Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
42523 commits 9 branches 0 tags 111 MiB
Commit graph

64 commits

Author SHA1 Message Date
Michal Konecny
2ec055db6f Use first uppercase letter for all handlers 
This will unify all the handlers to use first uppercase letter for
ansible-lint to stop complaining.

I went through all `notify:` occurrences and fixed them by running
```
set TEXT "text_to_replace"; set REPLACEMENT "replacement_text"; git grep
-rlz "$TEXT" . | xargs -0 sed -i "s/$TEXT/$REPLACEMENT/g"
```

Then I went through all the changes and removed the ones that wasn't
expected to be changed.

Fixes https://pagure.io/fedora-infrastructure/issue/12391

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2025-02-10 20:31:49 +00:00
Ryan Lerch
47c68f478d ansiblelint fixes - fqcn[action-core] - template to ansible.builtin.template 
Replaces references to template: with ansible.builtin.template

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-15 11:30:29 +10:00
Ryan Lerch
25391e95b7 ansiblelint fixes - fqcn[action-core] - package to ansible.builtin.package 
Replaces many references to  package: with ansible.builtin.package

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-15 11:28:00 +10:00
Ryan Lerch
6a3816dfdc ansiblelint fixes-- fqcn[action-core] - copy to ansible.builtin.copy 
Replaces many references to 'copy' with ansible.builtin.copy

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-15 10:43:31 +10:00
Ryan Lerch
62952df107 ansiblelint fixes-- fqcn[action-core] - file to ansible.builtin.file 
Replaces many references to  file: with ansible.builtin.file

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-15 10:41:52 +10:00
Ryan Lerch
691adee6ee Fix name[casing] ansible-lint issues 
fix 1900 failures of the following case issue:

`name[casing]: All names should start with an uppercase letter.`

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-14 20:20:07 +10:00
Ryan Lerch
89f6f1fc32 Fix majority of remaining yamllint warnings and errors 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2024-11-28 17:31:45 +10:00
Aurélien Bompard
4accba8e8f
Add X-Forwarded-Proto in addition to X-Forwarded-Scheme 
The convention is more on `-Proto` than `-Scheme`:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2024-02-13 12:34:28 +01:00
Patrick Creech
ee4df11e44 Remove MultiViews from web configs 
Signed-off-by: Patrick Creech <pcreech@redhat.com>
 2023-07-20 17:23:40 -04:00
Kevin Fenzi
8a4a4469e4 proxies: Override the httpd systemd unit file to up file limit and restart on failure 
The proxies seem to be hitting file limits, so try increasing them.
Also, set httpd to restart on failure, this should help mask the problem
if it persists with the higher limit.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-01-22 13:51:23 -08:00
Kevin Fenzi
57250588d3 proxies: disable systemd-oomd 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-09-20 12:29:27 -07:00
Kevin Fenzi
313674646d proxies: increase max workers 
Also add a ssl connection cache.
These changes are live on proxy01/10 and seem to have made them stable
again. Will look at pushing to the rest tomorrow.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-09-21 16:19:14 -07:00
Francois Andrieu
a3021f650c httpd: remove deprecated NamedVirtualHost 2021-04-03 18:10:47 +00:00
Francois Andrieu
db437822cb cleanup: fix proxies NameVirtualHost 2021-04-03 18:10:47 +00:00
Stephen Smoogen
152b415410 allow proxy32 to get to infrastructure 2020-06-19 15:21:51 -04:00
Stephen Smoogen
2b9f82f9f4 proxy31 2020-04-24 21:34:26 +02:00
Stephen Smoogen
9d02ba6cf4 add proxy30 to config files 2020-04-24 21:34:21 +02:00
Stephen Smoogen
14ccfa20e3 Add in virtual ipv6 hosts for proxy03 and proxy14 2020-04-24 21:34:20 +02:00
Rick Elrod
f7d01587a3 httpd/proxy: libsemanage here too, we should abstract this out... 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2020-04-24 21:34:18 +02:00
Stephen Smoogen
0a87de6e21 [proxies] remove proxy08 from ansible configs 2020-04-24 21:34:11 +02:00
Patrick Uiterwijk
cb8b0c935d Restrict Proxy server-status to localhost for now 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-03 20:00:53 +02:00
Rick Elrod
0b7bb3b5b3 prep for proxy03 move 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2019-02-11 23:14:27 +00:00
Patrick Uiterwijk
74502e1c52 Enable OCSP stapling on the proxies 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-07-28 23:01:20 +00:00
Patrick Uiterwijk
ac055b3927 Deploy ticketkey as part of proxy role 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-11-25 00:02:26 +00:00
Stephen Smoogen
d03b61ac73 and we have ips we need for the hosts 2017-10-09 19:44:31 +00:00
Patrick Uiterwijk
039b08354a Yum allowed state=installed. Lets use state=present consistently 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-08 22:31:03 +00:00
Patrick Uiterwijk
a9e616022f Also package-ize this 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-08 22:03:18 +00:00
Stephen Smoogen
e3c0199dad make another set of stg ip changes 2017-09-29 15:24:58 +00:00
Patrick Uiterwijk
fbbf28f32c Remove keepalives configuration in production 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-02-14 16:11:09 +00:00
Patrick Uiterwijk
14d68a4b22 Let's try keepalive 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-02-13 16:00:29 +00:00
Stephen Smoogen
4fe0981401 we need to do all this stuff in templates. 2017-01-16 01:01:45 +00:00
Kevin Fenzi
1effd347df Setup a proxyreload for httpd that looks for the ticketkey. If it's not there, assume the proxy is just being configured and don't reload httpd. 2016-12-01 21:36:07 +00:00
Kevin Fenzi
2209cb5efa drop bodhost01 and proxy07 2016-05-31 16:48:17 +00:00
Patrick Uiterwijk
98a1619e01 Let's use the existing pki path 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-04-12 14:16:56 +00:00
Patrick Uiterwijk
08568865fe Replace all restart httpd with reload httpd 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2015-11-04 23:40:01 +00:00
Patrick Uiterwijk
2f3988868c Set requesttimeout on headers 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2015-10-15 17:34:08 +00:00
Kevin Fenzi
17b4748e4e Switch proxies to use the mpm event module instead of prefork. 2015-10-09 15:34:17 +00:00
Patrick Uiterwijk
6d8f8f3641 Var files are also useful 2015-10-08 00:01:30 +00:00
Patrick Uiterwijk
62b853b51e Create both prod and stg ticket keys 2015-10-07 23:42:44 +00:00
Kevin Fenzi
b34edf77a7 Move the haveged install to the mod_ssl role 2015-10-07 23:24:41 +00:00
Patrick Uiterwijk
4fa59b5ce8 Enable ticket keys 2015-10-07 23:04:25 +00:00
Patrick Uiterwijk
7106486ce3 Add haveged to proxies for entropy 2015-10-07 20:12:14 +00:00
Stephen Smoogen
b74a402571 and we remove proxy09 2015-09-01 22:13:09 +00:00
Stephen Smoogen
1bc2c83952 change various ips to new ipv6 address 2015-08-21 19:41:43 +00:00
Stephen Smoogen
7cba4be63c and we have ipv6 2015-03-30 20:40:48 +00:00
Stephen Smoogen
73d8098fc2 oh yeah.. vpn 2015-03-23 22:51:30 +00:00
Kevin Fenzi
1e7e1ec92c Add proxy02. Drop second ip. 2015-02-21 22:28:28 +00:00
Kevin Fenzi
fdad2cd006 Drop the one ip on proxy07 to prep for moving it over to ansible 2015-02-21 16:48:39 +00:00
Kevin Fenzi
64d93edcd8 Lets try and get things in phx2 to use proxy10 instead of proxy01. 2015-02-18 22:53:10 +00:00
Kevin Fenzi
73dee1dc7f Stab at making our lower mem proxies happier so they don't nagios flood us 2015-02-06 18:16:31 +00:00