openshift 3.11: raise a glass!

Our openshift 3.11 cluster(s) served us long and well.

Now we have everything finally moved to the openshift 4 clusters (fas2
was the last holdout). We can finally retire this. :)

🎉🥂

Signed-off-by: Kevin Fenzi <kevin@scrye.com>

inventory/group_vars/os

@@ -1,11 +0,0 @@
----
-baseiptables: False
-host_group: os
-ipa_client_shell_groups:
-  - sysadmin-openshift
-ipa_client_sudo_groups:
-  - sysadmin-openshift
-#openshift_ansible_upgrading: False
-ipa_host_group: openshift
-ipa_host_group_desc: OpenShift cluster
-no_http2: True

inventory/group_vars/os_masters

@@ -1,26 +0,0 @@
----
-bodhi_openshift_pods: 1
-#
-# Set some bodhi variables here.
-# Since they are used when running playbooks against the master nodes.
-#
-bodhi_version: "6.0.0"
-nagios_Check_Services:
-  mail: false
-  nrpe: false
-  swap: false
-os_app_url: app.os.fedoraproject.org
-os_url: os.fedoraproject.org
-# GDPR SAR related dictionary
-sar_openshift:
-  # Name of the app
-  release-monitoring:
-    # Openshift namespace where the app runs
-    openshift_namespace: release-monitoring
-    # Name of openshift pod - will be used for label search
-    openshift_pod: release-monitoring-web
-    # Output file on local machine
-    sar_output_file: anitya.json
-    # Location of the script
-    sar_script: /usr/local/bin/sar
-swap: false

inventory/group_vars/os_masters_stg

@@ -1,12 +0,0 @@
----
-bodhi_openshift_pods: 1
-# Set some bodhi variables here.
-# Since they are used when running playbooks against the master nodes.
-#
-bodhi_version: "6.0.0"
-nagios_Check_Services:
-  mail: false
-  nrpe: false
-  swap: false
-os_app_url: app.os.stg.fedoraproject.org
-os_url: os.stg.fedoraproject.org

inventory/group_vars/os_nodes

@@ -1,8 +0,0 @@
----
-nagios_Check_Services:
-  mail: false
-  nrpe: false
-  swap: false
-os_app_url: app.os.fedoraproject.org
-os_url: os.fedoraproject.org
-swap: false

inventory/group_vars/os_nodes_stg

@@ -1,7 +0,0 @@
----
-nagios_Check_Services:
-  mail: false
-  nrpe: false
-  swap: false
-os_app_url: app.os.stg.fedoraproject.org
-os_url: os.stg.fedoraproject.org

inventory/group_vars/os_stg

@@ -1,12 +0,0 @@
----
-baseiptables: False
-host_group: os
-ipa_client_shell_groups:
-  - sysadmin-openshift
-ipa_client_sudo_groups:
-  - sysadmin-openshift
-# Only define this when upgrading, otherwise comment it
-# openshift_ansible_upgrading: True
-ipa_host_group: openshift
-ipa_host_group_desc: OpenShift cluster
-no_http2: False

inventory/group_vars/proxies

@@ -56,14 +56,6 @@ ocp_nodes:
   - worker04.vpn.fedoraproject.org
   - worker05.vpn.fedoraproject.org
   - worker06.vpn.fedoraproject.org
-openshift_masters:
-  - os-master01.vpn.fedoraproject.org
-  - os-master02.vpn.fedoraproject.org
-  - os-master03.vpn.fedoraproject.org
-openshift_nodes:
-  - os-node01.vpn.fedoraproject.org
-  - os-node02.vpn.fedoraproject.org
-  - os-node03.vpn.fedoraproject.org
 postvpnservices:
   - haproxy
   - varnish

inventory/group_vars/proxies_stg

@@ -49,16 +49,6 @@ ocp_nodes_stg:
   - worker03.ocp.stg.iad2.fedoraproject.org
   - worker04.ocp.stg.iad2.fedoraproject.org
   - worker05.ocp.stg.iad2.fedoraproject.org
-openshift_masters:
-  - os-master01.stg.iad2.fedoraproject.org
-  - os-master02.stg.iad2.fedoraproject.org
-  - os-master03.stg.iad2.fedoraproject.org
-openshift_nodes:
-  - os-node01.stg.iad2.fedoraproject.org
-  - os-node02.stg.iad2.fedoraproject.org
-  - os-node03.stg.iad2.fedoraproject.org
-  - os-node04.stg.iad2.fedoraproject.org
-openshift_nodes_stg: "{{ openshift_nodes }}"
 tcp_ports: [
   # For apache, generally.
   80, 443,

