Get new certs per instructions
Put new certs in ansible_private from letsencrypt
Change the cert name in configs to 2023 to show different from 2017 one.
Signed-off-by: Stephen Smoogen <ssmoogen@redhat.com>
Thanks to @jforbes for reminding me of this - now F35 is EOL,
we don't run the openQA upgrade tests on F36, so we have to
upgrade the gating policy or no F35 updates can be pushed.
Also drop other fedora-35 references in openQA-related rules.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
It may be that having this on some of the proxies is causing problems
because it's trying to ping the old openshift 3.11 cluster and filling
up apache slots with it. We do not need this stuff anymore, so remove
it.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Now that we've pruned 1.2T from the repo let's put the pruner back
to sleep over the holidays. It's a brand new service and if anything
goes awry we want to be around to investigate.
Will re-enabled in January.
Everytime we run the playbook a new build kicks off, but
the app was just restarted. So what happens is we end up
with the app getting started twice (once when the
deploymentconfig gets updated and once when the build finishes).
This could be bad if the app has some startup steps that need
to not be interrupted.
Let's just manually trigger builds since we have the permissions
to do that in the web interface and via the CLI.
koji hubs are now all behind proxies for tls termination, so they don't
need to run https locally. This allows us to drop the koji self signed
certs, at least the staging version of which had become too weak and was
preventing httpd from starting on boot.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This user is used by osbuild, but autosign and bodhi don't know what
to do with images it builds. Just like the livecd's and such releng
makes. So, just don't auto make updates for them.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Right now we run a script on all builders once a minute to update the
api/auth ip's for osbuild. This has a number of problems:
* Sometimes osbuild jobs land on s390x builders that have no internet
access and hang or fail.
* Sometimes the update script hangs or takes a long time to run because
the builder is heavily loaded with builds, resulting in locking emails
to sysadmin-main folks.
So, in this commit we:
* make a new koji channel called 'osbuild' with all the buildhw-x86's in
it. They are usually not too overloaded and there are 16 of them so it
should be available all the time.
* Leave the cron job on all builders for now in case, but make them only
update once a day since they won't be getting jobs. If this works out
we can remove it entirely there.
* Make the buildhw-x86s only update every 5min. This opens a larger
window for it being wrong, but it's still pretty small and should
reduce the number of emails for stalled processes we get.
See https://pagure.io/fedora-infrastructure/issue/10982
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
