Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
34634 commits 9 branches 0 tags 111 MiB
Commit graph

34634 commits

This branch
This branch
All branches
Author SHA1 Message Date
Francois Andrieu
f8c683ffa8 cleanup: use iad2 composer 2021-03-29 22:48:10 +00:00
Francois Andrieu
2f5f939a83 cleanup: change group_var datacenter from phx2 to iad2 2021-03-29 22:45:02 +00:00
Francois Andrieu
35a43317d4 cleanup: remove unused PHX2 related host_vars/group_vars 2021-03-29 22:45:02 +00:00
Kevin Fenzi
fc2db16120 iptables / kojibuilder: add some more ports needed by ipa-clients 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-29 15:20:00 -07:00
Owen W. Taylor
801f96c950 Rebase flatpak-indexer to include robustness improving upstream commits 
git shortlog 665c80047a7c15145faa8d77b60fadd2feebb1e1..be75c716bae720c45e720f8e1cecab01f4355bd3
Owen W. Taylor (4):
      Make code to handle disconnections shared between DeltaGenerator and Differ
      Indexer: Remove unchanged-registry-data short-circuit
      Cleaner: check for and remove dangling tardiff:result objects
      Differ: Handle the case where a queued task references a missing spec
 2021-03-29 21:27:02 +00:00
Frank Ch. Eigler
d402df0fbe debuginfod: fix route->service port: 8002 2021-03-29 17:15:20 -04:00
Frank Ch. Eigler
e5fcf29be1 debuginfod: reduce initial container resource reqs to 12GB RAM and 1 CPU 2021-03-29 16:56:23 -04:00
Frank Ch. Eigler
7114616688 debuginfod: standardize on debuginfod-storage[-stg] as PVC etc. name 2021-03-29 16:45:17 -04:00
Frank Ch. Eigler
b5dc1fa04c debuginfod: PVC s/koji-volume/fedora-koji/ 2021-03-29 16:31:24 -04:00
Frank Ch. Eigler
0732c6c72b debuginfod: limit to f32 and up, fix PV storage accessMode 2021-03-29 20:27:30 +00:00
Owen W. Taylor
94ad45c15d flatpak-indexer: Fix the mount path for the redis data volume 
Redis is configured to store its data in /data, so mount the persistent
volume there rather than on /var/lib/redis/data.

Signed-off-by: Owen W. Taylor <otaylor@fishsoup.net>
 2021-03-29 13:38:10 -04:00
Owen W. Taylor
30c5662b93 Update flatpak-indexer to add F34 release information 
$ git shortlog 999b10d..665c800
Owen W. Taylor (1):
      release_info.py: Update for F34 => branched
 2021-03-29 16:09:30 +00:00
Kevin Fenzi
04e67d381e inventory: add dl01-05 to staging_friendly 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-29 08:54:49 -07:00
Pierre-Yves Chibon
86113c8c7c mirrormanager: get MM to always ask for the signed_fpca group 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-29 15:45:59 +02:00
Pierre-Yves Chibon
3be8f2c71b fedocal: Don't let stg send reminder emails 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-29 15:03:14 +02:00
Stephen Smoogen
917d633e8d Add mirror.dst.ca to mirrors 2021-03-29 09:02:14 -04:00
Pierre-Yves Chibon
9d4f6c7620 distgit/pagure: disable the hook to block un-signed commits 
Relates to https://pagure.io/fedora-infrastructure/issue/9793

