Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
39694 commits 9 branches 0 tags 111 MiB
Commit graph

39694 commits

This branch
This branch
All branches
Author SHA1 Message Date
Ryan Lerch
b414a3e238 maubot: try again to fix deployment config 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-08-16 14:55:57 +10:00
Ryan Lerch
f0e2da5ede maubot - more troubleshooting 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-08-16 14:42:25 +10:00
Ryan Lerch
619a8a5273 maubot: fix a few file/template confusions 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-08-16 14:25:32 +10:00
Ryan Lerch
5fb68747c9 Fix typo in maubot setup 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-08-16 14:21:10 +10:00
Ryan Lerch
f30dec9e63 maubot on staging openshift - first attempt 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2023-08-16 14:15:00 +10:00
Kevin Fenzi
590819397c blocklist: drop output for now until I can sort out why its outputting anything 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 18:18:51 -07:00
Kevin Fenzi
3200014f8f base / blocklist: use bool filter 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 16:15:44 -07:00
Kevin Fenzi
9bdfc98497 buildvm_s390x: not external 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 15:59:42 -07:00
Tomáš Hrčka
1e91c2c075 Update roles/openshift-apps/toddlers/templates/fedora-messaging.toml 2023-08-15 22:56:05 +00:00
Timothée Ravier
7fbe1323fc roles/pkgdb-proxy: Update Fedora 39 version & update_date 
Fixes: 2586c03c3f Branch Fedora 39 from Rawhide
 2023-08-15 22:49:23 +00:00
Kevin Fenzi
a57c71a170 base: tag blocklist 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 15:36:15 -07:00
Kevin Fenzi
0066f3cc68 proxies / fedmsg_monitoring: revert part of last config change 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 14:37:27 -07:00
Kevin Fenzi
1c0516c831 nagios_client: adjust fedmsg monitoring 
Copy the fixes from exceptions monitoring to backlog.
Fix the calls that were passing a trailing - which isn't needed anymore.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 14:25:56 -07:00
Andrew Heath
c5daa84f53 Have script check for fedmsg socket 2023-08-15 21:18:18 +00:00
Francois Andrieu
0ce267205f
host_reboot.yml: remove ntpdate 2023-08-15 21:58:19 +02:00
Kevin Fenzi
61e70e910f dns: servers are external 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 12:45:12 -07:00
Kevin Fenzi
623c0f45bd base / iptables: rework how this blocklist works 
Just rip out the parts here as they are no longer needed.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 12:41:54 -07:00
Kevin Fenzi
e524963387 iptables: fix conditional 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 12:23:08 -07:00
Kevin Fenzi
5936815f75 iptables / staging: more adjusting 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 12:18:21 -07:00
Kevin Fenzi
363af73e57 iptables / staging: fix the actual used template 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 12:11:22 -07:00
Kevin Fenzi
a14b081ab3 proxies / staging: set external as a host var 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 12:08:39 -07:00
Kevin Fenzi
6ada4829fa base / iptables: simplify conditional even more to perhaps actually work 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 12:05:59 -07:00
Kevin Fenzi
fcd3e67484 base / iptables: simplify conditional to perhaps actually work 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 12:02:49 -07:00
Kevin Fenzi
4fffa25daf proxies are external 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 11:49:04 -07:00
Kevin Fenzi
53d5299895 koji_builder: disable bootstrap images in mock for the time being 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-14 18:05:30 -07:00
Kevin Fenzi
5493dd255b flatpak / kojid plugin: use docker:// for registry 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-14 17:28:23 -07:00
Kevin Fenzi
94a5911577 vhost_reboot: update for newer syntax 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-14 14:10:26 -07:00
Owen W. Taylor
f3c44a3ca3 Enable koji-flatpak plugin for staging 
Just for staging for now:
 - enable 'podman-login' role for the buildvm group, so built Flatpaks
   can be pushed to the skopeo registry.
 - add the koji-flatpak hub plugin to koji_hub role
 - add the koji-flatpak builder plugin to the koji_builder role
   and configure it.

