Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
39738 commits 9 branches 0 tags 111 MiB
Commit graph

39738 commits

This branch
This branch
All branches
Author SHA1 Message Date
Kevin Fenzi
3200014f8f base / blocklist: use bool filter 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 16:15:44 -07:00
Kevin Fenzi
9bdfc98497 buildvm_s390x: not external 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 15:59:42 -07:00
Tomáš Hrčka
1e91c2c075 Update roles/openshift-apps/toddlers/templates/fedora-messaging.toml 2023-08-15 22:56:05 +00:00
Timothée Ravier
7fbe1323fc roles/pkgdb-proxy: Update Fedora 39 version & update_date 
Fixes: 2586c03c3f Branch Fedora 39 from Rawhide
 2023-08-15 22:49:23 +00:00
Kevin Fenzi
a57c71a170 base: tag blocklist 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 15:36:15 -07:00
Kevin Fenzi
0066f3cc68 proxies / fedmsg_monitoring: revert part of last config change 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 14:37:27 -07:00
Kevin Fenzi
1c0516c831 nagios_client: adjust fedmsg monitoring 
Copy the fixes from exceptions monitoring to backlog.
Fix the calls that were passing a trailing - which isn't needed anymore.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 14:25:56 -07:00
Andrew Heath
c5daa84f53 Have script check for fedmsg socket 2023-08-15 21:18:18 +00:00
Francois Andrieu
0ce267205f
host_reboot.yml: remove ntpdate 2023-08-15 21:58:19 +02:00
Kevin Fenzi
61e70e910f dns: servers are external 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 12:45:12 -07:00
Kevin Fenzi
623c0f45bd base / iptables: rework how this blocklist works 
Just rip out the parts here as they are no longer needed.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 12:41:54 -07:00
Kevin Fenzi
e524963387 iptables: fix conditional 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 12:23:08 -07:00
Kevin Fenzi
5936815f75 iptables / staging: more adjusting 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 12:18:21 -07:00
Kevin Fenzi
363af73e57 iptables / staging: fix the actual used template 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 12:11:22 -07:00
Kevin Fenzi
a14b081ab3 proxies / staging: set external as a host var 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 12:08:39 -07:00
Kevin Fenzi
6ada4829fa base / iptables: simplify conditional even more to perhaps actually work 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 12:05:59 -07:00
Kevin Fenzi
fcd3e67484 base / iptables: simplify conditional to perhaps actually work 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 12:02:49 -07:00
Kevin Fenzi
4fffa25daf proxies are external 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 11:49:04 -07:00
Kevin Fenzi
53d5299895 koji_builder: disable bootstrap images in mock for the time being 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-14 18:05:30 -07:00
Kevin Fenzi
5493dd255b flatpak / kojid plugin: use docker:// for registry 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-14 17:28:23 -07:00
Kevin Fenzi
94a5911577 vhost_reboot: update for newer syntax 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-14 14:10:26 -07:00
Owen W. Taylor
f3c44a3ca3 Enable koji-flatpak plugin for staging 
Just for staging for now:
 - enable 'podman-login' role for the buildvm group, so built Flatpaks
   can be pushed to the skopeo registry.
 - add the koji-flatpak hub plugin to koji_hub role
 - add the koji-flatpak builder plugin to the koji_builder role
   and configure it.

Signed-off-by: Owen W. Taylor <otaylor@fishsoup.net>
 2023-08-14 19:27:31 +00:00
Francois Andrieu
e264bc8cae
zabbix_server: fix saml setting + extract idp cert 2023-08-14 21:26:17 +02:00
Kevin Fenzi
8f6a5122ce download: update ip address for tier1 mirror 
See https://pagure.io/fedora-infrastructure/issue/11471

