start standing up openqa for iad2

inventory/group_vars/openqa_iad2

@@ -0,0 +1,30 @@
+# this is to enable nested virt, which we need for disk image creation
+virt_install_command: "{{ virt_install_command_one_nic }} --cpu=host-passthrough,+vmx"
+
+external_hostname: openqa.fedoraproject.org
+
+openqa_dbname: openqa
+openqa_dbhost: db-qa03.iad2.fedoraproject.org
+openqa_dbuser: openqa
+openqa_dbpassword: "{{ prod_openqa_dbpassword }}"
+openqa_assetsize: 500
+
+openqa_key: "{{ prod_openqa_apikey }}"
+openqa_secret: "{{ prod_openqa_apisecret }}"
+
+openqa_webapi_plugins: FedoraMessaging FedoraUpdateRestart
+
+# this is because openqa staging isn't really a staging host
+# we don't want to set env_suffix to stg on it because that may
+# break some other plays, but we do need the env suffix for the
+# fedora-messaging bits, so let's make our own
+openqa_env_suffix:
+openqa_env: production
+
+wikitcms_token: "{{ private }}/files/openidc/production/wikitcms.json"
+openqa_wikitcms_hostname: fedoraproject.org
+openqa_resultsdb_url: http://resultsdb01.iad2.fedoraproject.org/resultsdb_api/api/v2.0/
+openqa_update_arches: ['x86_64']
+
+deployment_type: prod
+freezes: false

inventory/group_vars/resultsdb_iad_prod

@@ -0,0 +1,82 @@
+---
+############################################################
+# general information
+############################################################
+deployment_type: prod
+external_hostname: taskotron.fedoraproject.org
+tcp_ports: [ 80, 443, "{{ resultsdb_db_port }}" ]
+
+# common items for the releng-* boxes
+lvm_size: 50000
+mem_size: 4096
+num_cpus: 4
+# for systems that do not match the above - specify the same parameter in
+# the host_vars/$hostname file
+
+fas_client_groups: sysadmin-qa
+nrpe_procs_warn: 250
+nrpe_procs_crit: 300
+
+
+
+
+
+############################################################
+# resultsdb details
+############################################################
+
+# the db_host_machine bits are so that delegation continues to work, even if
+# that db is localhost relative to resultsdb
+
+resultsdb_db_host_machine: db-qa02.iad2.fedoraproject.org
+resultsdb_db_host: "{{ resultsdb_db_host_machine }}"
+resultsdb_db_port: 5432
+resultsdb_endpoint: 'resultsdb_api'
+resultsdb_db_name: resultsdb
+resultsdb_db_user: "{{ prod_resultsdb_db_user }}"
+resultsdb_db_password: "{{ prod_resultsdb_db_password }}"
+resultsdb_secret_key: "{{ prod_resultsdb_secret_key }}"
+
+allowed_hosts:
+    - 10.5.124
+    - 10.5.131
+
+
+############################################################
+# resultsdb-frontend details
+############################################################
+resultsdb_fe_endpoint: "resultsdb"
+resultsdb_frontend_secret_key: "{{ prod_resultsdb_frontend_secret_key }}"
+
+
+############################################################
+# execdb details
+############################################################
+execdb_db_host_machine: db-qa01.iad2.fedoraproject.org
+execdb_db_host: "{{ execdb_db_host_machine }}"
+execdb_db_port: 5432
+execdb_endpoint: 'execdb'
+execdb_db_name: execdb
+execdb_db_user: "{{ prod_execdb_db_user }}"
+execdb_db_password: "{{ prod_execdb_db_password }}"
+execdb_secret_key: "{{ prod_execdb_secret_key }}"
+
+
+############################################################
+# fedmsg details
+############################################################
+fedmsg_active: True
+fedmsg_cert_prefix: resultsdb
+
+fedmsg_certs:
+- service: shell
+  owner: root
+  group: sysadmin
+  can_send:
+  - logger.log
+- service: resultsdb
+  owner: root
+  group: apache
+  can_send:
+  - taskotron.result.new
+  - resultsdb.result.new

inventory/inventory

@@ -235,6 +235,9 @@ db-koji02.phx2.fedoraproject.org
 db-qa01.qa.fedoraproject.org
 db-qa02.qa.fedoraproject.org
 db-qa03.qa.fedoraproject.org
+db-qa01.iad2.fedoraproject.org
+db-qa02.iad2.fedoraproject.org
+db-qa03.iad2.fedoraproject.org
 
 [dbserver_stg]
 db-fas01.stg.phx2.fedoraproject.org
@@ -523,6 +526,9 @@ openqa-stg01.qa.fedoraproject.org
 [openqa]
 openqa01.qa.fedoraproject.org
 
+[openqa_iad2]
+openqa01.iad2.fedoraproject.org
+
 [openqa_workers]
 qa02.qa.fedoraproject.org
 qa05.qa.fedoraproject.org
@@ -619,11 +625,13 @@ proxy01.stg.phx2.fedoraproject.org
 
 [relvalconsumer_common]
 openqa01.qa.fedoraproject.org
+openqa01.iad2.fedoraproject.org
 openqa-stg01.qa.fedoraproject.org
 
