Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
34400 commits 9 branches 0 tags 111 MiB
Commit graph

34400 commits

This branch
This branch
All branches
Author SHA1 Message Date
Pavel Raiskup
a2d65ff508 Move devel servers to elastic IPs, too 2021-01-18 14:58:58 +01:00
Michal Konečný
010377f72e release-monitoring: wait till the db head is newest 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-01-18 11:51:28 +01:00
Kevin Fenzi
0741be6d2a pagure / pkgs: drop provenpackager excludes on firefox, thunderbird, xulrunner 
See https://pagure.io/fedora-infrastructure/issue/9557
Basically we don't need to block commits here anymore,
maintainers are confident they can prevent anything going out that
causes problems for the firefox name. Additionally, xulrunner was
retired a long time ago.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-15 13:40:45 -08:00
Kevin Fenzi
acd335509c proxies / redirects: if you use env_suffix in the sitename, you MUST use it in redirects too 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-15 12:11:25 -08:00
Kevin Fenzi
5927f7b321 distgit / hooks: only tweak perms on batcave hooks perms 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-15 11:39:26 -08:00
Kevin Fenzi
2977ebd42e proxies / websites: add qa.stg to serveraliases for qa 
Right now staging doesn't know it should be answering for
qa.stg.fedoraproject.org only qa.fedoraproject.org, so it needs to know
this to allow access to staging qa hosts.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-15 10:56:44 -08:00
Michal Konečný
3a9988b14a release-monitoring: Use the correct container name 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-01-15 17:39:39 +01:00
Michal Konečný
ceba6b06b9 release-monitoring: Wait for web deployment 
The migrations should be run when no pod is working with database.
This commit will let the other two pods wait till web service pod, which
is running the migrations starts.

Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-01-15 16:26:10 +00:00
Patrick Uiterwijk
f91c08bef3 robosignatory: re-enable file signing for rawhide 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2021-01-15 17:17:20 +01:00
Mark O'Brien
27a986ab85 koji: enable kojira run on boot in koji02 only 2021-01-15 16:08:52 +00:00
Michal Konečný
4ad5c162b6 release-monitoring: Remove debug information 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-01-15 14:46:02 +01:00
Michal Konečný
5ffa45dad0 release-monitoring: Fix comments in Dockerfile 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-01-15 14:32:01 +01:00
Michal Konečný
6b29d5b475 release-monitoring: Debug issue with Anitya on staging 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-01-15 14:20:44 +01:00
Patrick Uiterwijk
8e390f631f robosignatory: disable file-signing for now 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2021-01-14 21:22:02 +01:00
Kevin Fenzi
b7e247f78e letsencrypt: delegate the cli.ini file to certgetter01 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-14 11:26:52 -08:00
Kevin Fenzi
a38aac4cd3 certbot: add a cli.ini file with (commented out) ecdsa certs 
Once this becomes useful we should switch the letsencrypt certs we get.
Right now it's not, as the intermediate is the letsencrypt R3, which is
a rsa 2048 bit, so it doesn't help the FUTURE case. Someday they will
switch this to use the X1 cert which will be ECC and it will be useful
to switch.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-14 11:21:32 -08:00
Kevin Fenzi
71c3f3fd4d proxies / websites: Some websites need to also be defined in stg 
We need some websites that we get both prod/stg certs for to exist in
stg so the letsencrypt challenge works.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-14 10:37:20 -08:00
Patrick Uiterwijk
2ad7472720 robosignatory: Enable file signing for Rawhide 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2021-01-14 17:47:04 +01:00
Matěj Grabovský
db96e95ded abrt: Update list of Fedora versions for retrace-server 2021-01-14 14:36:26 +01:00
Matěj Grabovský
3d0eb2f6db abrt: Move retrace user home out of system volume 
Change retrace user's home directory to /srv/retrace/home.
 2021-01-14 14:36:26 +01:00
Matěj Grabovský
bb53148eed abrt: Add job to clean up unused Podman data 2021-01-14 14:36:25 +01:00
Pierre-Yves Chibon
b0fc7a8200 distgit/pagure: show 7 characters when showing the short hash of commits 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-14 13:34:09 +01:00
Pierre-Yves Chibon
66317f37fd zodbot-announce-commits: announce commits on the main branch, not master anymore 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-13 11:03:42 +01:00
Pierre-Yves Chibon
a0c13e6f37 distgit-bugzilla-sync: drop the role related to this project 
The functionality is now in a toddler rather than a separate project