inventory/host_vars/os-master01.iad2.fedoraproject.org

@@ -1,17 +0,0 @@
----
-baseiptables: false
-datacenter: iad2
-eth0_ipv4_gw: 10.3.163.254
-eth0_ipv4_ip: 10.3.163.66
-ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/
-ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext
-lvm_size: 120g
-max_mem_size: 16384
-mem_size: 16384
-nrpe_procs_crit: 1000
-nrpe_procs_warn: 900
-num_cpus: 4
-resolvconf: "resolv.conf/iad2"
-vmhost: vmhost-x86-02.iad2.fedoraproject.org
-volgroup: /dev/vg_guests
-vpn: false

inventory/host_vars/os-master01.stg.iad2.fedoraproject.org

@@ -1,15 +0,0 @@
----
-datacenter: iad2
-eth0_ipv4_gw: 10.3.166.254
-eth0_ipv4_ip: 10.3.166.51
-host_group: os-stg
-ks_repo: http://10.3.163.35/repo/rhel/RHEL7-x86_64/
-ks_url: http://10.3.163.35/repo/rhel/ks/kvm-rhel-7-osbs-iad2
-lvm_size: 120g
-max_mem_size: 16384
-mem_size: 16384
-nrpe_procs_crit: 1000
-nrpe_procs_warn: 900
-num_cpus: 4
-vmhost: vmhost-x86-11.stg.iad2.fedoraproject.org
-volgroup: /dev/vg_guests

inventory/host_vars/os-master02.iad2.fedoraproject.org

@@ -1,17 +0,0 @@
----
-baseiptables: false
-datacenter: iad2
-eth0_ipv4_gw: 10.3.163.254
-eth0_ipv4_ip: 10.3.163.67
-ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/
-ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext
-lvm_size: 120g
-max_mem_size: 16384
-mem_size: 16384
-nrpe_procs_crit: 1000
-nrpe_procs_warn: 900
-num_cpus: 4
-resolvconf: "resolv.conf/iad2"
-vmhost: vmhost-x86-03.iad2.fedoraproject.org
-volgroup: /dev/vg_guests
-vpn: false

inventory/host_vars/os-master02.stg.iad2.fedoraproject.org

@@ -1,15 +0,0 @@
----
-datacenter: iad2
-eth0_ipv4_gw: 10.3.166.254
-eth0_ipv4_ip: 10.3.166.52
-host_group: os-stg
-ks_repo: http://10.3.163.35/repo/rhel/RHEL7-x86_64/
-ks_url: http://10.3.163.35/repo/rhel/ks/kvm-rhel-7-osbs-iad2
-lvm_size: 120g
-max_mem_size: 16384
-mem_size: 16384
-nrpe_procs_crit: 1000
-nrpe_procs_warn: 900
-num_cpus: 4
-vmhost: vmhost-x86-02.stg.iad2.fedoraproject.org
-volgroup: /dev/vg_guests

inventory/host_vars/os-master03.iad2.fedoraproject.org

@@ -1,17 +0,0 @@
----
-baseiptables: false
-datacenter: iad2
-eth0_ipv4_gw: 10.3.163.254
-eth0_ipv4_ip: 10.3.163.68
-ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/
-ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext
-lvm_size: 120g
-max_mem_size: 16384
-mem_size: 16384
-nrpe_procs_crit: 1000
-nrpe_procs_warn: 900
-num_cpus: 4
-resolvconf: "resolv.conf/iad2"
-vmhost: vmhost-x86-04.iad2.fedoraproject.org
-volgroup: /dev/vg_guests
-vpn: false

inventory/host_vars/os-master03.stg.iad2.fedoraproject.org

@@ -1,15 +0,0 @@
----
-datacenter: iad2
-eth0_ipv4_gw: 10.3.166.254
-eth0_ipv4_ip: 10.3.166.53
-host_group: os-stg
-ks_repo: http://10.3.163.35/repo/rhel/RHEL7-x86_64/
-ks_url: http://10.3.163.35/repo/rhel/ks/kvm-rhel-7-osbs-iad2
-lvm_size: 120g
-max_mem_size: 16384
-mem_size: 16384
-nrpe_procs_crit: 1000
-nrpe_procs_warn: 900
-num_cpus: 4
-vmhost: vmhost-x86-03.stg.iad2.fedoraproject.org
-volgroup: /dev/vg_guests

