From 51a68ea0aec951f8dfef46f9c1c19aab5cbaeabd Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Thu, 28 May 2020 10:12:58 -0700 Subject: [PATCH 1/3] iad2: simplify proxy logic for multiple datacenters and make it one that works Signed-off-by: Kevin Fenzi --- roles/httpd/reverseproxy/templates/reversepassproxy.git.conf | 2 +- .../httpd/reverseproxy/templates/reversepassproxy.kojipkgs.conf | 2 +- roles/httpd/reverseproxy/templates/reversepassproxy.nagios.conf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.git.conf b/roles/httpd/reverseproxy/templates/reversepassproxy.git.conf index bb27cdb5ad..d690eccc49 100644 --- a/roles/httpd/reverseproxy/templates/reversepassproxy.git.conf +++ b/roles/httpd/reverseproxy/templates/reversepassproxy.git.conf @@ -42,7 +42,7 @@ ProxyPreserveHost On Require valid-user -{% if 'phx2' in inventory_hostname or if 'iad2' in inventory_hostname %} +{% if datacenter == 'iad2' or datacenter == 'phx2' %} ProxyPass {{ localpath }} {{ proxyurl }}{{remotepath}} ProxyPassReverse {{ localpath }} {{ proxyurl }}{{remotepath}} {% else %} diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.kojipkgs.conf b/roles/httpd/reverseproxy/templates/reversepassproxy.kojipkgs.conf index 589f1fa981..3702893d79 100644 --- a/roles/httpd/reverseproxy/templates/reversepassproxy.kojipkgs.conf +++ b/roles/httpd/reverseproxy/templates/reversepassproxy.kojipkgs.conf @@ -31,7 +31,7 @@ ProxyPreserveHost On {% endif %} -{% if 'phx2' in inventory_hostname or if 'iad2' in inventory_hostname %} +{% if datacenter == 'iad2' or datacenter == 'phx2' %} {% if balancer_name is defined %} diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.nagios.conf b/roles/httpd/reverseproxy/templates/reversepassproxy.nagios.conf index 3f29cff144..bf19c1188c 100644 --- a/roles/httpd/reverseproxy/templates/reversepassproxy.nagios.conf +++ b/roles/httpd/reverseproxy/templates/reversepassproxy.nagios.conf @@ -1,4 +1,4 @@ -{% if 'phx2' in inventory_hostname or if 'iad2' in inventory_hostname %} +{% if datacenter == 'iad2' or datacenter == 'phx2' %} ProxyPass {{ localpath }} {{ proxyurl }}{{remotepath}} ProxyPassReverse {{ localpath }} {{ proxyurl }}{{remotepath}} {% else %} From 61b72228ec867acc2e19a007a768bfbae0dde933 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Thu, 28 May 2020 10:25:47 -0700 Subject: [PATCH 2/3] inventory: add backup01.iad2 to iad2 group, remove taskotron from backups Signed-off-by: Kevin Fenzi --- inventory/backups | 1 - inventory/inventory | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory/backups b/inventory/backups index f3c856942f..79e23091f8 100644 --- a/inventory/backups +++ b/inventory/backups @@ -19,5 +19,4 @@ db-qa03.qa.fedoraproject.org db-koji02.phx2.fedoraproject.org value01.phx2.fedoraproject.org tang01.phx2.fedoraproject.org -taskotron01.qa.fedoraproject.org nuancier01.phx2.fedoraproject.org diff --git a/inventory/inventory b/inventory/inventory index 