Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
27092 commits 9 branches 0 tags 111 MiB
Commit graph

27092 commits

This branch
This branch
All branches
Author SHA1 Message Date
Stephen Smoogen
40a819e1d5 [nagios/datanommer] this is what happens when you have 2 files which are supposeldy the same file. You edit one in nagios_server and miss the one in nagios_client. Bad nagios. Bad 2019-05-30 16:56:26 +00:00
Rick Elrod
0e2870c9c5 and tag it 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2019-05-30 16:10:39 +00:00
Rick Elrod
ec6da5fe24 s3-mirror: what happens if we include_vars in the role? 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2019-05-30 16:09:39 +00:00
Rick Elrod
ca07bf43c8 s3-mirror: try adding --only-show-errors to the sync part 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2019-05-30 15:51:06 +00:00
Stephen Smoogen
b3978bf0f8 [storinator] remember that any fedorainfracloud has to be in the inventory/cloud file 2019-05-30 15:47:33 +00:00
Pavel Raiskup
8963287ddd copr: provision: disable systemd-resolved 
TODO: find the reason why this is even enabled
 2019-05-30 09:44:08 +02:00
Kevin Fenzi
5ab85146a3 inventory: delete some no longer used communishift host vars 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-05-29 23:42:16 +00:00
Rick Elrod
ec21b71306 mirrormanager: include fedora cycle vars the correct way 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2019-05-29 23:20:37 +00:00
Stephen Smoogen
df89e91818 put storinator in proper group. fix netmask on os-master 2019-05-29 23:13:27 +00:00
Rick Elrod
a1e745978f do I need to manually import this? 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2019-05-29 23:04:43 +00:00
Adam Williamson
1459a3fa5c Update rsyslog-audit SELinux policy with one more needed perm 
This one was dontaudit. Grr.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2019-05-29 16:00:23 -07:00
Stephen Smoogen
4020cec510 [storinator] make changes so that storinator can work in cloud 2019-05-29 22:55:28 +00:00
Rick Elrod
640d7bc1de s3-mirror: first attempt at splitting some of these into smaller syncs; but still keeping the main sync around for everything else 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2019-05-29 22:50:02 +00:00
Kevin Fenzi
0a37f7a42d robosign: add f31-perl tag to autosign (ticket #7852) 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-05-29 22:38:15 +00:00
Rick Elrod
580d5c2347 ok, awscli, have it your way 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2019-05-29 22:28:22 +00:00
Sayan Chowdhury
37c1b0c99b Fix the when condition 2019-05-29 21:54:13 +00:00
Sayan Chowdhury
1709ce142d Add the cron to run the ami deletion regularly 2019-05-29 21:47:04 +00:00
Randy Barlow
a3076d40a0 bodhi: Upgrade production to 4.0.1-1.fc29.infra 
Signed-off-by: Randy Barlow <randy@electronsweatshop.com>
 2019-05-29 21:07:13 +00:00
Randy Barlow
0781e21ebd bodhi: Update staging to 4.0.1-1.fc29.infra 
Signed-off-by: Randy Barlow <randy@electronsweatshop.com>
 2019-05-29 20:36:35 +00:00
Rick Elrod
50279dac19 add a more general s3 sync script that takes a path from /pub/ and attempts to sync it 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2019-05-29 19:03:44 +00:00
Patrick Uiterwijk
66cda5eb15 Make it possible to disallow any internal communications 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 20:33:11 +02:00
Adam Williamson
f4156c3db7 rsyslog-audit policy: also allow 'open' 
Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2019-05-29 10:21:10 -07:00
Adam Williamson
ca0b1da17d Use Python 3 interpreter for ansible on openQA stg boxes 
They are now F30.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2019-05-29 10:10:36 -07:00
Adam Williamson
3eb406ccdb Update rsyslog-audit custom SELinux policy to allow dir reads 
This now seems to be necessary. This is the cause of the flood
of SELinux denials on F29+ hosts with the rsyslog stuff.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2019-05-29 09:49:03 -07:00
Stephen Smoogen
8611ab80ed put in proper checks like we have for other domains 2019-05-29 15:57:26 +00:00
Patrick Uiterwijk
9c8c6a8e3c Fix totpcgi-vpn name 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 17:12:32 +02:00
Patrick Uiterwijk
3792988ca2 Fix pod selectors 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 17:10:57 +02:00
Patrick Uiterwijk
932f98fed5 Add totpcgi-vpn service 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 17:06:03 +02:00
Patrick Uiterwijk
29bfd4c6ed Fix totpcgi TLS path 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 17:06:03 +02:00
Patrick Uiterwijk
d6fc29f6f2 Add dc object 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2019-05-29 15:04:06 +00:00
Patrick Uiterwijk
7292879a88 Add dc for totpcgi-vpn 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 17:03:51 +02:00
Stephen Smoogen
1be05a2039 put in header checks postmap and restart 2019-05-29 14:59:43 +00:00
Patrick Uiterwijk
e65ed43d82 Remove extra endif 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2019-05-29 14:58:55 +00:00
Patrick Uiterwijk
5690551a35 Add vpn configmap 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 16:57:00 +02:00
Stephen Smoogen
22fe4ad0a2 [postfix] and a file to put in drops. 2019-05-29 14:52:52 +00:00
Mikolaj Izdebski
76b7c06f89 Allow coreos-continuous users to untag secure-boot builds 
See https://pagure.io/releng/issue/8390
 2019-05-29 16:50:14 +02:00
Stephen Smoogen
77dcd8034f [postfix] change to header checks needs to be on both bastion and smtp-mm 2019-05-29 14:50:03 +00:00
Stephen Smoogen
0c6f35bf45 Allow postfix on gateway to do header checks 2019-05-29 14:37:23 +00:00
Kamil Páral
879a163936 taskotron: fix imagefactory-server cronjob typo 2019-05-29 16:35:13 +02:00
Kamil Páral
4234d8b3a8 taskotron: put imagefactory server cron jobs to /etc/cron.d/ 2019-05-29 16:32:31 +02:00
Patrick Uiterwijk
2b6e906b70 Add VPN vhost 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 16:31:49 +02:00
Patrick Uiterwijk
a1154c47c3 totp: For the VPN route, do not include phx2 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 16:27:41 +02:00
Kamil Páral
ddc1e9c7d2 taskotron: install imagefactory-client cron jobs into /etc/cron.d 2019-05-29 15:59:08 +02:00
Kamil Páral
076ce8ea28 taskotron: install grokmirror cron jobs into /etc/cron.d 2019-05-29 15:47:32 +02:00
Kamil Páral
5b5b898c26 taskotron-dev: add a missing cron file 
I forgot about it in my previous commit 987ba63be3.
 2019-05-29 15:34:34 +02:00
Kamil Páral
987ba63be3 taskotron-dev: try a better way to deploy cron files 2019-05-29 15:32:31 +02:00
Kamil Páral
c94ff57bab taskotron: use F30 on minions even in production 2019-05-29 14:56:51 +02:00
Kamil Páral
7f338804b2 taskotron: use F30 minions on stg 2019-05-29 13:27:31 +02:00
Patrick Uiterwijk
743e75249c tag2distrepo is now fully koji-based 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 10:58:27 +02:00
Patrick Uiterwijk
8dbaa4908d Remove fas CA from koji 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 10:55:50 +02:00