bastion01.rdu3: A wild bastion01.rdu3 appears, lets try and configure it.

This should setup a already installed bastion01.rdu3 vm so we can use it to get to other rdu3 machines. Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2026-04-26 11:36:10 +08:00 · 2025-05-21 12:35:49 -07:00
parent 26ab61697b
commit f8eacdb62b
5 changed files with 20 additions and 3 deletions
--- a/inventory/host_vars/bastion01.rdu3.fedoraproject.org
+++ b/inventory/host_vars/bastion01.rdu3.fedoraproject.org
@@ -0,0 +1,14 @@
+---
+datacenter: rdu3
+dns1: 10.16.163.33
+dns2: 10.16.163.34
+eth0_ipv4_gw: 10.16.163.254
+eth0_ipv4_ip: 10.16.163.31
+ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/
+ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel
+ssh_hostnames:
+  - bastion.fedoraproject.org
+  - bastion01.fedoraproject.org
+vmhost: vmhost-x86-01.rdu3.fedoraproject.org
+volgroup: /dev/vg_guests
+vpn: false
--- a/inventory/host_vars/db01.iad2.fedoraproject.org
+++ b/inventory/host_vars/db01.iad2.fedoraproject.org
@@ -70,7 +70,7 @@ nrpe_procs_crit: 900
 # db01 handles lots of apps, could have many procs if they are busy.
 #
 nrpe_procs_warn: 800
-num_cpus: 32
+num_cpus: 48
 # Should be 0.25 of memory
 shared_buffers: "24GB"
 vmhost: vmhost-x86-08.iad2.fedoraproject.org
--- a/inventory/inventory
+++ b/inventory/inventory
@@ -576,6 +576,7 @@ zabbix01.stg.iad2.fedoraproject.org
 [staging_friendly]
 noc01.iad2.fedoraproject.org
 bastion01.iad2.fedoraproject.org
+bastion01.rdu3.fedoraproject.org
 bastion02.iad2.fedoraproject.org
 batcave01.iad2.fedoraproject.org
 certgetter01.iad2.fedoraproject.org
--- a/playbooks/groups/bastion.yml
+++ b/playbooks/groups/bastion.yml
@@ -16,8 +16,7 @@
  roles:
  - base
  - rkhunter
-  - { role: openvpn/client, when: inventory_hostname == 'bastion13.fedoraproject.org' }
-  - openvpn/server
+  - { role: openvpn/server, when: datacenter == 'iad2' }
  - ipa/client
  - nagios_client
  - hosts
--- a/roles/chrony/templates/chrony.conf.j2
+++ b/roles/chrony/templates/chrony.conf.j2
@@ -4,6 +4,9 @@ server bastion01.iad2.fedoraproject.org iburst
 server bastion02.iad2.fedoraproject.org iburst
 {% elif datacenter == 'cloud'  and not ansible_hostname.startswith('cloud-noc') %}
 server cloud-noc01.fedorainfracloud.org port 124
+{% elif datacenter == 'rdu3'  and ot ansible_hostname.startswith('bastion') %}
+server bastion01.rdu3.fedoraproject.org iburst
+server bastion02.rdu3.fedoraproject.org iburst
 {% elif datacenter == 'cloud'  and ansible_hostname.startswith('cloud-noc') %}
 server 0.rhel.pool.ntp.org iburst
 server 1.rhel.pool.ntp.org iburst