Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
39721 commits 9 branches 0 tags 111 MiB
Commit graph

39721 commits

This branch
This branch
All branches
Author SHA1 Message Date
Kevin Fenzi
9d22463f7e zabbix / staging: enable ipa client here 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-20 11:24:27 -07:00
Kevin Fenzi
df1445a64b ipa / client: pass --no-sshd to client enroll 
In RHEL9, ipa-enroll-client by default adds a
/etc/ssh/sshd_config.d/04-ipa.conf file with some sshd configuration.
Almost all of these things are things we already set in our sshd_config,
but one of them causes sshd to enable password (and 2nd factor required)
auth. We don't want this, we only want to allow ssh keys.
So, pass --no-sshd to enrollment and that should prevent it from
messing with our sshd config.

I have also removed this file and reloaded sshd all around.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-20 10:52:17 -07:00
Kevin Fenzi
6f48779818 koji_builder: switch to 30s sleep time 
Right now builders are checking in every 20s, but that puts a lot of
load on the db server. Having them check in every 30s should ease that
some. Might increase it higher as well.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-20 09:31:39 -07:00
Kevin Fenzi
2d8fe00180 sundries / staging / budget: move this sync to every hour instead of every 5 minutes to avoid cron noise 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-20 09:30:47 -07:00
Kevin Fenzi
255b4d87bb With the release of Fedora 39 Beta yesterday, infrastructure freeze is now over. 
Our next freeze is for Fedora 39 final release, currently scheduled for 2023-10-03.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-20 09:15:08 -07:00
Michal Konecny
079a115f8f Disable ipa_initial on ipa03.stg 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-09-20 16:41:23 +02:00
Michal Konecny
8a6b5a7c65 [IPA-Server]Don't install pynag on RHEL9 
pynag is not available on rhel9 yet.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-09-20 15:56:10 +02:00
Michal Konecny
dd6b5b1546 Set new ipa host ipa_initial variable to 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-09-20 15:36:48 +02:00
Michal Konecny
ab4b99a9e3 Fix the typo in ipa_stg inventory 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-09-20 14:49:31 +02:00
Michal Konečný
9d4a47131d Add ipa03.stg to staging group in inventory 
Signed-off-by: Michal Konečný <michal.konecny@pacse.eu>
 2023-09-20 12:25:52 +00:00
Michal Konecny
2d088b91ca Add ipa03 host on staging 
This is a test host to deploy ipa on RHEL9.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-09-20 13:42:03 +02:00
Ryan Lerch
64a6c0b011 maubot: update logging config 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-09-20 13:59:22 +10:00
Pavel Raiskup
48aa4e43bc copr-frontend: better "ps aux" output 
It allows us to easily filter out all httpd processes in 'ps' or in
htop.
 2023-09-18 14:03:46 +02:00
Ryan Lerch
db612b10cd maubot: fix deps issue 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-09-18 15:02:56 +10:00
Ryan Lerch
d8a0460fe9 maubot: update deps 
remove fasjson client, as we only need httpx now, and add
meetbot-messages schemas

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-09-18 14:16:12 +10:00
Kevin Fenzi
11d2a789ba log01: bump queue size for splunk backlog 
I'm pushing this during freeze as it's required to avoid an outage of
our logs. For some reason we hit a large backlog and log01 rsyslog
stopped logging. Bumping this up seems to have fixed it.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-15 10:39:06 -07:00
Tomas Hrcka
751f0d0930 Fedora 39 Lift releng freeze 
Signed-off-by: Tomas Hrcka <thrcka@redhat.com>
 2023-09-15 18:04:44 +02:00
Pavel Raiskup
ee73c2b560 Revert "backend: don't update rpm macros for now" 
We already have Mock 5.1