6eb6a3976a..ddd9066d32 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -1289,6 +1289,7 @@ retrace01.qa.fedoraproject.org [iad2] autosign01.iad2.fedoraproject.org +backup01.iad2.fedoraproject.org bastion01.iad2.fedoraproject.org batcave01.iad2.fedoraproject.org blockerbugs01.iad2.fedoraproject.org From 83d76a86143905af36db3c8c6cc1bce67b6b4f4a Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Thu, 28 May 2020 10:46:48 -0700 Subject: [PATCH 3/3] iad2: haproxy: fix up openshift certs so iad2 and phx2 are correct and both install. Just copy the phx2 ipa pem for now Signed-off-by: Kevin Fenzi --- ...production.pem => ipa.production-iad2.pem} | 0 roles/haproxy/files/ipa.production-phx2.pem | 23 +++++++++++++++++++ .../{ipa.staging.pem => ipa.staging-phx2.pem} | 0 .../files/os-master.production-iad2.pem | 18 +++++++++++++++ ...tion.pem => os-master.production-phx2.pem} | 0 ...staging.pem => os-master.staging-phx2.pem} | 0 roles/haproxy/tasks/main.yml | 4 ++-- 7 files changed, 43 insertions(+), 2 deletions(-) rename roles/haproxy/files/{ipa.production.pem => ipa.production-iad2.pem} (100%) create mode 100644 roles/haproxy/files/ipa.production-phx2.pem rename roles/haproxy/files/{ipa.staging.pem => ipa.staging-phx2.pem} (100%) create mode 100644 roles/haproxy/files/os-master.production-iad2.pem rename roles/haproxy/files/{os-master.production.pem => os-master.production-phx2.pem} (100%) rename roles/haproxy/files/{os-master.staging.pem => os-master.staging-phx2.pem} (100%) diff --git a/roles/haproxy/files/ipa.production.pem b/roles/haproxy/files/ipa.production-iad2.pem similarity index 100% rename from roles/haproxy/files/ipa.production.pem rename to roles/haproxy/files/ipa.production-iad2.pem diff --git a/roles/haproxy/files/ipa.production-phx2.pem b/roles/haproxy/files/ipa.production-phx2.pem new file mode 100644 index 0000000000..a3e3ad5f93 --- /dev/null +++ b/roles/haproxy/files/ipa.production-phx2.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQsFADA8MRowGAYDVQQKDBFGRURP +UkFQUk9KRUNULk9SRzEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X +DTE2MTAxMzEzMDQ0NloXDTM2MTAxMzEzMDQ0NlowPDEaMBgGA1UECgwRRkVET1JB +UFJPSkVDVC5PUkcxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLFCPrsPD3YW/yzvId7UsWCq/Ac +cD7IOtlt46slTa490TvfpwzB1IwA3H0LTEYV7LONMIxJIT8H4H2P7A/S4eDtA6sZ +s26Qp+3YLj+jHOwvNiONG5YBIn6vgUKc1SdwyuQsNwcGsH1nV2vXrKYz4ccMud1P +tzzwRMSWgwZLXcLvMMXYpDCxu4pVmgEtTnYz7Dii7MJ2aJsWEuslzjL6HjaegfGD +JjXCrqmNKcgbgD7fQq05wiYw8AbArjhfObDO626b4naB0VxLb9vGTDBaRbIeL7Or +nM11BWVqYAFFRZPL1jXkeb9Bpr9oj4PduRq6+tSZPa3wgtnoowAN2AqLHKMCAwEA +AaOBsDCBrTAfBgNVHSMEGDAWgBQVrijBhrLB6xwkwjZroAlWJGIpvDAPBgNVHRMB +Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBxjAdBgNVHQ4EFgQUFa4owYaywescJMI2 +a6AJViRiKbwwSgYIKwYBBQUHAQEEPjA8MDoGCCsGAQUFBzABhi5odHRwOi8vaXBh +MDEucGh4Mi5mZWRvcmFwcm9qZWN0Lm9yZzo4MC9jYS9vY3NwMA0GCSqGSIb3DQEB +CwUAA4IBAQAZE5ZVf2MROtRR2O00ecXwl3vBE72xw87EQdAQ6J9sDjug5YrVW6OU +OfaRoVLyBSi5uPgj2RZ9VePdGNSDZ66DhspPtmbWcW0M1X2QPXwWQ/Idj3MfKE33 +b+V4A6T55p1kxXniNl0KZHlDVMECltwRBkd9mjr3LgWzk/EgqyiP56xrWEsvKUyv +ZMvoyFky2/BaNTN8KOposjDQZwR5sqE/CJzm/QJPg/6zQ4/tkFDOc7ZqIVkfIqoY +sycNYLLakqCV59xuJ2uDbV8Sn8LbH5+e3Px0mapnVxn8fJAPcCqDOmXJ5TVkVYlH +nYYOskqEw5stHYuEwujR2uXo8vfmIMpZ +-----END CERTIFICATE----- + diff --git a/roles/haproxy/files/ipa.staging.pem b/roles/haproxy/files/ipa.staging-phx2.pem similarity index 100% rename from roles/haproxy/files/ipa.staging.pem rename to roles/haproxy/files/ipa.staging-phx2.pem diff --git a/roles/haproxy/files/os-master.production-iad2.pem b/roles/haproxy/files/os-master.production-iad2.pem new file mode 100644 index 0000000000..262df43438 --- /dev/null +++ b/roles/haproxy/files/os-master.production-iad2.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC6jCCAdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu +c2hpZnQtc2lnbmVyQDE1ODk4MjEwODIwHhcNMjAwNTE4MTY1ODAxWhcNMjUwNTE3 +MTY1ODAyWjAmMSQwIgYDVQQDDBtvcGVuc2hpZnQtc2lnbmVyQDE1ODk4MjEwODIw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwVl9/ZFwYKvginudHP+f7 +TFJgl45NWnmzc6aDPZDcCcfXZ1P8KtAa1GHBQ77ItJ5w2/lNx5PWoQAyAJrddXSZ +NlPxteLQe0c31rgR0++/UFFmcAnQ7WncBsPxJPFrFSEU5FF3faY5p9lGTVcwxvi3 +4eEKj9d3Yupr4osxeKaHwAM7r4Oq1iVApLsliNMXbXX0w7ihf3RPQonOoCK0oa+l +4DDdoCzARTi2q+H1tm5SmfJRpEXwaYOqTCH/Od1HbL+YmdJFoqfhcjEn+Bzg6VdR +U+MDNx71MQ3sROOpejyH51iZ0QK75zv1RtTIeylGGDa94g5tbRb7a5FJgRe39/jZ +AgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MA0GCSqG +SIb3DQEBCwUAA4IBAQB99T9a8/ZLnDmWZopX8Jhgv8umqNVW8nhgFOlFOJ6YsiXs +p9fDIUSU5m1/ZEJv0NIMMorLG49SoAxWrh4LwzlPc5fAT6PwHEZQRAAfu4oNjGzI +1KkERtyJqb+8KUFflTUQZubOBeK8enp9t2oSqnmFTN1NvMHAjuDYLqL2/pRqAdxx +vlRcqgyEoGRf98dX4tFrO1sTd6ivadOjITzRFJTXihR+DahV4a06nJYAbT52rLJJ +czzA/7vXY1XRUbRNtnPOI57b6Y/R/XQeWmX2C8TM8ogF/q+d7AG40LZB1xBJRNOY +38lIpCfLG9PuQwwl6M76zgrrjaPwDEsk6VGOSEhI +-----END CERTIFICATE----- diff --git a/roles/haproxy/files/os-master.production.pem b/roles/haproxy/files/os-master.production-phx2.pem similarity index 100% rename from roles/haproxy/files/os-master.production.pem rename to roles/haproxy/files/os-master.production-phx2.pem diff --git a/roles/haproxy/files/os-master.staging.pem b/roles/haproxy/files/os-master.staging-phx2.pem similarity index 100% rename from roles/haproxy/files/os-master.staging.pem rename to roles/haproxy/files/os-master.staging-phx2.pem diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml index 7dbfb3cb7d..ee30caf490 100644 --- a/roles/haproxy/tasks/main.yml +++ b/roles/haproxy/tasks/main.yml @@ -35,8 +35,8 @@ dest={{ item.dest }} owner=root group=root mode=0600 with_items: - - { file: "ipa.{{env}}.pem", dest: /etc/haproxy/ipa.pem } - - { file: "os-master.{{env}}.pem", dest: /etc/haproxy/os-master.pem } + - { file: "ipa.{{env}}-{{datacenter}}.pem", dest: /etc/haproxy/ipa.pem } + - { file: "os-master.{{env}}-{{datacenter}}.pem", dest: /etc/haproxy/os-master.pem } tags: - haproxy