and we are going to do this live.

2017-05-01 16:08:59 +00:00 · 2017-05-01 16:08:59 +00:00 · f52eae0b60
commit f52eae0b60
parent 99322cffef
8 changed files with 17 additions and 16 deletions
--- a/inventory/group_vars/value-stg
+++ b/inventory/group_vars/value-stg
@ -16,9 +16,8 @@ custom_rules: [
    # Neeed for rsync from log01 for logs.
    '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT',
    '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
-    # Needed to let nagios on noc01 and noc02 (nagios01/noc01.stg) pipe alerts to zodbot here
+    # Needed to let nagios on noc01 and noc02 (noc01.stg) pipe alerts to zodbot here
    '-A INPUT -p tcp -m tcp -s 10.5.126.41 --dport 5050 -j ACCEPT',
-    '-A INPUT -p tcp -m tcp -s 10.5.126.241 --dport 5050 -j ACCEPT',
    '-A INPUT -p tcp -m tcp -s 10.5.126.2 --dport 5050 -j ACCEPT',
    '-A INPUT -p tcp -m tcp -s 152.19.134.192 --dport 5050 -j ACCEPT',
    # batcave01 also needs access to announce commits.
--- a/inventory/host_vars/noc01.phx2.fedoraproject.org
+++ b/inventory/host_vars/noc01.phx2.fedoraproject.org
@ -2,11 +2,12 @@
 nm: 255.255.255.0
 gw: 10.5.126.254
 dns: 10.5.126.21
+eth0_ip: 10.5.126.41

 ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
 ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
 volgroup: /dev/vg_virthost
-vmhost: virthost17.phx2.fedoraproject.org
+vmhost: virthost18.phx2.fedoraproject.org
 datacenter: phx2

 tcp_ports: ['22', '80', '443', '67', '68']
@ -17,7 +18,6 @@ custom_rules: [
    '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
 ]

-eth0_ip: 10.5.126.41
 csi_relationship: |
    noc01 is the internal monitoring nagios instance to the phx datacenter.
    it is also the dhcp server serving all computing nodes
--- a/inventory/inventory
+++ b/inventory/inventory
@ -450,11 +450,11 @@ iddev.fedorainfracloud.org
 dhcp01.phx2.fedoraproject.org

 [nagios]
-noc01.phx2.fedoraproject.org
+#noc01.phx2.fedoraproject.org
 noc02.fedoraproject.org

 [nagios-new]
-nagios01.phx2.fedoraproject.org
+noc01.phx2.fedoraproject.org

 [notifs-backend]
 notifs-backend01.phx2.fedoraproject.org
--- a/playbooks/groups/nagios-new.yml
+++ b/playbooks/groups/nagios-new.yml
@ -21,6 +21,7 @@
  - hosts
  - fas_client
  - collectd/base
+  - { role: rsyncd, when: datacenter == 'phx2' }
  - sudo
  - { role: openvpn/client,
      when: env != "staging" }
@ -38,9 +39,9 @@
  handlers:
  - include: "{{ handlers_path }}/restart_services.yml"

- name: deploy nagios service config
-  hosts: nagios-new
-  user:
+- name: deploy service-specific config (just for production)
+  hosts: nagios
+  user: root
  gather_facts: True

  vars_files:
@ -53,5 +54,7 @@
  - include: "{{ handlers_path }}/restart_services.yml"

  roles:
-  - nagios_server
+  - { role: dhcp_server, when: datacenter == 'phx2' }
+  - { role: tftp_server, when: datacenter == 'phx2' }
+  - nagios/server
  - fedmsg/base
--- a/playbooks/groups/noc.yml
+++ b/playbooks/groups/noc.yml
@ -38,7 +38,7 @@
  - include: "{{ handlers_path }}/restart_services.yml"

 - name: deploy service-specific config (just for production)
-  hosts: nagios
+  hosts: nagios-new
  user: root
  gather_facts: True