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-13 10:56:53 +01:00
Pierre-Yves Chibon
4a1458e713 toddlers: move the email_overrides template from the distgit-bz-sync project to toddlers itself 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-13 10:56:20 +01:00
Pierre-Yves Chibon
e8e25afce5 pagure: fix the path to the new location of the intermediate cert 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-13 10:06:45 +01:00
Pierre-Yves Chibon
28b6952d36 toddlers: drop a configuration key that is not used anywhere in the code 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-13 09:53:34 +01:00
Pierre-Yves Chibon
768496ff45 toddlers: fix the url to the email_overrides file now that we no longer have a master branch 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-13 09:47:53 +01:00
Pierre-Yves Chibon
71b7848911 toddlers: Build toddlers from the production branch again 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-13 09:37:33 +01:00
Adam Williamson
bb513f59d9 Add new greenwave policy for critical path updates 
This adds a new Greenwave policy requiring all openQA update
tests to pass for an update to be pushed to testing or stable.
It's intended to be queried by Bodhi only for critical path
updates (as openQA does not test non-critpath updates ATM).

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2021-01-13 00:23:16 +00:00
Kevin Fenzi
e66773cd31 playbooks / retrace: fix missing quote 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-12 16:16:41 -08:00
Pierre-Yves Chibon
0f79ff17ec test commit - final mirror testing 2021-01-12 21:32:09 +01:00
Kevin Fenzi
8588cbc3c6 yet another whitespace change 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-12 12:27:31 -08:00
Kevin Fenzi
9f87c10546 Revert "whitespace change to test syncing" 
This reverts commit d6aed4704e.
 2021-01-12 12:21:01 -08:00
Kevin Fenzi
d6aed4704e whitespace change to test syncing 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-12 12:19:38 -08:00
Kevin Fenzi
46964671a9 Rename master.yml to main.yml 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-12 09:11:33 -08:00
Nils Philippsen
38d5a0d9a4 Configure HBAC rules for IPA clients 
- Install a cluster-wide rule allowing sysadmin-main members to do
  anything, anywhere
- Disable the cluster-wide default `allow_all` rule
- Add host-based rules to give certain groups shell access

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-01-12 17:06:39 +00:00
Nils Philippsen
0f892f559b Fix and improve IPA client enrollment 
- Ensure the `freeipa-client` package is installed
- Configure systems to create home directories on the fly
- Tag enrollment task

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-01-12 17:06:39 +00:00
Nils Philippsen
d530dfb078 Add missing ansible-freeipa package for CI 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-01-12 17:06:39 +00:00
Kevin Fenzi
59717b009d fedmsg / irc / fm-releng: only show pungi.status.change, not pungi.start/stop 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-11 16:47:56 -08:00
Mattia Verga
166ec42f7e bodhi: bugs in changelog should not be added to ELN updates 
Signed-off-by: Mattia Verga <mattia.verga@protonmail.com>
 2021-01-12 00:07:43 +00:00
Kevin Fenzi
e0f71dc6e2 fedmsg / irc / fm-releng: adjust to not show new repos requests 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-11 15:54:43 -08:00
Kevin Fenzi
70d84a4686 fedmsg / irc / #fedora-releng: try and rework fm-releng to be more picky 
In https://pagure.io/releng/issue/9778 we are asked to reduce noise in
this is confusing to me and likely I still got it wrong. ;)

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-11 14:22:39 -08:00
Kevin Fenzi
438375f518 registry / logrotate: replace the rsyslog file, not syslog 
We use rsyslog, the syslog file has no effect.
If we overrite rsyslog we get the effect we want (daily logrotate with
xz compression).

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-11 11:26:52 -08:00
Pavel Raiskup
affd5a1524 copr: backend: redirect backend.log to backend.log.gz when not found 2021-01-11 20:12:26 +01:00
Pavel Raiskup
a69f354186 copr: backend: fix non-existing *log.gz content-encoding header 
Fixes: https://pagure.io/copr/copr/issue/1176
 2021-01-11 19:51:50 +01:00
Pierre-Yves Chibon
3960dd182f distgit/pagure: make 'rawhide' be the default branch created when a repo is created 
This will only take effect once pagure 5.12+ is deployed

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-11 17:35:55 +01:00
Pavel Raiskup
c2f9f58813 copr-backend: unify dev/prod lighttpd configuration 
By syncing the devel instance with production (not vice versa).  The
exception is that I've dropped the trailing white-spaces in production
config.
 2021-01-10 21:37:15 +01:00
Kevin Fenzi
9ef275491c copr / base: update root fowrard 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-08 16:27:33 -08:00
Pierre-Yves Chibon
75c5d77699 test commit - sorry for the noise, still 2021-01-08 21:04:20 +01:00