From 01676bfdf1bdd1ac926da29702415d2d643acee2 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Sat, 11 May 2024 09:23:04 -0700 Subject: [PATCH] db-fas02.stg: create stg rhel9 host to migrate to Signed-off-by: Kevin Fenzi --- .../db-fas02.stg.iad2.fedoraproject.org | 40 +++++++++++++++++++ inventory/inventory | 2 + playbooks/groups/postgresql-server.yml | 4 +- 3 files changed, 44 insertions(+), 2 deletions(-) create mode 100644 inventory/host_vars/db-fas02.stg.iad2.fedoraproject.org diff --git a/inventory/host_vars/db-fas02.stg.iad2.fedoraproject.org b/inventory/host_vars/db-fas02.stg.iad2.fedoraproject.org new file mode 100644 index 0000000000..c2d43fc52a --- /dev/null +++ b/inventory/host_vars/db-fas02.stg.iad2.fedoraproject.org @@ -0,0 +1,40 @@ +--- +# +# Only allow postgresql access from the frontend node and ipsilon01.stg and +# fas3-01.stg and openshift +# +custom_rules: + # - '-A INPUT -p tcp -m tcp -s 10.5.128.129 --dport 5432 -j ACCEPT' + # - '-A INPUT -p tcp -m tcp -s 10.5.128.137 --dport 5432 -j ACCEPT' + # - '-A INPUT -p tcp -m tcp -s 10.5.128.82 --dport 5432 -j ACCEPT' + # - '-A INPUT -p tcp -m tcp -s 10.5.128.104 --dport 5432 -j ACCEPT' + # - '-A INPUT -p tcp -m tcp -s 10.5.128.105 --dport 5432 -j ACCEPT' + # - '-A INPUT -p tcp -m tcp -s 10.5.128.106 --dport 5432 -j ACCEPT' + # - '-A INPUT -p tcp -m tcp -s 10.5.128.107 --dport 5432 -j ACCEPT' + # TODO: lock it down more + - '-A INPUT -p tcp -m tcp -s 10.3.166.0/24 --dport 5432 -j ACCEPT' +# This is a generic list, monitored by collectd +databases: + - fas2 +datacenter: iad2 +db_backup_dir: ['/backups'] +# This is a more strict list, to be made publicly available +dbs_to_backup: + - fas2 +effective_cache_size: "3GB" +eth0_ipv4_gw: 10.3.166.254 +eth0_ipv4_ip: 10.3.166.76 +ks_repo: http://10.3.163.35/repo/rhel/RHEL9-x86_64/ +ks_url: http://10.3.163.35/repo/rhel/ks/kvm-rhel +# These are normally group variables, but in this case db servers are often different +lvm_size: 30000 +mem_size: 4096 +nrpe_procs_crit: 500 +# +# Large updates pushes cause lots of db threads doing the tag moves, so up this from default. +# +nrpe_procs_warn: 400 +num_cpus: 2 +shared_buffers: "1GB" +vmhost: vmhost-x86-01.stg.iad2.fedoraproject.org +volgroup: /dev/vg_guests diff --git a/inventory/inventory b/inventory/inventory index bb01d643d8..92b173c1e2 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -171,6 +171,7 @@ db-openqa01.iad2.fedoraproject.org [dbserver_stg] db-fas01.stg.iad2.fedoraproject.org +db-fas02.stg.iad2.fedoraproject.org db01.stg.iad2.fedoraproject.org db03.stg.iad2.fedoraproject.org db04.stg.iad2.fedoraproject.org @@ -632,6 +633,7 @@ copr-pulp-dev.aws.fedoraproject.org db-datanommer01.stg.iad2.fedoraproject.org db-datanommer02.stg.iad2.fedoraproject.org db-fas01.stg.iad2.fedoraproject.org +db-fas02.stg.iad2.fedoraproject.org db-koji01.stg.iad2.fedoraproject.org db01.stg.iad2.fedoraproject.org db03.stg.iad2.fedoraproject.org diff --git a/playbooks/groups/postgresql-server.yml b/playbooks/groups/postgresql-server.yml index 1716ed7302..439cc92501 100644 --- a/playbooks/groups/postgresql-server.yml +++ b/playbooks/groups/postgresql-server.yml @@ -4,12 +4,12 @@ - import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" vars: - myhosts: "db-fas01.stg.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org:db-koji01.stg.iad2.fedoraproject.org:db-fas01.iad2.fedoraproject.org:db01.iad2.fedoraproject.org:db-datanommer01.iad2.fedoraproject.org:db-koji01.iad2.fedoraproject.org:db-openqa01.iad2.fedoraproject.org:db-datanommer01.stg.iad2.fedoraproject.org:db-datanommer02.iad2.fedoraproject.org:db02.iad2.fedoraproject.org:db-fas02.iad2.fedoraproject.org:db-datanommer02.stg.iad2.fedoraproject.org" + myhosts: "db-fas01.stg.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org:db-koji01.stg.iad2.fedoraproject.org:db-fas01.iad2.fedoraproject.org:db01.iad2.fedoraproject.org:db-datanommer01.iad2.fedoraproject.org:db-koji01.iad2.fedoraproject.org:db-openqa01.iad2.fedoraproject.org:db-datanommer01.stg.iad2.fedoraproject.org:db-datanommer02.iad2.fedoraproject.org:db02.iad2.fedoraproject.org:db-fas02.iad2.fedoraproject.org:db-datanommer02.stg.iad2.fedoraproject.org:db-fas02.stg.iad2.fedoraproject.org" # Once the instance exists, configure it. - name: configure postgresql server system - hosts: db-fas01.stg.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org:db-koji01.stg.iad2.fedoraproject.org:db-fas01.iad2.fedoraproject.org:db01.iad2.fedoraproject.org:db-datanommer01.iad2.fedoraproject.org:db-koji01.iad2.fedoraproject.org:db-openqa01.iad2.fedoraproject.org:db-datanommer01.stg.iad2.fedoraproject.org:db-datanommer02.iad2.fedoraproject.org:db02.iad2.fedoraproject.org:db-fas02.iad2.fedoraproject.org:db-datanommer02.stg.iad2.fedoraproject.org + hosts: db-fas01.stg.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org:db-koji01.stg.iad2.fedoraproject.org:db-fas01.iad2.fedoraproject.org:db01.iad2.fedoraproject.org:db-datanommer01.iad2.fedoraproject.org:db-koji01.iad2.fedoraproject.org:db-openqa01.iad2.fedoraproject.org:db-datanommer01.stg.iad2.fedoraproject.org:db-datanommer02.iad2.fedoraproject.org:db02.iad2.fedoraproject.org:db-fas02.iad2.fedoraproject.org:db-datanommer02.stg.iad2.fedoraproject.org:db-fas02.stg.iad2.fedoraproject.org user: root gather_facts: True