infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions
42825 commits 9 branches 0 tags 110 MiB
Commit graph

59 commits

Author SHA1 Message Date
Kevin Fenzi
659c9c719a openshift / haproxy: add service ca to trusted bundle 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2024-12-08 09:28:46 -08:00
Francois Andrieu
89a8e33677
haproxy: add the openshift-service CA cert to the CA bundle 2024-12-08 00:34:27 +01:00
Francois Andrieu
ce45b1775e
ocp: renew internal ingress certificates 2023-08-11 12:50:57 +02:00
Kevin Fenzi
36b489bce2 haproxy: adjust content size to 503 page 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-04-04 07:50:02 -07:00
Francois Andrieu
0ece2dfe06
use fedoraproject favicon everywhere it's needed 2023-04-03 13:35:55 +02:00
David Kirwan
d7f5be0ebb metrics-for-apps: updating api-int CA cert for ocp4 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-09-09 12:52:18 +09:00
David Kirwan
4e8fa0e687 metrics-for-apps: add ocp4 prod CA cert to haproxy 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-09-08 12:32:42 +09:00
Kevin Fenzi
3bdb267ad4 staging: rename the ocp cert 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-08-30 15:53:34 -07:00
Kevin Fenzi
ee60a42ccb haproxy: check in a temp prod ocp ca pem so playbooks do not fail 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-08-17 17:15:29 -07:00
David Kirwan
773bb63e35 metrics-for-apps: CA cert for the ocp4 staging cluster 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-08-17 10:26:56 +09:00
David Kirwan
6de8b73b9a metrics-for-apps: hotfix rename ocp4 staging CA cert 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-08-16 11:04:59 +09:00
David Kirwan
63b493fe31 metrics-for-apps: hotfix rename ocp4 staging ca certificate 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-08-16 10:51:33 +09:00
David Kirwan
55185861c8 metrics-for-apps: 
- Updating apache proxy config to handle ocp4 CA cert
- place ocp4 CA cert on proxies
- add ocp4 stg ca cert to haproxy/files

Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-08-13 20:02:38 +00:00
Kevin Fenzi
368bfaef01 haproxy: adjust content length for new text in 503 message 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-17 09:43:45 -07:00
Kevin Fenzi
80079bec37 503: adjust wording on the service not available doc 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-17 16:40:25 +00:00
Kevin Fenzi
14c486b41d haproxy: adjust content-length 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-12 13:38:48 -07:00
Aurélien Bompard
aace9bb2cc
New certificate for IPA in staging 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-02-12 11:39:24 +01:00
Kevin Fenzi
e6a1139cec haproxy / staging: update openshift ca cert for haproxy 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-31 11:31:12 -07:00
Kevin Fenzi
959fdaa00b haproxy: add a placeholder ca for openshift staging 
Openshift doesn't exist in staging yet, but we want to finish mostly
building out proxy01 before doing that, so set a placeholder ca here
until we can update it with the real one.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-25 09:39:17 -07:00
Kevin Fenzi
16d012933c haproxy: add ipa stg cert for iad2 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-24 21:52:12 -07:00
Kevin Fenzi
83d76a8614 iad2: haproxy: fix up openshift certs so iad2 and phx2 are correct and both install. Just copy the phx2 ipa pem for now 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-28 10:46:48 -07:00
Pierre-Yves Chibon
cb93ea22a1 proxy: Fix a number of links in the 503 error template 
See https://pagure.io/fedora-infrastructure/issue/8452 for
some more context about this change.

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:20 +02:00
Kevin Fenzi
ff74860db5 new ca cert for prod openshift 2018-09-27 22:27:51 +00:00
Kevin Fenzi
a63607d51b update os-master ca 2018-09-10 21:35:11 +00:00
Kevin Fenzi
233f22575a New openshift ssl ca 2018-05-31 23:47:27 +00:00
Patrick Uiterwijk
06f53389bc Add a README for the os-cert 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-05-31 02:11:07 +02:00
Kevin Fenzi
1f74423825 Update staging cert 2018-05-31 00:09:32 +00:00
Kevin Fenzi
8a19a0ef8d try this one 2018-02-24 01:44:25 +00:00
Kevin Fenzi
b651061e5c new staging ca cert 2018-02-24 01:13:56 +00:00
Ricky Elrod
a5d017c71f new os-master cert 
Signed-off-by: Ricky Elrod <relrod@redhat.com>
 2017-11-29 07:14:00 +00:00
Kevin Fenzi
3ae95a6169 fix names 2017-08-22 19:49:20 +00:00
Kevin Fenzi
4047dc3228 move file for env name 2017-08-22 19:45:25 +00:00
Kevin Fenzi
9d330280ef add prod os CA and make haproxy use it 2017-08-22 19:41:07 +00:00
Patrick Uiterwijk
67939cfd7a New OS certificate 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-06-29 15:17:47 +00:00
Kevin Fenzi
04e93913b4 update openshift ca from current install 2017-05-25 19:35:48 +00:00
Kevin Fenzi
eb1dd0ae0f look, you can fix a error with 0s 2017-05-16 15:24:23 +00:00
Patrick Uiterwijk
331a664f1e Updatecert 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-05-12 15:03:41 +00:00
Patrick Uiterwijk
2b365b3c32 Add the newest openshift cert 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-05-12 02:34:39 +00:00
Ricky Elrod
bbe6c25b6f try os-master proxy setup 
Signed-off-by: Ricky Elrod <codeblock@fedoraproject.org>
 2017-05-11 19:49:31 +00:00
Kevin Fenzi
077cbc03d6 remove fedorahosted from nagios 2017-03-02 22:16:19 +00:00
Patrick Uiterwijk
1c74f98cca Add production IPA cert 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-10-13 13:46:34 +00:00
Patrick Uiterwijk
28ebec92ee Proxy IPA through haproxy 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-08-04 21:23:07 +00:00
Till Maas
ff2f58c243 Move planet.fedoraproject.org to fedoraplanet.org 2015-07-31 18:56:04 +02:00
Kevin Fenzi
553da4b213 Switch haproxy to prefer a local mirrorlist server if available. 
Allow port 443 connections from those proxies on mirrorlists.
Add hosts entries for proxy10 and proxy01 that should allow ssl to work right.
Will test this on one proxy/mirrorlist and move on to the others.
 2015-05-31 17:17:41 +00:00
Adrian Reber
900552f038 Switch to another URL for mirrormanager haproxy check 
The haproxy check URL for the MirrorManager web frontend was a URL
which resulted in a large DB query. Every proxy, every minute. This
resulted in two much memory and CPU consumption. This switches the
check to a small static file to reduce the load on mm-frontend01.
 2015-05-20 14:30:05 +00:00
Kevin Fenzi
8341e0c5bf Drop duplicate mirrormanager entries 2015-05-07 15:21:45 +00:00
Pierre-Yves Chibon
7f03e4a597 Adjust haproxy in stg to enable /mirrormanager/ 2015-05-07 17:18:15 +02:00
Mikolaj Izdebski
7d480abcbf Add proxy configuration for Koschei staging 2015-05-07 09:25:27 +00:00
Kevin Fenzi
7c0f38f9e8 Drop torrent02, it's gone. Add torrent01 to acls for downloads. 2015-05-05 14:08:11 +00:00
Patrick Uiterwijk
fd417782c1 And fix the checkpath for ipsilon 2015-03-19 17:55:18 +00:00