linux system roles does a fine job configuring networking on our
systems, but without this it just configures it but doesn't bring things
'live' until a 'nmcli c up eth0'. Just set this so it should allow it to
restart things and reflect the network as we want it right after the
playbook runs on it.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
It may be that having this on some of the proxies is causing problems
because it's trying to ping the old openshift 3.11 cluster and filling
up apache slots with it. We do not need this stuff anymore, so remove
it.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
In the past we only enabled sftp on servers where we needed it.
(ones using sshfs, ones that users might need to sftp to, etc).
However, now days the openssh scp client uses sftp, so we might as well
just enable it globally so people don't need to use 'scp -O' (which
has it use the old scp protocol, which will be removed someday).
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
I think I handled all the special cases here already.
We want to switch non iad2 proxies to reach the oco4 cluster over it's
vpn now that it has one. This should allow us to still keep ipv6
available for applications and not have to change dns for moving from
ocp3 cluster anymore. Will roll this out slowly to one proxy then
another, then the rest if it all looks ok.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
The linux-system-roles.nbde_client does the right things and so one less
thing for us to maintain. It also avoids the problem we have on some
machines now where network interface names are not as the old clevis
role expected, so unlocking didn't work on boot. Hopefully this fixes
all those issues.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This reverts commit 4430178b29.
It's time to put this back before the cert expires and before we go into
Beta freeze. Hopefully the odd issue with armv7 qemu guests having a
time behind real time is not still happening.
This reverts commit 57f0d4fdb6.
For an anoying reason, armv7 image builds come up with the time as 10
days ago, which makes this cert invalid. So, move back to the old cert
for a week or so and then switch to the new one again. ;(
Everything should now be using linux-system-roles/network, so we drop
our hacky nmcli calls and everything that referred to them, including
exclude variables. Also, lets just let NM handle resolv.conf so it's not
wrong all the time on reboots.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This was done using yq (
https://mikefarah.gitbook.io/yq/operators/sort-keys )
Doing things this way makes it much easier to see if a variable is set
in a file or if two hosts differ in what variables they set. Hopefully
we can keep things sorted moving forward.
Basically this means just sort a-z anything you add to any host or group
vaiable and it will be in the right place.
Additionally, this enforces 'normal' intent rules for all the variable
files which we should also try and obey. 2 spaces for first level, 3 for
next, etc. When in doubt you can run yq on it.
This should cause NO actual vairable changes, it's all just readability
fixing for humans, ansible parses it exactly the same.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
metrics: Added hostvars for ocp4 control plane
metrics: Added playbook to copy files to ocp control host
Signed-off-by: David Kirwan <dkirwan@redhat.com>
