Merge branch 'copr_vm_setup' into main

2021-02-17 14:34:45 -05:00 · 2021-02-17 14:34:45 -05:00 · fe8b113c29
commit fe8b113c29
parent 9c2cc0b184 b7ad40a770
9 changed files with 319 additions and 64 deletions
--- a/inventory/group_vars/vmhost_copr
+++ b/inventory/group_vars/vmhost_copr
@ -0,0 +1,26 @@
+---
+virthost: true
+
+fas_client_groups: sysadmin-copr,sysadmin-main
+sudoers: "{{ private }}/files/sudo/copr-sudoers"
+
+nrpe_procs_warn: 1400
+nrpe_procs_crit: 1500
+
+# These variables are pushed into /etc/system_identification by the base role.
+# Groups and individual hosts should override them with specific info.
+# See http://infrastructure.fedoraproject.org/csi/security-policy/
+
+vpn: false
+postfix_group: cloud
+freezes: false
+
+csi_security_category: High
+csi_primary_contact: Fedora Admins - admin@fedoraproject.org
+csi_purpose: Host guest virtual machines.
+csi_relationship: |
+   - Guests on this host will be inaccessible if the host is down.
+   - This host will be required by any application with a virtual machine running on it, therefore, if this host is down those applications will be impacted.
+
+nagios_Check_Services:
+  raid: true
--- a/inventory/host_vars/vmhost-x86-05.rdu-cc.fedoraproject.org
+++ b/inventory/host_vars/vmhost-x86-05.rdu-cc.fedoraproject.org
@ -1,12 +1,56 @@
 ---
+datacenter: rdu-cc
+
 nrpe_procs_warn: 900
 nrpe_procs_crit: 1000
-br0_ip: 8.43.85.84
-br0_nm: 255.255.254.0
-gw: 8.43.85.254
-dns: 8.8.8.8

-datacenter: rdu-cc
 vpn: true
 postfix_group: cloud
 freezes: false
+
+gw: 8.43.85.254
+dns: 8.8.8.8
+
+has_ipv4: yes
+br0_ipv4: 8.43.85.84
+br0_ipv4_nm: 23
+br0_ipv4_gw: "{{ gw }}"
+
+has_ipv6: yes
+br0_ipv6: "2620:52:3:1:dead:beef:cafe:f005"
+br0_ipv6_nm: 64
+br0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe"
+
+mac0: "ec:f4:bb:d2:97:7c"
+mac1: "ec:f4:bb:d2:97:7d"
+mac2: "ec:f4:bb:d2:97:78"
+mac3: "ec:f4:bb:d2:97:7a"
+
+br0_port0_mac: "{{ mac0 }}"
+
+network_connections:
+  - name: br0
+    state: up
+    type: bridge
+    autoconnect: yes
+    ip:
+      address: 
+      - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}"
+      - "{{ br0_ipv6 }}/{{ br0_ipv6_nm }}"
+      gateway4: "{{ br0_ipv4_gw }}"
+      gateway6: "{{ br0_ipv6_gw }}"
+      dns: 
+      - 8.8.8.8
+      - 8.8.4.4
+      - 2001:4860:4860::8888
+      dns_search: 
+      - fedoraproject.org
+      - vpn.fedoraproject.org
+      - rdu-cc.fedoraproject.org
+      dhcp4: no
+      auto6: no
+  - name: br0-port0
+    state: up
+    type: ethernet
+    master: br0
+    mac: "{{ br0_port0_mac }}"
--- a/inventory/host_vars/vmhost-x86-06.rdu-cc.fedoraproject.org
+++ b/inventory/host_vars/vmhost-x86-06.rdu-cc.fedoraproject.org
@ -1,12 +1,56 @@
 ---
+datacenter: rdu-cc
+
 nrpe_procs_warn: 900
 nrpe_procs_crit: 1000
-br0_ip: 8.43.85.85
-br0_nm: 255.255.254.0
-gw: 8.43.85.254
-dns: 8.8.8.8

-datacenter: rdu-cc
 vpn: true
 postfix_group: cloud
 freezes: false
+
+gw: 8.43.85.254
+dns: 8.8.8.8
+
+has_ipv4: yes
+br0_ipv4: 8.43.85.85
+br0_ipv4_nm: 23
+br0_ipv4_gw: "{{ gw }}"
+
+has_ipv6: yes
+br0_ipv6: "2620:52:3:1:dead:beef:cafe:f006"
+br0_ipv6_nm: 64
+br0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe"
+
+mac0: "ec:f4:bb:cd:aa:a4"
+mac1: "ec:f4:bb:cd:aa:a5"
+mac2: "ec:f4:bb:cd:aa:a0"
+mac3: "ec:f4:bb:cd:aa:a2"
+
+br0_port0_mac: "{{ mac0 }}"
+
+network_connections:
+  - name: br0
+    state: up
+    type: bridge
+    autoconnect: yes
+    ip:
+      address: 
+      - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}"
+      - "{{ br0_ipv6 }}/{{ br0_ipv6_nm }}"
+      gateway4: "{{ br0_ipv4_gw }}"
+      gateway6: "{{ br0_ipv6_gw }}"
+      dns: 
+      - 8.8.8.8
+      - 8.8.4.4
+      - 2001:4860:4860::8888
+      dns_search: 
+      - fedoraproject.org
+      - vpn.fedoraproject.org
+      - rdu-cc.fedoraproject.org
+      dhcp4: no
+      auto6: no
+  - name: br0-port0
+    state: up
+    type: ethernet
+    master: br0
+    mac: "{{ br0_port0_mac }}"
--- a/inventory/host_vars/vmhost-x86-copr01.rdu-cc.fedoraproject.org
+++ b/inventory/host_vars/vmhost-x86-copr01.rdu-cc.fedoraproject.org
@ -1,18 +1,53 @@
 ---
-fas_client_groups: sysadmin-copr,sysadmin-main
-sudoers: "{{ private }}/files/sudo/copr-sudoers"
-nrpe_procs_warn: 900
-nrpe_procs_crit: 1000
-br0_ip: 8.43.85.57
-br0_nm: 255.255.254.0
+datacenter: rdu-cc
+
 gw: 8.43.85.254
 dns: 8.8.8.8

-has_ipv6: yes
-eth0_ipv6: "2620:52:3:1:dead:beef:cafe:c001"
-eth0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe"
+has_ipv4: yes
+br0_ipv4: 8.43.85.57
+br0_ipv4_nm: 23
+br0_ipv4_gw: "{{ gw }}"

-datacenter: rdu-cc
-vpn: false
-postfix_group: cloud
-freezes: false
+has_ipv6: yes
+br0_ipv6: "2620:52:3:1:dead:beef:cafe:c001"
+br0_ipv6_nm: 64
+br0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe"
+
+mac0: "f4:02:70:d0:05:00"
+mac1: "f4:02:70:d0:05:01"
+mac2: "b0:26:28:d1:df:00"
+mac3: "b0:26:28:d1:df:01"
+mac4: "b4:96:91:63:3b:e8"
+mac5: "b4:96:91:63:3b:e9"
+mac6: "b4:96:91:63:3b:ea"
+mac7: "b4:96:91:63:3b:eb"
+
+br0_port0_mac: "{{ mac0 }}"
+
+network_connections:
+  - name: br0
+    state: up
+    type: bridge
+    autoconnect: yes
+    ip:
+      address: 
+      - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}"
+      - "{{ br0_ipv6 }}/{{ br0_ipv6_nm }}"
+      gateway4: "{{ br0_ipv4_gw }}"
+      gateway6: "{{ br0_ipv6_gw }}"
+      dns: 
+      - 8.8.8.8
+      - 8.8.4.4
+      - 2001:4860:4860::8888
+      dns_search: 
+      - fedoraproject.org
+      - vpn.fedoraproject.org
+      - rdu-cc.fedoraproject.org
+      dhcp4: no
+      auto6: no
+  - name: br0-port0
+    state: up
+    type: ethernet
+    master: br0
+    mac: "{{ br0_port0_mac }}"
--- a/inventory/host_vars/vmhost-x86-copr02.rdu-cc.fedoraproject.org
+++ b/inventory/host_vars/vmhost-x86-copr02.rdu-cc.fedoraproject.org
@ -1,28 +1,23 @@
 ---
-fas_client_groups: sysadmin-copr,sysadmin-main
-sudoers: "{{ private }}/files/sudo/copr-sudoers"
-nrpe_procs_warn: 900
-nrpe_procs_crit: 1000
+datacenter: rdu-cc
+
 gw: 8.43.85.254
 dns: 8.8.8.8

 has_ipv4: yes
 br0_ipv4: 8.43.85.58
-br0_ipv4_nm: 255.255.254.0
+br0_ipv4_nm: 23
 br0_ipv4_gw: "{{ gw }}"

 has_ipv6: yes
 br0_ipv6: "2620:52:3:1:dead:beef:cafe:c002"
+br0_ipv6_nm: 64
 br0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe"

-datacenter: rdu-cc
-vpn: false
-postfix_group: cloud
-freezes: false

 mac0: "f4:02:70:d0:04:5e"
-mac1: "b4:96:91:63:3b:9c"
-mac2: "f4:02:70:d0:04:5f"
+mac1: "f4:02:70:d0:04:5f"
+mac2: "b4:96:91:63:3b:9c"
 mac3: "b4:96:91:63:3b:9d"
 mac4: "b4:96:91:63:3b:9e"
 mac5: "b4:96:91:63:3b:9f"
@ -36,8 +31,8 @@ network_connections:
    autoconnect: yes
    ip:
      address: 
-      - "{{ br0_ipv4 }}/24"
-      - "{{ br0_ipv6 }}/64"
+      - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}"
+      - "{{ br0_ipv6 }}/{{ br0_ipv6_nm }}"
      gateway4: "{{ br0_ipv4_gw }}"
      gateway6: "{{ br0_ipv6_gw }}"
      dns: 
@ -56,3 +51,4 @@ network_connections:
    master: br0
    mac: "{{ br0_port0_mac }}"

+
--- a/inventory/host_vars/vmhost-x86-copr03.rdu-cc.fedoraproject.org
+++ b/inventory/host_vars/vmhost-x86-copr03.rdu-cc.fedoraproject.org
@ -1,18 +1,53 @@
 ---
-fas_client_groups: sysadmin-copr,sysadmin-main
-sudoers: "{{ private }}/files/sudo/copr-sudoers"
-nrpe_procs_warn: 900
-nrpe_procs_crit: 1000
-br0_ip: 8.43.85.59
-br0_nm: 255.255.254.0
+datacenter: rdu-cc
+
 gw: 8.43.85.254
 dns: 8.8.8.8

-has_ipv6: yes
-eth0_ipv6: "2620:52:3:1:dead:beef:cafe:c003"
-eth0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe"
+has_ipv4: yes
+br0_ipv4: 8.43.85.59
+br0_ipv4_nm: 23
+br0_ipv4_gw: "{{ gw }}"

-datacenter: rdu-cc
-vpn: false
-postfix_group: cloud
-freezes: false
+has_ipv6: yes
+br0_ipv6: "2620:52:3:1:dead:beef:cafe:c003"
+br0_ipv6_nm: 64
+br0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe"
+
+mac0: "f4:02:70:d3:42:48"
+mac1: "f4:02:70:d3:42:49"
+mac2: "b0:26:28:d1:dd:c0"
+mac3: "b0:26:28:d1:dd:c1"
+mac4: "b4:96:91:63:3b:50"
+mac5: "b4:96:91:63:3b:51"
+mac6: "b4:96:91:63:3b:52"
+mac7: "b4:96:91:63:3b:53"
+
+br0_port0_mac: "{{ mac0 }}"
+
+network_connections:
+  - name: br0
+    state: up
+    type: bridge
+    autoconnect: yes
+    ip:
+      address: 
+      - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}"
+      - "{{ br0_ipv6 }}/{{ br0_ipv6_nm }}"
+      gateway4: "{{ br0_ipv4_gw }}"
+      gateway6: "{{ br0_ipv6_gw }}"
+      dns: 
+      - 8.8.8.8
+      - 8.8.4.4
+      - 2001:4860:4860::8888
+      dns_search: 
+      - fedoraproject.org
+      - vpn.fedoraproject.org
+      - rdu-cc.fedoraproject.org
+      dhcp4: no
+      auto6: no
+  - name: br0-port0
+    state: up
+    type: ethernet
+    master: br0
+    mac: "{{ br0_port0_mac }}"
--- a/inventory/host_vars/vmhost-x86-copr04.rdu-cc.fedoraproject.org
+++ b/inventory/host_vars/vmhost-x86-copr04.rdu-cc.fedoraproject.org
@ -1,18 +1,53 @@
 ---
-fas_client_groups: sysadmin-copr,sysadmin-main
-sudoers: "{{ private }}/files/sudo/copr-sudoers"
-nrpe_procs_warn: 900
-nrpe_procs_crit: 1000
-br0_ip: 8.43.85.60
-br0_nm: 255.255.254.0
+datacenter: rdu-cc
+
 gw: 8.43.85.254
 dns: 8.8.8.8

