We had a patched version, but the patches have been merged upstream so
we should switch back to using the 'stock' kojira.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This is necessary because:
- The ipa/client role is pulled in if only one host is in the play which
uses it.
- The prepare-ipa-info tasks operate on all hosts in the play in order
to gather together operations on the IPA server which would otherwise
be (potentially, unnecessarily) repeated for many hosts in the play
and which have to be serialized to avoid race conditions when changing
data in IPA.
For now, we set `primary_auth_source` to `fas` for `all`, and to `ipa`
for the `staging` group. We can set this to `ipa` for individual host
groups in prod to enable this piece meal while we roll out the change.
Fixes: https://pagure.io/fedora-infrastructure/issue/9674
Signed-off-by: Nils Philippsen <nils@redhat.com>
1. iot.fedoraproject.org now points to getfedora.org/iot
2. The iot directory was removed from the old repo anyway
Signed-off-by: Ben Cotton <bcotton@fedoraproject.org>
We had a patched version, but the patches have been merged upstream so
we should switch back to using the 'stock' kojira.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This is necessary because:
- The ipa/client role is pulled in if only one host is in the play which
uses it.
- The prepare-ipa-info tasks operate on all hosts in the play in order
to gather together operations on the IPA server which would otherwise
be (potentially, unnecessarily) repeated for many hosts in the play
and which have to be serialized to avoid race conditions when changing
data in IPA.
For now, we set `primary_auth_source` to `fas` for `all`, and to `ipa`
for the `staging` group. We can set this to `ipa` for individual host
groups in prod to enable this piece meal while we roll out the change.
Fixes: https://pagure.io/fedora-infrastructure/issue/9674
Signed-off-by: Nils Philippsen <nils@redhat.com>
1. iot.fedoraproject.org now points to getfedora.org/iot
2. The iot directory was removed from the old repo anyway
Signed-off-by: Ben Cotton <bcotton@fedoraproject.org>
When allocating IP addresses, I used the reverse DNS file as the guide
for what had been allocated. This was in error because there were 3
servers already allocated in this space. This moves the ips to a new
space.
Found the reason that the definitions I had put were not
working. There were two different ones and i was looking at the wrong
one. Put the two tasks with the same logic so things should work no
matter which one is run.
For some reason the vmhost-x86-copr systems are not using the correct
main.cf even though we have told the variables which one to use. I am
trying a second method to try and force this, but will have to come up
with a different datacenter definition for these otherwise as I can't
figure out why the code is different.
This ACL turns out to be too confusing to users as it currently
does not work with our OIDC set-up with fedpkg.
Once we'll have figured out how to make both work together or
keep one and remove the other, we can revisit.
Keeping this in staging so we have a place where we can experiment
with this.
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
Found the reason that the definitions I had put were not
working. There were two different ones and i was looking at the wrong
one. Put the two tasks with the same logic so things should work no
matter which one is run.
For some reason the vmhost-x86-copr systems are not using the correct
main.cf even though we have told the variables which one to use. I am
trying a second method to try and force this, but will have to come up
with a different datacenter definition for these otherwise as I can't
figure out why the code is different.
First we add in a vmhost_copr playbook which is basically the regular
virthost but meant to limit things for copr admins via rbac.
Second we add in host and group variables which will use the ansible
module for setting up networks. This allows for bridging to work out
of the box and makes sure we know the mac addresses.
First we add in a vmhost_copr playbook which is basically the regular
virthost but meant to limit things for copr admins via rbac.
Second we add in host and group variables which will use the ansible
module for setting up networks. This allows for bridging to work out
of the box and makes sure we know the mac addresses.
