diff --git a/inventory/group_vars/os b/inventory/group_vars/os deleted file mode 100644 index c716224e38..0000000000 --- a/inventory/group_vars/os +++ /dev/null @@ -1,11 +0,0 @@ ---- -baseiptables: False -host_group: os -ipa_client_shell_groups: - - sysadmin-openshift -ipa_client_sudo_groups: - - sysadmin-openshift -#openshift_ansible_upgrading: False -ipa_host_group: openshift -ipa_host_group_desc: OpenShift cluster -no_http2: True diff --git a/inventory/group_vars/os_masters b/inventory/group_vars/os_masters deleted file mode 100644 index 4acf6cc835..0000000000 --- a/inventory/group_vars/os_masters +++ /dev/null @@ -1,26 +0,0 @@ ---- -bodhi_openshift_pods: 1 -# -# Set some bodhi variables here. -# Since they are used when running playbooks against the master nodes. -# -bodhi_version: "6.0.0" -nagios_Check_Services: - mail: false - nrpe: false - swap: false -os_app_url: app.os.fedoraproject.org -os_url: os.fedoraproject.org -# GDPR SAR related dictionary -sar_openshift: - # Name of the app - release-monitoring: - # Openshift namespace where the app runs - openshift_namespace: release-monitoring - # Name of openshift pod - will be used for label search - openshift_pod: release-monitoring-web - # Output file on local machine - sar_output_file: anitya.json - # Location of the script - sar_script: /usr/local/bin/sar -swap: false diff --git a/inventory/group_vars/os_masters_stg b/inventory/group_vars/os_masters_stg deleted file mode 100644 index 0aaef89892..0000000000 --- a/inventory/group_vars/os_masters_stg +++ /dev/null @@ -1,12 +0,0 @@ ---- -bodhi_openshift_pods: 1 -# Set some bodhi variables here. -# Since they are used when running playbooks against the master nodes. -# -bodhi_version: "6.0.0" -nagios_Check_Services: - mail: false - nrpe: false - swap: false -os_app_url: app.os.stg.fedoraproject.org -os_url: os.stg.fedoraproject.org diff --git a/inventory/group_vars/os_nodes b/inventory/group_vars/os_nodes deleted file mode 100644 index 7e7df732cb..0000000000 --- a/inventory/group_vars/os_nodes +++ /dev/null @@ -1,8 +0,0 @@ ---- -nagios_Check_Services: - mail: false - nrpe: false - swap: false -os_app_url: app.os.fedoraproject.org -os_url: os.fedoraproject.org -swap: false diff --git a/inventory/group_vars/os_nodes_stg b/inventory/group_vars/os_nodes_stg deleted file mode 100644 index 891bdafa1f..0000000000 --- a/inventory/group_vars/os_nodes_stg +++ /dev/null @@ -1,7 +0,0 @@ ---- -nagios_Check_Services: - mail: false - nrpe: false - swap: false -os_app_url: app.os.stg.fedoraproject.org -os_url: os.stg.fedoraproject.org diff --git a/inventory/group_vars/os_stg b/inventory/group_vars/os_stg deleted file mode 100644 index d905aceedd..0000000000 --- a/inventory/group_vars/os_stg +++ /dev/null @@ -1,12 +0,0 @@ ---- -baseiptables: False -host_group: os -ipa_client_shell_groups: - - sysadmin-openshift -ipa_client_sudo_groups: - - sysadmin-openshift -# Only define this when upgrading, otherwise comment it -# openshift_ansible_upgrading: True -ipa_host_group: openshift -ipa_host_group_desc: OpenShift cluster -no_http2: False diff --git a/inventory/group_vars/proxies b/inventory/group_vars/proxies index d7a8aca56d..fe252b3eeb 100644 --- a/inventory/group_vars/proxies +++ b/inventory/group_vars/proxies @@ -56,14 +56,6 @@ ocp_nodes: - worker04.vpn.fedoraproject.org - worker05.vpn.fedoraproject.org - worker06.vpn.fedoraproject.org -openshift_masters: - - os-master01.vpn.fedoraproject.org - - os-master02.vpn.fedoraproject.org - - os-master03.vpn.fedoraproject.org -openshift_nodes: - - os-node01.vpn.fedoraproject.org - - os-node02.vpn.fedoraproject.org - - os-node03.vpn.fedoraproject.org postvpnservices: - haproxy - varnish diff --git a/inventory/group_vars/proxies_stg b/inventory/group_vars/proxies_stg index 0056a3dc83..857fd6fd16 100644 --- a/inventory/group_vars/proxies_stg +++ b/inventory/group_vars/proxies_stg @@ -49,16 +49,6 @@ ocp_nodes_stg: - worker03.ocp.stg.iad2.fedoraproject.org - worker04.ocp.stg.iad2.fedoraproject.org - worker05.ocp.stg.iad2.fedoraproject.org -openshift_masters: - - os-master01.stg.iad2.fedoraproject.org - - os-master02.stg.iad2.fedoraproject.org - - os-master03.stg.iad2.fedoraproject.org -openshift_nodes: - - os-node01.stg.iad2.fedoraproject.org - - os-node02.stg.iad2.fedoraproject.org - - os-node03.stg.iad2.fedoraproject.org - - os-node04.stg.iad2.fedoraproject.org -openshift_nodes_stg: "{{ openshift_nodes }}" tcp_ports: [ # For apache, generally. 80, 443, diff --git a/inventory/host_vars/os-master01.iad2.fedoraproject.org b/inventory/host_vars/os-master01.iad2.fedoraproject.org deleted file mode 100644 index 585a5b991f..0000000000 --- a/inventory/host_vars/os-master01.iad2.fedoraproject.org +++ /dev/null @@ -1,17 +0,0 @@ ---- -baseiptables: false -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.66 -ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/ -ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext -lvm_size: 120g -max_mem_size: 16384 -mem_size: 16384 -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 4 -resolvconf: "resolv.conf/iad2" -vmhost: vmhost-x86-02.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/os-master01.stg.iad2.fedoraproject.org b/inventory/host_vars/os-master01.stg.iad2.fedoraproject.org deleted file mode 100644 index 41f9eb9c8b..0000000000 --- a/inventory/host_vars/os-master01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,15 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.51 -host_group: os-stg -ks_repo: http://10.3.163.35/repo/rhel/RHEL7-x86_64/ -ks_url: http://10.3.163.35/repo/rhel/ks/kvm-rhel-7-osbs-iad2 -lvm_size: 120g -max_mem_size: 16384 -mem_size: 16384 -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 4 -vmhost: vmhost-x86-11.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/os-master02.iad2.fedoraproject.org b/inventory/host_vars/os-master02.iad2.fedoraproject.org deleted file mode 100644 index 64b19db6c5..0000000000 --- a/inventory/host_vars/os-master02.iad2.fedoraproject.org +++ /dev/null @@ -1,17 +0,0 @@ ---- -baseiptables: false -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.67 -ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/ -ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext -lvm_size: 120g -max_mem_size: 16384 -mem_size: 16384 -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 4 -resolvconf: "resolv.conf/iad2" -vmhost: vmhost-x86-03.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/os-master02.stg.iad2.fedoraproject.org b/inventory/host_vars/os-master02.stg.iad2.fedoraproject.org deleted file mode 100644 index bc203689f9..0000000000 --- a/inventory/host_vars/os-master02.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,15 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.52 -host_group: os-stg -ks_repo: http://10.3.163.35/repo/rhel/RHEL7-x86_64/ -ks_url: http://10.3.163.35/repo/rhel/ks/kvm-rhel-7-osbs-iad2 -lvm_size: 120g -max_mem_size: 16384 -mem_size: 16384 -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 4 -vmhost: vmhost-x86-02.