Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
33934 commits 9 branches 0 tags 111 MiB
Commit graph

24 commits

Author SHA1 Message Date
Nils Philippsen
dbbf94a411 ipa/client: configure global shell access and sudo 
Almost global anyway, i.e. inside the VPN.

The ipa/client-based shell access and sudo rules are only effective for
staging right now, the respective playbook bits are masked out for prod.

- Assign Ansible host groups to IPA host groups, the latter don't care
  about 'stg' in the name and use dashes rather than underscores.
- Distill shell access groups from fas_client_groups in group and host
  vars.
- Let all `sysadmin-*` groups in the previous list run anything via sudo
  in the host group (except bastion & batcave).
- Remove `fas_client_groups` from staging host and group vars.
- Remove sudoers from staging host and group vars if only `sysadmin-*`
  groups have shell access.
- Set up `ipa_client_shell_groups` on bastion to be a super set of the
  same on batcave.

Newly created IPA host groups:
- autosign
- badges
- basset
- bastion
- batcave
- blockerbugs
- bodhi
- bugzilla2fedmsg
- busgateway
- datagrepper
- dbserver
- dns
- fedimg
- github2fedmsg
- ipa
- kernel-qa
- kerneltest
- kojibuilder
- kojihub
- kojipkgs
- logging
- mailman
- memcached
- mirrormanager
- nagios
- notifs
- oci-registry
- odcs
- openqa
- openqa-workers
- osbs
- packages
- pdc-web
- pkgs
- proxies
- rabbitmq
- releng-compose
- resultsdb
- secondary
- sign-bridge
- sundries
- value
- wiki

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-01 22:23:41 +00:00
Kevin Fenzi
25a1b3e9fe value: allow correct batcave01 ip to send messages to value01 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-10-02 09:07:18 -07:00
Stephen Smoogen
f65a48aa61 allow log01 to get logs from proxies and other hosts. fix both iptables and rsyncd 2020-06-12 11:01:08 -04:00
Kevin Fenzi
52010621fb iad2: allow vpn on batcave01.iad2 and also on value01 allow connections from it for zodbot 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-06-04 13:16:18 -07:00
Kevin Fenzi
2b9428a0cf value: add deployment_type 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:19 +02:00
Stephen Smoogen
dfd088ab5e put in many changes for new nagios server 2017-04-06 23:50:44 +00:00
Nick Bebout
e51aba3aeb Add sysadmin-veteran with shell anywhere that sysadmin-noc and/or fi-apprentice had access 2016-05-17 00:18:04 +00:00
Ralph Bean
cd8f21ecb2 Fix some more fedmsg topic declarations. 2015-12-05 13:59:10 +00:00
Ralph Bean
47dfa809d5 Explicitly list all certs that can send the logger.log fedmsg message. 2015-12-03 19:30:08 +00:00
Kevin Fenzi
8b24cc1c14 We need noc01's vpn ip here to send zodbot messages to irc. 2015-11-25 03:40:09 +00:00
Chaoyi Zha
c520c6dd48 Change value* csi purpose to be more descriptive 2015-11-25 00:23:47 +00:00
Ralph Bean
f85602b776 Wrong addr, there. 2015-11-22 02:38:55 +00:00
Ralph Bean
c10759cc35 Also let batcave01 in. 2015-11-22 02:35:34 +00:00
Ralph Bean
fe9d322805 Restrict 5050 to noc01 and noc02. 2015-11-22 02:30:55 +00:00
Ralph Bean
5bd2413fa3 Update CSI info for the value nodes. 2015-11-06 17:52:46 +00:00
Chaoyi Zha
2a93e49841 Add csi_* vars for value servers 2015-10-12 02:01:24 +00:00
Chaoyi Zha
2234ac418f Fix typo 2015-06-14 18:32:49 +00:00
Ralph Bean
467a138520 Add sysadmin-mote to the fas client groups for value0*. 2015-06-12 19:57:23 +00:00
Ralph Bean
928ff5c54c Declare who can send what irc fedmsg stuff. 2015-06-12 19:31:37 +00:00
Kevin Fenzi
ca438e602e Add it here too 2015-05-10 16:15:54 +00:00
Kevin Fenzi
92549b5c05 Enter log01, bravest of the brave 2014-07-18 20:42:00 +00:00
Kevin Fenzi
e555b5d86e Make prod value have more memory 2014-06-10 19:01:12 +00:00
Kevin Fenzi
e2d50e402c Add port 5050 to be allowed for supybot notices. 2014-06-10 18:35:57 +00:00
Kevin Fenzi
89d8bfb644 Add value01 prod node 2014-06-09 21:58:12 +00:00