PR#765: metrics-for-apps: Adding inventory/groupvars/changes for ocp prod - fedora-infra/ansible

fedora-infra / ansible

#765 metrics-for-apps: Adding inventory/groupvars/changes for ocp prod

Merged 3 years ago by dkirwan. Opened 3 years ago by dkirwan.

fedora-infra/ dkirwan/ansible main into main

metrics-for-apps: Adding inventory/groupvars/changes for ocp prod

David Kirwan • 3 years ago

9f39d76

inventory/group_vars/all

file modified

		`@@ -275,6 +275,12 @@`
		`os_wildcard_key_file: wildcard-2021.app.os.fedoraproject.org.key`
		`os_wildcard_int_file: wildcard-2021.app.os.fedoraproject.org.intermediate.cert`

		`+ # This is the openshift wildcard cert for ocp`
		`+ ocp_wildcard_cert_name: wildcard-2021.apps.ocp.fedoraproject.org`
		`+ ocp_wildcard_cert_file: wildcard-2021.apps.ocp.fedoraproject.org.cert`
		`+ ocp_wildcard_key_file: wildcard-2021.apps.ocp.fedoraproject.org.key`
		`+ ocp_wildcard_int_file: wildcard-2021.apps.ocp.fedoraproject.org.intermediate.cert`
		`+`
		`# Everywhere, always, we should sign messages and validate signatures.`
		`# However, we allow individual hosts and groups to override this. Use this very`
		`# carefully.. and never in production (good for testing stuff in staging).`

inventory/group_vars/ocp

file added

		`@@ -0,0 +1,8 @@`
		`+ ---`
		`+ rhcos_version: 4.8.2`
		`+ ocp4: true`
		`+ vpn: false`
		`+ nagios_Check_Services:`
		`+ swap: false`
		`+ nrpe: false`
		`+ mail: false`

inventory/group_vars/proxies

file modified

+11

		`@@ -124,3 +124,14 @@`
		`- os-node01.vpn.fedoraproject.org`
		`- os-node02.vpn.fedoraproject.org`
		`- os-node03.vpn.fedoraproject.org`
		`+`
		`+ ocp_masters:`
		`+ - bootstrap.ocp.iad2.fedoraproject.org`
		`+ - ocp01.ocp.iad2.fedoraproject.org`
		`+ - ocp02.ocp.iad2.fedoraproject.org`
		`+ - ocp03.ocp.iad2.fedoraproject.org`
		`+`
		`+ ocp_nodes:`
		`+ - worker01.ocp.iad2.fedoraproject.org`
		`+ - worker02.ocp.iad2.fedoraproject.org`
		`+ - worker03.ocp.iad2.fedoraproject.org`

inventory/group_vars/proxies_stg

file modified

+2 -2

		`@@ -121,13 +121,13 @@`
		`- os-node03.stg.iad2.fedoraproject.org`
		`- os-node04.stg.iad2.fedoraproject.org`

		`- ocp_masters:`
		`+ ocp_masters_stg:`
		`# - bootstrap.ocp.stg.iad2.fedoraproject.org`
		`- ocp01.ocp.stg.iad2.fedoraproject.org`
		`- ocp02.ocp.stg.iad2.fedoraproject.org`
		`- ocp03.ocp.stg.iad2.fedoraproject.org`

		`- ocp_nodes:`
		`+ ocp_nodes_stg:`
		`- worker01.ocp.stg.iad2.fedoraproject.org`
		`- worker02.ocp.stg.iad2.fedoraproject.org`
		`- worker03.ocp.stg.iad2.fedoraproject.org`

inventory/host_vars/bootstrap.ocp.iad2.fedoraproject.org

file added

+60

		`@@ -0,0 +1,60 @@`
		`+ ---`
		`+ freezes: false`
		`+`
		`+ datacenter: iad2`
		`+`
		`+ vmhost: vmhost-x86-04.iad2.fedoraproject.org,`
		`+ volgroup: /dev/vg_guests`
		`+ lvm_size: 120g`
		`+ mem_size: 16384`
		`+ max_mem_size: 16384`
		`+ num_cpus: 4`
		`+`
		`+ dns1: 10.3.163.33`
		`+ dns2: 10.3.163.34`
		`+`
		`+ dns_search1: "iad2.fedoraproject.org"`
		`+ dns_search3: "fedoraproject.org"`
		`+`
		`+ has_ipv4: yes`
		`+ eth0_ipv4: 10.3.163.126`
		`+ eth0_ipv4_nm: 24`
		`+ eth0_ipv4_gw: 10.3.163.254`
		`+ eth0_ip: "{{eth0_ipv4}}"`
		`+ nm: 255.255.255.0`
		`+ gw: "{{ eth0_ipv4_gw }}"`
		`+ dns: "{{ dns1 }}"`
		`+`
		`+ mac0: "{{ ansible_default_ipv4.macaddress }}"`
		`+`
		`+ rhcos_ignition_file_url: "http://10.3.163.65/rhcos/bootstrap.ign"`
		`+ rhcos_install_img_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz"`
		`+ rhcos_install_rootfs_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img"`
		`+ rhcos_install_url: "http://10.3.163.65/rhcos/"`
		`+`
		`+ virt_install_command: "{{ virt_install_command_pxe_rhcos }}"`
		`+`
		`+ network_connections:`
		`+ - name: eth0`
		`+ mac: "{{ mac0 }}"`
		`+ state: up`
		`+ type: ethernet`
		`+ autoconnect: yes`
		`+ ip:`
		`+ address:`
		`+ - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"`
		`+ gateway4: "{{ eth0_ipv4_gw }}"`
		`+ dns:`
		`+ - "{{ dns1 }}"`
		`+ - "{{ dns2 }}"`
		`+ dns_search:`
		`+ - "{{ dns_search1 }}"`
		`+ - "{{ dns_search2 }}"`
		`+ - "{{ dns_search3 }}"`
		`+ dhcp4: no`
		`+ auto6: no`
		`+`
		`+ vpn: true`
		`+`
		`+ nrpe_procs_warn: 1200`
		`+ nrpe_procs_crit: 1400`

inventory/host_vars/ocp01.ocp.iad2.fedoraproject.org

file added

+60

		`@@ -0,0 +1,60 @@`
		`+ ---`
		`+ freezes: false`
		`+`
		`+ datacenter: iad2`
		`+`
		`+ vmhost: vmhost-x86-04.iad2.fedoraproject.org,`
		`+ volgroup: /dev/vg_guests`
		`+ lvm_size: 120g`
		`+ mem_size: 16384`
		`+ max_mem_size: 16384`
		`+ num_cpus: 4`
		`+`
		`+ dns1: 10.3.163.33`
		`+ dns2: 10.3.163.34`
		`+`
		`+ dns_search1: "iad2.fedoraproject.org"`
		`+ dns_search3: "fedoraproject.org"`
		`+`
		`+ has_ipv4: yes`
		`+ eth0_ipv4: 10.3.163.120`
		`+ eth0_ipv4_nm: 24`
		`+ eth0_ipv4_gw: 10.3.163.254`
		`+ eth0_ip: "{{eth0_ipv4}}"`
		`+ nm: 255.255.255.0`
		`+ gw: "{{ eth0_ipv4_gw }}"`
		`+ dns: "{{ dns1 }}"`
		`+`
		`+ mac0: "{{ ansible_default_ipv4.macaddress }}"`
		`+`
		`+ rhcos_ignition_file_url: "http://10.3.163.65/rhcos/controlplane.ign"`
		`+ rhcos_install_img_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz"`
		`+ rhcos_install_rootfs_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img"`
		`+ rhcos_install_url: "http://10.3.163.65/rhcos/"`
		`+`
		`+ virt_install_command: "{{ virt_install_command_pxe_rhcos }}"`
		`+`
		`+ network_connections:`
		`+ - name: eth0`
		`+ mac: "{{ mac0 }}"`
		`+ state: up`
		`+ type: ethernet`
		`+ autoconnect: yes`
		`+ ip:`
		`+ address:`
		`+ - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"`
		`+ gateway4: "{{ eth0_ipv4_gw }}"`
		`+ dns:`
		`+ - "{{ dns1 }}"`
		`+ - "{{ dns2 }}"`
		`+ dns_search:`
		`+ - "{{ dns_search1 }}"`
		`+ - "{{ dns_search2 }}"`
		`+ - "{{ dns_search3 }}"`
		`+ dhcp4: no`
		`+ auto6: no`
		`+`
		`+ vpn: true`
		`+`
		`+ nrpe_procs_warn: 1200`
		`+ nrpe_procs_crit: 1400`

inventory/host_vars/ocp02.ocp.iad2.fedoraproject.org

file added

+60

		`@@ -0,0 +1,60 @@`
		`+ ---`
		`+ freezes: false`
		`+`
		`+ datacenter: iad2`
		`+`
		`+ vmhost: vmhost-x86-05.iad2.fedoraproject.org,`
		`+ volgroup: /dev/vg_guests`
		`+ lvm_size: 120g`
		`+ mem_size: 16384`
		`+ max_mem_size: 16384`
		`+ num_cpus: 4`
		`+`
		`+ dns1: 10.3.163.33`
		`+ dns2: 10.3.163.34`
		`+`
		`+ dns_search1: "iad2.fedoraproject.org"`
		`+ dns_search3: "fedoraproject.org"`
		`+`
		`+ has_ipv4: yes`
		`+ eth0_ipv4: 10.3.163.121`
		`+ eth0_ipv4_nm: 24`
		`+ eth0_ipv4_gw: 10.3.163.254`
		`+ eth0_ip: "{{eth0_ipv4}}"`
		`+ nm: 255.255.255.0`
		`+ gw: "{{ eth0_ipv4_gw }}"`
		`+ dns: "{{ dns1 }}"`
		`+`
		`+ mac0: "{{ ansible_default_ipv4.macaddress }}"`
		`+`
		`+ rhcos_ignition_file_url: "http://10.3.163.65/rhcos/controlplane.ign"`
		`+ rhcos_install_img_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz"`
		`+ rhcos_install_rootfs_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img"`
		`+ rhcos_install_url: "http://10.3.163.65/rhcos/"`
		`+`
		`+ virt_install_command: "{{ virt_install_command_pxe_rhcos }}"`
		`+`
		`+ network_connections:`
		`+ - name: eth0`
		`+ mac: "{{ mac0 }}"`
		`+ state: up`
		`+ type: ethernet`
		`+ autoconnect: yes`
		`+ ip:`
		`+ address:`
		`+ - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"`
		`+ gateway4: "{{ eth0_ipv4_gw }}"`
		`+ dns:`
		`+ - "{{ dns1 }}"`
		`+ - "{{ dns2 }}"`
		`+ dns_search:`
		`+ - "{{ dns_search1 }}"`
		`+ - "{{ dns_search2 }}"`
		`+ - "{{ dns_search3 }}"`
		`+ dhcp4: no`
		`+ auto6: no`
		`+`
		`+ vpn: true`
		`+`
		`+ nrpe_procs_warn: 1200`
		`+ nrpe_procs_crit: 1400`

inventory/host_vars/ocp03.ocp.iad2.fedoraproject.org

file added

+60

		`@@ -0,0 +1,60 @@`
		`+ ---`
		`+ freezes: false`
		`+`
		`+ datacenter: iad2`
		`+`
		`+ vmhost: vmhost-x86-06.iad2.fedoraproject.org,`
		`+ volgroup: /dev/vg_guests`
		`+ lvm_size: 120g`
		`+ mem_size: 16384`
		`+ max_mem_size: 16384`
		`+ num_cpus: 4`
		`+`
		`+ dns1: 10.3.163.33`
		`+ dns2: 10.3.163.34`
		`+`
		`+ dns_search1: "iad2.fedoraproject.org"`
		`+ dns_search3: "fedoraproject.org"`
		`+`
		`+ has_ipv4: yes`
		`+ eth0_ipv4: 10.3.163.122`
		`+ eth0_ipv4_nm: 24`
		`+ eth0_ipv4_gw: 10.3.163.254`
		`+ eth0_ip: "{{eth0_ipv4}}"`
		`+ nm: 255.255.255.0`
		`+ gw: "{{ eth0_ipv4_gw }}"`
		`+ dns: "{{ dns1 }}"`
		`+`
		`+ mac0: "{{ ansible_default_ipv4.macaddress }}"`
		`+`
		`+ rhcos_ignition_file_url: "http://10.3.163.65/rhcos/controlplane.ign"`
		`+ rhcos_install_img_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz"`
		`+ rhcos_install_rootfs_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img"`
		`+ rhcos_install_url: "http://10.3.163.65/rhcos/"`
		`+`
		`+ virt_install_command: "{{ virt_install_command_pxe_rhcos }}"`
		`+`
		`+ network_connections:`
		`+ - name: eth0`
		`+ mac: "{{ mac0 }}"`
		`+ state: up`
		`+ type: ethernet`
		`+ autoconnect: yes`
		`+ ip:`
		`+ address:`
		`+ - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"`
		`+ gateway4: "{{ eth0_ipv4_gw }}"`
		`+ dns:`
		`+ - "{{ dns1 }}"`
		`+ - "{{ dns2 }}"`
		`+ dns_search:`
		`+ - "{{ dns_search1 }}"`
		`+ - "{{ dns_search2 }}"`
		`+ - "{{ dns_search3 }}"`
		`+ dhcp4: no`
		`+ auto6: no`
		`+`
		`+ vpn: true`
		`+`
		`+ nrpe_procs_warn: 1200`
		`+ nrpe_procs_crit: 1400`

inventory/host_vars/worker01.ocp.iad2.fedoraproject.org

file added

+57

		`@@ -0,0 +1,57 @@`
		`+ ---`
		`+ freezes: true`
		`+`
		`+ datacenter: iad2`
		`+`
		`+ arch: x86_64`
		`+`
		`+ dns1: 10.3.163.33`
		`+ dns2: 10.3.163.34`
		`+`
		`+ dns_search1: "iad2.fedoraproject.org"`
		`+ dns_search3: "fedoraproject.org"`
		`+`
		`+ has_ipv4: yes`
		`+ eth0_ipv4: 10.3.163.123`
		`+ eth0_ipv4_nm: 24`
		`+ eth0_ipv4_gw: 10.3.163.254`
		`+ eth0_ip: "{{eth0_ipv4}}"`
		`+ nm: 255.255.255.0`
		`+ gw: "{{ eth0_ipv4_gw }}"`
		`+ dns: "{{ dns1 }}"`
		`+`
		`+ pxe_bootdev: eno34`
		`+ install_dev: /dev/sda`
		`+ mac0: "68:05:CA:CE:A3:C9"`
		`+`
		`+ rhcos_install_img_url: "http://10.3.163.165/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz"`
		`+ rhcos_install_url: "http://10.3.163.65/rhcos/"`
		`+ rhcos_kernel_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-kernel.x86_64"`
		`+ rhcos_initrd_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-initramfs.x86_64.img"`
		`+ rhcos_install_rootfs_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img"`
		`+ rhcos_ignition_file_url: "http://10.3.163.65/rhcos/worker.ign"`
		`+`
		`+ network_connections:`
		`+ - name: eth0`
		`+ mac: "{{ mac0 }}"`
		`+ state: up`
		`+ type: ethernet`
		`+ autoconnect: yes`
		`+ ip:`
		`+ address:`
		`+ - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"`
		`+ gateway4: "{{ eth0_ipv4_gw }}"`
		`+ dns:`
		`+ - "{{ dns1 }}"`
		`+ - "{{ dns2 }}"`
		`+ dns_search:`
		`+ - "{{ dns_search1 }}"`
		`+ - "{{ dns_search2 }}"`
		`+ - "{{ dns_search3 }}"`
		`+ dhcp4: no`
		`+ auto6: no`
		`+`
		`+ vpn: true`
		`+`
		`+ nrpe_procs_warn: 1200`
		`+ nrpe_procs_crit: 1400`

inventory/host_vars/worker02.ocp.iad2.fedoraproject.org

file added

+57

		`@@ -0,0 +1,57 @@`
		`+ ---`
		`+ freezes: true`
		`+`
		`+ datacenter: iad2`
		`+`
		`+ arch: x86_64`
		`+`
		`+ dns1: 10.3.163.33`
		`+ dns2: 10.3.163.34`
		`+`
		`+ dns_search1: "iad2.fedoraproject.org"`
		`+ dns_search3: "fedoraproject.org"`
		`+`
		`+ has_ipv4: yes`
		`+ eth0_ipv4: 10.3.163.124`
		`+ eth0_ipv4_nm: 24`
		`+ eth0_ipv4_gw: 10.3.163.254`
		`+ eth0_ip: "{{eth0_ipv4}}"`
		`+ nm: 255.255.255.0`
		`+ gw: "{{ eth0_ipv4_gw }}"`
		`+ dns: "{{ dns1 }}"`
		`+`
		`+ pxe_bootdev: eno33`
		`+ install_dev: /dev/sda`
		`+ mac0: "68:05:CA:CE:A2:90"`
		`+`
		`+ rhcos_install_img_url: "http://10.3.163.165/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz"`
		`+ rhcos_install_url: "http://10.3.163.65/rhcos/"`
		`+ rhcos_kernel_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-kernel.x86_64"`
		`+ rhcos_initrd_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-initramfs.x86_64.img"`
		`+ rhcos_install_rootfs_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img"`
		`+ rhcos_ignition_file_url: "http://10.3.163.65/rhcos/worker.ign"`
		`+`
		`+ network_connections:`
		`+ - name: eth0`
		`+ mac: "{{ mac0 }}"`
		`+ state: up`
		`+ type: ethernet`
		`+ autoconnect: yes`
		`+ ip:`
		`+ address:`
		`+ - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"`
		`+ gateway4: "{{ eth0_ipv4_gw }}"`
		`+ dns:`
		`+ - "{{ dns1 }}"`
		`+ - "{{ dns2 }}"`
		`+ dns_search:`
		`+ - "{{ dns_search1 }}"`
		`+ - "{{ dns_search2 }}"`
		`+ - "{{ dns_search3 }}"`
		`+ dhcp4: no`
		`+ auto6: no`
		`+`
		`+ vpn: true`
		`+`
		`+ nrpe_procs_warn: 1200`
		`+ nrpe_procs_crit: 1400`

inventory/host_vars/worker03.ocp.iad2.fedoraproject.org

file added

+57

		`@@ -0,0 +1,57 @@`
		`+ ---`
		`+ freezes: true`
		`+`
		`+ datacenter: iad2`
		`+`
		`+ arch: x86_64`
		`+`
		`+ dns1: 10.3.163.33`
		`+ dns2: 10.3.163.34`
		`+`
		`+ dns_search1: "iad2.fedoraproject.org"`
		`+ dns_search3: "fedoraproject.org"`
		`+`
		`+ has_ipv4: yes`
		`+ eth0_ipv4: 10.3.163.125`
		`+ eth0_ipv4_nm: 24`
		`+ eth0_ipv4_gw: 10.3.163.254`
		`+ eth0_ip: "{{eth0_ipv4}}"`
		`+ nm: 255.255.255.0`
		`+ gw: "{{ eth0_ipv4_gw }}"`
		`+ dns: "{{ dns1 }}"`
		`+`
		`+ pxe_bootdev: eno33`
		`+ install_dev: /dev/sda`
		`+ mac0: "68:05:CA:CE:A7:4C"`
		`+`
		`+ rhcos_install_img_url: "http://10.3.163.165/rhcos/rhcos-{{ rhcos_version }}-x86_64-metal.x86_64.raw.gz"`
		`+ rhcos_install_url: "http://10.3.163.65/rhcos/"`
		`+ rhcos_kernel_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-kernel.x86_64"`
		`+ rhcos_initrd_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-initramfs.x86_64.img"`
		`+ rhcos_install_rootfs_url: "http://10.3.163.65/rhcos/rhcos-{{ rhcos_version }}-x86_64-live-rootfs.x86_64.img"`
		`+ rhcos_ignition_file_url: "http://10.3.163.65/rhcos/worker.ign"`
		`+`
		`+ network_connections:`
		`+ - name: eth0`
		`+ mac: "{{ mac0 }}"`
		`+ state: up`
		`+ type: ethernet`
		`+ autoconnect: yes`
		`+ ip:`
		`+ address:`
		`+ - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"`
		`+ gateway4: "{{ eth0_ipv4_gw }}"`
		`+ dns:`
		`+ - "{{ dns1 }}"`
		`+ - "{{ dns2 }}"`
		`+ dns_search:`
		`+ - "{{ dns_search1 }}"`
		`+ - "{{ dns_search2 }}"`
		`+ - "{{ dns_search3 }}"`
		`+ dhcp4: no`
		`+ auto6: no`
		`+`
		`+ vpn: true`
		`+`
		`+ nrpe_procs_warn: 1200`
		`+ nrpe_procs_crit: 1400`

inventory/inventory

file modified

+23

		`@@ -1054,6 +1054,29 @@`
		`osbs_aarch64_masters_stg`
		`osbs_aarch64_nodes_stg`

		`+ [ocp:children]`
		`+ os_control`
		`+ ocp_controlplane`
		`+ ocp_workers`
		`+ ocp_boostrap`
		`+`
		`+ [ocp_vms:children]`
		`+ ocp_boostrap`
		`+ ocp_controlplane`
		`+`
		`+ [ocp_controlplane]`
		`+ ocp01.ocp.iad2.fedoraproject.org`
		`+ ocp02.ocp.iad2.fedoraproject.org`
		`+ ocp03.ocp.iad2.fedoraproject.org`
		`+`
		`+ [ocp_workers]`
		`+ worker01.ocp.iad2.fedoraproject.org`
		`+ worker02.ocp.iad2.fedoraproject.org`
		`+ worker03.ocp.iad2.fedoraproject.org`
		`+`
		`+ [ocp_boostrap]`
		`+ bootstrap.ocp.iad2.fedoraproject.org`
		`+`
		`[ocp_stg:children]`
		`os_control_stg`
		`ocp_controlplane_stg`

playbooks/include/proxies-certificates.yml

file modified

		`@@ -49,6 +49,12 @@`
		`- app.os.fedoraproject.org`

		`- role: httpd/certificate`
		`+ certname: wildcard-2021.apps.ocp.fedoraproject.org`
		`+ SSLCertificateChainFile: wildcard-2021.apps.fedoraproject.org.intermediate.cert`
		`+ tags:`
		`+ - apps.ocp.fedoraproject.org`
		`+`
		`+ - role: httpd/certificate`
		`certname: getfedora.org`
		`SSLCertificateChainFile: getfedora.org.intermediate.cert`

playbooks/include/proxies-reverseproxy.yml

file modified

+26 -2

		`@@ -628,7 +628,7 @@`
		`balancer_name: ocp`
		`targettype: openshift`
		`ocp4: true`
		`- balancer_members: "{{ ocp_nodes }}"`
		`+ balancer_members: "{{ ocp_nodes_stg }}"`
		`keephost: true`
		`tags:`
		`- ocp.fedoraproject.org`
		`@@ -640,13 +640,37 @@`
		`balancer_name: apps-ocp`
		`targettype: openshift`
		`ocp4: true`
		`- balancer_members: "{{ ocp_nodes }}"`
		`+ balancer_members: "{{ ocp_nodes_stg }}"`
		`keephost: true`
		`tags:`
		`- apps.ocp.fedoraproject.org`
		`when: env == "staging"`

		`- role: httpd/reverseproxy`
		`+ website: "ocp{{ env_suffix }}.fedoraproject.org"`
		`+ destname: ocp`
		`+ balancer_name: ocp`
		`+ targettype: openshift`
		`+ ocp4: true`
		`+ balancer_members: "{{ ocp_nodes }}"`
		`+ keephost: true`
		`+ tags:`
		`+ - ocp.fedoraproject.org`
		`+ when: env == "production"`
		`+`
		`+ - role: httpd/reverseproxy`
		`+ website: "apps.ocp{{ env_suffix }}.fedoraproject.org"`
		`+ destname: apps.ocp`
		`+ balancer_name: apps-ocp`
		`+ targettype: openshift`
		`+ ocp4: true`
		`+ balancer_members: "{{ ocp_nodes }}"`
		`+ keephost: true`
		`+ tags:`
		`+ - apps.ocp.fedoraproject.org`
		`+ when: env == "production"`
		`+`
		`+ - role: httpd/reverseproxy`
		`website: "provision{{ env_suffix }}.fedoraproject.org"`
		`destname: zezere`
		`balancer_name: app-os`

playbooks/include/proxies-websites.yml

file modified

+24

		`@@ -713,6 +713,30 @@`
		`when: env == "staging"`

		`- role: httpd/website`
		`+ site_name: ocp.fedoraproject.org`
		`+ sslonly: true`
		`+ cert_name: "{{wildcard_cert_name}}"`
		`+ # The Connection and Upgrade headers don't work for h2`
		`+ # So non-h2 is needed to fix websockets.`
		`+ use_h2: false`
		`+ tags:`
		`+ - ocp.fedoraproject.org`
		`+ when: env == "prod"`
		`+`
		`+ - role: httpd/website`
		`+ site_name: apps.ocp.fedoraproject.org`
		`+ server_aliases: ["*.apps.ocp.fedoraproject.org", api.apps.ocp.fedoraproject.org]`
		`+ sslonly: true`
		`+ cert_name: "{{ocp_wildcard_cert_name}}"`
		`+ SSLCertificateChainFile: "{{ocp_wildcard_int_file}}"`
		`+ # The Connection and Upgrade headers don't work for h2`
		`+ # So non-h2 is needed to fix websockets.`
		`+ use_h2: false`
		`+ tags:`
		`+ - apps.ocp.fedoraproject.org`
		`+ when: env == "prod"`
		`+`
		`+ - role: httpd/website`
		`site_name: registry.fedoraproject.org`
		`server_aliases: [registry.stg.fedoraproject.org registry-no-cdn.fedoraproject.org]`
		`sslonly: true`

roles/dhcp_server/files/dhcpd.conf.noc01.iad2.fedoraproject.org

file modified

+25

		`@@ -548,6 +548,31 @@`
		`option subnet-mask 255.255.255.0;`
		`}`

		`+ # Production network`
		`+ host worker01-ocp {`
		`+ hardware ethernet 68:05:CA:CE:A3:C9;`
		`+ fixed-address 10.3.163.123;`
		`+ filename "uefi/grubx64.efi";`
		`+ next-server 10.3.163.10;`
		`+ option routers 10.3.163.254;`
		`+ option subnet-mask 255.255.255.0;`
		`+ }`
		`+ host worker02-ocp {`
		`+ hardware ethernet 68:05:CA:CE:A2:90;`
		`+ fixed-address 10.3.163.124;`
		`+ filename "uefi/grubx64.efi";`
		`+ next-server 10.3.163.10;`
		`+ option routers 10.3.163.254;`
		`+ option subnet-mask 255.255.255.0;`
		`+ }`
		`+ host worker03-ocp {`
		`+ hardware ethernet 68:05:CA:CE:A7:4C;`
		`+ fixed-address 10.3.163.125;`
		`+ filename "uefi/grubx64.efi";`
		`+ next-server 10.3.163.10;`
		`+ option routers 10.3.163.254;`
		`+ option subnet-mask 255.255.255.0;`
		`+ }`
		`# Staging network`
		`host worker01-ocp-stg {`
		`hardware ethernet 68:05:CA:CE:A2:AC;`

roles/haproxy/templates/haproxy.cfg

file modified

+28

		`@@ -37,6 +37,34 @@`
		`stats enable`
		`stats uri /`

		`+ {% if env == "production" %}`
		`+ frontend ocp-masters-kapi`
		`+ mode tcp`
		`+ bind 0.0.0.0:6443`
		`+ default_backend ocp-masters-backend-kapi`
		`+`
		`+ backend ocp-masters-backend-kapi`
		`+ mode tcp`
		`+ server ocp01.ocp.iad2.fedoraproject.org ocp01.ocp.iad2.fedoraproject.org:6443 weight 1 maxconn 16384 check`
		`+ server ocp02.ocp.iad2.fedoraproject.org ocp02.ocp.iad2.fedoraproject.org:6443 weight 1 maxconn 16384 check`
		`+ server ocp03.ocp.iad2.fedoraproject.org ocp03.ocp.iad2.fedoraproject.org:6443 weight 1 maxconn 16384 check`
		`+ # temp bootstrap node`
		`+ server bootstrap.ocp.iad2.fedoraproject.org bootstrap.ocp.iad2.fedoraproject.org:6443 weight 1 maxconn 16384 check`
		`+`
		`+ frontend ocp-masters-machineconfig`
		`+ mode tcp`
		`+ bind 0.0.0.0:22623`
		`+ default_backend ocp-masters-backend-machineconfig`
		`+`
		`+ backend ocp-masters-backend-machineconfig`
		`+ mode tcp`
		`+ server ocp01.ocp.iad2.fedoraproject.org ocp01.ocp.iad2.fedoraproject.org:22623 weight 1 maxconn 16384 check`
		`+ server ocp02.ocp.iad2.fedoraproject.org ocp02.ocp.iad2.fedoraproject.org:22623 weight 1 maxconn 16384 check`
		`+ server ocp03.ocp.iad2.fedoraproject.org ocp03.ocp.iad2.fedoraproject.org:22623 weight 1 maxconn 16384 check`
		`+ # temp bootstrap node`
		`+ server bootstrap.ocp.iad2.fedoraproject.org bootstrap.ocp.iad2.fedoraproject.org:22623 weight 1 maxconn 16384 check`
		`+ {% endif %}`
		`+`
		`{% if env != "production" %}`
		`frontend ocp-masters-kapi`
		`mode tcp`

dkirwan commented 3 years ago

Updated DHCP config for prod machines
Updated haproxy and apache config for prod
Added prod boxes to ansible inventory
Added groupvars to ansible for prod

Signed-off-by: David Kirwan dkirwan@redhat.com

dkirwan commented 3 years ago

Ping @mobrien @kevin

rebased onto 0049415ec2679b6c3a07ee91a1bf6c580b4b0a0f

3 years ago

zuul commented 3 years ago

Build succeeded.

fi-ansible--ansible-review-diff : SUCCESS in 2m 37s

Metadata Update from @mobrien:
- Pull-request tagged with: freeze-break-request

3 years ago

mobrien commented 3 years ago

+1 Looks good to me

rebased onto e750a701078878ee3e914770acc35ed4b7fe49be

3 years ago

dkirwan commented 3 years ago

Added ocp node vars to inventory/group_vars/proxies
Renamed inventory/group_vars/proxies_stg:ocp_nodes to ocp_nodes_stg
Updated playbooks/include/proxies-reverseproxy.yml

Tomorrow will add hostvars

zuul commented 3 years ago

Build succeeded.