infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions
26276 commits 9 branches 0 tags 110 MiB
Commit graph

26276 commits

This branch
This branch
All branches
Author SHA1 Message Date
Patrick Uiterwijk
0c7449ea1d Add sslciphers tags 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-08 21:41:17 +02:00
Patrick Uiterwijk
e007dad000 Enable TLSv1.3 and corresponding ciphers 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-08 21:35:27 +02:00
Kevin Fenzi
9f4bf69eae pagure / src.fp.o: Drop fedora-altarch, as it's not used. Add cvsadmin as we want them to have access to everything. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-08 19:26:32 +00:00
Patrick Uiterwijk
83f5127b50 inventory all: add note on sshd_keyhelper 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-08 19:40:58 +02:00
Patrick Uiterwijk
5080bfbee2 basessh: sandbox privsep is not supported on el6 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-08 19:13:21 +02:00
Patrick Uiterwijk
9b09d4d5d0 basessh: Fix EL6 detection logic 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-08 19:11:40 +02:00
Patrick Uiterwijk
27a21881d4 basessh: Make keyhelper explicit 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-08 18:56:03 +02:00
Patrick Uiterwijk
4f3c609815 basessh: Migrate sshd config to single template and strengthen ciphers 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-08 18:51:31 +02:00
Mikolaj Izdebski
1655385dfb koschei/backend: Fix refreshing of dist-git groups 2019-04-08 17:02:20 +02:00
Mikolaj Izdebski
913a8f8efa koji_hub: Fix syntax error in tag policy 2019-04-08 16:32:40 +02:00
Stephen Smoogen
d8a12827e1 [pagure/upgrade] Make it clear we stop ALL workers before the upgrade. Put in TODO for future work 2019-04-08 14:03:32 +00:00
Stephen Smoogen
4fd801d09d [pagure/upgrade] Make httpd stop explicite. 
I moved the httpd down from a pre task to where it is currently running
so that it will not break.

Signed-off-by: Stephen Smoogen <smooge@redhat.com>
 2019-04-08 13:37:51 +00:00
Stephen Smoogen
809f5758ec [pagure/upgrade] Put in basic comments to show when file was last confirmed ot work 2019-04-08 13:19:56 +00:00
Pierre-Yves Chibon
30f7f775b4 Have pagure log commits on all branches 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2019-04-08 12:24:27 +02:00
Kevin Fenzi
1416bd877e loopabull/releng-compost: Do not use state: latest in normal playbooks. 
It causes playbooks to depend on external factors and upgrade things when people don't expect it.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-06 23:57:46 +00:00
Kevin Fenzi
0e8d0b841c buildvm: include global variables before trying to setup yum repos as they use those vars now. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-06 22:10:08 +00:00
Kevin Fenzi
43c318a288 dnf-automatic: stdout seems to always be defined, even if empty. Switch to looking at the return code. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-06 21:56:33 +00:00
Kevin Fenzi
1d9890e102 certgetter: add apache role and make sure certbot is installed 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-06 21:36:05 +00:00
Kevin Fenzi
bedfc92290 epylog: weed out more things that we see all the time. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-06 16:53:36 +00:00
Kevin Fenzi
b9100fd1ac repospanner: Set hosts entry for fedora03 (repospanner01.phx) so it can talk to itself over lo instead of hairpin 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-06 16:30:00 +00:00
Kevin Fenzi
b6a8c7d5e5 base: only install policycoreutils-python-utils on f28+ 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-05 22:42:43 +00:00
Patrick Uiterwijk
1bb89a3799 Add aws-docs 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-05 22:21:15 +02:00
Stephen Smoogen
194b0058c6 remove retrace02 from inventory and files. Leave mgmt as it is still plugged in and may show up. 2019-04-05 19:19:58 +00:00
Patrick Uiterwijk
e4aed9c9f2 Delete object file from disk 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-05 21:07:38 +02:00
Patrick Uiterwijk
dc591da083 Add openshift/object-delete role 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-05 21:05:46 +02:00
Clement Verna
a557b6c166 Greenwave: Add a comment to explain why we use prod koji in stg 
Signed-off-by: Clement Verna <cverna@tutanota.com>
 2019-04-05 16:04:04 +02:00
Stephen Smoogen
7611b5063c [pagure] Fix upgrade script to cover newer pagure 
The manual/upgrade/pagure.yml was written for older pagure and changes
in the environment require updates to our infrastructure. This will
hopefully make upgrades more repeatable.

