Infrastructure/ansible
5
0
Fork 0
Code Issues Pull requests 3 Projects Releases Packages Wiki Activity Actions
42383 commits 9 branches 0 tags 110 MiB
Commit graph

280 commits

Author SHA1 Message Date
Ryan Lerch
62952df107 ansiblelint fixes-- fqcn[action-core] - file to ansible.builtin.file 
Replaces many references to  file: with ansible.builtin.file

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-15 10:41:52 +10:00
Ryan Lerch
691adee6ee Fix name[casing] ansible-lint issues 
fix 1900 failures of the following case issue:

`name[casing]: All names should start with an uppercase letter.`

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-14 20:20:07 +10:00
Pavel Raiskup
501b5ce8de copr: skip the base's rootpw settings 2024-11-29 18:51:16 +01:00
James Antill
602723ed45 Compress fedora_stats *.log files automatically with xz. 
Signed-off-by: James Antill <james@and.org>
 2024-07-17 19:17:40 +00:00
Stephen Smoogen
432a3a497b Go through and remove entries for EL6 and EL7 
Using `git grep el6` and `git grep el7` and variants like EL-7 or
el-7, I found various entries and files which were no longer needed
with the current ansible. I updated text or tests to later versions of
RHEL as needed.

found entries for the fedora ami's for the original cloud and removed
those entries also.

Signed-off-by: Stephen Smoogen <ssmoogen@redhat.com>
 2024-07-03 22:20:30 +00:00
Kevin Fenzi
dd12a25400 logrotate: this has to replace the rsyslog file, not add rsyslog-logroate 
Missed this in review, but if we do this it causes logrotate to error
out because there's a rsyslog and a rsyslog-logrotate files with the
same log files mentioned. So, we need to just replace the stock rsyslog
file and not use the ryslog-logrotate one. ;)

