Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Add happinesspackets-stg. Add fedmsg/base to both to get fedmsg certs. Adjust proxies firewall to allow sending.

Browse source
This commit is contained in:
Kevin Fenzi 2018-07-03 17:48:23 +00:00
parent c6e8ea70cc
commit 53b5f35591
5 changed files with 49 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

1
inventory/cloud
View file

@ -48,6 +48,7 @@ fedimg-dev.fedorainfracloud.org
fedora-bootstrap.fedorainfracloud.org fedora-bootstrap.fedorainfracloud.org
glittergallery-dev.fedorainfracloud.org glittergallery-dev.fedorainfracloud.org
happinesspackets.fedorainfracloud.org happinesspackets.fedorainfracloud.org
happinesspackets-stg.fedorainfracloud.org
iddev.fedorainfracloud.org iddev.fedorainfracloud.org
java-deptools.fedorainfracloud.org java-deptools.fedorainfracloud.org
simple-koji-ci-dev.fedorainfracloud.org simple-koji-ci-dev.fedorainfracloud.org

10
inventory/group_vars/proxies
View file

@ -47,19 +47,15 @@ custom_rules: [
# Allow copr-be.cloud to talk to the inbound fedmsg relay. # Allow copr-be.cloud to talk to the inbound fedmsg relay.
'-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.184.48 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.184.48 -j ACCEPT',
# Also, ppc-hub.qa.fedoraproject.org (secondary arch koji)
'-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.181.21 -j ACCEPT', # Allow happinesspackets.fedorainfracloud.org to talk to inbound fedmsg relay.
# Also, arm-koji01.qa.fedoraproject.org (secondary arch) '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.184.58 -j ACCEPT',
'-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.124.138 -j ACCEPT',
# Allow retrace/faf to talk to the inbound fedmsg relay. # Allow retrace/faf to talk to the inbound fedmsg relay.
# retrace01.qa.fedoraproject.org # retrace01.qa.fedoraproject.org
'-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.124.171 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.124.171 -j ACCEPT',
# retrace02.qa.fedoraproject.org # retrace02.qa.fedoraproject.org
'-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.124.172 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.124.172 -j ACCEPT',
# Also, s390-hub01.s390.fedoraproject.org (secondary arch)
'-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.129.180 -j ACCEPT',
# Allow resultsdb talk to the inbound fedmsg relay. # Allow resultsdb talk to the inbound fedmsg relay.
'-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.124.207 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.124.207 -j ACCEPT',
# Allow openqa01 to talk to the inbound fedmsg relay. # Allow openqa01 to talk to the inbound fedmsg relay.

9
inventory/group_vars/proxies-stg
View file

@ -46,12 +46,6 @@ custom_rules: [
# Allow copr-be.cloud to talk to the inbound fedmsg relay. # Allow copr-be.cloud to talk to the inbound fedmsg relay.
'-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.184.131 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.184.131 -j ACCEPT',
# Also, ppc-hub.qa.fedoraproject.org (secondary arch koji)
'-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.181.21 -j ACCEPT',
# Also, s390-hub01.qa.fedoraproject.org (secondary arch)
'-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.181.18 -j ACCEPT',
# Also, arm-hub01.qa.fedoraproject.org (secondary arch)
'-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.181.31 -j ACCEPT',
# Allow stg.fedoramagazine.org running at vultr.com to talk inbound fedmsg # Allow stg.fedoramagazine.org running at vultr.com to talk inbound fedmsg
# Contact cydrobolt about the status of this. It hasn't hit prod status # Contact cydrobolt about the status of this. It hasn't hit prod status
@ -69,6 +63,9 @@ custom_rules: [
# Allow openqa to talk to the inbound fedmsg relay. # Allow openqa to talk to the inbound fedmsg relay.
'-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.131.72 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.131.72 -j ACCEPT',
# Allow happinesspackets-stg.fedorainfracloud.org to talk to the inbound fedmsg relay
'-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.181.123 -j ACCEPT',
] ]
fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-web,sysadmin-veteran fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-web,sysadmin-veteran

41
playbooks/hosts/happinesspackets-stg.fedorainfracloud.org.yml Normal file
View file

@ -0,0 +1,41 @@
- name: check/create instance
hosts: happinesspackets-stg.fedorainfracloud.org
gather_facts: False
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- /srv/private/ansible/vars.yml
- /srv/web/infra/ansible/vars/fedora-cloud.yml
- /srv/private/ansible/files/openstack/passwords.yml
tasks:
- import_tasks: "{{ tasks_path }}/persistent_cloud.yml"
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"
- name: setup all the things
hosts: happinesspackets-stg.fedorainfracloud.org
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- /srv/private/ansible/vars.yml
- /srv/private/ansible/files/openstack/passwords.yml
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
pre_tasks:
- import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml"
- name: set hostname (required by some services, at least postfix need it)
hostname: name="{{inventory_hostname}}"
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
roles:
- basessh
- fedmsg/base
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"

1
playbooks/hosts/happinesspackets.fedorainfracloud.org.yml
View file

@ -34,6 +34,7 @@
roles: roles:
- basessh - basessh
- fedmsg/base
handlers: handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml" - import_tasks: "{{ handlers_path }}/restart_services.yml"