-has_ipv6: yes
-eth0_ipv6: "2620:52:3:1:dead:beef:cafe:c004"
-eth0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe"
+has_ipv4: yes
+br0_ipv4: 8.43.85.60
+br0_ipv4_nm: 23
+br0_ipv4_gw: "{{ gw }}"

-datacenter: rdu-cc
-vpn: false
-postfix_group: cloud
-freezes: false
+has_ipv6: yes
+br0_ipv6: "2620:52:3:1:dead:beef:cafe:c004"
+br0_ipv6_nm: 64
+br0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe"
+
+mac0: "f4:02:70:d0:04:4a"
+mac1: "f4:02:70:d0:04:4b"
+mac2: "b0:26:28:d1:e0:f0"
+mac3: "b0:26:28:d1:e0:f1"
+mac4: "b4:96:91:63:3a:a0"
+mac5: "b4:96:91:63:3a:a1"
+mac6: "b4:96:91:63:3a:a2"
+mac7: "b4:96:91:63:3a:a3"
+
+br0_port0_mac: "{{ mac0 }}"
+
+network_connections:
+  - name: br0
+    state: up
+    type: bridge
+    autoconnect: yes
+    ip:
+      address: 
+      - "{{ br0_ipv4 }}/{{ br0_ipv4_nm }}"
+      - "{{ br0_ipv6 }}/{{ br0_ipv6_nm }}"
+      gateway4: "{{ br0_ipv4_gw }}"
+      gateway6: "{{ br0_ipv6_gw }}"
+      dns: 
+      - 8.8.8.8
+      - 8.8.4.4
+      - 2001:4860:4860::8888
+      dns_search: 
+      - fedoraproject.org
+      - vpn.fedoraproject.org
+      - rdu-cc.fedoraproject.org
+      dhcp4: no
+      auto6: no
+  - name: br0-port0
+    state: up
+    type: ethernet
+    master: br0
+    mac: "{{ br0_port0_mac }}"
--- a/inventory/inventory
+++ b/inventory/inventory
@ -113,8 +113,8 @@ virthost-rdu01.fedoraproject.org
 virthost-cc-rdu01.fedoraproject.org
 virthost-cc-rdu02.fedoraproject.org
 virthost-cc-rdu03.fedoraproject.org
-#virthost-cloud01.fedorainfracloud.org
-#cloudvmhost-aarch64-01.fedorainfracloud.org
+
+[vmhost_copr]
 vmhost-x86-copr01.rdu-cc.fedoraproject.org
 vmhost-x86-copr02.rdu-cc.fedoraproject.org
 vmhost-x86-copr03.rdu-cc.fedoraproject.org
--- a/playbooks/groups/vmhost_copr.yml
+++ b/playbooks/groups/vmhost_copr.yml
@ -0,0 +1,40 @@
+# create a new virthost server system
+# This is a copy of the main one which is meant to be limited ONLY to vmhost_copr group for rbac
+# NOTE: should be used with --limit most of the time
+# NOTE: most of these vars_path come from group_vars/backup_server or from hostvars
+
+- import_playbook: "/srv/web/infra/ansible/playbooks/include/happy_birthday.yml myhosts=vmhost_copr:!buildvmhost-s390x-01.s390.fedoraproject.org"
+
+- name: make virthost server system
+  hosts: vmhost_copr
+  user: root
+  gather_facts: True
+
+  vars_files:
+   - /srv/web/infra/ansible/vars/global.yml
+   - "/srv/private/ansible/vars.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  pre_tasks:
+  - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README
+  - import_tasks: "{{ tasks_path }}/yumrepos.yml"
+
+  roles:
+  - base
+  - rkhunter
+  - nagios_client
+  - hosts
+  - { role: ipa/client, when: env == "staging" }
+  - { role: fas_client, when: env != "staging" }
+  - collectd/base
+  - sudo
+  - { role: openvpn/client, when: vpn|bool }
+  - virthost
+
+  tasks:
+  - import_tasks: "{{ tasks_path }}/2fa_client.yml"
+    when: env != 'staging'
+  - import_tasks: "{{ tasks_path }}/motd.yml"
+
+  handlers:
+  - import_tasks: "{{ handlers_path }}/restart_services.yml"