Everything should now be using linux-system-roles/network, so we drop
our hacky nmcli calls and everything that referred to them, including
exclude variables. Also, lets just let NM handle resolv.conf so it's not
wrong all the time on reboots.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Found the reason that the definitions I had put were not
working. There were two different ones and i was looking at the wrong
one. Put the two tasks with the same logic so things should work no
matter which one is run.
We need to always run these even in check mode, because they register
things used in the last one of them. So, this could change this in check
mode if we modify it. Be careful!
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Just writing a config file isn't enough, apparently. We need to
really call update-crypto-policies. This attempts to do so, but
only if it's really necessary, by using some handy check args.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
This is VASTLY better than the hack we have in base now to try and setup
ifcfg files. It uses a standard role that has lots of options and does
the right thing with NetworkManager. Ideally we would switch everything
to this, but lets try it here first to see. It should work with bridges,
etc as well.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This task seems to fail with a nameserver failed to answer message when
you provision a bunch of hosts at once. Try running just one at a time
and see if it helps any.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
At some point not too long ago we set 'logrotate.timer' as a dist
enabled service. This mostly works fine as all supported Fedora and RHEL
releases have this. However, we still have some old unsupported hosts
(like notifs-backend01) and this caused playbooks to fail on them.
So, lets conditionalize it only to newer ones so we can run playbooks on
the EOL ones.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
In 2017, I (Stephen Smoogen), put in a change to copy
roles/base/files/rsyslog/rsyslog-limits.conf to /etc/systemd on
log01. This was to make it so we have adequete limits on the logrunner
on log01. However I missed the fact that all *.conf files are copied
over to /etc/rsyslog.d/ in a previous section. So this file has been
copied over to every system since 2017.. which was ok when rsyslogd just
ignored the syntax. However on EL8, it dies and kills rsyslogd so
servers are not able to run.
Fix: change the file name to one which won't get globbed. Remove the
file from all systems in /etc/rsyslo.d
Finally take fed-cloud* out and all playbooks associated with the old (and attempts to make a new one).
This cloud was a pain at times, but it did serve long and well, we salute it!
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
The reason we do this is so we can use a few scripts (like nag-once)
as python2 on python2 hosts and python3 on rhel8 hosts.
Note that this depends on the script working on either.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
