Found the reason that the definitions I had put were not
working. There were two different ones and i was looking at the wrong
one. Put the two tasks with the same logic so things should work no
matter which one is run.
For some reason the vmhost-x86-copr systems are not using the correct
main.cf even though we have told the variables which one to use. I am
trying a second method to try and force this, but will have to come up
with a different datacenter definition for these otherwise as I can't
figure out why the code is different.
This ACL turns out to be too confusing to users as it currently
does not work with our OIDC set-up with fedpkg.
Once we'll have figured out how to make both work together or
keep one and remove the other, we can revisit.
Keeping this in staging so we have a place where we can experiment
with this.
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
Found the reason that the definitions I had put were not
working. There were two different ones and i was looking at the wrong
one. Put the two tasks with the same logic so things should work no
matter which one is run.
For some reason the vmhost-x86-copr systems are not using the correct
main.cf even though we have told the variables which one to use. I am
trying a second method to try and force this, but will have to come up
with a different datacenter definition for these otherwise as I can't
figure out why the code is different.
First we add in a vmhost_copr playbook which is basically the regular
virthost but meant to limit things for copr admins via rbac.
Second we add in host and group variables which will use the ansible
module for setting up networks. This allows for bridging to work out
of the box and makes sure we know the mac addresses.
First we add in a vmhost_copr playbook which is basically the regular
virthost but meant to limit things for copr admins via rbac.
Second we add in host and group variables which will use the ansible
module for setting up networks. This allows for bridging to work out
of the box and makes sure we know the mac addresses.
Otherwise it goes back to using sysadmin-main which is the default
value, while here we want to rely on a list of users, not a group.
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
This worked in prod, but in staging the queue isn't starting with the
username because that has a .stg in it. So, we need to also have the
queue's have .stg in the name.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
With set_facts, if an element of a list is undefined, the containing
fact variable becomes a string. Something Sirius Cybernetics Corporation
something something.
Signed-off-by: Nils Philippsen <nils@redhat.com>
The `ipa_server_admin_passwords` contains the passwords of the admin
users of all IPA servers affected in a play. Don't loop over them
directly to avoid divulging them in the logs or on the console.
Signed-off-by: Nils Philippsen <nils@redhat.com>