Signed-off-by: Stephen Smoogen <smooge@redhat.com>
 2019-04-05 13:54:37 +00:00
Pierre-Yves Chibon
8b7d31d56d greenwave: give pingou access to greenwave in openshift 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2019-04-05 15:51:34 +02:00
Pierre-Yves Chibon
25b12364ea greenwave: Include the topic_prefix in fedora-messaging's config 2019-04-05 15:19:20 +02:00
Clement Verna
acdecfd3ac Greenwave: Use fedora-messaging to publish messages in stg 
Signed-off-by: Clement Verna <cverna@tutanota.com>
 2019-04-05 14:53:19 +02:00
Clement Verna
bb0f922dc4 Greenwave: Point stg to use prod koji for temporary test 
Signed-off-by: Clement Verna <cverna@tutanota.com>
 2019-04-05 14:20:03 +02:00
Clement Verna
11ccd305fe Greenwave: Use greenwave.fp.o url instead of the app.os.fp.o 
Signed-off-by: Clement Verna <cverna@tutanota.com>
 2019-04-05 13:51:51 +02:00
Clement Verna
2d83bce1e6 Greenwave: use the correct greenwave URL in stg 
Signed-off-by: Clement Verna <cverna@tutanota.com>
 2019-04-05 13:37:14 +02:00
Clement Verna
ead3c8a64d Greenwave: use the correct url to get decision 
Signed-off-by: Clement Verna <cverna@tutanota.com>
 2019-04-05 13:30:52 +02:00
Pierre-Yves Chibon
4b8f8b16f5 greenwave: Allow considering dist.rpmgrill in stg 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2019-04-05 13:20:41 +02:00
Miroslav Suchý
1a36d53dd2 retrace: pull-associates no longer have --opsys-release 2019-04-05 12:23:57 +02:00
Miroslav Suchý
a1b93dd589 retrace: two cronjob cannot have the same name 2019-04-05 12:23:57 +02:00
Pierre-Yves Chibon
66f016c725 greenwave: Split the configmap into multiple files, easier to edit/review 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2019-04-05 11:32:29 +02:00
Miroslav Suchý
4b4fed942c copr: install our lograte for httpd 
with rotate 5
otherwise old logs get deleted
 2019-04-05 10:08:44 +02:00
Jakub Kadlčík
f8060b5a90 Allow 'copr' user to run 'sign' command 
See https://pagure.io/copr/copr/issue/636

By default only root can run the `sign` command. This
check is applied within obs-signd code. We need to
allow regular user in the config, see `man sign.conf`.

Also /usr/bin/sign is owned by root:obsrun with
-rwsr-x--- hence we need to add a user to the obsrun group.
 2019-04-05 09:52:28 +02:00
Miroslav Suchý
478e356787 copr: make sure crond is running 2019-04-05 09:50:00 +02:00
Miroslav Suchý
2473d37473 retrace: use rabbitmq proxy 2019-04-05 09:03:50 +02:00
Jeremy Cline
9e7074570c rabbitmq_cluster: Create the public vhost before the admin user 
The admin user needs access to the public vhost, but it needs to exist
first.
 2019-04-04 23:04:55 +00:00
Kevin Fenzi
fea0ef6c08 rabbitmq: Set prod ips correctly in group file to allow for inter-node taffic. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-04 22:20:02 +00:00
Kevin Fenzi
4cd704e5fc syncHttpLogs.sh: remove also proxy07, which no longer exists. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-04 22:04:38 +00:00
Patrick Uiterwijk
c7debaf72d Add proxy101/110 to syncHttpLogs 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-04 23:46:02 +02:00
Patrick Uiterwijk
7e77debb8f Register aws-infra with Ipsilon 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-04 23:25:35 +02:00
Patrick Uiterwijk
7eb1a3e749 repoSpanner: add forgotten slash for creates: check 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-04 23:22:43 +02:00
Stephen Smoogen
90568e0ef4 [repospanner] Add in rpms role for repospanner01.phx2 
Signed-off-by: Stephen Smoogen <smooge@redhat.com>
 2019-04-04 19:56:01 +00:00
Kevin Fenzi
e88f922fac repospanner: fix missing , in role args. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-04 18:55:03 +00:00