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/os-master03.iad2.fedoraproject.org b/inventory/host_vars/os-master03.iad2.fedoraproject.org deleted file mode 100644 index f3aa685bf4..0000000000 --- a/inventory/host_vars/os-master03.iad2.fedoraproject.org +++ /dev/null @@ -1,17 +0,0 @@ ---- -baseiptables: false -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.68 -ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/ -ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext -lvm_size: 120g -max_mem_size: 16384 -mem_size: 16384 -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 4 -resolvconf: "resolv.conf/iad2" -vmhost: vmhost-x86-04.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/os-master03.stg.iad2.fedoraproject.org b/inventory/host_vars/os-master03.stg.iad2.fedoraproject.org deleted file mode 100644 index 334484be9d..0000000000 --- a/inventory/host_vars/os-master03.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,15 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.53 -host_group: os-stg -ks_repo: http://10.3.163.35/repo/rhel/RHEL7-x86_64/ -ks_url: http://10.3.163.35/repo/rhel/ks/kvm-rhel-7-osbs-iad2 -lvm_size: 120g -max_mem_size: 16384 -mem_size: 16384 -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 4 -vmhost: vmhost-x86-03.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/os-node01.iad2.fedoraproject.org b/inventory/host_vars/os-node01.iad2.fedoraproject.org deleted file mode 100644 index 0e2aceea6b..0000000000 --- a/inventory/host_vars/os-node01.iad2.fedoraproject.org +++ /dev/null @@ -1,17 +0,0 @@ ---- -baseiptables: false -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.69 -ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/ -ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext -lvm_size: 120g -max_mem_size: 24576 -mem_size: 24576 -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 4 -resolvconf: "resolv.conf/iad2" -vmhost: vmhost-x86-05.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/os-node01.stg.iad2.fedoraproject.org b/inventory/host_vars/os-node01.stg.iad2.fedoraproject.org deleted file mode 100644 index bf13771f11..0000000000 --- a/inventory/host_vars/os-node01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,15 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.54 -host_group: os-stg -ks_repo: http://10.3.163.35/repo/rhel/RHEL7-x86_64/ -ks_url: http://10.3.163.35/repo/rhel/ks/kvm-rhel-7-osbs-iad2 -lvm_size: 120g -max_mem_size: 73728 -mem_size: 49152 -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 16 -vmhost: vmhost-x86-04.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/os-node02.iad2.fedoraproject.org b/inventory/host_vars/os-node02.iad2.fedoraproject.org deleted file mode 100644 index 0bb83676c3..0000000000 --- a/inventory/host_vars/os-node02.iad2.fedoraproject.org +++ /dev/null @@ -1,17 +0,0 @@ ---- -baseiptables: false -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.70 -ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/ -ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext -lvm_size: 120g -max_mem_size: 24576 -mem_size: 24576 -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 4 -resolvconf: "resolv.conf/iad2" -vmhost: vmhost-x86-06.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/os-node02.stg.iad2.fedoraproject.org b/inventory/host_vars/os-node02.stg.iad2.fedoraproject.org deleted file mode 100644 index 39b36f95a1..0000000000 --- a/inventory/host_vars/os-node02.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,15 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.55 -host_group: os-stg -ks_repo: http://10.3.163.35/repo/rhel/RHEL7-x86_64/ -ks_url: http://10.3.163.35/repo/rhel/ks/kvm-rhel-7-osbs-iad2 -lvm_size: 120g -max_mem_size: 73728 -mem_size: 49152 -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 16 -vmhost: vmhost-x86-05.