WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-29 21:10:20 +08:00
Code Issues Packages Projects Releases Wiki Activity
27,500 Commits 9 Branches 0 Tags
012447730e5696794deac2deb741bab16d2f28b2
Commit Graph

186 Commits

Author SHA1 Message Date
Stephen Smoogen
4020cec510 [storinator] make changes so that storinator can work in cloud 2019-05-29 22:55:28 +00:00
Patrick Uiterwijk
efabd7f30f Fix this defaulting to a /8 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-24 20:54:14 +02:00
Kevin Fenzi
4b31ac5152 ansible: Change all our group names from foo-bar to foo_bar or foo-bar-baz to foo_bar_baz 
In ansible 2.8 the - character isn't supposed to be valid in group names.
While we could override this, might has well just bite the bullet and change it.
So, just switch all group names to use _ instead of -

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-05-20 17:38:09 +00:00
Kevin Fenzi
7e18ec152d mm-frontend-checkin01: add totpci to iptables so sudo will work. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-05-09 16:48:11 +00:00
Kevin Fenzi
b86e4987b8 compose-x86_64-02: Drop compose-x86-02, it's not used for anything anymore. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-12 22:14:58 +00:00
Patrick Uiterwijk
d7fa58f05c Allow nagios to proxy-only ports as well 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-03-29 00:59:47 +01:00
Patrick Uiterwijk
418c704a49 iptables: Use correct interface for correct side 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-03-29 00:32:15 +01:00
Patrick Uiterwijk
03f9a74f8d iptables: use datacenter==phx2 for vpn-detection 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-03-29 00:31:26 +01:00
Patrick Uiterwijk
a8ab545e11 iptables: also remove ansible_facts in prod iptables template 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-03-29 00:25:04 +01:00
Patrick Uiterwijk
63489a3ccb iptables: Try without ansible_facts 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-03-29 00:24:16 +01:00
Patrick Uiterwijk
661e5866c6 Proxy group in staging is named differently 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-03-29 00:19:16 +01:00
Patrick Uiterwijk
2a932db784 Add proxy-only ports to staging iptables 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-03-29 00:18:04 +01:00
Patrick Uiterwijk
030ea6df33 Allow adding proxy-only TCP ports to groups 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-03-29 00:15:05 +01:00
Patrick Uiterwijk
99eee653cc Capture internal proxies in synced HTTP logs 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-03-28 23:52:58 +01:00
Kevin Fenzi
c3dc33cacc koji builders: we also want to allow port 80 connections to kojipkgs02. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-02-15 20:47:45 +00:00
Mikolaj Izdebski
feeabd07b4 Add parentheses to workaround unexpected jinja2 operator precedence 2019-02-06 09:48:04 +01:00
Mikolaj Izdebski
16b878b802 Make base krb5.conf work with ansible_hostname unset 2019-02-06 09:46:34 +01:00
Mikolaj Izdebski
55bcab7042 Don't require facts gathered for installing base krb5.conf 2019-02-06 09:43:00 +01:00
Adam Williamson
d9db9714d8 Handle systems where the main if is not eth0 a bit better 
ifcfg.j2 has a pretty awkward assumption that the interface
connected to the infra network will be eth0 (or enc900) - it
only includes the GATEWAY, DOMAIN and DNS1/DNS2 lines if the
interface is one of those two. It seems we were trying quite
hard to make eth0 always be "the interface", but now that's
been broken in a few systems. enc900 was added as apparently
that's what the main interface is called on some s390 boxes;
on openqa-ppc64le-01 the if that's connected is eth2 (eth0 is
present, but not connected), and on the new qa01 and qa02, it's
em3 (according to smooge, we have to use 'predictable' interface
names on those boxes as the old names really *do* get assigned
to different interfaces on each boot).

So since we now have several different cases where the 'eth0'
assumption doesn't hold, let's build a slightly better system
for handling it. This replaces ifcfg.j2's hard-coded list with
a variable, and sets the default value of the variable to the
two names ifcfg.j2 handled before: [ 'eth0', 'enc900' ]. This
allows the systems where the main interface is *not* one of
these to set the variable accordingly, and hopefully that'll
give them correct ifcfg files.

