Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
36964 commits 9 branches 0 tags 111 MiB
Commit graph

36964 commits

This branch
This branch
All branches
Author SHA1 Message Date
Stephen Gallagher
7d26c4cde9 Use persistent SAML identifiers 
Using "unspecified" will always send just the user's (FAS) username,
which has been known to conflict with existing accounts on Gitlab. The
"persistent" name-id format guarantees uniqueness.

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
 2022-05-11 18:39:05 +00:00
Kevin Fenzi
7aa6310cc0 we are no longer frozen 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-11 11:16:58 -07:00
Kevin Fenzi
3289c63588 bastion / opendkim: set mx2.redhat.com in opendkim PeerList 
Right now we are getting emails from redhat.com addresses and verifying
DKIM and stripping it off and sending on. We should leave redhat.com
emails coming from mx2.redhat.com alone so their own DKIM will still be
on the emails. This hopefully will allow these emails to be accepted by
google on the other side. Right now they don't have the signature so
google thinks they are trickery.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-11 10:51:33 -07:00
Pierre-Yves Chibon
34d6657bc1 Drop the override for user lef - no longer in use 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2022-05-11 14:12:14 +02:00
Kevin Fenzi
16669b17c3 pkgdb/gnome-software: Set f36 to be 'active' instead of 'in development' 
This should allow gnome-software users to see the dist upgrade to 36
from both f34 and f35. It's staggered/randomized, so they don't all
upgrade at once.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-10 06:20:38 -07:00
Mark O Brien
6f75d92c5b correct mac for vmhost-p09-copr01 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2022-05-10 11:44:53 +01:00
Mark O Brien
c89c665d29 add vmhost-p09-copr01 host vars 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2022-05-10 11:39:15 +01:00
Kevin Fenzi
2c060727f6 dnf-automatic / builders: don't allow dnf-automatic to upgrade git for now 
git 2.35.3 broke buildSRPMFromSCM tasks, we want to downgrade back to
2.35.1 for now until it's fixed in koji.
See https://pagure.io/koji/issue/3351 and
https://pagure.io/fedora-infrastructure/issue/10677

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-09 22:32:02 +00:00
Tomas Hrcka
7eb8bbea26 Use fedora 36 key to sign stable IOT release 
Signed-off-by: Tomas Hrcka <thrcka@redhat.com>
 2022-05-09 18:27:42 +00:00
Mark O Brien
34015f4af9 add vmhost-p09-copr01 to inventory 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2022-05-09 18:16:51 +01:00
Michal Konečný
f39ca74d9c [the-new-hotness] Update notification template 
Updating for staging with the latest changes
https://github.com/fedora-infra/the-new-hotness/pull/455

Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2022-05-09 14:54:39 +02:00
Tomas Hrcka
587bbd59f7 F36 is GA 
Signed-off-by: Tomas Hrcka <thrcka@redhat.com>
 2022-05-06 13:31:13 +00:00
Kevin Fenzi
f4484019c8 proxy / stg: make sure zabbix uses stg website in stg 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-05 17:23:11 -07:00
Michal Konečný
04f4298546 [the-new-hotness] Add new topic to consume 
The `anitya.project.version.update` is deprecated in Anitya message schema,
let's consume `anitya.project.version.update.v2` instead. For now this is only
consumed by staging instance, but will be consumed by production instance as
well on next hotness release.

Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2022-05-05 18:10:27 +02:00
Michal Konečný
5d8b5f7bb1 [the-new-hotness] Apply changes to configuration for staging 
Update the message template to latest version.
Schema is no longer part of the-new-hotness repository, they are installed by
pip instead.

Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2022-05-05 17:53:00 +02:00
David Kirwan
f8e34681a9 flask-oidc: updating flask-oidc-dev app to use test-auth fork. 
Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
Signed-off-by: James Richardson <jamricha@redhat.com>
Signed-off-by: Vipul Sidharth <sidharthvipul1@gmail.com>
 2022-05-05 11:26:26 +01:00
Aurélien Bompard
5529a3450e
Fixup 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-05 12:10:55 +02:00
Aurélien Bompard
c8ca0b524a
Use a more recent python 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-05 12:02:32 +02:00
Aurélien Bompard
ff81d44d24
Don't use a variable before we load variables 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-05 11:56:45 +02:00
Aurélien Bompard
c1c5ef42fd
Move FASJSON to OCP4 on staging 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-05 11:56:45 +02:00
David Kirwan
653e0d858f flask-oidc: Copying/reusing test-auth deployment config files 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
Signed-off-by: Aurelien Bompard <abompard@redhat.com>
 2022-05-05 10:24:48 +01:00
David Kirwan
c064da26c7 flask-oidc: Adding a test oauth2 app for development on flask-oidc 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
Signed-off-by: Aurelien Bompard <abompard@redhat.com>
 2022-05-05 10:12:03 +01:00
Andrew Heath
4e1394f7b2 Updated script per 10509 to remove fas-clientsetc 2022-05-04 18:12:06 +00:00
Jakub Kadlcik
848ce2c8f7 copr: raise builder quota 2022-05-04 11:35:45 +00:00
Silvie Chlupova
7a88ef0429 copr: restart node_exporter just in case the service file changed 2022-05-04 13:03:35 +02:00
Kevin Fenzi
08a1187765 pkgdb: koji_name should be the tag, not the rpm name 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-03 11:53:10 -07:00
Kevin Fenzi
68da5f28cf notifs-web / staging: adjust to use db01.stg in staging 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-02 12:15:15 -07:00
Luca BRUNO
0c1045d683
openshift-apps/coreos-cincinnati: cleanups for ocp4 2022-05-02 09:38:26 +00:00
Kevin Fenzi
8069541edc pagure: make sure domain search order is right 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-04-30 10:14:07 -07:00
Kevin Fenzi
9bfed779bb pagure: also use the pagure.io cert for pagure.org as it has a alt name for that 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-04-30 09:58:07 -07:00
Kevin Fenzi
1133e45da3 pagure: fix ssl cert deployment 
The current playbook assumes the old digicert ssl cert thats in private.
However, we got that in 2020 and it's expired. We switched pagure.io
over to letsencrypt a while back. Somehow we didn't change the playbook
however, or the change was lost somewhere. :(

So, this adds 2 calls to the letsencrypt role to get certs for the prod
and staging pagure instances. I think this should do the right thing
with placement of files, but more eyes welcome.

Without this playbooks runs have the chance of messing up pagure.io
certs, so I think we should fix this asap.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-04-30 16:52:39 +00:00
Andrew Heath
81aad830e6 Fix typo 2022-04-29 18:58:50 +00:00
Andrew Heath
8795bffd2c Adding Check for pagure.io per issue 10541 2022-04-29 18:58:50 +00:00
Leonardo Rossetti
9b539b23d6 using resultsdb_httpd_password_encoded instead of resultsdb_httpd_password 2022-04-29 15:27:13 -03:00
Renata Ravanelli
6cf9e4a53b
coreos-ci: add Renata Ravanelli to appowners 
Signed-off-by: Renata Ravanelli <rravanel@redhat.com>
 2022-04-28 18:28:08 -03:00
Leonardo Rossetti
1a7c551b3e unset X-Forwarded-Host header for resultsdb frontend app 2022-04-28 14:10:43 -03:00
Luca BRUNO
b65f26e5a5
openshift-apps/coreos-cincinnati: ocp4 conditional, part three 2022-04-28 16:29:32 +00:00
Luca BRUNO
cf07131a77
openshift-apps/coreos-cincinnati: ocp4 conditional, part two 2022-04-28 16:01:35 +00:00
Luca BRUNO
c1b3ddfe20
openshift-apps/coreos-cincinnati: ocp4 conditional 2022-04-28 15:56:46 +00:00
Luca BRUNO
556796a0b4
openshift-apps/coreos-cincinnati: conditional registry name 2022-04-28 15:21:12 +00:00
Aurélien Bompard
a1c457eec9
Rebase Noggin on Python 3.9 in staging 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-04-28 13:00:11 +02:00
Mark O Brien
0729bce300 update certs for ocp3 stg and prod and ocp4 stg 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2022-04-28 09:54:41 +00:00
Luca BRUNO
2adc9dd660
openshift-apps/coreos-cincinnati: also deploy to new ocp4 cluster 
This deploys a copy of coreos-cincinnati services to the new ocp4
cluster, in order to start migrating off the current ocp3 cluster.
The new deployment copy is not going to serve requests yet, until
all the routes are in place and the DNS updated.

Signed-off-by: Luca BRUNO <luca.bruno@coreos.com>
 2022-04-28 07:04:41 +00:00
Mikolaj Izdebski
264b8604e9 Koschei: Update link for Packages app 
See https://github.com/fedora-infra/koschei/pull/344
 2022-04-28 06:50:35 +02:00
Nick Bebout
608d769edc Add nb to pagure.io admins 2022-04-27 16:07:48 -05:00
Leonardo Rossetti
d36793f68b move resultsdb /web to / 2022-04-27 17:52:50 -03:00
Leonardo Rossetti
ae51108229 remove resultsdb api from reverse proxy 2022-04-27 17:52:29 -03:00
Leonardo Rossetti
6b8a6c9e67 resultsdb /web to / 2022-04-27 17:46:25 -03:00
Silvie Chlupova
b951f4ec82 copr: change node_exporter settings according to changes in golang-github-prometheus-node-exporter 2022-04-27 14:47:47 +02:00
Kevin Fenzi
666caebe25 buildvm / staging: s390x staging builder is z/vm 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-04-26 17:09:19 -07:00