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/os-node03.iad2.fedoraproject.org b/inventory/host_vars/os-node03.iad2.fedoraproject.org deleted file mode 100644 index fc9530cbb4..0000000000 --- a/inventory/host_vars/os-node03.iad2.fedoraproject.org +++ /dev/null @@ -1,17 +0,0 @@ ---- -baseiptables: false -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.71 -ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/ -ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext -lvm_size: 120g -max_mem_size: 24576 -mem_size: 24576 -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 4 -resolvconf: "resolv.conf/iad2" -vmhost: vmhost-x86-07.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/os-node03.stg.iad2.fedoraproject.org b/inventory/host_vars/os-node03.stg.iad2.fedoraproject.org deleted file mode 100644 index a0e7706b7b..0000000000 --- a/inventory/host_vars/os-node03.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,15 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.56 -host_group: os-stg -ks_repo: http://10.3.163.35/repo/rhel/RHEL7-x86_64/ -ks_url: http://10.3.163.35/repo/rhel/ks/kvm-rhel-7-osbs-iad2 -lvm_size: 120g -max_mem_size: 73728 -mem_size: 49152 -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 16 -vmhost: vmhost-x86-06.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/os-node04.iad2.fedoraproject.org b/inventory/host_vars/os-node04.iad2.fedoraproject.org deleted file mode 100644 index ce962a92c7..0000000000 --- a/inventory/host_vars/os-node04.iad2.fedoraproject.org +++ /dev/null @@ -1,17 +0,0 @@ ---- -baseiptables: false -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.72 -ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/ -ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext -lvm_size: 120g -max_mem_size: 24576 -mem_size: 24576 -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 4 -resolvconf: "resolv.conf/iad2" -vmhost: vmhost-x86-01.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/os-node04.stg.iad2.fedoraproject.org b/inventory/host_vars/os-node04.stg.iad2.fedoraproject.org deleted file mode 100644 index 48632cfcaa..0000000000 --- a/inventory/host_vars/os-node04.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,15 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.57 -host_group: os-stg -ks_repo: http://10.3.163.35/repo/rhel/RHEL7-x86_64/ -ks_url: http://10.3.163.35/repo/rhel/ks/kvm-rhel-7-osbs-iad2 -lvm_size: 120g -max_mem_size: 73728 -mem_size: 49152 -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 16 -vmhost: vmhost-x86-07.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/os-node05.iad2.fedoraproject.org b/inventory/host_vars/os-node05.iad2.fedoraproject.org deleted file mode 100644 index 25bb786e0d..0000000000 --- a/inventory/host_vars/os-node05.iad2.fedoraproject.org +++ /dev/null @@ -1,17 +0,0 @@ ---- -baseiptables: false -datacenter: iad2 -eth0_ipv4_gw: 10.3.163.254 -eth0_ipv4_ip: 10.3.163.73 -ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/ -ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext -lvm_size: 120g -max_mem_size: 24576 -mem_size: 24576 -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 4 -resolvconf: "resolv.conf/iad2" -vmhost: vmhost-x86-02.iad2.fedoraproject.org -volgroup: /dev/vg_guests -vpn: false diff --git a/inventory/host_vars/os-node05.stg.iad2.fedoraproject.org b/inventory/host_vars/os-node05.stg.iad2.fedoraproject.org deleted file mode 100644 index 17aa8113a5..0000000000 --- a/inventory/host_vars/os-node05.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,15 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.166.254 -eth0_ipv4_ip: 10.3.166.58 -host_group: os-stg -ks_repo: http://10.3.163.35/repo/rhel/RHEL7-x86_64/ -ks_url: http://10.3.163.35/repo/rhel/ks/kvm-rhel-7-osbs-iad2 -lvm_size: 120g -max_mem_size: 73728 -mem_size: 49152 -nrpe_procs_crit: 1000 -nrpe_procs_warn: 900 -num_cpus: 16 -vmhost: vmhost-x86-08.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/inventory b/inventory/inventory index 696db57273..eb5e098af2 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -205,11 +205,6 @@ badges-web01.stg.iad2.fedoraproject.org bodhi-backend01.stg.iad2.fedoraproject.org busgateway01.stg.iad2.fedoraproject.org koji01.stg.iad2.fedoraproject.org -os-node01.stg.iad2.fedoraproject.org -os-node02.stg.iad2.fedoraproject.org -os-node03.stg.iad2.fedoraproject.org -os-node04.stg.iad2.fedoraproject.org -os-node05.stg.iad2.fedoraproject.org [download_iad2] dl01.iad2.fedoraproject.org @@ -684,14 +679,6 @@ notifs-web01.stg.iad2.fedoraproject.org odcs-backend01.stg.iad2.fedoraproject.org odcs-frontend01.stg.iad2.fedoraproject.org os-control01.stg.iad2.fedoraproject.org -os-master01.stg.iad2.fedoraproject.org -os-master02.stg.iad2.fedoraproject.org -os-master03.stg.iad2.fedoraproject.org -os-node01.stg.iad2.fedoraproject.org -os-node02.stg.iad2.fedoraproject.org -os-node03.stg.iad2.fedoraproject.org -os-node04.stg.iad2.fedoraproject.org -os-node05.stg.iad2.fedoraproject.org osbs-control01.stg.iad2.fedoraproject.org osbs-master01.stg.iad2.fedoraproject.org osbs-node01.stg.iad2.fedoraproject.org @@ -1126,56 +1113,9 @@ worker05.ocp.stg.iad2.fedoraproject.org [os_control_stg] os-control01.stg.iad2.fedoraproject.org -[os_masters_stg] -os-master01.stg.iad2.fedoraproject.org -os-master02.stg.iad2.fedoraproject.org -os-master03.stg.iad2.fedoraproject.org - -[os_infra_nodes_stg] -os-node01.stg.iad2.fedoraproject.org -os-node02.stg.iad2.fedoraproject.org -os-node03.stg.iad2.fedoraproject.org -os-node04.stg.iad2.fedoraproject.org -os-node05.stg.iad2.fedoraproject.org - -[os_nodes_stg:children] -os_infra_nodes_stg - -[os_stg:children] -os_nodes_stg -os_masters_stg -os_control_stg - [os_control] os-control01.iad2.fedoraproject.org -[os_masters] -os-master01.iad2.fedoraproject.org -os-master02.iad2.fedoraproject.org -os-master03.iad2.fedoraproject.org - -[os_infra_nodes] -os-node01.iad2.fedoraproject.org -os-node02.iad2.fedoraproject.org -os-node03.iad2.fedoraproject.org -os-node04.iad2.fedoraproject.org -os-node05.iad2.fedoraproject.org - -[os_nodes] -os-node01.iad2.fedoraproject.org -os-node02.iad2.fedoraproject.org -os-node03.iad2.fedoraproject.org -os-node04.iad2.fedoraproject.org -os-node05.iad2.fedoraproject.org - -[os_nodes:children] -os_infra_nodes - -[os:children] -os_nodes -os_masters -os_control - # registries [oci_registry] oci-registry01.iad2.fedoraproject.org diff --git a/playbooks/groups/os-cluster.yml b/playbooks/groups/os-cluster.yml deleted file mode 100644 index e4e05d30b4..0000000000 --- a/playbooks/groups/os-cluster.yml +++ /dev/null @@ -1,269 +0,0 @@ -# create an os server -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=os_control_stg:os_control:os_nodes_stg:os_masters_stg:os_nodes:os_masters" - -- name: make the box be real - hosts: os_control:os_control_stg:os_masters_stg:os_nodes_stg:os_masters:os_nodes - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - base - - rkhunter - - nagios_client - - hosts - - { role: openvpn/client, when: env != "staging" } - - ipa/client - - rsyncd - - sudo - - tasks: - - name: put openshift repo on os- systems - template: src="{{ files }}/openshift/openshift.repo" dest="/etc/yum.repos.d/openshift.repo" - tags: - - config - - packages - - yumrepos - - - name: Deploy controller public ssh keys to osbs cluster hosts - authorized_key: - user: root - key: "{{ lookup('file', '{{private}}/files/os/{{env}}/control_key.pub') }}" - - - name: copy docker-storage-setup config - copy: - src: "{{files}}/osbs/docker-storage-setup" - dest: "/etc/sysconfig/docker-storage-setup" - - - name: install redhat ca file - package: - name: subscription-manager-rhsm-certificates - state: present - - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - import_tasks: "{{ tasks_path }}/motd.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - -- name: OSBS control hosts pre-req setup - hosts: os_control:os_control_stg - tags: - - os-cluster-prereq - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: fix hosts file - copy: - src: "{{roles_path}}/hosts/files/os-hosts" - dest: "/etc/hosts" - owner: root - mode: 0644 - - - name: deploy private key to control hosts - copy: - src: "{{private}}/files/os/{{env}}/control_key" - dest: "/root/.ssh/id_rsa" - owner: root - mode: 0600 - - - name: set ansible to use pipelining - ini_file: - dest: /etc/ansible/ansible.cfg - section: ssh_connection - option: pipelining - value: "True" - - - name: Install htpasswd (used in installs) - package: name=httpd-tools state=present - - - name: Install java (used in installs) - package: name=java-1.8.0-openjdk-headless state=present - - - name: Install python-passlib (used in installs) - package: name=python-passlib state=present - -- name: Pre tasks for master/nodes - hosts: os_masters_stg:os_masters - tags: - - os-cluster-deploy - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - - name: make sure the directory for the link is there. - file: path=/etc/origin/master state=directory mode=0755 - - - name: setup link to known ca list for id.fedoraproject.org - file: state=link src=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem dest=/etc/origin/master/fedoraidp_openid_ca.crt - -- name: Deploy OpenShift cluster - hosts: os_control:os_control_stg - tags: - - os-cluster-deploy - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - { - role: ansible-ansible-openshift-ansible, - cluster_inventory_filename: "cluster-inventory-stg", - openshift_release: "v3.11", - openshift_ansible_path: "/root/openshift-ansible", - openshift_ansible_pre_playbook: "playbooks/prerequisites.yml", - openshift_ansible_playbook: "playbooks/deploy_cluster.yml", - openshift_ansible_version: "openshift-ansible-3.11.216-1", - openshift_ansible_ssh_user: root, - openshift_ansible_install_examples: true, - openshift_ansible_containerized_deploy: false, - openshift_cluster_masters_group: "os_masters_stg", - openshift_cluster_nodes_group: "os_nodes_stg", - openshift_cluster_infra_group: "os_nodes_stg", - openshift_auth_profile: "fedoraidp-stg", - openshift_master_ha: true, - openshift_debug_level: 1, - openshift_deployment_type: "openshift-enterprise", - openshift_cluster_url: "{{ os_url}}", - openshift_app_subdomain: "{{ os_app_url }}", - openshift_internal_cluster_url: "os-masters{{ env_suffix }}.iad2.fedoraproject.org", - openshift_api_port: 443, - openshift_console_port: 443, - openshift_shared_infra: true, - openshift_ansible_use_crio: true, - openshift_ansible_crio_only: false, - when: env == 'staging', - tags: ['openshift-cluster','ansible-ansible-openshift-ansible'] - } - - { - role: ansible-ansible-openshift-ansible, - cluster_inventory_filename: "cluster-inventory", - openshift_release: "v3.11", - openshift_ansible_path: "/root/openshift-ansible", - openshift_ansible_pre_playbook: "playbooks/prerequisites.yml", - openshift_ansible_playbook: "playbooks/deploy_cluster.yml", - openshift_ansible_version: "openshift-ansible-3.11.216-1", - openshift_ansible_ssh_user: root, - openshift_ansible_install_examples: true, - openshift_ansible_containerized_deploy: false, - openshift_cluster_masters_group: "os_masters", - openshift_cluster_nodes_group: "os_nodes", - openshift_cluster_infra_group: "os_nodes", - openshift_auth_profile: "fedoraidp", - openshift_master_ha: true, - openshift_debug_level: 1, - openshift_deployment_type: "openshift-enterprise", - openshift_cluster_url: "{{ os_url}}", - openshift_app_subdomain: "{{ os_app_url }}", - openshift_internal_cluster_url: "os-masters{{ env_suffix }}.iad2.fedoraproject.org", - openshift_api_port: 443, - openshift_console_port: 443, - openshift_shared_infra: true, - openshift_ansible_use_crio: true, - openshift_ansible_crio_only: false, - when: env != 'staging' and datacenter == 'iad2', - tags: ['openshift-cluster','ansible-ansible-openshift-ansible'] - } - -- name: Post-Install setup - hosts: os_stg:os - tags: - - os-post-install - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: enable nrpe for monitoring (noc01) - iptables: action=insert chain=INPUT destination_port=5666 protocol=tcp source=10.3.163.10 state=present jump=ACCEPT - tags: - - iptables - -- name: Post-Install master setup - hosts: os_masters_stg:os_masters - tags: - - os-post-install - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: Disallow users from provisioning - command: oc adm policy remove-cluster-role-from-group self-provisioner system:authenticated system:authenticated:oauth - changed_when: false - register: command_result - failed_when: "' removed:' not in command_result.stdout and 'unable to find target' not in command_result.stderr" - run_once: True - - name: Allow some users cluster admin - command: oadm policy add-cluster-role-to-user cluster-admin {{item}} - with_items: - - puiterwijk - - kevin - - codeblock - - smooge - - mobrien - changed_when: false - - name: Set all app owners to have cluster-monitoring-view - command: oadm policy add-cluster-role-to-user cluster-monitoring-view {{item}} - with_items: - - abompard - - asaleh - - bowlofeggs - - cverna - - dcallagh - - dustymabe - - gnaponie - - jlebon - - lholecek - - lucab - - misc - - mizdebsk - - mjia - - mohanboddu - - pingou - - ralph - - sanja - - siddharthvipul1 - - walters - - zlopez - changed_when: false - - name: Enable wildcard routes - command: oc -n default set env dc/router ROUTER_ALLOW_WILDCARD_ROUTES=true - changed_when: false - - -- name: Add a cleanup cron job to the nodes - hosts: os_nodes_stg:os_nodes - tags: - - os-node-cleanup - tasks: - - name: Ensure a job that runs every Mondays to clean old docker images from the nodes. - cron: - name: "remove docker dangling images" - weekday: "1" - minute: "0" - hour: "0" - job: "docker rmi $(docker images --filter dangling=true -q)" - state: present diff --git a/playbooks/manual/staging-sync/bodhi.yml b/playbooks/manual/staging-sync/bodhi.yml index ab680f8183..eff5a1a90c 100644 --- a/playbooks/manual/staging-sync/bodhi.yml +++ b/playbooks/manual/staging-sync/bodhi.yml @@ -13,7 +13,7 @@ - service: name=httpd state=stopped - name: bring staging services down (OpenShift web services) - hosts: os-master01.stg.iad2.fedoraproject.org + hosts: os-control01.stg.iad2.fedoraproject.org user: root vars_files: - /srv/web/infra/ansible/vars/global.yml @@ -68,7 +68,7 @@ - file: path=/var/tmp/bodhi2.dump state=absent - name: bring staging services up (OpenShift web services) - hosts: os-master01.stg.iad2.fedoraproject.org + hosts: os-control01.stg.iad2.fedoraproject.org user: root vars_files: - /srv/web/infra/ansible/vars/global.yml diff --git a/playbooks/vhost_reboot.yml b/playbooks/vhost_reboot.yml index 34c59db508..49e1d39394 100644 --- a/playbooks/vhost_reboot.yml +++ b/playbooks/vhost_reboot.yml @@ -44,21 +44,6 @@ serial: 1 tasks: - - name: figure out which node to delegate os cordon to - set_fact: - os_delegate_via: os-master01 - when: hostvars['os-master01.iad2.fedoraproject.org'].vmhost and hostvars[inventory_hostname].datacenter == 'iad2' - - - name: figure out which node to delegate os cordon to - set_fact: - os_delegate_via: os-master02 - when: hostvars['os-master02.iad2.fedoraproject.org'].vmhost and hostvars[inventory_hostname].datacenter == 'iad2' - - - name: figure out which node to delegate os cordon to - set_fact: - os_delegate_via: os-master03 - when: hostvars['os-master03.iad2.fedoraproject.org'].vmhost and hostvars[inventory_hostname].datacenter == 'iad2' - - name: delegate to on-control01 for ocp4 cluster set_fact: os_delegate_via: os-control01 @@ -72,7 +57,7 @@ - name: drain OS node if necessary command: oc adm drain {{inventory_hostname }} --ignore-daemonsets --delete-local-data delegate_to: "{{os_delegate_via}}{{env_suffix}}.iad2.fedoraproject.org" - when: inventory_hostname.startswith(('os-node', 'os-master', 'ocp', 'worker')) and hostvars[inventory_hostname].datacenter == 'iad2' + when: inventory_hostname.startswith(('ocp', 'worker')) and hostvars[inventory_hostname].datacenter == 'iad2' - name: schedule regular host downtime nagios: action=downtime minutes=30 service=host host={{ inventory_hostname_short }}{{ env_suffix }} @@ -136,20 +121,6 @@ serial: 1 tasks: - - name: figure out which node to delegate os uncordon to - set_fact: - os_delegate_via: os-master01 - when: hostvars['os-master01.iad2.fedoraproject.org'].vmhost and hostvars[inventory_hostname].datacenter == 'iad2' - - - name: figure out which node to delegate os uncordon to - set_fact: - os_delegate_via: os-master02 - when: hostvars['os-master02.iad2.fedoraproject.org'].vmhost and hostvars[inventory_hostname].datacenter == 'iad2' - - - name: figure out which node to delegate os uncordon to - set_fact: - os_delegate_via: os-master03 - when: hostvars['os-master03.iad2.fedoraproject.org'].vmhost and hostvars[inventory_hostname].datacenter == 'iad2' - name: delegate to on-control01 for ocp4 cluster set_fact: @@ -164,7 +135,7 @@ - name: Add back to openshift command: oc adm uncordon {{inventory_hostname}} delegate_to: "{{os_delegate_via}}{{env_suffix}}.iad2.fedoraproject.org" - when: inventory_hostname.startswith(('os-node', 'os-master', 'ocp', 'worker')) and hostvars[inventory_hostname].datacenter == 'iad2' + when: inventory_hostname.startswith(('ocp', 'worker')) and hostvars[inventory_hostname].datacenter == 'iad2' - name: restart gssproxy if we rebooted a ipa server service: name=gssproxy state=restarted diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml index 3472a6d797..564c5e3c1c 100644 --- a/roles/haproxy/tasks/main.yml +++ b/roles/haproxy/tasks/main.yml @@ -37,7 +37,6 @@ owner=root group=root mode=0600 with_items: - { file: "ipa.{{env}}-iad2.pem", dest: /etc/haproxy/ipa.pem } - - { file: "os-master.{{env}}-iad2.pem", dest: /etc/haproxy/os-master.pem } - { file: "ocp.{{env_short}}-iad2.pem", dest: "/etc/haproxy/ocp-{{env_short}}.pem" } tags: - haproxy diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.conf b/roles/httpd/reverseproxy/templates/reversepassproxy.conf index 9a2cd9f496..466a51e902 100644 --- a/roles/httpd/reverseproxy/templates/reversepassproxy.conf +++ b/roles/httpd/reverseproxy/templates/reversepassproxy.conf @@ -28,9 +28,6 @@ SSLProxyCheckPeerName Off SSLProxyCACertificateFile "/etc/haproxy/ocp-prod.pem" {% elif ocp4 and env == "staging" %} SSLProxyCACertificateFile "/etc/haproxy/ocp-stg.pem" -{% else %} -SSLProxyCACertificateFile "/etc/haproxy/os-master.pem" -{% endif %} {% endif %}