* Fix permissions on generated tardiff files
* Clean up unused deltas and icons
* Update times in config files to be readable (30m) rather than
now-deprecated mix of seconds (1800) and days.
We will have to fix ownership of home directories on all FAS client
hosts when migrating users to IPA because they have different uids
there. This is a manual playbook because running this on fedorapeople
will have to check thousands of directories which is a cost we want to
avoid in ordinary playbook runs.
Also, tag tasks in the reenrollment playbook to allow specifying which
parts get run if necessary.
Signed-off-by: Nils Philippsen <nils@redhat.com>
We are now building Flatpaks for aarch64 - while we don't yet have
a working runtime, write architecture-specific for aarch64, using
the container-world name of 'arm64'.
Turns out we want to keep reg and it's output.
So, we just copy flatpak-indexers fedora/deltas/icons dirs under the reg
renerated top level on the proxies.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Add changes required for flatpak-indexer, conditionalized for staging:
* Reverse which of "index with labels" or "index with annotations" is the
default (make labels the default, since annotations are only used by
old versions of Flatpak)
* Add the deltas/ directory which holds deltas between Flatpak versions.
Signed-off-by: Owen W. Taylor <otaylor@fishsoup.net>
Under the old setup, we ran 'reg' on sundries and then synced that
content (in 3 rsyncs) to proxies.
With this new setup, flatpak-indexer runs in openshift. It has a nfs
volume where it writes it's output too. We rsync just that entire output
directory to the proxies. This includes things like deltas.
This commit should only affect staging, we will roll to production
later.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
The `fas_client` role installed a version of nsswitch.conf which doesn't
delegate to sss. For some reason, ipa-client-install doesn't ensure this
is brought back. This prepends `sss` to lines where it would be missing
otherwise. Also, run the cleanup tasks before the enrollment task.
Signed-off-by: Nils Philippsen <nils@redhat.com>
We really want to save the output of branched jobs so we can easier
track down issues and fix them.
Normally this would be a freeze break, but I can't imagine how it would
cause any issues and it's one character, so I am just doing it. :)
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Reinstalling the IPA server in staging made the enrollments of IPA
clients against the old instance stale. This playbook detects this,
cleans things up and enrolls hosts again.
Signed-off-by: Nils Philippsen <nils@redhat.com>
Pull in redis/docker-entrypoint.sh: listen on all interfaces
b239f79e58
This should make redis accessible on the redis service and not just
locally in the redis container.
