bug 1296641 - import new ansible playbooks and roles for autoland; r?fubar
Apologies for this being a monolithic import. Future work here will
be smaller and frequent.
This is a dump of the current state on the new ansible playbooks for
moving autoland to the new platform ops aws account. This is by no
means in a completed state. Any TODOs will be called out in
bug 1262061
MozReview-Commit-ID: JGuxmyBM3Qf
new file mode 100644
--- /dev/null
+++ b/ansible/ansible.cfg
@@ -0,0 +1,3 @@
+[defaults]
+pipelining=True
+roles_path=roles_galaxy/:roles/
new file mode 100644
--- /dev/null
+++ b/ansible/autoland-ec2-provision.yml
@@ -0,0 +1,18 @@
+---
+- name: provision autoland instance
+ hosts: default
+ user: centos
+ become: true
+
+ pre_tasks:
+ - name: import autoland secrets
+ shell: cat /opt/secrets/autoland/autoland_vars.yml
+ register: autoland_vars
+
+ - name: set autoland secrets as yaml fact
+ set_fact: autoland_secrets="{{ autoland_vars.stdout | from_yaml }}"
+
+ roles:
+ - { role: common }
+ - { role: autoland, secrets: "{{ autoland_secrets }}" }
+ - { role: nrpe }
new file mode 100644
--- /dev/null
+++ b/ansible/autoland-seed-secrets.yml
@@ -0,0 +1,9 @@
+---
+- name: seed server with secrets
+ hosts: default
+ user: centos
+ become: true
+
+ roles:
+ - { role: seed_secrets, products: ["autoland"] }
+
new file mode 100644
--- /dev/null
+++ b/ansible/host_vars/autoland-dev.allizom.org.yml
@@ -0,0 +1,3 @@
+---
+vct_repo: "https://hg.mozilla.org/hgcustom/version-control-tools/"
+# rev: @
new file mode 100644
--- /dev/null
+++ b/ansible/hosts_autoland_dev
@@ -0,0 +1,2 @@
+[default]
+autoland-dev.allizom.org
new file mode 100644
--- /dev/null
+++ b/ansible/roles/autoland/defaults/main.yml
@@ -0,0 +1,20 @@
+---
+vct_repo: "https://hg.mozilla.org/hgcustom/version-control-tools"
+rev: "@"
+
+
+secrets:
+ mozreview_token: "default_token"
+
+ bugzilla_user: "default_user"
+ bugzilla_password: "default_password"
+
+ db_name: "default_name"
+ db_user: "default_user"
+ db_password: "default_password"
+ db_host: "default_host"
+
+ ldap_user: "default_ldap_user@default"
+ ssh_key_name: "id_rsa"
+
+repos: {}
new file mode 100644
--- /dev/null
+++ b/ansible/roles/autoland/files/httpd.conf
@@ -0,0 +1,101 @@
+ServerRoot "/etc/httpd"
+
+LoadModule access_compat_module modules/mod_access_compat.so
+LoadModule actions_module modules/mod_actions.so
+LoadModule alias_module modules/mod_alias.so
+LoadModule allowmethods_module modules/mod_allowmethods.so
+LoadModule auth_basic_module modules/mod_auth_basic.so
+LoadModule auth_digest_module modules/mod_auth_digest.so
+LoadModule authn_anon_module modules/mod_authn_anon.so
+LoadModule authn_core_module modules/mod_authn_core.so
+LoadModule authn_dbd_module modules/mod_authn_dbd.so
+LoadModule authn_dbm_module modules/mod_authn_dbm.so
+LoadModule authn_file_module modules/mod_authn_file.so
+LoadModule authn_socache_module modules/mod_authn_socache.so
+LoadModule authz_core_module modules/mod_authz_core.so
+LoadModule authz_dbd_module modules/mod_authz_dbd.so
+LoadModule authz_dbm_module modules/mod_authz_dbm.so
+LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
+LoadModule authz_host_module modules/mod_authz_host.so
+LoadModule authz_owner_module modules/mod_authz_owner.so
+LoadModule authz_user_module modules/mod_authz_user.so
+LoadModule autoindex_module modules/mod_autoindex.so
