Merge pull request #229 from viccross/updates-from-lab

Resync the updates from lab
viccross · Jul 11, 2024 · 46266f9 · 46266f9
2 parents 66a31b8 + df8b14d
commit 46266f9
Show file tree

Hide file tree

Showing 47 changed files with 1,616 additions and 297 deletions.
diff --git a/inv-end-7.3/group_vars/all.yml b/inv-end-7.3/group_vars/all.yml
@@ -60,3 +60,10 @@ ip_master_2: '{{ cluster["nodes"]["control-2"]["ip"] }}'
 ip_worker_0: '{{ cluster["nodes"]["compute-0"]["ip"] }}'
 ip_worker_1: '{{ cluster["nodes"]["compute-1"]["ip"] }}'
 ip_worker_2: '{{ cluster["nodes"]["compute-2"]["ip"] }}'
+#
+mqttgate_id: mqttgate
+mqttgate_pass: mqttgate
+mqtt_promtail_id: grafanaloki01
+mqtt_promtail_pass: grafanaloki01
+mqtt_consend_id: consend01
+mqtt_consend_pass: consend01
diff --git a/inv-end-7.3/host_vars/lxocpb01-7.3.yml b/inv-end-7.3/host_vars/lxocpb01-7.3.yml
@@ -6,11 +6,11 @@ guest_name: "LXOCPB01"
 guest_pwd: "LBYONLY"
 guest_dasd_grp_linux: "LINUX"
 guest_install_hostname: "lxocpb01"
-guest_temp_ipaddr: "9.60.86.74"
-guest_install_ipaddr: "9.60.86.74"
-guest_install_netmask: "255.255.254.0"
-guest_install_gateway: "9.60.86.1"
-guest_install_nameserver: "9.60.70.82"
+guest_temp_ipaddr: "9.33.124.31"
+guest_install_ipaddr: "9.33.124.31"
+guest_install_netmask: "255.255.255.0"
+guest_install_gateway: "9.33.124.1"
+guest_install_nameserver: "9.0.0.1"
 guest_install_znet: "qeth,0.0.0ad0,0.0.0ad1,0.0.0ad2,layer2=1,portname=none,portno=0"
 guest_install_dasd: "0.0.0200"
 guest_install_nicid: "encad0"
@@ -28,7 +28,7 @@ guest_install_repo_appstream: "AppStream"
 #   https_proxy: http://{{ upstream_proxy_ip }}:{{ upstream_proxy_port }}
 #
 # smapi parameters
-smapi_host: "9.60.86.73"
+smapi_host: "9.33.124.30"
 smapi_user: "IBMAUTO"
 smapi_password: "jTghTGinJupD63yh"
 #
diff --git a/inv-end-7.3/host_vars/lxocpb01-fba-7.3.yml b/inv-end-7.3/host_vars/lxocpb01-fba-7.3.yml
@@ -6,11 +6,11 @@ guest_name: "LXOCPB01"
 guest_pwd: "LBYONLY"
 guest_dasd_grp_linux: "LINUX"
 guest_install_hostname: "lxocpb01-fba"
-guest_temp_ipaddr: "9.60.87.254"
-guest_install_ipaddr: "9.60.87.254"
-guest_install_netmask: "255.255.254.0"
-guest_install_gateway: "9.60.86.1"
-guest_install_nameserver: "9.60.70.82"
+guest_temp_ipaddr: "9.33.124.33"
+guest_install_ipaddr: "9.33.124.33"
+guest_install_netmask: "255.255.255.0"
+guest_install_gateway: "9.33.124.1"
+guest_install_nameserver: "9.0.0.1"
 guest_install_znet: "qeth,0.0.0ad0,0.0.0ad1,0.0.0ad2,layer2=1,portname=none,portno=0"
 guest_install_dasd: "0.0.0200"
 guest_install_nicid: "encad0"
@@ -28,7 +28,7 @@ guest_install_repo_appstream: "AppStream"
 #   https_proxy: http://{{ upstream_proxy_ip }}:{{ upstream_proxy_port }}
 #
 # smapi parameters
-smapi_host: "9.60.87.253"
+smapi_host: "9.33.124.32"
 smapi_user: "IBMAUTO"
 smapi_password: "jTghTGinJupD63yh"
 #
diff --git a/local-playbooks/build-a-bastion.yml b/local-playbooks/build-a-bastion.yml
@@ -2,12 +2,12 @@
 - name: Create a CA for the Bastion
   hosts: localhost
   roles:
-  - create-local-ca
+  - { role: 'create-local-ca', tags: 'local-ca' }
 
 - name: Copy Intermediate CA cert to the ESI ELAN system
   hosts: s390x_bastion_workstation
   roles:
-  - copy-ca-to-bastion
+  - { role: 'copy-ca-to-bastion', tags: 'copy-ca-to-bastion' }
   vars:
     root_ca_key_path: "{{ hostvars['localhost']['ca_key_path'] }}"
     root_ca_csr_path: "{{ hostvars['localhost']['ca_csr_path'] }}"
@@ -16,18 +16,20 @@
 - name: Configure services on the ESI ELAN system
   hosts: s390x_bastion_workstation
   roles:
-  - configure-internal-net
-  - almalinux-gpg
-  - install-base-packages
-  - configure-squid
-  - setup-firstboot-ipconf
-  - configure-dns
-  - configure-nfs
-  - configure-apache
-  - setup-web-resources
-  - configure-haproxy
-  - configure-cockpit
+  - { role: 'configure-internal-net', tags: 'internal-net' }
+  - { role: 'almalinux-gpg', tags: 'almalinux-gpg' }
+  - { role: 'install-base-packages', tags: 'base-packages' }
+  - { role: 'configure-squid', tags: 'squid' }
+  - { role: 'setup-firstboot-ipconf', tags: 'firstboot' }
+  - { role: 'configure-dns', tags: 'dns' }
+  - { role: 'configure-nfs', tags: 'nfs' }
+  - { role: 'configure-apache', tags: 'apache' }
+  - { role: 'setup-web-resources', tags: 'web-resources' }
+  - { role: 'configure-haproxy', tags: 'haproxy' }
+  - { role: 'configure-cockpit', tags: 'cockpit' }
 #  - configure-ignition
-  - setup-ocp-deployer
-  - setup-icic-deployer
-  - setup-finna-response
+  - { role: 'setup-grafana-log-viewer', tags: 'grafana' }
+  - { role: 'setup-ocp-deployer', tags: 'ocp-deployer' }
+  - { role: 'setup-icic-deployer', tags: 'icic-deployer' }
+  - { role: 'setup-podman-and-registry', tags: 'podman-registry' }
+  - { role: 'setup-finna-response', tags: 'finna-response' }
diff --git a/local-playbooks/prepare-elans-for-dump.yaml b/local-playbooks/prepare-elans-for-dump.yaml
@@ -0,0 +1,48 @@
+---
+- name: Clean up the ELAN disks
+  hosts: s390x_bastion_workstation
+  tasks:
+  - name: Find rotated log files
+    find:
+      paths: /var/log
+      recurse: true
+      patterns:
+        - '*-2*'
+        - 'dnf*.log.*'
+        - 'audit.log.*'
+        - 'grafana.log.*'
+    register: find_results
+  - name: Clean the found logs
+    file:
+      path: "{{ item['path'] }}"
+      state: absent
+    with_items: "{{ find_results['files'] }}"
+  - name: Zero the empty space
+    shell:
+      cmd: dd if=/dev/zero of=/zerofile bs=1k || rm -f /zerofile
+
+- name: Shut down the ELANs to prepare for dump
+  hosts: localhost
+  vars:
+    smapi_ckd_ip: "{{ hostvars['lxocpb01-7.3'].smapi_host }}"
+    smapi_fba_ip: "{{ hostvars['lxocpb01-fba-7.3'].smapi_host }}"
+    smapi_ckd_user: "{{ hostvars['lxocpb01-7.3'].smapi_user }}"
+    smapi_fba_user: "{{ hostvars['lxocpb01-fba-7.3'].smapi_user }}"
+    smapi_ckd_pass: "{{ hostvars['lxocpb01-7.3'].smapi_password }}"
+    smapi_fba_pass: "{{ hostvars['lxocpb01-fba-7.3'].smapi_password }}"
+  tasks:
+  - name: Shut down the ELANS
+    shell:
+      cmd: smcli id -T LXOCPB01 -H {{ item.ip }}/44444 -U {{ item.user }} -P {{ item.password }}
+    loop:
+    - { ip: "{{ smapi_ckd_ip }}", user: "{{ smapi_ckd_user }}", password: "{{ smapi_ckd_pass }}" }
+    - { ip: "{{ smapi_fba_ip }}", user: "{{ smapi_fba_user }}", password: "{{ smapi_fba_pass }}" }
+  - name: Prompt to continue
+    pause:
+      prompt: Perform the dump, then resume
+  - name: Start up the ELANs
+    shell:
+      cmd: smcli ia -T LXOCPB01 -H {{ item.ip }}/44444 -U {{ item.user }} -P {{ item.password }}
+    loop:
+    - { ip: "{{ smapi_ckd_ip }}", user: "{{ smapi_ckd_user }}", password: "{{ smapi_ckd_pass }}" }
+    - { ip: "{{ smapi_fba_ip }}", user: "{{ smapi_fba_user }}", password: "{{ smapi_fba_pass }}" }
diff --git a/local-playbooks/roles/almalinux-gpg/tasks/main.yml b/local-playbooks/roles/almalinux-gpg/tasks/main.yml
@@ -2,8 +2,8 @@
 - name: Set up AlmaLinux GPG key
   rpm_key:
     state: present
-    key: https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux
+    key: "https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux{{ '-9' if ansible_distribution_major_version == 9 }}"
 - name: Set up EPEL GPG key
   rpm_key:
     state: present
-    key: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8
+    key: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}"
diff --git a/local-playbooks/roles/configure-apache/tasks/main.yml b/local-playbooks/roles/configure-apache/tasks/main.yml
@@ -86,7 +86,6 @@
   - internal
   - public
   notify:
-    - Restart firewalld
     - Restart httpd
 
 - name: Allow traffic at 8443 for apache
@@ -101,5 +100,4 @@
   - internal
   - public
   notify:
-    - Restart firewalld
     - Restart httpd
diff --git a/local-playbooks/roles/configure-dns/tasks/main.yml b/local-playbooks/roles/configure-dns/tasks/main.yml
@@ -23,48 +23,48 @@
 #  notify:
 #  - Restart dns
 
-#- name: Create DNS Forward zone (internal)
-#  template:
-#    src: var/named/ibmpoc_internal.zone.j2
-#    dest: /var/named/ibmpoc_internal.zone
-#    owner: named
-#    group: named
-#    mode: 0640
+- name: Create DNS Forward zone (internal)
+  template:
+    src: var/named/ibmpoc_internal.zone.j2
+    dest: /var/named/ibmpoc_internal.zone
+    owner: named
+    group: named
+    mode: 0640
 
-#- name: Unmanage resolve.conf in NetworkManager
-#  lineinfile:
-#    line: dns=none
-#    dest: /etc/NetworkManager/NetworkManager.conf
-#    insertafter: "\\[main\\].*"
-#    regexp: "^dns=.*"
+- name: Unmanage resolve.conf in NetworkManager
+  lineinfile:
+    line: dns=none
+    dest: /etc/NetworkManager/NetworkManager.conf
+    insertafter: "\\[main\\].*"
+    regexp: "^dns=.*"
 
-#- name: Restart NetworkManager to have DNS change take effect
-#  systemd:
-#    name: NetworkManager
-#    state: restarted
+- name: Restart NetworkManager to have DNS change take effect
+  systemd:
+    name: NetworkManager
+    state: restarted
 
-#- name: Use local dns in resolv.conf
-#  blockinfile:
-#    dest: /etc/resolv.conf
-#    insertbefore: BOF
-#    block: |
-#      search {{ cluster_domain_name }}
-#      nameserver {{ bastion_private_ip_address }}
+- name: Use local dns in resolv.conf
+  blockinfile:
+    dest: /etc/resolv.conf
+    insertbefore: BOF
+    block: |
+      search {{ cluster_domain_name }}
+      nameserver {{ bastion_private_ip_address }}
 
-#- name: Create DNS Reverse zone
-#  template:
-#    src: var/named/subnet.in-addr.arpa.zone.j2
-#    dest: /var/named/{{ subnet_in_addr_name }}.in-addr.arpa.zone
-#    owner: named
-#    group: named
-#    mode: 0640
+- name: Create DNS Reverse zone
+  template:
+    src: var/named/subnet.in-addr.arpa.zone.j2
+    dest: /var/named/{{ subnet_in_addr_name }}.in-addr.arpa.zone
+    owner: named
+    group: named
+    mode: 0640
 
-#- name: Create /etc/named.conf
-#  template:
-#    src: etc/named.conf.j2
-#    dest: /etc/named.conf
-#    group: named
-#    mode: 0640
+- name: Create /etc/named.conf
+  template:
+    src: etc/named.conf.j2
+    dest: /etc/named.conf
+    group: named
+    mode: 0640
 
 #- name: Create /etc/named.conf.source
 #  template:
@@ -89,20 +89,19 @@
 - name: Add dns to firewall
   firewalld:
     permanent: true
+    immediate: true
     service: dns
     state: enabled
     zone: "{{ item }}"
   with_items:
     - internal
     - public
-  notify:
-    - Restart firewalld
 
-#- name: Restart named-chroot.service
-#  service:
-#    name: named-chroot.service
-#    state: restarted
-#    enabled: true
+- name: Restart named-chroot.service
+  service:
+    name: named-chroot.service
+    state: restarted
+    enabled: true
 
 #- name: Restart firewalld.service
 #  service:

diff --git a/local-playbooks/roles/configure-dns/templates/var/named/subnet.in-addr.arpa.zone.j2 b/local-playbooks/roles/configure-dns/templates/var/named/subnet.in-addr.arpa.zone.j2
@@ -1,9 +1,3 @@
-{% set bootstrap = cluster_nodes['bootstrap'] %}
-{% set masters = cluster_nodes['masters'] %}
-{% set workers = cluster_nodes['workers'] %}
-{% if cluster_nodes['bootworker'] is defined %}
-{% set bootworker = cluster_nodes['bootworker'] %}
-{% endif %}
 $TTL 900
 
 @ IN SOA bastion-int.{{ cluster_domain_name }} hostmaster.{{ cluster_domain_name }}. (
@@ -14,22 +8,3 @@ $TTL 900
 {{ zvm_internal_ip_address.split('.')[3] }} IN PTR zVM.ibmpoc.internal.
 {{ zvm_internal_ip_address.split('.')[3] }} IN PTR LDAPSRV.ibmpoc.internal.
 {{ bastion_private_ip_address.split('.')[3] }} IN PTR bastion-int.{{ cluster_domain_name }}.
-
-{% for item in masters.keys() %}
-{{ masters[item].ip.split('.')[3] }} IN PTR {{ item }}.{{ cluster_domain_name }}.
-{% endfor %}
-
-{% if workers is defined %}
-{% for item in workers.keys() %}
-{{ workers[item].ip.split('.')[3] }} IN PTR {{ item }}.{{ cluster_domain_name }}.
-{% endfor %}
-{% endif %}
-{% if bootworker is defined %}
-{% for item in bootworker.keys() %}
-{{ bootworker[item].ip.split('.')[3] }} IN PTR {{ item }}.{{ cluster_domain_name }}.
-{% endfor %}
-{% endif %}
-
-{% for item in bootstrap.keys() %}
-{{ bootstrap[item].ip.split('.')[3] }} IN PTR {{ item }}.{{ cluster_domain_name }}.
-{% endfor %}