Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
34576 commits 9 branches 0 tags 111 MiB
Commit graph

34576 commits

This branch
This branch
All branches
Author SHA1 Message Date
Nils Philippsen
5521d83040 ipa/client: Deal with hosts without IPA settings 
Don't attempt to loop over undefined variables. This can happen if the
relevant `ipa_*` variables aren't defined for any host in the play.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-16 14:16:40 +01:00
Kevin Fenzi
4fbe37e9e2 Disable no longer used/mirrored/needed openshift for rhel7 repo. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-15 15:25:26 -08:00
Pierre-Yves Chibon
b2b6bc8bcb distgit/pagure: make the short commit be 7 chars 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-15 14:59:27 +01:00
Michal Konečný
cb4ea556a9 the-new-hotness: Add time to log 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-02-15 12:50:47 +01:00
Michal Konečný
086ec5dabc release-monitoring: Add time to log 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-02-15 12:46:36 +01:00
Kevin Fenzi
681fa8550c koji_builder: ppc64le builders also dont want rngd 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-12 16:00:12 -08:00
Nils Philippsen
cd551a0f07 ipa/client: Split up shell access HBAC rule tasks 
Need to create the rule, then add members to it.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-12 18:26:05 +01:00
Nils Philippsen
193aefa78e ipa/client: Don't log IPA admin password 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-12 18:18:26 +01:00
Mark O'Brien
f1f7d6d929 updated osbs playbooks run in main.yml 2021-02-12 17:09:22 +00:00
Nils Philippsen
2bf34099e2 ipa/client: Fix ensuring hosts exist in groups 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-12 18:08:03 +01:00
Nils Philippsen
686768423e ipa/client: Build missing ipa_server_user_groups 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-12 17:52:39 +01:00
Stephen Coady
7ada76d200 Manage bastion email aliases using fasjson 2021-02-12 16:17:23 +00:00
Aurélien Bompard
2fde74e20f
Use the final centos accounts name 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-02-12 16:16:17 +01:00
Aurélien Bompard
3429a210b3
Fix the IPA uninstall script again 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-02-12 16:08:29 +01:00
Nils Philippsen
3d1c5218f7 ipa/client: Combine operations on the IPA server 
The reason for this is to avoid having to do the same or similar things
over and over again for each host in the play, especially since these
operations are delegated to the IPA server, i.e. had to run sequentially
host after host in order to avoid race conditions.

To achieve this, the IPA client related group variables are prepared in
suitable structures in `prepare-ipa-info.yml` and consumed by
`common.yml`, `hbac.yml` and `sudo.yml`, which do most operations in one
go per e.g. host group on the affected IPA server(s).