+LoadModule cache_module modules/mod_cache.so
+LoadModule cache_disk_module modules/mod_cache_disk.so
+LoadModule data_module modules/mod_data.so
+LoadModule dbd_module modules/mod_dbd.so
+LoadModule deflate_module modules/mod_deflate.so
+LoadModule dir_module modules/mod_dir.so
+LoadModule dumpio_module modules/mod_dumpio.so
+LoadModule echo_module modules/mod_echo.so
+LoadModule env_module modules/mod_env.so
+LoadModule expires_module modules/mod_expires.so
+LoadModule ext_filter_module modules/mod_ext_filter.so
+LoadModule filter_module modules/mod_filter.so
+LoadModule headers_module modules/mod_headers.so
+LoadModule include_module modules/mod_include.so
+LoadModule info_module modules/mod_info.so
+LoadModule log_config_module modules/mod_log_config.so
+LoadModule logio_module modules/mod_logio.so
+LoadModule mime_magic_module modules/mod_mime_magic.so
+LoadModule mime_module modules/mod_mime.so
+LoadModule negotiation_module modules/mod_negotiation.so
+LoadModule remoteip_module modules/mod_remoteip.so
+LoadModule reqtimeout_module modules/mod_reqtimeout.so
+LoadModule rewrite_module modules/mod_rewrite.so
+LoadModule setenvif_module modules/mod_setenvif.so
+LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
+LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
+LoadModule socache_dbm_module modules/mod_socache_dbm.so
+LoadModule socache_memcache_module modules/mod_socache_memcache.so
+LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
+LoadModule status_module modules/mod_status.so
+LoadModule substitute_module modules/mod_substitute.so
+LoadModule suexec_module modules/mod_suexec.so
+LoadModule unique_id_module modules/mod_unique_id.so
+LoadModule unixd_module modules/mod_unixd.so
+LoadModule userdir_module modules/mod_userdir.so
+LoadModule version_module modules/mod_version.so
+LoadModule vhost_alias_module modules/mod_vhost_alias.so
+
+LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
+
+LoadModule ssl_module modules/mod_ssl.so
+
+LoadModule systemd_module modules/mod_systemd.so
+
+LoadModule wsgi_module modules/mod_wsgi.so
+
+User apache
+Group apache
+
+ServerAdmin developer-services@mozilla.org
+
+<Directory />
+ AllowOverride none
+ Require all denied
+</Directory>
+
+ErrorLog "logs/error_log"
+
+LogLevel warn
+
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %b" common
+
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
+CustomLog "logs/access_log" combined
+
+
+TypesConfig /etc/mime.types
+AddType application/x-compress .Z
+AddType application/x-gzip .gz .tgz
+
+
+AddDefaultCharset UTF-8
+
+MIMEMagicFile conf/magic
+
+EnableSendfile on
+
+Include conf/autoland.conf
new file mode 100644
--- /dev/null
+++ b/ansible/roles/autoland/files/requirements.txt
@@ -0,0 +1,86 @@
+bugsy==0.6.0 \
+ --hash=sha256:6110163bcdd701c2c2dec66488bb078c998e9020e46253478345f40cb11237ec
+
+flask==0.10.1 \
+ --hash=sha256:4c83829ff83d408b5e1d4995472265411d2c414112298f2eb4b359d9e4563373
+
+github3.py==1.0.0a1 \
+ --hash=sha256:ba06337e59f47bbac4d39db8e84604f62b9ef04b80be07d621e1bf56f95554bb
+
+mercurial==3.9.1 \
+ --hash=sha256:625e4fc7e85ec2278c2828bdc547fce74091b3bbe4d9eeeba2d61af51195df74
+
+mozillapulse==1.2.2 \
+ --hash=sha256:750ce5a2b4bd225bd00b339e1ac533c16b187c0804695bb3d878c699ee2b3228
+
+psycopg2==2.6.1 \
