This deploys a new set of ccd files to bastion*rdu3 for openvpn.
Right now bastion01.iad2 is the vpn hub/server for all connections.
Once dns is changed and clients restarted, they will connect to
bastion01.rdu3.
These ccd files swap the iad2 for rdu3 servers.
So, for example now 'wiki01.vpn.fedoraproject.org', or 'wiki01' as the
proxies call it, will go to wiki01.iad2.fedoraproject.org.
After the dns switch and client reconnects here,
wiki01.vpn.fedoraproject.org/wiki01's ip will be claimed by
wiki01.rdu3.fedoraproject.org instead and wiki01.iad2 will get a dynamic
ip (or will be just turned off).
This will allow us to more easly move services from proxies.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This will unify all the handlers to use first uppercase letter for
ansible-lint to stop complaining.
I went through all `notify:` occurrences and fixed them by running
```
set TEXT "text_to_replace"; set REPLACEMENT "replacement_text"; git grep
-rlz "$TEXT" . | xargs -0 sed -i "s/$TEXT/$REPLACEMENT/g"
```
Then I went through all the changes and removed the ones that wasn't
expected to be changed.
Fixes https://pagure.io/fedora-infrastructure/issue/12391
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
fix 1900 failures of the following case issue:
`name[casing]: All names should start with an uppercase letter.`
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
Using `git grep el6` and `git grep el7` and variants like EL-7 or
el-7, I found various entries and files which were no longer needed
with the current ansible. I updated text or tests to later versions of
RHEL as needed.
found entries for the fedora ami's for the original cloud and removed
those entries also.
Signed-off-by: Stephen Smoogen <ssmoogen@redhat.com>
We want to migrate db-datanommer01.stg to this to make sure things work
ok before doing the prod one next week.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
We need this to try and relay in emails.
It turns out to be bordering on impossible to do this sanely with our
current setup, so make a fedora vm that lets us use saslauthdb to have a
specific (small) list of users that can authenticate and relay emails
via bastion and out. We can't do this on rhel, because they don't build
the saslauthdb backend. We can't use any of the other backends because
they either don't work or would allow any fedora user to relay, which we
do not want.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
We add vpn to it to make ipa work, drop old openshift volumes, change
the name and in general get it ready to add to ansible.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Right now this task makes the ccd dir as 0755 and root.root, but then a
later task syncs this from batcave01 and it gets 2755 and
root.sysadmin-main. Just change this to match so we are more idempotent.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
We had a bunch of old el6 conditionals in here, and we have 0 el6
machines. We also now have some CentOS instances, so we shouldn't check
for RedHat or Fedora anymore. Also, everything is using the newer
openvpn now so no need to make sure the old one is stopped.
This should not affect the vast majority of hosts, but it should allow
the el7/el8-test instances vpns to actually work.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
We need to add these hosts to the vpn to use ipa for auth on them.
They are in the 192.168.100 network, which is the 'more restricted'
subnet of vpn. After the freeze we will probibly want to lock this down
more with a rule on all hosts except ipa* to reject everything from
them. In the mean time the firewall rules blocking most things should be
ok for now.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
