Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
34594 commits 9 branches 0 tags 111 MiB
Commit graph

7726 commits

Author SHA1 Message Date
Bogdan Benea
6498334184 moved another batch of servers 2021-03-31 19:45:33 +00:00
Bogdan Benea
b05ff8be08 another batch of servers added 2021-03-31 19:45:33 +00:00
Bogdan Benea
7e76c7146c fixed indentation according with yaml best practices 2021-03-31 19:45:33 +00:00
Bogdan Benea
6ec5ec01b9 fixed wrong state for eth0 (up instead of down) 2021-03-31 19:45:33 +00:00
Bogdan Benea
ec54469e8e another batch of servers migrated 2021-03-31 19:45:32 +00:00
Bogdan Benea
c4e2a1b908 a few more servers migrated 2021-03-31 19:45:32 +00:00
Bogdan Benea
9118edf6c7 Another batch of servers 2021-03-31 19:45:32 +00:00
Bogdan Benea
58bda34047 updated a batch of servers 2021-03-31 19:45:32 +00:00
Bogdan Benea
92f2691138 changed config for buildhw-x86-01.iad2 2021-03-31 19:45:32 +00:00
Jan Kuparinen
2d95392296 proxy01.iad2.fedoraproject.org moved to linux-system-roles networking 2021-03-31 15:40:56 -04:00
Jan Kuparinen
d87ad87a5d proxy02.fedoraproject.org moved to linux-system-roles networking 2021-03-31 15:40:56 -04:00
Jan Kuparinen
a5bded8909 proxy03.fedoraproject.org moved to linux-system-roles networking 2021-03-31 15:38:15 -04:00
Jan Kuparinen
842c583e29 proxy04.fedoraproject.org moved to linux-system-roles networking 2021-03-31 15:35:25 -04:00
Jan Kuparinen
94ea71d7c3 proxy05.fedoraproject.org moved to linux-system-roles networking 2021-03-31 15:32:55 -04:00
Jan Kuparinen
f32bd74d71 proxy14.fedoraproject.org moved to linux-system-roles networking 2021-03-31 15:30:34 -04:00
Jan Kuparinen
a4f772d36f proxy12.fedoraproject.org moved to linux-system-roles networking 2021-03-31 15:27:24 -04:00
Jan Kuparinen
d44d644510 proxy110.iad2.fedoraproject.org moved to linux-system-roles networking 2021-03-31 15:24:20 -04:00
Jan Kuparinen
32fe04bae6 proxy11.fedoraproject.org moved to linux-system-roles networking 2021-03-31 15:20:25 -04:00
Jan Kuparinen
4656b4849b proxy101.iad2.fedoraproject.org moved to linux-system-roles networking 2021-03-31 15:15:58 -04:00
Jan Kuparinen
15d9c5ff31 proxy10.iad2.fedoraproject.org moved to linux-system-roles networking 2021-03-31 15:15:58 -04:00
Stephen Smoogen
2566981d19 move proxy03 to network-manager 2021-03-31 14:51:52 -04:00
Stephen Smoogen
54a9a15508 all {{}} need to be in quotes or ansible dies horibly 
Signed-off-by: Stephen Smoogen <smooge@smoogespace.com>
 2021-03-31 14:42:15 -04:00
Stephen Smoogen
68152bdfdb Try using network_connections for proxy02 to get it to rewrite ifcfg correctly 
Signed-off-by: Stephen Smoogen <smooge@smoogespace.com>
 2021-03-31 14:25:33 -04:00
Stephen Smoogen
8f76cd7a85 fix the remote proxy dns to point to the right things in ifcfg 2021-03-31 14:10:55 -04:00
Kevin Fenzi
fdc0368f12 pkgs01: use sshd_keyhelper here 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-31 07:20:30 -07:00
Adam Williamson
06b71c46ca Update openQA lab to latest upstream scratch builds for testing 
Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2021-03-30 18:54:14 -07:00
Stephen Smoogen
5bad041fa5 rmeove mailman01.stg until packages are ready for it 
Signed-off-by: Stephen Smoogen <smooge@smoogespace.com>
 2021-03-30 18:56:18 -04:00
Kevin Fenzi
7a53888856 inventory: add ipa01 backups to backup01 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-30 15:38:41 -07:00
Stephen Smoogen
00bea493d8 Move vmhost-x86-cc05 to regular colo_virt so it can be maintained in that group 
Signed-off-by: Stephen Smoogen <smooge@smoogespace.com>
 2021-03-30 17:35:03 -04:00
Stephen Smoogen
8647884713 Change inventory/host_vars/ns13.rdu2.fedoraproject.org to have vpn: true so that ipa works 
Signed-off-by: Stephen Smoogen <smooge@smoogespace.com>
 2021-03-30 17:09:31 -04:00
Kevin Fenzi
35c3f4a30f retrace should be vpn: true at least for now 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-30 09:00:43 -07:00
Kevin Fenzi
c9630db833 delete some hosts that no longer exist. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-30 08:46:22 -07:00
Kevin Fenzi
ff94c9d77a bvmhost-x86-04/05.stg: turns out, these are in staging and should use the staging ipa server 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-30 07:39:37 -07:00
Francois Andrieu
f8c683ffa8 cleanup: use iad2 composer 2021-03-29 22:48:10 +00:00
Francois Andrieu
2f5f939a83 cleanup: change group_var datacenter from phx2 to iad2 2021-03-29 22:45:02 +00:00
Francois Andrieu
35a43317d4 cleanup: remove unused PHX2 related host_vars/group_vars 2021-03-29 22:45:02 +00:00
Kevin Fenzi
04e67d381e inventory: add dl01-05 to staging_friendly 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-29 08:54:49 -07:00
Stephen Smoogen
917d633e8d Add mirror.dst.ca to mirrors 2021-03-29 09:02:14 -04:00
Nick Bebout
0eae657232 Fix sudo rules for sysadmin-noc and sysadmin-veteran 2021-03-28 20:46:01 -05:00
Nick Bebout
5c1f91f588 sysadmin-hosted is not used anymore 2021-03-28 19:49:32 -05:00
Nick Bebout
1b0bcb3adf sysadmin-tools should have sudo on people 2021-03-28 19:43:57 -05:00
Kevin Fenzi
f6d6a2cffe people: people02 is on the vpn 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-28 12:52:57 -07:00
Kevin Fenzi
cd1430ab62 os-cluster: baseiptables should be FALSE 
The baseiptables variable controls if the base role should apply base
iptables and ip6tables templates to a host. In the case of OpenShift we
DO NOT WANT it to do this. The base iptables template doesn't handle all
the container native rules and setup that OpenShift needs to work.
This has caused multiple outages by applying this template on the
OpenShift nodes. So, set it to false here and keep it false please. :)