+ --hash=sha256:6acf9abbbe757ef75dc2ecd9d91ba749547941abaffbe69ff2086a9e37d4904c
+
+python-hglib==1.9 \
+ --hash=sha256:f4302892b2b8287cf326586c7280b9eadfc3d0c7cd3feba957429a8d9b1a60ce
+
+requests==2.8.1 \
+ --hash=sha256:89f1b1f25dcd7b68f514e8d341a5b2eb466f960ae756822eaab480a3c1a81c28
+
+itsdangerous==0.24 \
+ --hash=sha256:cbb3fcf8d3e33df861709ecaf89d9e6629cff0a217bc2848f1b41cd30d360519
+
+Jinja2==2.8 \
+ --hash=sha256:1cc03ef32b64be19e0a5b54578dd790906a34943fe9102cfdae0d4495bd536b4
+
+Werkzeug==0.11.10 \
+ --hash=sha256:f22b9762589decfde50149c7ee080713cbf6129b49ce2b398f59b709b161a8d3
+
+MarkupSafe==0.23 \
+ --hash=sha256:a4ec1aff59b95a14b45eb2e23761a0179e98319da5a7eb76b56ea8cdc7b871c3
+
+cffi==1.8.2 \
+ --hash=sha256:6280241714bb5cbe23119f0a87abd249566e31638fee994b7419fb08f47dc418
+
+cryptography==1.5 \
+ --hash=sha256:52f47ec9a57676043f88e3ca133638790b6b71e56e8890d9d7f3ae4fcd75fa24
+
+enum34==1.1.6 \
+ --hash=sha256:6bd0f6ad48ec2aa117d3d141940d484deccda84d4fcd884f5c3d93c23ecd8c79
+
+idna==2.1 \
+ --hash=sha256:f28df695e9bede8a19b18a8e4429b4bad4d664e8e98aff27bc39b630f1ae2b42
+
+ipaddress==1.0.16 \
+ --hash=sha256:935712800ce4760701d89ad677666cd52691fd2f6f0b340c8b4239a3c17988a5
+
+pyasn1==0.1.9 \
+ --hash=sha256:28fee44217991cfad9e6a0b9f7e3f26041e21ebc96629e94e585ccd05d49fa65
+
+pycparser==2.14 \
+ --hash=sha256:7959b4a74abdc27b312fed1c21e6caf9309ce0b29ea86b591fd2e99ecdf27f73
+
+pyOpenSSL==16.1.0 \
+ --hash=sha256:13a0d85cb44b2b20117b1ff51b3bce4947972f2f5e5e705a2f9d616457f127ca
+
+setuptools==26.1.1 \
+ --hash=sha256:226c9ce65e76c6069e805982b036f36dc4b227b37dd87fc219aef721ec8604ae
+
+six==1.10.0 \
+ --hash=sha256:0ff78c403d9bccf5a425a6d31a12aa6b47f1c21ca4dc2573a7e2f32a97335eb1
+
+uritemplate==3.0.0 \
+ --hash=sha256:1b9c467a940ce9fb9f50df819e8ddd14696f89b9a8cc87ac77952ba416e0a8fd
+
+uritemplate.py==3.0.2 \
+ --hash=sha256:a0c459569e80678c473175666e0d1b3af5bc9a13f84463ec74f808f3dd12ca47
+
+amqp==1.4.9 \
+ --hash=sha256:e0ed0ce6b8ffe5690a2e856c7908dc557e0e605283d6885dd1361d79f2928908
+
+anyjson==0.3.3 \
+ --hash=sha256:37812d863c9ad3e35c0734c42e0bf0320ce8c3bed82cd20ad54cb34d158157ba
+
+kombu==3.0.35 \
+ --hash=sha256:2c59a5e087d5895675cdb4d6a38a0aa147f0411366e68330a76e480ba3b25727
+
+pytz==2016.6.1 \
+ --hash=sha256:7833bf559800232d3965b70e69642ebdadc76f7988f8d0a1440e072193ecd949
+
+ndg_httpsclient==0.4.2 \
+ --hash=sha256:580987ef194334c50389e0d7de885fccf15605c13c6eecaabd8d6c43768eb8ac
new file mode 100644
--- /dev/null
+++ b/ansible/roles/autoland/handlers/main.yml
@@ -0,0 +1,11 @@
+---
+- name: reload systemd
+ command: systemctl daemon-reload
+
+- name: restart autoland
+ service: name=autoland
+ state=restarted
+
+- name: restart apache
+ service: name=httpd
+ state=restarted
new file mode 100644
--- /dev/null
+++ b/ansible/roles/autoland/meta/main.yml
@@ -0,0 +1,2 @@
+---
+dependencies: []
new file mode 100644
--- /dev/null
+++ b/ansible/roles/autoland/tasks/main.yml
@@ -0,0 +1,114 @@
+---
+- include: repos.yml
+- include: packages.yml
+- include: ssh.yml
+
+- name: create autoland user
+ become: true
+ user: name=autoland
+ shell=/bin/bash
+ system=yes
+ state=present
+
+- name: create virtualenv for autoland
+ include: ../../../tasks/virtualenv.yml
+ venv=/home/autoland/autoland_venv
+ requirements=../files/requirements.txt
+
+- name: set up version-control-tools repo
+ become: true
+ become_user: autoland
