The IPA machines are currently not reachable through VPN. This is
because they are missing firewall rules for VPN as they need to
have vpn variable set to include them.
This re-adds a iscsi_client role we had in iad2 back in in rdu3.
When then apply it to bvmhost-p10-01 to login and use a iscsi lun from
the rdu3 netapp. We then move the buildvm-ppc64le vm's to use this iscsi
volume instead of local storage.
As we reinstall those builders they will use the iscsi volume.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This server isn't working and we can't figure out why not. It's
a problem for openQA because we copy the host's DNS config into
'advanced networking' openQA guests, and then when we do a
FreeIPA deployment test, it picks up both DNS servers, tries to
confirm both work, and fails. So we need to take ns03 out until
it's fixed.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
We don't have ipv6 routing setup yet, but are scheduled to work on that
soon. To get ready for that, lets add ipv6 addresses to the (few)
machines that will actually need them.
We do not want to add ipv6 to all hosts. The vast majority of them never
need to talk to the outside world directly and shouldn't have a ipv6
address that can do this.
These few hosts are ones with external nat mappings where it is
desireable that they be able to handle ipv6 connections.
Note that we also do NOT want to add any of these to dns until
they are known working. We also will likely have to adjust nftables
to allow the services on ipv6 that we do on ipv4 (if they make sense).
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This is to disambiguate 'ns02'. Right now we have ns02.fedoraproject.org
and also ns02.rdu3.fedoraproject.org. After this we will just have a
ns02 and a ns03.rdu3 server.
This will also allow us to more easily change whois/glue records.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
These are various machines that are not yet deployed, or no longer exist
in rdu3 (though they did in iad2). This should clean up nagios
a fair bit and when/if we redeploy these we can add them back in.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
D'oh, now we need this group again, it needs to be a child of
openqa_tap_workers or the configs aren't done right...
Signed-off-by: Adam Williamson <awilliam@redhat.com>
This is the main system connection, a bridge over a pair of
bonded ethernet ports. We want to let the openQA openvswitch
bridge be br0 in case that makes it fricking work again, so this
needs to be called something else to allow that.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
This reverts commit 4dc01bc892 and
a follow-up commit. I'm having trouble getting things to work
and want to see if it works if we go back to having the openQA
bridge be br0, and rename the bridge used for the system's bonded
network connection to something else instead.
The pagure user needs to be uid 1000 because suexec won't let users with
uid under that suexec. ;(
Also, filter pagure user out in sssd so we get the local user.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
