ansible-role-nginx/openshift/openshift_ec2/roles/nodes/tasks/main.yml

---
# Tasks for the openshift nodes

- name: Install the mcollective packages
  yum: name=openshift-origin-msg-node-mcollective state=installed

- name: Copy the mcollective configuration file
  template: src=server.cfg.j2 dest=/etc/mcollective/server.cfg
  notify: restart mcollective

- name: start the mcollective service
  service: name=mcollective state=started enabled=yes

- name: Install OpenShift node packages
  yum: name="{{ item }}" state=installed
  with_items:
      - rubygem-openshift-origin-node 
      - rubygem-openshift-origin-container-selinux.noarch
      - rubygem-passenger-native 
      - rubygem-openshift-origin-msg-broker-mcollective
      - openshift-origin-port-proxy 
      - openshift-origin-node-util
      - openshift-origin-cartridge-cron
      - openshift-origin-cartridge-python
      - ruby193-rubygem-rest-client
      - httpd
      - lsof
      - dbus

- name: Copy the ssh authorized key for root
  authorized_key: user=root key="{{ lookup('file', '~/.ssh/id_rsa.pub') }}"

- name: Copy the pam.d ssh file
  copy: src=sshd dest=/etc/pam.d/sshd
  register: last_run

- name: Copy the cgconfig file
  copy: src=cgconfig.conf dest=/etc/cgconfig.conf

- name: Execute script for pam update
  script: pam.sh
  when: last_run.changed

- name: Create directory for cgroups
  file: path=/cgroup state=directory

- name: restart cgroups
  service: name="{{ item }}" state=restarted enabled=yes
  with_items:
      - cgconfig
      - cgred
      - httpd
      - messagebus
      - oddjobd
  when: last_run.changed 

- name: Find root mount point of gear dir
  shell: df -P /var/lib/openshift | tail -1 | awk '{ print $6 }'
  register: gear_root_mount

- name: Initialize quota db
  shell: oo-init-quota creates="{{ gear_root_mount.stdout }}/aquota.user"

- name: SELinux - configure sebooleans
  seboolean:  name="{{ item }}" state=true persistent=yes
  with_items:
      - httpd_unified
      - httpd_can_network_connect
      - httpd_can_network_relay
      - httpd_run_stickshift
      - httpd_read_user_content
      - httpd_enable_homedirs
      - allow_polyinstantiation

- name: set the sysctl settings
  sysctl: name=kernel.sem value="250 32000 32 4096" state=present reload=yes

- name: set the sysctl settings
  sysctl: name=net.ipv4.ip_local_port_range value="15000 35530" state=present reload=yes

- name: set the sysctl settings
  sysctl: name=net.netfilter.nf_conntrack_max value="1048576" state=present reload=yes

- name: Copy sshd config 
  copy: src=sshd_config dest=/etc/ssh/sshd_config
  notify: restart ssh

- name: start the port proxy service
  service: name=openshift-port-proxy state=started enabled=yes

- name: Copy the node.conf file
  template: src=node.conf.j2 dest=/etc/openshift/node.conf

- name: Copy the se linux fix file
  copy: src=cgrulesengd.pp dest=/opt/cgrulesengd.pp
  register: se_run

- name: allow se linux policy
  shell: chdir=/opt semodule -i cgrulesengd.pp
  when: se_run.changed  

- name: Start the openshift gears
  service: name=openshift-gears state=started enabled=yes

- name: copy the resolv.conf file
  template: src=resolv.conf.j2 dest=/etc/resolv.conf