Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
34634 commits 9 branches 0 tags 111 MiB
Commit graph

34634 commits

This branch
This branch
All branches
Author SHA1 Message Date
Mark O'Brien
9b29115930 fmn: add missing comma 2021-03-26 12:34:51 +00:00
Stephen Coady
533ba99068 add missing v1 to fasjson url for fmn 
Signed-off-by: Stephen Coady <scoady@redhat.com>
 2021-03-26 11:34:53 +00:00
Aurélien Bompard
196d20086c
Some Ipsilon fixes for the new openid api extension 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-03-26 12:11:07 +01:00
Stephen Coady
e66217f737 add forgotten keytab var 
Signed-off-by: Stephen Coady <scoady@redhat.com>
 2021-03-26 09:43:38 +00:00
Francois Andrieu
06796caabf languages: rework extract & stats jobs 2021-03-25 22:14:50 +00:00
Aurélien Bompard
ee65c1dbf0
fasjson-aliases: set the keytab env var 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-03-25 22:36:31 +01:00
Kevin Fenzi
740109a295 nagios_client / check_systemd_units: remove old debugging output 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-25 14:25:17 -07:00
Kevin Fenzi
29f31df142 pagure-stg01 is also on the vpn 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-25 14:16:03 -07:00
Kevin Fenzi
8101073e8e pagure: pagure is on the vpn 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-25 14:11:11 -07:00
Kevin Fenzi
1e5aefcc52 ipa03: fix ip address for ipa03 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-25 14:07:13 -07:00
Kevin Fenzi
cebb78ed82 nagios_client: the check_systemd_units is in scripts, not script 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-25 13:58:20 -07:00
Kevin Fenzi
5a915ea8ea fasjson: adjust script (no .py) and use nag-once 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-25 13:53:57 -07:00
Kevin Fenzi
b0d1ea96da bastion: add fasjson_url for fasjson role 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-25 13:47:05 -07:00
Kevin Fenzi
341862e436 fasjson: This is a template, not a file 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-25 13:44:00 -07:00
Kevin Fenzi
94bdcff8ff bastion: add fasjon role to bastion 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-25 13:28:32 -07:00
Michael Scherer
f50cad1870 Since zanata is down, this cron job no longer work 2021-03-25 20:26:05 +00:00
Michael Scherer
8548f299ca Add cronjob to update the website translation 2021-03-25 20:26:05 +00:00
Nils Philippsen
f9abb293c0 ipa/client: only warn about essential vars missing 
If either `ipa_client_shell_groups` and `ipa_client_sudo_groups` are
unset or empty, sysadmin-main will still be able to login and sudo.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-25 20:22:30 +00:00
seddikalaouiismaili
eae91f0d2b install nrpe check for systemd units 2021-03-25 20:16:48 +00:00
Francois Andrieu
35664e9159 cleanup: remove phx2 from ansible-ansible-openshift-ansible 2021-03-25 20:14:10 +00:00
Pavel Raiskup
0793a1e9b3 copr-be-dev: increase quota for one user 
Nobody is using devel stack except for Copr Team, and we run heavily
parallelized unit tests so we enjoy more concurrent VMs.  In case there
are no task processed, the VM count anyways goes down to the setup in
pool.yaml.  So this change actually doesn't mean more VMs is going to be
wasted in normal situations.
 2021-03-25 21:10:06 +01:00
Stephen Smoogen
9e3b72a519 Make sure playbook is using ipa/client as a tag versus ipsilon 
Signed-off-by: Stephen Smoogen <smooge@smoogespace.com>
 2021-03-25 15:29:21 -04:00
Stephen Smoogen
791ab33d1c This should tune sssd on people02 
Signed-off-by: Stephen Smoogen <smooge@smoogespace.com>
 2021-03-25 15:28:54 -04:00
Stephen Coady
4cc5f3d8f0 remove v1 
Signed-off-by: Stephen Coady <scoady@redhat.com>
 2021-03-25 18:01:18 +00:00
Stephen Coady
821209cb26 hotpatch fmn to work with fasjson 
Signed-off-by: Stephen Coady <scoady@redhat.com>
 2021-03-25 18:01:18 +00:00
Stephen Coady
7e7cef94ad update config to use fasjson and give it the address 
Signed-off-by: Stephen Coady <scoady@redhat.com>
 2021-03-25 17:56:23 +00:00
Aurélien Bompard
94b32cee08
Use our custom info plugin 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-03-25 18:56:08 +01:00
Kevin Fenzi
7e207f9119 fasjson / aliases: adjust kernel-team to just Justin per request 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-25 10:34:58 -07:00
Kevin Fenzi
6bf8552e7f base / iptables / kojibuilder: add ipa ports for koji builder ipa clients 
Note that this will not yet work, it needs the RHIT firewall between
vlans opened on these ports first, but after that this is needed to
allow them to use those ports.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-25 10:10:55 -07:00
Kevin Fenzi
ddf53bdbdf inventory: add copr-db-stg to cloud_aws group to make nagios happy 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-25 09:52:57 -07:00
Stephen Smoogen
a781368708 Add a --no-ssh to the ipa-client-install so that sshconfigs on clients are not altered. 
Signed-off-by: Stephen Smoogen <smooge@smoogespace.com>
 2021-03-25 11:37:24 -04:00
Nils Philippsen
46b3fb9390 ipa/client: Revamp combining shell groups 
The previous implementation didn't work because of a chicken-and-egg
problem: To add the batcave shell groups to those specifically for
bastion, it needs to look them up, but they aren't set yet (probably
because `batcave` comes after `bastion`).