+ hg: repo={{ vct_repo }}
+ dest=/home/autoland/version-control-tools
+ revision={{ rev }}
+ force=yes
+ purge=yes
+
+# Ansible hg module fails to delete ignored files so we do that here
+- name: delete ignored files from version-control-tools repo
+ become: true
+ become_user: autoland
+ command: hg --config extensions.purge= -R /home/autoland/version-control-tools purge --all
+
+- name: install autoland site hgrc
+ copy: src=/home/autoland/version-control-tools/autoland/hg/autoland_hgrc
+ dest=/home/autoland/.hgrc
+ owner=autoland
+ group=autoland
+ mode=0644
+ remote_src=yes
+
+- name: install config.json
+ template: src=config.json.j2
+ dest=/home/autoland/version-control-tools/autoland/autoland/config.json
+ owner=autoland
+ group=autoland
+ mode=0600
+ notify:
+ - restart autoland
+
+- name: link config.json
+ file: src=/home/autoland/version-control-tools/autoland/autoland/config.json
+ dest=/home/autoland/config.json
+ owner=autoland
+ group=autoland
+ mode=0600
+ state=link
+
+- name: install autoland service
+ copy: remote_src=yes
+ dest=/etc/systemd/system/autoland.service
+ src=/home/autoland/version-control-tools/autoland/systemd/autoland.service
+ mode=0664
+ notify:
+ - reload systemd
+
+- name: enable autoland service
+ service: name=autoland
+ state=started
+ enabled=yes
+
+- name: setup main conf file
+ copy: src=httpd.conf
+ dest=/etc/httpd/conf/httpd.conf
+ notify:
+ - restart apache
+
+- name: remove conf.d
+ file: path=/etc/httpd/conf.d/
+ state=absent
+
+- name: install autoland site
+ copy: src=/home/autoland/version-control-tools/autoland/apache/autoland.conf
+ dest=/etc/httpd/conf/autoland.conf
+ remote_src=yes
+ notify:
+ - restart apache
+
+- name: copy tls certs
+ copy: dest=/etc/pki/tls/certs/autoland.allizom.org.crt
+ src=/opt/secrets/autoland/ssl/{{ inventory_hostname }}.crt
+ remote_src=yes
+ notify:
+ - restart apache
+
+- name: copy tls key
+ copy: dest=/etc/pki/tls/private/autoland.allizom.org.key
+ src=/opt/secrets/autoland/ssl/{{ inventory_hostname }}.key
+ mode=600
+ remote_src=yes
+ notify:
+ - restart apache
+
+- name: copy tls CA chain file
+ copy: dest=/etc/pki/tls/certs/DigiCertCA.crt
+ src=/opt/secrets/autoland/ssl/DigiCertCA.crt
+ remote_src=yes
+ notify:
+ - restart apache
+
+- name: start apache
+ service: name=httpd
+ state=started
+ enabled=yes
+
new file mode 100644
--- /dev/null
+++ b/ansible/roles/autoland/tasks/packages.yml
@@ -0,0 +1,28 @@
+---
+- name: install packages required by autoland
+ yum: name={{ item }} state=present update_cache=yes
+ with_items:
+ - gcc
+ - openssh-clients
+ - postgresql
+ - python-devel
+ - python-pip
+ - libffi
+ - libffi-devel
+ - libpqxx-devel
+ - openssl-devel
+ - httpd
+ - mod_wsgi
+ - mod_ssl
+ - ca-certificates
+
+- name: download Mozilla rpms
+ get_url: url=https://s3-us-west-2.amazonaws.com/moz-packages/CentOS7/{{ item.path }}
+ dest=/var/tmp/{{ item.path }}
+ sha256sum={{ item.sha256 }}
+ with_items:
+ - { path: mercurial-3.9.1-1.x86_64.rpm, sha256: 67543d6b8d855c7d4acf5adebf5ecda976a57edcf2c985410cf07fdba76e1aac }
+
+- name: install Mozilla rpms
+ command: yum localinstall -y /var/tmp/mercurial-3.9.1-1.x86_64.rpm
+
new file mode 100644
--- /dev/null
+++ b/ansible/roles/autoland/tasks/repos.yml
@@ -0,0 +1,27 @@
+---
+# In order for this to be idempotent we must determine if /repos is mounted
