From 5ca2b2eb3654764a2cd366bed1ccc7bf434950ae Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Fri, 16 Dec 2022 10:15:27 -0800 Subject: [PATCH] os.fedoraproject.org / app.os.fedoraproject.org: remove more old openshift 3.11 cluster stuff It may be that having this on some of the proxies is causing problems because it's trying to ping the old openshift 3.11 cluster and filling up apache slots with it. We do not need this stuff anymore, so remove it. Signed-off-by: Kevin Fenzi --- inventory/group_vars/all | 5 --- inventory/group_vars/checkcompose_stg | 2 +- inventory/group_vars/os_control | 3 -- inventory/group_vars/os_control_stg | 3 -- inventory/group_vars/staging | 5 --- playbooks/check-for-updates.yml | 4 +- playbooks/include/proxies-certificates.yml | 13 ------- playbooks/include/proxies-websites.yml | 44 ---------------------- playbooks/openshift-apps/noggin-centos.yml | 1 - playbooks/openshift-apps/test-auth.yml | 2 +- 10 files changed, 4 insertions(+), 78 deletions(-) diff --git a/inventory/group_vars/all b/inventory/group_vars/all index c78e80ade7..f388c0de0d 100644 --- a/inventory/group_vars/all +++ b/inventory/group_vars/all @@ -204,11 +204,6 @@ ocp_wildcard_key_file: wildcard-2022.apps.ocp.fedoraproject.org.key # Path to the openshift-ansible checkout as external git repo brought into # Fedora Infra openshift_ansible: /srv/web/infra/openshift-ansible/ -# This is the openshift wildcard cert. Until it exists set it equal to wildcard -os_wildcard_cert_name: wildcard-2022.app.os.fedoraproject.org -os_wildcard_crt_file: wildcard-2022.app.os.fedoraproject.org.cert -os_wildcard_int_file: wildcard-2022.app.os.fedoraproject.org.intermediate.cert -os_wildcard_key_file: wildcard-2022.app.os.fedoraproject.org.key postfix_group: "none" # This is a list of services that need to wait for VPN to be up before getting started. postvpnservices: [] diff --git a/inventory/group_vars/checkcompose_stg b/inventory/group_vars/checkcompose_stg index d8bdc14f0c..514217fb71 100644 --- a/inventory/group_vars/checkcompose_stg +++ b/inventory/group_vars/checkcompose_stg @@ -1,5 +1,5 @@ checkcompose_env: staging checkcompose_env_suffix: .stg -checkcompose_greenwaveurl: https://greenwave-web-greenwave.app.os.stg.fedoraproject.org +checkcompose_greenwaveurl: https://greenwave-web-greenwave.apps.ocp.stg.fedoraproject.org checkcompose_prod: false checkcompose_url: "https://{{ external_hostname }}" diff --git a/inventory/group_vars/os_control b/inventory/group_vars/os_control index 6be6462a27..d577c4970a 100644 --- a/inventory/group_vars/os_control +++ b/inventory/group_vars/os_control @@ -1,7 +1,4 @@ --- -os_app_url: app.os.fedoraproject.org -os_url: os.fedoraproject.org - # Set the Bodhi variables bodhi_version: "6.0.1" bodhi_openshift_pods: 1 diff --git a/inventory/group_vars/os_control_stg b/inventory/group_vars/os_control_stg index 74e9970950..d577c4970a 100644 --- a/inventory/group_vars/os_control_stg +++ b/inventory/group_vars/os_control_stg @@ -1,7 +1,4 @@ --- -os_app_url: app.os.stg.fedoraproject.org -os_url: os.stg.fedoraproject.org - # Set the Bodhi variables bodhi_version: "6.0.1" bodhi_openshift_pods: 1 diff --git a/inventory/group_vars/staging b/inventory/group_vars/staging index c5cb6dace8..717d14326d 100644 --- a/inventory/group_vars/staging +++ b/inventory/group_vars/staging @@ -45,11 +45,6 @@ ocp_wildcard_cert_file: wildcard-2022.apps.ocp.stg.fedoraproject.org.cert ocp_wildcard_cert_name: wildcard-2022.apps.ocp.stg.fedoraproject.org ocp_wildcard_int_file: wildcard-2022.apps.ocp.stg.fedoraproject.org.intermediate.cert ocp_wildcard_key_file: wildcard-2022.apps.ocp.stg.fedoraproject.org.key -os_wildcard_cert_file: wildcard-2022.app.os.stg.fedoraproject.org.cert -# This is the openshift wildcard cert for stg -os_wildcard_cert_name: wildcard-2022.app.os.stg.fedoraproject.org -os_wildcard_int_file: wildcard-2022.app.os.stg.fedoraproject.org.intermediate.cert -os_wildcard_key_file: wildcard-2022.app.os.stg.fedoraproject.org.key # RIP, FAS primary_auth_source: ipa SSLCertificateChainFile: wildcard-2022.stg.fedoraproject.org.intermediate.cert diff --git a/playbooks/check-for-updates.yml b/playbooks/check-for-updates.yml index d362da9a54..ddb1850cdb 100644 --- a/playbooks/check-for-updates.yml +++ b/playbooks/check-for-updates.yml @@ -9,7 +9,7 @@ # - name: check for updates - hosts: distro_RedHat:distro_CentOS:!