 # This group should only ever contain *ONE* system
 [relvalconsumer]
 openqa01.qa.fedoraproject.org
+#openqa01.iad2.fedoraproject.org
 
 [relvalconsumer_test]
 openqa-stg01.qa.fedoraproject.org
@@ -631,10 +639,12 @@ openqa-stg01.qa.fedoraproject.org
 [checkcompose_common]
 openqa01.qa.fedoraproject.org
 openqa-stg01.qa.fedoraproject.org
+openqa01.iad2.fedoraproject.org
 
 # This group should only ever contain *ONE* system
 [checkcompose]
 openqa01.qa.fedoraproject.org
+#openqa01.iad2.fedoraproject.org
 
 [checkcompose_stg]
 openqa-stg01.qa.fedoraproject.org
@@ -642,13 +652,15 @@ openqa-stg01.qa.fedoraproject.org
 [resultsdb:children]
 resultsdb_stg
 resultsdb_prod
+resultsdb_iad_prod
 
 [resultsdb_stg]
 resultsdb-stg01.qa.fedoraproject.org
 
-
 [resultsdb_prod]
 resultsdb01.qa.fedoraproject.org
+
+[resultsdb_iad_prod]
 resultsdb01.iad2.fedoraproject.org
 
 [smtp_mm]
@@ -869,6 +881,7 @@ zanata2fedmsg01.phx2.fedoraproject.org
 retrace01.qa.fedoraproject.org
 resultsdb01.qa.fedoraproject.org
 openqa01.qa.fedoraproject.org
+openqa01.iad2.fedoraproject.org
 openqa-ppc64le-01.qa.fedoraproject.org
 
 [fedmsg_qa_network_stg]
@@ -1086,6 +1099,7 @@ gnome-backups01.phx2.fedoraproject.org
 # openQA boxes start - note old openQA aarch64 workers intentionally
 # not here as they are not in QA network at all
 openqa01.qa.fedoraproject.org
+openqa01.iad2.fedoraproject.org
 openqa-stg01.qa.fedoraproject.org
 openqa-aarch64-01.qa.fedoraproject.org
 openqa-aarch64-03.qa.fedoraproject.org
@@ -1102,6 +1116,9 @@ qa14.qa.fedoraproject.org
 db-qa01.qa.fedoraproject.org
 db-qa02.qa.fedoraproject.org
 db-qa03.qa.fedoraproject.org
+db-qa01.iad2.fedoraproject.org
+db-qa02.iad2.fedoraproject.org
+db-qa03.iad2.fedoraproject.org
 resultsdb01.qa.fedoraproject.org
 resultsdb-stg01.qa.fedoraproject.org
 taskotron-dev01.qa.fedoraproject.org
@@ -1385,6 +1402,10 @@ vmhost-x86-05.iad2.fedoraproject.org
 vmhost-x86-06.iad2.fedoraproject.org
 vmhost-x86-07.iad2.fedoraproject.org
 wiki01.iad2.fedoraproject.org
+openqa01.iad2.fedoraproject.org
+db-qa01.iad2.fedoraproject.org
+db-qa02.iad2.fedoraproject.org
+db-qa03.iad2.fedoraproject.org
 
 [iad2:vars]
 ansible_group_priority=10

playbooks/groups/openqa.yml

@@ -1,7 +1,7 @@
-- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=openqa:openqa_stg"
+- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=openqa:openqa_stg:openqa_iad2"
 
 - name: setup base openQA host
-  hosts: openqa:openqa_stg
+  hosts: openqa:openqa_stg:openqa_iad2
   user: root
   gather_facts: True
 
@@ -33,7 +33,7 @@
    - import_tasks: "{{ handlers_path }}/restart_services.yml"
 
 - name: configure fedora-messaging queues on openQA servers
-  hosts: openqa:openqa_stg
+  hosts: openqa:openqa_stg:openqa_iad2
   user: root
   gather_facts: True
 

playbooks/groups/postgresql-server.yml

@@ -2,12 +2,12 @@
 # NOTE: should be used with --limit most of the time
 # NOTE: most of these vars_path come from group_vars/backup_server or from hostvars
 
-- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=db-datanommer02.phx2.fedoraproject.org:db-qa01.qa.fedoraproject.org:db-koji01.phx2.fedoraproject.org:db-fas01.stg.phx2.fedoraproject.org:db-fas01.phx2.fedoraproject.org:db01.phx2.fedoraproject.org:db01.stg.phx2.fedoraproject.org:db-qa02.qa.fedoraproject.org:db-koji01.stg.phx2.fedoraproject.org:db_qa03.qa.fedoraproject.org:db-koji02.phx2.fedoraproject.org:db-fas01.iad2.fedoraproject.org:db01.iad2.fedoraproject.org:db-datanommer01.iad2.fedoraproject.org:db-koji01.iad2.fedoraproject.org"
+- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=db-datanommer02.phx2.fedoraproject.org:db-qa01.qa.fedoraproject.org:db-koji01.phx2.fedoraproject.org:db-fas01.stg.phx2.fedoraproject.org:db-fas01.phx2.fedoraproject.org:db01.phx2.fedoraproject.org:db01.stg.phx2.fedoraproject.org:db-qa02.qa.fedoraproject.org:db-koji01.stg.phx2.fedoraproject.org:db-qa03.qa.fedoraproject.org:db-koji02.phx2.fedoraproject.org:db-fas01.iad2.fedoraproject.org:db01.iad2.fedoraproject.org:db-datanommer01.iad2.fedoraproject.org:db-koji01.iad2.fedoraproject.org:db-qa01.iad2.fedoraproject.org:db-qa02.iad2.fedoraproject.org:db-qa03.iad2.fedoraproject.org"
 
 # Once the instance exists, configure it.
 
 - name: configure postgresql server system
-  hosts: db-datanommer02.phx2.fedoraproject.org:db-qa01.qa.fedoraproject.org:db-koji01.phx2.fedoraproject.org:db-fas01.stg.phx2.fedoraproject.org:db-fas01.phx2.fedoraproject.org:db01.phx2.fedoraproject.org:db01.stg.phx2.fedoraproject.org:db-qa02.qa.fedoraproject.org:db-koji01.stg.phx2.fedoraproject.org:db-qa03.qa.fedoraproject.org:db-koji02.phx2.fedoraproject.org:db-fas01.iad2.fedoraproject.org:db01.iad2.fedoraproject.org:db-datanommer01.iad2.fedoraproject.org:db-koji01.iad2.fedoraproject.org
+  hosts: db-datanommer02.phx2.fedoraproject.org:db-qa01.qa.fedoraproject.org:db-koji01.phx2.fedoraproject.org:db-fas01.stg.phx2.fedoraproject.org:db-fas01.phx2.fedoraproject.org:db01.phx2.fedoraproject.org:db01.stg.phx2.fedoraproject.org:db-qa02.qa.fedoraproject.org:db-koji01.stg.phx2.fedoraproject.org:db-qa03.qa.fedoraproject.org:db-koji02.phx2.fedoraproject.org:db-fas01.iad2.fedoraproject.org:db01.iad2.fedoraproject.org:db-datanommer01.iad2.fedoraproject.org:db-koji01.iad2.fedoraproject.org:db-qa01.iad2.fedoraproject.org:db-qa02.iad2.fedoraproject.org:db-qa03.iad2.fedoraproject.org
   user: root
   gather_facts: True
 

playbooks/groups/resultsdb.yml

@@ -3,10 +3,10 @@
 # NOTE: make sure there is room/space for this server on the vmhost
 # NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars
 
-- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=resultsdb_dev:resultsdb_stg:resultsdb_prod"
+- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=resultsdb_dev:resultsdb_stg:resultsdb_prod:resultsdb_iad2_prod"
 
 - name: make the box be real
-  hosts: resultsdb_dev:resultsdb_stg:resultsdb_prod
+  hosts: resultsdb_dev:resultsdb_stg:resultsdb_prod:resultsdb_iad2_prod
   user: root
   gather_facts: True
 
@@ -78,7 +78,7 @@
    - import_tasks: "{{ handlers_path }}/restart_services.yml"
 
 - name: configure resultsdb production
-  hosts: resultsdb_dev:resultsdb_stg:resultsdb_prod
+  hosts: resultsdb_dev:resultsdb_stg:resultsdb_prod:resultsdb_iad2_prod
   user: root
   gather_facts: True
 
@@ -96,7 +96,7 @@
    - import_tasks: "{{ handlers_path }}/restart_services.yml"
 
 - name: Install ci-resultsdb-listener
-  hosts: resultsdb_stg:resultsdb_prod
+  hosts: resultsdb_stg:resultsdb_prod:resultsdb_iad2_prod
   user: root
   gather_facts: True
 

roles/rkhunter/templates/rkhunter.conf.j2

@@ -408,7 +408,7 @@ ALLOWDEVFILE=/dev/shm/sem.slapd*.stats
 {% if inventory_hostname in groups['proxies'] or inventory_hostname in groups['proxies_stg'] %}
 ALLOWDEVFILE=/dev/shm/libpod_rootless_lock_441
 {% endif %}
-{% if inventory_hostname in groups['pgbdr'] or inventory_hostname in groups['pgbdr_stg'] or inventory_hostname == 'hubs01.stg.phx2.fedoraproject.org' or inventory_hostname == 'db-koji01.stg.phx2.fedoraproject.org' or inventory_hostname == 'db-qa03.qa.fedoraproject.org' or inventory_hostname == 'pagure-stg01.fedoraproject.org' %}
+{% if inventory_hostname in groups['pgbdr'] or inventory_hostname in groups['pgbdr_stg'] or inventory_hostname == 'hubs01.stg.phx2.fedoraproject.org' or inventory_hostname == 'db-koji01.stg.phx2.fedoraproject.org' or inventory_hostname == 'db-qa03.qa.fedoraproject.org' or inventory_hostname == 'db-qa03.iad2.fedoraproject.org' or inventory_hostname == 'pagure-stg01.fedoraproject.org' %}
 ALLOWDEVFILE=/dev/shm/PostgreSQL*
 {% endif %}