Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
27375 commits 9 branches 0 tags 111 MiB
Commit graph

27375 commits

This branch
This branch
All branches
Author SHA1 Message Date
Randy Barlow
a3076d40a0 bodhi: Upgrade production to 4.0.1-1.fc29.infra 
Signed-off-by: Randy Barlow <randy@electronsweatshop.com>
 2019-05-29 21:07:13 +00:00
Randy Barlow
0781e21ebd bodhi: Update staging to 4.0.1-1.fc29.infra 
Signed-off-by: Randy Barlow <randy@electronsweatshop.com>
 2019-05-29 20:36:35 +00:00
Rick Elrod
50279dac19 add a more general s3 sync script that takes a path from /pub/ and attempts to sync it 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2019-05-29 19:03:44 +00:00
Patrick Uiterwijk
66cda5eb15 Make it possible to disallow any internal communications 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 20:33:11 +02:00
Adam Williamson
f4156c3db7 rsyslog-audit policy: also allow 'open' 
Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2019-05-29 10:21:10 -07:00
Adam Williamson
ca0b1da17d Use Python 3 interpreter for ansible on openQA stg boxes 
They are now F30.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2019-05-29 10:10:36 -07:00
Adam Williamson
3eb406ccdb Update rsyslog-audit custom SELinux policy to allow dir reads 
This now seems to be necessary. This is the cause of the flood
of SELinux denials on F29+ hosts with the rsyslog stuff.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2019-05-29 09:49:03 -07:00
Stephen Smoogen
8611ab80ed put in proper checks like we have for other domains 2019-05-29 15:57:26 +00:00
Patrick Uiterwijk
9c8c6a8e3c Fix totpcgi-vpn name 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 17:12:32 +02:00
Patrick Uiterwijk
3792988ca2 Fix pod selectors 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 17:10:57 +02:00
Patrick Uiterwijk
932f98fed5 Add totpcgi-vpn service 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 17:06:03 +02:00
Patrick Uiterwijk
29bfd4c6ed Fix totpcgi TLS path 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 17:06:03 +02:00
Patrick Uiterwijk
d6fc29f6f2 Add dc object 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2019-05-29 15:04:06 +00:00
Patrick Uiterwijk
7292879a88 Add dc for totpcgi-vpn 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 17:03:51 +02:00
Stephen Smoogen
1be05a2039 put in header checks postmap and restart 2019-05-29 14:59:43 +00:00
Patrick Uiterwijk
e65ed43d82 Remove extra endif 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2019-05-29 14:58:55 +00:00
Patrick Uiterwijk
5690551a35 Add vpn configmap 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 16:57:00 +02:00
Stephen Smoogen
22fe4ad0a2 [postfix] and a file to put in drops. 2019-05-29 14:52:52 +00:00
Mikolaj Izdebski
76b7c06f89 Allow coreos-continuous users to untag secure-boot builds 
See https://pagure.io/releng/issue/8390
 2019-05-29 16:50:14 +02:00
Stephen Smoogen
77dcd8034f [postfix] change to header checks needs to be on both bastion and smtp-mm 2019-05-29 14:50:03 +00:00
Stephen Smoogen
0c6f35bf45 Allow postfix on gateway to do header checks 2019-05-29 14:37:23 +00:00
Kamil Páral
879a163936 taskotron: fix imagefactory-server cronjob typo 2019-05-29 16:35:13 +02:00
Kamil Páral
4234d8b3a8 taskotron: put imagefactory server cron jobs to /etc/cron.d/ 2019-05-29 16:32:31 +02:00
Patrick Uiterwijk
2b6e906b70 Add VPN vhost 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 16:31:49 +02:00
Patrick Uiterwijk
a1154c47c3 totp: For the VPN route, do not include phx2 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 16:27:41 +02:00
Kamil Páral
ddc1e9c7d2 taskotron: install imagefactory-client cron jobs into /etc/cron.d 2019-05-29 15:59:08 +02:00
Kamil Páral
076ce8ea28 taskotron: install grokmirror cron jobs into /etc/cron.d 2019-05-29 15:47:32 +02:00
Kamil Páral
5b5b898c26 taskotron-dev: add a missing cron file 
I forgot about it in my previous commit 987ba63be3.
 2019-05-29 15:34:34 +02:00
Kamil Páral
987ba63be3 taskotron-dev: try a better way to deploy cron files 2019-05-29 15:32:31 +02:00
Kamil Páral
c94ff57bab taskotron: use F30 on minions even in production 2019-05-29 14:56:51 +02:00
Kamil Páral
7f338804b2 taskotron: use F30 minions on stg 2019-05-29 13:27:31 +02:00
Patrick Uiterwijk
743e75249c tag2distrepo is now fully koji-based 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 10:58:27 +02:00
Patrick Uiterwijk
8dbaa4908d Remove fas CA from koji 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 10:55:50 +02:00
Patrick Uiterwijk
432205f3d9 Move tag2distrepo to python hub 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 10:50:10 +02:00
Kevin Fenzi
b68a3cf906 nagios / bodhi: change masher to composer 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-05-29 02:57:01 +00:00
Kevin Fenzi
b8b43be0cd bodhi/new-updates-sync: do not try and sync ppc64 for epel6/7 as we stopped composing that today with f28 eol. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-05-29 02:23:52 +00:00
Kevin Fenzi
8358a3f198 revert back to skip: true for these. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-05-29 02:20:50 +00:00
Mohan Boddu
18f412da29 F28 EOL - pkgdb status 
Signed-off-by: Mohan Boddu <mboddu@bhujji.com>
 2019-05-29 01:00:07 +00:00
Randy Barlow
2843dd8422 bodhi: Remove another nagios check. 
Signed-off-by: Randy Barlow <randy@electronsweatshop.com>
 2019-05-28 23:14:33 +00:00
Kevin Fenzi
0d1c6899bb bodhi updates variants: Drop ppc64 for epel6/7 for now, with retirement of fedora28 it's more difficult to support. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-05-28 21:22:28 +00:00
Kevin Fenzi
69ca7568f8 koji_builder: do not install the python2 osbs client, hopefully we don't need it anymore. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-05-28 21:15:27 +00:00
Kevin Fenzi
d863145e3f koji_builder: revert this for now until we can fix them all. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-05-28 21:11:01 +00:00
Kevin Fenzi
386d9a1d02 base/hosts: Clean up some depreciations. 
koji_builder/sudo: Clean up some more depreciations.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-05-28 20:47:54 +00:00
Kevin Fenzi
93e8e1225b buildvm_stg: Also set python3 for ansible. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-05-28 20:33:31 +00:00
Kevin Fenzi
2ac397004c buildvm-stg: move to f30 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-05-28 19:57:14 +00:00
Stephen Smoogen
85eae21119 try to make this work with EL8 2019-05-28 19:09:32 +00:00
Randy Barlow
b2a318e4ca bodhi: Remove a bunch of no-longer-needed when checks. 
Now that we only have bodhi-backend01, there are a lot of
unnecessary when conditions. This commit removes them.

Signed-off-by: Randy Barlow <randy@electronsweatshop.com>
 2019-05-28 18:43:07 +00:00
Randy Barlow
69f6757df0 bodhi: We do not want to restart messaging. 
We had some code to protect backend01 from restarting fedmsg-hub so
as not to interrupt running composes. Since we now only have
backend01 it just doesn't make sense to have a restart handler
anymore.

Signed-off-by: Randy Barlow <randy@electronsweatshop.com>
 2019-05-28 18:36:00 +00:00
Michal Konečný
4677611f60 the-new-hotness: Fix principal name 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2019-05-28 19:51:40 +02:00
Stephen Smoogen
95da782701 we had some entries for bodhi-backend03 which did not make sense to keep. remove them also 2019-05-28 17:23:38 +00:00