WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-01 05:51:56 +08:00
Code Issues Packages Projects Releases Wiki Activity
43,401 Commits 9 Branches 0 Tags
7aa7553b84af5dc8efa78e9d8a4e50dde369052d
Commit Graph

165 Commits

Author SHA1 Message Date
Kevin Fenzi
bb34f3506a nagios-rdu3: add website, proxy, vpn endpoint 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-06-20 20:48:07 -07:00
Kevin Fenzi
df708c6e37 Add certgetter01.rdu3 and vpn ccd file for it. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-06-19 10:05:33 -07:00
Kevin Fenzi
5361223938 openvpn: set ccd files for rdu3 worker nodes, add them to the var so proxies will use them, still need to get openvpn working on workers 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-06-15 16:57:28 -07:00
Kevin Fenzi
cf68c038f5 openvpn / ccd: add ccd file for proxy01.rdu3 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-05-29 12:02:04 -07:00
Kevin Fenzi
c53deb118f ppc64le-test02: add ccd file 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2024-10-04 10:53:42 -07:00
Kevin Fenzi
f2fe6956ff openvpn / people01: fix vpn endpoint on people01 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2024-09-25 17:04:28 -07:00
Kevin Fenzi
e9d7a82877 db-datanommer02.stg: add a rhel9 staging datanommer db host 
We want to migrate db-datanommer01.stg to this to make sure things work
ok before doing the prod one next week.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2024-05-09 16:28:00 -07:00
Kevin Fenzi
1766a60244 also move openvpn ccd file 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2024-05-09 16:01:41 -07:00
David Kirwan
e3459c2b87 zabbix: add vpn to zabbix01 
Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
 2024-03-12 10:27:43 +00:00
Kevin Fenzi
8d89c61c89 torrent01: setup vpn ip 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-11-28 15:21:25 -08:00
Kevin Fenzi
a54eac0968 maintainer-test: forgot some ccd files from these 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-26 10:46:35 -07:00
Kevin Fenzi
c0ed118eaa maintainer_test: reuse some old maintainer test vpn ips 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-24 14:58:09 -07:00
Kevin Fenzi
19830a2265 ibiblio02: add vpn ccd file 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-06-08 09:38:06 -07:00
Kevin Fenzi
ddfd50de03 smtp-auth-cc-rdu01: create new smtp auth relay 
We need this to try and relay in emails.
It turns out to be bordering on impossible to do this sanely with our
current setup, so make a fedora vm that lets us use saslauthdb to have a
specific (small) list of users that can authenticate and relay emails
via bastion and out. We can't do this on rhel, because they don't build
the saslauthdb backend. We can't use any of the other backends because
they either don't work or would allow any fedora user to relay, which we
do not want.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-05-18 14:35:49 -07:00
Kevin Fenzi
49cdae0e41 openvpn / server: add ccd files for ocp worker nodes 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-06-09 13:04:57 -07:00
Kevin Fenzi
00057ef856 internetx02 enters the arena 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-31 21:51:07 -07:00
Mark O Brien
c727ff254b maintainer-test: add missing files for f36 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2022-03-28 11:59:15 +01:00
Mark O Brien
57fa4c40bc add vpn info for el9-test 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2021-12-20 15:23:05 +00:00
Mikolaj Izdebski
137f156d5a openvpn/server: Add config for value02.iad2.fedoraproject.org 2021-11-03 16:24:20 +01:00
Mark O Brien
59fa8cb866 maintainer-test: create f35 instance and vpn settings 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2021-10-13 13:10:09 +00:00
Kevin Fenzi
738c89d04d vmhost-p08-copr02: add second power8 box in rdu-cc 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-07-12 19:07:52 -07:00
Kevin Fenzi
6571c326ee Storinator01.rdu-cc: add host back in 
We add vpn to it to make ipa work, drop old openshift volumes, change
the name and in general get it ready to add to ansible.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-07-01 14:19:59 -07:00
Kevin Fenzi
07fd9a34aa add vmhost-p08-copr01 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-06-26 10:50:51 -07:00
Kevin Fenzi
b87ea6573f add vpn endpoint for vmhost-a64-cc01 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-06-24 15:54:14 -07:00
Kevin Fenzi
8626857460 cloud-noc-os01: add vpn 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-06-18 09:50:57 -07:00
Kevin Fenzi
8a59695693 Add maintainer_test and copr vmhosts to vpn 
We need to add these hosts to the vpn to use ipa for auth on them.
They are in the 192.168.100 network, which is the 'more restricted'
subnet of vpn. After the freeze we will probibly want to lock this down
more with a rule on all hosts except ipa* to reject everything from
them. In the mean time the firewall rules blocking most things should be
ok for now.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-04-16 11:38:26 -07:00
Kevin Fenzi
658df6e677 debuginfod: move to port 8002 and add vpn 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-04-05 15:30:01 -07:00
Stephen Smoogen
da105b0f3b NS13 needs a openvpn ccd file to work 
Signed-off-by: Stephen Smoogen <smooge@smoogespace.com>
 2021-03-30 16:42:30 -04:00
Mark O'Brien
f952b7a715 add ipsilon02 2021-03-22 15:38:28 +00:00
Mark O'Brien
63ef253011 ipsilon: new prod vm 2021-03-22 11:54:33 +00:00
Kevin Fenzi
02eac50add Add a ipa03 host. 
We want to add another ipa server host in case the load gets large when
we migrate from fas. We can always nuke this one or add more.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-19 21:14:42 +00:00
Kevin Fenzi
4b067c6fec openvpn / server / ccd files: Fix hosts that had the old transition iad2 vpn 
When we moved datacenters we had iad2 pointing to 192.168.20 at various
points to migrate things. We should no longer have any hosts using that
ip range. Move them all back.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-10-02 08:44:33 -07:00
Stephen Smoogen
d0a5454a59 add in vpn files for proxy101/proxy110 to get them from erroring 2020-09-21 12:39:51 -04:00
Mark O'Brien
9f7b9f5d54 [proxies] add host vars proxy39/40 2020-09-16 11:41:47 +01:00
Kevin Fenzi
87d5bc23de openvpn / server: Add ccd file for pagure02 
Note that this just needs to add a new ccd file, nothing has to be
restarted and it can't possibly be used by anything but
'pagure02.fedoraproject.org' so it should not affect freeze on bastion.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-09-15 13:48:56 -07:00
Kevin Fenzi
350f52aea9 rename vmhosts in rdu-cc so they don't overlap with hosts in iad2 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-09-04 13:46:41 -07:00
Mark O'Brien
e4e6ede45b [proxies] add proxy37/38 2020-09-01 15:45:29 +01:00
Kevin Fenzi
1cf024e37f Freeze break request: add vpn ccd file and vpn role to retrace 
We need retrace03 on the vpn at least for now, or else 2fa won't work.
At some point when fasClient is gone we may be able to drop this
when we switch to sssd or something else.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-08-25 14:12:12 -07:00
Mark O'Brien
5f114a7c98 [proxies] setup for proxy35/36 2020-08-24 17:21:00 +01:00
Mark O'Brien
1189897518 [proxies] allow outside servers access to infrastructure 2020-08-06 15:15:31 +01:00
Kevin Fenzi
e6fc2e998b openvpn / server: add 02 instances to vpn 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-14 14:55:02 -07:00
Kevin Fenzi
882d40f9d3 actually check in the nuancier ccd files 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-06-29 16:34:45 -07:00
Kevin Fenzi
0ec52f5297 openvpn / server: add nuancier and fedocal ccd files 
Also, remove all the old phx2 ones that were left.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-06-29 16:32:56 -07:00
Stephen Smoogen
ef902cc3c6 openvpn variable is needed for proxy32 2020-06-27 11:09:31 -04:00
Kevin Fenzi
3f84700606 openvpn server / pdc-web02: add ccd file 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-06-22 14:02:05 -07:00
Stephen Smoogen
7b93b2fe2c ODCS: Change odcs vpn to use the iad2 server versus the phx2 one. This 
will allow odcs to work with new colocation.
 2020-06-16 07:49:54 -04:00
Kevin Fenzi
9dc73b3764 mbs: fix the mbs openvpn endpoint 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-06-13 20:48:17 -07:00
Kevin Fenzi
07f8385e19 openvpn: move badges 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-06-12 13:57:17 -07:00
Kevin Fenzi
89dafdc841 iad2: openvpn/server: switch kerneltest over to iad2 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-06-11 14:06:25 -07:00
Kevin Fenzi
a455c31b31 iad2: blockerbugs adjustments for iad2 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-06-11 13:43:58 -07:00