+- name: determine if mounted
+ command: mountpoint -q /repos
+ register: mount_stat
+ failed_when: False
+ changed_when: False
+
+# - debug: var=mount_stat
+
+- name: format drive
+ command: mkfs.ext4 /dev/xvdb
+ when: mount_stat.rc != 0
+
+- name: create mount point
+ file: path=/repos
+ state=directory
+ when: mount_stat.rc != 0
+
+- name: mount drive
+ mount: name=/repos src=/dev/xvdb fstype=ext4 state=mounted
+ when: mount_stat.rc != 0
+
+- name: set ownership of repos
+ file: path=/repos
+ mode=0755
+
new file mode 100644
--- /dev/null
+++ b/ansible/roles/autoland/tasks/ssh.yml
@@ -0,0 +1,33 @@
+---
+
+- name: setup ssh dir
+ file: path=/home/autoland/.ssh
+ state=directory
+ owner=autoland
+ group=autoland
+ mode=0700
+
+- name: setup autoland ssh config
+ template: src=ssh_config.j2
+ dest=/home/autoland/.ssh/config
+ owner=autoland
+ group=autoland
+ mode=0644
+
+- name: install autoland private ssh keys
+ copy: src=/opt/secrets/autoland/ssh/{{ secrets.ssh_key_name }}
+ dest=/home/autoland/.ssh/
+ owner=autoland
+ group=autoland
+ mode=0600
+ remote_src=yes
+
+- name: install autoland public ssh keys
+ copy: src=/opt/secrets/autoland/ssh/{{ secrets.ssh_key_name }}.pub
+ dest=/home/autoland/.ssh/
+ owner=autoland
+ group=autoland
+ mode=0644
+ remote_src=yes
+
+# TODO: manage known host file
new file mode 100644
--- /dev/null
+++ b/ansible/roles/autoland/templates/config.json.j2
@@ -0,0 +1,11 @@
+{
+ "auth": {
+ "mozreview": "{{ secrets.mozreview_token }}"
+ },
+ "bugzilla": {
+ "user": "{{ secrets.bugzilla_user }}",
+ "passwd": "{{ secrets.bugzilla_password }}"
+ },
+ "database": "dbname={{ secrets.db_name }} user={{ secrets.db_user }} password={{ secrets.db_password }} host={{ secrets.db_host }}",
+ "repos" : {{ repos | to_json }}
+}
new file mode 100644
--- /dev/null
+++ b/ansible/roles/autoland/templates/ssh_config.j2
@@ -0,0 +1,6 @@
+Host hg.mozilla.org
+ User {{ secrets.ldap_user }}
+ IdentityFile ~/.ssh/{{ secrets.ssh_key_name }}
+Host reviewboard-hg.mozilla.org
+ User {{ secrets.ldap_user }}
+ IdentityFile ~/.ssh/{{ secrets.ssh_key_name }}
new file mode 100644
--- /dev/null
+++ b/ansible/roles/common/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+custom_packages: []
new file mode 100644
--- /dev/null
+++ b/ansible/roles/common/meta/main.yml
@@ -0,0 +1,2 @@
+---
+dependencies: []
new file mode 100644
--- /dev/null
+++ b/ansible/roles/common/tasks/custom_packages.yml
@@ -0,0 +1,17 @@
+---
+ - name: Create tmp directory for packages
+ file: path=/var/tmp/custom_packages/
+ mode=0755
+ state=directory
+
+ - name: Download custom packages from s3
+ get_url: url=https://s3-us-west-2.amazonaws.com/moz-mozreview/repos/yum/centos7/x86_64/{{ item.name }}
+ dest=/var/tmp/custom_packages/{{ item.name }}
+ checksum={{ item.sha256sum }}
+ with_items: "{{ custom_packages }}"
+
+ - name: Install custom packages
+ yum: name=/var/tmp/custom_packages/{{ item.name }}
+ state=present
+ with_items: "{{ custom_packages }}"
+
new file mode 100644
--- /dev/null
+++ b/ansible/roles/common/tasks/main.yml
@@ -0,0 +1,6 @@
+---
+- include: yum_epel_update.yml
+- include: custom_packages.yml
+
+- name: set hostname
+ hostname: name={{ inventory_hostname }}
new file mode 100644
--- /dev/null
+++ b/ansible/roles/common/tasks/yum_epel_update.yml
@@ -0,0 +1,8 @@
+---
+
+- name: Install epel-release
+ yum: name=epel-release state=latest
+
+- name: Update all packages
+ yum: name=* state=latest
+
new file mode 100644
--- /dev/null
+++ b/ansible/roles/nrpe/files/nrpe.cfg
@@ -0,0 +1,22 @@
+log_facility=daemon
+
+pid_file=/var/run/nrpe/nrpe.pid
+
+server_port=5666
+
+nrpe_user=nrpe
+nrpe_group=nrpe
+
+allowed_hosts=127.0.0.1
+
+dont_blame_nrpe=0
+
+allow_bash_command_substitution=0
+
+debug=0
+
+command_timeout=60
+
+connection_timeout=300
+
+include_dir=/etc/nrpe.d/
new file mode 100644
--- /dev/null
+++ b/ansible/roles/nrpe/files/nrpe_commands.cfg
@@ -0,0 +1,7 @@
+# nrpe_commands.cfg
+
+command[check_users]=/usr/lib64/nagios/plugins/check_users -w $ARG1$ -c $ARG2$
+command[check_load]=/usr/lib64/nagios/plugins/check_load -w $ARG1$ -c $ARG2$
+command[check_disk]=/usr/lib64/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
+command[check_procs]=/usr/lib64/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
+
new file mode 100644
--- /dev/null
+++ b/ansible/roles/nrpe/files/plugins/README.md
@@ -0,0 +1,1 @@
+Place all plugins to be synced here
new file mode 100644
--- /dev/null
+++ b/ansible/roles/nrpe/handlers/main.yml
@@ -0,0 +1,4 @@
+---
+
+- name: restart nagios-nrpe-server
+ service: name=nrpe state=restarted
new file mode 100644
--- /dev/null
+++ b/ansible/roles/nrpe/meta/main.yml
@@ -0,0 +1,2 @@
+---
+dependencies: []
new file mode 100644
--- /dev/null
+++ b/ansible/roles/nrpe/tasks/main.yml
@@ -0,0 +1,35 @@
+---
+
+- include: packages.yml
+
+# Copy all plugins
+- name: copy plugins
+ copy: src={{ item }}
+ dest=/usr/lib64/nagios/plugins/
+ owner=root
+ group=root
+ mode=0755
+ with_fileglob:
+ - plugins/*
+
+# Setup base nrpe config
+- name: copy nrpe.cfg
+ copy: src=nrpe.cfg
+ dest=/etc/nagios/nrpe.cfg
+ owner=root
+ group=root
+ mode=0644
+ notify: restart nagios-nrpe-server
+
+- name: copy nrpe_commands.cfg
+ copy: src=nrpe_commands.cfg
+ dest=/etc/nrpe.d/nrpe_commands.cfg
+ owner=root
+ group=root
+ mode=0644
+ notify: restart nagios-nrpe-server
+
+- name: enable nrpe service
+ service: name=nrpe
+ state=started
+ enabled=yes
new file mode 100644
--- /dev/null
+++ b/ansible/roles/nrpe/tasks/packages.yml
@@ -0,0 +1,9 @@
+- name: install nrpe
+ become: true
+ yum: name=nrpe
+ state=present
+
+- name: install nagios-plugins-all
+ yum: name=nagios-plugins-all
+ state=present
+ notify: restart nagios-nrpe-server
new file mode 100644
--- /dev/null
+++ b/ansible/roles/seed_secrets/defaults/main.yml
@@ -0,0 +1,7 @@
+---
+
+# This can be overridden on the command line depending on where your
+# secrets repo is located
+# eg. "-e secrets_repo_path='../../secrets/'"
+secrets_repo_path: "../../secrets/"
+
new file mode 100644
--- /dev/null
+++ b/ansible/roles/seed_secrets/meta/main.yml
@@ -0,0 +1,2 @@
+---
+dependencies: []
new file mode 100644
--- /dev/null
+++ b/ansible/roles/seed_secrets/tasks/main.yml
@@ -0,0 +1,22 @@
+---
+- name: create secrets dir
+ file: path=/opt/secrets/
+ state=directory
+ owner=root
+ group=root
+ mode=0700
+
+- name: seed secrets dir
+ copy: src={{ secrets_repo_path }}/ansible-vault/{{ inventory_hostname }}/{{ item }}
+ dest=/opt/secrets
+ force=yes
+ with_items: "{{ products }}"
+
+- name: set user and group
+ file: path=/opt/secrets/{{ item }}
+ owner=root
+ group=root
+ recurse=yes
+ mode="g-rwx,o-rwx"
+ state=directory
+ with_items: "{{ products }}"