diff --git a/inventory/group_vars/vmhost_copr b/inventory/group_vars/copr_hypervisor similarity index 76% rename from inventory/group_vars/vmhost_copr rename to inventory/group_vars/copr_hypervisor index 13742732f5..3b9f1b06d8 100644 --- a/inventory/group_vars/vmhost_copr +++ b/inventory/group_vars/copr_hypervisor @@ -1,6 +1,7 @@ --- virthost: true +vpn: true primary_auth_source: ipa ipa_host_group: vmhost-copr ipa_host_group_desc: VM hosts for COPR @@ -9,15 +10,10 @@ ipa_client_shell_groups: ipa_client_sudo_groups: - sysadmin-copr - nrpe_procs_warn: 1400 nrpe_procs_crit: 1500 -# These variables are pushed into /etc/system_identification by the base role. -# Groups and individual hosts should override them with specific info. -# See http://infrastructure.fedoraproject.org/csi/security-policy/ - -vpn: false +vpn: true postfix_group: copr postfix_maincf: "postfix/main.cf/main.cf.copr" diff --git a/inventory/group_vars/maintainer_test b/inventory/group_vars/maintainer_test index f264f5c325..8b15d8ac5f 100644 --- a/inventory/group_vars/maintainer_test +++ b/inventory/group_vars/maintainer_test @@ -5,3 +5,12 @@ sudoers_main: nopasswd host_group: cloud datacenter: aws ansible_ifcfg_blocklist: true + +vpn: true +primary_auth_source: ipa +ipa_host_group: maintainer_test +ipa_host_group_desc: Test hosts for package maintainers +ipa_client_shell_groups: +- packager +ipa_client_sudo_groups: +- packager diff --git a/inventory/inventory b/inventory/inventory index 119cf5c7e5..28aca94c6b 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -115,12 +115,6 @@ virthost-cc-rdu03.fedoraproject.org vmhost-x86-cc06.rdu-cc.fedoraproject.org vmhost-x86-cc05.rdu-cc.fedoraproject.org -[vmhost_copr] -vmhost-x86-copr01.rdu-cc.fedoraproject.org -vmhost-x86-copr02.rdu-cc.fedoraproject.org -vmhost-x86-copr03.rdu-cc.fedoraproject.org -vmhost-x86-copr04.rdu-cc.fedoraproject.org - [datagrepper] datagrepper01.iad2.fedoraproject.org datagrepper02.iad2.fedoraproject.org @@ -1000,6 +994,9 @@ copr_dev_aws [copr_hypervisor] vmhost-x86-copr01.rdu-cc.fedoraproject.org +vmhost-x86-copr02.rdu-cc.fedoraproject.org +vmhost-x86-copr03.rdu-cc.fedoraproject.org +vmhost-x86-copr04.rdu-cc.fedoraproject.org [copr_db_all:children] copr_db_stg diff --git a/playbooks/groups/copr-hypervisor.yml b/playbooks/groups/copr-hypervisor.yml index 5f9413c180..0592d93912 100644 --- a/playbooks/groups/copr-hypervisor.yml +++ b/playbooks/groups/copr-hypervisor.yml @@ -14,10 +14,10 @@ tasks: - import_role: name=base - import_role: name=hosts - - import_role: name=fas_client - import_role: name=rkhunter - import_role: name=nagios_client - import_role: name=openvpn/client + - import_role: name=ipa/client - import_role: name=sudo - import_tasks: "{{ tasks_path }}/2fa_client.yml" diff --git a/playbooks/groups/maintainer-test.yml b/playbooks/groups/maintainer-test.yml index 1314e97283..124ac0ae93 100644 --- a/playbooks/groups/maintainer-test.yml +++ b/playbooks/groups/maintainer-test.yml @@ -70,7 +70,8 @@ - base - rkhunter - hosts - - fas_client + - openvpn/client + - ipa/client - sudo tasks: diff --git a/playbooks/groups/vmhost_copr.yml b/playbooks/groups/vmhost_copr.yml deleted file mode 100644 index 843230452e..0000000000 --- a/playbooks/groups/vmhost_copr.yml +++ /dev/null @@ -1,38 +0,0 @@ -# create a new virthost server system -# This is a copy of the main one which is meant to be limited ONLY to vmhost_copr group for rbac -# NOTE: should be used with --limit most of the time -# NOTE: most of these vars_path come from group_vars/backup_server or from hostvars - -- import_playbook: "/srv/web/infra/ansible/playbooks/include/happy_birthday.yml myhosts=vmhost_copr:!buildvmhost-s390x-01.s390.fedoraproject.org" - -- name: make virthost server system - hosts: vmhost_copr - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - roles: - - base - - rkhunter - - nagios_client - - hosts - - { role: openvpn/client, when: vpn|bool } - - virthost - - ipa/client - - collectd/base - - sudo - - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - - import_tasks: "{{ tasks_path }}/2fa_client.