Was getting this error from zuul:
playbooks/openshift-apps/fedora-coreos-pipeline.yml
41:12 error too many spaces inside brackets (brackets)
41:26 error too many spaces inside brackets (brackets)
The PHX2 colocation has been turned off. This meant that some configs
which had been accidently working before due to referencing an ip
address there that no longer existed broke. The fix was to rewrite the
config so that it contained proper router ips and remove all mentions
of the PHX2 ip address.
Signed-off-by: Stephen Smoogen <ssmoogen@redhat.com>
This is a quick, hacked up script that just runs once per minute and
updates the ip addresses for the osbuild koji plugin. The script calls
systemd's resolvectl without cache and puts the ips in a ipset. The
koji_builder firewall has a added rule to check that ipset for outgoing
connections that are allowed.
TODO: add some kind of error checking
TODO: probibly won't work on s390x builders as they can't reach the host
even with open firewalls, but should work for others.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Don't overflow the log with DEBUG messages on production for toddlers. This is
fine on staging, but on production this should be on demand.
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
Since we split up stg and prod so they could have seperate ssl certs, we
need to also setup the reverseproxy for staging.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This is a hack to work around SPF screwing us for @fedoraproject.org
aliases. It only fixes email from @redhat.com, but due to bugzilla thats
a lot of email.
Without this:
bugzilla@redhat.com -> user@fedoraproject.org (expands) ->
user@gmail.com sent out directly to gmail and gets rejected because
we aren't in the redhat.com SPF record.
With this:
bugzilla@redhat.com -> user@fedoraproject.org (expands) ->
user@gmail.com but sent to mx2.redhat.com to deliver. Since
mx2.redhat.com definitely is in the redhat.com SPF record the email is
delivered fine and SPF checks pass.
This won't help for other domains with -all SPF records, but at least it
helps for all the redhat.com emails, of which there are a lot going to
fedoraproject.org aliases. :)
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This has caused them to pick up the iptables template for staging
instead of the one for their host group (koji_builder). There's no
reason to have staging as a datacenter for these, nothing checks it
besides the base iptables role hopefully.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
The cron jobs are causing the queue to just fill up and the messages can't be
currently processed so they are just being processed in loops.
Disable them for now, till at least some mailing server will be available on staging.
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
There was a placeholder for pagure user in scm_request_processor configuration.
Let's change this to correct user.
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
Problem: Fedora Infrastructure has used various DNS servers in
PHX2. Those no longer exist. This is causing breakage in DNS and many
other internal services.
Fix: Work with Red Hat IT
- to get new DNS servers which are infoblox devices.
- get firewall rules fixed to that
- update named.conf to have new ips
- remove old ips which no longer exist.
Signed-off-by: Stephen Smoogen <ssmoogen@redhat.com>