Additionally:
- Remove compat for legacy `fas_client_groups`, only check for its
  presence and warn.
- Remove the prepared but masked out task to manage password-less sudo
  access.
- Make yamllint a little happier on the changed files.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-12 14:25:25 +00:00
Mark O'Brien
fdcd55c176 add ipa/client role to the rest of the playbookd for staging 2021-02-12 14:22:40 +00:00
Mark O'Brien
4e33f7c5d7 remove trailing backslash 2021-02-12 14:22:40 +00:00
Mark O'Brien
5e3848ad7b add ipa client role to hosts with no fas in staging 2021-02-12 14:22:40 +00:00
Stephen Smoogen
68aa3227e1 Remove ip address 2021-02-12 08:28:34 -05:00
Aurélien Bompard
6252a33965
Fix multiple errors in the ipa uninstall playbook 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-02-12 13:51:18 +01:00
Stephen Smoogen
65f6438361 EMERGENCY BLOCK: 135.181.183.144 to people 2021-02-12 07:07:56 -05:00
Pierre-Yves Chibon
a32dabc92e nagios_client: install the pagure systemd checks on all pagure instances 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-12 12:37:26 +01:00
seddikalaouiismaili
890dd31cb0 script to monitor systemd units on pagure 2021-02-12 11:34:57 +00:00
Aurélien Bompard
aace9bb2cc
New certificate for IPA in staging 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-02-12 11:39:24 +01:00
Pierre-Yves Chibon
7868dcfa81 distgit/pagure: add a hotfix tag where we fix the /var/log/pagure folder 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-12 09:52:00 +01:00
Pierre-Yves Chibon
30336150a8 pagure: add another tag 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-12 09:52:00 +01:00
Mohan Boddu
bac8bc67ed Use f35 key for eln-rebuild 
Signed-off-by: Mohan Boddu <mboddu@bhujji.com>
 2021-02-11 19:22:45 -05:00
Mohan Boddu
2bb5a03b7f Use f35 key for eln 
Signed-off-by: Mohan Boddu <mboddu@bhujji.com>
 2021-02-11 18:37:08 -05:00
Kevin Fenzi
e1ff498057 greenwave: set warning on nagios check of queue to 50 from 10 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-11 11:32:52 -08:00
Kevin Fenzi
2e415fc383 koji_hub / kojira: restart kojira when kojira.conf changes 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-11 09:23:15 -08:00
Mohan Boddu
3af1bf0374 F34 is in preenable state 
Signed-off-by: Mohan Boddu <mboddu@bhujji.com>
 2021-02-11 11:30:52 -05:00
Aurélien Bompard
ab94dc42eb
IPA: until we get the ipaselfservice module, we need the admin ticket 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-02-11 13:42:23 +01:00
Aurélien Bompard
f29bd5f92c
Cut'n'paste is the root of all evil 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-02-11 13:39:01 +01:00
Aurélien Bompard
8f9076c6d7
IPA: fix commands for nis and compat 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-02-11 13:05:25 +01:00
Aurélien Bompard
00e8e4eb25
Don't get a keytab on IPA itself 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-02-11 12:34:22 +01:00
Ryan Lerch
a137af00ca Set noggin default avatar to retro 
The default in noggin for the libravatar default avatar (i.e. the avatar
that shows when a user hasnt set their avatar) is an autogenerated
robot.

However, the majority of other applications in Fedora Infra use the
"retro" avatar option. This changes the config of noggin in Fedora
Accounts to use the retro option, rather than the robot one.

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2021-02-11 10:57:23 +00:00
Pierre-Yves Chibon
eba9565e3b pagure: make the instance-wide admins be a list of users rather than a group 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-11 10:58:55 +01:00
Aurélien Bompard
a545c86f4a
Ignore uninstall errors 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-02-11 10:41:06 +01:00
Aurélien Bompard
c62c35dd6a
Add ipa_host_group for Ipsilon 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-02-11 10:00:36 +01:00
Kevin Fenzi
2e0d7b1b18 Add missing d from last commit 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-10 20:33:05 -08:00
Kevin Fenzi
3e3f7f9cf4 Fix line wrapping issue in last commit 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-10 20:13:18 -08:00
Kevin Fenzi
a5e9b375fa fedocal: put the entire old group file back. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-10 20:03:31 -08:00
Kevin Fenzi
421f5b7cd8 koji_hub / koji_builders: enable save_failed_tree 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-10 16:19:41 -08:00
Kevin Fenzi
acbf9e21f7 base / crypto-policy: always run, even in check mode 
We need to always run these even in check mode, because they register
things used in the last one of them. So, this could change this in check
mode if we modify it. Be careful!

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-10 15:13:19 -08:00
Kevin Fenzi
b8bdf78196 mailman: adjust list footer to include spam reporting info 
See:
https://pagure.io/fedora-infrastructure/issue/9629
for more information.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-10 13:06:22 -08:00
Adam Williamson
09d42a7793 openqa/worker: update lab scratch build 
Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2021-02-10 11:08:24 -08:00
Aurélien Bompard
c5757a1bf6
Typo 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-02-10 18:02:41 +01:00
Aurélien Bompard
61eb449df1
No variable substitution outside of playbooks 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-02-10 18:00:15 +01:00
Pierre-Yves Chibon
dfc2844214 distgit/pagure: redirect users viewing files in the old default branch to the new default one 
Fixes https://pagure.io/fedora-infrastructure/issue/9620

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-10 17:58:53 +01:00
Aurélien Bompard
666e6e1685
Can't import a playbook from inside a playbook 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-02-10 17:55:09 +01:00