Now, one can (optionally) set `ipa_client_shell_groups_inherit_from`, a
list of Ansible group names whose `ipa_client_shell_groups` will be
combined with that of the host itself. This is more robust because it's
done late, after variables are set from the inventory.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-25 13:53:21 +01:00
Stephen Smoogen
34728c85cd put in clean up scripts to remove fas-client cron job which bollocks systems 2021-03-25 07:17:53 -04:00
Mark O'Brien
b80eb0b4d3 fas: remove trailing slash 2021-03-25 11:01:04 +00:00
Mark O'Brien
5000466350 fas: remove infra-tags repo 2021-03-25 10:54:42 +00:00
Aurélien Bompard
6e68f8fe4f
Fix the mediawiki auth plugin 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-03-25 11:15:29 +01:00
Aurélien Bompard
fc759fd447
Add the ipsilon script to generate the metadata 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-03-25 11:15:29 +01:00
Kevin Fenzi
802abfa3e3 noc: drop fedmsg/base, its not needed in rhel8 installs 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-24 19:13:16 -07:00
Kevin Fenzi
5b1b2c403d nagios: fix ipsilon check to look for something in the new theme 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-24 18:13:37 -07:00
Nils Philippsen
72b940d31a ipa/client: stopgap for shell groups on bastion 
Evaluating ipa_client_shell_group from another group won't work this
way. Hardcode the list until we have a better solution.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 23:56:14 +01:00
Kevin Fenzi
5f8274ff6c ircbot: clean up additional typo in fedmsg-irc 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-24 15:55:48 -07:00
Kevin Fenzi
3ac327e4ff ircbot: clean up typo in fedmsg-irc 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-24 15:54:27 -07:00
Stephen Smoogen
16ee589eee up the number of cpus for the systems in the group. add 2GB more ram also 2021-03-24 18:36:48 -04:00
Stephen Smoogen
a3fd2875c2 attempt to add sysadmin-qa so that adamw can get some f*ing work done 2021-03-24 15:10:14 -04:00
Kevin Fenzi
fadfa83427 inventory / group / oci_registry: clear out duplicate variables 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-24 11:49:22 -07:00
Kevin Fenzi
f88bdf2c78 mediawiki: drop old fas cla and use agreements in prod now 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-24 11:39:11 -07:00
Nils Philippsen
0ad057a285 VPN hosts: Don't enroll with ipa03 for now 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 18:33:09 +01:00
Nils Philippsen
2d4ec8d259 Apply openvpn/client role before ipa/client 
This is so hosts on the Fedora VPN are able to talk to IPA before they
try to enroll.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 18:19:11 +01:00
Nils Philippsen
bcfe96b710 ipa/client: Enable VPN hosts to talk to IPA 
This requires the canonical names of IPA servers to be mapped to their
IP addresses on the VPN as well as specifying the IPA server explicitly
when enrolling clients.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 18:19:11 +01:00
Nils Philippsen
28cc2e8d93 ipa/client: specify ipa server when enrolling VPN hosts 
This is needed for clients that cannot access the internal DNS
where IPA servers are announced.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 18:18:55 +01:00