WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-27 20:12:54 +08:00
Code Issues Packages Projects Releases Wiki Activity
35,570 Commits 9 Branches 0 Tags
e56d0b6809dcde7c6d1b53beaa12c8d18d2829ea
Commit Graph

322 Commits

Author SHA1 Message Date
Kevin Fenzi
5e6ab492a5 haproxy: tweak filename for ocp certs 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-08-19 16:13:33 -07:00
Kevin Fenzi
ee60a42ccb haproxy: check in a temp prod ocp ca pem so playbooks do not fail 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-08-17 17:15:29 -07:00
David Kirwan
773bb63e35 metrics-for-apps: CA cert for the ocp4 staging cluster 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-08-17 10:26:56 +09:00
David Kirwan
6de8b73b9a metrics-for-apps: hotfix rename ocp4 staging CA cert 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-08-16 11:04:59 +09:00
David Kirwan
63b493fe31 metrics-for-apps: hotfix rename ocp4 staging ca certificate 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-08-16 10:51:33 +09:00
Kevin Fenzi
ffe6484549 haproxy: use env_short here 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-08-13 16:39:02 -07:00
Kevin Fenzi
73bb20bb13 Revert "haproxy: adjust names on files to use .stg" 
This reverts commit 8b1f44206d.
 2021-08-13 16:37:13 -07:00
Kevin Fenzi
8b1f44206d haproxy: adjust names on files to use .stg 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-08-13 13:25:25 -07:00
David Kirwan
55185861c8 metrics-for-apps: 
- Updating apache proxy config to handle ocp4 CA cert
- place ocp4 CA cert on proxies
- add ocp4 stg ca cert to haproxy/files

Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-08-13 20:02:38 +00:00
David Kirwan
b7be2d3c40 metrics-for-apps: commeting out the bootstrap node for ocp4stg 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-08-11 12:46:46 +09:00
Kevin Fenzi
38fa66b00b Revert "metrics-for-apps: commenting out ocp4 bootstrap node from proxy configs" 
This reverts commit 849b729578.
 2021-08-10 19:31:42 -07:00
David Kirwan
849b729578 metrics-for-apps: commenting out ocp4 bootstrap node from proxy configs 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-08-11 10:14:18 +09:00
Kevin Fenzi
ad2d0a4a4e haproxy: Try dropping ssl here. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-08-10 18:02:45 -07:00
Kevin Fenzi
ecbda7c851 haproxy: add staging ocp cert for api-int 
haproxy needs to terminate ssl for the api part of the ocp cluster.
We can't do this in apache without listening for non standard ports and
that could be a mess, so terminate ssl here and talk into the cluster

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-08-09 10:51:13 -07:00
David Kirwan
d78d1070f8 metrics-for-apps: terminate tls for api/api-int in haproxy 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-08-09 17:48:38 +00:00
Kevin Fenzi
63eb9d6765 haproxy: fix typo in backend name 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-07-27 13:22:56 -07:00
Kevin Fenzi
abec29acf4 ocp / staging: add posts for control plane behind haproxy and open proxy firewalls 
Put the api ports that ocp4 needs behind haproxy (with bootstrap node)
and open them to just the ocp4 machines on the proxies.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-07-27 13:19:16 -07:00
Pierre-Yves Chibon
2b46beed2c fedocal: drop everything related to fedocal in VM 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-06-23 17:30:27 +02:00
Kevin Fenzi
f23fd1b7a1 totpcgi / 2fa: remove old totpci and files and roles. 
Note: there are still some calls here in old fas in openshift, but we
will remove those when we remove old fas (likely as soon as zodbot is
ported over to noggin).

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-17 13:00:56 -07:00
Kevin Fenzi
3a26611841 haproxy: add ipa03 into the mix as a backup behind ipa02 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-17 09:55:58 -07:00
Kevin Fenzi
368bfaef01 haproxy: adjust content length for new text in 503 message 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-17 09:43:45 -07:00
Kevin Fenzi
80079bec37 503: adjust wording on the service not available doc 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-17 16:40:25 +00:00
Kevin Fenzi
14c486b41d haproxy: adjust content-length 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-12 13:38:48 -07:00
Kevin Fenzi
e4d7627ce8 haproxy: disable notifs-web02 until it's ready 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-05 17:40:18 -07:00
Kevin Fenzi
e82d21eefd haproxy: decrease chances of marking ipsilon down 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-31 09:36:13 -07:00
Aurélien Bompard
b8e6754f97 Use a VM for Ipsilon in prod too 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-03-23 16:55:38 +00:00
Pierre-Yves Chibon
25ff2bea69 haproxy: let's assume zabbix is up for now 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-18 10:11:12 +01:00
Pierre-Yves Chibon
7d1fbba00d haproxy: be more flexible for zabbix 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-17 17:04:21 +01:00
Pierre-Yves Chibon
23c7ef8c20 haproxy: zabbix returns either 200 or 401 - maybe this way? 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-17 16:49:43 +01:00
Pierre-Yves Chibon
36de1196e1 haproxy: zabbix returns either 200 or 401 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-17 16:45:58 +01:00
Pierre-Yves Chibon
ea9d107ef8 haproxy: zabbix now returns 401 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-17 16:40:32 +01:00
Pierre-Yves Chibon
b3a0df510d haproxy: fix the path where haproxy check for zabbix 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-17 15:58:50 +01:00
Pierre-Yves Chibon
157e8029a8 haproxy: add support for zabbix in haproxy but stg only 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-17 10:34:30 +01:00
Aurélien Bompard
aace9bb2cc New certificate for IPA in staging 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-02-12 11:39:24 +01:00
Adrian Reber
cb4bb12298 mirrorlist: clean up unused definitions 
Remove everything which is related to running the mirrorlist server
process as a container. This has not been used for the last few months.

Also remove the 3 mirrorlist process setup for IAD2 as it is no longer
necessary and removing it also simplifies the configuration.

Signed-off-by: Adrian Reber <adrian@lisas.de>
 2020-11-17 07:32:01 +00:00
Aurélien Bompard
38cc67731b Proxy: attempt to move ipsilon back to a VM in staging 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-10-07 10:59:41 +02:00
Pierre-Yves Chibon
c0f7fa3e8c proxy: bring back pdc-backend, this one doesn't have anything to do with the pdc-backend hosts 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-10-06 15:49:06 +02:00
Pierre-Yves Chibon
f91a80046b Wipe everything that is to do with pdc-backend from our ansible repo 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-10-05 18:57:52 +00:00
Kevin Fenzi
e6a1139cec haproxy / staging: update openshift ca cert for haproxy 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-31 11:31:12 -07:00
Kevin Fenzi
516d5e77e8 haproxy: fix conditional that was reversed for mbs 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-25 10:06:47 -07:00
Kevin Fenzi
f19cb7f225 haproxy: adjust staging haproxy for things that should exist 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-25 09:56:35 -07:00
Kevin Fenzi
959fdaa00b haproxy: add a placeholder ca for openshift staging 
Openshift doesn't exist in staging yet, but we want to finish mostly
building out proxy01 before doing that, so set a placeholder ca here
until we can update it with the real one.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-25 09:39:17 -07:00
Kevin Fenzi
16d012933c haproxy: add ipa stg cert for iad2 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-24 21:52:12 -07:00
Stephen Smoogen
257a130bc8 remove zanata2fedmsg. the zanata roles are still there for the time being as they are tied into webstizes and such 2020-07-22 15:22:37 -04:00
Kevin Fenzi
506b41bb65 Add sundries02, wiki02 and datagrepper02 
Add some more '02' instances to increase uptime/availibility.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-14 14:32:25 -07:00
Stephen Smoogen
857a3c623d this should remove a lot of things looking at phx2 systems 2020-06-10 09:18:11 -04:00
Kevin Fenzi
c7a0d2f3c4 also fix the ipa file 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-06-08 15:20:15 -07:00
Kevin Fenzi
162bb8bf5e iad2-move: there is only one active openshift, and it is the iad2 one, use its ssl cert 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-06-08 15:17:15 -07:00
Kevin Fenzi
83d76a8614 iad2: haproxy: fix up openshift certs so iad2 and phx2 are correct and both install. Just copy the phx2 ipa pem for now 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-28 10:46:48 -07:00
Kevin Fenzi
e92d630821 iad2: pkgs01 in iad2, not pkgs02 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-26 19:37:13 -07:00