noc-cc01: add new rhel9 noc in rdu-cc named better

The old cloud-noc-os01 was for the old openstack we used to have and wanted to re-setup in rdu, but never did. So, lets just move this to more our normal convention. Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2024-08-01 13:38:19 -07:00 · 2024-08-01 13:38:19 -07:00 · f0a562a8e9
commit f0a562a8e9
parent 867139da37
3 changed files with 110 additions and 1 deletions
--- a/inventory/host_vars/noc-cc01.rdu-cc.fedoraproject.org
+++ b/inventory/host_vars/noc-cc01.rdu-cc.fedoraproject.org
@ -0,0 +1,39 @@
+---
+datacenter: rdu-cc
+dns1: 8.8.8.8
+dns2: 8.8.4.4
+eth0_ipv4: 8.43.85.50
+eth0_ipv4_gw: 8.43.85.254
+eth0_ipv4_nm: 23
+eth1_ipv4: 172.23.1.4
+eth1_ipv4_nm: 24
+freezes: false
+has_ipv4: yes
+ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/
+ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel
+lvm_size: 20000
+mem_size: 8192
+network_connections:
+  - autoconnect: yes
+    ip:
+      address:
+        - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
+      dhcp4: no
+      dns:
+        - "{{ dns1 }}"
+        - "{{ dns2 }}"
+      dns_search:
+        - rdu-cc.fedoraproject.org
+        - fedoraproject.org
+      gateway4: "{{ eth0_ipv4_gw }}"
+    mac: "{{ ansible_default_ipv4.macaddress }}"
+    name: eth0
+    type: ethernet
+num_cpus: 4
+public_hostname: noc-cc01.rdu-cc.fedoraproject.org
+tcp_ports: ['67', '68']
+udp_ports: ['67', '68', '69']
+virt_install_command: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }} nameserver={{ dns1 }} ip={{ eth0_ipv4 }}::{{ eth0_ipv4_gw }}:{{ eth0_ipv4_nm }}:{{ inventory_hostname }}:eth0:none ip={{ eth1_ipv4 }}:::{{ eth1_ipv4_nm }}:{{ inventory_hostname_short }}-mgmt:eth1:none' --network bridge=br0,model=virtio,mac={{ mac_address }} --network=bridge=br1,model=virtio,mac={{ mac_address }} --autostart --noautoconsole --watchdog default --rng /dev/random
+vmhost: vmhost-x86-cc03.rdu-cc.fedoraproject.org
+volgroup: vg_guests
+vpn: true
--- a/inventory/inventory
+++ b/inventory/inventory
@ -216,7 +216,7 @@ batcave01.iad2.fedoraproject.org
 log01.iad2.fedoraproject.org
 noc01.iad2.fedoraproject.org
 noc02.fedoraproject.org
-#cloud-noc01.fedorainfracloud.org
+noc-cc01.rdu-cc.fedoraproject.org
 cloud-noc-os01.rdu-cc.fedoraproject.org

 [logging]
@ -255,6 +255,7 @@ noc01.iad2.fedoraproject.org

 [noc_rdu_cc]
 cloud-noc-os01.rdu-cc.fedoraproject.org
+noc-cc01.rdu-cc.fedoraproject.org

 [memcached]
 memcached01.iad2.fedoraproject.org
--- a/playbooks/hosts/noc-cc01.rdu-cc.fedoraproject.org.yml
+++ b/playbooks/hosts/noc-cc01.rdu-cc.fedoraproject.org.yml
@ -0,0 +1,69 @@
+# This is a basic playbook
+
+- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
+  vars:
+    myhosts: "noc-cc01.rdu-cc.fedoraproject.org"
+
+- name: make cloud noc hardware
+  hosts: noc-cc01.rdu-cc.fedoraproject.org
+  user: root
+  gather_facts: True
+
+  vars_files:
+   - /srv/web/infra/ansible/vars/global.yml
+   - "/srv/private/ansible/vars.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  roles:
+  - base
+  - rkhunter
+  - nagios_client
+  - hosts
+  - ipa/client
+  - collectd/base
+  - sudo
+  - dhcp_server
+  - tftp_server
+  - openvpn/client
+
+  pre_tasks:
+  - import_tasks: "{{ tasks_path }}/yumrepos.yml"
+
+  tasks:
+  - import_tasks: "{{ tasks_path }}/motd.yml"
+
+  - name: install some packages which arent in playbooks
+    package:
+      state: present
+      name:
+        - nmap
+        - tcpdump
+
+  - name: check if ntpd port is already known by selinux
+    shell: semanage port -l | grep ntp
+    register: ntp_selinux_port
+    check_mode: no
+    changed_when: false
+    failed_when: false
+    tags:
+    - config
+    - selinux
+
+  - name: allow alternate ntpd port
+    command: semanage port -a -t ntp_port_t -p tcp 124
+    when: '"124" not in ntp_selinux_port'
+    failed_when: false
+    tags:
+    - config
+    - selinux
+
+  - name: allow alternate ntpd port
+    command: semanage port -a -t ntp_port_t -p udp 124
+    when: '"124" not in ntp_selinux_port'
+    failed_when: false
+    tags:
+    - config
+    - selinux
+
+  handlers:
+  - import_tasks: "{{ handlers_path }}/restart_services.yml"