*.app.os.fedoraproject.org:!*.app.os.stg.fedoraproject.org + hosts: distro_RedHat:distro_CentOS:!ocp*:!worker* gather_facts: false tasks: @@ -22,7 +22,7 @@ when: yumoutput.results|length > 0 - name: check for updates - hosts: distro_Fedora:!*.app.os.fedoraproject.org:!*.app.os.stg.fedoraproject.org + hosts: distro_Fedora:!ocp*:!worker* gather_facts: false tasks: diff --git a/playbooks/include/proxies-certificates.yml b/playbooks/include/proxies-certificates.yml index 794bbd0b8c..029ce78190 100644 --- a/playbooks/include/proxies-certificates.yml +++ b/playbooks/include/proxies-certificates.yml @@ -37,13 +37,6 @@ SSLCertificateChainFile: wildcard-2022.stg.fedoraproject.org.intermediate.cert when: env == "staging" - - role: httpd/certificate - certname: wildcard-2022.app.os.stg.fedoraproject.org - SSLCertificateChainFile: wildcard-2022.app.os.stg.fedoraproject.org.intermediate.cert - when: env == "staging" - tags: - - app.os.stg.fedoraproject.org - - role: httpd/certificate certname: wildcard-2022.apps.ocp.stg.fedoraproject.org SSLCertificateChainFile: wildcard-2022.apps.ocp.stg.fedoraproject.org.intermediate.cert @@ -51,12 +44,6 @@ tags: - apps.ocp.stg.fedoraproject.org - - role: httpd/certificate - certname: wildcard-2022.app.os.fedoraproject.org - SSLCertificateChainFile: wildcard-2022.app.os.fedoraproject.org.intermediate.cert - tags: - - app.os.fedoraproject.org - - role: httpd/certificate certname: wildcard-2022.apps.ocp.fedoraproject.org SSLCertificateChainFile: wildcard-2022.apps.ocp.fedoraproject.org.intermediate.cert diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml index 65c7688064..25ab35ec8b 100644 --- a/playbooks/include/proxies-websites.yml +++ b/playbooks/include/proxies-websites.yml @@ -658,50 +658,6 @@ tags: - zezere - - role: httpd/website - site_name: os.fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - # The Connection and Upgrade headers don't work for h2 - # So non-h2 is needed to fix websockets. - use_h2: false - tags: - - os.fedoraproject.org - - - role: httpd/website - site_name: app.os.fedoraproject.org - server_aliases: ["*.app.os.fedoraproject.org"] - sslonly: true - cert_name: "{{os_wildcard_cert_name}}" - SSLCertificateChainFile: "{{os_wildcard_int_file}}" - # The Connection and Upgrade headers don't work for h2 - # So non-h2 is needed to fix websockets. - use_h2: false - tags: - - app.os.fedoraproject.org - - - role: httpd/website - site_name: os.stg.fedoraproject.org - sslonly: true - cert_name: "{{wildcard_cert_name}}" - # The Connection and Upgrade headers don't work for h2 - # So non-h2 is needed to fix websockets. - use_h2: false - tags: - - os.stg.fedoraproject.org - - - role: httpd/website - site_name: app.os.stg.fedoraproject.org - server_aliases: ["*.app.os.stg.fedoraproject.org"] - sslonly: true - cert_name: "{{os_wildcard_cert_name}}" - SSLCertificateChainFile: "{{os_wildcard_int_file}}" - # The Connection and Upgrade headers don't work for h2 - # So non-h2 is needed to fix websockets. - use_h2: false - tags: - - app.os.stg.fedoraproject.org - - role: httpd/website site_name: ocp.stg.fedoraproject.org sslonly: true diff --git a/playbooks/openshift-apps/noggin-centos.yml b/playbooks/openshift-apps/noggin-centos.yml index 618bf3b1de..92e66abb1b 100644 --- a/playbooks/openshift-apps/noggin-centos.yml +++ b/playbooks/openshift-apps/noggin-centos.yml @@ -86,7 +86,6 @@ app: noggin-centos routename: noggin host: "accounts{{ env_suffix }}.centos.org" - # host: "aco.app.os{{ env_suffix }}.fedoraproject.org" serviceport: web servicename: noggin-web annotations: diff --git a/playbooks/openshift-apps/test-auth.yml b/playbooks/openshift-apps/test-auth.yml index b58c0acb5a..2e19a70119 100644 --- a/playbooks/openshift-apps/test-auth.yml +++ b/playbooks/openshift-apps/test-auth.yml @@ -50,7 +50,7 @@ - role: openshift/route app: test-auth routename: test-auth - host: "test-auth.app.os{{ env_suffix }}.fedoraproject.org" + host: "test-auth.apps.ocp{{ env_suffix }}.fedoraproject.org" serviceport: web servicename: test-auth annotations: