infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions
23425 commits 9 branches 0 tags 110 MiB
Commit graph

55 commits

Author SHA1 Message Date
Till Maas
8f7acb0dde Increase HSTS max age to one year 
The HSTS preload list requires this now: https://hstspreload.org/
 2018-02-07 12:42:36 +01:00
Patrick Uiterwijk
f43622c33c Migrate openstack over to fedorainfracloud.org 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2015-06-23 06:43:05 +00:00
Miroslav Suchý
35ab9867e2 this seems to work 2015-04-27 22:21:06 +00:00
Miroslav Suchý
e751dd0ebe install firewall and metering agent 2015-04-27 21:46:29 +00:00
Miroslav Suchý
36befd56a7 load correct ssh key 2015-04-27 13:31:43 +00:00
Miroslav Suchý
61c4e314f0 Revert "allow fed-cloud09 to log to itself" 
This reverts commit 653353ea4b.
 2015-04-27 09:56:59 +00:00
Miroslav Suchý
653353ea4b allow fed-cloud09 to log to itself 
so packstack can configure swift. And unify the ssh key deployment
 2015-04-27 09:50:45 +00:00
Miroslav Suchý
35b2a9f5f0 obey the ssl recomendations 
from https://mozilla.github.io/server-side-tls/ssl-config-generator/
This will requires:
Oldest compatible clients : Firefox 27, Chrome 22, IE 11, Opera 14, Safari 7, Android 4.4, Java 8
 2015-04-22 12:35:38 +00:00
Miroslav Suchý
88050c8e83 let packastack install swift only on fed-clou09 
we will install it on compute nodes manually
 2015-04-20 09:46:51 +00:00
Miroslav Suchý
5707d8b1f2 configure swift on all nodes 2015-04-15 14:17:52 +00:00
Miroslav Suchý
5b85fa8158 set StrictHostKeyChecking to no, because nova login non-interactively 2015-04-14 17:37:16 +00:00
Miroslav Suchý
e11c176ce7 deploy ssh keys of nova user - take 2 2015-04-14 17:05:32 +00:00
Miroslav Suchý
49d8c3d27e create 100GB swift storage in vg_server 2015-04-14 09:37:28 +00:00
Miroslav Suchý
0ac74dd66b put fed-cloud09.pem to public git, just key is secret 2015-03-31 09:33:01 +00:00
Kevin Fenzi
c54f4a0151 Add fedora-admin pub key 2015-03-17 15:27:11 +00:00
Kevin Fenzi
a424b52e2e Fix vnc on new cloud 2015-03-07 17:30:13 +00:00
Miroslav Suchý
348f2b070e move non-ssl swift to 7080 
so it does not confilect with novncproxy
 2015-03-06 12:57:43 +00:00
Miroslav Suchý
dc156003af move all openstack services to SSL 2015-03-05 14:24:08 +00:00
Miroslav Suchý
35ee8445ec move cinder to ssl 2015-03-05 11:24:58 +00:00
Miroslav Suchý
1552cde456 add haproxy.conf which I missed in 8af53bd 2015-03-04 15:42:19 +00:00
Kevin Fenzi
d934cf11ef Fold in new private cloud work from today. Gets things pretty working. 2015-02-28 03:15:15 +00:00
Kevin Fenzi
b71337cc71 Just fold this into template so it doesn't change every run 2015-02-23 16:05:07 +00:00
Miroslav Suchý
65d9be09f2 resolve fed-cloudXX to internal IP 
because external IP is not routable
 2015-02-19 13:40:13 +00:00
Miroslav Suchý
9da061b5a5 add private ip of compute nodes to controller hosts file 2015-02-19 10:30:00 +00:00
Miroslav Suchý
6f4fdddc23 this should not be needed 
because I already specified CONFIG_NEUTRON_OVS_TUNNEL_IF
 2015-02-18 14:30:40 +00:00
Miroslav Suchý
8a65d46b7d fix doc url 2015-02-17 15:09:11 +00:00
Miroslav Suchý
323c6401ab update fed09-ssh-key.pub 2015-02-17 12:13:53 +00:00
Kevin Fenzi
23a095336e Add hosts entry for cloud to get 2fa working hopefully. 2015-02-02 15:21:29 +00:00
Miroslav Suchý
109441bdcf update ssh pub key 2015-02-02 13:38:13 +00:00
Miroslav Suchý
c1d43488f8 give up with rabbitmq ans ssl 
when I configured both server and OS for ssl, I get:
2015-02-02 12:32:26.475 15074 ERROR neutron.openstack.common.rpc.common [-] AMQP server on 209.132.184.9:5671 is unreachable: [Errno 1] _ssl.c:504: error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version. Trying again in 19 seconds
I simply give up
 2015-02-02 12:54:15 +00:00
Miroslav Suchý
c12de0e17f use httpd ssl certs for AMWP too 2015-01-30 10:47:24 +00:00
Miroslav Suchý
005b234d5e fix variable name 2015-01-30 10:06:48 +00:00
Miroslav Suchý
fbc57d8fb4 try ssl for rabbitmq again 2015-01-29 10:02:51 +00:00
Miroslav Suchý
cd395a0be0 update fed09-ssh-key.pub 2015-01-29 09:26:36 +00:00
Miroslav Suchý
4a922bdbf6 add compute IPs ans change dns IPs 2015-01-29 09:25:47 +00:00
Miroslav Suchý
8a9a1c5ae8 try to disable ssl for AMQP 2015-01-28 14:21:17 +00:00
Miroslav Suchý
a495fe72f7 replace depracted params 
Additional information:
 * Deprecated parameter has been used in answer file. Please use parameter CONFIG_MARIADB_INSTALL next time. This parameter deprecates following parameters: ['CONFIG_MYSQL_INSTALL'].
 * Deprecated parameter has been used in answer file. Please use parameter CONFIG_MARIADB_HOST next time. This parameter deprecates following parameters: ['CONFIG_MYSQL_HOST'].
 * Deprecated parameter has been used in answer file. Please use parameter CONFIG_MARIADB_USER next time. This parameter deprecates following parameters: ['CONFIG_MYSQL_USER'].
 * Deprecated parameter has been used in answer file. Please use parameter CONFIG_MARIADB_PW next time. This parameter deprecates following parameters: ['CONFIG_MYSQL_PW'].
 * Time synchronization installation was skipped. Please note that unsynchronized time on server instances might be problem for some OpenStack components
 2015-01-27 16:34:36 +00:00
Miroslav Suchý
510f4d52e3 note about rabbitmq 2015-01-23 13:17:32 +00:00
Miroslav Suchý
a8a9f34092 update fed09-ssh-key 2015-01-22 14:21:52 +00:00
Miroslav Suchý
3a6f79311f Revert "Revert "set CONFIG_SWIFT_STORAGES to default"" 
This reverts commit a075a55262.
 2014-12-12 23:00:47 +00:00
Miroslav Suchý
a075a55262 Revert "set CONFIG_SWIFT_STORAGES to default" 
This reverts commit 40fb52b74d.
 2014-12-12 22:55:01 +00:00
Miroslav Suchý
1fa66b94a8 Revert "replace obsoleted MYSQL variables" 
This reverts commit f6f5931e75.
 2014-12-12 22:54:15 +00:00
Miroslav Suchý
f6f5931e75 replace obsoleted MYSQL variables 
addressing:
 * Deprecated parameter has been used in answer file. Please use parameter CONFIG_MARIADB_INSTALL next time. This parameter deprecates following parameters: ['CONFIG_MYSQL_INSTALL'].
 * Deprecated parameter has been used in answer file. Please use parameter CONFIG_MARIADB_HOST next time. This parameter deprecates following parameters: ['CONFIG_MYSQL_HOST'].
 * Deprecated parameter has been used in answer file. Please use parameter CONFIG_MARIADB_USER next time. This parameter deprecates following parameters: ['CONFIG_MYSQL_USER'].
 * Deprecated parameter has been used in answer file. Please use parameter CONFIG_MARIADB_PW next time. This parameter deprecates following parameters: ['CONFIG_MYSQL_PW'].
 * Time synchronization installation was skipped. Please note that unsynchronized time on server instances might be problem for some OpenStack components.
 2014-11-14 18:19:00 +00:00
Miroslav Suchý
40fb52b74d set CONFIG_SWIFT_STORAGES to default 
addressing:
failed: [fed-cloud09.cloud.fedoraproject.org] => {"changed": true, "cmd": ["packstack", "--answer-file=/root/packstack-controller-answers.txt"], "delta": "0:00:00.701587", "end": "2014-11-14 18:09:02.505525", "rc": 1, "start": "2014-11-14 18:09:01.803938"}
stdout: Welcome to Installer setup utility
Parameter CONFIG_SWIFT_STORAGES failed validation: Storage value has to be in format "/path/to/device".

ERROR : Failed handling answer file: Storage value has to be in format "/path/to/device".
 2014-11-14 18:19:00 +00:00
Miroslav Suchý
a835bd2fe7 update fed09 ssh key 2014-10-16 16:07:46 +00:00
Miroslav Suchý
d9f8ab9679 lookup file from {{files }} 2014-09-19 16:06:35 +00:00
Miroslav Suchý
b623d607de add uninstall.sh script 
this is to wipe OpenStack instance the hard way.
Do not run it mortals!
 2014-09-19 12:15:40 +00:00
Miroslav Suchý
2d0197a993 use cert itself as CAChain 
because it could not be empty
 2014-09-15 13:04:50 +00:00
Miroslav Suchý
0afa9fde07 disable ssl for ampq 2014-09-15 09:46:59 +00:00
Miroslav Suchý
ed8806d2ff upgrade path of ssl key 2014-09-15 09:36:05 +00:00