infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions
30670 commits 9 branches 0 tags 110 MiB
Commit graph

30670 commits

This branch
This branch
All branches
Author SHA1 Message Date
Pierre-Yves Chibon
05bf5b13e6 pagure: add some more tags to the role 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:29 +02:00
Pierre-Yves Chibon
df6d354e7e pagure: add missing tags when running letsencrypt 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:29 +02:00
Pierre-Yves Chibon
49f80ac4e3 pagure: do not enable run pagure/fedmsg in staging and don't poke fedmsg-relay 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:29 +02:00
Pierre-Yves Chibon
ad57497df3 pagure: do not try to install certs that have expired and have been moved 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:29 +02:00
Pierre-Yves Chibon
7d67519116 pagure: move installing the SSL certs earlier in the process 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:29 +02:00
Pierre-Yves Chibon
644da4f735 pagure: Adjust the useradd command for rhel8 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:29 +02:00
Pierre-Yves Chibon
a9950ebed8 pagure: adjust the name of the python3-pygment package to install in stg 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:29 +02:00
Jakub Kadlcik
98ff6e24b0 copr: update devel AWS builder images, pt2 2020-04-24 21:34:29 +02:00
Stephen Smoogen
d9ba19c0a1 Revert "update rhel8.repo to have the codeready for it" 
This reverts commit 082f503fb1bc9b2e9160949c3c30386bdf1cfb7c.
 2020-04-24 21:34:29 +02:00
Stephen Smoogen
03d54c9bcf Revert "too much stuff we use regularly on many hosts is in CRB. Make it enabled" 
This reverts commit f9793bbe57c11d2c6e24dfcd4d9d30cf2d53396b.
 2020-04-24 21:34:29 +02:00
Stephen Smoogen
d9f0821238 too much stuff we use regularly on many hosts is in CRB. Make it enabled 2020-04-24 21:34:29 +02:00
Stephen Smoogen
7e95bf93a4 update rhel8.repo to have the codeready for it 2020-04-24 21:34:29 +02:00
Pierre-Yves Chibon
b7d0fc9738 pagure: install the py3 packages in staging 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:29 +02:00
Pierre-Yves Chibon
7a1c986457 pagure: another attempt to include a role only in prod 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:29 +02:00
Pierre-Yves Chibon
a052e26fdd pagure: do not install fedmsg in staging 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:29 +02:00
Pierre-Yves Chibon
13ad0cea66 postgresql_server: do not install our current postgresql.conf on RHEL8 
Our postgresql.conf is from postgresql 9.2 while RHEL8 ships 10.x which
leads to postgresql no longer wanting to start (as seen on pagure-stg01).

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:29 +02:00
Pierre-Yves Chibon
e7673a2538 postgresql_server: adjust the name of the packages for RHEL8 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:29 +02:00
Jakub Kadlcik
27bb7e5ba6 copr: update devel AWS builder images 2020-04-24 21:34:29 +02:00
Pierre-Yves Chibon
56cf212d1f postgresql_server: there is no python2-psycopg on RHEL8, so use python3 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:29 +02:00
Stephen Smoogen
ea49504b53 pagure-stg: needs to have a netmask of 255.255.255.0 2020-04-24 21:34:29 +02:00
Pierre-Yves Chibon
c779310a28 pagure-stg: since it complains about the internal IP address, use the external one 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:29 +02:00
Pierre-Yves Chibon
0989bb3fd5 pagure: use the IP address rather than the domain name when pointing to the kickstart in pagure-stg 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:29 +02:00
Pierre-Yves Chibon
9acfe62519 pagure: make pagure-stg01 be a rhel8 host 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:29 +02:00
Stephen Smoogen
d6c6f6bc8d add sysadmin-analysis to bastion 2020-04-24 21:34:29 +02:00
Pierre-Yves Chibon
1f9cc799f1 Pagure: make stg.pagure run with python3 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:29 +02:00
Pavel Raiskup
8ef5223e26 copr-fe: more economical cleanup-unused-vms-from-redis 
Don't ask copr FE for build state when not necessary (namely when the
builder is in use less then half an hour).

