Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
34400 commits 9 branches 0 tags 111 MiB
Commit graph

34400 commits

This branch
This branch
All branches
Author SHA1 Message Date
Pierre-Yves Chibon
6969128d11 pagure: give selinux a little more permissions 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-02 16:48:06 +01:00
Nils Philippsen
07b30b3990 ipa: Fix hostgroup/* HBAC rule descriptions 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-02 16:33:11 +01:00
Nils Philippsen
502b3d48b0 ipa: More ansible_fqdn -> inventory_hostname 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-02 16:33:07 +01:00
Nils Philippsen
16cf662b30 ipa/client: Use inventory_hostname instead of ansible_fqdn 
The latter is a fact determined from the client.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-02 16:19:25 +01:00
Nils Philippsen
c3c44e57fc Make OSBS cluster an IPA client 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-02 16:12:11 +01:00
Silvie Chlupova
95d81c153f copr: exec only php files 2021-02-02 15:01:34 +01:00
František Zatloukal
75eea7e3a1 oraculum: Change email definitions 2021-02-02 13:17:03 +01:00
František Zatloukal
63f04629f6 oraculum: Final tweaks 2021-02-02 12:33:10 +01:00
Mark O'Brien
ba7f738f78 batcave: allow new proxy35 ip 2021-02-02 10:43:58 +00:00
František Zatloukal
f787817bda oraculum: Scale up 2021-02-02 10:24:28 +01:00
František Zatloukal
674503e264 oraculum: Try different spacing in dc... 2021-02-02 10:07:46 +01:00
František Zatloukal
b84ccff720 oraculum: Deploy on prod 2021-02-02 09:57:33 +01:00
František Zatloukal
c974a652ee oraculum: Prepare some emailing stuff 2021-02-02 09:56:15 +01:00
Kevin Fenzi
21c84a7ca8 bugzilla2fedmsg / staging: enable ipa ssh/sudo here too 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-01 14:57:36 -08:00
Kevin Fenzi
d8adf3bc11 github2fedmsg / staging: add ipa/client 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-01 14:32:56 -08:00
Kevin Fenzi
3379c9134d ipa/client: do not pass server to ip-client-enroll, it should get them from dns 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-01 14:32:37 -08:00
Nils Philippsen
dbbf94a411 ipa/client: configure global shell access and sudo 
Almost global anyway, i.e. inside the VPN.

The ipa/client-based shell access and sudo rules are only effective for
staging right now, the respective playbook bits are masked out for prod.

- Assign Ansible host groups to IPA host groups, the latter don't care
  about 'stg' in the name and use dashes rather than underscores.
- Distill shell access groups from fas_client_groups in group and host
  vars.
- Let all `sysadmin-*` groups in the previous list run anything via sudo
  in the host group (except bastion & batcave).
- Remove `fas_client_groups` from staging host and group vars.
- Remove sudoers from staging host and group vars if only `sysadmin-*`
  groups have shell access.
- Set up `ipa_client_shell_groups` on bastion to be a super set of the
  same on batcave.

Newly created IPA host groups:
- autosign
- badges
- basset
- bastion
- batcave
- blockerbugs
- bodhi
- bugzilla2fedmsg
- busgateway
- datagrepper
- dbserver
- dns
- fedimg
- github2fedmsg
- ipa
- kernel-qa
- kerneltest
- kojibuilder
- kojihub
- kojipkgs
- logging
- mailman
- memcached
- mirrormanager
- nagios
- notifs
- oci-registry
- odcs
- openqa
- openqa-workers
- osbs
- packages
- pdc-web
- pkgs
- proxies
- rabbitmq
- releng-compose
- resultsdb
- secondary
- sign-bridge
- sundries
- value
- wiki

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-01 22:23:41 +00:00
Nils Philippsen
491514e8ba ipa/client: leave out unset host group description 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-01 22:23:41 +00:00
Nils Philippsen
c994c4e5cd Create badges, badges_stg groups 
This is to have unified IPA client configuration for badges hosts.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-01 22:23:41 +00:00
Nils Philippsen
54b72eba2c Remove obsolete Ansible group var files 
- buildaarch74, buildarm, buildarm_stg
- copr_front, copr_front_dev, copr_front_stg
- dhcp
- faf_stg
- fas, fas_stg
- fedocal, fedocal_stg
- lockbox
- mirrorlist2, mirrorlist2_stg
- nuancier, nuancier_stg
- postgresql_server
- resultsdb_iad_prod