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2024-01-17 08:47:07 -08:00
Michal Konecny
b502cbbc19 [base] Fix proxy playbook 
https://pagure.io/fedora-infra/ansible/pull-request/1718 introduced failure when
running proxies ansible playbook, this commit should fix that.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-01-16 10:42:27 +01:00
Andrew Heath
f97666a75d Add logrotate for proxy systems 
Added rsyslog logrotate cong for proxy systems and a task land the
configs as well as fix some yamllint errors.
 2024-01-15 09:55:20 +00:00
Kevin Fenzi
e8a7d63a5e base: run update with force to make sure its setup right 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-11-27 13:30:56 -08:00
Kevin Fenzi
590819397c blocklist: drop output for now until I can sort out why its outputting anything 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 18:18:51 -07:00
Kevin Fenzi
3200014f8f base / blocklist: use bool filter 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 16:15:44 -07:00
Kevin Fenzi
a57c71a170 base: tag blocklist 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 15:36:15 -07:00
Kevin Fenzi
623c0f45bd base / iptables: rework how this blocklist works 
Just rip out the parts here as they are no longer needed.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 12:41:54 -07:00
Kevin Fenzi
0fb53e0fba base: only compress logs on log01, not everything 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-06-27 08:31:31 -07:00
Kevin Fenzi
e06db2465a base / iptables: fix last conditional 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-06-26 13:27:06 -07:00
Kevin Fenzi
f1eaa5d773 base / iptables: simplify logic 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-06-26 13:23:38 -07:00
Kevin Fenzi
03abad159d base / iptables: one more typo 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-06-26 13:04:43 -07:00
Kevin Fenzi
c5773c8c45 base / iptables: fix some syntax issues 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-06-26 13:04:15 -07:00
Kevin Fenzi
765363e04d base / iptables: fix protocol, use creates for commands 
iptables -p is expecting all, not any.
And create a file to track when we have made the ipset.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-06-26 12:58:21 -07:00
Kevin Fenzi
fbe288a422 base / iptables: adjust conditional to not depend on datacenter for non iad2 hosts 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-06-26 12:52:25 -07:00
Kevin Fenzi
679f7f6f16 iptables: clean up osbuild and add a external block set scaffolding 
Setup osbuild so it only needs to exist on the specific builders in the
osbuild channel, not all builders.
Also, setup things so we can add a blocklist that will block external
subnets/ip's if we need to do so. Currently it should just be an empty
set, but we can implement it as needed/desired starting with the ips we
already were blocking on just some hosts.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-06-26 12:41:07 -07:00
Seddik Alaoui Ismaili
b79003cfda compress merged logs under /var/log/hosts 2023-06-22 20:50:46 +00:00
Kevin Fenzi
afb783d989 log01 / rsyslog: install the ca cert and use it in the file 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-05-04 11:36:56 -07:00
Seddik Alaoui Ismaili
a1e6a14e17 log forward to splunk 2023-05-04 09:03:57 +00:00
Kevin Fenzi
f46beef7ac base: update list of build machines 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-12-05 16:35:48 -08:00
Kevin Fenzi
8cfa0a2a0b base: you cannot redirect in a command 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-08-01 12:34:38 -07:00
Kevin Fenzi
08ccdd41fc base: make sure we install and setup ipset for builders 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-08-01 12:31:20 -07:00
Kevin Fenzi
17959a301c base: no more docker anywhere, drop this 
We aren't using docker anywhere anymore, so we don't need to uselessly
try and restart it all the time.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-06-02 15:14:54 -07:00
Kevin Fenzi
eb991fa9c1 base / big network cleanup 
Everything should now be using linux-system-roles/network, so we drop
our hacky nmcli calls and everything that referred to them, including
exclude variables. Also, lets just let NM handle resolv.conf so it's not
wrong all the time on reboots.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-01-26 12:14:23 -08:00
Pavel Raiskup
408a990a24 base: try s/dnf/package/ module 
TASK [base : Ensure iptables is installed] ************************************
Wednesday 05 January 2022  10:49:01 +0000 (0:00:00.251)       0:01:17.816 *****
Wednesday 05 January 2022  10:49:01 +0000 (0:00:00.251)       0:01:17.815 *****
fatal: [noc02.fedoraproject.org]: FAILED! => {"changed": false, "cmd":
"dnf install -y python2-dnf", "msg": "[Errno 2] No such file or directory", "rc": 2}
 2022-01-05 13:03:37 +01:00
Mark O Brien
148f8307d7 base: ensure iptables is installed 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2021-12-21 17:06:32 +00:00
Nils Philippsen
c782eceae1 Move syncHttpLogs.sh into web-data-analysis role 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-07-23 13:06:23 +02:00
Kevin Fenzi
5d6f460b42 buildvm_s390x: the z/vm s390x instances use enc900 as network interface 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-07-07 13:43:22 -07:00
Kevin Fenzi
ad91eae586 base: adjust grouping to give the desired result in when for NM tweaking 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-07-07 12:56:46 -07:00
Aurélien Bompard
00e8e4eb25
Don't get a keytab on IPA itself 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-02-11 12:34:22 +01:00
Mark O'Brien
8c00c6840b iptables change wasnt needed 2020-11-24 17:35:33 +00:00
Mark O'Brien
a426b0e240 no iptables on Centos 8 2020-11-24 17:26:29 +00:00
Kevin Fenzi
4e63bbb7b2 Add a crypto-policies to set to LEGACY on fedora 33 hosts 
This is needed to get our 2fa working.
We should drop this once we are moved to sssd.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-10-29 10:17:04 -07:00
Stephen Smoogen
15348981f8 try to fix part of ticket #9273 by increasing the number of open files allowed on log servers and people as they have a large number of files to deal with. 2020-08-28 08:26:19 -04:00
Kevin Fenzi
f551e07637 base: use linux system roles network role for hosts that define network_connections 
This is VASTLY better than the hack we have in base now to try and setup
ifcfg files. It uses a standard role that has lots of options and does
the right thing with NetworkManager. Ideally we would switch everything
to this, but lets try it here first to see. It should work with bridges,
etc as well.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-08-13 10:37:12 -07:00
Kevin Fenzi
f56d189995 base / dist enabled services 
At some point not too long ago we set 'logrotate.timer' as a dist
enabled service. This mostly works fine as all supported Fedora and RHEL
releases have this. However, we still have some old unsupported hosts
(like notifs-backend01) and this caused playbooks to fail on them.
So, lets conditionalize it only to newer ones so we can run playbooks on
the EOL ones.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-02 14:50:46 -07:00
Adam Williamson
ddced53a85 Better remove the old file too... 
Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2020-06-12 09:47:28 -07:00
Adam Williamson
1a3ee7c6a1 Minimize another use of blacklist 
Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2020-06-12 09:45:20 -07:00
Adam Williamson
7a82a5a7d5 Rename ansible_ifcfg_{black,white}list to {block,allow}list 
Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2020-06-11 15:22:09 -07:00
Stephen Smoogen
8d188f2e17 fix the case on grep as it matters 2020-06-05 10:39:05 -04:00
Stephen Smoogen
75d1b3c715 ppc interfaces are coming up as enp<BLAH> 2020-06-05 10:36:51 -04:00
Stephen Smoogen
a93c9169f5 fix logic to work with eno interfaces and add in logic for dual datacenters 2020-05-28 18:37:17 -04:00
Stephen Smoogen
75b78ea9f6 add eno to interfaces 2020-05-25 17:13:50 -04:00
Kevin Fenzi
4b7c31a882 cleanup: remove all the duplicate tests for selinux python bindings in favor of the ones in base. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-16 10:54:58 -07:00
Kevin Fenzi
9edbfa6a39 iad2: only install the default PROD prompt in non iad2 datacenters 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-06 13:56:02 -07:00