infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions
42912 commits 9 branches 0 tags 110 MiB
Commit graph

42912 commits

This branch
This branch
All branches
Author SHA1 Message Date
James Antill
69911c5d72 Enable IPv6 nftables. 
Signed-off-by: James Antill <james@and.org>
 2025-03-04 14:31:54 -05:00
James Antill
e83b42b572 Remove iptables cron and stop/disable services, when using nftables. 
Signed-off-by: James Antill <james@and.org>
 2025-03-04 14:14:37 -05:00
David Kirwan
200c9eb70d
forgejo: change to point at the fedora forked forgejo helm chart 
Add values template that is passed to helm at deploy

Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
 2025-03-04 15:48:57 +00:00
James Antill
ca18224faa Change osbuildapi set table to the ip filter table. 
Signed-off-by: James Antill <james@and.org>
 2025-03-03 17:08:20 -05:00
James Antill
224d98cbb0 Remove typo from kojibuilder nftables template. 
Signed-off-by: James Antill <james@and.org>
 2025-03-03 16:52:02 -05:00
James Antill
172cfc9efa Move staging builders to nftables. 
Signed-off-by: James Antill <james@and.org>
 2025-03-03 21:20:30 +00:00
James Antill
1c6c65844d Add new osbuildapi-update-nft.cron entries, and get it installed when nftables. 
Signed-off-by: James Antill <james@and.org>
 2025-03-03 21:20:30 +00:00
James Antill
4fac049b6a Actually install the nftable template file. 
Signed-off-by: James Antill <james@and.org>
 2025-03-03 21:20:30 +00:00
James Antill
b322316be5 Don't flush old osbuildapi entries in nftables land either. 
Signed-off-by: James Antill <james@and.org>
 2025-03-03 21:20:30 +00:00
James Antill
31d65aa439 Actually move to nftables for any host with nftables: true (nothing atm). 
Signed-off-by: James Antill <jantill@redhat.com>
 2025-03-03 21:20:30 +00:00
Aurélien Bompard
c9b9086535
Add missing j2 suffixes 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-03-03 10:18:14 +01:00
Anton Livaja
fd97971442 fix name to change anitya 2025-03-03 08:47:21 +00:00
Anton Livaja
6abd0b78b2 add base url for mapping stagex packages 2025-03-03 08:47:21 +00:00
Miroslav Suchý
c381c5a773 max concurent starting of ARM builders to 20 2025-03-03 09:44:19 +01:00
Miroslav Suchý
75df00270e bump numbers of reserved builders 2025-03-03 09:42:05 +01:00
Jakub Kadlcik
60f990bdb7 copr-fe: use mod_wsgi role 
Fix https://github.com/fedora-copr/copr/issues/3623
 2025-02-27 10:48:12 +01:00
Jakub Kadlcik
b168e806d8 copr-fe-dev: use mod_wsgi role 2025-02-26 10:58:51 +01:00
Carl George
42b0fcb33c koji_hub: add EPEL 9 and 10 to the prune policy 
Signed-off-by: Carl George <carlwgeorge@gmail.com>
 2025-02-26 01:49:27 +00:00
Carl George
092622b6bc bodhi2/backend: don't change epel-release-latest symlink if destination filename is the same 
https://pagure.io/epel/issue/318

Signed-off-by: Carl George <carlwgeorge@gmail.com>
 2025-02-26 00:33:27 +00:00
Aurélien Bompard
d11b793965
tabs to spaces 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-02-25 09:19:44 +01:00
Aurélien Bompard
938471e9f1
The clean packagers groups toddler needs a different keytab 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-02-25 09:18:51 +01:00
Aurélien Bompard
097b8f9214
Give the clean packagers groups toddler access to the corresponding service's keytab 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-02-25 08:54:06 +01:00
Jiri Kyjovsky
1e8c7dcba9 copr: we now use dnf5 on copr, theres no need of dnf-plugins-core then 2025-02-24 13:56:45 +01:00
Jiri Kyjovsky
bb9dd04964 frontend: provide stg url for oidc metadata 2025-02-24 11:18:47 +01:00
Jiri Kyjovsky
da9a451e34 copr: feed oidc env variables to frontend 2025-02-24 00:48:29 +01:00
Adam Williamson
6102284c0d Reapply fixed "Don't hardcode the branched number in Bodhi compose repo config" 
This reverts commit 6d4c6b0be1, but
fixes the problem.
 2025-02-23 19:19:15 +00:00
Patrik Polakovič
d63afb09d8 Remove all mentions of monitor-gating 
Signed-off-by: Patrik Polakovič <patrik@alphamail.org>
 2025-02-20 11:07:20 +01:00
Kevin Fenzi
6d4c6b0be1 Revert "Don't hardcode the branched number in Bodhi compose repo config" 
This reverts commit 13a95660e4.