This *should* solve the problem of openqa-ppc64le-01.qa and qa01
and qa02 constantly dropping out of network connectivity any
time they got rebooted or the network plays got run.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2018-12-15 11:09:49 -08:00
Stephen Smoogen
cc16f56e4f maybe this will make qa02 easier? 2018-12-15 01:14:59 +00:00
Mikolaj Izdebski
8da7c1ce6f iptables.kojibuilder is not used in staging 2018-11-30 07:23:12 +00:00
Mikolaj Izdebski
214f94d000 Configure varnish cache on buildvm-s390x-01.stg 2018-11-30 07:02:56 +00:00
David Shier
c0f45892ff Removed all traces i could fild of the tagger and statscache (and stats_cache for databases) in ansible, proxy configs, and the nagios config. Pursuant to request in pagzre issue https://pagure.io/fedora-infrastructure/issue/7267 . - Odin2016 2018-10-03 17:50:38 +00:00
Mikolaj Izdebski
259ac6a466 Cleanup some Jenkins leftovers 2018-08-06 19:02:47 +00:00
Patrick Uiterwijk
d56a613b5d Remove stray characters 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-02-12 15:26:13 +01:00
Patrick Uiterwijk
f73b9f8934 Open firewall port to pagure proxy 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-02-12 15:21:34 +01:00
Patrick Uiterwijk
18f1320eb3 Support secondary IP 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-02-10 21:12:27 +00:00
Patrick Uiterwijk
da7f7f89eb Commit to our changes 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-02-08 15:39:49 +00:00
Patrick Uiterwijk
ce78bf8497 Nat table has different entries 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-02-08 15:38:58 +00:00
Patrick Uiterwijk
0bfb2a2d1f nat_rules go into the nat table 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-02-08 15:37:20 +00:00
Patrick Uiterwijk
40fbf2d575 Do not remove all whitespace 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-02-08 15:31:24 +00:00
Patrick Uiterwijk
d5ce7a014e Add nat-rules 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-02-08 15:30:13 +00:00
Patrick Uiterwijk
c18ea6b658 Allow mmfrontend-checkin to connect to VPN 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-01-13 13:59:53 +00:00
Patrick Uiterwijk
c2493bc677 Allow access to repos 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-01-11 23:05:01 +00:00
Patrick Uiterwijk
f94a5f94cd Also allow dns out 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-01-11 23:02:44 +00:00
Patrick Uiterwijk
eb2fab3c6a Add iptables for mm-frontend-checkin01 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-01-11 22:36:11 +00:00
Patrick Uiterwijk
54399eb157 If I say disabled, do not enable 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-12-22 02:19:30 +01:00
Patrick Uiterwijk
4d7f15164c Allow interfaces to be marked as explicitly disabled 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-12-22 02:15:04 +01:00
Stephen Smoogen
02938f63ad we need to update this in 2 places and run it on logs and people 2017-12-20 21:37:46 +00:00
Patrick Uiterwijk
42da45351c Fix koji service accounts with gssapi 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-12-04 14:41:01 +00:00
Patrick Uiterwijk
9527cce666 Allow builders to proxy101 and proxy110 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-12-02 10:51:53 +00:00
Patrick Uiterwijk
894a0cc805 FedoraHosted is not anymore 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-12-01 12:54:34 +00:00
Kevin Fenzi
21c5d61f43 Revert "look, some whitespace changes" 
This reverts commit b1201baec0.
 2017-10-12 21:58:16 +00:00
Kevin Fenzi
b1201baec0 look, some whitespace changes 2017-10-12 21:54:21 +00:00
Kevin Fenzi
9108a0d6fe now that we have staging moved to its own subnet, we can just block that entire thing in prod iptables and no longer need to change everytime a stg machine appears or disappears. 2017-10-04 16:40:55 +00:00
Stephen Smoogen
e3c0199dad make another set of stg ip changes 2017-09-29 15:24:58 +00:00
Patrick Uiterwijk
08ab5dd6f0 Add missing .stg.phx2.fp.o to krb5.conf. If env will be removed after freeze 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-09-15 20:27:02 +00:00
Adam Williamson
cac1fb41ab openqa tap workers: allow masquerade on eth2 also, for ppc64 
Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2017-09-09 11:14:55 -07:00
Patrick Uiterwijk
dae3290dd7 Add dns1 and dns2 for nm-controlled resolv.conf 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-08-21 21:01:08 +00:00
Patrick Uiterwijk
d12cedc5d3 Allow NM-controlled DNS if intended 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-08-21 20:58:55 +00:00