Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
33330 commits 9 branches 0 tags 111 MiB
Commit graph

33330 commits

This branch
This branch
All branches
Author SHA1 Message Date
Pierre-Yves Chibon
8890fb10a9 distgit/pagure: add missing '/' 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 15:50:20 +01:00
Pierre-Yves Chibon
77096060f6 distgit/pagure: Configure selinux in distgit just like on pagure.io 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 15:48:41 +01:00
Pierre-Yves Chibon
414a063625 Proxy-websites: create the testdays.fic.o 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 14:50:56 +01:00
Pierre-Yves Chibon
b1b0365f95 proxies: fix typo 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 14:48:26 +01:00
Pierre-Yves Chibon
439844863e Proxies: add a redirect from testdays.fic.o to testdays.fp.o 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 14:47:18 +01:00
Pierre-Yves Chibon
1390d242ef proxies: get testdays to redirect to openshift in stg and prod 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 13:56:44 +01:00
Pierre-Yves Chibon
48531f4b5b testdays: drop the route for resultsdb 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 13:47:44 +01:00
Pierre-Yves Chibon
e6969d8113 testdays: Prepare deploying to prod 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 13:39:20 +01:00
František Zatloukal
1c2b2aab36 Testdays: Prepare for production 2020-11-05 09:37:47 +01:00
Kevin Fenzi
66c94678e1 ipa: try and fix the popup auth window that comes up on windows 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-04 16:31:42 -08:00
Kevin Fenzi
bfc5675848 basessh: it's pagure02 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-04 15:19:52 -08:00
Kevin Fenzi
9fba0f7ff4 basessh: revert new ed25519 key on pagure.io as well 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-04 15:17:09 -08:00
Kevin Fenzi
694727083a buildvm / fedora 33 / staging: try and switch armv7 vm's over to f33/uefi 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-04 14:51:09 -08:00
Kevin Fenzi
a010a6e23e builders / a64 / staging: don't make a 03 anymore as we need the space for osbs 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-04 14:31:22 -08:00
Kevin Fenzi
717ebb3386 buildvm / aarch64 / staging: move to fedora 33 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-04 14:30:18 -08:00
Kevin Fenzi
cfbb5da47b buildvm / ppc64le / staging: move to fedora 33 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-04 13:46:46 -08:00
Kevin Fenzi
0883c5dea9 buildvm / staging: set buildvm-x86 in stg to f33 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-04 13:16:31 -08:00
Mark O'Brien
7c4fab3fac osbs: set to single nic virt install for stage aarch64 2020-11-04 20:44:00 +00:00
Kevin Fenzi
98ffa66a64 koji_builder / staging: try and enable bootstrap mode 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-04 11:56:10 -08:00
Kevin Fenzi
a67d0afc26 rawhide/branched composers: Move to f33 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-04 10:49:33 -08:00
Kevin Fenzi
3495aaad42 batcave: pdr cleanup cron job 
cron.d entries have to be mode 644, not 755.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-04 09:08:20 -08:00
Jakub Kadlcik
aedbc7a88a copr: upgrade production builders to F33 2020-11-04 13:19:34 +01:00
Adam Williamson
51bfc54f0b openQA: deploy new scratch builds on stg 
Testing a git bump.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2020-11-03 18:42:35 -08:00
Kevin Fenzi
84a7bbe56e basessh: do not add new host key on pkgs01* 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-03 16:32:52 -08:00
Jakub Kadlcik
f2e70b89bf copr: fallback to DEFAULT:FEDORA32 instead of LEGACY on builders 
This option is less open/permitting, but should be good enough since
we are currently running F32 builders and haven't messed with the
crypto policy value. According to

https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2#Upgrade.2Fcompatibility_impact

the `DEFAULT:FEDORA32` should be the first step and only when it is
not good enough, then we should fallback to `LEGACY`.

Thank you @nirik
 2020-11-04 00:56:41 +01:00
Jakub Kadlcik
3ccd49e655 copr: remove unnecessary brackets 
They messes up vim syntax highlighting and makes editing the file
remotely too annoying.
 2020-11-04 00:27:19 +01:00
Jakub Kadlcik
10f62c6bb5 copr: fallback to the LEGACY crypto policies for builders 2020-11-04 00:26:14 +01:00
Kevin Fenzi
e0555ee173 proxies / reverseproxy: drop duplicate website var 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-03 15:24:45 -08:00
Kevin Fenzi
07d908dfc5 basessh: enable ed25519 ssh host keys everywhere 
For newer ssh (in fedora) we need to have certs that are not using
sha-1. So, we need to regenerate the certs signed by our CA with sha256.
While we are at it, enable the ed25519 host keys as rsa keys are
increasingly in disfavor.

