Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
15554 commits 9 branches 0 tags 111 MiB
Commit graph

106 commits

Author SHA1 Message Date
Patrick Uiterwijk
326a6e42da Create ccd files 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-10-13 14:37:15 +00:00
Kevin Fenzi
215c38198e Disable openvpn client handler for now 2016-08-31 18:57:02 +00:00
Kevin Fenzi
12ed1dd6f7 Update out vpn configs for better encryption. 2016-08-31 18:50:14 +00:00
Patrick Uiterwijk
135f18c726 Docke-candidate-registry ccd file 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-08-18 15:49:53 +00:00
Kevin Fenzi
1c6e9a11f4 Another pile of trailing whitespace fixes 2016-08-08 19:42:36 +00:00
Patrick Uiterwijk
eacefedadf Add osbs-master01 ccd file 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-07-14 13:01:21 +00:00
Patrick Uiterwijk
bb82361a04 Create docker-registry01 vpn config 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-07-12 17:14:35 +00:00
Patrick Uiterwijk
b6eb15c0ee Create mm-frontend-checkin01 
This server should be regarded as untrusted.

Related: CVE-2016-1000003
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-06-17 19:54:43 +00:00
Kevin Fenzi
7a10cd6b2f Drop mm-crawler03 - ticket 4877 2016-05-26 17:02:52 +00:00
Mikolaj Izdebski
c61b2f0e17 Remove VPN config for old Koschei host 2016-05-12 15:46:10 +00:00
Kevin Fenzi
e297178539 Add vpn ccd for koschei-web01 2016-05-12 15:33:08 +00:00
Stephen Smoogen
10d5884bd5 remove the old rdu download boxes we will decommission 2016-05-04 15:18:35 +00:00
Patrick Uiterwijk
e78464fff2 Create OpenVPN config for basset01 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-04-14 23:38:36 +00:00
Tim Flink
fb21045a5b adding vpn server side config for beaker01.qa 2016-04-14 19:56:40 +00:00
Patrick Uiterwijk
7861d0cc75 Create OpenVPN config for basset01 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-03-17 22:49:01 +00:00
Ralph Bean
3d53824019 vpn ccd file for zanata2fedmsg01. 2016-03-03 20:30:21 +00:00
Ralph Bean
33028dfd9f openvpn ccd files for pdc nodes. 2016-01-04 21:52:18 +00:00
Tim Flink
39ddb15e92 adding openqa01.qa to vpn 2015-12-01 21:59:11 +00:00
Tim Flink
bf03de72d0 fixing logic for openvpn package install w/dnf 2015-11-26 01:27:59 +00:00
Kevin Fenzi
08b8ba352a Add hosts file and vpn ccd for mdapi01 2015-11-17 17:28:50 +00:00
Pierre-Yves Chibon
1c183896c8 Install the openvpn client package with dnf on F22+ 2015-11-17 15:29:29 +01:00
Pierre-Yves Chibon
a7e6225b8f Fix indentation 2015-11-17 15:27:42 +01:00
Pierre-Yves Chibon
27910ddaef Install the package with dnf on F22+ 2015-11-17 15:27:05 +01:00
Patrick Uiterwijk
032376de7e Tag the fix-routes.sh play 2015-11-04 23:11:52 +00:00
Patrick Uiterwijk
fe6f551049 Move fix-routes.sh to openvpn base and run it on restart 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2015-11-04 23:09:43 +00:00
Patrick Uiterwijk
8c9fcd56d1 Add mirrorlist-ibiblio02 vpn ccd 2015-10-25 00:54:36 +00:00
Patrick Uiterwijk
b2b07e8bcd Running the script doesnt work yet. But we still want the script. 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2015-10-23 03:11:02 +00:00
Patrick Uiterwijk
50511a65e7 Make fix-routes not terminate with status 2 if it fixed it 
This will make openvpn think something went wrong and terminate the connection.
I did this to make it easily visible when running with ansible, but in this case
it messes things up.

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2015-10-23 02:41:01 +00:00
Patrick Uiterwijk
d5bdc65887 Add script to OpenVPN for VPN route fixing 
This will make sure that always after a start/restart the
VPN routes are created

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2015-10-23 02:15:43 +00:00
Patrick Uiterwijk
b1db3bafd8 Disable persist-tun for openvpn 
This should solve the issue where RHEL7 machines that get a network
hiccup need an OpenVPN restart to restore their routes.

The code is broken in the current upstream OpenVPN release, such that
it does tear down some of the routes during a ping-restart (when the
connection is dropped due to network hiccups), but the reconnection
code does not restore the routes.
I am working on an upstream patch to fix this, but in the meantime
disabling persist-tun will make sure that OpenVPN does the entire
initialization upon reconnection, which makes sure that all routes
are created.

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2015-10-21 18:26:32 +00:00
Kevin Fenzi
301a9cea82 Add first cut at a infinote server (config to come) 2015-10-09 19:03:59 +00:00
Ralph Bean
c891127d1a Add CCD files for statscache-web. 2015-10-09 18:17:21 +00:00
Patrick Uiterwijk
9533446335 Add proxy12 on ibiblio05 2015-10-09 17:00:14 +00:00
Kevin Fenzi
4b8b54b795 Add ccd file too 2015-10-06 16:52:44 +00:00
Stephen Smoogen
2322011063 add a batcave ccd 2015-09-28 20:38:41 +00:00
Kevin Fenzi
2873cdd427 Move all puppet_private stuff to ansible private so we can stop using puppet private. 2015-09-25 18:16:23 +00:00
Ralph Bean
824875d592 ccd files for new autocloud prod web nodes. 2015-09-24 19:44:10 +00:00
Kevin Fenzi
bd5bb2d1ed add ccd file for mm-crawler03 2015-09-03 18:55:23 +00:00
Kevin Fenzi
5160b13c2c Rename ccd file correctly this time. 2015-08-31 20:39:22 +00:00
Kevin Fenzi
9442b2d4b7 Initial cut of new darkserver02 instance. 2015-08-31 18:17:16 +00:00
Stephen Smoogen
75c212c169 more removal of ibiblio01 2015-08-19 17:45:50 +00:00
Patrick Uiterwijk
a45f18bfd7 Add mm-frontend02 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2015-07-28 17:45:29 +00:00
Kevin Fenzi
09448c2d2b Add openvpn file for ibiblio05 2015-07-27 22:44:33 +00:00
Kevin Fenzi
9ce6b3fdf9 Add a pile of bodhi2 production instances. 2015-07-21 18:39:02 +00:00
Patrick Uiterwijk
26e04d0b58 Add ipsilon0* ccd files... 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2015-07-15 08:17:06 +00:00
Kevin Fenzi
2ea34c01d6 Add vpn on koschei01 2015-06-24 17:13:03 +00:00
Kevin Fenzi
db5b67207d First rough cut at a people01. Many bugfixes ahead I am sure. 2015-06-16 19:06:24 +00:00
Kevin Fenzi
275f4b5203 Change all instances of ansible_distribution_major_version to filter to int for comparisons. 2015-05-27 22:27:39 +00:00
Kevin Fenzi
120a8183f6 Helps if you put these in the right directory. ;( Oops 2015-05-11 17:40:05 +00:00
Kevin Fenzi
a07b4a796e Add ccd openvpn files for pagure 2015-05-11 17:34:41 +00:00