Kevin Fenzi
c73f991e30
rabbitmq_cluster / osci / staging: adjust the queue names to match username
...
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-02-16 10:47:06 -08:00
Kevin Fenzi
3f5fe0434d
rabbitmq_cluster / osci queues: have to make them start with username in stg
...
This worked in prod, but in staging the queue isn't starting with the
username because that has a .stg in it. So, we need to also have the
queue's have .stg in the name.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-02-16 10:37:22 -08:00
Stephen Smoogen
33049aae15
try adding in items for the other copr hardware
2021-02-16 13:29:04 -05:00
Stephen Smoogen
f52f1c774f
add in the other copr systems into the hardware list
2021-02-16 13:29:04 -05:00
Stephen Smoogen
0fa7d3d45e
Try to make the naming of rdu-cc systems more consistent.
2021-02-16 13:29:04 -05:00
Nils Philippsen
2e6819354f
ipa/client: Don't trip over undefined group vars
...
With set_facts, if an element of a list is undefined, the containing
fact variable becomes a string. Something Sirius Cybernetics Corporation
something something.
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-02-16 19:20:29 +01:00
Nils Philippsen
c394c808e6
ipa/client: Deal better with unset IPA variables
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-02-16 15:37:12 +01:00
Nils Philippsen
109865606a
ipa/client: Don't divulge secrets
...
The `ipa_server_admin_passwords` contains the passwords of the admin
users of all IPA servers affected in a play. Don't loop over them
directly to avoid divulging them in the logs or on the console.
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-02-16 14:19:04 +01:00
Nils Philippsen
5521d83040
ipa/client: Deal with hosts without IPA settings
...
Don't attempt to loop over undefined variables. This can happen if the
relevant `ipa_*` variables aren't defined for any host in the play.
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-02-16 14:16:40 +01:00
Kevin Fenzi
4fbe37e9e2
Disable no longer used/mirrored/needed openshift for rhel7 repo.
...
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-02-15 15:25:26 -08:00
Pierre-Yves Chibon
b2b6bc8bcb
distgit/pagure: make the short commit be 7 chars
...
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
2021-02-15 14:59:27 +01:00
Michal Konečný
cb4ea556a9
the-new-hotness: Add time to log
...
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
2021-02-15 12:50:47 +01:00
Michal Konečný
086ec5dabc
release-monitoring: Add time to log
...
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
2021-02-15 12:46:36 +01:00
Kevin Fenzi
681fa8550c
koji_builder: ppc64le builders also dont want rngd
...
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-02-12 16:00:12 -08:00
Nils Philippsen
cd551a0f07
ipa/client: Split up shell access HBAC rule tasks
...
Need to create the rule, then add members to it.
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-02-12 18:26:05 +01:00
Nils Philippsen
193aefa78e
ipa/client: Don't log IPA admin password
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-02-12 18:18:26 +01:00
Mark O'Brien
f1f7d6d929
updated osbs playbooks run in main.yml
2021-02-12 17:09:22 +00:00
Nils Philippsen
2bf34099e2
ipa/client: Fix ensuring hosts exist in groups
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-02-12 18:08:03 +01:00
Nils Philippsen
686768423e
ipa/client: Build missing ipa_server_user_groups
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-02-12 17:52:39 +01:00
Stephen Coady
7ada76d200
Manage bastion email aliases using fasjson
2021-02-12 16:17:23 +00:00
Aurélien Bompard
2fde74e20f
Use the final centos accounts name
...
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2021-02-12 16:16:17 +01:00
Aurélien Bompard
3429a210b3
Fix the IPA uninstall script again
...
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2021-02-12 16:08:29 +01:00
Nils Philippsen
3d1c5218f7
ipa/client: Combine operations on the IPA server
...
The reason for this is to avoid having to do the same or similar things
over and over again for each host in the play, especially since these
operations are delegated to the IPA server, i.e. had to run sequentially
host after host in order to avoid race conditions.
To achieve this, the IPA client related group variables are prepared in
suitable structures in `prepare-ipa-info.yml` and consumed by
`common.yml`, `hbac.yml` and `sudo.yml`, which do most operations in one
go per e.g. host group on the affected IPA server(s).
Additionally:
- Remove compat for legacy `fas_client_groups`, only check for its
presence and warn.
- Remove the prepared but masked out task to manage password-less sudo
access.
- Make yamllint a little happier on the changed files.
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-02-12 14:25:25 +00:00
Mark O'Brien
fdcd55c176
add ipa/client role to the rest of the playbookd for staging
2021-02-12 14:22:40 +00:00
Mark O'Brien
4e33f7c5d7
remove trailing backslash
2021-02-12 14:22:40 +00:00
Mark O'Brien
5e3848ad7b
add ipa client role to hosts with no fas in staging
2021-02-12 14:22:40 +00:00
Stephen Smoogen
68aa3227e1
Remove ip address
2021-02-12 08:28:34 -05:00
Aurélien Bompard
6252a33965
Fix multiple errors in the ipa uninstall playbook
...
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2021-02-12 13:51:18 +01:00
Stephen Smoogen
65f6438361
EMERGENCY BLOCK: 135.181.183.144 to people
2021-02-12 07:07:56 -05:00
Pierre-Yves Chibon
a32dabc92e
nagios_client: install the pagure systemd checks on all pagure instances
...
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
2021-02-12 12:37:26 +01:00
seddikalaouiismaili
890dd31cb0
script to monitor systemd units on pagure
2021-02-12 11:34:57 +00:00
Aurélien Bompard
aace9bb2cc
New certificate for IPA in staging
...
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2021-02-12 11:39:24 +01:00
Pierre-Yves Chibon
7868dcfa81
distgit/pagure: add a hotfix tag where we fix the /var/log/pagure folder
...
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
2021-02-12 09:52:00 +01:00
Pierre-Yves Chibon
30336150a8
pagure: add another tag
...
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
2021-02-12 09:52:00 +01:00
Mohan Boddu
bac8bc67ed
Use f35 key for eln-rebuild
...
Signed-off-by: Mohan Boddu <mboddu@bhujji.com>
2021-02-11 19:22:45 -05:00
Mohan Boddu
2bb5a03b7f
Use f35 key for eln
...
Signed-off-by: Mohan Boddu <mboddu@bhujji.com>
2021-02-11 18:37:08 -05:00
Kevin Fenzi
e1ff498057
greenwave: set warning on nagios check of queue to 50 from 10
...
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-02-11 11:32:52 -08:00
Kevin Fenzi
2e415fc383
koji_hub / kojira: restart kojira when kojira.conf changes
...
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-02-11 09:23:15 -08:00
Mohan Boddu
3af1bf0374
F34 is in preenable state
...
Signed-off-by: Mohan Boddu <mboddu@bhujji.com>
2021-02-11 11:30:52 -05:00
Aurélien Bompard
ab94dc42eb
IPA: until we get the ipaselfservice module, we need the admin ticket
...
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2021-02-11 13:42:23 +01:00
Aurélien Bompard
f29bd5f92c
Cut'n'paste is the root of all evil
...
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2021-02-11 13:39:01 +01:00
Aurélien Bompard
8f9076c6d7
IPA: fix commands for nis and compat
...
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2021-02-11 13:05:25 +01:00
Aurélien Bompard
00e8e4eb25
Don't get a keytab on IPA itself
...
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2021-02-11 12:34:22 +01:00
a137af00ca
Set noggin default avatar to retro
...
The default in noggin for the libravatar default avatar (i.e. the avatar
that shows when a user hasnt set their avatar) is an autogenerated
robot.
However, the majority of other applications in Fedora Infra use the
"retro" avatar option. This changes the config of noggin in Fedora
Accounts to use the retro option, rather than the robot one.
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
2021-02-11 10:57:23 +00:00
Pierre-Yves Chibon
eba9565e3b
pagure: make the instance-wide admins be a list of users rather than a group
...
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
2021-02-11 10:58:55 +01:00
Aurélien Bompard
a545c86f4a
Ignore uninstall errors
...
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2021-02-11 10:41:06 +01:00
Aurélien Bompard
c62c35dd6a
Add ipa_host_group for Ipsilon
...
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2021-02-11 10:00:36 +01:00
Kevin Fenzi
2e0d7b1b18
Add missing d from last commit
...
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-02-10 20:33:05 -08:00
Kevin Fenzi
3e3f7f9cf4
Fix line wrapping issue in last commit
...
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-02-10 20:13:18 -08:00
Kevin Fenzi
a5e9b375fa
fedocal: put the entire old group file back.
...
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-02-10 20:03:31 -08:00