diff --git a/inventory/group_vars/beaker_virthosts b/inventory/group_vars/beaker_virthosts deleted file mode 100644 index 783fa86669..0000000000 --- a/inventory/group_vars/beaker_virthosts +++ /dev/null @@ -1,10 +0,0 @@ ---- -virthost: true -nrpe_procs_warn: 900 -nrpe_procs_crit: 1000 - -libvirt_remote_pubkey: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsxg20+vmLTt/U23x6yBtxU6N2Ool8ddlC5TFwr3FktCM7hcxkQ/funJ3VD5v9iN7Qg09g2YsPaPTfvmOPOP4bzX+/Fk8vJJb5nVg++XbS80Uw62eofr8g68ZPf6IWLEBiZ8/hmumK3TxTmsj/jn17bZBFTcQL7sB7Q4y7TxODt+5W9/0mJTLXbKoCvV+BCpxEfokx+50vVcX5CxXLHdgrdhPzKHcBHKtX6d2W8xzFj2dCThgAXl5tULYI1xP0BYTOtG+RaTNQWme4JxNlQZB8xbCxN2U+e1NpZl1Hn7Y9MbRL+nLfMIuWNJjYzUTGP3o9m2Tl9RCc2nhuS652rjfcQ== tflink@imagebuilder.qa.fedoraproject.org' -libvirt_user: "{{ beaker_libvirt_user }}" - -# beaker is not a production service, so the virthosts aren't frozen -freezes: false diff --git a/inventory/group_vars/nagios b/inventory/group_vars/nagios index 66604e9088..4618c50e1b 100644 --- a/inventory/group_vars/nagios +++ b/inventory/group_vars/nagios @@ -36,8 +36,6 @@ csi_purpose: Monitoring system # phx2_management_hosts: - backup01.mgmt.fedoraproject.org - - beaker-client01.mgmt.fedoraproject.org - - beaker-client02.mgmt.fedoraproject.org - bkernel03.mgmt.fedoraproject.org - bvirthost01.mgmt.fedoraproject.org - bvirthost04.mgmt.fedoraproject.org diff --git a/inventory/host_vars/qa04.qa.fedoraproject.org b/inventory/host_vars/qa04.qa.fedoraproject.org deleted file mode 100644 index 50785cad5a..0000000000 --- a/inventory/host_vars/qa04.qa.fedoraproject.org +++ /dev/null @@ -1,35 +0,0 @@ ---- -freezes: false -fas_client_groups: sysadmin-qa,sysadmin-main -sudoers: "{{ private }}/files/sudo/qavirt-sudoers" - -# hardware and setup information -eth0_ip: 10.5.124.154 -eth0_nm: 255.255.255.128 -eth0_mac: 00:21:5e:c7:2a:1c -eth_interface: eth0 -volgroup: vmstore - -# beaker clients hosted on this machine -clients: - - hostname: beaker-client06.qa.fedoraproject.org - macaddress: "52:54:00:5a:77:2a" - memsize: 4096 - num_cpus: 2 - lvm_size: 20G - - hostname: beaker-client07.qa.fedoraproject.org - macaddress: "52:54:00:33:9a:ea" - memsize: 4096 - num_cpus: 2 - lvm_size: 20G - - hostname: beaker-client08.qa.fedoraproject.org - macaddress: "52:54:00:2a:98:9e" - memsize: 4096 - num_cpus: 2 - lvm_size: 20G - - hostname: beaker-client09.qa.fedoraproject.org - macaddress: "52:54:00:48:d7:cd" - memsize: 4096 - num_cpus: 2 - lvm_size: 20G - diff --git a/inventory/host_vars/qa08.qa.fedoraproject.org b/inventory/host_vars/qa08.qa.fedoraproject.org deleted file mode 100644 index 97ffae04ec..0000000000 --- a/inventory/host_vars/qa08.qa.fedoraproject.org +++ /dev/null @@ -1,37 +0,0 @@ ---- -freezes: false -fas_client_groups: sysadmin-qa,sysadmin-main -sudoers: "{{ private }}/files/sudo/qavirt-sudoers" -datacenter: phx2 -gw: 10.5.124.254 - -# hardware and setup information -eth0_ip: 10.5.124.158 -eth0_nm: 255.255.255.128 -eth0_mac: e4:1f:13:e5:46:80 -eth_interface: eth0 -volgroup: vmstore - -# beaker clients hosted on this machine -clients: - - hostname: virt15.qa.fedoraproject.org - macaddress: "52:54:00:1d:15:85" - memsize: 4096 - num_cpus: 2 - lvm_size: 20G - - hostname: virt16.qa.fedoraproject.org - macaddress: "52:54:00:f2:cc:2a" - memsize: 4096 - num_cpus: 2 - lvm_size: 20G - - hostname: virt17.qa.fedoraproject.org - macaddress: "52:54:00:58:9b:0e" - memsize: 4096 - num_cpus: 2 - lvm_size: 20G - - hostname: virt18.qa.fedoraproject.org - macaddress: "52:54:00:22:3b:07" - memsize: 4096 - num_cpus: 2 - lvm_size: 20G - diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml index e655cfedd8..bd4cea4558 100644 --- a/playbooks/include/proxies-websites.yml +++ b/playbooks/include/proxies-websites.yml @@ -801,67 +801,12 @@ cert_name: jenkins.fedorainfracloud.org certbot: true - - role: httpd/website - site_name: beaker.qa.fedoraproject.org - server_aliases: [beaker.qa.fedoraproject.org] - # Set this explicitly to stg here.. as per the original puppet config. - SSLCertificateChainFile: qa.fedoraproject.org.intermediate.cert - sslonly: true - cert_name: "qa.fedoraproject.org" - - - role: httpd/website - site_name: beaker.stg.fedoraproject.org - server_aliases: [beaker.stg.fedoraproject.org] - # Set this explicitly to stg here.. as per the original puppet config. - SSLCertificateChainFile: wildcard-2020.stg.fedoraproject.org.intermediate.cert - sslonly: true - cert_name: "{{wildcard_cert_name}}" - when: env == "staging" - - - role: httpd/website - site_name: qa.stg.fedoraproject.org - server_aliases: [qa.stg.fedoraproject.org] - cert_name: qa.stg.fedoraproject.org - SSLCertificateChainFile: qa.stg.fedoraproject.org.intermediate.cert - sslonly: true - when: env == "staging" - - - role: httpd/website - site_name: phab.qa.stg.fedoraproject.org - server_aliases: [phab.qa.stg.fedoraproject.org] - cert_name: qa.stg.fedoraproject.org - SSLCertificateChainFile: qa.stg.fedoraproject.org.intermediate.cert - sslonly: true - when: env == "staging" - - - role: httpd/website - site_name: docs.qa.stg.fedoraproject.org - server_aliases: [docs.qa.stg.fedoraproject.org] - cert_name: qa.stg.fedoraproject.org - SSLCertificateChainFile: qa.stg.fedoraproject.org.intermediate.cert - sslonly: true - when: env == "staging" - - - role: httpd/website - site_name: phab.qa.fedoraproject.org - server_aliases: [phab.qa.fedoraproject.org] - cert_name: qa.fedoraproject.org - SSLCertificateChainFile: qa.fedoraproject.org.intermediate.cert - sslonly: true - - role: httpd/website site_name: data-analysis.fedoraproject.org server_aliases: [data-analysis.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - - role: httpd/website - site_name: docs.qa.fedoraproject.org - server_aliases: [docs.qa.fedoraproject.org] - cert_name: qa.fedoraproject.org - SSLCertificateChainFile: qa.fedoraproject.org.intermediate.cert - sslonly: true - - role: httpd/website site_name: nagios.fedoraproject.org server_aliases: [nagios.stg.fedoraproject.org] diff --git a/roles/base/templates/iptables/iptables b/roles/base/templates/iptables/iptables index d512745a29..8050469154 100644 --- a/roles/base/templates/iptables/iptables +++ b/roles/base/templates/iptables/iptables @@ -50,26 +50,6 @@ # to block all access from that group. This is to protect them from any possible attack # vectors from qa-isolated machines. # -# Here we hard code beaker client nodes. They are managed by beaker and are not in ansible. --A INPUT -s 10.5.131.31 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.32 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.33 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.34 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.35 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.36 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.37 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.38 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.39 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.40 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.41 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.42 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.43 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.44 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.45 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.46 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.47 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.48 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.49 -j REJECT --reject-with icmp-host-prohibited {% for host in groups['qa_isolated']|sort %} {% if 'eth0_ip' in hostvars[host] %}# {{ host }} -A INPUT -s {{ hostvars[host]['eth0_ip'] }} -j REJECT --reject-with icmp-host-prohibited diff --git a/roles/base/templates/iptables/iptables.ns03.phx2.fedoraproject.org b/roles/base/templates/iptables/iptables.ns03.phx2.fedoraproject.org index ba124f73df..63b74b997d 100644 --- a/roles/base/templates/iptables/iptables.ns03.phx2.fedoraproject.org +++ b/roles/base/templates/iptables/iptables.ns03.phx2.fedoraproject.org @@ -55,26 +55,6 @@ # to block all access from that group. This is to protect them from any possible attack # vectors from qa-isolated machines. # -# Here we hard code beaker client nodes. They are managed by beaker and are not in ansible. --A INPUT -s 10.5.131.31 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.32 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.33 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.34 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.35 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.36 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.37 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.38 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.39 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.40 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.41 