DC move: iad => rdu3, 10.3. => 10.16.
And remove some obsolete things. Signed-off-by: Nils Philippsen <nils@redhat.com>
This commit is contained in:
Nils Philippsen
parent
f3756ceb83
commit
b4afb2f945
83 changed files with 386 additions and 429 deletions
|
|
@ -17,16 +17,16 @@ been recently added to the data center/network that you want:
|
|||
|
||||
....
|
||||
git grep badges-web01
|
||||
built/126.5.10.in-addr.arpa:69 IN PTR badges-web01.stg.iad2.fedoraproject.org.
|
||||
built/126.5.10.in-addr.arpa:69 IN PTR badges-web01.stg.rdu3.fedoraproject.org.
|
||||
[...lots of other stuff in built/ ignore these as they'll be generated later...]
|
||||
master/126.5.10.in-addr.arpa:69 IN PTR badges-web01.stg.iad2.fedoraproject.org.
|
||||
master/126.5.10.in-addr.arpa:101 IN PTR badges-web01.iad2.fedoraproject.org.
|
||||
master/126.5.10.in-addr.arpa:102 IN PTR badges-web02.iad2.fedoraproject.org.
|
||||
master/126.5.10.in-addr.arpa:69 IN PTR badges-web01.stg.rdu3.fedoraproject.org.
|
||||
master/126.5.10.in-addr.arpa:101 IN PTR badges-web01.rdu3.fedoraproject.org.
|
||||
master/126.5.10.in-addr.arpa:102 IN PTR badges-web02.rdu3.fedoraproject.org.
|
||||
master/168.192.in-addr.arpa:109.1 IN PTR badges-web01.vpn.fedoraproject.org
|
||||
master/168.192.in-addr.arpa:110.1 IN PTR badges-web02.vpn.fedoraproject.org
|
||||
master/iad2.fedoraproject.org:badges-web01.stg IN A 10.5.126.69
|
||||
master/iad2.fedoraproject.org:badges-web01 IN A 10.5.126.101
|
||||
master/iad2.fedoraproject.org:badges-web02 IN A 10.5.126.102
|
||||
master/rdu3.fedoraproject.org:badges-web01.stg IN A 10.5.126.69
|
||||
master/rdu3.fedoraproject.org:badges-web01 IN A 10.5.126.101
|
||||
master/rdu3.fedoraproject.org:badges-web02 IN A 10.5.126.102
|
||||
master/vpn.fedoraproject.org:badges-web01 IN A 192.168.1.109
|
||||
master/vpn.fedoraproject.org:badges-web02 IN A 192.168.1.110
|
||||
....
|
||||
|
|
@ -36,9 +36,9 @@ those files are for the host on the IAD network. The other two are for
|
|||
the host to be able to talk over the VPN. Although the VPN is not always
|
||||
needed, the common case is that the host will need it. (If any clients
|
||||
_need to connect to it via the proxy servers_ or it is not hosted in
|
||||
IAD2 it will need a VPN connection). An common exception is here the
|
||||
RDU3 it will need a VPN connection). An common exception is here the
|
||||
staging environment: since we only have one proxy server in staging and
|
||||
it is in IAD2, a VPN connection is not typically needed for staging
|
||||
it is in RDU3, a VPN connection is not typically needed for staging
|
||||
hosts.
|
||||
|
||||
Edit the zone file for the reverse lookup first (the *in-addr.arpa file)
|
||||
|
|
@ -55,13 +55,13 @@ in stg into production:
|
|||
-106 IN PTR unused.
|
||||
-107 IN PTR unused.
|
||||
-108 IN PTR unused.
|
||||
+105 IN PTR elections01.stg.iad2.fedoraproject.org.
|
||||
+106 IN PTR elections02.stg.iad2.fedoraproject.org.
|
||||
+107 IN PTR elections01.iad2.fedoraproject.org.
|
||||
+108 IN PTR elections02.iad2.fedoraproject.org.
|
||||
+105 IN PTR elections01.stg.rdu3.fedoraproject.org.
|
||||
+106 IN PTR elections02.stg.rdu3.fedoraproject.org.
|
||||
+107 IN PTR elections01.rdu3.fedoraproject.org.
|
||||
+108 IN PTR elections02.rdu3.fedoraproject.org.
|
||||
....
|
||||
|
||||
Edit the forward domain (iad2.fedoraproject.org in our example) next:
|
||||
Edit the forward domain (rdu3.fedoraproject.org in our example) next:
|
||||
|
||||
....
|
||||
elections01.stg IN A 10.5.126.105
|
||||
|
|
@ -71,8 +71,8 @@ elections02 IN A 10.5.126.108
|
|||
....
|
||||
|
||||
Repeat these two steps if you need to make them available on the VPN.
|
||||
Note: if your stg hosts are in IAD2, you don't need to configure VPN for
|
||||
them as all our stg proxy servers are in IAD2.
|
||||
Note: if your stg hosts are in RDU3, you don't need to configure VPN for
|
||||
them as all our stg proxy servers are in RDU3.
|
||||
|
||||
Also remember to update the Serial at the top of all zone files.
|
||||
|
||||
|
|
@ -115,11 +115,11 @@ to have valid SSL Certs. These are currently stored in the private repo:
|
|||
git clone /srv/git/ansible-private && chmod 0700 ansible-private
|
||||
cd ansible-private/files/2fa-certs
|
||||
. ./vars
|
||||
./build-and-sign-key $FQDN # ex: elections01.stg.iad2.fedoraproject.org
|
||||
./build-and-sign-key $FQDN # ex: elections01.stg.rdu3.fedoraproject.org
|
||||
....
|
||||
|
||||
The `$FQDN` should be the iad2 domain name if it's in iad2, vpn if not in
|
||||
iad2, and if it has no vpn and is not in iad2 we should add it to the
|
||||
The `$FQDN` should be the rdu3 domain name if it's in rdu3, vpn if not in
|
||||
rdu3, and if it has no vpn and is not in rdu3 we should add it to the
|
||||
vpn.:
|
||||
|
||||
....
|
||||
|
|
@ -141,11 +141,11 @@ stored in the private repo:
|
|||
|
||||
....
|
||||
cd ansible-private/files/vpn/
|
||||
./addhost.sh $FQDN # ex: zabbix01.iad2.fedoraproject.org
|
||||
./addhost.sh $FQDN # ex: zabbix01.rdu3.fedoraproject.org
|
||||
....
|
||||
|
||||
The `$FQDN` should be the iad2 domain name if it's in iad2, and just
|
||||
fedoraproject.org if it's not in IAD2 (note that there is never .vpn in
|
||||
The `$FQDN` should be the rdu3 domain name if it's in rdu3, and just
|
||||
fedoraproject.org if it's not in RDU3 (note that there is never .vpn in
|
||||
the FQDN in the openvpn keys). Now commit and push.:
|
||||
|
||||
....
|
||||
|
|
@ -178,26 +178,26 @@ create things like this:
|
|||
|
||||
....
|
||||
[elections]
|
||||
elections01.iad2.fedoraproject.org
|
||||
elections02.iad2.fedoraproject.org
|
||||
elections01.rdu3.fedoraproject.org
|
||||
elections02.rdu3.fedoraproject.org
|
||||
|
||||
[elections-stg]
|
||||
elections01.stg.iad2.fedoraproject.org
|
||||
elections02.stg.iad2.fedoraproject.org
|
||||
elections01.stg.rdu3.fedoraproject.org
|
||||
elections02.stg.rdu3.fedoraproject.org
|
||||
|
||||
[... find the staging group and add there: ...]
|
||||
|
||||
[staging]
|
||||
db-fas01.stg.iad2.fedoraproject.org
|
||||
elections01.stg.iad2.fedoraproject.org
|
||||
electionst02.stg.iad2.fedoraproject.org
|
||||
db-fas01.stg.rdu3.fedoraproject.org
|
||||
elections01.stg.rdu3.fedoraproject.org
|
||||
electionst02.stg.rdu3.fedoraproject.org
|
||||
....
|
||||
|
||||
The hosts should use their fully qualified domain names here. The rules
|
||||
are slightly different than for 2fa certs. If the host is in IAD2, use
|
||||
the .iad2.fedoraproject.org domain name. If they aren't in IAD2, then
|
||||
are slightly different than for 2fa certs. If the host is in RDU3, use
|
||||
the .rdu3.fedoraproject.org domain name. If they aren't in RDU3, then
|
||||
they usually just have .fedoraproject.org as their domain name. (If in
|
||||
doubt about a not-in-IAD2 host, just ask).
|
||||
doubt about a not-in-RDU3 host, just ask).
|
||||
|
||||
=== VPN config
|
||||
|
||||
|
|
@ -209,7 +209,7 @@ ifconfig-push 192.168.1.X 192.168.0.X
|
|||
....
|
||||
|
||||
Where X is the last octet of the DNS IP address assigned to the host, so
|
||||
for example for _elections01.iad2.fedoraproject.org_ that would be:
|
||||
for example for _elections01.rdu3.fedoraproject.org_ that would be:
|
||||
|
||||
....
|
||||
ifconfig-push 192.168.1.44 192.168.0.44
|
||||
|
|
@ -248,7 +248,7 @@ claimed in the dns repo:
|
|||
|
||||
....
|
||||
cd ~/ansible/inventory/host_vars
|
||||
cp badges-web01.stg.iad2.fedoraproject.org elections01.stg.iad2.fedoraproject.org
|
||||
cp badges-web01.stg.rdu3.fedoraproject.org elections01.stg.rdu3.fedoraproject.org
|
||||
<edit appropriately>
|
||||
....
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue