This isn't really a 'buildhw', but it's pretty close.
It's an lpar on a power10 box.
I'm making it a hw builder in staging because if we tried to make
it a bvmhost and put vm's on it, we would need to setup macvtap, which
would be fine, but extra complication where we don't really need it in
staging currently.
01 will be created once we reconfigure the one thats currently serving
as bvmhost-p10-01. Which will happen after we move 1/2 the builders
off to a new bvmhost-p10-02 lpar on this same second power10.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This avoids the tcp timeout problem totally from what I can tell.
Just switch it for now as we continue to work on the underlying problem.
This does mean that we don't use varnish, but apache is able to
keep up ok so far.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
openqa uses apache load balancer now, and doesn't use haproxy at all.
Clean up some things that current haproxy warns about on start.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
I don't think we actually using any of these scripts -
the cronjob is state:absent. I'm removing this from main.yml
but leaving the tools.yml file in to test if anything breaks.
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
After some troubleshooting I was finally able to fix the OpenID
authentication on staging. These are the changes I ended up deploying to fix
the remaining issues.
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
Includes an SELinux module, and an attempt at alering via
anomaly detection rather than hard thresholds.
Uses the newly-created SELinux compile tasks to deploy the
new module too.
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
THis moves the SELinux "handler" in roles/base to a global
task file, which allows it to be reused by other roles.
Eventually this should probably be a native Ansible type,
but this is still an improvment.
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
We had this set before the dc move in iad2, but we didn't ever setup the
config to enable it in rdu3.
This should do that.
Note that I have already manually enabled it, and this should just
ensure that it's enabled if we reinstall or move to the next datacenter.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
