Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

noc01.rdu3: add a rdu3 noc server

Browse source 
No nagios for now, but dhcp and tftp and such.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi 2025-05-22 10:00:47 -07:00
parent fdfb14225b
commit 81f9f0d09c
3 changed files with 37 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

27
inventory/host_vars/noc01.rdu3.fedoraproject.org Normal file
View file

@ -0,0 +1,27 @@
---
custom_rules: [
'-A INPUT -p tcp -m tcp -s 192.168.1.20 --dport 5666 -j ACCEPT',
# needed to allow rsync from log01
'-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT'
]
nft_custom_rules:
- 'add rule ip filter INPUT ip saddr 192.168.1.20 tcp dport 5666 counter accept'
# needed to allow rsync from log01
- 'add rule ip filter INPUT ip saddr 10.3.163.39 tcp dport 873 counter accept'
- 'add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept'
datacenter: rdu3
eth0_ipv4_gw: 10.16.163.254
eth0_ipv4_ip: 10.16.163.10
ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/
ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel
# Define resources for this group of hosts here.
lvm_size: 20000
mem_size: 8192
nagios_location: 'rdu3_internal'
nagios_srcdir: 'nagios'
num_cpus: 4
tcp_ports: ['22', '80', '443', '67', '68']
udp_ports: ['67', '68', '69']
vmhost: vmhost-x86-01.rdu3.fedoraproject.org
volgroup: /dev/vg_guests

4
inventory/inventory
View file

@ -240,10 +240,14 @@ ipsilon02.iad2.fedoraproject.org
[nagios] [nagios]
noc01.iad2.fedoraproject.org noc01.iad2.fedoraproject.org
noc02.fedoraproject.org noc02.fedoraproject.org
noc01.rdu3.fedoraproject.org
[nagios_iad2] [nagios_iad2]
noc01.iad2.fedoraproject.org noc01.iad2.fedoraproject.org
[nagios_rdu3]
noc01.rdu3.fedoraproject.org
[noc_rdu_cc] [noc_rdu_cc]
noc-cc01.rdu-cc.fedoraproject.org noc-cc01.rdu-cc.fedoraproject.org

12
playbooks/groups/noc.yml
View file

@ -22,10 +22,10 @@
- rkhunter - rkhunter
- nagios_client - nagios_client
- hosts - hosts
- { role: openvpn/client, when: env != "staging" } - { role: openvpn/client, when: env != "staging" or datacenter == 'rdu3' }
- ipa/client - ipa/client
- collectd/base - collectd/base
- { role: rsyncd, when: datacenter == 'iad2' } - { role: rsyncd, when: datacenter == 'iad2' or datacenter == 'rdu3' }
- sudo - sudo
- apache - apache
# - mod_wsgi # - mod_wsgi
@ -40,7 +40,7 @@
owner_group: apache owner_group: apache
service: HTTP service: HTTP
host: "nagios-external{{env_suffix}}.fedoraproject.org" host: "nagios-external{{env_suffix}}.fedoraproject.org"
when: datacenter != 'iad2' when: datacenter == 'ibiblio'
- { role: letsencrypt, site_name: 'nagios-external.fedoraproject.org', when: inventory_hostname.startswith('noc02') } - { role: letsencrypt, site_name: 'nagios-external.fedoraproject.org', when: inventory_hostname.startswith('noc02') }
handlers: handlers:
@ -60,9 +60,9 @@
- import_tasks: "{{ handlers_path }}/restart_services.yml" - import_tasks: "{{ handlers_path }}/restart_services.yml"
roles: roles:
- { role: dhcp_server, when: datacenter == 'iad2' } - { role: dhcp_server, when: datacenter == 'iad2' or datacenter == 'rdu3' }
- { role: tftp_server, when: datacenter == 'iad2' } - { role: tftp_server, when: datacenter == 'iad2' or datacenter == 'rdu3' }
- { role: nagios_server } - { role: nagios_server, when: datacenter == 'iad2' or datacenter == 'ibiblio' }
tasks: tasks:
- name: Install some packages which arent in playbooks - name: Install some packages which arent in playbooks