WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-20 12:07:34 +08:00
Code Issues Packages Projects Releases Wiki Activity
45,285 Commits 9 Branches 0 Tags
29a00a8986fb771cef40aed18eabc7737688ddec
Commit Graph

51 Commits

Author SHA1 Message Date
Greg Sutcliffe
0a4a78bf9a Zabbix: Add HAProxy monitoring template 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-11-03 15:54:57 +00:00
Greg Sutcliffe
69645f5da5 HAProxy/Rsyslog: fix logging to the rsyslog UDP port that haproxy expects 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-10-07 21:21:02 +00:00
Adam Williamson
9da2cfb6f2 haproxy: IPA certs don't depend on data center 
The IPA cert doesn't change when we move datacenters, because we
just replicate across. So it shouldn't have the datacenter in the
name. This should fix haproxy deployment (it was broken because
we didn't have an 'rdu3' file).

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2025-07-03 11:55:59 -07:00
Nils Philippsen
6c85fda0c9 Mass remove/replace iad2 -> rdu3, 10.3. -> 10.16. 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2025-07-03 20:05:02 +02:00
Francois Andrieu
80f922c6ff replace iad2 ocp-stg certificate with rdu3 2025-06-27 16:49:04 +00:00
Kevin Fenzi
6120b860a6 haproxy: also install ocp ca cert in rdu3 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-06-14 13:53:40 -07:00
Michal Konecny
2ec055db6f Use first uppercase letter for all handlers 
This will unify all the handlers to use first uppercase letter for
ansible-lint to stop complaining.

I went through all `notify:` occurrences and fixed them by running
```
set TEXT "text_to_replace"; set REPLACEMENT "replacement_text"; git grep
-rlz "$TEXT" . | xargs -0 sed -i "s/$TEXT/$REPLACEMENT/g"
```

Then I went through all the changes and removed the ones that wasn't
expected to be changed.

Fixes https://pagure.io/fedora-infrastructure/issue/12391

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2025-02-10 20:31:49 +00:00
Ryan Lerch
47c68f478d ansiblelint fixes - fqcn[action-core] - template to ansible.builtin.template 
Replaces references to template: with ansible.builtin.template

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-15 11:30:29 +10:00
Ryan Lerch
3c41882bb0 ansiblelint fixes - fqcn[action-core] - shell to ansible.builtin.shell 
Replaces references to shell: with ansible.builtin.shell

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-15 11:29:10 +10:00
Ryan Lerch
25391e95b7 ansiblelint fixes - fqcn[action-core] - package to ansible.builtin.package 
Replaces many references to  package: with ansible.builtin.package

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-15 11:28:00 +10:00
Ryan Lerch
462176464b ansiblelint fixes-- fqcn[action-core] - command to ansible.builtin.command 
Replaces many references to  command: with ansible.builtin.command

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-15 11:26:47 +10:00
Ryan Lerch
6a3816dfdc ansiblelint fixes-- fqcn[action-core] - copy to ansible.builtin.copy 
Replaces many references to 'copy' with ansible.builtin.copy

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-15 10:43:31 +10:00
Ryan Lerch
62952df107 ansiblelint fixes-- fqcn[action-core] - file to ansible.builtin.file 
Replaces many references to  file: with ansible.builtin.file

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-15 10:41:52 +10:00
Ryan Lerch
691adee6ee Fix name[casing] ansible-lint issues 
fix 1900 failures of the following case issue:

`name[casing]: All names should start with an uppercase letter.`

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-14 20:20:07 +10:00
Ryan Lerch
89f6f1fc32 Fix majority of remaining yamllint warnings and errors 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2024-11-28 17:31:45 +10:00
Kevin Fenzi
b1b0923af0 openshift 3.11: raise a glass! 
Our openshift 3.11 cluster(s) served us long and well.

Now we have everything finally moved to the openshift 4 clusters (fas2
was the last holdout). We can finally retire this. :)

🎉🥂

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-11-28 13:08:01 -08:00
Kevin Fenzi
99eab71b2e haproxy: install socat for dynamic stats/control of haproxy 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-06-06 12:22:35 -07:00
Mark O Brien
dab8886bb7 remove unnecessary task 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2021-11-04 15:51:05 +00:00
David Kirwan
4e8fa0e687 metrics-for-apps: add ocp4 prod CA cert to haproxy 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-09-08 12:32:42 +09:00
Kevin Fenzi
5e6ab492a5 haproxy: tweak filename for ocp certs 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-08-19 16:13:33 -07:00
Kevin Fenzi
ffe6484549 haproxy: use env_short here 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-08-13 16:39:02 -07:00
Kevin Fenzi
73bb20bb13 Revert "haproxy: adjust names on files to use .stg" 
This reverts commit 8b1f44206d.
 2021-08-13 16:37:13 -07:00
Kevin Fenzi
8b1f44206d haproxy: adjust names on files to use .stg 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-08-13 13:25:25 -07:00
David Kirwan
55185861c8 metrics-for-apps: 
- Updating apache proxy config to handle ocp4 CA cert
- place ocp4 CA cert on proxies
- add ocp4 stg ca cert to haproxy/files

Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-08-13 20:02:38 +00:00
Kevin Fenzi
ecbda7c851 haproxy: add staging ocp cert for api-int 
haproxy needs to terminate ssl for the api part of the ocp cluster.
We can't do this in apache without listening for non standard ports and
that could be a mess, so terminate ssl here and talk into the cluster

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-08-09 10:51:13 -07:00
Kevin Fenzi
c7a0d2f3c4 also fix the ipa file 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-06-08 15:20:15 -07:00
Kevin Fenzi
162bb8bf5e iad2-move: there is only one active openshift, and it is the iad2 one, use its ssl cert 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-06-08 15:17:15 -07:00
Kevin Fenzi
83d76a8614 iad2: haproxy: fix up openshift certs so iad2 and phx2 are correct and both install. Just copy the phx2 ipa pem for now 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-28 10:46:48 -07:00
Rick Elrod
6208045041 fix tags 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2020-04-24 21:34:18 +02:00
Rick Elrod
0dded6b55c install libsemanage a few more times because twice is not enough 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2020-04-24 21:34:18 +02:00
Kevin Fenzi
a8714caab3 first cut at changing all the old |changed to is changed per ansible deprecations 2018-05-07 23:51:48 +00:00
Patrick Uiterwijk
936e8b261a yum accepted pkg=, package calls it name= 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2017-10-09 00:38:26 +02:00
Patrick Uiterwijk
039b08354a Yum allowed state=installed. Lets use state=present consistently 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-08 22:31:03 +00:00
Patrick Uiterwijk
adcbf72f03 Packageize this, packageize that, packageize the world 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-08 22:25:52 +00:00
Ricky Elrod
bbe6c25b6f try os-master proxy setup 
Signed-off-by: Ricky Elrod <codeblock@fedoraproject.org>
 2017-05-11 19:49:31 +00:00
Kevin Fenzi
b1a2d105c9 In ansible 2.2 always_run is depreciated. Switch to check_mode. 2016-11-01 16:29:49 +00:00
Patrick Uiterwijk
39c59360d8 We now also have certificates for production IPA 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-10-13 13:59:19 +00:00
Patrick Uiterwijk
ffd0a12fa4 Fix stg 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-08-04 21:25:11 +00:00
Patrick Uiterwijk
28ebec92ee Proxy IPA through haproxy 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-08-04 21:23:07 +00:00
Patrick Uiterwijk
8b7fd1a7d8 Finish merge by removing the prod in task name 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-04-05 16:55:04 +00:00
Patrick Uiterwijk
7c611964d6 Merge stg and prod haproxy config 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-04-05 16:45:38 +00:00
Patrick Uiterwijk
3d0b3ba02e Only check haproxy configs and start after everything is in place 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2015-08-19 01:18:43 +00:00
Kevin Fenzi
6a6d3ab34e Lets try and add a check here for haproxy. It won't catch non resolving names, but it will other errors. 2015-06-24 19:59:42 +00:00
Kevin Fenzi
05c7d0c851 Lets try and add a check here for haproxy. It won't catch non resolving names, but it will other errors. 2015-06-24 18:04:34 +00:00
Kevin Fenzi
553da4b213 Switch haproxy to prefer a local mirrorlist server if available. 
Allow port 443 connections from those proxies on mirrorlists.
Add hosts entries for proxy10 and proxy01 that should allow ssl to work right.
Will test this on one proxy/mirrorlist and move on to the others.
 2015-05-31 17:17:41 +00:00
Ralph Bean
0a457060a9 A custom selinux module for our haproxy setup. 2015-01-06 19:53:19 +00:00
Ralph Bean
29a347fbb4 Selinux boolean for haproxy. 2015-01-06 19:45:58 +00:00
Ralph Bean
59b0fd4bfa Gotta actually start the thing. 2015-01-06 19:40:05 +00:00
Ralph Bean
0b41c10d1e haproxy typofix. 2015-01-06 19:38:18 +00:00
Ralph Bean
0c2493c248 Tag up the base haproxy role. 2015-01-06 19:35:41 +00:00