Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
36746 commits 9 branches 0 tags 111 MiB
Commit graph

36746 commits

This branch
This branch
All branches
Author SHA1 Message Date
Kevin Fenzi
9eed96e3d6 proxies: open ocp4 api port in both stg and prod 
This fixes ticket 10521.

Basically we want to just open the api. It requires auth to do anything
and other openshift instances have it available, so it shouldn't
hopefully expose us to too much risk. With ocp3 the api was part of the
normal port/web flow, but with ocp4 it's a seperate port.

This also adds new workers to haproxy. I can drop that part if it's
controversal, but it should be fine I would think.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-03-03 22:29:37 +00:00
Kevin Fenzi
d1230db516 buildvm-s390x kvm builders: increase memory from 10g to 13g 
We should be able to do this without too much overcommitting and it
could help builds avoid OOM (see devel list thread)

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-03-03 22:27:52 +00:00
Kevin Fenzi
2afcc62cc6 proxies: update *.id.fedoraproject.org wildcard to 2022 version 
The old 2020 cert expires on 2022-03-07 which is only 5 days from now.
This moves it to a new 2022 cert that lasts 1 year.
This will need the proxies playbook run after it's pushed.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-03-03 22:17:55 +00:00
František Zatloukal
bcd9ac55e0 Oraculum: cleanups and preparations for api/v2 2022-03-03 15:55:02 +01:00
Michal Konečný
7587e9c805 [toddlers] Add bugzilla API key to config 
This is the preparation for the end of support for authentication by username
and password by bugzilla.

This configuration value is not used for anything right now, but there is
already [PR](https://pagure.io/fedora-infra/toddlers/pull-request/94) created
in toddlers that will make use of this config value.

Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2022-03-03 09:57:37 +00:00
Kevin Fenzi
a81c3749b8 joystick: drop app for now, we are likely going to deploy something else. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-03-02 17:28:01 -08:00
Kevin Fenzi
a637f020f3 inventory: add notifs stg hosts to python34_fedmsg group 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-03-02 16:45:08 -08:00
Kevin Fenzi
eee862c9a6 notifs / staging: fix missing = 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-03-02 15:31:39 -08:00
Kevin Fenzi
e2f4b0dfa2 proxies / copr: re-add copr site so we update the cert on it next time. pushing this during freeze as it is an outage of copr stuff 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-03-02 14:55:14 -08:00
Kevin Fenzi
a1ff74354d notifs / staging: adjust roles to be more correct in staging 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-03-02 12:34:35 -08:00
Kevin Fenzi
f885bd1ce1 group_vars/all: fix stray eth0_ipv4 from old network setup 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-03-02 12:20:23 -08:00
Kevin Fenzi
5cf1eae655 group_vars/all: default to first dns server 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-03-02 12:18:21 -08:00
Kevin Fenzi
b805a22231 notifs-web01.stg should be on a staging vmhost 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-03-02 12:14:32 -08:00
Kevin Fenzi
c96cb3961c notifs: add staging instances of notifs 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-03-02 12:07:13 -08:00
Kevin Fenzi
6260673484 update SAML2 data for bugzilla.redhat.com 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-03-01 16:58:23 -08:00
Kevin Fenzi
c7537a7bb9 staging: move to new wildcard stg cert 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-03-01 14:21:08 -08:00
Pavel Raiskup
e3bee776ea nagios/copr: start warning us on 12% of backend storage 
There's 15T (and we can enlarge the volume to 16T).  12% is still 1.8T.
 2022-03-01 10:03:04 +01:00
Kevin Fenzi
607c90c306 add bvmhost-p09-01.stg 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-02-28 16:31:08 -08:00
Kevin Fenzi
b686547765 dhcp: fix hostname for one mgmt host 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-02-28 16:21:19 -08:00
Kevin Fenzi
f0d9c5f7b5 fix ; typo 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-02-28 14:39:53 -08:00
Kevin Fenzi
d3222e79e3 move 2 power9 mgmt interfaces to the same vlan their hosts are on because openbmc is anoying 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-02-28 14:36:36 -08:00
Pavel Raiskup
c78ad03ea7 copr-builders: typo, use dnf -y 2022-02-28 18:17:53 +01:00
Pavel Raiskup
50e91eed5a copr-builders: disable zram0 
We need to "permanently" disable zram0 when the builder image is
created, so this is just a hot-fix that let us experiment...