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.42 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.43 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.44 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.45 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.46 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.47 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.48 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.49 -j REJECT --reject-with icmp-host-prohibited {% for host in groups['qa_isolated']|sort %} {% if 'eth0_ip' in hostvars[host] %}# {{ host }} -A INPUT -s {{ hostvars[host]['eth0_ip'] }} -j REJECT --reject-with icmp-host-prohibited diff --git a/roles/base/templates/iptables/iptables.ns04.phx2.fedoraproject.org b/roles/base/templates/iptables/iptables.ns04.phx2.fedoraproject.org index ba124f73df..63b74b997d 100644 --- a/roles/base/templates/iptables/iptables.ns04.phx2.fedoraproject.org +++ b/roles/base/templates/iptables/iptables.ns04.phx2.fedoraproject.org @@ -55,26 +55,6 @@ # to block all access from that group. This is to protect them from any possible attack # vectors from qa-isolated machines. # -# Here we hard code beaker client nodes. They are managed by beaker and are not in ansible. --A INPUT -s 10.5.131.31 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.32 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.33 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.34 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.35 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.36 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.37 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.38 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.39 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.40 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.41 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.42 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.43 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.44 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.45 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.46 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.47 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.48 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.49 -j REJECT --reject-with icmp-host-prohibited {% for host in groups['qa_isolated']|sort %} {% if 'eth0_ip' in hostvars[host] %}# {{ host }} -A INPUT -s {{ hostvars[host]['eth0_ip'] }} -j REJECT --reject-with icmp-host-prohibited diff --git a/roles/base/templates/iptables/iptables.torrent02.fedoraproject.org b/roles/base/templates/iptables/iptables.torrent02.fedoraproject.org index bc519998d9..1b3cd2d34e 100644 --- a/roles/base/templates/iptables/iptables.torrent02.fedoraproject.org +++ b/roles/base/templates/iptables/iptables.torrent02.fedoraproject.org @@ -55,26 +55,6 @@ # to block all access from that group. This is to protect them from any possible attack # vectors from qa-isolated machines. # -# Here we hard code beaker client nodes. They are managed by beaker and are not in ansible. --A INPUT -s 10.5.131.31 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.32 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.33 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.34 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.35 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.36 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.37 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.38 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.39 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.40 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.41 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.42 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.43 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.44 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.45 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.46 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.47 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.48 -j REJECT --reject-with icmp-host-prohibited --A INPUT -s 10.5.131.49 -j REJECT --reject-with icmp-host-prohibited {% for host in groups['qa_isolated']|sort %} {% if 'eth0_ip' in hostvars[host] %}# {{ host }} -A INPUT -s {{ hostvars[host]['eth0_ip'] }} -j REJECT --reject-with icmp-host-prohibited