@ -54,5 +54,5 @@
  roles:
  - { role: dhcp_server, when: datacenter == 'phx2' }
  - { role: tftp_server, when: datacenter == 'phx2' }
-  - nagios/server
+  - nagios_server
  - fedmsg/base
--- a/playbooks/groups/osbs-cluster.yml
+++ b/playbooks/groups/osbs-cluster.yml
@ -739,5 +739,5 @@
    - name: enable nrpe for monitoring (noc01)
      iptables: action=insert chain=INPUT destination_port=5666 protocol=tcp source=10.5.126.41 state=present jump=ACCEPT

-    - name: enable nrpe for monitoring (nagios01)
-      iptables: action=insert chain=INPUT destination_port=5666 protocol=tcp source=10.5.126.241 state=present jump=ACCEPT
+#    - name: enable nrpe for monitoring (noc01.stg)
+#      iptables: action=insert chain=INPUT destination_port=5666 protocol=tcp source=1#0.5.126.2 state=present jump=ACCEPT
--- a/playbooks/include/proxies-reverseproxy.yml
+++ b/playbooks/include/proxies-reverseproxy.yml
@ -48,7 +48,7 @@
    website: nagios.fedoraproject.org
    destname: nagios
    remotepath: /
-    proxyurl: http://nagios01.phx2.fedoraproject.org
+    proxyurl: http://noc01.phx2.fedoraproject.org

  - role: httpd/reverseproxy
    website: admin.fedoraproject.org
--- a/roles/batcave/files/ssh_known_hosts
+++ b/roles/batcave/files/ssh_known_hosts
@ -444,7 +444,6 @@ modernpaste01.phx2.fedoraproject.org,modernpaste01,10.5.126.230,192.168.1.94 ssh
 modernpaste01.stg.phx2.fedoraproject.org,modernpaste01.stg,10.5.126.221 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClUEClNeTU0jVmPKJuMuXNt2ThS8hK7B0Jx30TMDXXHlXx2HIJt29ifU9N3bbZ8OtXg7HzfZ8GkorLTng88ErAu2DK4ps3cNLZCCGu/OVv8jM2sU6G8yKF8RZOy8/M1yyr1HnzoHOSGPC3jnI/a5ga4RvrlUYN2AxhW4ppeXuB/VqR6OWEgALO3dcO+uiW5uKe2nRS1zjvQ1igMIBr04lUgZL/PKGA8+RH+dRM47vg5fUE3X/OVwVrCX+Swk421dxhNUtYFyU84p+jVaOuRx7K5tnH0L2hO9y7wJhf0BeggciIgsU8ff9zdiVb5km0Y0I5+/FibgHrGOlxsDf6cwqN modernpaste01.stg.phx2.fedoraproject.org
 modernpaste02.phx2.fedoraproject.org,modernpaste02,10.5.126.238,192.168.1.165 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRmzETsf2I9CyXumpOtVrWyd9rVH7S6Ps1PLScIP2CT3aqUTuTqVZZVsMh9PFO/QwhijN8pnEwih0o2wVkVa6EcSjwfznPADhOWJ4Ccmi1ENzTG6Di0VxixJZ8q6LHjagPD6Awf11qHrlOZlQHXWLgKRNTxiYIWuW6kRs5iM/cgD+zdDSgU8w1+jj16aU9SkZLRKfvQHSeVBaEvriakinEWvj4yzqBqeU2RuNUz9O3hSg+UI6iqQkOl2EtoeXZaPOYk3POKojBpUSjuzNYHPeDglJ0yxs4gpCsUVN9kGOGZKpRSsxuSD/YjlO7qPa0wWSmX8od0S6Ji+88AcVbFnUH modernpaste02.phx2.fedoraproject.org
 modularity.fedorainfracloud.org,modularity.novalocal,modularity,172.25.32.128 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTZMWLxgsqnyNrPVzKvkA+jXSx+1tTCadyOaNClv/YY9BWSi/G/Ay94KRvMs8g6NHwdPO4EOaGpBepobY0JqCJHDjaFLRyZf3uMUdYCjDo/gqnZsjvJPJ1bmwy3ooKtSlggW9CfGg3O4MdE8yWMVBY+NeiDw5ThT1sHxSC0n3QQ/ybsuK0QtWv4sq6rHtpzmJzjYlRwUfQSME6q69wqmf/hAF5MMqTF+GX8sJcJK977DxJP0+CYmF3u6B2YOUG/4+g6hdFAh+0BCjbA84ChT3LsRXuPzBpfSQUWXx1BsEDnaxNpiX7yxSAQKu+Xb4dleVWtsItztrPsyEDCgUva+mx modularity.fedorainfracloud.org
-nagios01.phx2.fedoraproject.org,nagios01,10.5.126.241 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyKq5WBN6TRQgUYOCBzdt7WAJg8Cy3m6dBwq/0RXt/5sklu2GCTtLfv1VNUgUhwLj6KFIn3+hKpuvS2RR4ctjLJ6n1ClKxL5A7jC+mQ/XRfLmptbEBfDUKKqRWtxumof3q+oAK+83PVKaf+JtUzfzP5jQkJ2wjMbxNWVHGe2UoB6nVTnoRjgwhpjeXI2Tni9SrASsOiIRprljWeW2krz0N62WlTw0t1xV5j8vOXtRpFfxpxGtyrd4eYKP02aOceAWBdWvCGVmAW2U7IZ+8dRiBiH9qqVosz6PE8841d8CKcFWZKa4l3kaZN8ezCt99e4i8KuZVnJIl3KI9/7qO2L6F nagios01.phx2.fedoraproject.org
 noc01.phx2.fedoraproject.org,noc01,10.5.126.41,192.168.1.10 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8PFLSI0LRsx3eYY7lpMjIq50D6ZbJ4Yaa0FfuqXLRq4zab3K1FrY/LAuPL6pVosWvs6UzW/Qu7L69Yo26SsFUWgDjWNTrndnKrEhBeqMIUbVog8nPMrz66ecymdp4gR0SKts1kPgaCHgVIiVh/ZkDPgS2POp7CAVgGmddu4KUqsEfx6b2oDo1wPbaDfSQ0aJB66F5S6VHjy1AFQ0EjTgDCT4H7/ibULReCyiS/zAAdCgiYlueAF0SIk8EqYmP77Ybg0isVLyIq4nIlAs8ItXdigSSvVDeI7VXHa9SD/C+vu69h8XMvJe4oyewEhmPT++RkgxGO9CA1r8ZE1PMjY1j noc01.phx2.fedoraproject.org
 noc01.stg.phx2.fedoraproject.org,noc01.stg,10.5.126.2 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyOg9T/cnJ2mO2GgtxScXO7TYZy+bWCISknmMoJBDkxFvxeC6BeNQZTSOf8/5+MW7KRvtO73D67lWfmOjJ50bvVLDO69yR0NNDohqRTQx7GQ4NNlczptLJU2YlYn0al6O2qP40bpuG9lQjCeNHvqII8MsetXOCzN6+foeKJNwaMuGWy/6dBBxpulqsoFtl7sdURpLuRfx1CbHUxtS77OGWr+7rbN6b4f0dxnpGQKPfG8vq5xmeaS2+Aw3T9+CvM4Hq5tQzm8IomPs4MV2bWXDVG3seAgQ33IZBLHq8Ucgw4AVfC7AHugI0mS5a7GdU7TxZsr8oICKzQlfNRirrI6Kt noc01.stg.phx2.fedoraproject.org
 noc02.fedoraproject.org,noc02,152.19.134.192,2610:28:3090:3001:dead:beef:cafe:fed9,192.168.1.20 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuMxXpD/5PgttV7QGsYaE0vrtT4Hx8IvLpbRs+kVoU09Oh/WNs1QCc9s56/wqAzpsDk/VZjj4dCwPiOU+l32xlE0ccynJZjG6hE3EBGkMnyl7hTmt0WHduuIK7tmrYuSG0C4UccT+udq2ztiDZH+JhMHQ0Eeq4BOua/amImMJcG38Pb2w3eJguNDuEP13ES23oTe49cCOPK/rZ1HFLkebXUBrSkq3qFxxTRbyYIKo6wyuWUX6eoTVXo0uk96DV2w8uN0UtoYgheMdT3it+PA+AyAyi8valnl981k4qsp8sGUKCr6KasmfrXYbFLpQkvCiG1lG8OXZWszNSqfG6kTRJ noc02.fedoraproject.org