Browse files
ndokosportante
ndokos
authored and
portante
committed
Add roles to tweak the firewall and add the pbench user.
Add a role to allow http/https traffic through the firewall and a role to create the pbench user. Import the roles and invoke them from the pbench-server-config role. Cleanup and renaming of some variables - the following variables are assumed to be defined in the inventory file: - pbench_repo_url_prefix: specifies the URL prefix of the repo where the pbench-server RPM is found. It is only used by the pbench-repo-install role. - pbench_config_url: specifies the URL where the config files for specific server environments are found. - pbench_config_files: specifies a list of config files that should be installed on a particular host.
1 parent d9d655a commit 22b427b

File tree

9 files changed

+74
-29
lines changed

9 files changed

+74
-29
lines changed

server/ansible/Inventory/group_vars/servers

Lines changed: 0 additions & 16 deletions
This file was deleted.

server/ansible/Inventory/pbench-server.hosts.example

Lines changed: 16 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,23 @@
11
# Change the [servers] section to the set of hosts where you want to
22
# install pbench-server. The various hosts can be running any
3-
# combinations of RHEL7, RHEL8, or (supported) Fedora versions
4-
# (currently 28, 29 and 30). Installing on more than one server (e.g.
5-
# on a master as well as a satellite server) will require more
6-
# setup and is described in the server/ansible/README.org file.
3+
# combinations of RHEL7, RHEL8, or (supported) Fedora
4+
# versions. Installing on more than one server (e.g. on a master as
5+
# well as a satellite server) is possible by overriding variables
6+
# per host (e.g. satellite servers do not do backups, so the variable
7+
# `configfiles' can be redefined to contain just one element).
78

89
[servers]
910
<pbench-server-host>
11+
<pbench-server-satellite-host> pbench_config_files='["pbench-server.cfg"]'
12+
13+
[servers:vars]
14+
# pbench_config_url should be set once for a new environment by an administrator
15+
# to provide access to the config files for whatever server environment(s)
16+
# are needed.
17+
# from where to fetch config files
18+
pbench_config_url = http://pbench.example.com/server/config/{{ cenv }}
19+
20+
# list of config files to fetch
21+
pbench_config_files = '["pbench-server.cfg", "pbench-server-backup.cfg"]'
1022

11-
# Variables for this group are defined in ./group_vars/servers
1223

server/ansible/roles/pbench-repo-install/defaults/main.yml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,10 @@
11
---
22
test_repo_enabled: 0
3+
4+
repos:
5+
- tag: pbench
6+
baseurl: "{{ pbench_repo_url_prefix }}/pbench/{{ distrodir }}"
7+
gpgkey: "{{ pbench_repo_url_prefix }}/pbench/pubkey.gpg"
8+
gpgcheck: 1
9+
enabled: 1
10+

server/ansible/roles/pbench-repo-install/tasks/main.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,9 @@
11
---
2-
# Install pbench-server.repo
3-
- name: ensure we have the pbench-server.repo file properly in place
2+
# Install pbench.repo
3+
- name: ensure we have the pbench.repo file properly in place
44
template:
5-
src: etc/yum.repos.d/pbench-server.repo.j2
6-
dest: /etc/yum.repos.d/pbench-server.repo
5+
src: etc/yum.repos.d/pbench.repo.j2
6+
dest: /etc/yum.repos.d/pbench.repo
77
owner: root
88
group: root
99
mode: 0644

server/ansible/roles/pbench-repo-install/templates/etc/yum.repos.d/pbench-server.repo.j2 renamed to server/ansible/roles/pbench-repo-install/templates/etc/yum.repos.d/pbench.repo.j2

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{% for repo in repos %}
22

33
[copr-{{ repo.tag }}]
4-
name=Copr {{ repo.tag }} repo for pbench-server
4+
name=Copr {{ repo.tag }} repo
55
baseurl={{ repo.baseurl }}
66
skip_if_unavailable=True
77
gpgcheck= {{ repo.gpgcheck }}

server/ansible/roles/pbench-server-config/tasks/main.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,14 @@
11
---
22
- import_role:
33
name: geerlingguy.apache
4+
- import_role:
5+
name: pbench-server-firewall
46
- import_role:
57
name: pbench-server-install-config-file
68
- import_role:
79
name: pbench-server-vars
10+
- import_role:
11+
name: pbench-server-user
812
- import_role:
913
name: pbench-server-activate-create-crontab
1014
- import_role:

server/ansible/roles/pbench-server-firewall/tasks/main.yml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
---
2+
- name: punch holes into the firewall for some services.
3+
firewalld:
4+
service: "{{ item }}"
5+
permanent: yes
6+
state: enabled
7+
with_items:
8+
- http
9+
- https

server/ansible/roles/pbench-server-install-config-file/tasks/main.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,14 @@
11
---
22
# Install config file for pbench agent or server (the inventory file
3-
# specifies which through the configurl variable). Other variables
3+
# specifies which through the pbench_config_url variable). Other variables
44
# are specified in the default vars of this role, but can be overridden
55
# (if necessary) by specifying them in the inventory file.
66

77
- name: install the config file
88
get_url:
9-
url: "{{ configurl }}/{{ item }}"
9+
url: "{{ pbench_config_url }}/{{ item }}"
1010
dest: "{{ pbench_server_config_dest }}"
1111
mode: 0444
1212
owner: "{{ pbench_owner }}"
1313
group: "{{ pbench_group }}"
14-
with_items: "{{ configfiles }}"
14+
with_items: "{{ pbench_config_files }}"

server/ansible/roles/pbench-server-user/tasks/main.yml

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
---
2+
- name: create pbench group
3+
group:
4+
name: "{{ pbench_group }}"
5+
state: present
6+
7+
- name: create pbench user
8+
user:
9+
name: "{{ pbench_user }}"
10+
comment: Pbench user
11+
home: /home/{{ pbench_user }}
12+
group: "{{ pbench_group }}"
13+
state: present
14+
15+
- name: relax perms on pbench home directory
16+
file:
17+
path: /home/{{ pbench_user }}
18+
mode: 0755
19+
owner: "{{ pbench_user }}"
20+
group: "{{ pbench_group }}"
21+
state: directory
22+
23+
- name: create .ssh subdir
24+
file:
25+
path: /home/{{ pbench_user }}/.ssh
26+
mode: 0755
27+
owner: "{{ pbench_user }}"
28+
group: "{{ pbench_group }}"
29+
state: directory

0 commit comments

Comments
 (0)