Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
34400 commits 9 branches 0 tags 111 MiB
Commit graph

34400 commits

This branch
This branch
All branches
Author SHA1 Message Date
Pierre-Yves Chibon
d0f112f435 pagure: make ADMIN_GROUP be None, this works fine 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-17 16:01:17 +01:00
Miro Hrončok
5633044539 releng / ftbfs: Update partner-bugzilla tracker bug ID in staging 
Signed-off-by: Miro Hrončok <miro@hroncok.cz>
 2021-02-17 00:56:06 +01:00
Kevin Fenzi
95da94f986 net/client: re-add check for route, we need it for rdu 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-16 14:31:52 -08:00
Kevin Fenzi
47419b1bc8 nfs/client: clean up old phx2 stuff 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-16 14:22:15 -08:00
Kevin Fenzi
63c2188186 releng / ftbfs: Use partner-bugzilla in staging 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-16 14:02:42 -08:00
Miro Hrončok
8617fa3573 Send the FTBFS log to the releng-cron list 
Signed-off-by: Miro Hrončok <miro@hroncok.cz>
 2021-02-16 21:58:34 +00:00
Kevin Fenzi
81030d9a3d rabbitmq_cluster: move nagios perms into main playbook in one place 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-16 13:43:35 -08:00
Pierre-Yves Chibon
deee7e9b9f pagure: define ADMIN_GROUP to a group that do not exists 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-16 22:41:32 +01:00
Stephen Smoogen
abe96d97b2 define a br0_port0_mac so that system will function 2021-02-16 16:34:10 -05:00
Stephen Smoogen
da6d7eb9b5 remember to quote {{}} in host vars and such 2021-02-16 16:01:54 -05:00
Stephen Smoogen
14592fea39 Try to use the linux-system-roles in ansible for ips 2021-02-16 15:59:13 -05:00
Kevin Fenzi
e753bda034 rabbitmq_cluster: cookies are 0400 after restart, set them right here too 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-16 12:42:20 -08:00
Kevin Fenzi
c8a77c5574 rabbitmq_cluster / staging: actually delegate to the stg host when running in stg. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-16 12:40:49 -08:00
Kevin Fenzi
88905ed40f rabbitmq_cluster / stg: use right datacenter for federation 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-16 12:36:01 -08:00
Kevin Fenzi
77d44a7159 rabbitmq_cluster / apps: no need to make gitlab-centos user as the queue role does that 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-16 12:16:06 -08:00
Pierre-Yves Chibon
9ce8e6eac3 pagure: explicitely undefine the ADMIN_GROUP variable 
Otherwise it goes back to using sysadmin-main which is the default
value, while here we want to rely on a list of users, not a group.

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-16 20:12:38 +01:00
Kevin Fenzi
c73f991e30 rabbitmq_cluster / osci / staging: adjust the queue names to match username 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-16 10:47:06 -08:00
Kevin Fenzi
3f5fe0434d rabbitmq_cluster / osci queues: have to make them start with username in stg 
This worked in prod, but in staging the queue isn't starting with the
username because that has a .stg in it. So, we need to also have the
queue's have .stg in the name.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-16 10:37:22 -08:00
Stephen Smoogen
33049aae15 try adding in items for the other copr hardware 2021-02-16 13:29:04 -05:00
Stephen Smoogen
f52f1c774f add in the other copr systems into the hardware list 2021-02-16 13:29:04 -05:00
Stephen Smoogen
0fa7d3d45e Try to make the naming of rdu-cc systems more consistent. 2021-02-16 13:29:04 -05:00
Nils Philippsen
2e6819354f ipa/client: Don't trip over undefined group vars 
With set_facts, if an element of a list is undefined, the containing
fact variable becomes a string. Something Sirius Cybernetics Corporation
something something.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-16 19:20:29 +01:00
Nils Philippsen
c394c808e6 ipa/client: Deal better with unset IPA variables 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-16 15:37:12 +01:00
Nils Philippsen
109865606a ipa/client: Don't divulge secrets 
The `ipa_server_admin_passwords` contains the passwords of the admin
users of all IPA servers affected in a play. Don't loop over them
directly to avoid divulging them in the logs or on the console.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-16 14:19:04 +01:00
Nils Philippsen
5521d83040 ipa/client: Deal with hosts without IPA settings 
Don't attempt to loop over undefined variables. This can happen if the
relevant `ipa_*` variables aren't defined for any host in the play.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-16 14:16:40 +01:00
Kevin Fenzi
4fbe37e9e2 Disable no longer used/mirrored/needed openshift for rhel7 repo. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-15 15:25:26 -08:00
Pierre-Yves Chibon
b2b6bc8bcb distgit/pagure: make the short commit be 7 chars 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-15 14:59:27 +01:00
Michal Konečný
cb4ea556a9 the-new-hotness: Add time to log 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-02-15 12:50:47 +01:00
Michal Konečný
086ec5dabc release-monitoring: Add time to log 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-02-15 12:46:36 +01:00
Kevin Fenzi
681fa8550c koji_builder: ppc64le builders also dont want rngd 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-12 16:00:12 -08:00
Nils Philippsen
cd551a0f07 ipa/client: Split up shell access HBAC rule tasks 
Need to create the rule, then add members to it.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-12 18:26:05 +01:00
Nils Philippsen
193aefa78e ipa/client: Don't log IPA admin password 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-12 18:18:26 +01:00
Mark O'Brien
f1f7d6d929 updated osbs playbooks run in main.yml 2021-02-12 17:09:22 +00:00
Nils Philippsen
2bf34099e2 ipa/client: Fix ensuring hosts exist in groups 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-12 18:08:03 +01:00
Nils Philippsen
686768423e ipa/client: Build missing ipa_server_user_groups 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-12 17:52:39 +01:00
Stephen Coady
7ada76d200 Manage bastion email aliases using fasjson 2021-02-12 16:17:23 +00:00
Aurélien Bompard
2fde74e20f
Use the final centos accounts name 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-02-12 16:16:17 +01:00
Aurélien Bompard
3429a210b3
Fix the IPA uninstall script again 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-02-12 16:08:29 +01:00
Nils Philippsen
3d1c5218f7 ipa/client: Combine operations on the IPA server 
The reason for this is to avoid having to do the same or similar things
over and over again for each host in the play, especially since these
operations are delegated to the IPA server, i.e. had to run sequentially
host after host in order to avoid race conditions.

To achieve this, the IPA client related group variables are prepared in
suitable structures in `prepare-ipa-info.yml` and consumed by
`common.yml`, `hbac.yml` and `sudo.yml`, which do most operations in one
go per e.g. host group on the affected IPA server(s).

Additionally:
- Remove compat for legacy `fas_client_groups`, only check for its
  presence and warn.
- Remove the prepared but masked out task to manage password-less sudo
  access.
- Make yamllint a little happier on the changed files.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-12 14:25:25 +00:00
Mark O'Brien
fdcd55c176 add ipa/client role to the rest of the playbookd for staging 2021-02-12 14:22:40 +00:00
Mark O'Brien
4e33f7c5d7 remove trailing backslash 2021-02-12 14:22:40 +00:00
Mark O'Brien
5e3848ad7b add ipa client role to hosts with no fas in staging 2021-02-12 14:22:40 +00:00
Stephen Smoogen
68aa3227e1 Remove ip address 2021-02-12 08:28:34 -05:00
Aurélien Bompard
6252a33965
Fix multiple errors in the ipa uninstall playbook 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-02-12 13:51:18 +01:00
Stephen Smoogen
65f6438361 EMERGENCY BLOCK: 135.181.183.144 to people 2021-02-12 07:07:56 -05:00
Pierre-Yves Chibon
a32dabc92e nagios_client: install the pagure systemd checks on all pagure instances 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-12 12:37:26 +01:00
seddikalaouiismaili
890dd31cb0 script to monitor systemd units on pagure 2021-02-12 11:34:57 +00:00
Aurélien Bompard
aace9bb2cc
New certificate for IPA in staging 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-02-12 11:39:24 +01:00
Pierre-Yves Chibon
7868dcfa81 distgit/pagure: add a hotfix tag where we fix the /var/log/pagure folder 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-12 09:52:00 +01:00
Pierre-Yves Chibon
30336150a8 pagure: add another tag 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-12 09:52:00 +01:00