Signed-off-by: Owen W. Taylor <otaylor@fishsoup.net>
 2023-08-14 19:27:31 +00:00
Francois Andrieu
e264bc8cae
zabbix_server: fix saml setting + extract idp cert 2023-08-14 21:26:17 +02:00
Kevin Fenzi
8f6a5122ce download: update ip address for tier1 mirror 
See https://pagure.io/fedora-infrastructure/issue/11471

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-14 12:20:00 -07:00
Kevin Fenzi
a0581c2705 koji / staging_sync: bump ip a bunch to avoid conflicts in stg 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-14 12:19:38 -07:00
Francois Andrieu
9af1e4cdbd
zabbix_server: set https baseurl 2023-08-14 20:40:10 +02:00
Francois Andrieu
51baa7e1dd
zabbix_server: add tags to main.yml 2023-08-14 20:32:28 +02:00
Francois Andrieu
9f32846426
zabbix_server: install idp cert 2023-08-14 20:22:48 +02:00
Adam Williamson
8286b8f6c8 Port check_nagios_notifications.py to Python 3 
Saw from one of the emails this morning that this isn't running
because there's no python2 on whatever system it was trying to
run on. This ports it to Python 3 (thanks, 2to3) and cleans up
the formatting (thanks, black). I tested it with a random sample
file I found lying around the internet -
https://github.com/bahamas10/node-nagios-status-parser/blob/master/status.dat
and it seems to do what it's supposed to do.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2023-08-14 08:58:54 -07:00
Francois Andrieu
6af2bb2619
ipsilon: add zabbix stg sp 2023-08-14 16:50:39 +02:00
Michal Konecny
4c2dc64958 [Pagure] Disable OIDC on production for now 
Limiting the number of processes to 1 caused unexpected error on production
instance. For more info see https://pagure.io/fedora-infrastructure/issue/10372#comment-868823

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-08-14 12:30:45 +02:00
Michal Konecny
88f7258c7b [Pagure] Enable OIDC on production 
As OIDC authentication works without issue on staging let's enable it on
production as well.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-08-14 11:25:39 +02:00
Kevin Fenzi
2a442cf7a7 koji_builder: increase stats on oz 
Lets increase stats for oz and see if that decreases compose time a bit.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-13 10:56:35 -07:00
Kevin Fenzi
b1fc001c0f db-koji01.stg: move the rhel9 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-13 09:44:50 -07:00
Kevin Fenzi
04574ff01a koji sync / staging: no more armv7 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-11 13:47:46 -07:00
Kevin Fenzi
60d1c37970 releng: add rpm-ostree to branched/rawhide composers 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-11 08:19:46 -07:00
Francois Andrieu
03f57ae414 add btrfs role 2023-08-11 13:25:07 +00:00
Aurélien Bompard
44ce99733e Pagure: only use a single apache process 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2023-08-11 12:29:10 +00:00
Francois Andrieu
ce45b1775e
ocp: renew internal ingress certificates 2023-08-11 12:50:57 +02:00
Michal Konecny
a4ddf54509 [Pagure] Limit the httplib2 task by tags 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-08-11 12:04:09 +02:00
Aurélien Bompard
1e26cf9246 Some more fixes to get Pagure to work with OIDC on staging 
- patch the httplib2 library to avoid hardcoding TLSv1
- set the missing configuration variables in `pagure.cfg` (they have no
  defaults)
- set the password for the future production version of
  `client_secrets.json`

Also note that in the private ansible repo, the Pagure client
configuration in Ipsilon was fixed: the `token_endpoint_auth_method`
variable was set to `"client_secret_post"`.

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2023-08-11 11:39:03 +02:00
Michal Konecny
a05113b48d [Pagure] Fix the client_secrets.json 
The `env_suffix` variable doesn't work in case of pagure. So we need to do it
different way.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-08-11 11:36:38 +02:00
Adam Williamson
558e9a31fd Drop an obsolete bug note from greenwave playbook 
There's a comment in the issue linked here that says it was fixed
five years ago, so we probably don't need this comment any more?

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2023-08-10 09:14:13 +00:00
Adam Williamson
505e46f4dd greenwave: enable gating for new Rawhide (fedora-40) 
I think I have all tests passing for Rawhide updates again now,
so we can turn this on.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2023-08-09 16:25:46 -07:00