Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
34400 commits 9 branches 0 tags 111 MiB
Commit graph

34400 commits

This branch
This branch
All branches
Author SHA1 Message Date
Patrick Uiterwijk
c0a32daa34 proxies: add zezere 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2021-01-22 09:53:14 +01:00
Patrick Uiterwijk
46139df277 zezere: use netboot for probes 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2021-01-22 09:39:56 +01:00
Patrick Uiterwijk
de4e3bc238 robosignatory: Fix the KeyID for the f34 Fedora-Infra key 
Fixes: 309026d ("Branching F33 from rawhide")
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2021-01-22 08:21:05 +01:00
Kevin Fenzi
ca4d7dbf7c buildvm_armv7: drop mem down to just under 32gb 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-21 14:05:43 -08:00
Pavel Raiskup
619a163447 copr-be: configure lighttpd to respond on ipv6, too 2021-01-21 14:58:37 +01:00
Nils Philippsen
5c61babf95 ipa/client: Let everybody run the sudo command 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-01-21 13:09:14 +01:00
Nils Philippsen
30a1125298 Don't flag checking task as changed 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-01-21 13:08:44 +01:00
Nils Philippsen
4016aca36c MBS stg: lists should be lists 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-01-21 12:59:14 +01:00
Nils Philippsen
5d5cc85d3a MBS stg: Give relevant groups sudo access 
These groups are allowed to run any command as any user on MBS
frontend/backend hosts in staging.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-01-21 12:36:12 +01:00
Nils Philippsen
eb6cca1aec MBS stg: remove FAS compatible variable 
The ipa/client role prefers ipa_client_shell_groups over
fas_client_groups, the variable used by the fas_client role, which isn't
applied to MBA frontend/backend hosts in staging.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-01-21 12:35:26 +01:00
Nils Philippsen
295564bfbc ipa/client: add site-wide & host-based sudo rules 
This also uses HBAC to let all IPA accounts use the sudo command, so
what some user or group may use it for just has to be configured with
sudo rules in IPA.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-01-21 10:21:16 +00:00
Nils Philippsen
5cfd6bd10b ipa/client: Don't create groups 
Rather than creating groups (e.g. those configured for shell access) in
IPA, just verify they exist and fail otherwise.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-01-21 10:21:16 +00:00
Nils Philippsen
dd721909b7 ipa/client: Let sysadmin-main use all services 
It would be embarrassing to lock ourselves out.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-01-21 10:21:16 +00:00
Nils Philippsen
31edc2419f ipa/client: Separate cluster-wide & host tasks 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-01-21 10:21:16 +00:00
Silvie Chlupova
45c6b2d5a3 copr: letsencrypt configuration for copr-fe production instance 2021-01-21 08:50:21 +00:00
Pierre-Yves Chibon
8b0ec42622 pagure: send the logs to stderr instead of stdout 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-20 23:08:38 +01:00
Pierre-Yves Chibon
8850720c2e distgit/pagure: send the logs to stderr instead of stdout 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-20 23:08:04 +01:00
Kevin Fenzi
21ca5bebe9 db01: backup resultsdb 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-20 12:00:34 -08:00
Kevin Fenzi
723e97e5f3 resultsdb / staging: fix name from old phx2 resultsdb to new iad2 one 
In phx2 we had resultsdb-stg01.qa.fedoraproject.org, but now in iad2, we
have resultsdb01.stg.iad2.fedoraproject.org.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-20 11:29:59 -08:00
Michal Konečný
7814a8a649 release-monitoring: Lower the amount of error threshold 
The bug that caused to treat "No new version found" as error is now
fixed. So let's set the error threshold to reasonable amount to get rid
of projects that aren't working and are not mapped to anything.

Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-01-20 14:41:47 +01:00
Michal Konečný
52987bfa73 release-monitoring: Don't use cached layers 
The cached layers were root issue of having outdated anitya date,
because the step wasn't run again if there was no change in the
Dockerfile for the step, the cached version was used instead.

Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-01-20 13:39:01 +01:00
Michal Konečný
1c37cb6b1d release-monitoring: Debug Anitya installation during image build 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-01-20 13:07:58 +01:00
Michal Konečný
383b26eb4f release-monitoring: Let's check if we are really using outdated branch 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-01-20 12:57:20 +01:00
Michal Konečný
d7ac247f6b release-monitoring: Add listing of migrations to mid hook 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-01-20 11:10:52 +01:00
Michal Konečný
c304dace68 release-monitoring: Lower the timeouts 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-01-20 10:38:48 +01:00
Aurélien Bompard
95ca01284a
Use a template for ipsilon's sssd.conf instead of replacing lines 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-01-20 10:32:33 +01:00
Michal Konečný
0b0566f7ce release-monitoring: Check if db is on head before deployment 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-01-20 09:12:09 +00:00
Pavel Raiskup
e67c8aca2b copr-be: propagate updated images to production 2021-01-20 09:41:53 +01:00
Pavel Raiskup
e646904fcd copr-be: fix && comment-out the cleanup-vms-aws command 2021-01-19 17:33:32 +01:00
Pavel Raiskup
37c0246379 copr-be-dev: new images with updated swap 2021-01-19 16:03:37 +01:00
Pavel Raiskup
66451136c2 copr-be: provision: don't create SWAP when preparing image 
Only when the real builder is started.
 2021-01-19 15:37:18 +01:00
Pavel Raiskup
d4e1b2d5bc copr-be: increase the chroot tmpfs space on builders 
Mock allocated 75g before, and this started to be not enough for some
projects (tmpfs resides in ram + swap).  Increasing the size isn't a
huge deal for us since the major subset of builders is x86_64 and those
have pretty large (currently unused) swap disk size.  For aarch64 I had
to add a bit more storage to guarantee that the large tmpfs will fit
the swap (+17%).
 2021-01-19 14:58:47 +01:00
Mark O'Brien
9c7342d576 toddlers: comment out staging 2021-01-19 10:46:37 +00:00
Mark O'Brien
b6f8fa05d1 toddlers: give scoady access to run 2021-01-19 10:40:50 +00:00
Mark O'Brien
2edf7f7e91 toddlers: turn on fasjson in stg 2021-01-19 10:36:19 +00:00
Miroslav Suchý
4acfcae34e use python3-libselinux 2021-01-19 10:09:54 +01:00
Miroslav Suchý
afa5c85b2f there is no ntpdate for el8+:x - use chrony 2021-01-19 10:06:27 +01:00
Kevin Fenzi
0da9feb845 koji_hub / gc: do not prune signed copies from epel8-infra 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-18 17:15:27 -08:00
Kevin Fenzi
667d5aca4d fix typo in last commit 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-18 16:12:43 -08:00
Kevin Fenzi
1afc72d77f mbs / staging: sync fas and ipa ssh groups 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-18 16:08:49 -08:00
Kevin Fenzi
68ae773dc6 basessh: in stg setup sssd/ipa to handle ssh keys 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-18 15:51:28 -08:00
Kevin Fenzi
98d6571ea2 mbs: add ipa/client role 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-18 15:50:17 -08:00
Kevin Fenzi
80d9c53b90 mbs: add ipa_client_shell_group to allow for stg ssh access. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-18 15:39:42 -08:00
Kevin Fenzi
ad507411e2 virthost: drop some old stuff we no longer need 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-18 15:34:48 -08:00
Kevin Fenzi
74b513df72 Add seperate kickstart for arm 32 bit builders due to lpae kernel 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-18 15:32:39 -08:00
Kevin Fenzi
babf36a356 buildvm / aarch64/armv7: simplify host vars, drop armv7 special tasks in create, set group vars for f33 on all arm buildvms 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-18 14:46:55 -08:00
Kevin Fenzi
b6415b23cb Revert "tasks / virt_instance_create: revert back to old armv7 setup in stg to test" 
This reverts commit 9277590da5.
 2021-01-18 12:16:18 -08:00
Adam Saleh
3009e09965 Added proxy uri for postgrest 2021-01-18 17:55:57 +01:00
Adam Saleh
6bd6e7ca11 Added postgrest to monitor-dashboard 2021-01-18 17:14:58 +01:00
Aurélien Bompard
b60912e888
The IPA HBAC rule for sysadmin-main should apply on all hosts 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-01-18 15:52:00 +01:00