Commit graph

43050 commits

Author SHA1 Message Date
Kevin Fenzi
5be96729ca builders/builders_stg: not external
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2025-04-28 11:26:03 -07:00
Kevin Fenzi
fb2a8a82d6 releng-compose: add troubleshoot group for non sudo access to debug ostree issue with kinoite
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2025-04-28 11:03:08 -07:00
Pavel Raiskup
43b8ee52d8 copr-hypervisor: try to go back with iptables
VMs fail to boot for some reason, and per recent #copr Matrix discussion
this might be the thing.
2025-04-28 18:51:38 +02:00
Jiri Kyjovsky
e07d13ee4e copr: virtlogd rotate logs for hypervisors
Configure virtlogd to rotate logs older than 30 days. The default config
does not delete anything since we log to a lot of small files which are
ignored by the max size to rotate in default virtlogd config.
2025-04-28 18:10:12 +02:00
Lukas Brabec
9531326ca5 Testdays - use proper OIDC client secrets 2025-04-28 16:51:15 +02:00
Patrik Polakovič
bdc169d3c7 Add Fedora version variable to the playbook
Signed-off-by: Patrik Polakovič <patrik@alphamail.org>
2025-04-28 12:18:58 +02:00
Kevin Fenzi
3a9f0cbfbb Revert "proxies: re-enable koji endpoints"
This reverts commit 5a72566502.

The bots are back, close these endpoints. :(
2025-04-26 12:24:59 -07:00
Kevin Fenzi
baade64038 drop iad2 external boolean
I think this is not needed because we actually test for iad2 in
inventory_hostname and in fact it overrides the groups that set it to
true, making them all come up false. ;(

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2025-04-26 10:24:43 -07:00
Kevin Fenzi
8302ff44cd pagure: widen ai blockage
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2025-04-26 09:04:10 -07:00
Kevin Fenzi
bea41a6732 koji / staging sync: increase sequences to be higher than prod
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2025-04-25 09:15:08 -07:00
Kevin Fenzi
4da0ff7c4d koji / sync staging: drop removed warn arg
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2025-04-25 09:06:23 -07:00
Kevin Fenzi
ca12850f5a osuosl: drop br0 interface requirement
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2025-04-24 15:41:14 -07:00
Pedro Moura
f5d43ceedc Remove tmpwatch temporarily
Signed-off-by: Pedro Moura <pmoura@redhat.com>
2025-04-24 22:32:35 +00:00
Noel Miller
5cc9bc15e8 change: add nomiller@redhat.com as an alias for podcast@fedoraproject.org
I have taken over as the new host of the fedora podcast. I need access to the podcast@fedoraproject.org email address.
2025-04-24 22:24:11 +00:00
d30cfdd2cf websites: disable fedoraproject sync on-demand 2025-04-24 22:19:30 +00:00
Kevin Fenzi
d3d07df333 torrent: try switching port range syntax to the nftables one
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2025-04-24 15:07:17 -07:00
James Antill
c063b94af3 Add nftables.bastion for smtp stuff.
Signed-off-by: James Antill <james@and.org>
2025-04-24 21:55:25 +00:00
Kevin Fenzi
a2d6cf7dd4 nftables / osuosl: fix interface for ssh connections
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2025-04-24 14:09:02 -07:00
Kevin Fenzi
7c670efbfe openqa: do not do the nftables switch on these until we have more time for testing
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2025-04-24 13:51:09 -07:00
Kevin Fenzi
4d4365cdf5 nftables: add defined check for nft_nat_rules and set it also [] by default
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2025-04-24 13:17:03 -07:00
James Antill
68cbd3dc2c Turn nftables on everywhere.
Signed-off-by: James Antill <james@and.org>
2025-04-24 20:05:03 +00:00
Kevin Fenzi
98c1a60c21 noc / dhcp: add rdu3 mgmt interfaces
For now, networking is going to just bridge dhcp from the new rdu3 mgmt
network over to our iad2 dhcp server. We will change this later after we
have bootstrapped up rdu3 some more.

This adds all our new x86 machines and 2 centos machines.

We still need to sort out the aarch64 machines (which need new cards)
and the power10 machines (still being racked).

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2025-04-24 12:08:45 -07:00
Greg Sutcliffe
0e60fc6eaf Zabbix-stg: bump collection to 3.3.0 and re-enable user 2025-04-24 17:29:01 +00:00
Kevin Fenzi
dc1b09121b ipsilon: use correct centos stg ipsilon host for hbac rule
This was using the wrong host and thus removing the correct one.
Fixing it to use the right host.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2025-04-24 09:26:09 -07:00
Michal Konecny
33c846b516 [ipsilon] Fix redirect URL for staging libravatar 2025-04-24 13:48:03 +02:00
Mikolaj Izdebski
8b1bdfff97 Koschei: relax probe timeouts
Extended the liveness/readiness probe timeouts to better handle
unexpected database slowdowns. This aims to reduce the frequency of
Pod crash loops by giving the system more time to recover before
Kubernetes restarts it.
2025-04-24 07:30:24 +02:00
Simon de Vlieger
9f15884401 koji: image-builder for staging
Enables the `image-builder` plugin from `koji-image-builder` in the
staging environment for both the koji hub, and the koji builder (kojid).