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-01 22:23:41 +00:00
Nils Philippsen
d6cdeb7aea Consistency: releng_stg -> releng_compose_stg 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-01 22:23:41 +00:00
Nils Philippsen
ba3ed42158 koji_stg: Remove obsolete sudo special case 
User `mizdebsk` is a member of group `sysadmin-main` now.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-01 22:23:41 +00:00
Nils Philippsen
773e025939 bastion: Remove access for modularity-wg group 
We have `sysadmin-mbs` now which should cover all people needing access.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-01 22:23:41 +00:00
Mark O'Brien
326728414d update proxy35 hostvars 2021-02-01 22:07:12 +00:00
Stephen Smoogen
2ed114aafd add new duke ip address to the download groups 2021-02-01 14:07:13 -05:00
Jakub Kadlcik
c7bcb48be7 copr: make sure that swap is available for our builders 2021-02-01 16:46:39 +00:00
Pierre-Yves Chibon
a6ce5fa016 fedocal: enable header_scheme 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-01 17:27:27 +01:00
František Zatloukal
f5e11a6e62 oraculum: Drop annotations, not needed 2021-02-01 13:29:48 +01:00
František Zatloukal
f8e741cba8 oraculum: Try to disable cookies on the api 2021-02-01 12:55:49 +01:00
František Zatloukal
3bc8bef91d oraculum: Try to workaround some wird caching on the route 2021-02-01 12:46:05 +01:00
Rick Elrod
bc42ad76a3 fedora-web: point staging subdomain sites to a new staging branch 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2021-01-29 15:08:26 -06:00
Brendan Reilly
86b4680c28 Add handlers for restarting mbs poller and workers 2021-01-29 14:26:22 -05:00
Brendan Reilly
ad3cefb8a7 Add mbs_frontend boolean 2021-01-29 12:58:56 -05:00
Adam Saleh
8c97edf8f5 Another typo in dashboard definition for fedora_coreos 2021-01-29 17:49:47 +01:00
Adam Saleh
87f38db633 Another typo in dashboard definition for fedora_coreos 2021-01-29 17:46:05 +01:00
Adam Saleh
30b5e3a747 Another ~tTypo in dashboard definition for fedora_coreos 2021-01-29 17:41:39 +01:00
Adam Saleh
cf132e3a38 Typo in dashboard definition for fedora_coreos 2021-01-29 17:32:12 +01:00
František Zatloukal
ea675e0754 oraculum: Prepare playbooks for production deployment 2021-01-29 17:17:33 +01:00
Adam Saleh
2066bb5792 Typo in datasource definition for dashboard 2021-01-29 17:08:47 +01:00
Adam Saleh
71b6d299f4 Typo in the notifier file for dashboards 2021-01-29 17:03:22 +01:00
Adam Saleh
17ac196a29 Adding the forgotten notifier to dashboards. 2021-01-29 16:47:04 +01:00
Adam Saleh
e7e23666d0 Bump to version to trigger dashboar deployment. 2021-01-29 15:55:59 +01:00
Adam Saleh
c190356b0a Adding fedora_coreos_updates dashboard and the promscale datasource. 2021-01-29 15:45:57 +01:00
Pierre-Yves Chibon
fcf49bbc73 fedoca: define the OIDC_OPENID_REALM 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-29 14:25:08 +01:00
Pierre-Yves Chibon
68a5ab292f fedocal: specify the scopes when querying oidc 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-29 14:16:48 +01:00
Pierre-Yves Chibon
cfafe0b3cd fedocal: secret have a secretName 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-29 14:09:50 +01:00
Pierre-Yves Chibon
fecd7e4b86 fedocal: secrets are not configMap 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-29 14:07:58 +01:00
Pierre-Yves Chibon
c4da6515f9 fedocal: mount the fedora-messaging cert in the pod 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-29 14:06:26 +01:00
Pierre-Yves Chibon
d4998f2e25 fedoca: fix the configurations for the new url and secret location 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-29 14:03:03 +01:00
Pierre-Yves Chibon
065a4a60a9 fedocal: Mount the secrets when deploying 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-29 14:02:34 +01:00