Also document a bit.
 2020-04-24 21:34:29 +02:00
Pavel Raiskup
136f444247 copr-be: bugfix cleanup-unused-vms-from-redis 
Since can be empty for some reason, handle that case.
 2020-04-24 21:34:29 +02:00
Jan Kaluža
02f11348b9 ODCS: install packages needed to generate comps files. 2020-04-24 21:34:29 +02:00
Jan Kaluža
ad85a8a1e9 ODCS: Set general stg group_vars in 'odcs_stg'. 2020-04-24 21:34:29 +02:00
Kevin Fenzi
6a5f767bd2 Revert "totpcgi-prov: move the / alias above the non / one" 
This reverts commit 3d702704c322711cacfcfc22bc1842b7f0b91c74.
 2020-04-24 21:34:29 +02:00
Kevin Fenzi
1947105298 fas_client: also run more often on pkgs01.stg 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:29 +02:00
Kevin Fenzi
c8bdc3f2ca fas_client: fix template to correctly apply on pkgs02 and add people02 
The ansible_hostname variable is actually the short name of the host,
not the fqdn, so this conditional didn't match before. Switch it to use
startswith and also add people02 as thats the other host people try and
login to often after changing ssh keys.

With this, pkgs02 and people02 should hopefully update ssh keys from fas
every 15min and avoid manual sync requests to the team.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:29 +02:00
Jan Kaluža
6774bf6d2d ODCS: Fix odcs inventory syntax. 2020-04-24 21:34:29 +02:00
Jan Kaluža
b24ea9e7e9 ODCS: Create pungi cache file if it does not exists. 2020-04-24 21:34:29 +02:00
Jan Kaluža
f167b89b88 ODCS: Handle all Celery queues on staging backend so we can test all pungi configs there. 2020-04-24 21:34:29 +02:00
Jan Kaluža
000c46402c ODCS: Set the same allowed_clients for both prod and staging. 2020-04-24 21:34:29 +02:00
Luca BRUNO
f525efd90d coreos-cincinnati: deploy latest master (96b5e81) 2020-04-24 21:34:29 +02:00
Luca BRUNO
4c2d93b801 coreos-cincinnati: build latest master (96b5e81) 2020-04-24 21:34:29 +02:00
Pavel Raiskup
b0630225e5 copr-fe: meh, fixup redirect to fedorainfracloud 2020-04-24 21:34:29 +02:00
Jan Kaluža
4ddd100f98 ODCS: Add 'eln' raw_config compose and allow eln-sig group to run it. 2020-04-24 21:34:29 +02:00
Pavel Raiskup
b5df4690c1 copr-fe: don't remove apache's welcome.conf 
There's no need to, it's not reachable anyways, and it only keeps the
output from 'rpm -V httpd' larger.
 2020-04-24 21:34:29 +02:00
Pavel Raiskup
ea597943a3 copr-fe: drop 7200s request timeout 
This reverts commit 8d5761f6860a7b6cf794934254acf4b7355d3200.
 2020-04-24 21:34:29 +02:00
Pavel Raiskup
36809e0110 copr-fe: put back mistakenly removed wsgi alias 2020-04-24 21:34:29 +02:00
Pavel Raiskup
da7bcd1914 copr-fe: better wsgi process group assignment 
1. Create 'upload' process group, for specific - very long - upload
   requests (either API or over web-UI).
2. Add 'port80' process group which should serve only very lightweight
   requests.
3. Shorten generic API request to max 600s.
4. Document how the location matching works.
 2020-04-24 21:34:29 +02:00
Pavel Raiskup
286e1084b6 copr-fe: mark dropping of http config file as 'config' 2020-04-24 21:34:29 +02:00
Pavel Raiskup
7aa0039cae copr-fe: always execute aws_cloud tasks 
This is needed to fix playbook run with `-t config`.
 2020-04-24 21:34:29 +02:00
Pavel Raiskup
2036e377df copr-fe: style cleanup for coprs.conf 
- some documentation for things I think I know why we did them
- drop duplicated statements
- white-space lint
- dev: drop enforced redirect to https, we don't do that in production
  so it is weird to do that on stage (and Let's Encrypt doesn't insist
  on that rule anyways as I initially thought)
 2020-04-24 21:34:29 +02:00
Pavel Raiskup
be297ae16e copr-fe: consolidate coprs.conf and coprs_ssl.conf.j2 
I finally found a motivation to do this, after problems with reporting
https://github.com/GrahamDumpleton/mod_wsgi/issues/542

I noticed that we had duplicate VirtualHost for 443 after
d2ec98c7a2 so I dropped the duplication.
 2020-04-24 21:34:29 +02:00
Pavel Raiskup
877774c7ee copr-fe: setsebool httpd_execmem=no again 
We are on F31 nowadays.
 2020-04-24 21:34:29 +02:00
Pavel Raiskup
eff99c63a4 copr-fe: don't load wsgi explicitly 
It is implicitly loaded by conf.modules.d/10-wsgi-python3.conf
from python3-mod_wsgi package we depend on.
 2020-04-24 21:34:29 +02:00