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-29 14:50:51 +02:00
Stephen Smoogen
625441f66b remove wwoods and put mattdm as owner of this script. 
Signed-off-by: Stephen Smoogen <smooge@smoogespace.com>
 2021-03-29 08:43:25 -04:00
Pierre-Yves Chibon
b9d2f00120 fedocal: point to bastion as smtp server 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-29 14:03:14 +02:00
Miroslav Suchý
8cba3702a0 copr: enable prune-dist-git.py 2021-03-29 13:21:12 +02:00
Mark O'Brien
2d708cdcc7 It wasnt this change that broke it 2021-03-29 12:07:00 +01:00
Mark O'Brien
7fec19f0dc roll back election changes to see if we broke login 2021-03-29 11:59:49 +01:00
Stephen Coady
3af73567ad add flag to make elections use fasjson 
Signed-off-by: Stephen Coady <scoady@redhat.com>
 2021-03-29 10:21:33 +00:00
Pierre-Yves Chibon
3a334310d9 fedocal: we said build from the debug branch... 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-29 11:33:59 +02:00
Pierre-Yves Chibon
f1adced1fb toddlers: toddlers is not fedocal, undo and redo right 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-29 11:33:40 +02:00
Pierre-Yves Chibon
34979a9ce3 fedocal: build from the debug branch for now 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-29 11:17:54 +02:00
Pierre-Yves Chibon
143ac03e5c fedocal: rename the cron job 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-29 10:35:17 +02:00
Pierre-Yves Chibon
d9cbb080d7 fedocal: fix the path to the cron script 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-29 10:33:23 +02:00
Nick Bebout
0eae657232 Fix sudo rules for sysadmin-noc and sysadmin-veteran 2021-03-28 20:46:01 -05:00
Nick Bebout
5c1f91f588 sysadmin-hosted is not used anymore 2021-03-28 19:49:32 -05:00
Nick Bebout
1b0bcb3adf sysadmin-tools should have sudo on people 2021-03-28 19:43:57 -05:00
Kevin Fenzi
f6d6a2cffe people: people02 is on the vpn 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-28 12:52:57 -07:00
Kevin Fenzi
7776ee7d11 people02: add sssd.conf template for people 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-28 12:29:01 -07:00
Kevin Fenzi
5427fc73ea people: use fedora-contributor instead of cla_done 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-28 12:01:08 -07:00
Kevin Fenzi
cd1430ab62 os-cluster: baseiptables should be FALSE 
The baseiptables variable controls if the base role should apply base
iptables and ip6tables templates to a host. In the case of OpenShift we
DO NOT WANT it to do this. The base iptables template doesn't handle all
the container native rules and setup that OpenShift needs to work.
This has caused multiple outages by applying this template on the
OpenShift nodes. So, set it to false here and keep it false please. :)

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-28 10:37:46 -07:00
Kevin Fenzi
3ee897d847 fasjson: no need for output if things are working 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-27 12:16:04 -07:00
Kevin Fenzi
7dadf93f44 Deploy renewed openshift certs 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-27 12:05:35 -07:00
Kevin Fenzi
85ac490787 ipa / server / backups: only send errors to cron emails 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-27 10:42:40 -07:00
Kevin Fenzi
f92edeee68 batcave: adjust ssh_known_hosts so buildvm-s390x-01.stg works 
For ages buildvm-s390x-01.stg.s390.fedoraproject.org has needed it's ssh
key accepted on ansible runs. The problem was we were not extending the
cert authority to handle this subdomain. This commit fixes that.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-27 10:23:44 -07:00
Stephen Smoogen
14d9cbde02 put the task in a job which will run on the right system 2021-03-27 12:40:47 -04:00
Stephen Smoogen
48dc00ae84 Add a deep clean which restarts sssd and then cleans the cache in case of major config file changes 2021-03-27 12:28:48 -04:00
Stephen Smoogen
f7519b408b Allow sssd to ignore special users 
Currently /etc/nsswitch.conf has configurations like

passwd:     sss files
shadow:     files sss
group:      sss files

The problem is that to make sure that certain users could not be
created in IPA (like nobody root etc), they were already created but
in a restricted group. In order to allow sss to work for postfix, nfs,
nobody and such, the sssd.conf needs to ignore them in the nss
section. This adds a file which will do that.

Signed-off-by: Stephen Smoogen <smooge@smoogespace.com>
 2021-03-27 12:20:35 -04:00
Kevin Fenzi
2d5ec6dce3 sundries: fix prod mount 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-26 14:07:32 -07:00
Kevin Fenzi
ea17f4b23c sundries: fix nfs mounts names in prod 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-26 13:51:45 -07:00
Owen W. Taylor
75e81cbccd Move fedora-indexer to production and remove regindexer 
* Update rsync configuration for production to sync the flatpak-indexer
  output directories into the right place, in the same way as was done
  for staging. The regindexer rsync module is renamed to flatpak-index
  for clarity.
* Update the registry.fedoraproject.org to use the flatpak-indexer
  rules for production.
* Remove the regindexer role

Signed-off-by: Owen W. Taylor <otaylor@fishsoup.net>
 2021-03-26 20:39:43 +00:00
Kevin Fenzi
6026e74b0e flatpak-indexer: deploy in prod too 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-26 12:19:34 -07:00
Pierre-Yves Chibon
7a88a69dd5 toddlers: specify the KRB5_CONFIG environment variable 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-26 16:35:44 +01:00
Pierre-Yves Chibon
ccbda97811 toddlers: add a service name when creating the keytab 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-26 16:05:39 +01:00
Pierre-Yves Chibon
964fd00a7e toddlers: Try creating a keytab for toddlers 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-26 16:03:34 +01:00
Pierre-Yves Chibon
8b05ba47e0 toddlers: add the openshift/ipa-client role to handle kerberos 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-26 15:58:16 +01:00