infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions
33596 commits 9 branches 0 tags 110 MiB
Commit graph

33596 commits

This branch
This branch
All branches
Author SHA1 Message Date
Adam Williamson
813bbc4d2a openqa/server: allow group to write to factory dirs 
Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2020-11-05 17:16:28 -08:00
Adam Williamson
61251d0b11 More syntax...sigh 
Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2020-11-05 16:24:27 -08:00
Adam Williamson
d61631fbe7 More syntax fixin (I hope) 
Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2020-11-05 16:18:08 -08:00
Adam Williamson
a03b707b02 Try and correct metagroup syntax 
Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2020-11-05 16:15:55 -08:00
Adam Williamson
95f062c07a openQA: allow all workers NFS write access, other tweaks 
The main goal of these changes is to allow all workers in each
deployment NFS write access to the factory share. This is because
I want to try using os-autoinst's at-job-run-time decompression
of disk images instead of openQA's at-asset-download-time
decompression; it avoids some awkwardness with the asset file
name, and should also actually allow us to drop the decompression
code from openQA I think.

I also rejigged various other things at the same time as they
kinda logically go together. It's mostly cleanups and tweaks to
group variables. I tried to handle more things explicitly with
variables, as it's better for use of these plays outside of
Fedora infra.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2020-11-05 16:10:32 -08:00
Adam Williamson
35c65637ce openqa: drop fedmsg-related vars 
All obsolete now.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2020-11-05 16:10:32 -08:00
Kevin Fenzi
b0a3761288 greenwave: re-add fedora-eln, but in the no requirements sections 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-05 14:19:00 -08:00
Kevin Fenzi
7966976622 greenwave: no gating tests for eln 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-05 13:53:47 -08:00
Pierre-Yves Chibon
3f03400dac distgit: drop pagure related selinux config since it's now handled in the pagure role 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 17:27:27 +01:00
Pierre-Yves Chibon
a7e2a97fad distgit: drop selinux config from the distgit role as it is now in pagure role 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 17:24:18 +01:00
Pierre-Yves Chibon
85bbe256df distgit/pagure: add names to the tasks 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 17:19:42 +01:00
Pierre-Yves Chibon
3babdf5ff9 distgit/pagure: indentation fix 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 17:06:43 +01:00
Pierre-Yves Chibon
9e50494ac9 distgit/pagure: add some debugging to understand why it mis-behaves 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 17:05:48 +01:00
Kevin Fenzi
f3bdbf3da5 openshift_apps / docstranslation: try mode using quotes 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-05 08:01:08 -08:00
Pierre-Yves Chibon
0b3a2cc4a8 distgit/pagure: use symlink instead of complicated paths 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 15:58:58 +01:00
Pierre-Yves Chibon
618cbde6cc distgit/pagure: make the selinux files available to the distgit/pagure role 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 15:55:14 +01:00
Pierre-Yves Chibon
8890fb10a9 distgit/pagure: add missing '/' 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 15:50:20 +01:00
Pierre-Yves Chibon
77096060f6 distgit/pagure: Configure selinux in distgit just like on pagure.io 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 15:48:41 +01:00
Pierre-Yves Chibon
414a063625 Proxy-websites: create the testdays.fic.o 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 14:50:56 +01:00
Pierre-Yves Chibon
b1b0365f95 proxies: fix typo 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 14:48:26 +01:00
Pierre-Yves Chibon
439844863e Proxies: add a redirect from testdays.fic.o to testdays.fp.o 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 14:47:18 +01:00
Pierre-Yves Chibon
1390d242ef proxies: get testdays to redirect to openshift in stg and prod 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 13:56:44 +01:00
Pierre-Yves Chibon
48531f4b5b testdays: drop the route for resultsdb 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 13:47:44 +01:00
Pierre-Yves Chibon
e6969d8113 testdays: Prepare deploying to prod 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 13:39:20 +01:00
František Zatloukal
1c2b2aab36 Testdays: Prepare for production 2020-11-05 09:37:47 +01:00
Kevin Fenzi
66c94678e1 ipa: try and fix the popup auth window that comes up on windows 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-04 16:31:42 -08:00
Kevin Fenzi
bfc5675848 basessh: it's pagure02 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-04 15:19:52 -08:00
Kevin Fenzi
9fba0f7ff4 basessh: revert new ed25519 key on pagure.io as well 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-04 15:17:09 -08:00
Kevin Fenzi
694727083a buildvm / fedora 33 / staging: try and switch armv7 vm's over to f33/uefi 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-04 14:51:09 -08:00
Kevin Fenzi
a010a6e23e builders / a64 / staging: don't make a 03 anymore as we need the space for osbs 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-04 14:31:22 -08:00
Kevin Fenzi
717ebb3386 buildvm / aarch64 / staging: move to fedora 33 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-04 14:30:18 -08:00
Kevin Fenzi
cfbb5da47b buildvm / ppc64le / staging: move to fedora 33 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-04 13:46:46 -08:00
Kevin Fenzi
0883c5dea9 buildvm / staging: set buildvm-x86 in stg to f33 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-04 13:16:31 -08:00
Mark O'Brien
7c4fab3fac osbs: set to single nic virt install for stage aarch64 2020-11-04 20:44:00 +00:00
Kevin Fenzi
98ffa66a64 koji_builder / staging: try and enable bootstrap mode 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-04 11:56:10 -08:00
Kevin Fenzi
a67d0afc26 rawhide/branched composers: Move to f33 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-04 10:49:33 -08:00
Kevin Fenzi
3495aaad42 batcave: pdr cleanup cron job 
cron.d entries have to be mode 644, not 755.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-04 09:08:20 -08:00
Jakub Kadlcik
aedbc7a88a copr: upgrade production builders to F33 2020-11-04 13:19:34 +01:00
Adam Williamson
51bfc54f0b openQA: deploy new scratch builds on stg 
Testing a git bump.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2020-11-03 18:42:35 -08:00
Kevin Fenzi
84a7bbe56e basessh: do not add new host key on pkgs01* 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-03 16:32:52 -08:00
Jakub Kadlcik
f2e70b89bf copr: fallback to DEFAULT:FEDORA32 instead of LEGACY on builders 
This option is less open/permitting, but should be good enough since
we are currently running F32 builders and haven't messed with the
crypto policy value. According to

