Using the machine's own hostname works for the ansible delegate
stuff but doesn't work for openQA itself (if you try and access
the DB by hostname like this, postgres denies access; you have
to use 'localhost' for postgres to allow it). Using 'localhost'
works for postgres but doesn't do the right thing for delegation.
Let's use 'localhost' and split the two play steps into
delegated and non-delegated versions.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
Looks like this role hasn't been used on a Fedora box for a
while so things are kinda broken. Re-arrange all the package
install sections to be together, use newer package names on
Fedora (the Fedora and EL >= 8 sections are identical for now
but I figured I'd keep them separate in case that changes), and
use the newer config file, not the older one, on Fedora.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
The config file should treat these as optional, not every openQA
instance wants to report results.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
We don't want to include this section if the vars aren't set.
Not every openQA server has to be an AMQP publisher.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
We now have all the collections that are used by Fedora Infra packaged
for EPEL 8 (the ansible control host runs on RHEL 8, as far as I know),
except community.postgresql. ansible-collection-community-rabbitmq[1]
and ansible-collection-community-libvirt[2] are new packages that are
still in epel8-next testing, so I would wait to merge this until they're
pushed.
I would also recommend clearing the current collections directory (`rm
-rf ~/.ansible/ansible_collections/*`) before merging this to ensure
that ansible uses the packaged versions and not the old versions that
were installed with ansible-galaxy.
[1]: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-a7237cc021
[2]: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-a9ccbc0012
Signed-off-by: Maxwell G <gotmax@e.email>
We changed this to DEFAULT:FEDORA32 a while back because the certs for
the old totpcgi sudo needed it to work. Now thats all gone and we are
100% on ipa and sssd, this should no longer be needed.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This also introduces the hotfix for the social_auth issue. So it should be
possible to login on staging.
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
The ocp3 cluster is reachable/available via the vpn, so any proxy can
reach it.
The ocp4 cluster is (at least for now) only reachable/available from the
iad2 proxies (proxy01/proxy10).
There's a firefox bug that causes it to reuse h2 connections, and in
some cases try and request something of a non iad2 proxy that it can't
reach. To work around this in those cases we need to send a 421 back to
the client so it doesn't do that.
This moves that logic into the template so all ocp4: true hosts do this
by default. Also, we default the balancer nodes so we only have to
change them in one place if we remove/add a compute node.
Finally, we mark all the ocp3 apps with 'ocp4: false' so we know what
they are and can move them more easily.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This reverts commit d3ab265a97.
Seems this is causing kojid to not start on most all of the prod
builders, leaving builds waiting forever. ;(
Reverting it for now.
