infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions

dhcp/inventory: removing beaker and beaker-client

Browse source 
Removing references to beaker and the hosts that were part of that setup
This commit is contained in:
Tim Flink 2020-06-02 12:44:32 -06:00 committed by tflink
parent 5a93a3ab85
commit 41f79ab8d2
9 changed files with 0 additions and 219 deletions
Download patch file Download diff file Expand all files Collapse all files

10
inventory/group_vars/beaker_virthosts
View file

@ -1,10 +0,0 @@
---
virthost: true
nrpe_procs_warn: 900
nrpe_procs_crit: 1000
libvirt_remote_pubkey: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsxg20+vmLTt/U23x6yBtxU6N2Ool8ddlC5TFwr3FktCM7hcxkQ/funJ3VD5v9iN7Qg09g2YsPaPTfvmOPOP4bzX+/Fk8vJJb5nVg++XbS80Uw62eofr8g68ZPf6IWLEBiZ8/hmumK3TxTmsj/jn17bZBFTcQL7sB7Q4y7TxODt+5W9/0mJTLXbKoCvV+BCpxEfokx+50vVcX5CxXLHdgrdhPzKHcBHKtX6d2W8xzFj2dCThgAXl5tULYI1xP0BYTOtG+RaTNQWme4JxNlQZB8xbCxN2U+e1NpZl1Hn7Y9MbRL+nLfMIuWNJjYzUTGP3o9m2Tl9RCc2nhuS652rjfcQ== tflink@imagebuilder.qa.fedoraproject.org'
libvirt_user: "{{ beaker_libvirt_user }}"
# beaker is not a production service, so the virthosts aren't frozen
freezes: false

2
inventory/group_vars/nagios
View file

@ -36,8 +36,6 @@ csi_purpose: Monitoring system
# #
phx2_management_hosts: phx2_management_hosts:
- backup01.mgmt.fedoraproject.org - backup01.mgmt.fedoraproject.org
- beaker-client01.mgmt.fedoraproject.org
- beaker-client02.mgmt.fedoraproject.org
- bkernel03.mgmt.fedoraproject.org - bkernel03.mgmt.fedoraproject.org
- bvirthost01.mgmt.fedoraproject.org - bvirthost01.mgmt.fedoraproject.org
- bvirthost04.mgmt.fedoraproject.org - bvirthost04.mgmt.fedoraproject.org

35
inventory/host_vars/qa04.qa.fedoraproject.org
View file

@ -1,35 +0,0 @@
---
freezes: false
fas_client_groups: sysadmin-qa,sysadmin-main
sudoers: "{{ private }}/files/sudo/qavirt-sudoers"
# hardware and setup information
eth0_ip: 10.5.124.154
eth0_nm: 255.255.255.128
eth0_mac: 00:21:5e:c7:2a:1c
eth_interface: eth0
volgroup: vmstore
# beaker clients hosted on this machine
clients:
- hostname: beaker-client06.qa.fedoraproject.org
macaddress: "52:54:00:5a:77:2a"
memsize: 4096
num_cpus: 2
lvm_size: 20G
- hostname: beaker-client07.qa.fedoraproject.org
macaddress: "52:54:00:33:9a:ea"
memsize: 4096
num_cpus: 2
lvm_size: 20G
- hostname: beaker-client08.qa.fedoraproject.org
macaddress: "52:54:00:2a:98:9e"
memsize: 4096
num_cpus: 2
lvm_size: 20G
- hostname: beaker-client09.qa.fedoraproject.org
macaddress: "52:54:00:48:d7:cd"
memsize: 4096
num_cpus: 2
lvm_size: 20G

37
inventory/host_vars/qa08.qa.fedoraproject.org
View file

@ -1,37 +0,0 @@
---
freezes: false
fas_client_groups: sysadmin-qa,sysadmin-main
sudoers: "{{ private }}/files/sudo/qavirt-sudoers"
datacenter: phx2
gw: 10.5.124.254
# hardware and setup information
eth0_ip: 10.5.124.158
eth0_nm: 255.255.255.128
eth0_mac: e4:1f:13:e5:46:80
eth_interface: eth0
volgroup: vmstore
# beaker clients hosted on this machine
clients:
- hostname: virt15.qa.fedoraproject.org
macaddress: "52:54:00:1d:15:85"
memsize: 4096
num_cpus: 2
lvm_size: 20G
- hostname: virt16.qa.fedoraproject.org
macaddress: "52:54:00:f2:cc:2a"
memsize: 4096
num_cpus: 2
lvm_size: 20G
- hostname: virt17.qa.fedoraproject.org
macaddress: "52:54:00:58:9b:0e"
memsize: 4096
num_cpus: 2
lvm_size: 20G
- hostname: virt18.qa.fedoraproject.org
macaddress: "52:54:00:22:3b:07"
memsize: 4096
num_cpus: 2
lvm_size: 20G

55
playbooks/include/proxies-websites.yml
View file

@ -801,67 +801,12 @@
cert_name: jenkins.fedorainfracloud.org cert_name: jenkins.fedorainfracloud.org
certbot: true certbot: true
- role: httpd/website
site_name: beaker.qa.fedoraproject.org
server_aliases: [beaker.qa.fedoraproject.org]
# Set this explicitly to stg here.. as per the original puppet config.
SSLCertificateChainFile: qa.fedoraproject.org.intermediate.cert
sslonly: true
cert_name: "qa.fedoraproject.org"
- role: httpd/website
site_name: beaker.stg.fedoraproject.org
server_aliases: [beaker.stg.fedoraproject.org]
# Set this explicitly to stg here.. as per the original puppet config.
SSLCertificateChainFile: wildcard-2020.stg.fedoraproject.org.intermediate.cert
sslonly: true
cert_name: "{{wildcard_cert_name}}"
when: env == "staging"
- role: httpd/website
site_name: qa.stg.fedoraproject.org
server_aliases: [qa.stg.fedoraproject.org]
cert_name: qa.stg.fedoraproject.org
SSLCertificateChainFile: qa.stg.fedoraproject.org.intermediate.cert
sslonly: true
when: env == "staging"
- role: httpd/website
site_name: phab.qa.stg.fedoraproject.org
server_aliases: [phab.qa.stg.fedoraproject.org]
cert_name: qa.stg.fedoraproject.org
SSLCertificateChainFile: qa.stg.fedoraproject.org.intermediate.cert
sslonly: true
when: env == "staging"
- role: httpd/website
site_name: docs.qa.stg.fedoraproject.org
server_aliases: [docs.qa.stg.fedoraproject.org]
cert_name: qa.stg.fedoraproject.org
SSLCertificateChainFile: qa.stg.fedoraproject.org.intermediate.cert
sslonly: true
when: env == "staging"
- role: httpd/website
site_name: phab.qa.fedoraproject.org
server_aliases: [phab.qa.fedoraproject.org]
cert_name: qa.fedoraproject.org
SSLCertificateChainFile: qa.fedoraproject.org.intermediate.cert
sslonly: true
- role: httpd/website - role: httpd/website
site_name: data-analysis.fedoraproject.org site_name: data-analysis.fedoraproject.org
server_aliases: [data-analysis.stg.fedoraproject.org] server_aliases: [data-analysis.stg.fedoraproject.org]
sslonly: true sslonly: true
cert_name: "{{wildcard_cert_name}}" cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
site_name: docs.qa.fedoraproject.org
server_aliases: [docs.qa.fedoraproject.org]
cert_name: qa.fedoraproject.org
SSLCertificateChainFile: qa.fedoraproject.org.intermediate.cert
sslonly: true
- role: httpd/website - role: httpd/website
site_name: nagios.fedoraproject.org site_name: nagios.fedoraproject.org
server_aliases: [nagios.stg.fedoraproject.org] server_aliases: [nagios.stg.fedoraproject.org]

20
roles/base/templates/iptables/iptables
View file

@ -50,26 +50,6 @@
# to block all access from that group. This is to protect them from any possible attack # to block all access from that group. This is to protect them from any possible attack
# vectors from qa-isolated machines. # vectors from qa-isolated machines.
# #
# Here we hard code beaker client nodes. They are managed by beaker and are not in ansible.
-A INPUT -s 10.5.131.31 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.32 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.33 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.34 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.35 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.36 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.37 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.38 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.39 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.40 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.41 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.42 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.43 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.44 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.45 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.46 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.47 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.48 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.49 -j REJECT --reject-with icmp-host-prohibited
{% for host in groups['qa_isolated']|sort %} {% for host in groups['qa_isolated']|sort %}
{% if 'eth0_ip' in hostvars[host] %}# {{ host }} {% if 'eth0_ip' in hostvars[host] %}# {{ host }}
-A INPUT -s {{ hostvars[host]['eth0_ip'] }} -j REJECT --reject-with icmp-host-prohibited -A INPUT -s {{ hostvars[host]['eth0_ip'] }} -j REJECT --reject-with icmp-host-prohibited

20
roles/base/templates/iptables/iptables.ns03.phx2.fedoraproject.org
View file

@ -55,26 +55,6 @@
# to block all access from that group. This is to protect them from any possible attack # to block all access from that group. This is to protect them from any possible attack
# vectors from qa-isolated machines. # vectors from qa-isolated machines.
# #
# Here we hard code beaker client nodes. They are managed by beaker and are not in ansible.
-A INPUT -s 10.5.131.31 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.32 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.33 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.34 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.35 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.36 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.37 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.38 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.39 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.40 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.41 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.42 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.43 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.44 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.45 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.46 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.47 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.48 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.49 -j REJECT --reject-with icmp-host-prohibited
{% for host in groups['qa_isolated']|sort %} {% for host in groups['qa_isolated']|sort %}
{% if 'eth0_ip' in hostvars[host] %}# {{ host }} {% if 'eth0_ip' in hostvars[host] %}# {{ host }}
-A INPUT -s {{ hostvars[host]['eth0_ip'] }} -j REJECT --reject-with icmp-host-prohibited -A INPUT -s {{ hostvars[host]['eth0_ip'] }} -j REJECT --reject-with icmp-host-prohibited

20
roles/base/templates/iptables/iptables.ns04.phx2.fedoraproject.org
View file

@ -55,26 +55,6 @@
# to block all access from that group. This is to protect them from any possible attack # to block all access from that group. This is to protect them from any possible attack
# vectors from qa-isolated machines. # vectors from qa-isolated machines.
# #
# Here we hard code beaker client nodes. They are managed by beaker and are not in ansible.
-A INPUT -s 10.5.131.31 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.32 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.33 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.34 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.35 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.36 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.37 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.38 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.39 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.40 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.41 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.42 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.43 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.44 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.45 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.46 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.47 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.48 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.49 -j REJECT --reject-with icmp-host-prohibited
{% for host in groups['qa_isolated']|sort %} {% for host in groups['qa_isolated']|sort %}
{% if 'eth0_ip' in hostvars[host] %}# {{ host }} {% if 'eth0_ip' in hostvars[host] %}# {{ host }}
-A INPUT -s {{ hostvars[host]['eth0_ip'] }} -j REJECT --reject-with icmp-host-prohibited -A INPUT -s {{ hostvars[host]['eth0_ip'] }} -j REJECT --reject-with icmp-host-prohibited

20
roles/base/templates/iptables/iptables.torrent02.fedoraproject.org
View file

@ -55,26 +55,6 @@
# to block all access from that group. This is to protect them from any possible attack # to block all access from that group. This is to protect them from any possible attack
# vectors from qa-isolated machines. # vectors from qa-isolated machines.
# #
# Here we hard code beaker client nodes. They are managed by beaker and are not in ansible.
-A INPUT -s 10.5.131.31 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.32 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.33 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.34 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.35 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.36 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.37 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.38 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.39 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.40 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.41 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.42 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.43 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.44 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.45 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.46 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.47 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.48 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 10.5.131.49 -j REJECT --reject-with icmp-host-prohibited
{% for host in groups['qa_isolated']|sort %} {% for host in groups['qa_isolated']|sort %}
{% if 'eth0_ip' in hostvars[host] %}# {{ host }} {% if 'eth0_ip' in hostvars[host] %}# {{ host }}
-A INPUT -s {{ hostvars[host]['eth0_ip'] }} -j REJECT --reject-with icmp-host-prohibited -A INPUT -s {{ hostvars[host]['eth0_ip'] }} -j REJECT --reject-with icmp-host-prohibited