From eb991fa9c1a5accd701042903f937e9bc9dd808c Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 26 Jan 2022 12:14:23 -0800 Subject: [PATCH] base / big network cleanup Everything should now be using linux-system-roles/network, so we drop our hacky nmcli calls and everything that referred to them, including exclude variables. Also, lets just let NM handle resolv.conf so it's not wrong all the time on reboots. Signed-off-by: Kevin Fenzi --- inventory/group_vars/aarch64_test | 1 - inventory/group_vars/all | 2 - inventory/group_vars/buildvm_s390x_stg | 1 - inventory/group_vars/cloud | 1 - inventory/group_vars/cloud_aws | 1 - inventory/group_vars/copr | 1 - inventory/group_vars/copr_aws | 2 - inventory/group_vars/copr_dev | 1 - inventory/group_vars/copr_dev_aws | 2 - inventory/group_vars/copr_stg | 1 - inventory/group_vars/download_rdu2 | 1 - inventory/group_vars/maintainer_test | 1 - inventory/group_vars/openstack_compute | 1 - inventory/group_vars/os | 1 - inventory/group_vars/os_stg | 1 - inventory/group_vars/osbs | 1 - inventory/group_vars/osbs_stg | 1 - inventory/group_vars/retrace | 1 - inventory/group_vars/sign_vault | 1 - .../host_vars/backup01.iad2.fedoraproject.org | 1 - ...uildvmhost-s390x-01.s390.fedoraproject.org | 1 - .../copr-db-stg.aws.fedoraproject.org | 2 - .../copr-dist-git-dev.aws.fedoraproject.org | 2 - .../copr-dist-git.aws.fedoraproject.org | 2 - .../copr-fe-dev.aws.fedoraproject.org | 2 - .../host_vars/copr-fe.aws.fedoraproject.org | 2 - .../copr-keygen-dev.aws.fedoraproject.org | 2 - .../copr-keygen.aws.fedoraproject.org | 2 - .../host_vars/iddev.fedorainfracloud.org | 1 - .../retrace-stg.aws.fedoraproject.org | 2 - .../cloud-noc01.fedorainfracloud.org | 4 - roles/base/files/resolv.conf/coloamer | 4 - roles/base/files/resolv.conf/copr-aws | 4 - .../base/files/resolv.conf/dedicatedsolutions | 4 - roles/base/files/resolv.conf/fedorainfracloud | 4 - roles/base/files/resolv.conf/host1plus | 5 - roles/base/files/resolv.conf/iad2 | 4 - roles/base/files/resolv.conf/ibiblio | 4 - roles/base/files/resolv.conf/internetx | 4 - roles/base/files/resolv.conf/kojibuilder | 4 - roles/base/files/resolv.conf/kojibuilder_iad2 | 4 - roles/base/files/resolv.conf/osuosl | 4 - roles/base/files/resolv.conf/rdu | 3 - roles/base/files/resolv.conf/rdu-cc | 4 - roles/base/files/resolv.conf/resolv.conf | 4 - roles/base/files/resolv.conf/staging | 4 - roles/base/tasks/main.yml | 111 ------------------ 47 files changed, 216 deletions(-) delete mode 100644 roles/base/files/resolv.conf/cloud-noc01.fedorainfracloud.org delete mode 100644 roles/base/files/resolv.conf/coloamer delete mode 100644 roles/base/files/resolv.conf/copr-aws delete mode 100644 roles/base/files/resolv.conf/dedicatedsolutions delete mode 100644 roles/base/files/resolv.conf/fedorainfracloud delete mode 100644 roles/base/files/resolv.conf/host1plus delete mode 100644 roles/base/files/resolv.conf/iad2 delete mode 100644 roles/base/files/resolv.conf/ibiblio delete mode 100644 roles/base/files/resolv.conf/internetx delete mode 100644 roles/base/files/resolv.conf/kojibuilder delete mode 100644 roles/base/files/resolv.conf/kojibuilder_iad2 delete mode 100644 roles/base/files/resolv.conf/osuosl delete mode 100644 roles/base/files/resolv.conf/rdu delete mode 100644 roles/base/files/resolv.conf/rdu-cc delete mode 100644 roles/base/files/resolv.conf/resolv.conf delete mode 100644 roles/base/files/resolv.conf/staging diff --git a/inventory/group_vars/aarch64_test