This reverts commit ff74364720.
 2023-09-15 14:48:47 +02:00
Kevin Fenzi
409175225a builders / staging: add staging builders in the osbuild channel to osbuild group 
We need these builders in staging to also be in the osbuild group so
they get the iptables rule to allow them to talk to osbuild api.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-14 12:32:46 -07:00
Ryan Lerch
4091c81b00 maubot: add httpx_gssapi to the container build 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-09-14 21:34:46 +10:00
Ryan Lerch
eaca987e01 maubot: actually run the plays on os_control 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-09-13 11:47:01 +10:00
Ryan Lerch
802a66f7a7 maubot: actually make the db in prod 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-09-13 11:39:25 +10:00
Kevin Fenzi
5107ba9482 waiverdb: try and adjust scopes for staging as a test 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-12 15:43:23 -07:00
Ryan Lerch
b0b87b42a9 maubot: prepare for prod creation 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-09-13 08:35:45 +10:00
Francois Andrieu
e9880dd50e
coreos-ci: add SETFCAP capability instead of CAP_SETFCAP in SCC 
This is to prevent a Pod Security Violation as CAP_SETFCAP is not allowed
with the baseline policy (but SETFCAP is).
 2023-09-12 23:52:20 +02:00
Ryan Lerch
8ebe8332ff mote: use proper mount location for logs on staging worker 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-09-12 13:45:55 +10:00
Ryan Lerch
23caf0e82c mote: cert stuff figured out back to using the right config 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-09-12 13:35:49 +10:00
Ryan Lerch
2f8f056194 mote: try to troubleshoot missing certs 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-09-12 13:13:57 +10:00
Ryan Lerch
48b46e5aab mote: use builtin certs for fedoramessaging 
since we are only consuming

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-09-12 13:07:55 +10:00
Ryan Lerch
b7291b0199 mote: name the fedora messaging config config.toml 2nd try 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-09-12 12:57:44 +10:00
Ryan Lerch
64bb7802e5 mote: name the fedora messaging config config.toml 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-09-12 12:51:53 +10:00
Ryan Lerch
60b61b6719 mote: install the fedmsg configmap on staging 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-09-12 12:34:36 +10:00
Ryan Lerch
85922e040b mote: enable fedora messaging consuming for staging 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-09-12 12:08:49 +10:00
Kevin Fenzi
d6bfc86fba sign-vault01.stg: try setting staging datacenter directly here 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-11 14:27:42 -07:00
Kevin Fenzi
3f40f8086d sign-vault01.stg: drop datacenter here to use the staging variable 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-11 14:24:08 -07:00
Kevin Fenzi
e3d54b6cf1 sign-vault01.stg: definitely not external 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-11 14:18:32 -07:00
Kevin Fenzi
778ab691a3 sign-bridge01/sign-vault01 / staging: move to rhel9 
Moving these to rhel9 to test new sigul.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-11 13:55:44 -07:00
Kevin Fenzi
a6d8faa041 Fix missing commas 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-11 11:57:24 -07:00
Kevin Fenzi
990839dc78 fix typo 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-11 11:56:10 -07:00
Kevin Fenzi
dc7c5f824b value: mount nfs in staging for value02 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-11 11:54:25 -07:00
Pavel Raiskup
ff74364720 backend: don't update rpm macros for now 
This updates us to systemd-rpm-macros-253.9-1.fc38.noarch, which brings
too now systemd-nspawn.

Relates: https://github.com/fedora-copr/copr/issues/2906
 2023-09-11 15:57:52 +02:00
Ryan Lerch
6ff22c7f9b maubot: add fedoramessaging cert secrets volumes 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-09-11 19:42:18 +10:00
Ryan Lerch
ecdf86aecc maubot: actually add the config.toml 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-09-11 13:54:36 +10:00
Ryan Lerch
21a0370365 maubot: configure fedora messaging 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-09-11 13:53:02 +10:00
Ryan Lerch
42de862098 maubot: remove junk from bottom of file 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-09-11 13:28:19 +10:00
Ryan Lerch
a7b92e1a7b maubot: actually use the rabbit role properly 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-09-11 13:24:52 +10:00
Ryan Lerch
97903eaffb maubot: configure fedora-messaging 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-09-11 13:21:17 +10:00
Pavel Raiskup
fdb5bc033e nagios_server: add Jiří Kyjovský as a point of contact 2023-09-08 08:08:03 +02:00
Ryan Lerch
d444b7c8ac maubot: add delete action to maubot playbook 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-09-08 11:50:54 +10:00
Ryan Lerch
7fea0f4fc3 maubot: use real database 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-09-08 11:38:27 +10:00