From f0a562a8e9948ce1125625071830428e230782f7 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Thu, 1 Aug 2024 13:38:19 -0700 Subject: [PATCH] noc-cc01: add new rhel9 noc in rdu-cc named better The old cloud-noc-os01 was for the old openstack we used to have and wanted to re-setup in rdu, but never did. So, lets just move this to more our normal convention. Signed-off-by: Kevin Fenzi --- .../noc-cc01.rdu-cc.fedoraproject.org | 39 +++++++++++ inventory/inventory | 3 +- .../noc-cc01.rdu-cc.fedoraproject.org.yml | 69 +++++++++++++++++++ 3 files changed, 110 insertions(+), 1 deletion(-) create mode 100644 inventory/host_vars/noc-cc01.rdu-cc.fedoraproject.org create mode 100644 playbooks/hosts/noc-cc01.rdu-cc.fedoraproject.org.yml diff --git a/inventory/host_vars/noc-cc01.rdu-cc.fedoraproject.org b/inventory/host_vars/noc-cc01.rdu-cc.fedoraproject.org new file mode 100644 index 0000000000..3e36b8c3df --- /dev/null +++ b/inventory/host_vars/noc-cc01.rdu-cc.fedoraproject.org @@ -0,0 +1,39 @@ +--- +datacenter: rdu-cc +dns1: 8.8.8.8 +dns2: 8.8.4.4 +eth0_ipv4: 8.43.85.50 +eth0_ipv4_gw: 8.43.85.254 +eth0_ipv4_nm: 23 +eth1_ipv4: 172.23.1.4 +eth1_ipv4_nm: 24 +freezes: false +has_ipv4: yes +ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/ +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel +lvm_size: 20000 +mem_size: 8192 +network_connections: + - autoconnect: yes + ip: + address: + - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}" + dhcp4: no + dns: + - "{{ dns1 }}" + - "{{ dns2 }}" + dns_search: + - rdu-cc.fedoraproject.org + - fedoraproject.org + gateway4: "{{ eth0_ipv4_gw }}" + mac: "{{ ansible_default_ipv4.macaddress }}" + name: eth0 + type: ethernet +num_cpus: 4 +public_hostname: noc-cc01.rdu-cc.fedoraproject.org +tcp_ports: ['67', '68'] +udp_ports: ['67', '68', '69'] +virt_install_command: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }} nameserver={{ dns1 }} ip={{ eth0_ipv4 }}::{{ eth0_ipv4_gw }}:{{ eth0_ipv4_nm }}:{{ inventory_hostname }}:eth0:none ip={{ eth1_ipv4 }}:::{{ eth1_ipv4_nm }}:{{ inventory_hostname_short }}-mgmt:eth1:none' --network bridge=br0,model=virtio,mac={{ mac_address }} --network=bridge=br1,model=virtio,mac={{ mac_address }} --autostart --noautoconsole --watchdog default --rng /dev/random +vmhost: vmhost-x86-cc03.rdu-cc.fedoraproject.org +volgroup: vg_guests +vpn: true diff --git a/inventory/inventory b/inventory/inventory index 0f8748dea7..eb6656e2b6 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -216,7 +216,7 @@ batcave01.iad2.fedoraproject.org log01.iad2.fedoraproject.org noc01.iad2.fedoraproject.org noc02.fedoraproject.org -#cloud-noc01.fedorainfracloud.org +noc-cc01.rdu-cc.fedoraproject.org cloud-noc-os01.rdu-cc.fedoraproject.org [logging] @@ -255,6 +255,7 @@ noc01.iad2.fedoraproject.org [noc_rdu_cc] cloud-noc-os01.rdu-cc.fedoraproject.org +noc-cc01.rdu-cc.fedoraproject.org [memcached] memcached01.iad2.fedoraproject.org diff --git a/playbooks/hosts/noc-cc01.rdu-cc.fedoraproject.org.yml b/playbooks/hosts/noc-cc01.rdu-cc.fedoraproject.org.yml new file mode 100644 index 0000000000..1de17b9d60 --- /dev/null +++ b/playbooks/hosts/noc-cc01.rdu-cc.fedoraproject.org.yml @@ -0,0 +1,69 @@ +# This is a basic playbook + +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" + vars: + myhosts: "noc-cc01.rdu-cc.fedoraproject.org" + +- name: make cloud noc hardware + hosts: noc-cc01.rdu-cc.fedoraproject.org + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - ipa/client + - collectd/base + - sudo + - dhcp_server + - tftp_server + - openvpn/client + + pre_tasks: + - import_tasks: "{{ tasks_path }}/yumrepos.yml" + + tasks: + - import_tasks: "{{ tasks_path }}/motd.yml" + + - name: install some packages which arent in playbooks + package: + state: present + name: + - nmap + - tcpdump + + - name: check if ntpd port is already known by selinux + shell: semanage port -l | grep ntp + register: ntp_selinux_port + check_mode: no + changed_when: false + failed_when: false + tags: + - config + - selinux + + - name: allow alternate ntpd port + command: semanage port -a -t ntp_port_t -p tcp 124 + when: '"124" not in ntp_selinux_port' + failed_when: false + tags: + - config + - selinux + + - name: allow alternate ntpd port + command: semanage port -a -t ntp_port_t -p udp 124 + when: '"124" not in ntp_selinux_port' + failed_when: false + tags: + - config + - selinux + + handlers: + - import_tasks: "{{ handlers_path }}/restart_services.yml"