b/inventory/group_vars/aarch64_test index 756896c1c4..c97a4b4852 100644 --- a/inventory/group_vars/aarch64_test +++ b/inventory/group_vars/aarch64_test @@ -1,5 +1,4 @@ --- -ansible_ifcfg_blocklist: true freezes: false host_group: cloud sudoers: "{{ private }}/files/sudo/arm-packager-sudoers" diff --git a/inventory/group_vars/all b/inventory/group_vars/all index fa7bb130fa..5087cd3fee 100644 --- a/inventory/group_vars/all +++ b/inventory/group_vars/all @@ -10,7 +10,6 @@ additional_host_keytabs: [] ansible_base: /srv/web/infra # Default to managing the network, we want to not do this on select # hosts (like cloud nodes) -ansible_ifcfg_blocklist: false # List of interfaces to explicitly disable ansible_ifcfg_disabled: [] # on MOST infra systems, the interface connected to the infra network @@ -172,7 +171,6 @@ nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3" nm: 255.255.255.0 # Most of our machines have manual resolv.conf files # These settings are for machines where NM is supposed to control resolv.conf. -nm_controlled_resolv: False nrpe_check_postfix_queue_crit: 5 # by default, the number of emails in queue before we whine nrpe_check_postfix_queue_warn: 2 diff --git a/inventory/group_vars/buildvm_s390x_stg b/inventory/group_vars/buildvm_s390x_stg index 287e53c8e2..b860e03fae 100644 --- a/inventory/group_vars/buildvm_s390x_stg +++ b/inventory/group_vars/buildvm_s390x_stg @@ -1,5 +1,4 @@ --- -ansible_ifcfg_blocklist: True createrepo: False csi_primary_contact: Fedora Admins - admin@fedoraproject.org csi_purpose: Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders. diff --git a/inventory/group_vars/cloud b/inventory/group_vars/cloud index dd7e4827d8..0caa1ef1f2 100644 --- a/inventory/group_vars/cloud +++ b/inventory/group_vars/cloud @@ -1,5 +1,4 @@ --- -ansible_ifcfg_blocklist: true datacenter: cloud nagios_Check_Services: mail: false diff --git a/inventory/group_vars/cloud_aws b/inventory/group_vars/cloud_aws index 5579d63ed7..260134bb25 100644 --- a/inventory/group_vars/cloud_aws +++ b/inventory/group_vars/cloud_aws @@ -5,7 +5,6 @@ #ansible_become_method: sudo # Disable ethX ifcfg, let amazon handle these via DHCP. -ansible_ifcfg_blocklist: true datacenter: aws nagios_Check_Services: dhcpd: false diff --git a/inventory/group_vars/copr b/inventory/group_vars/copr index e803768a95..6895bf046e 100644 --- a/inventory/group_vars/copr +++ b/inventory/group_vars/copr @@ -1,6 +1,5 @@ --- _forward_src: "forward" -ansible_ifcfg_blocklist: true backend_base_url: "https://download.copr.fedorainfracloud.org" builders: # max|max_spawn|max_prealloc diff --git a/inventory/group_vars/copr_aws b/inventory/group_vars/copr_aws index 49d25b6ebd..6b3ee17524 100644 --- a/inventory/group_vars/copr_aws +++ b/inventory/group_vars/copr_aws @@ -1,6 +1,5 @@ --- _forward_src: "forward" -ansible_ifcfg_blocklist: true aws_arch_subnets: # Your requested instance type (a1.xlarge) is not supported in your requested Availability Zone (us-east-1a). # Your requested instance type (a1.xlarge) is not supported in your requested Availability Zone (us-east-1d). @@ -65,7 +64,6 @@ devel: false dist_git_base_url: "copr-dist-git.fedorainfracloud.org" frontend_base_url: "https://copr.fedorainfracloud.org" keygen_host: "54.83.48.73" -nm_controlled_resolv: True postfix_group: copr rpm_vendor_copr_name: Fedora Copr services_disabled: false diff --git a/inventory/group_vars/copr_dev b/inventory/group_vars/copr_dev index 8e19a6d1e2..39f2b32307 100644 --- a/inventory/group_vars/copr_dev +++ b/inventory/group_vars/copr_dev @@ -1,7 +1,6 @@ --- #_forward-src: "{{ files }}/copr/forward-dev" _forward_src: "forward_dev" -ansible_ifcfg_blocklist: true backend_base_url: "https://download.copr-dev.fedorainfracloud.org" builders: # max|max_spawn|max_prealloc diff --git a/inventory/group_vars/copr_dev_aws b/inventory/group_vars/copr_dev_aws index c2aee53cb1..accf716a73 100644 --- a/inventory/group_vars/copr_dev_aws +++ b/inventory/group_vars/copr_dev_aws @@ -1,6 +1,5 @@ --- _forward_src: "forward_dev" -ansible_ifcfg_blocklist: true aws_arch_subnets: # Your requested instance type (a1.xlarge) is not supported in your requested Availability Zone (us-east-1a). # Your requested instance type (a1.xlarge) is not supported in your requested Availability Zone (us-east-1d). @@ -64,7 +63,6 @@ devel: true dist_git_base_url: "copr-dist-git-dev.fedorainfracloud.org" frontend_base_url: "https://copr-fe-dev.cloud.fedoraproject.org" keygen_host: "54.225.23.248" -nm_controlled_resolv: True postfix_group: copr rpm_vendor_copr_name: Fedora Copr (devel) services_disabled: false diff --git a/inventory/group_vars/copr_stg b/inventory/group_vars/copr_stg index 79d3b662de..f357a01257 100644 --- a/inventory/group_vars/copr_stg +++ b/inventory/group_vars/copr_stg @@ -1,7 +1,6 @@ --- #_forward-src: "{{ files }}/copr/forward-dev" _forward_src: "forward_dev" -ansible_ifcfg_blocklist: true backend_base_url: "https://copr-be-stg.fedorainfracloud.org" # don't forget to update ip in ./copr-keygen-stg, due to custom firewall rules copr_backend_ips: ["172.25.33.49", "209.132.184.44"] diff --git a/inventory/group_vars/download_rdu2 b/inventory/group_vars/download_rdu2 index 5a5ab06243..8617e2cbda 100644 --- a/inventory/group_vars/download_rdu2 +++ b/inventory/group_vars/download_rdu2 @@ -1,5 +1,4 @@ --- -ansible_ifcfg_blocklist: true datacenter: rdu # nfs mount options, overrides the all/default nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,actimeo=600,nfsvers=3" diff --git a/inventory/group_vars/maintainer_test b/inventory/group_vars/maintainer_test index b8052cceb3..7af238e11f 100644 --- a/inventory/group_vars/maintainer_test +++ b/inventory/group_vars/maintainer_test @@ -1,5 +1,4 @@ --- -ansible_ifcfg_blocklist: true datacenter: aws freezes: false ipa_client_shell_groups: diff --git a/inventory/group_vars/openstack_compute b/inventory/group_vars/openstack_compute index 50cbe748eb..be836c8918 100644 --- a/inventory/group_vars/openstack_compute +++ b/inventory/group_vars/openstack_compute @@ -1,5 +1,4 @@ --- -ansible_ifcfg_blocklist: true baseiptables: False host_group: openstack-compute nrpe_procs_crit: 1200 diff --git a/inventory/group_vars/os b/inventory/group_vars/os index eeabe8ea01..c716224e38 100644 --- a/inventory/group_vars/os +++ b/inventory/group_vars/os @@ -8,5 +8,4 @@ ipa_client_sudo_groups: #openshift_ansible_upgrading: False ipa_host_group: openshift ipa_host_group_desc: OpenShift cluster -nm_controlled_resolv: True no_http2: True diff --git a/inventory/group_vars/os_stg b/inventory/group_vars/os_stg index 5679d1358d..d905aceedd 100644 --- a/inventory/group_vars/os_stg +++ b/inventory/group_vars/os_stg @@ -9,5 +9,4 @@ ipa_client_sudo_groups: # openshift_ansible_upgrading: True ipa_host_group: openshift ipa_host_group_desc: OpenShift cluster -nm_controlled_resolv: True no_http2: False diff --git a/inventory/group_vars/osbs b/inventory/group_vars/osbs index 890d87e6c9..70c666b6f6 100644 --- a/inventory/group_vars/osbs +++ b/inventory/group_vars/osbs @@ -20,7 +20,6 @@ ipa_host_group_desc: OpenShift Build Service koji_url: "koji.fedoraproject.org" lvm_size: 60000 mem_size: 8192 -nm_controlled_resolv: True num_cpus: 2 #openshift_ansible_upgrading: True diff --git a/inventory/group_vars/osbs_stg b/inventory/group_vars/osbs_stg index b0b05c5b4f..3f06f1a64e 100644 --- a/inventory/group_vars/osbs_stg +++ b/inventory/group_vars/osbs_stg @@ -20,7 +20,6 @@ ipa_host_group_desc: OpenShift Build Service koji_url: "koji.stg.fedoraproject.org" lvm_size: 60000 mem_size: 8192 -nm_controlled_resolv: True num_cpus: 2 openshift_ansible_upgrading: True # docker images required by OpenShift Origin diff --git a/inventory/group_vars/retrace b/inventory/group_vars/retrace index 1d39f674fd..3c8b832e92 100644 --- a/inventory/group_vars/retrace +++ b/inventory/group_vars/retrace @@ -1,5 +1,4 @@ --- -ansible_ifcfg_blocklist: true custom_rules: - '-A INPUT -p tcp -m tcp -s 10.5.78.11 --dport 2049 -j ACCEPT' - '-A INPUT -p tcp -m tcp -s 10.5.78.11 --dport 5432 -j ACCEPT' diff --git a/inventory/group_vars/sign_vault b/inventory/group_vars/sign_vault index 3110214d92..61d3daf2c6 100644 --- a/inventory/group_vars/sign_vault +++ b/inventory/group_vars/sign_vault @@ -1,5 +1,4 @@ --- -ansible_ifcfg_blocklist: true freezes: true host_group: sign nagios_Check_Services: diff --git a/inventory/host_vars/backup01.iad2.fedoraproject.org b/inventory/host_vars/backup01.iad2.fedoraproject.org index 5865256378..02453946c0 100644 --- a/inventory/host_vars/backup01.iad2.fedoraproject.org +++ b/inventory/host_vars/backup01.iad2.fedoraproject.org @@ -1,5 +1,4 @@ --- -ansible_ifcfg_blocklist: true datacenter: iad2 dns1: 10.3.163.33 dns2: 10.3.163.34 diff --git a/inventory/host_vars/buildvmhost-s390x-01.s390.fedoraproject.org b/inventory/host_vars/buildvmhost-s390x-01.s390.fedoraproject.org index 3631810770..78a0af7e10 100644 --- a/inventory/host_vars/buildvmhost-s390x-01.s390.fedoraproject.org +++ b/inventory/host_vars/buildvmhost-s390x-01.s390.fedoraproject.org @@ -1,4 +1,3 @@ -ansible_ifcfg_blocklist: true dns1: 10.3.163.33 dns2: 10.3.163.34 dns_search1: fedoraproject.org diff --git a/inventory/host_vars/copr-db-stg.aws.fedoraproject.org b/inventory/host_vars/copr-db-stg.aws.fedoraproject.org index 7b87a398fb..fdb8a6a298 100644 --- a/inventory/host_vars/copr-db-stg.aws.fedoraproject.org +++ b/inventory/host_vars/copr-db-stg.aws.fedoraproject.org @@ -1,7 +1,6 @@ --- ansible_become: yes ansible_become_user: root -ansible_ifcfg_blocklist: True ansible_user: ec2-user # Copr vars copr_hostbase: copr-db-stg @@ -33,7 +32,6 @@ nagios_Check_Services: raid: false sshd: false swap: false -nm_controlled_resolv: True public_ip: 52.200.82.86 root_auth_users: msuchy frostyx praiskup schlupov swap_file_path: /swap diff --git a/inventory/host_vars/copr-dist-git-dev.aws.fedoraproject.org b/inventory/host_vars/copr-dist-git-dev.aws.fedoraproject.org index 8d49f85c27..18b10e2be5 100644 --- a/inventory/host_vars/copr-dist-git-dev.aws.fedoraproject.org +++ b/inventory/host_vars/copr-dist-git-dev.aws.fedoraproject.org @@ -1,7 +1,6 @@ --- ansible_become: yes ansible_become_user: root -ansible_ifcfg_blocklist: True ansible_ssh_user: fedora # Copr vars copr_hostbase: copr-dist-git-dev @@ -23,7 +22,6 @@ nagios_Check_Services: raid: false sshd: false swap: false -nm_controlled_resolv: True public_ip: 54.243.51.13 root_auth_users: msuchy frostyx praiskup schlupov swap_file_path: /swap diff --git