Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
36519 commits 9 branches 0 tags 111 MiB
Commit graph

34 commits

Author SHA1 Message Date
Mark O Brien
dab8886bb7 remove unnecessary task 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2021-11-04 15:51:05 +00:00
David Kirwan
4e8fa0e687 metrics-for-apps: add ocp4 prod CA cert to haproxy 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-09-08 12:32:42 +09:00
Kevin Fenzi
5e6ab492a5 haproxy: tweak filename for ocp certs 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-08-19 16:13:33 -07:00
Kevin Fenzi
ffe6484549 haproxy: use env_short here 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-08-13 16:39:02 -07:00
Kevin Fenzi
73bb20bb13 Revert "haproxy: adjust names on files to use .stg" 
This reverts commit 8b1f44206d.
 2021-08-13 16:37:13 -07:00
Kevin Fenzi
8b1f44206d haproxy: adjust names on files to use .stg 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-08-13 13:25:25 -07:00
David Kirwan
55185861c8 metrics-for-apps: 
- Updating apache proxy config to handle ocp4 CA cert
- place ocp4 CA cert on proxies
- add ocp4 stg ca cert to haproxy/files

Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-08-13 20:02:38 +00:00
Kevin Fenzi
ecbda7c851 haproxy: add staging ocp cert for api-int 
haproxy needs to terminate ssl for the api part of the ocp cluster.
We can't do this in apache without listening for non standard ports and
that could be a mess, so terminate ssl here and talk into the cluster

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-08-09 10:51:13 -07:00
Kevin Fenzi
c7a0d2f3c4 also fix the ipa file 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-06-08 15:20:15 -07:00
Kevin Fenzi
162bb8bf5e iad2-move: there is only one active openshift, and it is the iad2 one, use its ssl cert 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-06-08 15:17:15 -07:00
Kevin Fenzi
83d76a8614 iad2: haproxy: fix up openshift certs so iad2 and phx2 are correct and both install. Just copy the phx2 ipa pem for now 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-28 10:46:48 -07:00
Rick Elrod
6208045041 fix tags 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2020-04-24 21:34:18 +02:00
Rick Elrod
0dded6b55c install libsemanage a few more times because twice is not enough 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2020-04-24 21:34:18 +02:00
Kevin Fenzi
a8714caab3 first cut at changing all the old |changed to is changed per ansible deprecations 2018-05-07 23:51:48 +00:00
Patrick Uiterwijk
936e8b261a yum accepted pkg=, package calls it name= 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2017-10-09 00:38:26 +02:00
Patrick Uiterwijk
039b08354a Yum allowed state=installed. Lets use state=present consistently 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-08 22:31:03 +00:00
Patrick Uiterwijk
adcbf72f03 Packageize this, packageize that, packageize the world 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-08 22:25:52 +00:00
Ricky Elrod
bbe6c25b6f try os-master proxy setup 
Signed-off-by: Ricky Elrod <codeblock@fedoraproject.org>
 2017-05-11 19:49:31 +00:00
Kevin Fenzi
b1a2d105c9 In ansible 2.2 always_run is depreciated. Switch to check_mode. 2016-11-01 16:29:49 +00:00
Patrick Uiterwijk
39c59360d8 We now also have certificates for production IPA 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-10-13 13:59:19 +00:00
Patrick Uiterwijk
ffd0a12fa4 Fix stg 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-08-04 21:25:11 +00:00
Patrick Uiterwijk
28ebec92ee Proxy IPA through haproxy 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-08-04 21:23:07 +00:00
Patrick Uiterwijk
8b7fd1a7d8 Finish merge by removing the prod in task name 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-04-05 16:55:04 +00:00
Patrick Uiterwijk
7c611964d6 Merge stg and prod haproxy config 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-04-05 16:45:38 +00:00
Patrick Uiterwijk
3d0b3ba02e Only check haproxy configs and start after everything is in place 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2015-08-19 01:18:43 +00:00
Kevin Fenzi
6a6d3ab34e Lets try and add a check here for haproxy. It won't catch non resolving names, but it will other errors. 2015-06-24 19:59:42 +00:00
Kevin Fenzi
05c7d0c851 Lets try and add a check here for haproxy. It won't catch non resolving names, but it will other errors. 2015-06-24 18:04:34 +00:00
Kevin Fenzi
553da4b213 Switch haproxy to prefer a local mirrorlist server if available. 
Allow port 443 connections from those proxies on mirrorlists.
Add hosts entries for proxy10 and proxy01 that should allow ssl to work right.
Will test this on one proxy/mirrorlist and move on to the others.
 2015-05-31 17:17:41 +00:00
Ralph Bean
0a457060a9 A custom selinux module for our haproxy setup. 2015-01-06 19:53:19 +00:00
Ralph Bean
29a347fbb4 Selinux boolean for haproxy. 2015-01-06 19:45:58 +00:00
Ralph Bean
59b0fd4bfa Gotta actually start the thing. 2015-01-06 19:40:05 +00:00
Ralph Bean
0b41c10d1e haproxy typofix. 2015-01-06 19:38:18 +00:00
Ralph Bean
0c2493c248 Tag up the base haproxy role. 2015-01-06 19:35:41 +00:00
Pierre-Yves Chibon
7adeb26a4d Start working on the haproxy role 2014-12-07 23:36:14 +00:00