Draft
Conversation
Co-authored-by: Denzil Phillips <denzillphillips@gmail.com>
we no longer need the OJS role this pr removes it
we install and configure datadog for our production servers. we also fix a bug where the production did not have the domain added to it. Co-authored-by: Beck Davis <beck-davis@users.noreply.github.com>
* update checkmk playbook to use Enterprise edition Co-authored-by: Beck Davis <beck-davis@users.noreply.github.com> Co-authored-by: Denzil Phillips <dphillips-39@users.noreply.github.com> Co-authored-by: Francis Kayiwa <kayiwa@users.noreply.github.com> Co-authored-by: Vickie Karasic <vickiekarasic@users.noreply.github.com> * use same version as on OOBM monitoring system Co-authored-by: Beck Davis <beck-davis@users.noreply.github.com> Co-authored-by: Denzil Phillips <dphillips-39@users.noreply.github.com> Co-authored-by: Francis Kayiwa <kayiwa@users.noreply.github.com> Co-authored-by: Vickie Karasic <vickiekarasic@users.noreply.github.com> * change the server version to cee also change the version to match OOBM Co-authored-by: Alicia Cozine <acozine@users.noreply.github.com> Co-authored-by: Beck Davis <beck-davis@users.noreply.github.com> Co-authored-by: Denzil Phillips <dphillips-39@users.noreply.github.com> Co-authored-by: Vickie Karasic <vickiekarasic@users.noreply.github.com> * pull shared values out so it is easier to see variance from prod to staging * add new nginx config Co-authored-by: Alicia Cozine <acozine@users.noreply.github.com> Co-authored-by: Angel Ruiz <aruiz1789@users.noreply.github.com> Co-authored-by: Beck Davis <beck-davis@users.noreply.github.com> Co-authored-by: Denzil Phillips <dphillips-39@users.noreply.github.com> Co-authored-by: John Kazmierski <jkazmier-PUL@users.noreply.github.com> Co-authored-by: Vickie Karasic <vickiekarasic@users.noreply.github.com> * add the download users credentials * add download user credentials Co-authored-by: Angel Ruiz <aruiz1789@users.noreply.github.com> Co-authored-by: Beck Davis <beck-davis@users.noreply.github.com> Co-authored-by: Denzil Phillips <dphillips-39@users.noreply.github.com> Co-authored-by: Vickie Karasic <vickiekarasic@users.noreply.github.com> --------- Co-authored-by: Alicia Cozine <acozine@users.noreply.github.com> Co-authored-by: Beck Davis <beck-davis@users.noreply.github.com> Co-authored-by: Denzil Phillips <dphillips-39@users.noreply.github.com> Co-authored-by: Francis Kayiwa <kayiwa@users.noreply.github.com> Co-authored-by: Vickie Karasic <vickiekarasic@users.noreply.github.com> Co-authored-by: Francis Kayiwa <kayiwa@pobox.com> Co-authored-by: Angel Ruiz <aruiz1789@users.noreply.github.com> Co-authored-by: John Kazmierski <jkazmier-PUL@users.noreply.github.com>
advances pulibrary/abid#182 Co-authored-by: Eliot Jordan <eliotjordan@users.noreply.github.com>
Co-authored-by: Eliot Jordan <eliotjordan@users.noreply.github.com>
Co-authored-by: Eliot Jordan <eliotjordan@users.noreply.github.com> Co-authored-by: Shaun Ellis <sdellis@users.noreply.github.com> Co-authored-by: Trey Pendragon <tpendragon@users.noreply.github.com> Co-authored-by: Sean Warren <seanwarren77@users.noreply.github.com>
Co-authored-by: Anna Headley <hackartisan@users.noreply.github.com>
Co-authored-by: Anna Headley <hackartisan@users.noreply.github.com>
[ABID] migrate to nomad
Co-authored-by: Denzil Phillips <denzillphillips@gmail.com>
lib-sftp will not be sending logs to datadog, so we don't need the role reference
* add new ansible database server to inventory * add steps to install postgresql-13 installs postgresql-13 on Rocky Linux add control loops for platforms * parametrize the OS values the values of Ubuntu and Redhat differ * disable datadog install Our datadog role does not (yet) work with RHEL * use bionic hardware DNS name changing the name to ansible-db1 will need more changes to happen. * Update playbooks/postgresql.yml Co-authored-by: Alicia Cozine <879121+acozine@users.noreply.github.com> * Update roles/postgresql/tasks/create_db.yml Co-authored-by: Alicia Cozine <879121+acozine@users.noreply.github.com> * Update roles/postgresql/templates/rh_postgresql.conf.j2 Co-authored-by: Alicia Cozine <879121+acozine@users.noreply.github.com> * we do not have other hosts connecting to ansible-db the ansible-db is restricted to ansible hosts and does not send logs to datadog. Remove the task that adds hosts to pg_hba and modify the logs to be readable only to the postgresql user * provide a clearer distinction of RHEL based packages we use dnf to distinguish it from apt based installation give the initialization task a clearer name * Update roles/postgresql/tasks/main.yml Co-authored-by: Alicia Cozine <879121+acozine@users.noreply.github.com> * placehold future work. this can be future work to make RHEL based os'es to place their files using the FHS that mirror's Debian (Ubuntu) Co-authored-by: Alicia Cozine <acozine@users.noreply.github.com> Co-authored-by: Angel Ruiz <aruiz1789@users.noreply.github.com> * templatize the postgresql logrotate we now have based VMS with a different file path. We add a key that points to the relevant location of logrotate Co-authored-by: Alicia Cozine <acozine@users.noreply.github.com> Co-authored-by: Beck Davis <beck-davis@users.noreply.github.com> * set fact for RHEL based hosts we use a different path for RHEL based vms --------- Co-authored-by: Alicia Cozine <879121+acozine@users.noreply.github.com> Co-authored-by: Alicia Cozine <acozine@users.noreply.github.com> Co-authored-by: Angel Ruiz <aruiz1789@users.noreply.github.com> Co-authored-by: Beck Davis <beck-davis@users.noreply.github.com>
Co-authored-by: Francis Kayiwa <kayiwa@users.noreply.github.com>
the enable postgresql task reports a failure even though the service is
still running. We comment it out and the role runs successfully
Co-authored-by: Beck Davis <beck-davis@users.noreply.github.com>
Co-authored-by: Denzil Phillips <denzillphillips@gmail.com>
[postgresql] remove enable postgresql
we need to make sure logrotate runs on our loadbalancer. this makes it so we will get an alert when it doesn't Co-authored-by: Beck Davis <beck-davis@users.noreply.github.com>
…ng that PostgreSQL server is not installed when postgres_is_local is true for the oawaiver Role
* [allsearch api] Ruby 3.4.1 with YJIT * related to https://github.com/pulibrary/princeton_ansible/pull/5799/files when running the playbook to upgrade to 3.4 bundler version is also updated to 2.6.2 --------- Co-authored-by: Jane Sandberg <js7389@princeton.edu>
[allsearch api] Ruby 3.4.1 with YJIT
Co-authored-by: Christina Chortaria <actspatial@gmail.com> Co-authored-by: Francis Kayiwa <kayiwa@pobox.com>
[nginxplus] add logrotate monitor
* add new server name add debugging on playbook * add checkmk agent group vars lower the number of variables needed for server and agent roles * add a role for checkmk agent the role allows us to upload the installers for ubuntu and rocky we are able to register a host and install and configure the agent using the ansible automation user we separate the values for checkmk server and client * add a readme for the role * disable gpg check * enable autodiscover * by default drop vms on Main have vms without homes end up on Main in the event that they are not Linux Co-authored-by: Angel Ruiz <aruiz1789@users.noreply.github.com> Co-authored-by: Beck Davis <beck-davis@users.noreply.github.com> * use a common name for the agent variables we do not use different values for different environments Co-authored-by: Angel Ruiz <aruiz1789@users.noreply.github.com> Co-authored-by: Beck Davis <beck-davis@users.noreply.github.com> --------- Co-authored-by: Angel Ruiz <aruiz1789@users.noreply.github.com> Co-authored-by: Beck Davis <beck-davis@users.noreply.github.com>
to reduce the noise from cifs mounts we move bibdata-qa2 to the private network
our solr-servers restrict who can access them. this configuration fixes access from the private network related to #5988
[bibdata-qa] move to private network
add the private network for our solr boxes
* Add a common.yml for figgy group vars Reformatted figgy production and staging group vars consolidating identical values into a single file. Co-authored-by: Alicia Cozine <acozine@users.noreply.github.com> * Reformat figgy group_vars to be listed alphabetically Organized production.yml and staging.yml items to be listed alphabetically
to reduce the CIFS noise add lib-jobs-prod2 to private network. Also remove ips no longer available
* deleted second kennyloggin config Co-authored-by: Beck Davis <beck-davis@users.noreply.github.com> Co-authored-by: Christina Chortaria <christinach@users.noreply.github.com> Co-authored-by: Jane Sandberg <sandbergja@users.noreply.github.com> * fixes typo --------- Co-authored-by: Christina Chortaria <christinach@users.noreply.github.com> Co-authored-by: Jane Sandberg <sandbergja@users.noreply.github.com>
[DPUL-C] Add Prometheus host volume for Nomad
add the new IP to our NFS exports remove library servers from postfix allow list related to #5988
[pas] move to private network
* remove duplicate app_protect config we didn't catch that upstream had a logrotate (it wasn't working) we add our config to prevent future updates from upstream breaking logrotate closes #6006 * add the path to log file * remove cdh-test-sandbox
updates the IP address - we are moving all hosts to the private network to reduce the CIFS mounts noise from our monitoring related to #5988
* testing a workaround for agent installs * adds new pdc-describe-redis group to staging group * trying https protocol for the add-checks playbook * load all vars files so we have access to vaulted vars * maybe the https change is now blocking auth? * with distributed checkmk, the site name for staging is now 'staging' * uses the right combination of server, site, and auth Co-authored-by: Francis Kayiwa <kayiwa@users.noreply.github.com> Co-authored-by: Vickie Karasic <vickiekarasic@users.noreply.github.com> --------- Co-authored-by: Alicia Cozine <acozine@users.noreply.github.com> Co-authored-by: Francis Kayiwa <kayiwa@users.noreply.github.com> Co-authored-by: Vickie Karasic <vickiekarasic@users.noreply.github.com>
we are moving the worker boxes to the private network to reduces the CIFS noise on CheckMK. Running the playbook to add the VM to the db server failed until this change related to #5988
we reduce the noise from CIFS mounts dropping connections by moving them to the private network relates to #5988
[bibdata] move to private network
[PDC_DESCRIBE] Add embargo buckets to environment vars
Co-authored-by: Christina Chortaria <christinach@users.noreply.github.com>
[Catalog] Add a test traefik wall that can be quickly adjusted just for catalog testing
these two hosts are no longer in use and report as unavailable during os and security updates
6 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Please do not merge, this branch is for testing only.