a/inventory/host_vars/copr-dist-git.aws.fedoraproject.org b/inventory/host_vars/copr-dist-git.aws.fedoraproject.org index a8866dc96a..6996075d6c 100644 --- a/inventory/host_vars/copr-dist-git.aws.fedoraproject.org +++ b/inventory/host_vars/copr-dist-git.aws.fedoraproject.org @@ -1,7 +1,6 @@ --- ansible_become: yes ansible_become_user: root -ansible_ifcfg_blocklist: True ansible_ssh_user: fedora # Copr vars copr_hostbase: copr-dist-git @@ -26,6 +25,5 @@ nagios_Check_Services: raid: false sshd: false swap: false -nm_controlled_resolv: True public_ip: 3.89.184.181 root_auth_users: msuchy frostyx praiskup schlupov diff --git a/inventory/host_vars/copr-fe-dev.aws.fedoraproject.org b/inventory/host_vars/copr-fe-dev.aws.fedoraproject.org index 95fc84badb..aa138f5d00 100644 --- a/inventory/host_vars/copr-fe-dev.aws.fedoraproject.org +++ b/inventory/host_vars/copr-fe-dev.aws.fedoraproject.org @@ -1,5 +1,4 @@ --- -ansible_ifcfg_blocklist: True # Copr vars copr_hostbase: copr-fe-dev datacenter: aws @@ -17,7 +16,6 @@ nagios_Check_Services: raid: false sshd: false swap: false -nm_controlled_resolv: True principal_alias: "HTTP/copr-fe-dev.cloud.fedoraproject.org@STG.FEDORAPROJECT.ORG" public_ip: 18.208.24.211 root_auth_users: msuchy frostyx praiskup schlupov ttomecek diff --git a/inventory/host_vars/copr-fe.aws.fedoraproject.org b/inventory/host_vars/copr-fe.aws.fedoraproject.org index fa543ab46c..b77c79c1a5 100644 --- a/inventory/host_vars/copr-fe.aws.fedoraproject.org +++ b/inventory/host_vars/copr-fe.aws.fedoraproject.org @@ -1,5 +1,4 @@ --- -ansible_ifcfg_blocklist: True # this overrides vars/Fedora.yml base_pkgs_erase: ['PackageKit*', 'sendmail', 'at'] # Copr vars @@ -23,7 +22,6 @@ nagios_Check_Services: raid: false sshd: false swap: false -nm_controlled_resolv: True public_ip: 3.225.109.36 root_auth_users: msuchy frostyx praiskup schlupov ttomecek sar_output_file: copr.json diff --git a/inventory/host_vars/copr-keygen-dev.aws.fedoraproject.org b/inventory/host_vars/copr-keygen-dev.aws.fedoraproject.org index ca323e4aff..5886e06f26 100644 --- a/inventory/host_vars/copr-keygen-dev.aws.fedoraproject.org +++ b/inventory/host_vars/copr-keygen-dev.aws.fedoraproject.org @@ -1,7 +1,6 @@ --- ansible_become: yes ansible_become_user: root -ansible_ifcfg_blocklist: True ansible_ssh_user: fedora datacenter: aws #volumes: [ {volume_id: '9e2b4c55-9ec3-4508-af46-a40f3a5bd982', device: '/dev/vdc'} ] @@ -22,6 +21,5 @@ nagios_Check_Services: raid: false sshd: false swap: false -nm_controlled_resolv: True public_ip: 54.225.23.248 root_auth_users: msuchy frostyx praiskup schlupov diff --git a/inventory/host_vars/copr-keygen.aws.fedoraproject.org b/inventory/host_vars/copr-keygen.aws.fedoraproject.org index 707ac5440e..462330eb07 100644 --- a/inventory/host_vars/copr-keygen.aws.fedoraproject.org +++ b/inventory/host_vars/copr-keygen.aws.fedoraproject.org @@ -1,7 +1,6 @@ --- ansible_become: yes ansible_become_user: root -ansible_ifcfg_blocklist: True ansible_ssh_user: fedora datacenter: aws db_backup_dir: ['/backup'] @@ -22,6 +21,5 @@ nagios_Check_Services: raid: false sshd: true swap: false -nm_controlled_resolv: True public_ip: 54.83.48.73 root_auth_users: msuchy frostyx praiskup schlupov diff --git a/inventory/host_vars/iddev.fedorainfracloud.org b/inventory/host_vars/iddev.fedorainfracloud.org index 1273ace249..628b52f17c 100644 --- a/inventory/host_vars/iddev.fedorainfracloud.org +++ b/inventory/host_vars/iddev.fedorainfracloud.org @@ -1,5 +1,4 @@ --- -ansible_ifcfg_blocklist: true datacenter: aws nagios_Check_Services: dhcpd: false diff --git a/inventory/host_vars/retrace-stg.aws.fedoraproject.org b/inventory/host_vars/retrace-stg.aws.fedoraproject.org index e9e32e68ac..7eea772d3a 100644 --- a/inventory/host_vars/retrace-stg.aws.fedoraproject.org +++ b/inventory/host_vars/retrace-stg.aws.fedoraproject.org @@ -2,7 +2,6 @@ #ansible_ssh_user: ec2-user #ansible_become_user: root #ansible_become: yes -ansible_ifcfg_blocklist: True datacenter: aws # Clean-up packages of following EOLed operating systems eol_opsys: [] @@ -69,7 +68,6 @@ nagios_Check_Services: raid: false sshd: false swap: false -nm_controlled_resolv: True public_hostname: retrace-stg.aws.fedoraproject.org public_ip: 3.228.218.234 rs_internal_arch_list: [source, x86_64] diff --git a/roles/base/files/resolv.conf/cloud-noc01.fedorainfracloud.org b/roles/base/files/resolv.conf/cloud-noc01.fedorainfracloud.org deleted file mode 100644 index 9661da5d33..0000000000 --- a/roles/base/files/resolv.conf/cloud-noc01.fedorainfracloud.org +++ /dev/null @@ -1,4 +0,0 @@ -search cloud.fedoraproject.org fedoraproject.org -nameserver 8.8.8.8 -nameserver 8.8.4.4 -options rotate timeout:1 diff --git a/roles/base/files/resolv.conf/coloamer b/roles/base/files/resolv.conf/coloamer deleted file mode 100644 index 01d5c06952..0000000000 --- a/roles/base/files/resolv.conf/coloamer +++ /dev/null @@ -1,4 +0,0 @@ -search vpn.fedoraproject.org fedoraproject.org -nameserver 8.8.8.8 -nameserver 8.8.4.4 -options rotate timeout:1 diff --git a/roles/base/files/resolv.conf/copr-aws b/roles/base/files/resolv.conf/copr-aws deleted file mode 100644 index b390e28286..0000000000 --- a/roles/base/files/resolv.conf/copr-aws +++ /dev/null @@ -1,4 +0,0 @@ -search fedoraproject.org fedorainfracloud.org -nameserver 8.8.8.8 -nameserver 8.8.4.4 -nameserver 1.1.1.1 diff --git a/roles/base/files/resolv.conf/dedicatedsolutions b/roles/base/files/resolv.conf/dedicatedsolutions deleted file mode 100644 index 01d5c06952..0000000000 --- a/roles/base/files/resolv.conf/dedicatedsolutions +++ /dev/null @@ -1,4 +0,0 @@ -search vpn.fedoraproject.org fedoraproject.org -nameserver 8.8.8.8 -nameserver 8.8.4.4 -options rotate timeout:1 diff --git a/roles/base/files/resolv.conf/fedorainfracloud b/roles/base/files/resolv.conf/fedorainfracloud deleted file mode 100644 index 715118b1b5..0000000000 --- a/roles/base/files/resolv.conf/fedorainfracloud +++ /dev/null @@ -1,4 +0,0 @@ -search fedorainfracloud.org cloud.fedoraproject.org fedoraproject.org -nameserver 8.43.85.74 -nameserver 140.211.169.201 -options rotate timeout:1 diff --git a/roles/base/files/resolv.conf/host1plus b/roles/base/files/resolv.conf/host1plus deleted file mode 100644 index 6ed0304cb0..0000000000 --- a/roles/base/files/resolv.conf/host1plus +++ /dev/null @@ -1,5 +0,0 @@ -search vpn.fedoraproject.org fedoraproject.org -nameserver 217.69.160.18 -nameserver 8.8.8.8 -nameserver 8.8.4.4 -options rotate timeout:1 diff --git a/roles/base/files/resolv.conf/iad2 b/roles/base/files/resolv.conf/iad2 deleted file mode 100644 index 379abdade9..0000000000 --- a/roles/base/files/resolv.conf/iad2 +++ /dev/null @@ -1,4 +0,0 @@ -search iad2.fedoraproject.org vpn.fedoraproject.org fedoraproject.org -nameserver 10.3.163.33 -nameserver 10.3.163.34 -options rotate timeout:1 diff --git a/roles/base/files/resolv.conf/ibiblio b/roles/base/files/resolv.conf/ibiblio deleted file mode 100644 index 0037972e3f..0000000000 --- a/roles/base/files/resolv.conf/ibiblio +++ /dev/null @@ -1,4 +0,0 @@ -search vpn.fedoraproject.org fedoraproject.org -nameserver 152.2.21.1 -nameserver 152.2.253.100 -options rotate timeout:1 diff --git a/roles/base/files/resolv.conf/internetx b/roles/base/files/resolv.conf/internetx deleted file mode 100644 index 01d5c06952..0000000000 --- a/roles/base/files/resolv.conf/internetx +++ /dev/null @@ -1,4 +0,0 @@ -search vpn.fedoraproject.org fedoraproject.org -nameserver 8.8.8.8 -nameserver 8.8.4.4 -options rotate timeout:1 diff --git a/roles/base/files/resolv.conf/kojibuilder b/roles/base/files/resolv.conf/kojibuilder deleted file mode 100644 index 379abdade9..0000000000 --- a/roles/base/files/resolv.conf/kojibuilder +++ /dev/null @@ -1,4 +0,0 @@ -search iad2.fedoraproject.org vpn.fedoraproject.org fedoraproject.org -nameserver 10.3.163.33 -nameserver 10.3.163.34 -options rotate timeout:1 diff --git a/roles/base/files/resolv.conf/kojibuilder_iad2 b/roles/base/files/resolv.conf/kojibuilder_iad2 deleted file mode 100644 index 379abdade9..0000000000 --- a/roles/base/files/resolv.conf/kojibuilder_iad2 +++ /dev/null @@ -1,4 +0,0 @@ -search iad2.fedoraproject.org vpn.fedoraproject.org fedoraproject.org -nameserver 10.3.163.33 -nameserver 10.3.163.34 -options rotate timeout:1 diff --git a/roles/base/files/resolv.conf/osuosl b/roles/base/files/resolv.conf/osuosl deleted file mode 100644 index 01d5c06952..0000000000 --- a/roles/base/files/resolv.conf/osuosl +++ /dev/null @@ -1,4 +0,0 @@ -search vpn.fedoraproject.org fedoraproject.org -nameserver 8.8.8.8 -nameserver 8.8.4.4 -options rotate timeout:1 diff --git a/roles/base/files/resolv.conf/rdu b/roles/base/files/resolv.conf/rdu deleted file mode 100644 index 8fb876fe74..0000000000 --- a/roles/base/files/resolv.conf/rdu +++ /dev/null @@ -1,3 +0,0 @@ -search vpn.fedoraproject.org rdu2.fedoraproject.org fedoraproject.org -nameserver 172.31.2.24 -options rotate timeout:5 diff --git a/roles/base/files/resolv.conf/rdu-cc b/roles/base/files/resolv.conf/rdu-cc deleted file mode 100644 index 01d5c06952..0000000000 --- a/roles/base/files/resolv.conf/rdu-cc +++ /dev/null @@ -1,4 +0,0 @@ -search vpn.fedoraproject.org fedoraproject.org -nameserver 8.8.8.8 -nameserver 8.8.4.4 -options rotate timeout:1 diff --git a/roles/base/files/resolv.conf/resolv.conf b/roles/base/files/resolv.conf/resolv.conf deleted file mode 100644 index 01d5c06952..0000000000 --- a/roles/base/files/resolv.conf/resolv.conf +++ /dev/null @@ -1,4 +0,0 @@ -search vpn.fedoraproject.org fedoraproject.org -nameserver 8.8.8.8 -nameserver 8.8.4.4 -options rotate timeout:1 diff --git a/roles/base/files/resolv.conf/staging b/roles/base/files/resolv.conf/staging deleted file mode 100644 index 5bf3a08bba..0000000000 --- a/roles/base/files/resolv.conf/staging +++ /dev/null @@ -1,4 +0,0 @@ -search stg.iad2.fedoraproject.org iad2.fedoraproject.org fedoraproject.org -nameserver 10.3.163.33 -nameserver 10.3.163.34 -options rotate timeout:1 diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index b03a442066..3047168c27 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -26,92 +26,6 @@ tags: - selinux -# XXX fixme # a datacenter 'fact' from setup -- name: /etc/resolv.conf - copy: src={{ item }} dest=/etc/resolv.conf - when: not nm_controlled_resolv or not network_connections is defined - with_first_found: - - "{{ resolvconf }}" - - resolv.conf/{{ inventory_hostname }} - - resolv.conf/{{ host_group }} - - resolv.conf/{{ datacenter }} - - resolv.conf/resolv.conf - tags: - - config - - resolvconf - - base - - ifcfg - -- name: check for NetworkManager/nmcli - command: /usr/bin/test -f /usr/bin/nmcli - register: nmclitest - ignore_errors: true - changed_when: false - failed_when: "1 != 1" - check_mode: no - tags: - - config - - resolvconf - - base - - ifcfg - -- name: disable resolv.conf control from NM - ini_file: dest=/etc/NetworkManager/NetworkManager.conf section=main option=dns value=none - notify: - - restart NetworkManager - when: ansible_distribution_major_version|int >=7 and ansible_distribution == 'RedHat' and nmclitest is success and ( not ansible_ifcfg_blocklist) and ( not nm_controlled_resolv ) and ( not network_connections is defined ) - tags: - - config - - resolvconf - - base - - ifcfg - -- name: disable resolv.conf control from NM - ini_file: dest=/etc/NetworkManager/NetworkManager.conf section=main option=dns value=none - notify: - - restart NetworkManager - when: ansible_distribution_major_version|int >=29 and ansible_distribution == 'Fedora' and nmclitest is success and ( not ansible_ifcfg_blocklist) and ( not nm_controlled_resolv ) and ( not network_connections is defined ) - tags: - - config - - resolvconf - - base - - ifcfg - -- name: get interface uuid - shell: nmcli -f "DEVICE,UUID" c show --active | grep -E '^eth|^br|^em|^eno|^enP|^enc900' - register: if_uuid - changed_when: false - failed_when: 'if_uuid.stdout == ""' - check_mode: no - when: ansible_distribution_major_version|int >=7 and nmclitest is success and ( not ansible_ifcfg_blocklist ) - tags: - - config - - ifcfg - - base - -- name: copy ifcfg files - non virthost - template: src=ifcfg.j2 dest=/etc/sysconfig/network-scripts/ifcfg-{{item}} mode=0644 - with_items: - - "{{ ansible_interfaces }}" - notify: -# - restart NetworkManager - - reload NetworkManager-connections - - apply interface-changes - when: - - virthost is not defined - - item.startswith(('eth','br','enc','em','eno')) - - hostvars[inventory_hostname]['ansible_' + item.replace('-','_')]['type'] == 'ether' - - hostvars[inventory_hostname]['ansible_' + item.replace('-','_')]['active'] - - ansible_distribution_major_version|int >=7 - - nmclitest is success - - not ansible_ifcfg_blocklist - - ansible_ifcfg_allowlist is not defined or item in ansible_ifcfg_allowlist - - not network_connections is defined - tags: - - config - - ifcfg - - base - - name: global default packages to install (yum) package: state=present name={{ item }} with_items: @@ -157,13 +71,6 @@ - config - base -- name: make sure our resolv.conf is the one being used - set RESOLV_MODS=no in /etc/sysconfig/network - lineinfile: dest=/etc/sysconfig/network create=yes backup=yes state=present line='RESOLV_MODS=no' regexp=^RESOLV_MODS= - when: not nm_controlled_resolv - tags: - - config - - base - - name: dist pkgs to remove (yum) package: state=absent name={{ item }} with_items: @@ -456,24 +363,6 @@ - config - base -# -# Disable the cdc_ether module as we don't want it loading mgmt usb0 and spewing to logs. -# -- name: Disable cdc_ether module - copy: src=disable-cdc_ether.conf dest=/etc/modprobe.d/disable-cdc_ether.conf - when: ansible_virtualization_role is defined and ansible_virtualization_role == 'host' - tags: - - config - - base - - cdc_ether - -# Remove old filename for above: remove this when we're pretty sure the file's -# gone from all hosts -- name: Remove old cdc_ether config file - file: - path: /etc/modprobe.d/blacklist-cdc_ether.conf - state: absent - # # Watchdog stuff #