So, old ssh will use the old rsa host certs that are sha1 for now, but
new ssh will use the sha256 signed ed25519 certs. If everything works
fine for a while, we can resign the rsa host keys also and totally get
rid of the sha1 certs.

Since both host keys are signed by our CA, they should still be just as
trusted as before. If you are asked to approve a new host key for
something, make sure you have our CA in your known_hosts file:
https://admin.fedoraproject.org/ssh_known_hosts

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-03 15:11:16 -08:00
Kevin Fenzi
925f314af5 basessh: see if we can generate a sha256 cert 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-03 15:04:51 -08:00
Kevin Fenzi
259a1734ae bastion02: try resigning and using better host certs. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-03 14:59:21 -08:00
Kevin Fenzi
e5606578de base: try changing f33 crypto-policies to a less open version to get 2fa working 
LEGACY allows all kinds of old junk, lets try and just
enable the things that FEDORA32 allowed.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-03 14:10:39 -08:00
Stephen Smoogen
6de5698aa6 Add in signed keys for iad2 and rdu-cc zones. 
Signed-off-by: Stephen Smoogen <ssmoogen@redhat.com>
 2020-11-03 16:56:36 -05:00
Mohan Boddu
de50b94c0c Adding autosigning on eln side tags 
Signed-off-by: Mohan Boddu <mboddu@bhujji.com>
 2020-11-03 19:21:26 +00:00
Mark O'Brien
dfa0169b7a osbs: increase vol size aarch64 staging 2020-11-03 10:22:28 +00:00
Mark O'Brien
0770979c55 aarch builders: remove builders in stage to make room for osbs 2020-11-02 17:53:53 +00:00
František Zatloukal
4261975aa3 Testdays: Fix RDB url 2020-11-02 16:51:57 +01:00
František Zatloukal
c22b10374b Testdays: fix indent 2020-11-02 16:33:02 +01:00
František Zatloukal
992be42845 Testdays: Fix error in bc 2020-11-02 16:31:56 +01:00
František Zatloukal
e28852c22e Testdays: Purge serivce 2020-11-02 16:17:00 +01:00
František Zatloukal
c11f1ecb9e Testdays: Resulstdb link 2020-11-02 16:10:32 +01:00
Pierre-Yves Chibon
7b089785b2 testdays: more indentation fixes 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-02 15:17:18 +01:00
Pierre-Yves Chibon
8bd054f708 testdays: fix indentation 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-02 15:15:23 +01:00
František Zatloukal
0335579fa2 testsdays: add a local/custom resultsdb instance just for us 2020-11-02 15:08:34 +01:00
Mark O'Brien
3bd8ec31b9 osbs: stage aarch64 try smaller volumes 2020-11-02 14:00:42 +00:00
Mark O'Brien
4943f0f31e osbs: use normal builders for osbs aarch64 stage 2020-11-02 11:32:28 +00:00
František Zatloukal
2a8a2ac75a Testdays: Try without explicit gunicorn 2020-11-02 10:33:57 +01:00
Kevin Fenzi
48e878b9fe testdays: fix up testdays proxying in staging 
It was redirecting it to the old fedorainfracloud ip.
Then it wasn't proxying to openshift.

When moving to prod, the conditionals here should be removed.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-01 11:33:52 -08:00
Jakub Kadlcik
47a0701583 copr: stop disabling systemd-resolved, the RHBZ 1710699 is already fixed 
This works just fine now:

    $ mock --enable-network -r fedora-rawhide-x86_64 --shell
    ...
    <mock-chroot> sh-5.0# curl https://copr.fedorainfracloud.org/
    curl: (6) Could not resolve host: copr.fedorainfracloud.org
 2020-11-01 18:11:54 +01:00
Jakub Kadlcik
39ea93ca97 copr: remove the python3-rpkg-1.60, RHBZ 1879471 is already fixed 2020-11-01 18:11:54 +01:00