diff --git a/inventory/group_vars/value-stg b/inventory/group_vars/value-stg index 7f76b5047f..6d2b10f7a1 100644 --- a/inventory/group_vars/value-stg +++ b/inventory/group_vars/value-stg @@ -16,9 +16,8 @@ custom_rules: [ # Neeed for rsync from log01 for logs. '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', - # Needed to let nagios on noc01 and noc02 (nagios01/noc01.stg) pipe alerts to zodbot here + # Needed to let nagios on noc01 and noc02 (noc01.stg) pipe alerts to zodbot here '-A INPUT -p tcp -m tcp -s 10.5.126.41 --dport 5050 -j ACCEPT', - '-A INPUT -p tcp -m tcp -s 10.5.126.241 --dport 5050 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.2 --dport 5050 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 152.19.134.192 --dport 5050 -j ACCEPT', # batcave01 also needs access to announce commits. diff --git a/inventory/host_vars/noc01.phx2.fedoraproject.org b/inventory/host_vars/noc01.phx2.fedoraproject.org index 3cdff9d271..f241a92ce0 100644 --- a/inventory/host_vars/noc01.phx2.fedoraproject.org +++ b/inventory/host_vars/noc01.phx2.fedoraproject.org @@ -2,11 +2,12 @@ nm: 255.255.255.0 gw: 10.5.126.254 dns: 10.5.126.21 +eth0_ip: 10.5.126.41 ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ volgroup: /dev/vg_virthost -vmhost: virthost17.phx2.fedoraproject.org +vmhost: virthost18.phx2.fedoraproject.org datacenter: phx2 tcp_ports: ['22', '80', '443', '67', '68'] @@ -17,7 +18,6 @@ custom_rules: [ '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', ] -eth0_ip: 10.5.126.41 csi_relationship: | noc01 is the internal monitoring nagios instance to the phx datacenter. it is also the dhcp server serving all computing nodes diff --git a/inventory/inventory b/inventory/inventory index 3093c91b8a..047f878526 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -450,11 +450,11 @@ iddev.fedorainfracloud.org dhcp01.phx2.fedoraproject.org [nagios] -noc01.phx2.fedoraproject.org +#noc01.phx2.fedoraproject.org noc02.fedoraproject.org [nagios-new] -nagios01.phx2.fedoraproject.org +noc01.phx2.fedoraproject.org [notifs-backend] notifs-backend01.phx2.fedoraproject.org diff --git a/playbooks/groups/nagios-new.yml b/playbooks/groups/nagios-new.yml index 33327a36ba..f5818504ff 100644 --- a/playbooks/groups/nagios-new.yml +++ b/playbooks/groups/nagios-new.yml @@ -21,6 +21,7 @@ - hosts - fas_client - collectd/base + - { role: rsyncd, when: datacenter == 'phx2' } - sudo - { role: openvpn/client, when: env != "staging" } @@ -38,9 +39,9 @@ handlers: - include: "{{ handlers_path }}/restart_services.yml" -- name: deploy nagios service config - hosts: nagios-new - user: +- name: deploy service-specific config (just for production) + hosts: nagios + user: root gather_facts: True vars_files: @@ -53,5 +54,7 @@ - include: "{{ handlers_path }}/restart_services.yml" roles: - - nagios_server + - { role: dhcp_server, when: datacenter == 'phx2' } + - { role: tftp_server, when: datacenter == 'phx2' } + - nagios/server - fedmsg/base diff --git a/playbooks/groups/noc.yml b/playbooks/groups/noc.yml index c5c153dc5f..d41a2ff664 100644 --- a/playbooks/groups/noc.yml +++ b/playbooks/groups/noc.yml @@ -38,7 +38,7 @@ - include: "{{ handlers_path }}/restart_services.yml" - name: deploy service-specific config (just for production) - hosts: nagios + hosts: nagios-new user: root gather_facts: True @@ -54,5 +54,5 @@ roles: - { role: dhcp_server, when: datacenter == 'phx2' } - { role: tftp_server, when: datacenter == 'phx2' } - - nagios/server + - nagios_server - fedmsg/base diff --git a/playbooks/groups/osbs-cluster.yml b/playbooks/groups/osbs-cluster.yml index 85dddc1700..5d9ff0ab6d 100644 --- a/playbooks/groups/osbs-cluster.yml +++ b/playbooks/groups/osbs-cluster.yml @@ -739,5 +739,5 @@ - name: enable nrpe for monitoring (noc01) iptables: action=insert chain=INPUT destination_port=5666 protocol=tcp source=10.5.126.41 state=present jump=ACCEPT - - name: enable nrpe for monitoring (nagios01) - iptables: action=insert chain=INPUT destination_port=5666 protocol=tcp source=10.5.126.241 state=present jump=ACCEPT +# - name: enable nrpe for monitoring (noc01.stg) +# iptables: action=insert chain=INPUT destination_port=5666 protocol=tcp source=1#0.5.126.2 state=present jump=ACCEPT diff --git a/playbooks/include/proxies-reverseproxy.yml b/playbooks/include/proxies-reverseproxy.yml index 1a5014bcb6..b8d04a6b1b 100644 --- a/playbooks/include/proxies-reverseproxy.yml +++ b/playbooks/include/proxies-reverseproxy.yml @@ -48,7 +48,7 @@ website: nagios.fedoraproject.org destname: nagios remotepath: / - proxyurl: http://nagios01.phx2.fedoraproject.org + proxyurl: http://noc01.phx2.fedoraproject.org - role: httpd/reverseproxy website: admin.fedoraproject.org diff --git a/roles/batcave/files/ssh_known_hosts b/roles/batcave/files/ssh_known_hosts index efeb7de3a6..a6b0e0b598 100644 --- a/roles/batcave/files/ssh_known_hosts +++ b/roles/batcave/files/ssh_known_hosts @@ -444,7 +444,6 @@ modernpaste01.phx2.fedoraproject.org,modernpaste01,10.5.126.230,192.168.1.94 ssh modernpaste01.stg.phx2.fedoraproject.org,modernpaste01.stg,10.5.126.221 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClUEClNeTU0jVmPKJuMuXNt2ThS8hK7B0Jx30TMDXXHlXx2HIJt29ifU9N3bbZ8OtXg7HzfZ8GkorLTng88ErAu2DK4ps3cNLZCCGu/OVv8jM2sU6G8yKF8RZOy8/M1yyr1HnzoHOSGPC3jnI/a5ga4RvrlUYN2AxhW4ppeXuB/VqR6OWEgALO3dcO+uiW5uKe2nRS1zjvQ1igMIBr04lUgZL/PKGA8+RH+dRM47vg5fUE3X/OVwVrCX+Swk421dxhNUtYFyU84p+jVaOuRx7K5tnH0L2hO9y7wJhf0BeggciIgsU8ff9zdiVb5km0Y0I5+/FibgHrGOlxsDf6cwqN modernpaste01.stg.phx2.fedoraproject.org modernpaste02.phx2.fedoraproject.org,modernpaste02,10.5.126.238,192.168.1.165 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRmzETsf2I9CyXumpOtVrWyd9rVH7S6Ps1PLScIP2CT3aqUTuTqVZZVsMh9PFO/QwhijN8pnEwih0o2wVkVa6EcSjwfznPADhOWJ4Ccmi1ENzTG6Di0VxixJZ8q6LHjagPD6Awf11qHrlOZlQHXWLgKRNTxiYIWuW6kRs5iM/cgD+zdDSgU8w1+jj16aU9SkZLRKfvQHSeVBaEvriakinEWvj4yzqBqeU2RuNUz9O3hSg+UI6iqQkOl2EtoeXZaPOYk3POKojBpUSjuzNYHPeDglJ0yxs4gpCsUVN9kGOGZKpRSsxuSD/YjlO7qPa0wWSmX8od0S6Ji+88AcVbFnUH modernpaste02.phx2.fedoraproject.org modularity.fedorainfracloud.org,modularity.novalocal,modularity,172.25.32.128 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTZMWLxgsqnyNrPVzKvkA+jXSx+1tTCadyOaNClv/YY9BWSi/G/Ay94KRvMs8g6NHwdPO4EOaGpBepobY0JqCJHDjaFLRyZf3uMUdYCjDo/gqnZsjvJPJ1bmwy3ooKtSlggW9CfGg3O4MdE8yWMVBY+NeiDw5ThT1sHxSC0n3QQ/ybsuK0QtWv4sq6rHtpzmJzjYlRwUfQSME6q69wqmf/hAF5MMqTF+GX8sJcJK977DxJP0+CYmF3u6B2YOUG/4+g6hdFAh+0BCjbA84ChT3LsRXuPzBpfSQUWXx1BsEDnaxNpiX7yxSAQKu+Xb4dleVWtsItztrPsyEDCgUva+mx modularity.fedorainfracloud.org -nagios01.phx2.fedoraproject.org,nagios01,10.5.126.241 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyKq5WBN6TRQgUYOCBzdt7WAJg8Cy3m6dBwq/0RXt/5sklu2GCTtLfv1VNUgUhwLj6KFIn3+hKpuvS2RR4ctjLJ6n1ClKxL5A7jC+mQ/XRfLmptbEBfDUKKqRWtxumof3q+oAK+83PVKaf+JtUzfzP5jQkJ2wjMbxNWVHGe2UoB6nVTnoRjgwhpjeXI2Tni9SrASsOiIRprljWeW2krz0N62WlTw0t1xV5j8vOXtRpFfxpxGtyrd4eYKP02aOceAWBdWvCGVmAW2U7IZ+8dRiBiH9qqVosz6PE8841d8CKcFWZKa4l3kaZN8ezCt99e4i8KuZVnJIl3KI9/7qO2L6F nagios01.phx2.fedoraproject.org noc01.phx2.fedoraproject.org,noc01,10.5.126.41,192.168.1.10 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8PFLSI0LRsx3eYY7lpMjIq50D6ZbJ4Yaa0FfuqXLRq4zab3K1FrY/LAuPL6pVosWvs6UzW/Qu7L69Yo26SsFUWgDjWNTrndnKrEhBeqMIUbVog8nPMrz66ecymdp4gR0SKts1kPgaCHgVIiVh/ZkDPgS2POp7CAVgGmddu4KUqsEfx6b2oDo1wPbaDfSQ0aJB66F5S6VHjy1AFQ0EjTgDCT4H7/ibULReCyiS/zAAdCgiYlueAF0SIk8EqYmP77Ybg0isVLyIq4nIlAs8ItXdigSSvVDeI7VXHa9SD/C+vu69h8XMvJe4oyewEhmPT++RkgxGO9CA1r8ZE1PMjY1j noc01.phx2.fedoraproject.org noc01.stg.phx2.fedoraproject.org,noc01.stg,10.5.126.2 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyOg9T/cnJ2mO2GgtxScXO7TYZy+bWCISknmMoJBDkxFvxeC6BeNQZTSOf8/5+MW7KRvtO73D67lWfmOjJ50bvVLDO69yR0NNDohqRTQx7GQ4NNlczptLJU2YlYn0al6O2qP40bpuG9lQjCeNHvqII8MsetXOCzN6+foeKJNwaMuGWy/6dBBxpulqsoFtl7sdURpLuRfx1CbHUxtS77OGWr+7rbN6b4f0dxnpGQKPfG8vq5xmeaS2+Aw3T9+CvM4Hq5tQzm8IomPs4MV2bWXDVG3seAgQ33IZBLHq8Ucgw4AVfC7AHugI0mS5a7GdU7TxZsr8oICKzQlfNRirrI6Kt noc01.stg.phx2.fedoraproject.org noc02.fedoraproject.org,noc02,152.19.134.192,2610:28:3090:3001:dead:beef:cafe:fed9,192.168.1.20 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuMxXpD/5PgttV7QGsYaE0vrtT4Hx8IvLpbRs+kVoU09Oh/WNs1QCc9s56/wqAzpsDk/VZjj4dCwPiOU+l32xlE0ccynJZjG6hE3EBGkMnyl7hTmt0WHduuIK7tmrYuSG0C4UccT+udq2ztiDZH+JhMHQ0Eeq4BOua/amImMJcG38Pb2w3eJguNDuEP13ES23oTe49cCOPK/rZ1HFLkebXUBrSkq3qFxxTRbyYIKo6wyuWUX6eoTVXo0uk96DV2w8uN0UtoYgheMdT3it+PA+AyAyi8valnl981k4qsp8sGUKCr6KasmfrXYbFLpQkvCiG1lG8OXZWszNSqfG6kTRJ noc02.fedoraproject.org