pagure-proxy: drop pagure-proxy as it's not needed anymore.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
parent
87be5ba24a
commit
6e30ad8c76
|
@ -1,23 +0,0 @@
|
|||
---
|
||||
# for systems that do not match the above - specify the same parameter in
|
||||
# the host_vars/$hostname file
|
||||
|
||||
tcp_ports: [ 22, 25, 80, 443, 9418,
|
||||
# Used for the eventsource
|
||||
8088,
|
||||
# This is for the pagure public fedmsg relay
|
||||
9940]
|
||||
|
||||
fas_client_groups: sysadmin-noc
|
||||
|
||||
freezes: true
|
||||
postfix_group: vpn.pagure
|
||||
|
||||
# For the MOTD
|
||||
csi_security_category: Low
|
||||
csi_primary_contact: Fedora admins - admin@fedoraproject.org
|
||||
csi_purpose: Proxy specific ports to OSUOSL for preventing slow peering
|
||||
csi_relationship: |
|
||||
This box proxies traffic over to pagure01.fedoraproject.org
|
||||
|
||||
(This is done because OSUOSL has terribly slow peering to EU)
|
|
@ -1,55 +0,0 @@
|
|||
---
|
||||
nm: 255.255.255.128
|
||||
gw: 152.19.134.129
|
||||
dns: 8.8.8.8
|
||||
|
||||
custom_rules: ['-A FORWARD -j ACCEPT']
|
||||
|
||||
nat_rules: [
|
||||
# SSH
|
||||
'-A PREROUTING --dst 152.19.134.147 -p tcp --dport 22 -j DNAT --to-destination 8.43.85.75:22',
|
||||
'-A POSTROUTING -p tcp --dst 8.43.85.75 --dport 22 -j SNAT --to-source 152.19.134.147',
|
||||
'-A OUTPUT --dst 152.19.134.147 -p tcp --dport 22 -j DNAT --to-destination 8.43.85.75:22',
|
||||
# SMTP
|
||||
'-A PREROUTING --dst 152.19.134.147 -p tcp --dport 25 -j DNAT --to-destination 8.43.85.75:25',
|
||||
'-A POSTROUTING -p tcp --dst 8.43.85.75 --dport 25 -j SNAT --to-source 152.19.134.147',
|
||||
'-A OUTPUT --dst 152.19.134.147 -p tcp --dport 25 -j DNAT --to-destination 8.43.85.75:25',
|
||||
# web-80
|
||||
'-A PREROUTING --dst 152.19.134.147 -p tcp --dport 80 -j DNAT --to-destination 8.43.85.75:80',
|
||||
'-A POSTROUTING -p tcp --dst 8.43.85.75 --dport 80 -j SNAT --to-source 152.19.134.147',
|
||||
'-A OUTPUT --dst 152.19.134.147 -p tcp --dport 80 -j DNAT --to-destination 8.43.85.75:80',
|
||||
# web-443
|
||||
'-A PREROUTING --dst 152.19.134.147 -p tcp --dport 443 -j DNAT --to-destination 8.43.85.75:443',
|
||||
'-A POSTROUTING -p tcp --dst 8.43.85.75 --dport 443 -j SNAT --to-source 152.19.134.147',
|
||||
'-A OUTPUT --dst 152.19.134.147 -p tcp --dport 443 -j DNAT --to-destination 8.43.85.75:443',
|
||||
# 9418
|
||||
'-A PREROUTING --dst 152.19.134.147 -p tcp --dport 9418 -j DNAT --to-destination 8.43.85.75:9418',
|
||||
'-A POSTROUTING -p tcp --dst 8.43.85.75 --dport 9418 -j SNAT --to-source 152.19.134.147',
|
||||
'-A OUTPUT --dst 152.19.134.147 -p tcp --dport 9418 -j DNAT --to-destination 8.43.85.75:9418',
|
||||
# Eventsource
|
||||
'-A PREROUTING --dst 152.19.134.147 -p tcp --dport 8088 -j DNAT --to-destination 8.43.85.75:8088',
|
||||
'-A POSTROUTING -p tcp --dst 8.43.85.75 --dport 8088 -j SNAT --to-source 152.19.134.147',
|
||||
'-A OUTPUT --dst 152.19.134.147 -p tcp --dport 8088 -j DNAT --to-destination 8.43.85.75:8088',
|
||||
# Fedmsg
|
||||
'-A PREROUTING --dst 152.19.134.147 -p tcp --dport 9940 -j DNAT --to-destination 8.43.85.75:9940',
|
||||
'-A POSTROUTING -p tcp --dst 8.43.85.75 --dport 9940 -j SNAT --to-source 152.19.134.147',
|
||||
'-A OUTPUT --dst 152.19.134.147 -p tcp --dport 9940 -j DNAT --to-destination 8.43.85.75:9940',
|
||||
]
|
||||
|
||||
|
||||
ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-ext
|
||||
ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/
|
||||
|
||||
volgroup: /dev/vg_guests
|
||||
|
||||
eth0_ip: 152.19.134.146
|
||||
eth0_nm: 255.255.255.128
|
||||
has_ipv6: yes
|
||||
eth0_ipv6: "2610:28:3090:3001:dead:beef:cafe:fe46"
|
||||
eth0_ipv6_gw: "2610:28:3090:3001::1"
|
||||
eth0_secondary_ip: 152.19.134.147
|
||||
|
||||
sponsor: ibiblio
|
||||
datacenter: ibiblio
|
||||
postfix_group: vpn
|
||||
vmhost: ibiblio01.fedoraproject.org
|
|
@ -1297,9 +1297,6 @@ pagure01.fedoraproject.org
|
|||
[pagure_stg]
|
||||
pagure-stg01.fedoraproject.org
|
||||
|
||||
[pagure_proxy]
|
||||
pagure-proxy01.fedoraproject.org
|
||||
|
||||
[twisted_buildbots]
|
||||
twisted-fedora26-1.fedorainfracloud.org
|
||||
twisted-fedora26-2.fedorainfracloud.org
|
||||
|
|
|
@ -79,7 +79,6 @@
|
|||
- import_playbook: /srv/web/infra/ansible/playbooks/groups/os-proxies.yml
|
||||
- import_playbook: /srv/web/infra/ansible/playbooks/groups/packages.yml
|
||||
- import_playbook: /srv/web/infra/ansible/playbooks/groups/pagure.yml
|
||||
- import_playbook: /srv/web/infra/ansible/playbooks/groups/pagure-proxy.yml
|
||||
- import_playbook: /srv/web/infra/ansible/playbooks/groups/pdc.yml
|
||||
- import_playbook: /srv/web/infra/ansible/playbooks/groups/people.yml
|
||||
- import_playbook: /srv/web/infra/ansible/playbooks/groups/pkgs.yml
|
||||
|
|
|
@ -1,33 +0,0 @@
|
|||
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=pagure_proxy"
|
||||
|
||||
- name: make the boxen be real for real
|
||||
hosts: pagure_proxy
|
||||
user: root
|
||||
gather_facts: True
|
||||
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- "/srv/private/ansible/vars.yml"
|
||||
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
||||
|
||||
roles:
|
||||
- base
|
||||
- rkhunter
|
||||
- nagios_client
|
||||
- hosts
|
||||
- fas_client
|
||||
- sudo
|
||||
- collectd/base
|
||||
|
||||
pre_tasks:
|
||||
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
|
||||
|
||||
tasks:
|
||||
- import_tasks: "{{ tasks_path }}/2fa_client.yml"
|
||||
- import_tasks: "{{ tasks_path }}/motd.yml"
|
||||
|
||||
- name: Enable ipv4_forward in sysctl
|
||||
sysctl: name=net.ipv4.ip_forward value=1 state=present sysctl_set=yes reload=yes
|
||||
|
||||
handlers:
|
||||
- import_tasks: "{{ handlers_path }}/restart_services.yml"
|
Loading…
Reference in New Issue