inventory/host_vars/os-node01.iad2.fedoraproject.org

@@ -1,17 +0,0 @@
----
-baseiptables: false
-datacenter: iad2
-eth0_ipv4_gw: 10.3.163.254
-eth0_ipv4_ip: 10.3.163.69
-ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/
-ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext
-lvm_size: 120g
-max_mem_size: 24576
-mem_size: 24576
-nrpe_procs_crit: 1000
-nrpe_procs_warn: 900
-num_cpus: 4
-resolvconf: "resolv.conf/iad2"
-vmhost: vmhost-x86-05.iad2.fedoraproject.org
-volgroup: /dev/vg_guests
-vpn: false

inventory/host_vars/os-node01.stg.iad2.fedoraproject.org

@@ -1,15 +0,0 @@
----
-datacenter: iad2
-eth0_ipv4_gw: 10.3.166.254
-eth0_ipv4_ip: 10.3.166.54
-host_group: os-stg
-ks_repo: http://10.3.163.35/repo/rhel/RHEL7-x86_64/
-ks_url: http://10.3.163.35/repo/rhel/ks/kvm-rhel-7-osbs-iad2
-lvm_size: 120g
-max_mem_size: 73728
-mem_size: 49152
-nrpe_procs_crit: 1000
-nrpe_procs_warn: 900
-num_cpus: 16
-vmhost: vmhost-x86-04.stg.iad2.fedoraproject.org
-volgroup: /dev/vg_guests

inventory/host_vars/os-node02.iad2.fedoraproject.org

@@ -1,17 +0,0 @@
----
-baseiptables: false
-datacenter: iad2
-eth0_ipv4_gw: 10.3.163.254
-eth0_ipv4_ip: 10.3.163.70
-ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/
-ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext
-lvm_size: 120g
-max_mem_size: 24576
-mem_size: 24576
-nrpe_procs_crit: 1000
-nrpe_procs_warn: 900
-num_cpus: 4
-resolvconf: "resolv.conf/iad2"
-vmhost: vmhost-x86-06.iad2.fedoraproject.org
-volgroup: /dev/vg_guests
-vpn: false

inventory/host_vars/os-node02.stg.iad2.fedoraproject.org

@@ -1,15 +0,0 @@
----
-datacenter: iad2
-eth0_ipv4_gw: 10.3.166.254
-eth0_ipv4_ip: 10.3.166.55
-host_group: os-stg
-ks_repo: http://10.3.163.35/repo/rhel/RHEL7-x86_64/
-ks_url: http://10.3.163.35/repo/rhel/ks/kvm-rhel-7-osbs-iad2
-lvm_size: 120g
-max_mem_size: 73728
-mem_size: 49152
-nrpe_procs_crit: 1000
-nrpe_procs_warn: 900
-num_cpus: 16
-vmhost: vmhost-x86-05.stg.iad2.fedoraproject.org
-volgroup: /dev/vg_guests

inventory/host_vars/os-node03.iad2.fedoraproject.org

@@ -1,17 +0,0 @@
----
-baseiptables: false
-datacenter: iad2
-eth0_ipv4_gw: 10.3.163.254
-eth0_ipv4_ip: 10.3.163.71
-ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/
-ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext
-lvm_size: 120g
-max_mem_size: 24576
-mem_size: 24576
-nrpe_procs_crit: 1000
-nrpe_procs_warn: 900
-num_cpus: 4
-resolvconf: "resolv.conf/iad2"
-vmhost: vmhost-x86-07.iad2.fedoraproject.org
-volgroup: /dev/vg_guests
-vpn: false

inventory/host_vars/os-node03.stg.iad2.fedoraproject.org

@@ -1,15 +0,0 @@
----
-datacenter: iad2
-eth0_ipv4_gw: 10.3.166.254
-eth0_ipv4_ip: 10.3.166.56
-host_group: os-stg
-ks_repo: http://10.3.163.35/repo/rhel/RHEL7-x86_64/
-ks_url: http://10.3.163.35/repo/rhel/ks/kvm-rhel-7-osbs-iad2
-lvm_size: 120g
-max_mem_size: 73728
-mem_size: 49152
-nrpe_procs_crit: 1000
-nrpe_procs_warn: 900
-num_cpus: 16
-vmhost: vmhost-x86-06.stg.iad2.fedoraproject.org
-volgroup: /dev/vg_guests

