diff --git a/inventory/group_vars/vmhost_copr b/inventory/group_vars/vmhost_copr new file mode 100644 index 0000000000..4b13d09f94 --- /dev/null +++ b/inventory/group_vars/vmhost_copr @@ -0,0 +1,26 @@ +--- +virthost: true + +fas_client_groups: sysadmin-copr,sysadmin-main +sudoers: "{{ private }}/files/sudo/copr-sudoers" + +nrpe_procs_warn: 1400 +nrpe_procs_crit: 1500 + +# These variables are pushed into /etc/system_identification by the base role. +# Groups and individual hosts should override them with specific info. +# See http://infrastructure.fedoraproject.org/csi/security-policy/ + +vpn: false +postfix_group: cloud +freezes: false + +csi_security_category: High +csi_primary_contact: Fedora Admins - admin@fedoraproject.org +csi_purpose: Host guest virtual machines. +csi_relationship: | + - Guests on this host will be inaccessible if the host is down. + - This host will be required by any application with a virtual machine running on it, therefore, if this host is down those applications will be impacted. + +nagios_Check_Services: + raid: true diff --git a/inventory/host_vars/vmhost-x86-05.rdu-cc.fedoraproject.org b/inventory/host_vars/vmhost-x86-05.rdu-cc.fedoraproject.org index 692e739ebd..4deb9fe021 100644 --- a/inventory/host_vars/vmhost-x86-05.rdu-cc.fedoraproject.org +++ b/inventory/host_vars/vmhost-x86-05.rdu-cc.fedoraproject.org @@ -1,12 +1,56 @@ --- +datacenter: rdu-cc + nrpe_procs_warn: 900 nrpe_procs_crit: 1000 -br0_ip: 8.43.85.84 -br0_nm: 255.255.254.0 -gw: 8.43.85.254 -dns: 8.8.8.8 -datacenter: rdu-cc vpn: true postfix_group: cloud freezes: false + +gw: 8.43.85.254 +dns: 8.8.8.8 + +has_ipv4: yes +br0_ipv4: 8.43.85.84 +br0_ipv4_nm: 23 +br0_ipv4_gw: "{{ gw }}" + +has_ipv6: yes +br0_ipv6: "2620:52:3:1:dead:beef:cafe:f005" +br0_ipv6_nm: 64 +br0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" + +mac0: "ec:f4:bb:d2:97:7c" +mac1: "ec:f4:bb:d2:97:7d" +mac2: "ec:f4:bb:d2:97:78" +mac3: "ec:f4:bb:d2:97:7a" + +br0_port0_mac: "{{ mac0 }}" + +network_connections: + - name: br0 + state: up + type: bridge + autoconnect: yes + ip: + address: + - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" + - "{{ br0_ipv6 }}/{{ br0_ipv6_nm }}" + gateway4: "{{ br0_ipv4_gw }}" + gateway6: "{{ br0_ipv6_gw }}" + dns: + - 8.8.8.8 + - 8.8.4.4 + - 2001:4860:4860::8888 + dns_search: + - fedoraproject.org + - vpn.fedoraproject.org + - rdu-cc.fedoraproject.org + dhcp4: no + auto6: no + - name: br0-port0 + state: up + type: ethernet + master: br0 + mac: "{{ br0_port0_mac }}" diff --git a/inventory/host_vars/vmhost-x86-06.rdu-cc.fedoraproject.org b/inventory/host_vars/vmhost-x86-06.rdu-cc.fedoraproject.org index ae60f48e49..e82a83adfa 100644 --- a/inventory/host_vars/vmhost-x86-06.rdu-cc.fedoraproject.org +++ b/inventory/host_vars/vmhost-x86-06.rdu-cc.fedoraproject.org @@ -1,12 +1,56 @@ --- +datacenter: rdu-cc + nrpe_procs_warn: 900 nrpe_procs_crit: 1000 -br0_ip: 8.43.85.85 -br0_nm: 255.255.254.0 -gw: 8.43.85.254 -dns: 8.8.8.8 -datacenter: rdu-cc vpn: true postfix_group: cloud freezes: false + +gw: 8.43.85.254 +dns: 8.8.8.8 + +has_ipv4: yes +br0_ipv4: 8.43.85.85 +br0_ipv4_nm: 23 +br0_ipv4_gw: "{{ gw }}" + +has_ipv6: yes +br0_ipv6: "2620:52:3:1:dead:beef:cafe:f006" +br0_ipv6_nm: 64 +br0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" + +mac0: "ec:f4:bb:cd:aa:a4" +mac1: "ec:f4:bb:cd:aa:a5" +mac2: "ec:f4:bb:cd:aa:a0" +mac3: "ec:f4:bb:cd:aa:a2" + +br0_port0_mac: "{{ mac0 }}" + +network_connections: + - name: br0 + state: up + type: bridge + autoconnect: yes + ip: + address: + - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" + - "{{ br0_ipv6 }}/{{ br0_ipv6_nm }}" + gateway4: "{{ br0_ipv4_gw }}" + gateway6: "{{ br0_ipv6_gw }}" + dns: + - 8.8.8.8 + - 8.8.4.4 + - 2001:4860:4860::8888 + dns_search: + - fedoraproject.org + - vpn.fedoraproject.org + - rdu-cc.fedoraproject.org + dhcp4: no + auto6: no + - name: br0-port0 + state: up + type: ethernet + master: br0 + mac: "{{ br0_port0_mac }}" diff --git a/inventory/host_vars/vmhost-x86-copr01.rdu-cc.fedoraproject.org b/inventory/host_vars/vmhost-x86-copr01.rdu-cc.fedoraproject.org index 0386c7c509..d7424de8b4 100644 --- a/inventory/host_vars/vmhost-x86-copr01.rdu-cc.fedoraproject.org +++ b/inventory/host_vars/vmhost-x86-copr01.rdu-cc.fedoraproject.org @@ -1,18 +1,53 @@ --- -fas_client_groups: sysadmin-copr,sysadmin-main -sudoers: "{{ private }}/files/sudo/copr-sudoers" -nrpe_procs_warn: 900 -nrpe_procs_crit: 1000 -br0_ip: 8.43.85.57 -br0_nm: 255.255.254.0 +datacenter: rdu-cc + gw: 8.43.85.254 dns: 8.8.8.8 -has_ipv6: yes -eth0_ipv6: "2620:52:3:1:dead:beef:cafe:c001" -eth0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" +has_ipv4: yes +br0_ipv4: 8.43.85.57 +br0_ipv4_nm: 23 +br0_ipv4_gw: "{{ gw }}" -datacenter: rdu-cc -vpn: false -postfix_group: cloud -freezes: false +has_ipv6: yes +br0_ipv6: "2620:52:3:1:dead:beef:cafe:c001" +br0_ipv6_nm: 64 +br0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" + +mac0: "f4:02:70:d0:05:00" +mac1: "f4:02:70:d0:05:01" +mac2: "b0:26:28:d1:df:00" +mac3: "b0:26:28:d1:df:01" +mac4: "b4:96:91:63:3b:e8" +mac5: "b4:96:91:63:3b:e9" +mac6: "b4:96:91:63:3b:ea" +mac7: "b4:96:91:63:3b:eb" + +br0_port0_mac: "{{ mac0 }}" + +network_connections: + - name: br0 + state: up + type: bridge + autoconnect: yes + ip: + address: + - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" + - "{{ br0_ipv6 }}/{{ br0_ipv6_nm }}" + gateway4: "{{ br0_ipv4_gw }}" + gateway6: "{{ br0_ipv6_gw }}" + dns: + - 8.8.8.8 + - 8.8.4.4 + - 2001:4860:4860::8888 + dns_search: + - fedoraproject.org + - vpn.fedoraproject.org + - rdu-cc.fedoraproject.org + dhcp4: no + auto6: no + - name: br0-port0 + state: up + type: ethernet + master: br0 + mac: "{{ br0_port0_mac }}" diff --git a/inventory/host_vars/vmhost-x86-copr02.rdu-cc.fedoraproject.org b/inventory/host_vars/vmhost-x86-copr02.rdu-cc.fedoraproject.org index 98b1249722..29f4fee4c6 100644 --- a/inventory/host_vars/vmhost-x86-copr02.rdu-cc.fedoraproject.org +++ b/inventory/host_vars/vmhost-x86-copr02.rdu-cc.fedoraproject.org @@ -1,28 +1,23 @@ --- -fas_client_groups: sysadmin-copr,sysadmin-main -sudoers: "{{ private }}/files/sudo/copr-sudoers" -nrpe_procs_warn: 900 -nrpe_procs_crit: 1000 +datacenter: rdu-cc + gw: 8.43.85.254 dns: 8.8.8.8 has_ipv4: yes br0_ipv4: 8.43.85.58 -br0_ipv4_nm: 255.255.254.0 +br0_ipv4_nm: 23 br0_ipv4_gw: "{{ gw }}" has_ipv6: yes br0_ipv6: "2620:52:3:1:dead:beef:cafe:c002" +br0_ipv6_nm: 64 br0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" -datacenter: rdu-cc -vpn: false -postfix_group: cloud -freezes: false mac0: "f4:02:70:d0:04:5e" -mac1: "b4:96:91:63:3b:9c" -mac2: "f4:02:70:d0:04:5f" +mac1: "f4:02:70:d0:04:5f" +mac2: "b4:96:91:63:3b:9c" mac3: "b4:96:91:63:3b:9d" mac4: "b4:96:91:63:3b:9e" mac5: "b4:96:91:63:3b:9f" @@ -36,8 +31,8 @@ network_connections: autoconnect: yes ip: address: - - "{{ br0_ipv4 }}/24" - - "{{ br0_ipv6 }}/64" + - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" + - "{{ br0_ipv6 }}/{{ br0_ipv6_nm }}" gateway4: "{{ br0_ipv4_gw }}" gateway6: "{{ br0_ipv6_gw }}" dns: @@ -56,3 +51,4 @@ network_connections: master: br0 mac: "{{ br0_port0_mac }}" + diff --git a/inventory/host_vars/vmhost-x86-copr03.rdu-cc.fedoraproject.org b/inventory/host_vars/vmhost-x86-copr03.rdu-cc.fedoraproject.org index c5900b175f..2e95ed3b82 100644 --- a/inventory/host_vars/vmhost-x86-copr03.rdu-cc.fedoraproject.org +++ b/inventory/host_vars/vmhost-x86-copr03.rdu-cc.fedoraproject.org @@ -1,18 +1,53 @@ --- -fas_client_groups: sysadmin-copr,sysadmin-main -sudoers: "{{ private }}/files/sudo/copr-sudoers" -nrpe_procs_warn: 900 -nrpe_procs_crit: 1000 -br0_ip: 8.43.85.59 -br0_nm: 255.255.254.0 +datacenter: rdu-cc + gw: 8.43.85.254 dns: 8.8.8.8 -has_ipv6: yes -eth0_ipv6: "2620:52:3:1:dead:beef:cafe:c003" -eth0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" +has_ipv4: yes +br0_ipv4: 8.43.85.59 +br0_ipv4_nm: 23 +br0_ipv4_gw: "{{ gw }}" -datacenter: rdu-cc -vpn: false -postfix_group: cloud -freezes: false +has_ipv6: yes +br0_ipv6: "2620:52:3:1:dead:beef:cafe:c003" +br0_ipv6_nm: 64 +br0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" + +mac0: "f4:02:70:d3:42:48" +mac1: "f4:02:70:d3:42:49" +mac2: "b0:26:28:d1:dd:c0" +mac3: "b0:26:28:d1:dd:c1" +mac4: "b4:96:91:63:3b:50" +mac5: "b4:96:91:63:3b:51" +mac6: "b4:96:91:63:3b:52" +mac7: "b4:96:91:63:3b:53" + +br0_port0_mac: "{{ mac0 }}" + +network_connections: + - name: br0 + state: up + type: bridge + autoconnect: yes + ip: + address: + - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" + - "{{ br0_ipv6 }}/{{ br0_ipv6_nm }}" + gateway4: "{{ br0_ipv4_gw }}" + gateway6: "{{ br0_ipv6_gw }}" + dns: + - 8.8.8.8 + - 8.8.4.4 + - 2001:4860:4860::8888 + dns_search: + - fedoraproject.org + - vpn.fedoraproject.org + - rdu-cc.fedoraproject.org + dhcp4: no + auto6: no + - name: br0-port0 + state: up + type: ethernet + master: br0 + mac: "{{ br0_port0_mac }}" diff --git a/inventory/host_vars/vmhost-x86-copr04.rdu-cc.fedoraproject.org b/inventory/host_vars/vmhost-x86-copr04.rdu-cc.fedoraproject.org index 6b0a650d58..22b7475c97 100644 --- a/inventory/host_vars/vmhost-x86-copr04.rdu-cc.fedoraproject.org +++ b/inventory/host_vars/vmhost-x86-copr04.rdu-cc.fedoraproject.org @@ -1,18 +1,53 @@ --- -fas_client_groups: sysadmin-copr,sysadmin-main -sudoers: "{{ private }}/files/sudo/copr-sudoers" -nrpe_procs_warn: 900 -nrpe_procs_crit: 1000 -br0_ip: 8.43.85.60 -br0_nm: 255.255.254.0 +datacenter: rdu-cc + gw: 8.43.85.254 dns: 8.8.8.8 -has_ipv6: yes -eth0_ipv6: "2620:52:3:1:dead:beef:cafe:c004" -eth0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" +has_ipv4: yes +br0_ipv4: 8.43.85.60 +br0_ipv4_nm: 23 +br0_ipv4_gw: "{{ gw }}" -datacenter: rdu-cc -vpn: false -postfix_group: cloud -freezes: false +has_ipv6: yes +br0_ipv6: "2620:52:3:1:dead:beef:cafe:c004" +br0_ipv6_nm: 64 +br0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" + +mac0: "f4:02:70:d0:04:4a" +mac1: "f4:02:70:d0:04:4b" +mac2: "b0:26:28:d1:e0:f0" +mac3: "b0:26:28:d1:e0:f1" +mac4: "b4:96:91:63:3a:a0" +mac5: "b4:96:91:63:3a:a1" +mac6: "b4:96:91:63:3a:a2" +mac7: "b4:96:91:63:3a:a3" + +br0_port0_mac: "{{ mac0 }}" + +network_connections: + - name: br0 + state: up + type: bridge + autoconnect: yes + ip: + address: + - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}" + - "{{ br0_ipv6 }}/{{ br0_ipv6_nm }}" + gateway4: "{{ br0_ipv4_gw }}" + gateway6: "{{ br0_ipv6_gw }}" + dns: + - 8.8.8.8 + - 8.8.4.4 + - 2001:4860:4860::8888 + dns_search: + - fedoraproject.org + - vpn.fedoraproject.org + - rdu-cc.fedoraproject.org + dhcp4: no + auto6: no + - name: br0-port0 + state: up + type: ethernet + master: br0 + mac: "{{ br0_port0_mac }}" diff --git a/inventory/inventory b/inventory/inventory index f975eed9dd..158be93258 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -113,8 +113,8 @@ virthost-rdu01.fedoraproject.org virthost-cc-rdu01.fedoraproject.org virthost-cc-rdu02.fedoraproject.org virthost-cc-rdu03.fedoraproject.org -#virthost-cloud01.fedorainfracloud.org -#cloudvmhost-aarch64-01.fedorainfracloud.org + +[vmhost_copr] vmhost-x86-copr01.rdu-cc.fedoraproject.org vmhost-x86-copr02.rdu-cc.fedoraproject.org vmhost-x86-copr03.rdu-cc.fedoraproject.org diff --git a/playbooks/groups/vmhost_copr.yml b/playbooks/groups/vmhost_copr.yml new file mode 100644 index 0000000000..29ff1beb27 --- /dev/null +++ b/playbooks/groups/vmhost_copr.yml @@ -0,0 +1,40 @@ +# create a new virthost server system +# This is a copy of the main one which is meant to be limited ONLY to vmhost_copr group for rbac +# NOTE: should be used with --limit most of the time +# NOTE: most of these vars_path come from group_vars/backup_server or from hostvars + +- import_playbook: "/srv/web/infra/ansible/playbooks/include/happy_birthday.yml myhosts=vmhost_copr:!buildvmhost-s390x-01.s390.fedoraproject.org" + +- name: make virthost server system + hosts: vmhost_copr + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + + roles: + - base + - rkhunter + - nagios_client + - hosts + - { role: ipa/client, when: env == "staging" } + - { role: fas_client, when: env != "staging" } + - collectd/base + - sudo + - { role: openvpn/client, when: vpn|bool } + - virthost + + tasks: + - import_tasks: "{{ tasks_path }}/2fa_client.yml" + when: env != 'staging' + - import_tasks: "{{ tasks_path }}/motd.yml" + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml"