Commit graph

34634 commits

Author SHA1 Message Date
Kevin Fenzi
c73f991e30 rabbitmq_cluster / osci / staging: adjust the queue names to match username
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-02-16 10:47:06 -08:00
Kevin Fenzi
3f5fe0434d rabbitmq_cluster / osci queues: have to make them start with username in stg
This worked in prod, but in staging the queue isn't starting with the
username because that has a .stg in it. So, we need to also have the
queue's have .stg in the name.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-02-16 10:37:22 -08:00
Stephen Smoogen
33049aae15 try adding in items for the other copr hardware 2021-02-16 13:29:04 -05:00
Stephen Smoogen
f52f1c774f add in the other copr systems into the hardware list 2021-02-16 13:29:04 -05:00
Stephen Smoogen
0fa7d3d45e Try to make the naming of rdu-cc systems more consistent. 2021-02-16 13:29:04 -05:00
Nils Philippsen
2e6819354f ipa/client: Don't trip over undefined group vars
With set_facts, if an element of a list is undefined, the containing
fact variable becomes a string. Something Sirius Cybernetics Corporation
something something.

Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-02-16 19:20:29 +01:00
Nils Philippsen
c394c808e6 ipa/client: Deal better with unset IPA variables
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-02-16 15:37:12 +01:00
Nils Philippsen
109865606a ipa/client: Don't divulge secrets
The `ipa_server_admin_passwords` contains the passwords of the admin
users of all IPA servers affected in a play. Don't loop over them
directly to avoid divulging them in the logs or on the console.

Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-02-16 14:19:04 +01:00
Nils Philippsen
5521d83040 ipa/client: Deal with hosts without IPA settings
Don't attempt to loop over undefined variables. This can happen if the
relevant `ipa_*` variables aren't defined for any host in the play.

Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-02-16 14:16:40 +01:00
Kevin Fenzi
4fbe37e9e2 Disable no longer used/mirrored/needed openshift for rhel7 repo.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-02-15 15:25:26 -08:00
Pierre-Yves Chibon
b2b6bc8bcb distgit/pagure: make the short commit be 7 chars
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
2021-02-15 14:59:27 +01:00
Michal Konečný
cb4ea556a9 the-new-hotness: Add time to log
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
2021-02-15 12:50:47 +01:00
Michal Konečný
086ec5dabc release-monitoring: Add time to log
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
2021-02-15 12:46:36 +01:00
Kevin Fenzi
681fa8550c koji_builder: ppc64le builders also dont want rngd
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-02-12 16:00:12 -08:00
Nils Philippsen
cd551a0f07 ipa/client: Split up shell access HBAC rule tasks
Need to create the rule, then add members to it.

Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-02-12 18:26:05 +01:00
Nils Philippsen
193aefa78e ipa/client: Don't log IPA admin password
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-02-12 18:18:26 +01:00
Mark O'Brien
f1f7d6d929 updated osbs playbooks run in main.yml 2021-02-12 17:09:22 +00:00
Nils Philippsen
2bf34099e2 ipa/client: Fix ensuring hosts exist in groups
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-02-12 18:08:03 +01:00
Nils Philippsen
686768423e ipa/client: Build missing ipa_server_user_groups
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-02-12 17:52:39 +01:00
Stephen Coady
7ada76d200 Manage bastion email aliases using fasjson 2021-02-12 16:17:23 +00:00
Aurélien Bompard
2fde74e20f
Use the final centos accounts name
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2021-02-12 16:16:17 +01:00
Aurélien Bompard
3429a210b3
Fix the IPA uninstall script again
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2021-02-12 16:08:29 +01:00
Nils Philippsen
3d1c5218f7 ipa/client: Combine operations on the IPA server
The reason for this is to avoid having to do the same or similar things
over and over again for each host in the play, especially since these
operations are delegated to the IPA server, i.e. had to run sequentially
host after host in order to avoid race conditions.

To achieve this, the IPA client related group variables are prepared in
suitable structures in `prepare-ipa-info.yml` and consumed by
`common.yml`, `hbac.yml` and `sudo.yml`, which do most operations in one
go per e.g. host group on the affected IPA server(s).

Additionally:
- Remove compat for legacy `fas_client_groups`, only check for its
  presence and warn.
- Remove the prepared but masked out task to manage password-less sudo
  access.
- Make yamllint a little happier on the changed files.

Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-02-12 14:25:25 +00:00
Mark O'Brien
fdcd55c176 add ipa/client role to the rest of the playbookd for staging 2021-02-12 14:22:40 +00:00
Mark O'Brien
4e33f7c5d7 remove trailing backslash 2021-02-12 14:22:40 +00:00
Mark O'Brien
5e3848ad7b add ipa client role to hosts with no fas in staging 2021-02-12 14:22:40 +00:00
Stephen Smoogen
68aa3227e1 Remove ip address 2021-02-12 08:28:34 -05:00
Aurélien Bompard
6252a33965
Fix multiple errors in the ipa uninstall playbook
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2021-02-12 13:51:18 +01:00
Stephen Smoogen
65f6438361 EMERGENCY BLOCK: 135.181.183.144 to people 2021-02-12 07:07:56 -05:00
Pierre-Yves Chibon
a32dabc92e nagios_client: install the pagure systemd checks on all pagure instances
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
2021-02-12 12:37:26 +01:00
seddikalaouiismaili
890dd31cb0 script to monitor systemd units on pagure 2021-02-12 11:34:57 +00:00
Aurélien Bompard
aace9bb2cc
New certificate for IPA in staging
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2021-02-12 11:39:24 +01:00
Pierre-Yves Chibon
7868dcfa81 distgit/pagure: add a hotfix tag where we fix the /var/log/pagure folder
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
2021-02-12 09:52:00 +01:00
Pierre-Yves Chibon
30336150a8 pagure: add another tag
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
2021-02-12 09:52:00 +01:00
Mohan Boddu
bac8bc67ed Use f35 key for eln-rebuild
Signed-off-by: Mohan Boddu <mboddu@bhujji.com>
2021-02-11 19:22:45 -05:00
Mohan Boddu
2bb5a03b7f Use f35 key for eln
Signed-off-by: Mohan Boddu <mboddu@bhujji.com>
2021-02-11 18:37:08 -05:00
Kevin Fenzi
e1ff498057 greenwave: set warning on nagios check of queue to 50 from 10
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-02-11 11:32:52 -08:00
Kevin Fenzi
2e415fc383 koji_hub / kojira: restart kojira when kojira.conf changes
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-02-11 09:23:15 -08:00
Mohan Boddu
3af1bf0374 F34 is in preenable state
Signed-off-by: Mohan Boddu <mboddu@bhujji.com>
2021-02-11 11:30:52 -05:00
Aurélien Bompard
ab94dc42eb
IPA: until we get the ipaselfservice module, we need the admin ticket
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2021-02-11 13:42:23 +01:00
Aurélien Bompard
f29bd5f92c
Cut'n'paste is the root of all evil
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2021-02-11 13:39:01 +01:00
Aurélien Bompard
8f9076c6d7
IPA: fix commands for nis and compat
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2021-02-11 13:05:25 +01:00
Aurélien Bompard
00e8e4eb25
Don't get a keytab on IPA itself
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2021-02-11 12:34:22 +01:00
a137af00ca Set noggin default avatar to retro
The default in noggin for the libravatar default avatar (i.e. the avatar
that shows when a user hasnt set their avatar) is an autogenerated
robot.

However, the majority of other applications in Fedora Infra use the
"retro" avatar option. This changes the config of noggin in Fedora
Accounts to use the retro option, rather than the robot one.

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
2021-02-11 10:57:23 +00:00
Pierre-Yves Chibon
eba9565e3b pagure: make the instance-wide admins be a list of users rather than a group
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
2021-02-11 10:58:55 +01:00
Aurélien Bompard
a545c86f4a
Ignore uninstall errors
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2021-02-11 10:41:06 +01:00
Aurélien Bompard
c62c35dd6a
Add ipa_host_group for Ipsilon
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2021-02-11 10:00:36 +01:00
Kevin Fenzi
2e0d7b1b18 Add missing d from last commit
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-02-10 20:33:05 -08:00
Kevin Fenzi
3e3f7f9cf4 Fix line wrapping issue in last commit
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-02-10 20:13:18 -08:00
Kevin Fenzi
a5e9b375fa fedocal: put the entire old group file back.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-02-10 20:03:31 -08:00