inventory/host_vars/os-node04.iad2.fedoraproject.org

@@ -1,17 +0,0 @@
----
-baseiptables: false
-datacenter: iad2
-eth0_ipv4_gw: 10.3.163.254
-eth0_ipv4_ip: 10.3.163.72
-ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/
-ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext
-lvm_size: 120g
-max_mem_size: 24576
-mem_size: 24576
-nrpe_procs_crit: 1000
-nrpe_procs_warn: 900
-num_cpus: 4
-resolvconf: "resolv.conf/iad2"
-vmhost: vmhost-x86-01.iad2.fedoraproject.org
-volgroup: /dev/vg_guests
-vpn: false

inventory/host_vars/os-node04.stg.iad2.fedoraproject.org

@@ -1,15 +0,0 @@
----
-datacenter: iad2
-eth0_ipv4_gw: 10.3.166.254
-eth0_ipv4_ip: 10.3.166.57
-host_group: os-stg
-ks_repo: http://10.3.163.35/repo/rhel/RHEL7-x86_64/
-ks_url: http://10.3.163.35/repo/rhel/ks/kvm-rhel-7-osbs-iad2
-lvm_size: 120g
-max_mem_size: 73728
-mem_size: 49152
-nrpe_procs_crit: 1000
-nrpe_procs_warn: 900
-num_cpus: 16
-vmhost: vmhost-x86-07.stg.iad2.fedoraproject.org
-volgroup: /dev/vg_guests

inventory/host_vars/os-node05.iad2.fedoraproject.org

@@ -1,17 +0,0 @@
----
-baseiptables: false
-datacenter: iad2
-eth0_ipv4_gw: 10.3.163.254
-eth0_ipv4_ip: 10.3.163.73
-ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/
-ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext
-lvm_size: 120g
-max_mem_size: 24576
-mem_size: 24576
-nrpe_procs_crit: 1000
-nrpe_procs_warn: 900
-num_cpus: 4
-resolvconf: "resolv.conf/iad2"
-vmhost: vmhost-x86-02.iad2.fedoraproject.org
-volgroup: /dev/vg_guests
-vpn: false

inventory/host_vars/os-node05.stg.iad2.fedoraproject.org

@@ -1,15 +0,0 @@
----
-datacenter: iad2
-eth0_ipv4_gw: 10.3.166.254
-eth0_ipv4_ip: 10.3.166.58
-host_group: os-stg
-ks_repo: http://10.3.163.35/repo/rhel/RHEL7-x86_64/
-ks_url: http://10.3.163.35/repo/rhel/ks/kvm-rhel-7-osbs-iad2
-lvm_size: 120g
-max_mem_size: 73728
-mem_size: 49152
-nrpe_procs_crit: 1000
-nrpe_procs_warn: 900
-num_cpus: 16
-vmhost: vmhost-x86-08.stg.iad2.fedoraproject.org
-volgroup: /dev/vg_guests

inventory/inventory

@@ -205,11 +205,6 @@ badges-web01.stg.iad2.fedoraproject.org
 bodhi-backend01.stg.iad2.fedoraproject.org
 busgateway01.stg.iad2.fedoraproject.org
 koji01.stg.iad2.fedoraproject.org
-os-node01.stg.iad2.fedoraproject.org
-os-node02.stg.iad2.fedoraproject.org
-os-node03.stg.iad2.fedoraproject.org
-os-node04.stg.iad2.fedoraproject.org
-os-node05.stg.iad2.fedoraproject.org
 
 [download_iad2]
 dl01.iad2.fedoraproject.org
@@ -684,14 +679,6 @@ notifs-web01.stg.iad2.fedoraproject.org
 odcs-backend01.stg.iad2.fedoraproject.org
 odcs-frontend01.stg.iad2.fedoraproject.org
 os-control01.stg.iad2.fedoraproject.org
-os-master01.stg.iad2.fedoraproject.org
-os-master02.stg.iad2.fedoraproject.org
-os-master03.stg.iad2.fedoraproject.org
-os-node01.stg.iad2.fedoraproject.org
-os-node02.stg.iad2.fedoraproject.org
-os-node03.stg.iad2.fedoraproject.org
-os-node04.stg.iad2.fedoraproject.org
-os-node05.stg.iad2.fedoraproject.org
 osbs-control01.stg.iad2.fedoraproject.org
 osbs-master01.stg.iad2.fedoraproject.org
 osbs-node01.stg.iad2.fedoraproject.org
@@ -1126,56 +1113,9 @@ worker05.ocp.stg.iad2.fedoraproject.org
 [os_control_stg]
 os-control01.stg.iad2.fedoraproject.org
 
-[os_masters_stg]
-os-master01.stg.iad2.fedoraproject.org
-os-master02.stg.iad2.fedoraproject.org
-os-master03.stg.iad2.fedoraproject.org
-
-[os_infra_nodes_stg]
-os-node01.stg.iad2.fedoraproject.org
-os-node02.stg.iad2.fedoraproject.org
-os-node03.stg.iad2.fedoraproject.org
-os-node04.stg.iad2.fedoraproject.org
-os-node05.stg.iad2.fedoraproject.org
-
-[os_nodes_stg:children]
-os_infra_nodes_stg
-
-[os_stg:children]
-os_nodes_stg
-os_masters_stg
-os_control_stg
-
 [os_control]
 os-control01.iad2.fedoraproject.org
 
-[os_masters]
-os-master01.iad2.fedoraproject.org
-os-master02.iad2.fedoraproject.org
-os-master03.iad2.fedoraproject.org
-
-[os_infra_nodes]
-os-node01.iad2.fedoraproject.org
-os-node02.iad2.fedoraproject.org
-os-node03.iad2.fedoraproject.org
-os-node04.iad2.fedoraproject.org
-os-node05.iad2.fedoraproject.org
-
-[os_nodes]
-os-node01.iad2.fedoraproject.org
-os-node02.iad2.fedoraproject.org
-os-node03.iad2.fedoraproject.org
-os-node04.iad2.fedoraproject.org
-os-node05.iad2.fedoraproject.org
-
-[os_nodes:children]
-os_infra_nodes
-
-[os:children]
-os_nodes
-os_masters
-os_control
-
 # registries
 [oci_registry]
 oci-registry01.iad2.fedoraproject.org

playbooks/groups/os-cluster.yml

@@ -1,269 +0,0 @@
-# create an os server
-- import_playbook:  "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=os_control_stg:os_control:os_nodes_stg:os_masters_stg:os_nodes:os_masters"
-
-- name: make the box be real
-  hosts: os_control:os_control_stg:os_masters_stg:os_nodes_stg:os_masters:os_nodes
-  user: root
-  gather_facts: True
-
-  vars_files:
-    - /srv/web/infra/ansible/vars/global.yml
-    - "/srv/private/ansible/vars.yml"
-    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
-
-  roles:
-    - base
-    - rkhunter
-    - nagios_client
-    - hosts
-    - { role: openvpn/client, when: env != "staging" }
-    - ipa/client
-    - rsyncd
-    - sudo
-
-  tasks:
-    - name: put openshift repo on os- systems
-      template: src="{{ files }}/openshift/openshift.repo" dest="/etc/yum.repos.d/openshift.repo"
-      tags:
-      - config
-      - packages
-      - yumrepos
-
-    - name: Deploy controller public ssh keys to osbs cluster hosts
-      authorized_key:
-        user: root
-        key: "{{ lookup('file', '{{private}}/files/os/{{env}}/control_key.pub') }}"
-
-    - name: copy docker-storage-setup config
-      copy:
-        src: "{{files}}/osbs/docker-storage-setup"
-        dest:  "/etc/sysconfig/docker-storage-setup"
-
-    - name: install redhat ca file
-      package:
-         name: subscription-manager-rhsm-certificates
-         state: present
-
-    - import_tasks: "{{ tasks_path }}/yumrepos.yml"
-    - import_tasks: "{{ tasks_path }}/motd.yml"
-
-  handlers:
-  - import_tasks: "{{ handlers_path }}/restart_services.yml"
-
-- name: OSBS control hosts pre-req setup
-  hosts: os_control:os_control_stg
-  tags:
-    - os-cluster-prereq
-  user: root
-  gather_facts: True
-
-  vars_files:
-    - /srv/web/infra/ansible/vars/global.yml
-    - "/srv/private/ansible/vars.yml"
-    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
-
-  tasks:
-    - name: fix hosts file
-      copy:
-        src: "{{roles_path}}/hosts/files/os-hosts"
-        dest: "/etc/hosts"
-        owner: root
-        mode: 0644
-
-    - name: deploy private key to control hosts
-      copy:
-        src: "{{private}}/files/os/{{env}}/control_key"
-        dest: "/root/.ssh/id_rsa"
-        owner: root
-        mode: 0600
-
-    - name: set ansible to use pipelining
-      ini_file:
-        dest: /etc/ansible/ansible.cfg
-        section: ssh_connection
-        option: pipelining
-        value: "True"
-
-    - name: Install htpasswd (used in installs)
-      package: name=httpd-tools state=present
-
-    - name: Install java (used in installs)
-      package: name=java-1.8.0-openjdk-headless state=present
-
-    - name: Install python-passlib (used in installs)
-      package: name=python-passlib state=present
-
-- name: Pre tasks for master/nodes
-  hosts: os_masters_stg:os_masters
-  tags:
-    - os-cluster-deploy
-  user: root
-  gather_facts: True
-
-  vars_files:
-    - /srv/web/infra/ansible/vars/global.yml
-    - "/srv/private/ansible/vars.yml"
-    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
-
-  tasks:
-
-    - name: make sure the directory for the link is there.
-      file: path=/etc/origin/master state=directory mode=0755
-
-    - name: setup link to known ca list for id.fedoraproject.org
-      file: state=link src=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem dest=/etc/origin/master/fedoraidp_openid_ca.crt
-
-- name: Deploy OpenShift cluster
-  hosts: os_control:os_control_stg
-  tags:
-    - os-cluster-deploy
-  user: root
-  gather_facts: True
-
-  vars_files:
-    - /srv/web/infra/ansible/vars/global.yml
-    - "/srv/private/ansible/vars.yml"
-    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
-
-  roles:
-    - {
-      role: ansible-ansible-openshift-ansible,
-        cluster_inventory_filename: "cluster-inventory-stg",
-        openshift_release: "v3.11",
-        openshift_ansible_path: "/root/openshift-ansible",
-        openshift_ansible_pre_playbook: "playbooks/prerequisites.yml",
-        openshift_ansible_playbook: "playbooks/deploy_cluster.yml",
-        openshift_ansible_version: "openshift-ansible-3.11.216-1",
-        openshift_ansible_ssh_user: root,
-        openshift_ansible_install_examples: true,
-        openshift_ansible_containerized_deploy: false,
-        openshift_cluster_masters_group: "os_masters_stg",
-        openshift_cluster_nodes_group: "os_nodes_stg",
-        openshift_cluster_infra_group: "os_nodes_stg",
-        openshift_auth_profile: "fedoraidp-stg",
-        openshift_master_ha: true,
-        openshift_debug_level: 1,
-        openshift_deployment_type: "openshift-enterprise",
-        openshift_cluster_url: "{{ os_url}}",
-        openshift_app_subdomain: "{{ os_app_url }}",
-        openshift_internal_cluster_url: "os-masters{{ env_suffix }}.iad2.fedoraproject.org",
-        openshift_api_port: 443,
-        openshift_console_port: 443,
-        openshift_shared_infra: true,
-        openshift_ansible_use_crio: true,
-        openshift_ansible_crio_only: false,
-        when: env == 'staging',
-        tags: ['openshift-cluster','ansible-ansible-openshift-ansible']
-      }
-    - {
-      role: ansible-ansible-openshift-ansible,
-        cluster_inventory_filename: "cluster-inventory",
-        openshift_release: "v3.11",
-        openshift_ansible_path: "/root/openshift-ansible",
-        openshift_ansible_pre_playbook: "playbooks/prerequisites.yml",
-        openshift_ansible_playbook: "playbooks/deploy_cluster.yml",
-        openshift_ansible_version: "openshift-ansible-3.11.216-1",
-        openshift_ansible_ssh_user: root,
-        openshift_ansible_install_examples: true,
-        openshift_ansible_containerized_deploy: false,
-        openshift_cluster_masters_group: "os_masters",
-        openshift_cluster_nodes_group: "os_nodes",
-        openshift_cluster_infra_group: "os_nodes",
-        openshift_auth_profile: "fedoraidp",
-        openshift_master_ha: true,
-        openshift_debug_level: 1,
-        openshift_deployment_type: "openshift-enterprise",
-        openshift_cluster_url: "{{ os_url}}",
-        openshift_app_subdomain: "{{ os_app_url }}",
-        openshift_internal_cluster_url: "os-masters{{ env_suffix }}.iad2.fedoraproject.org",
-        openshift_api_port: 443,
-        openshift_console_port: 443,
-        openshift_shared_infra: true,
-        openshift_ansible_use_crio: true,
-        openshift_ansible_crio_only: false,
-        when: env != 'staging' and datacenter == 'iad2',
-        tags: ['openshift-cluster','ansible-ansible-openshift-ansible']
-    }
-
-- name: Post-Install setup
-  hosts: os_stg:os
-  tags:
-    - os-post-install
-  vars_files:
-    - /srv/web/infra/ansible/vars/global.yml
-    - /srv/private/ansible/vars.yml
-    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
-
-  tasks:
-    - name: enable nrpe for monitoring (noc01)
-      iptables: action=insert chain=INPUT destination_port=5666 protocol=tcp source=10.3.163.10 state=present jump=ACCEPT
-      tags:
-      - iptables
-
-- name: Post-Install master setup
-  hosts: os_masters_stg:os_masters
-  tags:
-    - os-post-install
-  vars_files:
-    - /srv/web/infra/ansible/vars/global.yml
-    - /srv/private/ansible/vars.yml
-    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
-
-  tasks:
-    - name: Disallow users from provisioning
-      command: oc adm policy remove-cluster-role-from-group self-provisioner system:authenticated system:authenticated:oauth
-      changed_when: false
-      register: command_result
-      failed_when: "' removed:' not in command_result.stdout and 'unable to find target' not in command_result.stderr"
-      run_once: True
-    - name: Allow some users cluster admin
-      command: oadm policy add-cluster-role-to-user cluster-admin {{item}}
-      with_items:
-      - puiterwijk
-      - kevin
-      - codeblock
-      - smooge
-      - mobrien
-      changed_when: false
-    - name: Set all app owners to have cluster-monitoring-view
-      command: oadm policy add-cluster-role-to-user cluster-monitoring-view {{item}}
-      with_items:
-      - abompard
-      - asaleh
-      - bowlofeggs
-      - cverna
-      - dcallagh
-      - dustymabe
-      - gnaponie
-      - jlebon
-      - lholecek
-      - lucab
-      - misc
-      - mizdebsk
-      - mjia
-      - mohanboddu
-      - pingou
-      - ralph
-      - sanja
-      - siddharthvipul1
-      - walters
-      - zlopez
-      changed_when: false
-    - name: Enable wildcard routes
-      command: oc -n default set env dc/router ROUTER_ALLOW_WILDCARD_ROUTES=true
-      changed_when: false
-
-
-- name: Add a cleanup cron job to the nodes
-  hosts: os_nodes_stg:os_nodes
-  tags:
-    - os-node-cleanup
-  tasks:
-  - name: Ensure a job that runs every Mondays to clean old docker images from the nodes.
-    cron:
-      name: "remove docker dangling images"
-      weekday: "1"
-      minute: "0"
-      hour: "0"
-      job: "docker rmi $(docker images --filter dangling=true -q)"
-      state: present

