noc01.rdu3: add a rdu3 noc server

No nagios for now, but dhcp and tftp and such. Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2025-05-22 10:00:47 -07:00 · 2025-05-22 10:00:47 -07:00 · 81f9f0d09c
commit 81f9f0d09c
parent fdfb14225b
3 changed files with 37 additions and 6 deletions
--- a/inventory/host_vars/noc01.rdu3.fedoraproject.org
+++ b/inventory/host_vars/noc01.rdu3.fedoraproject.org
@ -0,0 +1,27 @@
+---
+custom_rules: [
+  '-A INPUT -p tcp -m tcp -s 192.168.1.20 --dport 5666 -j ACCEPT',
+  # needed to allow rsync from log01
+  '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT',
+  '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT'
+  ]
+nft_custom_rules:
+  - 'add rule ip filter INPUT ip saddr 192.168.1.20 tcp dport 5666 counter accept'
+  # needed to allow rsync from log01
+  - 'add rule ip filter INPUT ip saddr 10.3.163.39  tcp dport 873 counter accept'
+  - 'add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept'
+datacenter: rdu3
+eth0_ipv4_gw: 10.16.163.254
+eth0_ipv4_ip: 10.16.163.10
+ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/
+ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel
+# Define resources for this group of hosts here.
+lvm_size: 20000
+mem_size: 8192
+nagios_location: 'rdu3_internal'
+nagios_srcdir: 'nagios'
+num_cpus: 4
+tcp_ports: ['22', '80', '443', '67', '68']
+udp_ports: ['67', '68', '69']
+vmhost: vmhost-x86-01.rdu3.fedoraproject.org
+volgroup: /dev/vg_guests
--- a/inventory/inventory
+++ b/inventory/inventory
@ -240,10 +240,14 @@ ipsilon02.iad2.fedoraproject.org
 [nagios]
 noc01.iad2.fedoraproject.org
 noc02.fedoraproject.org
+noc01.rdu3.fedoraproject.org

 [nagios_iad2]
 noc01.iad2.fedoraproject.org

+[nagios_rdu3]
+noc01.rdu3.fedoraproject.org
+
 [noc_rdu_cc]
 noc-cc01.rdu-cc.fedoraproject.org

--- a/playbooks/groups/noc.yml
+++ b/playbooks/groups/noc.yml
@ -22,10 +22,10 @@
  - rkhunter
  - nagios_client
  - hosts
-  - { role: openvpn/client, when: env != "staging" }
+  - { role: openvpn/client, when: env != "staging" or datacenter == 'rdu3' }
  - ipa/client
  - collectd/base
-  - { role: rsyncd, when: datacenter == 'iad2' }
+  - { role: rsyncd, when: datacenter == 'iad2' or datacenter == 'rdu3' }
  - sudo
  - apache
  # - mod_wsgi
@ -40,7 +40,7 @@
    owner_group: apache
    service: HTTP
    host: "nagios-external{{env_suffix}}.fedoraproject.org"
-    when: datacenter != 'iad2'
+    when: datacenter == 'ibiblio'
  - { role: letsencrypt, site_name: 'nagios-external.fedoraproject.org', when: inventory_hostname.startswith('noc02') }

  handlers:
@ -60,9 +60,9 @@
  - import_tasks: "{{ handlers_path }}/restart_services.yml"

  roles:
-  - { role: dhcp_server, when: datacenter == 'iad2' }
-  - { role: tftp_server, when: datacenter == 'iad2' }
-  - { role: nagios_server }
+  - { role: dhcp_server, when: datacenter == 'iad2' or datacenter == 'rdu3' }
+  - { role: tftp_server, when: datacenter == 'iad2' or datacenter == 'rdu3' }
+  - { role: nagios_server, when: datacenter == 'iad2' or datacenter == 'ibiblio' }

  tasks:
  - name: Install some packages which arent in playbooks