Infrastructure/ansible
5
0
Fork 0
Code Issues Pull requests 3 Projects Releases Packages Wiki Activity Actions
43049 commits 9 branches 0 tags 110 MiB
Commit graph

8816 commits

Author SHA1 Message Date
Kevin Fenzi
76bda7e176 New kickstarts role 
Move kickstarts into ansible from the side repo they were in before.
Hopefully this will make it easier for people to contibute to them
and see what they are. All sensitive info here should be templated
out from the private repo.

note that before we merge/run this, we need to move the old repo
out of the way in the location we are syncing to.
We can gradually move other kickstarts out of the old repo into this
role as we need them to build rdu3 out.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-05-28 21:57:12 +00:00
Aurélien Bompard
f4de93c8ed
Planet: avoid duplicate route name 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-05-28 12:17:48 +02:00
Aurélien Bompard
adc11a9235
Planet: fix the keytab 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-05-28 12:13:44 +02:00
Kevin Fenzi
9dc7f4adcf noc01.rdu3: someday I will get logic right 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-05-22 10:35:33 -07:00
Kevin Fenzi
2259edea1a noc01.rdu3: adjust openvpn logic 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-05-22 10:30:43 -07:00
Kevin Fenzi
81f9f0d09c noc01.rdu3: add a rdu3 noc server 
No nagios for now, but dhcp and tftp and such.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-05-22 10:01:27 -07:00
Kevin Fenzi
ebe5fa82a1 rdu3: fix a logic conditional thinko 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-05-21 16:28:25 -07:00
Kevin Fenzi
0442382c59 dns: no vpn wanted in rdu3 dns either 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-05-21 15:47:23 -07:00
Kevin Fenzi
f8eacdb62b bastion01.rdu3: A wild bastion01.rdu3 appears, lets try and configure it. 
This should setup a already installed bastion01.rdu3 vm so we can use it
to get to other rdu3 machines.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-05-21 12:37:13 -07:00
Adam Piasecki
e43c256356 coreos-cincinnati: move templates from yml to j2 
As we are now moving templates to j2, this completes the process
for the coreos-cincinnati.
 2025-05-20 16:33:54 +00:00
Kevin Fenzi
8a9adc58ec riscv: add another 20 keytabs 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-05-13 14:21:41 -07:00
Aurélien Bompard
ba7712dd43
Update manual playbooks that expect unsuffixed job.yml template 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-05-13 11:30:36 +02:00
Roshan-R
78e221bc12 add Roshan-R to appowners in fedora-coreos-pipeline 2025-05-12 17:17:49 +05:30
Bipin B Narayan
52a6054f35 Add bipinbn(Bipin) to appowners in fedora coreos pipeline 2025-05-12 10:52:00 +00:00
Aashish Radhakrishnan
6367cb3704 playbooks/fedora-ostree-pruner.yml: Add aaradhak to appowners 
Add aaradhak to appowners
 2025-05-07 10:50:49 -04:00
Aurélien Bompard
8a0cf448c2
Allow webhook2fedmsg to send FM on the forgejo topic 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-05-07 10:12:40 +02:00
Jiri Kyjovsky
69237d1349 copr/pulp: remove pulp playbooks 
Pulp folks gave us their instance, we don't have to maintaint our own
anymore.
 2025-05-05 10:56:24 +02:00
Adam Piasecki
715567cb9f openshift-apps: Move fedora-ostree-pruner deployment to prod 
Moving deployment from staging only, to production.

See: https://github.com/coreos/fedora-coreos-pipeline/issues/1140
 2025-05-02 15:01:48 +01:00
Adam Piasecki
c928a5ea8a openshift-apps: Move coreos-ostree-importer deployment to prod 
Moving deployment from staging only, to production.

See: https://github.com/coreos/fedora-coreos-pipeline/issues/1140
 2025-05-02 15:00:37 +01:00
Adam Piasecki
b20621cbb2 openshift-apps: Move coreos-koji-tagger deployment to prod 
Moving deployment from staging only, to production.

See: https://github.com/coreos/fedora-coreos-pipeline/issues/1140
 2025-05-02 14:59:46 +01:00
Adam Piasecki
ce2883f4f2 openshift-apps: Move coreos-cincinnati deployment to prod 
Moving deployment from staging only, to production.

See: https://github.com/coreos/fedora-coreos-pipeline/issues/1140
 2025-05-02 14:57:52 +01:00
Aurélien Bompard
49fddc0e98
CoreOS OSTree Importer: use the new RabbitMQ cert 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-05-02 13:19:11 +02:00
Kevin Fenzi
b6bf597a91 riscv secondary koji: add manual script to generate builder keytabs 
This script will generate a list of builder keytabs and place them on
the riscv secondary hub where they can be distributed to builders.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-04-30 09:44:39 -07:00
Jeremy Cline
0571feb2ce fedora-image-uploader: deploy as multiple containers 
In the beginning, this just handled Azure images. Now it does Azure,
AWS, GCP, and containers. Currently, it processes images serially, which
is mostly okay. However, it does mean that whatever service is handled
last has to wait for all the others to succeed before it starts, and it
also means if any of the handlers for their respective platform fail, it
retries *all* the images again. For most things this is a no-op (or a
few inexpensive calls), but it does have to re-download the image from
Koji to checksum it.

This adds an AMQP message queue for each content type we handle, and
produces a fedora-messaging config for each content type. The deployment
is now made up of 4 containers: azure-image-uploader,
aws-image-uploader, container-image-uploader, and
google-cloud-image-uploader. They only differ in the secrets injected
into them and the fedora-messaging config file they use. The end result
is that images should be available faster and its more resilient to
remote services being down.