Templating is wonky here.
 2025-02-19 10:24:10 -08:00
Adam Williamson
13a95660e4 Don't hardcode the branched number in Bodhi compose repo config 
There's no need for this to be hardcoded and manually updated,
we can template it. Add some clarifying notes on what happens
when Branched doesn't exist, and why it doesn't matter that we
don't set a correct config for the Rawhide release.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2025-02-19 18:10:53 +00:00
Aurélien Bompard
a508708744
IPA: do the toddlers user setup before destroying the admin ticket 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-02-19 12:20:08 +01:00
Aurélien Bompard
b3c7a683e2
IPA: setup a toddlers service to remove users from groups 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-02-19 12:16:05 +01:00
Kevin Fenzi
860daa90a3 vars / frozen: quote variable 
ansible wants variables like this quoted.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-02-18 15:30:40 -08:00
Carl George
4aa261f704 bodhi2/backend: keep using branch name for fedora comps 
Signed-off-by: Carl George <carlwgeorge@gmail.com>
 2025-02-18 17:22:55 -06:00
Carl George
89b5326271 bodhi2/backend: use major version only determine comps file name 
Signed-off-by: Carl George <carlwgeorge@gmail.com>
 2025-02-18 17:02:10 -06:00
Adam Williamson
88b6f9b6f3 Clarify the Frozen variable 
Per https://pagure.io/infra-docs-fpo/pull-request/361 there seems
to be substantial confusion about what the "Frozen" variable
means: does it refer to the infrastructure freeze, or a freeze
for the pending release? It seems like @kevin thought about it
as referring to the former, but the only practical use of it in
this repo treats it as the latter.

Let's make this clear with explicitly-named variables.
InfraFrozen tracks the infrastructure freeze, NextReleaseFrozen
tracks freezes for the pending release. We formerly had a var
called RelEngFrozen which had a similar meaning, but I like this
name more because the freeze doesn't apply to *all* releng
operations - just because the current Branched is frozen doesn't
mean Rawhide or stable releases are frozen.

We keep Frozen for 'backwards compatibility', in case anyone is
referring to this variable from outside of the repo.

This goes along with https://pagure.io/infra-docs-fpo/pull-request/361
which updates the SOPs.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2025-02-18 19:51:50 +00:00
Carl George
2e3eaabb1c Branch epel10.0 from epel10 
Signed-off-by: Carl George <carlwgeorge@gmail.com>
 2025-02-18 16:26:40 +00:00
Aurélien Bompard
a84201642d
FMN: hash_key arg has been replaced by secret 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-02-18 16:03:44 +01:00
Samyak Jain
0a5f23be98 Set Frozen to true - infra and releng freeze 
Signed-off-by: Samyak Jain <samyak.jn11@gmail.com>
 2025-02-18 14:59:13 +00:00
Samyak Jain
8dd3b37966 Fedora 42 Bodhi enablement and Beta freeze 
Signed-off-by: Samyak Jain <samyak.jn11@gmail.com>
 2025-02-18 14:59:13 +00:00
Aurélien Bompard
2577b8fea6
Amend 7bc0f837 (rebase FMN to python 3.12 to get a newer nodejs) 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-02-18 15:35:08 +01:00
Aurélien Bompard
7bc0f83735
Rebase FMN on python 3.12 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-02-18 14:57:34 +01:00
Kevin Fenzi
401d40c098 compose-x86-riscv: adjust some nfs client logic 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-02-17 16:01:55 -08:00
Kevin Fenzi
3a2574b495 releng-compose: no ftp mount on compose-x86-riscv01 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-02-17 14:52:38 -08:00
Kevin Fenzi
4b0331e576 compose-x86-riscv01: set secondary koji instance 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-02-17 14:35:02 -08:00
Kevin Fenzi
5aaff87f87 compose-x86-riscv01: fix name thinkos 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-02-17 14:17:13 -08:00
Kevin Fenzi
f0663ae52f compose-riscv01: add a secondary x86 compose host for riscv 
This vm will hopefully allow for composing images, repos, etc

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-02-17 13:56:23 -08:00
Kevin Fenzi
4dc4029ad7 koji_hub: enable mod_wsgi role in prod as well 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-02-17 13:19:55 -08:00
Kevin Fenzi
72cc6a829a koji-hub / staging: fix typos 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-02-17 13:04:45 -08:00
Kevin Fenzi
5c492b87a1 koji_hub / staging: try and include mod_wsgi role 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-02-17 13:02:31 -08:00
Kevin Fenzi
0a986e4f7e nagios / registry: check registry via the actual registry instead of the web page 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-02-17 12:19:30 -08:00