Signed-off-by: Simon de Vlieger <supakeen@redhat.com>
2025-04-23 23:53:51 +00:00
Pedro Moura
f62c14df02 Add f42-test
Signed-off-by: Pedro Moura <pmoura@redhat.com>
2025-04-23 15:56:18 -03:00
5f2d06c90c
forgejo: reorder ansible task execution
Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
2025-04-23 10:52:45 +01:00
Siteshwar Vashisht
321078b526 openscanhub: update to ami-0834e6713f8d31e04
Signed-off-by: Siteshwar Vashisht <svashisht@redhat.com>
2025-04-23 08:36:03 +00:00
Siteshwar Vashisht
c5093b2b26 openscanhub: add FedoraGroup tag to VMs
... spun up for workers.

Signed-off-by: Siteshwar Vashisht <svashisht@redhat.com>
2025-04-23 08:13:43 +00:00
Aurélien Bompard
9aca5b724a
RabbitMQ: deploy the new CA cert to prod too
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2025-04-23 09:49:54 +02:00
Adam Williamson
d1728cd3d1 cloud-image-uploader: update container image config for IoT changes
We finally merged https://pagure.io/fedora-iot/pungi-iot/pull-request/102
which changes the properties of the container images built in the
IoT compose. This should adjust to that and publish both the base
and IoT images, if we got it all right.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
2025-04-22 13:48:14 -07:00
Kevin Fenzi
5a72566502 proxies: re-enable koji endpoints
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2025-04-21 14:17:31 -07:00
Kevin Fenzi
c581b79099 robosignatory: fix stable f42 cosmic-atomic signing, which was missing
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2025-04-19 20:53:30 -07:00
Kevin Fenzi
d4f15818ef bodhi-backend: add variant for COSMIC-Atomic
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2025-04-19 18:59:55 -07:00
Justin Wheeler
4da64f2701 🔧 roles(fasjson): Add my RH email to foa alias, create jwheel alias
Two changes were made here:

* Explicitly add my Red Hat email address to all email addresses sent to
  the `foa@` email alias. My FAS email is not my Red Hat email, but
  there are some communications sent to this specific alias that I need
  to always go to my Red Hat email address. They are topics specifically
  about the work that I do at Red Hat.

* Create a new `jwheel@` personal email alias. This is the username I
  intend to claim after my name change, and it also matches my Red Hat
  email address (jwheel [at] redhat [dot] com). Gradually, I am going to
  work on moving email from `jww@` to `jwheel@`. If an option ever is
  available in the future to change FAS usernames, this is the changed
  name that I would choose.

Signed-off-by: Justin Wheeler <jwheel@redhat.com>
2025-04-19 18:35:08 +00:00
Kevin Fenzi
fc5425c07f koji_builder: add a iptables tag to the osbuildapi scripting
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2025-04-19 09:17:09 -07:00
Kevin Fenzi
96911acd1e releng-compose: move rawhide/branched composers to f42
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2025-04-19 09:16:24 -07:00
James Antill
84a8bb3a82 Move all production builders to nftables.
Signed-off-by: James Antill <james@and.org>
2025-04-18 20:20:01 +00:00
Patrik Polakovič
af73ccce72 Add Pungi filter for OpenH264 packages
Signed-off-by: Patrik Polakovič <patrik@alphamail.org>
2025-04-18 19:27:48 +00:00
Ryan Brue
b3c32cbc9c Fix incorrect ref in the cosmic-atomic pungi config
Signed-off-by: Ryan Brue <ryanbrue.dev@gmail.com>
2025-04-18 00:12:51 -05:00
James Antill
1b1da8f88f Move buildhw-a64-04.iad2 to nftables.
Signed-off-by: James Antill <james@and.org>
2025-04-17 16:32:19 -04:00
James Antill
49fe6d4ed2 Move buildhw-x86-04.iad2 to nftables.
Signed-off-by: James Antill <james@and.org>
2025-04-17 15:12:01 -04:00
b6486cfdcb
forgejo: update image
Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
2025-04-17 18:16:02 +01:00
Aurélien Bompard
b79d8199c6
Batcave: also copy the rabbitmq ca cert
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2025-04-17 18:16:23 +02:00
Michal Konecny
a76d88a1f6 [ipsilon] Add libravatar entry for staging
https://pagure.io/fedora-infrastructure/issue/12493
2025-04-17 15:57:44 +02:00
Michal Konecny
3a612a4230 [ipsilon] Add OIDC entry for testdays app
https://pagure.io/fedora-infrastructure/issue/12490
2025-04-17 13:34:21 +00:00
Aurélien Bompard
a19859a8f0
Tabs to spaces
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2025-04-17 13:15:15 +02:00
Aurélien Bompard
5d8631d7d5
Make debugging Bodhi in staging a little bit easier
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2025-04-17 13:11:26 +02:00