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-28 10:37:46 -07:00
Kevin Fenzi
7dadf93f44 Deploy renewed openshift certs 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-27 12:05:35 -07:00
Kevin Fenzi
29f31df142 pagure-stg01 is also on the vpn 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-25 14:16:03 -07:00
Kevin Fenzi
8101073e8e pagure: pagure is on the vpn 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-25 14:11:11 -07:00
Kevin Fenzi
1e5aefcc52 ipa03: fix ip address for ipa03 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-25 14:07:13 -07:00
Kevin Fenzi
b0d1ea96da bastion: add fasjson_url for fasjson role 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-25 13:47:05 -07:00
Kevin Fenzi
ddf53bdbdf inventory: add copr-db-stg to cloud_aws group to make nagios happy 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-25 09:52:57 -07:00
Nils Philippsen
46b3fb9390 ipa/client: Revamp combining shell groups 
The previous implementation didn't work because of a chicken-and-egg
problem: To add the batcave shell groups to those specifically for
bastion, it needs to look them up, but they aren't set yet (probably
because `batcave` comes after `bastion`).

Now, one can (optionally) set `ipa_client_shell_groups_inherit_from`, a
list of Ansible group names whose `ipa_client_shell_groups` will be
combined with that of the host itself. This is more robust because it's
done late, after variables are set from the inventory.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-25 13:53:21 +01:00