Finally, it's worth noting that this bumps the warning threshold for
queue sizes. It can take some services (Azure and AWS) upwards of 30
minutes to replicate the images around the world, and since we subscribe
to _any_ compose status changes, it's not unreasonable for 5-10 messages
to stack up when we hit a compose change that is "FINISHED" with images.

Signed-off-by: Jeremy Cline <jeremycline@linux.microsoft.com>
 2025-04-29 18:25:08 +00:00
Patrik Polakovič
bdc169d3c7 Add Fedora version variable to the playbook 
Signed-off-by: Patrik Polakovič <patrik@alphamail.org>
 2025-04-28 12:18:58 +02:00
Kevin Fenzi
bea41a6732 koji / staging sync: increase sequences to be higher than prod 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-04-25 09:15:08 -07:00
Kevin Fenzi
4da0ff7c4d koji / sync staging: drop removed warn arg 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-04-25 09:06:23 -07:00
Kevin Fenzi
dc1b09121b ipsilon: use correct centos stg ipsilon host for hbac rule 
This was using the wrong host and thus removing the correct one.
Fixing it to use the right host.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-04-24 09:26:09 -07:00
apiaseck
a4aaf6f0d0 fedora-ostree-pruner: Move from deprecated DeploymentConfig to Deployment 
First try aat move from deprecated DeploymentConfig to Deployment using staging environment.

See: https://github.com/jbtrystram/coreos-hackathon/issues/13
 2025-04-15 15:22:57 +00:00
apiaseck
678f318f4c coreos-ostree-importer: Move from deprecated DeploymentConfig to Deployment 
First try aat move from deprecated DeploymentConfig to Deployment using staging environment.

See: https://github.com/jbtrystram/coreos-hackathon/issues/13
 2025-04-15 15:22:57 +00:00
apiaseck
91beda6fc4 coreos-cincinnati: Move from deprecated DeploymentConfig to Deployment 
First try aat move from deprecated DeploymentConfig to Deployment using staging environment.

See: https://github.com/jbtrystram/coreos-hackathon/issues/13
 2025-04-15 15:22:57 +00:00
apiaseck
1d5588e5ab coreos-koji-tagger: Move from deprecated DeploymentConfig to Deployment 
First try at move from deprecated DeploymentConfig to Deployment using staging environment.

Using the information related to moving to Deployment as per:
https://github.com/jbtrystram/coreos-hackathon/issues/13

See: https://github.com/jbtrystram/coreos-hackathon/issues/13
 2025-04-15 15:22:56 +00:00
Joel Capitao
83e9619526 fedora-coreos-pipeline: use jcapitao Fedora account URI 2025-04-14 07:46:39 +00:00
Aurélien Bompard
d884a0f8ba
Use the combined RabbitMQ CA cert in the clients 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-04-11 15:15:45 +02:00
Joel Capitao
3322ae0888 fedora-coreos-pipeline: add Joel Capitao (jcapiitao) 2025-04-08 17:09:05 +00:00
Tiago Bueno
a0bdc9b9ab Add new team member to fcos-pipeline 
Signed-off-by: Tiago Bueno <49003339+tlbueno@users.noreply.github.com>
 2025-04-08 17:07:28 +00:00
Adam Piasecki
5f0fcd4a79 playbooks/fedora-ostree-pruner.yml: Add apiaseck to appowners 
As I'm working on moving fedora-ostree-pruner to k8s deployment
I'm blocked by Zuul due to lack of permissions.

See: https://pagure.io/fedora-infra/ansible/pull-request/2331
 2025-04-08 16:58:36 +01:00
Josef Skladanka
b6a6aa5821 Testdays - try OIDC 2025-04-07 11:52:26 +02:00
Kevin Fenzi
ee5d2b3a57 poddlers: add jnsamyak for releng work in poddlers 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-04-01 08:43:01 -07:00
Adam Williamson
721ffe0df4 proxies: drop caiapi 
this isn't a thing any more.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2025-03-28 18:11:11 +00:00
Kevin Fenzi
b1363750ce waiverdb: also delete the playbook play referring to the template that was just removed 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-03-28 11:00:34 -07:00
Lukas Holecek
6426d72854 waiverdb: Remove unnecessary image build 2025-03-28 17:55:33 +00:00
Aurélien Bompard
292c7f6c6e
Deploy journal-to-fedora-messaging on IPA (staging for now) 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-03-28 12:37:56 +01:00
Kevin Fenzi
33415d8399 proxies: riscv reverse proxies are not on ocp4 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-03-27 15:39:00 -07:00
Kevin Fenzi
1f2bba4489 bvmhost-a64 / buildhw-a64: enable nbde role here as well 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-03-26 16:17:37 -07:00
Pavel Raiskup
33e01feafc copr-frontend: upgrade using dnf command 
The Ansible dnf module still fails to update packages to the latest
versions, for an unknown reason.
 2025-03-26 08:06:49 +01:00
Pavel Raiskup
d2873f81f7 copr-frontend: try to expire all caches 
Ansible still doesn't update the packages :-(
 2025-03-26 08:03:40 +01:00
Pavel Raiskup
0f07d5c9d0 copr-frontend: update dnf caches when updating packages 2025-03-26 08:00:09 +01:00
James Antill
f74cd17a23 Add regexp to drop spaces from hostnames in prompts, for add_host. 
Signed-off-by: James Antill <james@and.org>
 2025-03-25 20:36:02 -04:00
James Antill
aa5691d1b5 Add regexp to drop spaces from hostnames in prompts. 
Signed-off-by: James Antill <james@and.org>
 2025-03-25 20:00:53 -04:00