WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-23 18:10:17 +08:00
Code Issues Packages Projects Releases Wiki Activity
40,086 Commits 9 Branches 0 Tags
ea7d2ecc3a7658fbd3ebc69d42cf5e19f2c8febe
Commit Graph

351 Commits

Author SHA1 Message Date
Nick Bebout
b5d0a51ae9 Revert "Reapply "Change ipa01-backend to actually point to ipa02"" 
This reverts commit d28ebf8cb5.
 2024-01-25 11:23:03 -06:00
Nick Bebout
d28ebf8cb5 Reapply "Change ipa01-backend to actually point to ipa02" 
This reverts commit 7b71471851.
 2024-01-25 08:50:46 -06:00
Nick Bebout
7b71471851 Revert "Change ipa01-backend to actually point to ipa02" 
This reverts commit b64524ec9a.
 2024-01-24 16:17:57 -06:00
Nick Bebout
b64524ec9a Change ipa01-backend to actually point to ipa02 2024-01-23 16:06:05 -06:00
Kevin Fenzi
20dc948173 notifs (old fmn): retire 
We are retiring this in favor of the new service.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-11-15 12:28:28 -08:00
Kevin Fenzi
af8f9531a9 haproxy: fix issue with non iad2 proxies 
Turns out zabbix is only in iad2, so we need to not set it up on non
iad2 proxies.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-11-15 11:14:27 -08:00
Kevin Fenzi
a60ca7159f nuancier: retire and remove from ansible 
See https://pagure.io/fedora-infrastructure/issue/11371
This service is retired.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-11-15 10:44:00 -08:00
David Kirwan
6461430ae3 zabbix: remove conditions on zabbix configration 
Rename host zabbix/zabbix.stg to zabbix01

Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
 2023-11-15 08:10:44 +00:00
Kevin Fenzi
9b42cd8cbf haproxy: fix template typo 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-11-13 13:53:56 -08:00
David Kirwan
8b0581bcad zabbix: haproxy config reworking 
Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
 2023-11-09 14:52:30 +00:00
David Kirwan
ee3bac3470 zabbix: haproxy config zabbix production 
Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
 2023-11-09 14:04:13 +00:00
Kevin Fenzi
50c61979f0 Revert "zabbix: Add configuration for zabbix prod to haproxy" 
This reverts commit d7b20fa114.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-11-07 06:16:29 -08:00
David Kirwan
d7b20fa114 zabbix: Add configuration for zabbix prod to haproxy 
Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
 2023-11-07 07:49:31 +00:00
Francois Andrieu
ce45b1775e ocp: renew internal ingress certificates 2023-08-11 12:50:57 +02:00
Aurélien Bompard
74988bf1ff Old FMN: update the heartbeat location 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2023-04-26 11:32:52 +02:00
Kevin Fenzi
36b489bce2 haproxy: adjust content size to 503 page 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-04-04 07:50:02 -07:00
Francois Andrieu
0ece2dfe06 use fedoraproject favicon everywhere it's needed 2023-04-03 13:35:55 +02:00
Kevin Fenzi
b1b0923af0 openshift 3.11: raise a glass! 
Our openshift 3.11 cluster(s) served us long and well.

Now we have everything finally moved to the openshift 4 clusters (fas2
was the last holdout). We can finally retire this. :)

🎉🥂

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-11-28 13:08:01 -08:00
Kevin Fenzi
99eab71b2e haproxy: install socat for dynamic stats/control of haproxy 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-06-06 12:22:35 -07:00
Kevin Fenzi
1e304a8467 haproxy: revert adding workers, as these were masters all along 
We added more to the api and machine-config, but those only go to
control nodes, not compute nodes. Just revert this section entirely, it
was a bad idea and we shall never speak of it again. :)

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-03-03 14:59:28 -08:00
Kevin Fenzi
9eed96e3d6 proxies: open ocp4 api port in both stg and prod 
This fixes ticket 10521.

Basically we want to just open the api. It requires auth to do anything
and other openshift instances have it available, so it shouldn't
hopefully expose us to too much risk. With ocp3 the api was part of the
normal port/web flow, but with ocp4 it's a seperate port.

This also adds new workers to haproxy. I can drop that part if it's
controversal, but it should be fine I would think.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-03-03 22:29:37 +00:00
Kevin Fenzi
c520b42230 datagrepper has moved to openshift. Remove old ansible remnants. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-02-21 11:44:13 -08:00
Mark O Brien
dab8886bb7 remove unnecessary task 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2021-11-04 15:51:05 +00:00
David Kirwan
d7f5be0ebb metrics-for-apps: updating api-int CA cert for ocp4 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-09-09 12:52:18 +09:00
David Kirwan
b778a45d6c metrics-for-apps: Remove temporary ocp4 bootstrap machine from haproxy 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-09-08 12:35:48 +09:00
David Kirwan
4e8fa0e687 metrics-for-apps: add ocp4 prod CA cert to haproxy 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-09-08 12:32:42 +09:00
Kevin Fenzi
6ce2275510 haproxy: ocp cluster is only in iad2 
If we push this to all proxies (as we have), they will fail to start
haproxy because they cannot resolve the internal ocp iad2 hosts. ;(

The ocp clusters should only apply on the iad2 haproxy nodes, not all
proxies. Also fix logic on the staging one to apply in staging instead
of just production.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-09-04 10:51:00 -07:00
David Kirwan
9f39d76e2c metrics-for-apps: Adding inventory/groupvars/changes for ocp prod 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-09-02 01:37:34 +00:00
Kevin Fenzi
3bdb267ad4 staging: rename the ocp cert 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-08-30 15:53:34 -07:00
Kevin Fenzi
5e6ab492a5 haproxy: tweak filename for ocp certs 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-08-19 16:13:33 -07:00
Kevin Fenzi
ee60a42ccb haproxy: check in a temp prod ocp ca pem so playbooks do not fail 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-08-17 17:15:29 -07:00
David Kirwan
773bb63e35 metrics-for-apps: CA cert for the ocp4 staging cluster 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-08-17 10:26:56 +09:00
David Kirwan
6de8b73b9a metrics-for-apps: hotfix rename ocp4 staging CA cert 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-08-16 11:04:59 +09:00
David Kirwan
63b493fe31 metrics-for-apps: hotfix rename ocp4 staging ca certificate 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-08-16 10:51:33 +09:00
Kevin Fenzi
ffe6484549 haproxy: use env_short here 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-08-13 16:39:02 -07:00
Kevin Fenzi
73bb20bb13 Revert "haproxy: adjust names on files to use .stg" 
This reverts commit 8b1f44206d.
 2021-08-13 16:37:13 -07:00
Kevin Fenzi
8b1f44206d haproxy: adjust names on files to use .stg 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-08-13 13:25:25 -07:00
David Kirwan
55185861c8 metrics-for-apps: 
- Updating apache proxy config to handle ocp4 CA cert
- place ocp4 CA cert on proxies
- add ocp4 stg ca cert to haproxy/files

Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-08-13 20:02:38 +00:00
David Kirwan
b7be2d3c40 metrics-for-apps: commeting out the bootstrap node for ocp4stg 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-08-11 12:46:46 +09:00
Kevin Fenzi
38fa66b00b Revert "metrics-for-apps: commenting out ocp4 bootstrap node from proxy configs" 
This reverts commit 849b729578.
 2021-08-10 19:31:42 -07:00
David Kirwan
849b729578 metrics-for-apps: commenting out ocp4 bootstrap node from proxy configs 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-08-11 10:14:18 +09:00
Kevin Fenzi
ad2d0a4a4e haproxy: Try dropping ssl here. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-08-10 18:02:45 -07:00
Kevin Fenzi
ecbda7c851 haproxy: add staging ocp cert for api-int 
haproxy needs to terminate ssl for the api part of the ocp cluster.
We can't do this in apache without listening for non standard ports and
that could be a mess, so terminate ssl here and talk into the cluster

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-08-09 10:51:13 -07:00
David Kirwan
d78d1070f8 metrics-for-apps: terminate tls for api/api-int in haproxy 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-08-09 17:48:38 +00:00
Kevin Fenzi
63eb9d6765 haproxy: fix typo in backend name 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-07-27 13:22:56 -07:00
Kevin Fenzi
abec29acf4 ocp / staging: add posts for control plane behind haproxy and open proxy firewalls 
Put the api ports that ocp4 needs behind haproxy (with bootstrap node)
and open them to just the ocp4 machines on the proxies.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-07-27 13:19:16 -07:00
Pierre-Yves Chibon
2b46beed2c fedocal: drop everything related to fedocal in VM 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-06-23 17:30:27 +02:00
Kevin Fenzi
f23fd1b7a1 totpcgi / 2fa: remove old totpci and files and roles. 
Note: there are still some calls here in old fas in openshift, but we
will remove those when we remove old fas (likely as soon as zodbot is
ported over to noggin).

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-17 13:00:56 -07:00
Kevin Fenzi
3a26611841 haproxy: add ipa03 into the mix as a backup behind ipa02 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-17 09:55:58 -07:00
Kevin Fenzi
368bfaef01 haproxy: adjust content length for new text in 503 message 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-17 09:43:45 -07:00