Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
39694 commits 9 branches 0 tags 111 MiB
Commit graph

39694 commits

This branch
This branch
All branches
Author SHA1 Message Date
Kevin Fenzi
20f56c51fe inventory: also comment those hosts in cloud inventory 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-21 15:42:39 -07:00
Kevin Fenzi
bdb8ecadd0 inventory: disable some dev copr instances for now until they are ready to be deployed 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-21 15:09:19 -07:00
Kevin Fenzi
d8cfd2c93b virthost: drop some no longer used host groups 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-21 14:08:21 -07:00
Kevin Fenzi
f0e6442a27 noc: drop bodhi nagios alert group 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-21 14:01:18 -07:00
Kevin Fenzi
2bb693daa1 noc: drop mod_wsgi for now it may no longer be needed 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-21 13:41:06 -07:00
Francois Andrieu
ccd49cdcdd
languages: update scripts parameters 2023-09-21 22:29:02 +02:00
Kevin Fenzi
d55ae6a8fa noc02: fix network variables to new style 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-21 13:13:32 -07:00
Kevin Fenzi
baf6dbc0b0 noc02: move to rhel9 and ibiblio02 
This is a rhel7 instance, move it to rhel9.
Also, ibiblio01 is old and going away, so move it to 02.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-21 13:10:46 -07:00
Pedro Moura
4b039f6d46 Add membership-map files to remove from mirrormanager 
Signed-off-by: Pedro Moura <pmoura@redhat.com>
 2023-09-21 18:08:03 +00:00
Pedro Moura
b3a5e9de30 Add task to remove files from membership-map 
Signed-off-by: Pedro Moura <pmoura@redhat.com>
 2023-09-21 18:08:03 +00:00
Michal Konecny
17f02d725a [Pagure] Enable safe directories for production 
See https://pagure.io/fedora-infrastructure/issue/11330 for more details.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-09-21 17:19:38 +02:00
Aurélien Bompard
71a0ae8a5b
Activate Github webhook for Noggin 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2023-09-21 14:04:16 +02:00
David Kirwan
33293382fb
zabbix: change zabbix-agent service to restarted 
Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
 2023-09-21 10:48:17 +01:00
David Kirwan
afe4e0b224
zabbix: change zabbix_server service to state restarted 
Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
 2023-09-21 10:42:28 +01:00
David Kirwan
92bd0c9cd4
zabbix: modify startservices task to restart zabbix server 
Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
 2023-09-21 10:22:27 +01:00
David Kirwan
0920e7ae47
zabbix: Update db creation task to continue when db exists 
Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
 2023-09-21 08:33:42 +01:00
Kevin Fenzi
197d53a9ba aliases: add hetznercloud alias ( ticket 11518 ) 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-20 18:25:26 -07:00
Kevin Fenzi
ad7521f4b6 mirrors: update ip for rackspace mirror acl (ticket 11533) 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-20 18:11:59 -07:00
Ryan Lerch
a65b78ca06 maubot: add gid 2 as a supplemental group 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-09-21 08:37:16 +10:00
Adam Williamson
5f56b3a370 Give myself more fedorapeople quota 
I need to upload some ISOs...

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2023-09-20 14:49:49 -07:00
Ryan Lerch
302084a1f1 maubot: put logging config back to normal 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-09-21 06:45:12 +10:00
Kevin Fenzi
1c43429266 ipa / client: just remove the sshd override file 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-20 12:10:32 -07:00
Kevin Fenzi
308ff1a8ce Revert "ipa / client: pass --no-sshd to client enroll" 
This reverts commit df1445a64b.

Turns out we do have to enable sshd on client enroll because it passes
'ssh' to services in sssd.conf, which we need to get ssh keys for users.
:( Instead will try another approach.
 2023-09-20 12:07:06 -07:00
Kevin Fenzi
9d22463f7e zabbix / staging: enable ipa client here 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-20 11:24:27 -07:00
Kevin Fenzi
df1445a64b ipa / client: pass --no-sshd to client enroll 
In RHEL9, ipa-enroll-client by default adds a
/etc/ssh/sshd_config.d/04-ipa.conf file with some sshd configuration.
Almost all of these things are things we already set in our sshd_config,
but one of them causes sshd to enable password (and 2nd factor required)
auth. We don't want this, we only want to allow ssh keys.
So, pass --no-sshd to enrollment and that should prevent it from
messing with our sshd config.

I have also removed this file and reloaded sshd all around.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-20 10:52:17 -07:00
Kevin Fenzi
6f48779818 koji_builder: switch to 30s sleep time 
Right now builders are checking in every 20s, but that puts a lot of
load on the db server. Having them check in every 30s should ease that
some. Might increase it higher as well.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-20 09:31:39 -07:00
Kevin Fenzi
2d8fe00180 sundries / staging / budget: move this sync to every hour instead of every 5 minutes to avoid cron noise 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-20 09:30:47 -07:00
Kevin Fenzi
255b4d87bb With the release of Fedora 39 Beta yesterday, infrastructure freeze is now over. 
Our next freeze is for Fedora 39 final release, currently scheduled for 2023-10-03.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-20 09:15:08 -07:00
Michal Konecny
079a115f8f Disable ipa_initial on ipa03.stg 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-09-20 16:41:23 +02:00
Michal Konecny
8a6b5a7c65 [IPA-Server]Don't install pynag on RHEL9 
pynag is not available on rhel9 yet.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-09-20 15:56:10 +02:00
Michal Konecny
dd6b5b1546 Set new ipa host ipa_initial variable to 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-09-20 15:36:48 +02:00
Michal Konecny
ab4b99a9e3 Fix the typo in ipa_stg inventory 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-09-20 14:49:31 +02:00
Michal Konečný
9d4a47131d Add ipa03.stg to staging group in inventory 
Signed-off-by: Michal Konečný <michal.konecny@pacse.eu>
 2023-09-20 12:25:52 +00:00
Michal Konecny
2d088b91ca Add ipa03 host on staging 
This is a test host to deploy ipa on RHEL9.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-09-20 13:42:03 +02:00
Ryan Lerch
64a6c0b011 maubot: update logging config 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-09-20 13:59:22 +10:00
Pavel Raiskup
48aa4e43bc copr-frontend: better "ps aux" output 
It allows us to easily filter out all httpd processes in 'ps' or in
htop.
 2023-09-18 14:03:46 +02:00
Ryan Lerch
db612b10cd maubot: fix deps issue 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-09-18 15:02:56 +10:00
Ryan Lerch
d8a0460fe9 maubot: update deps 
remove fasjson client, as we only need httpx now, and add
meetbot-messages schemas

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-09-18 14:16:12 +10:00
Kevin Fenzi
11d2a789ba log01: bump queue size for splunk backlog 
I'm pushing this during freeze as it's required to avoid an outage of
our logs. For some reason we hit a large backlog and log01 rsyslog
stopped logging. Bumping this up seems to have fixed it.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-15 10:39:06 -07:00
Tomas Hrcka
751f0d0930 Fedora 39 Lift releng freeze 
Signed-off-by: Tomas Hrcka <thrcka@redhat.com>
 2023-09-15 18:04:44 +02:00
Pavel Raiskup
ee73c2b560 Revert "backend: don't update rpm macros for now" 
We already have Mock 5.1

This reverts commit ff74364720.
 2023-09-15 14:48:47 +02:00
Kevin Fenzi
409175225a builders / staging: add staging builders in the osbuild channel to osbuild group 
We need these builders in staging to also be in the osbuild group so
they get the iptables rule to allow them to talk to osbuild api.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-14 12:32:46 -07:00
Ryan Lerch
4091c81b00 maubot: add httpx_gssapi to the container build 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-09-14 21:34:46 +10:00
Ryan Lerch
eaca987e01 maubot: actually run the plays on os_control 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-09-13 11:47:01 +10:00
Ryan Lerch
802a66f7a7 maubot: actually make the db in prod 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-09-13 11:39:25 +10:00
Kevin Fenzi
5107ba9482 waiverdb: try and adjust scopes for staging as a test 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-12 15:43:23 -07:00
Ryan Lerch
b0b87b42a9 maubot: prepare for prod creation 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-09-13 08:35:45 +10:00
Francois Andrieu
e9880dd50e
coreos-ci: add SETFCAP capability instead of CAP_SETFCAP in SCC 
This is to prevent a Pod Security Violation as CAP_SETFCAP is not allowed
with the baseline policy (but SETFCAP is).
 2023-09-12 23:52:20 +02:00
Ryan Lerch
8ebe8332ff mote: use proper mount location for logs on staging worker 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-09-12 13:45:55 +10:00
Ryan Lerch
23caf0e82c mote: cert stuff figured out back to using the right config 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-09-12 13:35:49 +10:00