https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2#Upgrade.2Fcompatibility_impact

the `DEFAULT:FEDORA32` should be the first step and only when it is
not good enough, then we should fallback to `LEGACY`.

Thank you @nirik
 2020-11-04 00:56:41 +01:00
Jakub Kadlcik
3ccd49e655 copr: remove unnecessary brackets 
They messes up vim syntax highlighting and makes editing the file
remotely too annoying.
 2020-11-04 00:27:19 +01:00
Jakub Kadlcik
10f62c6bb5 copr: fallback to the LEGACY crypto policies for builders 2020-11-04 00:26:14 +01:00
Kevin Fenzi
e0555ee173 proxies / reverseproxy: drop duplicate website var 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-03 15:24:45 -08:00
Kevin Fenzi
07d908dfc5 basessh: enable ed25519 ssh host keys everywhere 
For newer ssh (in fedora) we need to have certs that are not using
sha-1. So, we need to regenerate the certs signed by our CA with sha256.
While we are at it, enable the ed25519 host keys as rsa keys are
increasingly in disfavor.

So, old ssh will use the old rsa host certs that are sha1 for now, but
new ssh will use the sha256 signed ed25519 certs. If everything works
fine for a while, we can resign the rsa host keys also and totally get
rid of the sha1 certs.

Since both host keys are signed by our CA, they should still be just as
trusted as before. If you are asked to approve a new host key for
something, make sure you have our CA in your known_hosts file:
https://admin.fedoraproject.org/ssh_known_hosts

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-03 15:11:16 -08:00
Kevin Fenzi
925f314af5 basessh: see if we can generate a sha256 cert 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-03 15:04:51 -08:00
Kevin Fenzi
259a1734ae bastion02: try resigning and using better host certs. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-03 14:59:21 -08:00
Kevin Fenzi
e5606578de base: try changing f33 crypto-policies to a less open version to get 2fa working 
LEGACY allows all kinds of old junk, lets try and just
enable the things that FEDORA32 allowed.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-03 14:10:39 -08:00
Stephen Smoogen
6de5698aa6 Add in signed keys for iad2 and rdu-cc zones. 
Signed-off-by: Stephen Smoogen <ssmoogen@redhat.com>
 2020-11-03 16:56:36 -05:00
Mohan Boddu
de50b94c0c Adding autosigning on eln side tags 
Signed-off-by: Mohan Boddu <mboddu@bhujji.com>
 2020-11-03 19:21:26 +00:00