Added the infra SOPs ported to asciidoc.

2021-07-26 10:39:47 +02:00 · 2021-07-26 10:39:47 +02:00 · a0301e30f1
commit a0301e30f1
parent 8a7f111a12
148 changed files with 18575 additions and 17 deletions
--- a/modules/sysadmin_guide/pages/bastion-hosts-info.adoc
+++ b/modules/sysadmin_guide/pages/bastion-hosts-info.adoc
@ -0,0 +1,31 @@
+= Fedora Bastion Hosts
+
+== Description
+
+There are 2 primary bastion hosts in the phx2 datacenter. One will be
+active at any given time and the second will be a hot spare, ready to
+take over. Switching between bastion hosts is currently a manual process
+that requires changes in ansible.
+
+There is also a bastion-comm01 bastion host for the qa.fedoraproject.org
+network. This is used in cases where users only need to access resources
+in that qa.fedoraproject.org.
+
+All of the bastion hosts have an external IP that is mapped into them.
+The reverse dns for these IPs is controlled by RHIT, so any changes must
+be carefully coordinated.
+
+The active bastion host performs the following functions:
+
+* Outgoing smtp from fedora servers. This includes email aliases,
+mailing list posts, build and commit notices, mailing list posts, etc.
+* Incoming smtp from servers in phx2 or on the fedora vpn. Incoming mail
+directly from the outside is NOT accepted or forwarded.
+* ssh access to all phx2/vpn connected servers.
+* openvpn hub. This is the hub that all vpn clients connect to and talk
+to each other via. Taking down or stopping this service will be a major
+outage of services as all proxy and app servers use the vpn to talk to
+each other.
+
+When rebuilding these machines, care must be taken to match up the dns
+names externally, and to preserve the ssh host keys.