Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
32390 commits 9 branches 0 tags 111 MiB
Commit graph

32390 commits

This branch
This branch
All branches
Author SHA1 Message Date
Kevin Fenzi
516d5e77e8 haproxy: fix conditional that was reversed for mbs 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-25 10:06:47 -07:00
Dusty Mabe
64322971e0 koji_hub: allow update/remove for sidetag owners 
https://pagure.io/releng/issue/9229#comment-667272
 2020-07-25 16:58:55 +00:00
Kevin Fenzi
f19cb7f225 haproxy: adjust staging haproxy for things that should exist 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-25 09:56:35 -07:00
Kevin Fenzi
959fdaa00b haproxy: add a placeholder ca for openshift staging 
Openshift doesn't exist in staging yet, but we want to finish mostly
building out proxy01 before doing that, so set a placeholder ca here
until we can update it with the real one.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-25 09:39:17 -07:00
Kevin Fenzi
16d012933c haproxy: add ipa stg cert for iad2 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-24 21:52:12 -07:00
Kevin Fenzi
a47fccbf0a staging: fix the intermediate cert for wildcard 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-24 19:09:49 -07:00
Kevin Fenzi
c5da244a17 websites: try and disable letsencrypt/certbot in stg 
Right now we don't have a working certgetter, so disable these for now
until we can get certgetter01 able to go out and get certs.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-24 18:09:30 -07:00
Kevin Fenzi
2d95e93d1d certgetter: do not include fas_client or 2fa in stg for now. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-24 15:48:47 -07:00
Kevin Fenzi
410c81e91c inventory: also add certgetter01.stg to staging group 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-24 15:10:12 -07:00
Kevin Fenzi
2d8bf791cd inventory: create a certgetter01.stg instance and use it in stg 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-24 15:07:56 -07:00
Kevin Fenzi
14f05eb02f openshift-apps / message-tagging-service: MTS_CONFIG_VERSION has to be a string 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-24 14:57:52 -07:00
Adam Williamson
a2bef634cf openqa/worker: use include_tasks not import_tasks 
Using `when` with `import_tasks` doesn't actually skip the import
entirely, it just imports the tasks and skips them one by one.
Which reads oddly. `include_tasks` is properly dynamic so seems
better here.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2020-07-24 14:11:21 -07:00
Patrick Uiterwijk
97234b1c83 Also add DNS check override for host check 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-07-24 22:42:55 +02:00
Kevin Fenzi
665964a79f ipa / server: fix files to have correct suffix 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-24 13:23:05 -07:00
Patrick Uiterwijk
7cdcbb5880 Make all ldif files apply on all IPA boxes. Not everything gets synced 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-07-24 22:09:18 +02:00
Patrick Uiterwijk
7db1377081 Do not require hosts to be in the IPA DNS zone 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-07-24 22:05:55 +02:00
Stephen Smoogen
5908e7b681 turns out even if fedmsg is not actually listening on the ports it is supposed to do so it is still supposed to do fedmsg 2020-07-24 14:11:27 -04:00
Mark O'Brien
c82df0f30b [maintainer-test] dont need this anymore fedora user has been removed 2020-07-24 13:16:03 +01:00
Mark O'Brien
d95a26b3e7 [maintainer-test] lets try update without creating the file 2020-07-24 11:21:44 +01:00
Pierre-Yves Chibon
e6c0433e19 distgit/pagure: set the sticky bit on /var/log/pagure so the group membership remains 
The owner itself does not really matter, especially when considering the
section above where the pagure user is created in the packager group.

Fixes https://pagure.io/releng/issue/9623

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-07-24 11:24:28 +02:00
Adam Williamson
d9f5530046 openqa/worker: configure to use 172. IP range not 10. 
Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2020-07-23 17:27:19 -07:00
Stephen Smoogen
aa6dc95c84 try and make buildhw-a64 ip address work on eth1 versus eth0 2020-07-23 16:53:42 -04:00
Stephen Smoogen
9246a167db make sure endpoints no longer used are removed 2020-07-23 16:04:45 -04:00
Kevin Fenzi
0eb6dae00e playbooks: ipa/proxies: 2fa also only in prod 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-23 12:30:44 -07:00
Kevin Fenzi
7d4333cda3 inventory: add ipa01.stg to iad2 group 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-23 12:24:22 -07:00
Kevin Fenzi
2ee56651b0 playbooks: ipa/proxies: make fasClient only prod 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-23 12:24:22 -07:00
Stephen Smoogen
93ea8c9830 do not copy a file which no longer exists 2020-07-23 15:11:05 -04:00
Stephen Smoogen
b91f19565a comment out various wsgi_fedmsg_service variables for systems no longer running fedmsg listeners. try to cut down noise of problems so we can determine mbs and pdc issues 2020-07-23 15:08:13 -04:00
Kevin Fenzi
9aaa7dd60c postgresql: db01: adjust varaibles to try and improve performance 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-23 11:56:24 -07:00
Kevin Fenzi
ea3a6e37a5 inventory: move 20 datacenters, from 22 back to 2. :) 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-23 11:52:11 -07:00
Kevin Fenzi
15f6d3d520 inventory: proxy01.stg fix missed s/phx/iad/ 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-23 11:50:43 -07:00
Kevin Fenzi
aac19d714c inventory: add proxy01.stg 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-23 11:49:06 -07:00
Kevin Fenzi
103210fb36 koji / hub: set MissingPolicyOk False 
This will mean that anything we don't have a policy for will be denied
instead of allowed. We want this (safer) default.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-23 09:43:26 -07:00
Pierre-Yves Chibon
daa2d739b8 toddlers: add a tag for appowners 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-07-23 17:51:47 +02:00
Michal Konečný
6f9747baea Toddlers: Add myself to appowners 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2020-07-23 15:56:34 +02:00
Pierre-Yves Chibon
43a68e2c57 distgit/pagure: another clean up of old cruft from another time (py2/rhel7) 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-07-23 13:15:24 +02:00
Pierre-Yves Chibon
745e7b04ce distgit/pagure: remove old cruft from another time (py2/rhel7) 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-07-23 13:14:19 +02:00
Pierre-Yves Chibon
22662d79b5 Clean up inventory files for odcs and pkgs for the fedmsg-related variables and comments 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-07-23 13:11:50 +02:00
Pierre-Yves Chibon
d0452479ed Revert "remove fedmsg variables which define endpoints on other fedmsg systems" 
We need to keep these variables defined as they are used in the .wsgi files
to set the number of procs and threads for apache.

This reverts commit 6e92ba25a7.
 2020-07-23 13:09:24 +02:00
Pierre-Yves Chibon
5aa15e44e3 distgit/pagure: Do not allow packagers to create the 'master' branch if it does not exist in PDC 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-07-23 13:03:10 +02:00
Pierre-Yves Chibon
7c51566c36 distgit/pagure: Log auth-related into in a file on disk and create the place for it 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-07-23 12:59:20 +02:00
Pierre-Yves Chibon
4a93e4f1e0 rabbitmq_cluster: add a tags for the task on the osci-pipelines 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-07-23 10:03:31 +02:00
Michal Srb
079119927f Lower TTL for OSCI queues 
Not all OSCI queues are actively used all the time -- no need to keep messages for 10 days in them. 5 days TTL should be plenty of time even for actively used queues.
 2020-07-23 07:31:19 +00:00
Kevin Fenzi
7c544eea40 db-koji01: try adjusting memory up here. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-22 16:46:19 -07:00
Kevin Fenzi
310a64c713 postgresql / db-koji: adjust postgresl some more 
Turns out we were not setting effective_cache_size even tho it was set
for some servers (pagure). Adjust a few parameters on db-koji to try and
get some more performance out of it.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-22 16:23:33 -07:00
Kevin Fenzi
2ec00accf3 apps-fp-o: we still need to install the apache config 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-22 15:39:40 -07:00
Kevin Fenzi
2e4204814c apps-fp-o: only install the resources, not the app/app config 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-22 15:26:27 -07:00
Kevin Fenzi
fa50e284fd proxies: re-enable apps-fp-o role 
Turns out this also deploys all the bootstrap and fonts that things use,
not just the apps viewer thing. So, re-enable it for now so things work
again.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-22 15:23:13 -07:00
Francois Andrieu
e1b6248a4c nagios: add check_postfix_redhat to bastion01 2020-07-22 19:41:11 +00:00
Francois Andrieu
da5599c3a8 check_postfix_queue.py: fix args type 2020-07-22 19:41:11 +00:00