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/roles/openvpn/server/files/ccd/aarch64-test01.fedorainfracloud.org b/roles/openvpn/server/files/ccd/aarch64-test01.fedorainfracloud.org new file mode 100644 index 0000000000..9e5ec009a4 --- /dev/null +++ b/roles/openvpn/server/files/ccd/aarch64-test01.fedorainfracloud.org @@ -0,0 +1,2 @@ +# ifconfig-push actualIP PtPIP +ifconfig-push 192.168.100.21 192.168.100.21 diff --git a/roles/openvpn/server/files/ccd/el7-test.fedorainfracloud.org b/roles/openvpn/server/files/ccd/el7-test.fedorainfracloud.org new file mode 100644 index 0000000000..7d9fe85722 --- /dev/null +++ b/roles/openvpn/server/files/ccd/el7-test.fedorainfracloud.org @@ -0,0 +1,2 @@ +# ifconfig-push actualIP PtPIP +ifconfig-push 192.168.100.18 192.168.100.18 diff --git a/roles/openvpn/server/files/ccd/el8-test.fedorainfracloud.org b/roles/openvpn/server/files/ccd/el8-test.fedorainfracloud.org new file mode 100644 index 0000000000..5ca0f994a6 --- /dev/null +++ b/roles/openvpn/server/files/ccd/el8-test.fedorainfracloud.org @@ -0,0 +1,2 @@ +# ifconfig-push actualIP PtPIP +ifconfig-push 192.168.100.19 192.168.100.19 diff --git a/roles/openvpn/server/files/ccd/f32-test.fedorainfracloud.org b/roles/openvpn/server/files/ccd/f32-test.fedorainfracloud.org new file mode 100644 index 0000000000..7cc82fd473 --- /dev/null +++ b/roles/openvpn/server/files/ccd/f32-test.fedorainfracloud.org @@ -0,0 +1,2 @@ +# ifconfig-push actualIP PtPIP +ifconfig-push 192.168.100.14 192.168.100.14 diff --git a/roles/openvpn/server/files/ccd/f33-test.fedorainfracloud.org b/roles/openvpn/server/files/ccd/f33-test.fedorainfracloud.org new file mode 100644 index 0000000000..9a6abce2ec --- /dev/null +++ b/roles/openvpn/server/files/ccd/f33-test.fedorainfracloud.org @@ -0,0 +1,2 @@ +# ifconfig-push actualIP PtPIP +ifconfig-push 192.168.100.15 192.168.100.15 diff --git a/roles/openvpn/server/files/ccd/f34-test.fedorainfracloud.org b/roles/openvpn/server/files/ccd/f34-test.fedorainfracloud.org new file mode 100644 index 0000000000..7c1846e40e --- /dev/null +++ b/roles/openvpn/server/files/ccd/f34-test.fedorainfracloud.org @@ -0,0 +1,2 @@ +# ifconfig-push actualIP PtPIP +ifconfig-push 192.168.100.16 192.168.100.16 diff --git a/roles/openvpn/server/files/ccd/ppc64le-test.fedorainfracloud.org b/roles/openvpn/server/files/ccd/ppc64le-test.fedorainfracloud.org new file mode 100644 index 0000000000..7b363216c4 --- /dev/null +++ b/roles/openvpn/server/files/ccd/ppc64le-test.fedorainfracloud.org @@ -0,0 +1,2 @@ +# ifconfig-push actualIP PtPIP +ifconfig-push 192.168.100.20 192.168.100.20 diff --git a/roles/openvpn/server/files/ccd/rawhide-test.fedorainfracloud.org b/roles/openvpn/server/files/ccd/rawhide-test.fedorainfracloud.org new file mode 100644 index 0000000000..494afd4149 --- /dev/null +++ b/roles/openvpn/server/files/ccd/rawhide-test.fedorainfracloud.org @@ -0,0 +1,2 @@ +# ifconfig-push actualIP PtPIP +ifconfig-push 192.168.100.17 192.168.100.17 diff --git a/roles/openvpn/server/files/ccd/vmhost-x86-copr01.rdu-cc.fedoraproject.org b/roles/openvpn/server/files/ccd/vmhost-x86-copr01.rdu-cc.fedoraproject.org new file mode 100644 index 0000000000..699cc301f2 --- /dev/null +++ b/roles/openvpn/server/files/ccd/vmhost-x86-copr01.rdu-cc.fedoraproject.org @@ -0,0 +1,2 @@ +# ifconfig-push actualIP PtPIP +ifconfig-push 192.168.100.22 192.168.100.22 diff --git a/roles/openvpn/server/files/ccd/vmhost-x86-copr02.rdu-cc.fedoraproject.org b/roles/openvpn/server/files/ccd/vmhost-x86-copr02.rdu-cc.fedoraproject.org new file mode 100644 index 0000000000..c87181776b --- /dev/null +++ b/roles/openvpn/server/files/ccd/vmhost-x86-copr02.rdu-cc.fedoraproject.org @@ -0,0 +1,2 @@ +# ifconfig-push actualIP PtPIP +ifconfig-push 192.168.100.23 192.168.100.23 diff --git a/roles/openvpn/server/files/ccd/vmhost-x86-copr03.rdu-cc.fedoraproject.org b/roles/openvpn/server/files/ccd/vmhost-x86-copr03.rdu-cc.fedoraproject.org new file mode 100644 index 0000000000..474130a007 --- /dev/null +++ b/roles/openvpn/server/files/ccd/vmhost-x86-copr03.rdu-cc.fedoraproject.org @@ -0,0 +1,2 @@ +# ifconfig-push actualIP PtPIP +ifconfig-push 192.168.100.24 192.168.100.24 diff --git a/roles/openvpn/server/files/ccd/vmhost-x86-copr04.rdu-cc.fedoraproject.org b/roles/openvpn/server/files/ccd/vmhost-x86-copr04.rdu-cc.fedoraproject.org new file mode 100644 index 0000000000..d6fef8d48f --- /dev/null +++ b/roles/openvpn/server/files/ccd/vmhost-x86-copr04.rdu-cc.fedoraproject.org @@ -0,0 +1,2 @@ +# ifconfig-push actualIP PtPIP +ifconfig-push 192.168.100.25 192.168.100.25