Stephen Smoogen
68152bdfdb
Try using network_connections for proxy02 to get it to rewrite ifcfg correctly
...
Signed-off-by: Stephen Smoogen <smooge@smoogespace.com>
2021-03-31 14:25:33 -04:00
Stephen Smoogen
8f76cd7a85
fix the remote proxy dns to point to the right things in ifcfg
2021-03-31 14:10:55 -04:00
Kevin Fenzi
fdc0368f12
pkgs01: use sshd_keyhelper here
...
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-03-31 07:20:30 -07:00
Adam Williamson
06b71c46ca
Update openQA lab to latest upstream scratch builds for testing
...
Signed-off-by: Adam Williamson <awilliam@redhat.com>
2021-03-30 18:54:14 -07:00
Stephen Smoogen
5bad041fa5
rmeove mailman01.stg until packages are ready for it
...
Signed-off-by: Stephen Smoogen <smooge@smoogespace.com>
2021-03-30 18:56:18 -04:00
Kevin Fenzi
7a53888856
inventory: add ipa01 backups to backup01
...
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-03-30 15:38:41 -07:00
Stephen Smoogen
00bea493d8
Move vmhost-x86-cc05 to regular colo_virt so it can be maintained in that group
...
Signed-off-by: Stephen Smoogen <smooge@smoogespace.com>
2021-03-30 17:35:03 -04:00
Stephen Smoogen
8647884713
Change inventory/host_vars/ns13.rdu2.fedoraproject.org to have vpn: true so that ipa works
...
Signed-off-by: Stephen Smoogen <smooge@smoogespace.com>
2021-03-30 17:09:31 -04:00
Kevin Fenzi
35c3f4a30f
retrace should be vpn: true at least for now
...
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-03-30 09:00:43 -07:00
Kevin Fenzi
c9630db833
delete some hosts that no longer exist.
...
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-03-30 08:46:22 -07:00
Kevin Fenzi
ff94c9d77a
bvmhost-x86-04/05.stg: turns out, these are in staging and should use the staging ipa server
...
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-03-30 07:39:37 -07:00
f8c683ffa8
cleanup: use iad2 composer
2021-03-29 22:48:10 +00:00
2f5f939a83
cleanup: change group_var datacenter from phx2 to iad2
2021-03-29 22:45:02 +00:00
35a43317d4
cleanup: remove unused PHX2 related host_vars/group_vars
2021-03-29 22:45:02 +00:00
Kevin Fenzi
04e67d381e
inventory: add dl01-05 to staging_friendly
...
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-03-29 08:54:49 -07:00
Stephen Smoogen
917d633e8d
Add mirror.dst.ca to mirrors
2021-03-29 09:02:14 -04:00
Nick Bebout
0eae657232
Fix sudo rules for sysadmin-noc and sysadmin-veteran
2021-03-28 20:46:01 -05:00
Nick Bebout
5c1f91f588
sysadmin-hosted is not used anymore
2021-03-28 19:49:32 -05:00
Nick Bebout
1b0bcb3adf
sysadmin-tools should have sudo on people
2021-03-28 19:43:57 -05:00
Kevin Fenzi
f6d6a2cffe
people: people02 is on the vpn
...
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-03-28 12:52:57 -07:00
Kevin Fenzi
cd1430ab62
os-cluster: baseiptables should be FALSE
...
The baseiptables variable controls if the base role should apply base
iptables and ip6tables templates to a host. In the case of OpenShift we
DO NOT WANT it to do this. The base iptables template doesn't handle all
the container native rules and setup that OpenShift needs to work.
This has caused multiple outages by applying this template on the
OpenShift nodes. So, set it to false here and keep it false please. :)
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-03-28 10:37:46 -07:00
Kevin Fenzi
7dadf93f44
Deploy renewed openshift certs
...
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-03-27 12:05:35 -07:00
Kevin Fenzi
29f31df142
pagure-stg01 is also on the vpn
...
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-03-25 14:16:03 -07:00
Kevin Fenzi
8101073e8e
pagure: pagure is on the vpn
...
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-03-25 14:11:11 -07:00
Kevin Fenzi
1e5aefcc52
ipa03: fix ip address for ipa03
...
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-03-25 14:07:13 -07:00
Kevin Fenzi
b0d1ea96da
bastion: add fasjson_url for fasjson role
...
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-03-25 13:47:05 -07:00
Kevin Fenzi
ddf53bdbdf
inventory: add copr-db-stg to cloud_aws group to make nagios happy
...
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-03-25 09:52:57 -07:00
Nils Philippsen
46b3fb9390
ipa/client: Revamp combining shell groups
...
The previous implementation didn't work because of a chicken-and-egg
problem: To add the batcave shell groups to those specifically for
bastion, it needs to look them up, but they aren't set yet (probably
because `batcave` comes after `bastion`).
Now, one can (optionally) set `ipa_client_shell_groups_inherit_from`, a
list of Ansible group names whose `ipa_client_shell_groups` will be
combined with that of the host itself. This is more robust because it's
done late, after variables are set from the inventory.
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-25 13:53:21 +01:00
Nils Philippsen
72b940d31a
ipa/client: stopgap for shell groups on bastion
...
Evaluating ipa_client_shell_group from another group won't work this
way. Hardcode the list until we have a better solution.
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 23:56:14 +01:00
Stephen Smoogen
16ee589eee
up the number of cpus for the systems in the group. add 2GB more ram also
2021-03-24 18:36:48 -04:00
Stephen Smoogen
a3fd2875c2
attempt to add sysadmin-qa so that adamw can get some f*ing work done
2021-03-24 15:10:14 -04:00
Kevin Fenzi
fadfa83427
inventory / group / oci_registry: clear out duplicate variables
...
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-03-24 11:49:22 -07:00
Nils Philippsen
0ad057a285
VPN hosts: Don't enroll with ipa03 for now
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 18:33:09 +01:00
Nils Philippsen
28cc2e8d93
ipa/client: specify ipa server when enrolling VPN hosts
...
This is needed for clients that cannot access the internal DNS
where IPA servers are announced.
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 18:18:55 +01:00
Kevin Fenzi
56cbb0beb8
ipa: make sure we open ports 88 and 464 UDP
...
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-03-24 06:32:49 -07:00
Nils Philippsen
717b89b8ad
ipa/client: enable for wiki in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
a706cd8459
ipa/client: enable for vmhost_copr in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
65e0ea5d96
ipa/client: enable for virthost in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
fa72446395
ipa/client: enable for value in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
36cb1aaba7
ipa/client: enable for unbound in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
29aa38add0
ipa/client: enable for torrent in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
286af1a769
ipa/client: enable for tang in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
c0a7ba202b
ipa/client: enable for sundries in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
6c5b779488
ipa/client: enable for smtp_mm in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
06ec929ead
ipa/client: enable for sign_bridge in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
8463ae106f
ipa/client: enable for retrace in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
d34b4ff501
ipa/client: enable for resultsdb in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
e3ee5d6da8
ipa/client: enable for releng_compose in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
6b419af83e
ipa/client: enable for rabbitmq in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
6275b90b0d
ipa/client: enable for proxies in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