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-14 12:20:00 -07:00
Kevin Fenzi
a0581c2705 koji / staging_sync: bump ip a bunch to avoid conflicts in stg 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-14 12:19:38 -07:00
Francois Andrieu
9af1e4cdbd
zabbix_server: set https baseurl 2023-08-14 20:40:10 +02:00
Francois Andrieu
51baa7e1dd
zabbix_server: add tags to main.yml 2023-08-14 20:32:28 +02:00
Francois Andrieu
9f32846426
zabbix_server: install idp cert 2023-08-14 20:22:48 +02:00
Adam Williamson
8286b8f6c8 Port check_nagios_notifications.py to Python 3 
Saw from one of the emails this morning that this isn't running
because there's no python2 on whatever system it was trying to
run on. This ports it to Python 3 (thanks, 2to3) and cleans up
the formatting (thanks, black). I tested it with a random sample
file I found lying around the internet -
https://github.com/bahamas10/node-nagios-status-parser/blob/master/status.dat
and it seems to do what it's supposed to do.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2023-08-14 08:58:54 -07:00
Francois Andrieu
6af2bb2619
ipsilon: add zabbix stg sp 2023-08-14 16:50:39 +02:00
Michal Konecny
4c2dc64958 [Pagure] Disable OIDC on production for now 
Limiting the number of processes to 1 caused unexpected error on production
instance. For more info see https://pagure.io/fedora-infrastructure/issue/10372#comment-868823

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-08-14 12:30:45 +02:00
Michal Konecny
88f7258c7b [Pagure] Enable OIDC on production 
As OIDC authentication works without issue on staging let's enable it on
production as well.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-08-14 11:25:39 +02:00
Kevin Fenzi
2a442cf7a7 koji_builder: increase stats on oz 
Lets increase stats for oz and see if that decreases compose time a bit.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-13 10:56:35 -07:00
Kevin Fenzi
b1fc001c0f db-koji01.stg: move the rhel9 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-13 09:44:50 -07:00
Kevin Fenzi
04574ff01a koji sync / staging: no more armv7 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-11 13:47:46 -07:00
Kevin Fenzi
60d1c37970 releng: add rpm-ostree to branched/rawhide composers 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-11 08:19:46 -07:00
Francois Andrieu
03f57ae414 add btrfs role 2023-08-11 13:25:07 +00:00
Aurélien Bompard
44ce99733e Pagure: only use a single apache process 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2023-08-11 12:29:10 +00:00
Francois Andrieu
ce45b1775e
ocp: renew internal ingress certificates 2023-08-11 12:50:57 +02:00
Michal Konecny
a4ddf54509 [Pagure] Limit the httplib2 task by tags 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-08-11 12:04:09 +02:00
Aurélien Bompard
1e26cf9246 Some more fixes to get Pagure to work with OIDC on staging 
- patch the httplib2 library to avoid hardcoding TLSv1
- set the missing configuration variables in `pagure.cfg` (they have no
  defaults)
- set the password for the future production version of
  `client_secrets.json`

Also note that in the private ansible repo, the Pagure client
configuration in Ipsilon was fixed: the `token_endpoint_auth_method`
variable was set to `"client_secret_post"`.

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2023-08-11 11:39:03 +02:00
Michal Konecny
a05113b48d [Pagure] Fix the client_secrets.json 
The `env_suffix` variable doesn't work in case of pagure. So we need to do it
different way.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-08-11 11:36:38 +02:00
Adam Williamson
558e9a31fd Drop an obsolete bug note from greenwave playbook 
There's a comment in the issue linked here that says it was fixed
five years ago, so we probably don't need this comment any more?

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2023-08-10 09:14:13 +00:00
Adam Williamson
505e46f4dd greenwave: enable gating for new Rawhide (fedora-40) 
I think I have all tests passing for Rawhide updates again now,
so we can turn this on.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2023-08-09 16:25:46 -07:00
Kevin Fenzi
b02cc5a22c buildvm_osbuild: add dns_search for resolving things 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-09 12:57:53 -07:00
Kevin Fenzi
999e115ff7 buildvm_osbuild: set some more ipa vars 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-09 12:53:36 -07:00
Kevin Fenzi
991180558e buildvm_osbuild: set ipa server too 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-09 12:48:36 -07:00
Adam Williamson
5eccd8d36b greenwave: disabling gating on desktop_background for f39 
We don't have new F39 backgrounds yet, so this test will always
fail. Let's split the test into its own policy so we can easily
control whether we're gating on it (this will be useful for
future cycles, probably).

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2023-08-09 10:59:42 -07:00
Kevin Fenzi
700f1db5e3 robosignatory: switch eln to f40 signing 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-09 08:44:46 -07:00
Timothée Ravier
f52e01db6e bodhi2/backend/templates/pungi.rpm: Add Onyx config 
Add configuration for Onyx variant.

See: https://pagure.io/pungi-fedora/blob/main/f/fedora.conf#_976
 2023-08-09 14:30:40 +02:00