Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
33035 commits 9 branches 0 tags 111 MiB
Commit graph

279 commits

Author SHA1 Message Date
Pierre-Yves Chibon
8a13932c66 postfix: Drop the main.cf for pagure02 - never worked 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-10-02 09:50:42 +02:00
Pierre-Yves Chibon
5383f87f30 pagure: adjust pagure's postfix configuration to rhel8 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-10-01 11:06:52 +02:00
Pierre-Yves Chibon
200282de8d pagure: add a dedicated postfix configuration file for pagure02 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-09-25 12:10:31 +02:00
Silvie Chlupova
3ded4aae28 Fix DKIM signing 2020-09-24 10:58:17 +00:00
Mark O'Brien
1b787aef8b add proxy39/40 to http log sync 2020-09-22 11:08:31 +01:00
Mark O'Brien
e4e6ede45b [proxies] add proxy37/38 2020-09-01 15:45:29 +01:00
Stephen Smoogen
15348981f8 try to fix part of ticket #9273 by increasing the number of open files allowed on log servers and people as they have a large number of files to deal with. 2020-08-28 08:26:19 -04:00
Mark O'Brien
5f114a7c98 [proxies] setup for proxy35/36 2020-08-24 17:21:00 +01:00
Stephen Smoogen
25d3faff49 put in a relay host for copr 2020-08-13 14:55:18 -04:00
Stephen Smoogen
17965d6ea7 merge and remove duplicate gateway file that bastion.iad2 had. add in copr addresses to allow for relay 2020-08-13 14:53:33 -04:00
Stephen Smoogen
04efbcf732 add in correct main.cf also 2020-08-12 20:45:14 -04:00
Stephen Smoogen
c9cb4a5d5f fix postfix entries so that they use 10.3.160.0/19 network versus phx2 networks 2020-08-12 20:42:57 -04:00
Mark O'Brien
f7ba779b61 [proxies] add proxy34 2020-08-04 15:41:04 +01:00
Mark O'Brien
6994fef4f8 [proxies] new proxy33 in aws capetown 2020-07-28 15:34:59 +01:00
Kevin Fenzi
3c340cf69b base / resolv.conf: fix staging to adjust for iad2 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-18 15:46:37 -07:00
Stephen Smoogen
c1c1905ce4 fix syntax error in syncHttpLogs causing it to fail on log01. File needed } at the end of variable. Consolidated debug statements 2020-07-14 13:54:31 -04:00
Kevin Fenzi
971d49a426 base / resolv.conf / rdu: increase timeout to 5s at rdu 
The nameserver there seems slow, it takes more than a second to resolve
things sometimes.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-11 10:17:48 -07:00
Stephen Smoogen
5674c1e0ad try to fix syncHttpLogs so it doesnt try to download files whcih do not exist. The rsync command has entries like speedup and data and we just want the logs 2020-07-10 17:07:22 -04:00
Stephen Smoogen
fdf96ef734 fix bug in syncHttpLogs causing them to fail 2020-07-10 09:29:41 -04:00
Kevin Fenzi
11ec8e6adf base / resolv.conf / rdu2: vpn has to come first 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-06 14:10:15 -07:00
Stephen Smoogen
736b3db7d1 make the syncHttpLogs a little less noisy and hopefully more useful 2020-07-02 08:54:57 -04:00
Kevin Fenzi
7984b46eb7 The great phx2 pruning run (1st cut). 
Since we no longer have any machines in phx2, I have tried to remove
them from ansible. Note that there are still some places where we need
to remove them still: nagios, dhcp, named were not touched, and in cases
where it wasn't pretty clear what a conditional was doing I left it to
be cleaned up later.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-06-14 14:14:31 -07:00
Adam Williamson
1a3ee7c6a1 Minimize another use of blacklist 
Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2020-06-12 09:45:20 -07:00
Stephen Smoogen
6cbe68f288 make firewall change to openshift so nagios can be accepted. make change to syncHttp for new ips 2020-06-12 12:33:13 -04:00
Stephen Smoogen
0816164593 remove proxy01.phx2/proxy10.phx2 from vpn 2020-06-10 15:44:57 -04:00
Stephen Smoogen
0f6bde6666 make it so s390 uses iad2 dns 2020-06-09 20:30:01 -04:00
Stephen Smoogen
9fbe3df30b put the right item into the postfix main.cf 2020-06-09 14:16:22 -04:00
Stephen Smoogen
da3bb01bb8 make it so ipv4 is used for iad2 systems 2020-06-09 14:11:26 -04:00
Stephen Smoogen
d89168a30f clean up download usage 2020-06-06 15:23:40 -04:00
Stephen Smoogen
16875c357d try to get this to work for builders in iad2 2020-06-06 10:39:09 -04:00
Mark O'Brien
cb9302cb6a [postfix] update gateway conf for postfix3 2020-06-02 08:16:55 +00:00
Mark O'Brien
c8e322e49a [postfix] update main config file for postfix3 config 2020-06-02 08:16:55 +00:00
Kevin Fenzi
d5b4bef21b iad2: bkernel01 should use the iad resolv.conf, and we shouldn't try and put template conditionals in a file. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-30 18:21:39 -07:00
Kevin Fenzi
189194a7d1 iad2: fix kojibuilder resolv.conf for iad2 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-28 14:40:04 -07:00
Stephen Smoogen
5407472e84 move iad2 in front of vpn so that hosts aren't trying to reach vpn hosts when they aren't on vpn 2020-05-22 15:24:31 -04:00
Stephen Smoogen
d8188e7417 turn off ipv6 on bastion until we get ipv6 fulling deployed 2020-05-22 14:07:59 -04:00
Stephen Smoogen
5b9d2b927d put in an updated postfix.main for bastion-iad01 2020-05-22 13:56:34 -04:00
Mark O'Brien
851d898e01 [rsyslog] add rsyslog8/rhel8 conf file 2020-05-21 11:37:48 +01:00
Kevin Fenzi
98549fd6db base / resolv.conf: we want vpn to be before iad2 here 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-13 16:56:58 -07:00
Kevin Fenzi
c529380547 Spring cleaning time. :) 
I removed all the old files, inventory, playbooks, roles and other from
services we no longer run or use. There was a bunch of cruft in there
and I hope that will make the repo cleaner and easier to look for things
we actually do run and care about.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-13 14:02:41 -07:00
Kevin Fenzi
ce6cd8844a base: postfix: comment duplicate alias_maps thats sending warnings from bastion01.iad2 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-08 20:30:33 -07:00
Kevin Fenzi
b8de4f9d7d iad2: log01: add a rsyslog config file for log01.iad2 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-08 17:49:21 -07:00
Kevin Fenzi
29a4145466 iad2: add a iad2 resolv.conf file. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-06 16:54:48 -07:00
Kevin Fenzi
9b49971cae iad2: set prompt in iad2 to avoid confusion 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-06 13:51:16 -07:00
Stephen Smoogen
03a14c6db9 HOTPATCH: Fix pagure-stg email. Formal fix will need updating our postfix files to work with RHEL-8/Fedora 28+ postfix syntax. 2020-05-04 08:48:43 -04:00
Nils Philippsen
5958059b47 Remove remnants of lists-dev and lists01 
Follow-up on:

commit a11e1da4b435928c8895259e12ea1bf895860cb4
Author: Kevin Fenzi <kevin@scrye.com>
Date:   Thu Feb 20 17:09:00 2020 +0000

    lists-dev: farewell

    Signed-off-by: Kevin Fenzi <kevin@scrye.com>

commit dd3bf3b50d
Author: Kevin Fenzi <kevin@scrye.com>
Date:   Fri May 20 18:09:20 2016 +0000

    Drop collab03 and hosted-lists01 (everything is going to mailman01 now).
    Drop hosted01 (we arent going to move hosted to rhel7)

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2020-05-03 22:02:42 +00:00
Stephen Smoogen
bb719cdc5d rsyslogd: fix rsyslogd on all EL8 and F32 boxes 
In 2017, I (Stephen Smoogen), put in a change to copy
roles/base/files/rsyslog/rsyslog-limits.conf to /etc/systemd on
log01. This was to make it so we have adequete limits on the logrunner
on log01. However I missed the fact that all *.conf files are copied
over to /etc/rsyslog.d/ in a previous section. So this file has been
copied over to every system since 2017.. which was ok when rsyslogd just
ignored the syntax. However on EL8, it dies and kills rsyslogd so
servers are not able to run.

Fix: change the file name to one which won't get globbed. Remove the
file from all systems in /etc/rsyslo.d
 2020-04-30 11:25:25 +00:00
Stephen Smoogen
07a8351c1d sync the download logs from download-cc 2020-04-30 10:17:28 +00:00
Kevin Fenzi
8102d0ca43 base / selinux / rsyslog-audit: bump the version on this policy to get it to reload on all the f31+ machines 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:27 +02:00
Stephen Smoogen
efcd9b0ead the problem was that some of the host names were listed as cloud-noc01.fedorainfracloud.org and others were named cloud-noc01.cloud.fedoraproject.org. Move to 1 name throughout ansible 2020-04-24 21:34:27 +02:00