playbooks/manual/staging-sync/bodhi.yml

@@ -13,7 +13,7 @@
   - service: name=httpd state=stopped
 
 - name: bring staging services down (OpenShift web services)
-  hosts: os-master01.stg.iad2.fedoraproject.org
+  hosts: os-control01.stg.iad2.fedoraproject.org
   user: root
   vars_files:
    - /srv/web/infra/ansible/vars/global.yml
@@ -68,7 +68,7 @@
   - file: path=/var/tmp/bodhi2.dump state=absent
 
 - name: bring staging services up (OpenShift web services)
-  hosts: os-master01.stg.iad2.fedoraproject.org
+  hosts: os-control01.stg.iad2.fedoraproject.org
   user: root
   vars_files:
    - /srv/web/infra/ansible/vars/global.yml

playbooks/vhost_reboot.yml

@@ -44,21 +44,6 @@
   serial: 1
 
   tasks:
-  - name: figure out which node to delegate os cordon to
-    set_fact:
-      os_delegate_via: os-master01
-    when: hostvars['os-master01.iad2.fedoraproject.org'].vmhost and hostvars[inventory_hostname].datacenter == 'iad2'
-
-  - name: figure out which node to delegate os cordon to
-    set_fact:
-      os_delegate_via: os-master02
-    when: hostvars['os-master02.iad2.fedoraproject.org'].vmhost and hostvars[inventory_hostname].datacenter == 'iad2'
-
-  - name: figure out which node to delegate os cordon to
-    set_fact:
-      os_delegate_via: os-master03
-    when: hostvars['os-master03.iad2.fedoraproject.org'].vmhost and hostvars[inventory_hostname].datacenter == 'iad2'
-
   - name: delegate to on-control01 for ocp4 cluster
     set_fact:
       os_delegate_via: os-control01
@@ -72,7 +57,7 @@
   - name: drain OS node if necessary
     command: oc adm drain {{inventory_hostname }} --ignore-daemonsets --delete-local-data
     delegate_to: "{{os_delegate_via}}{{env_suffix}}.iad2.fedoraproject.org"
-    when: inventory_hostname.startswith(('os-node', 'os-master', 'ocp', 'worker')) and hostvars[inventory_hostname].datacenter == 'iad2'
+    when: inventory_hostname.startswith(('ocp', 'worker')) and hostvars[inventory_hostname].datacenter == 'iad2'
 
   - name: schedule regular host downtime
     nagios: action=downtime minutes=30 service=host host={{ inventory_hostname_short }}{{ env_suffix }}
@@ -136,20 +121,6 @@
   serial: 1
 
   tasks:
-  - name: figure out which node to delegate os uncordon to
-    set_fact:
-      os_delegate_via: os-master01
-    when: hostvars['os-master01.iad2.fedoraproject.org'].vmhost and hostvars[inventory_hostname].datacenter == 'iad2'
-
-  - name: figure out which node to delegate os uncordon to
-    set_fact:
-      os_delegate_via: os-master02
-    when: hostvars['os-master02.iad2.fedoraproject.org'].vmhost and hostvars[inventory_hostname].datacenter == 'iad2'
-
-  - name: figure out which node to delegate os uncordon to
-    set_fact:
-      os_delegate_via: os-master03
-    when: hostvars['os-master03.iad2.fedoraproject.org'].vmhost and hostvars[inventory_hostname].datacenter == 'iad2'
 
   - name: delegate to on-control01 for ocp4 cluster
     set_fact:
@@ -164,7 +135,7 @@
   - name: Add back to openshift
     command: oc adm uncordon {{inventory_hostname}}
     delegate_to: "{{os_delegate_via}}{{env_suffix}}.iad2.fedoraproject.org"
-    when: inventory_hostname.startswith(('os-node', 'os-master', 'ocp', 'worker')) and hostvars[inventory_hostname].datacenter == 'iad2'
+    when: inventory_hostname.startswith(('ocp', 'worker')) and hostvars[inventory_hostname].datacenter == 'iad2'
 
   - name: restart gssproxy if we rebooted a ipa server
     service: name=gssproxy state=restarted

roles/haproxy/tasks/main.yml

@@ -37,7 +37,6 @@
         owner=root group=root mode=0600
   with_items:
   - { file: "ipa.{{env}}-iad2.pem", dest: /etc/haproxy/ipa.pem }
-  - { file: "os-master.{{env}}-iad2.pem", dest: /etc/haproxy/os-master.pem }
   - { file: "ocp.{{env_short}}-iad2.pem", dest: "/etc/haproxy/ocp-{{env_short}}.pem" }
   tags:
   - haproxy

roles/httpd/reverseproxy/templates/reversepassproxy.conf

@@ -28,9 +28,6 @@ SSLProxyCheckPeerName Off
 SSLProxyCACertificateFile "/etc/haproxy/ocp-prod.pem"
 {% elif ocp4 and env == "staging" %}
 SSLProxyCACertificateFile "/etc/haproxy/ocp-stg.pem"
-{% else %}
-SSLProxyCACertificateFile "/etc/haproxy/os-master.pem"
-{% endif %}
 {% endif %}
 
 <Proxy "balancer://{{balancer_name}}-websocket">