os.fedoraproject.org / app.os.fedoraproject.org: remove more old openshift 3.11 cluster stuff

It may be that having this on some of the proxies is causing problems because it's trying to ping the old openshift 3.11 cluster and filling up apache slots with it. We do not need this stuff anymore, so remove it. Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2022-12-16 10:15:27 -08:00 · 2022-12-16 10:15:27 -08:00 · 5ca2b2eb36
commit 5ca2b2eb36
parent edf56b5611
10 changed files with 4 additions and 78 deletions
--- a/inventory/group_vars/all
+++ b/inventory/group_vars/all
@ -204,11 +204,6 @@ ocp_wildcard_key_file: wildcard-2022.apps.ocp.fedoraproject.org.key
 # Path to the openshift-ansible checkout as external git repo brought into
 # Fedora Infra
 openshift_ansible: /srv/web/infra/openshift-ansible/
 # This is the openshift wildcard cert. Until it exists set it equal to wildcard
 os_wildcard_cert_name: wildcard-2022.app.os.fedoraproject.org
 os_wildcard_crt_file: wildcard-2022.app.os.fedoraproject.org.cert
 os_wildcard_int_file: wildcard-2022.app.os.fedoraproject.org.intermediate.cert
 os_wildcard_key_file: wildcard-2022.app.os.fedoraproject.org.key
 postfix_group: "none"
 # This is a list of services that need to wait for VPN to be up before getting started.
 postvpnservices: []
--- a/inventory/group_vars/checkcompose_stg
+++ b/inventory/group_vars/checkcompose_stg
@ -1,5 +1,5 @@
 checkcompose_env: staging
 checkcompose_env_suffix: .stg
-checkcompose_greenwaveurl: https://greenwave-web-greenwave.app.os.stg.fedoraproject.org
+checkcompose_greenwaveurl: https://greenwave-web-greenwave.apps.ocp.stg.fedoraproject.org
 checkcompose_prod: false
 checkcompose_url: "https://{{ external_hostname }}"
--- a/inventory/group_vars/os_control
+++ b/inventory/group_vars/os_control
@ -1,7 +1,4 @@
 ---
 os_app_url: app.os.fedoraproject.org
 os_url: os.fedoraproject.org
 # Set the Bodhi variables
 bodhi_version: "6.0.1"
 bodhi_openshift_pods: 1
--- a/inventory/group_vars/os_control_stg
+++ b/inventory/group_vars/os_control_stg
@ -1,7 +1,4 @@
 ---
 os_app_url: app.os.stg.fedoraproject.org
 os_url: os.stg.fedoraproject.org
 # Set the Bodhi variables
 bodhi_version: "6.0.1"
 bodhi_openshift_pods: 1
--- a/inventory/group_vars/staging
+++ b/inventory/group_vars/staging
@ -45,11 +45,6 @@ ocp_wildcard_cert_file: wildcard-2022.apps.ocp.stg.fedoraproject.org.cert
 ocp_wildcard_cert_name: wildcard-2022.apps.ocp.stg.fedoraproject.org
 ocp_wildcard_int_file: wildcard-2022.apps.ocp.stg.fedoraproject.org.intermediate.cert
 ocp_wildcard_key_file: wildcard-2022.apps.ocp.stg.fedoraproject.org.key
 os_wildcard_cert_file: wildcard-2022.app.os.stg.fedoraproject.org.cert
 # This is the openshift wildcard cert for stg
 os_wildcard_cert_name: wildcard-2022.app.os.stg.fedoraproject.org
 os_wildcard_int_file: wildcard-2022.app.os.stg.fedoraproject.org.intermediate.cert
 os_wildcard_key_file: wildcard-2022.app.os.stg.fedoraproject.org.key
 # RIP, FAS
 primary_auth_source: ipa
 SSLCertificateChainFile: wildcard-2022.stg.fedoraproject.org.intermediate.cert
--- a/playbooks/check-for-updates.yml
+++ b/playbooks/check-for-updates.yml
@ -9,7 +9,7 @@
 #
 - name: check for updates
-  hosts: distro_RedHat:distro_CentOS:!*.app.os.fedoraproject.org:!*.app.os.stg.fedoraproject.org
+  hosts: distro_RedHat:distro_CentOS:!ocp*:!worker*
  gather_facts: false
  tasks:
@ -22,7 +22,7 @@
    when: yumoutput.results|length > 0
 - name: check for updates
-  hosts: distro_Fedora:!*.app.os.fedoraproject.org:!*.app.os.stg.fedoraproject.org
+  hosts: distro_Fedora:!ocp*:!worker*
  gather_facts: false
  tasks:
--- a/playbooks/include/proxies-certificates.yml
+++ b/playbooks/include/proxies-certificates.yml
@ -37,13 +37,6 @@
    SSLCertificateChainFile: wildcard-2022.stg.fedoraproject.org.intermediate.cert
    when: env == "staging"
  - role: httpd/certificate
    certname: wildcard-2022.app.os.stg.fedoraproject.org
    SSLCertificateChainFile: wildcard-2022.app.os.stg.fedoraproject.org.intermediate.cert
    when: env == "staging"
    tags:
    - app.os.stg.fedoraproject.org
  - role: httpd/certificate
    certname: wildcard-2022.apps.ocp.stg.fedoraproject.org
    SSLCertificateChainFile: wildcard-2022.apps.ocp.stg.fedoraproject.org.intermediate.cert
@ -51,12 +44,6 @@
    tags:
    - apps.ocp.stg.fedoraproject.org
  - role: httpd/certificate
    certname: wildcard-2022.app.os.fedoraproject.org
    SSLCertificateChainFile: wildcard-2022.app.os.fedoraproject.org.intermediate.cert
    tags:
    - app.os.fedoraproject.org
  - role: httpd/certificate
    certname: wildcard-2022.apps.ocp.fedoraproject.org
    SSLCertificateChainFile: wildcard-2022.apps.ocp.fedoraproject.org.intermediate.cert
--- a/playbooks/include/proxies-websites.yml
+++ b/playbooks/include/proxies-websites.yml
@ -658,50 +658,6 @@
    tags:
    - zezere
  - role: httpd/website
    site_name: os.fedoraproject.org
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"
    # The Connection and Upgrade headers don't work for h2
    # So non-h2 is needed to fix websockets.
    use_h2: false
    tags:
    - os.fedoraproject.org
  - role: httpd/website
    site_name: app.os.fedoraproject.org
    server_aliases: ["*.app.os.fedoraproject.org"]
    sslonly: true
    cert_name: "{{os_wildcard_cert_name}}"
    SSLCertificateChainFile: "{{os_wildcard_int_file}}"
    # The Connection and Upgrade headers don't work for h2
    # So non-h2 is needed to fix websockets.
    use_h2: false
    tags:
    - app.os.fedoraproject.org
  - role: httpd/website
    site_name: os.stg.fedoraproject.org
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"
    # The Connection and Upgrade headers don't work for h2
    # So non-h2 is needed to fix websockets.
    use_h2: false
    tags:
    - os.stg.fedoraproject.org
  - role: httpd/website
    site_name: app.os.stg.fedoraproject.org
    server_aliases: ["*.app.os.stg.fedoraproject.org"]
    sslonly: true
    cert_name: "{{os_wildcard_cert_name}}"
    SSLCertificateChainFile: "{{os_wildcard_int_file}}"
    # The Connection and Upgrade headers don't work for h2
    # So non-h2 is needed to fix websockets.
    use_h2: false
    tags:
    - app.os.stg.fedoraproject.org
  - role: httpd/website
    site_name: ocp.stg.fedoraproject.org
    sslonly: true
--- a/playbooks/openshift-apps/noggin-centos.yml
+++ b/playbooks/openshift-apps/noggin-centos.yml
@ -86,7 +86,6 @@
    app: noggin-centos
    routename: noggin
    host: "accounts{{ env_suffix }}.centos.org"
    # host: "aco.app.os{{ env_suffix }}.fedoraproject.org"
    serviceport: web
    servicename: noggin-web
    annotations:
--- a/playbooks/openshift-apps/test-auth.yml
+++ b/playbooks/openshift-apps/test-auth.yml
@ -50,7 +50,7 @@
    - role: openshift/route
      app: test-auth
      routename: test-auth
-      host: "test-auth.app.os{{ env_suffix }}.fedoraproject.org"
+      host: "test-auth.apps.ocp{{ env_suffix }}.fedoraproject.org"
      serviceport: web
      servicename: test-auth
      annotations: