From 6e30ad8c764b3eb7dc5019d365e62ca85d1353af Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Mon, 15 Jul 2019 20:46:15 +0000 Subject: [PATCH] pagure-proxy: drop pagure-proxy as it's not needed anymore. Signed-off-by: Kevin Fenzi --- inventory/group_vars/pagure_proxy | 23 -------- .../pagure-proxy01.fedoraproject.org | 55 ------------------- inventory/inventory | 3 - master.yml | 1 - playbooks/groups/pagure-proxy.yml | 33 ----------- 5 files changed, 115 deletions(-) delete mode 100644 inventory/group_vars/pagure_proxy delete mode 100644 inventory/host_vars/pagure-proxy01.fedoraproject.org delete mode 100644 playbooks/groups/pagure-proxy.yml diff --git a/inventory/group_vars/pagure_proxy b/inventory/group_vars/pagure_proxy deleted file mode 100644 index 0f28d4c963..0000000000 --- a/inventory/group_vars/pagure_proxy +++ /dev/null @@ -1,23 +0,0 @@ ---- -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file - -tcp_ports: [ 22, 25, 80, 443, 9418, - # Used for the eventsource - 8088, - # This is for the pagure public fedmsg relay - 9940] - -fas_client_groups: sysadmin-noc - -freezes: true -postfix_group: vpn.pagure - -# For the MOTD -csi_security_category: Low -csi_primary_contact: Fedora admins - admin@fedoraproject.org -csi_purpose: Proxy specific ports to OSUOSL for preventing slow peering -csi_relationship: | - This box proxies traffic over to pagure01.fedoraproject.org - - (This is done because OSUOSL has terribly slow peering to EU) diff --git a/inventory/host_vars/pagure-proxy01.fedoraproject.org b/inventory/host_vars/pagure-proxy01.fedoraproject.org deleted file mode 100644 index 37e7f3040b..0000000000 --- a/inventory/host_vars/pagure-proxy01.fedoraproject.org +++ /dev/null @@ -1,55 +0,0 @@ ---- -nm: 255.255.255.128 -gw: 152.19.134.129 -dns: 8.8.8.8 - -custom_rules: ['-A FORWARD -j ACCEPT'] - -nat_rules: [ - # SSH - '-A PREROUTING --dst 152.19.134.147 -p tcp --dport 22 -j DNAT --to-destination 8.43.85.75:22', - '-A POSTROUTING -p tcp --dst 8.43.85.75 --dport 22 -j SNAT --to-source 152.19.134.147', - '-A OUTPUT --dst 152.19.134.147 -p tcp --dport 22 -j DNAT --to-destination 8.43.85.75:22', - # SMTP - '-A PREROUTING --dst 152.19.134.147 -p tcp --dport 25 -j DNAT --to-destination 8.43.85.75:25', - '-A POSTROUTING -p tcp --dst 8.43.85.75 --dport 25 -j SNAT --to-source 152.19.134.147', - '-A OUTPUT --dst 152.19.134.147 -p tcp --dport 25 -j DNAT --to-destination 8.43.85.75:25', - # web-80 - '-A PREROUTING --dst 152.19.134.147 -p tcp --dport 80 -j DNAT --to-destination 8.43.85.75:80', - '-A POSTROUTING -p tcp --dst 8.43.85.75 --dport 80 -j SNAT --to-source 152.19.134.147', - '-A OUTPUT --dst 152.19.134.147 -p tcp --dport 80 -j DNAT --to-destination 8.43.85.75:80', - # web-443 - '-A PREROUTING --dst 152.19.134.147 -p tcp --dport 443 -j DNAT --to-destination 8.43.85.75:443', - '-A POSTROUTING -p tcp --dst 8.43.85.75 --dport 443 -j SNAT --to-source 152.19.134.147', - '-A OUTPUT --dst 152.19.134.147 -p tcp --dport 443 -j DNAT --to-destination 8.43.85.75:443', - # 9418 - '-A PREROUTING --dst 152.19.134.147 -p tcp --dport 9418 -j DNAT --to-destination 8.43.85.75:9418', - '-A POSTROUTING -p tcp --dst 8.43.85.75 --dport 9418 -j SNAT --to-source 152.19.134.147', - '-A OUTPUT --dst 152.19.134.147 -p tcp --dport 9418 -j DNAT --to-destination 8.43.85.75:9418', - # Eventsource - '-A PREROUTING --dst 152.19.134.147 -p tcp --dport 8088 -j DNAT --to-destination 8.43.85.75:8088', - '-A POSTROUTING -p tcp --dst 8.43.85.75 --dport 8088 -j SNAT --to-source 152.19.134.147', - '-A OUTPUT --dst 152.19.134.147 -p tcp --dport 8088 -j DNAT --to-destination 8.43.85.75:8088', - # Fedmsg - '-A PREROUTING --dst 152.19.134.147 -p tcp --dport 9940 -j DNAT --to-destination 8.43.85.75:9940', - '-A POSTROUTING -p tcp --dst 8.43.85.75 --dport 9940 -j SNAT --to-source 152.19.134.147', - '-A OUTPUT --dst 152.19.134.147 -p tcp --dport 9940 -j DNAT --to-destination 8.43.85.75:9940', -] - - -ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-ext -ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ - -volgroup: /dev/vg_guests - -eth0_ip: 152.19.134.146 -eth0_nm: 255.255.255.128 -has_ipv6: yes -eth0_ipv6: "2610:28:3090:3001:dead:beef:cafe:fe46" -eth0_ipv6_gw: "2610:28:3090:3001::1" -eth0_secondary_ip: 152.19.134.147 - -sponsor: ibiblio -datacenter: ibiblio -postfix_group: vpn -vmhost: ibiblio01.fedoraproject.org diff --git a/inventory/inventory b/inventory/inventory index 2edaa32552..724f4adab8 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -1297,9 +1297,6 @@ pagure01.fedoraproject.org [pagure_stg] pagure-stg01.fedoraproject.org -[pagure_proxy] -pagure-proxy01.fedoraproject.org - [twisted_buildbots] twisted-fedora26-1.fedorainfracloud.org twisted-fedora26-2.fedorainfracloud.org diff --git a/master.yml b/master.yml index efc814c60f..343f563211 100644 --- a/master.yml +++ b/master.yml @@ -79,7 +79,6 @@ - import_playbook: /srv/web/infra/ansible/playbooks/groups/os-proxies.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/packages.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/pagure.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/pagure-proxy.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/pdc.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/people.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/pkgs.yml diff --git a/playbooks/groups/pagure-proxy.yml b/playbooks/groups/pagure-proxy.yml deleted file mode 100644 index e3e1ba92d5..0000000000 --- a/playbooks/groups/pagure-proxy.yml +++ /dev/null @@ -1,33 +0,0 @@ -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=pagure_proxy" - -- name: make the boxen be real for real - hosts: pagure_proxy - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - rkhunter - - nagios_client - - hosts - - fas_client - - sudo - - collectd/base - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - tasks: - - import_tasks: "{{ tasks_path }}/2fa_client.yml" - - import_tasks: "{{ tasks_path }}/motd.yml" - - - name: Enable ipv4_forward in sysctl - sysctl: name=net.ipv4.ip_forward value=1 state=present sysctl_set=yes reload=yes - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml"