WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-16 13:56:03 +08:00
Code Issues Packages Projects Releases Wiki Activity
41,551 Commits 9 Branches 0 Tags
d527ec63f019fb1c166324ef10b3ece54822c253
Commit Graph

920 Commits

Author SHA1 Message Date
Stephen Smoogen
6cbe68f288 make firewall change to openshift so nagios can be accepted. make change to syncHttp for new ips 2020-06-12 12:33:13 -04:00
Stephen Smoogen
f65a48aa61 allow log01 to get logs from proxies and other hosts. fix both iptables and rsyncd 2020-06-12 11:01:08 -04:00
Adam Williamson
7a82a5a7d5 Rename ansible_ifcfg_{black,white}list to {block,allow}list 
Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2020-06-11 15:22:09 -07:00
Stephen Smoogen
0816164593 remove proxy01.phx2/proxy10.phx2 from vpn 2020-06-10 15:44:57 -04:00
Kevin Fenzi
1f467abfce iad2: drop phx2 koji builder iptables, fix iad2 iptables to not have a syntax error 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-06-09 19:55:04 -07:00
Stephen Smoogen
0f6bde6666 make it so s390 uses iad2 dns 2020-06-09 20:30:01 -04:00
Stephen Smoogen
9fbe3df30b put the right item into the postfix main.cf 2020-06-09 14:16:22 -04:00
Stephen Smoogen
da3bb01bb8 make it so ipv4 is used for iad2 systems 2020-06-09 14:11:26 -04:00
Stephen Smoogen
3bc4a7e946 bastion and batcave and other things need 22 for osuosl 2020-06-08 20:27:52 -04:00
Kevin Fenzi
1135514bd4 osuosl: add mm-backend external ip for ssh on osuosl proxies so we can sync mm data. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-06-08 13:26:41 -07:00
Stephen Smoogen
98d8ec7a8f fix 53 in both places 2020-06-07 15:44:26 -04:00
Stephen Smoogen
0266f2541d fix the kojibuilder firewall for udp and ss 2020-06-07 15:41:54 -04:00
Stephen Smoogen
11baf9ef99 try adding a hosts files for the s390 builders 2020-06-07 15:35:15 -04:00
Stephen Smoogen
d099a158f6 this should allow IAD2 to SSH into s390 2020-06-07 14:54:43 -04:00
Stephen Smoogen
20874816e4 and this should allow PHX2 systems to get to RHEL content 2020-06-07 12:12:52 -04:00
Kevin Fenzi
348817447e base / iptables: also add output rule for the ssh mount 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-06-06 17:32:44 -07:00
Kevin Fenzi
fff697a707 base / iptables: add iad2 ips to kojibuilder (phx2) section 
We need to add this for s390x machines so they can talk to and be
managed by iad2 stuff. phx2 builders should not be affected, and
s390 builders only get the new rules added, so they should keep working
with phx2. We will need to clean this up after the move and remove all
the phx2 stuff.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-06-06 17:28:37 -07:00
Stephen Smoogen
d89168a30f clean up download usage 2020-06-06 15:23:40 -04:00
Stephen Smoogen
16875c357d try to get this to work for builders in iad2 2020-06-06 10:39:09 -04:00
Stephen Smoogen
8d188f2e17 fix the case on grep as it matters 2020-06-05 10:39:05 -04:00
Stephen Smoogen
75d1b3c715 ppc interfaces are coming up as enp<BLAH> 2020-06-05 10:36:51 -04:00
Kevin Fenzi
dd952da38b base / iptables: drop old openstack template and update osusol with new batcave egress ip 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-06-04 10:36:08 -07:00
Kevin Fenzi
ee3f1f523e iad2: also switch base keytab to use python3 now (so new hosts in iad2 only) 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-06-03 11:19:57 -07:00
Tim Flink
41f79ab8d2 dhcp/inventory: removing beaker and beaker-client 
Removing references to beaker and the hosts that were part of that setup
 2020-06-02 18:52:47 +00:00
Mark O'Brien
cb9302cb6a [postfix] update gateway conf for postfix3 2020-06-02 08:16:55 +00:00
Mark O'Brien
c8e322e49a [postfix] update main config file for postfix3 config 2020-06-02 08:16:55 +00:00
Kevin Fenzi
d5b4bef21b iad2: bkernel01 should use the iad resolv.conf, and we shouldn't try and put template conditionals in a file. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-30 18:21:39 -07:00
Stephen Smoogen
7c2fcaf510 we have a lot of hardcoded logic which defaults to phx2 ips.. this should try to fix dns for iad2 systems 2020-05-29 14:49:24 -04:00
Kevin Fenzi
1d5d09a6fc base ifcfg template: fix logic, we need a elif not if there 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-28 16:56:15 -07:00
Stephen Smoogen
a93c9169f5 fix logic to work with eno interfaces and add in logic for dual datacenters 2020-05-28 18:37:17 -04:00
Kevin Fenzi
189194a7d1 iad2: fix kojibuilder resolv.conf for iad2 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-28 14:40:04 -07:00
Kevin Fenzi
eaf3837e58 kojibuilder: Break out a new set of iptables rules for iad2 
Put all the rules in the kojibuilder file so we can just nuke the phx2
part later and not have to move groups around, etc.

Also, nuke the old unused bkernel network template.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-28 14:40:04 -07:00
Stephen Smoogen
75b78ea9f6 add eno to interfaces 2020-05-25 17:13:50 -04:00
Kevin Fenzi
9f9eba3716 base / iptables: drop nat and raw chains from here, as f32 does not like them 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-25 13:31:04 -07:00
Stephen Smoogen
5407472e84 move iad2 in front of vpn so that hosts aren't trying to reach vpn hosts when they aren't on vpn 2020-05-22 15:24:31 -04:00
Stephen Smoogen
d8188e7417 turn off ipv6 on bastion until we get ipv6 fulling deployed 2020-05-22 14:07:59 -04:00
Stephen Smoogen
5b9d2b927d put in an updated postfix.main for bastion-iad01 2020-05-22 13:56:34 -04:00
Mark O'Brien
851d898e01 [rsyslog] add rsyslog8/rhel8 conf file 2020-05-21 11:37:48 +01:00
Kevin Fenzi
4b7c31a882 cleanup: remove all the duplicate tests for selinux python bindings in favor of the ones in base. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-16 10:54:58 -07:00
Kevin Fenzi
98549fd6db base / resolv.conf: we want vpn to be before iad2 here 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-13 16:56:58 -07:00
Kevin Fenzi
c529380547 Spring cleaning time. :) 
I removed all the old files, inventory, playbooks, roles and other from
services we no longer run or use. There was a bunch of cruft in there
and I hope that will make the repo cleaner and easier to look for things
we actually do run and care about.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-13 14:02:41 -07:00
Kevin Fenzi
ce6cd8844a base: postfix: comment duplicate alias_maps thats sending warnings from bastion01.iad2 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-08 20:30:33 -07:00
Kevin Fenzi
b8de4f9d7d iad2: log01: add a rsyslog config file for log01.iad2 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-08 17:49:21 -07:00
Kevin Fenzi
29a4145466 iad2: add a iad2 resolv.conf file. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-06 16:54:48 -07:00
Kevin Fenzi
9edbfa6a39 iad2: only install the default PROD prompt in non iad2 datacenters 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-06 13:56:02 -07:00
Kevin Fenzi
9b49971cae iad2: set prompt in iad2 to avoid confusion 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-06 13:51:16 -07:00
Stephen Smoogen
03a14c6db9 HOTPATCH: Fix pagure-stg email. Formal fix will need updating our postfix files to work with RHEL-8/Fedora 28+ postfix syntax. 2020-05-04 08:48:43 -04:00
Nils Philippsen
5958059b47 Remove remnants of lists-dev and lists01 
Follow-up on:

commit a11e1da4b435928c8895259e12ea1bf895860cb4
Author: Kevin Fenzi <kevin@scrye.com>
Date:   Thu Feb 20 17:09:00 2020 +0000

    lists-dev: farewell

    Signed-off-by: Kevin Fenzi <kevin@scrye.com>

commit dd3bf3b50d
Author: Kevin Fenzi <kevin@scrye.com>
Date:   Fri May 20 18:09:20 2016 +0000

    Drop collab03 and hosted-lists01 (everything is going to mailman01 now).
    Drop hosted01 (we arent going to move hosted to rhel7)

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2020-05-03 22:02:42 +00:00
Stephen Smoogen
bb719cdc5d rsyslogd: fix rsyslogd on all EL8 and F32 boxes 
In 2017, I (Stephen Smoogen), put in a change to copy
roles/base/files/rsyslog/rsyslog-limits.conf to /etc/systemd on
log01. This was to make it so we have adequete limits on the logrunner
on log01. However I missed the fact that all *.conf files are copied
over to /etc/rsyslog.d/ in a previous section. So this file has been
copied over to every system since 2017.. which was ok when rsyslogd just
ignored the syntax. However on EL8, it dies and kills rsyslogd so
servers are not able to run.

Fix: change the file name to one which won't get globbed. Remove the
file from all systems in /etc/rsyslo.d
 2020-04-30 11:25:25 +00:00
Stephen Smoogen
07a8351c1d sync the download logs from download-cc 2020-04-30 10:17:28 +00:00