Relates: https://pagure.io/copr/copr/issue/2077
 2022-02-28 18:10:27 +01:00
Pierre-Yves Chibon
8f474d4d9c people: increase pingou's quota on fedorapeople 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2022-02-25 14:11:02 +01:00
Miro Hrončok
349238d224 ftbfs_weekly_reminder: Don't use password or it would be eaten 
Fixes https://pagure.io/releng/issue/10642
Related to https://pagure.io/fedora-infrastructure/issue/10525

Depends-On: https://pagure.io/releng/pull-request/10665

Signed-off-by: Miro Hrončok <miro@hroncok.cz>
 2022-02-24 18:41:49 +00:00
Adam Williamson
bb31efdf5d greenwave: enable gating for Fedora 36 (Branched) 
Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2022-02-24 09:34:53 -08:00
Mattia Verga
9bbd59aafb bodhi: switch stg to asynch gunicorn workers 
Signed-off-by: Mattia Verga <mattia.verga@tiscali.it>
 2022-02-24 09:21:12 +01:00
Mattia Verga
903df7e9e9 bodhi: use BZ API key in staging 
Signed-off-by: Mattia Verga <mattia.verga@protonmail.com>
 2022-02-23 19:53:51 +00:00
Kevin Fenzi
54a700eb00 review-stats: change stg var to use _ instead of . so it does not think it is a attribute 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-02-23 11:50:56 -08:00
Mattia Verga
78dc48bb8d review-stats: switch to API key authentication 
Signed-off-by: Mattia Verga <mattia.verga@protonmail.com>
 2022-02-23 19:44:52 +00:00
Matěj Grabovský
a0d4beab0d retrace: Explicitly add opsys release; improve error handling 
- Explicitly register supported CentOS and Fedora releases using
  `faf releaseadd`.
- Ignore "errors" of the "already defined" kind.
 2022-02-23 13:04:16 +01:00
Matěj Grabovský
94a9ff5aab retrace: Update package repositories 
- Add Fedora 36 repositories to production and drop F33.
- Switch staging to Fedora 35 only.
- Fix Rawhide name and URL on prod.
 2022-02-23 13:04:02 +01:00
Matěj Grabovský
500ed7e0cd retrace: Skip source arch when cleaning up 2022-02-23 13:03:55 +01:00
Michal Konečný
e9feda0a56 [the-new-hotness] Use API key for bugzilla authentication 
Because the user and password authentication will no longer work with Bugzilla
from 28th February let's switch to API key in staging.

Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2022-02-23 12:28:26 +01:00
Kevin Fenzi
2ca4c402f5 Fedora 36 Beta Freeze in effect 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-02-22 11:37:49 -08:00
Kevin Fenzi
3e70e54255 aliases: add osbuild-automation-bot alias 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-02-22 11:20:21 -08:00
Kevin Fenzi
1d51b147de robosignatory: sign f36-gnome 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-02-22 11:15:10 -08:00
Tomas Hrcka
4ff50570a9 F36 - enable bodhi for updates 
Signed-off-by: Tomas Hrcka <thrcka@redhat.com>
 2022-02-22 14:01:25 +00:00
Stephen Smoogen
43274bf7b4 Attempt to fix a broken j2 config which is behind a comment. This caused django startup of various web daemons to fail. 2022-02-22 08:51:51 -05:00
Pavel Raiskup
928cf866f4 copr-fe: enforce https everywhere except for repo files 
- Drop WSGIPassAuthorization, no authorization on http://
- Drop 'WSGIProcessGroup repo' for port 80.  Repo consumers should go
  through https:// too (dnf-plugins-core's default) anyways.  So any
  repo-file traffic over plain http:// would be more visible in the
  port80 process group
- Add RewriteCond+RewriteRule config for the automatic redirect

Relates: https://pagure.io/copr/copr/issue/2100
 2022-02-22 11:06:08 +01:00
Kevin Fenzi
88fbb2607e dhcp: add worker04.stg to dhcp 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-02-21 16:26:27 -08:00
Kevin Fenzi
5702e2491b inventory: update hardware group and various other places 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-02-21 15:10:08 -08:00
Jakub Kadlcik
6a654a4bba copr: create per-task-logs symlink even on production 
We don't want to mount volume for /var/lib/copr-dist-git anymore.
 2022-02-21 21:33:09 +01:00
Kevin Fenzi
b408e1ad64 nagios: update all the openshift4 compute nodes for monitoring 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-02-21 12:28:43 -08:00
Kevin Fenzi
ab4db445c1 blockerbugs: Moved to openshift, remove old ansible stuff 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-02-21 11:49:41 -08:00
Kevin Fenzi
c520b42230 datagrepper has moved to openshift. Remove old ansible remnants. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-02-21 11:44:13 -08:00
Kevin Fenzi
baa85df67c buildhw-a64-05 and buildhw-a64-08 are dead, rip. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-02-21 11:42:34 -08:00
Kevin Fenzi
92945b3a27 nagios: add a bunch more mgmt interfaces 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-02-21 11:20:48 -08:00
Kevin Fenzi
1e712cdc30 Revert "Revert "wildcard-2022.fedoraproject.org cert"" 
This reverts commit 4430178b29.

It's time to put this back before the cert expires and before we go into
Beta freeze. Hopefully the odd issue with armv7 qemu guests having a
time behind real time is not still happening.
 2022-02-21 10:19:17 -08:00
Jakub Kadlcik
c98410fd08 copr: don't set the per-task-logs permissions 
It doesn't work. I suspect it changes ownership of the `src` file
instead of the destination. And we don't need that.
 2022-02-21 19:09:54 +01:00