Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
27111 commits 9 branches 0 tags 111 MiB
Commit graph

15896 commits

Author SHA1 Message Date
Rick Elrod
ca768c3000 send invalidation stdout to /dev/null for now to shut up cron 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2019-05-31 15:28:10 +00:00
Kevin Fenzi
7906963cc7 hotness: remove old hotness vm's as it's been moved to openshift 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-05-31 03:58:52 +00:00
Kevin Fenzi
ca87780119 ansible: try and move the ansible_python_interpreter setting to group_vars/all 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-05-30 22:34:06 +00:00
Kevin Fenzi
5caa9024c5 ansible: drop each host/group setting ansible_python_interpreter and just change the interpreter_python value on the control host. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-05-30 21:59:28 +00:00
Randy Barlow
db786b6797 bodhi: Major cruft cleanup. 
I worked with nirik, mizdebsk, and puiterwijk to clean up Bodhi's
roles and playbooks to remove lots of old crufty things, and this
is what we came up with.

Signed-off-by: Randy Barlow <randy@electronsweatshop.com>
 2019-05-30 21:45:21 +00:00
Patrick Uiterwijk
18709a7689 FAS: Disable sessions (and thus translations) 
This will disable translations, but is required to get a score of B or higher from oberservatory.
This is because CherryPY 2.3.0 just does not support setting HttpOnly for the session_filter.

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-30 22:08:15 +02:00
Randy Barlow
a7ae14a0f0 bodhi: Do not e-mail on pika errors. 
Signed-off-by: Randy Barlow <randy@electronsweatshop.com>
 2019-05-30 18:22:23 +00:00
Clement Verna
bb24183f46 oci-registry: Update nagios to monitor the correct directory for disk space 
Signed-off-by: Clement Verna <cverna@tutanota.com>
 2019-05-30 20:06:56 +02:00
Stephen Smoogen
40a819e1d5 [nagios/datanommer] this is what happens when you have 2 files which are supposeldy the same file. You edit one in nagios_server and miss the one in nagios_client. Bad nagios. Bad 2019-05-30 16:56:26 +00:00
Rick Elrod
0e2870c9c5 and tag it 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2019-05-30 16:10:39 +00:00
Rick Elrod
ec6da5fe24 s3-mirror: what happens if we include_vars in the role? 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2019-05-30 16:09:39 +00:00
Rick Elrod
ca07bf43c8 s3-mirror: try adding --only-show-errors to the sync part 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2019-05-30 15:51:06 +00:00
Pavel Raiskup
8963287ddd copr: provision: disable systemd-resolved 
TODO: find the reason why this is even enabled
 2019-05-30 09:44:08 +02:00
Adam Williamson
1459a3fa5c Update rsyslog-audit SELinux policy with one more needed perm 
This one was dontaudit. Grr.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2019-05-29 16:00:23 -07:00
Stephen Smoogen
4020cec510 [storinator] make changes so that storinator can work in cloud 2019-05-29 22:55:28 +00:00
Rick Elrod
640d7bc1de s3-mirror: first attempt at splitting some of these into smaller syncs; but still keeping the main sync around for everything else 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2019-05-29 22:50:02 +00:00
Kevin Fenzi
0a37f7a42d robosign: add f31-perl tag to autosign (ticket #7852) 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-05-29 22:38:15 +00:00
Rick Elrod
580d5c2347 ok, awscli, have it your way 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2019-05-29 22:28:22 +00:00
Sayan Chowdhury
37c1b0c99b Fix the when condition 2019-05-29 21:54:13 +00:00
Sayan Chowdhury
1709ce142d Add the cron to run the ami deletion regularly 2019-05-29 21:47:04 +00:00
Rick Elrod
50279dac19 add a more general s3 sync script that takes a path from /pub/ and attempts to sync it 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2019-05-29 19:03:44 +00:00
Patrick Uiterwijk
66cda5eb15 Make it possible to disallow any internal communications 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 20:33:11 +02:00
Adam Williamson
f4156c3db7 rsyslog-audit policy: also allow 'open' 
Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2019-05-29 10:21:10 -07:00
Adam Williamson
3eb406ccdb Update rsyslog-audit custom SELinux policy to allow dir reads 
This now seems to be necessary. This is the cause of the flood
of SELinux denials on F29+ hosts with the rsyslog stuff.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2019-05-29 09:49:03 -07:00
Stephen Smoogen
8611ab80ed put in proper checks like we have for other domains 2019-05-29 15:57:26 +00:00
Patrick Uiterwijk
9c8c6a8e3c Fix totpcgi-vpn name 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 17:12:32 +02:00
Patrick Uiterwijk
3792988ca2 Fix pod selectors 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 17:10:57 +02:00
Patrick Uiterwijk
932f98fed5 Add totpcgi-vpn service 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 17:06:03 +02:00
Patrick Uiterwijk
29bfd4c6ed Fix totpcgi TLS path 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 17:06:03 +02:00
Patrick Uiterwijk
d6fc29f6f2 Add dc object 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2019-05-29 15:04:06 +00:00
Stephen Smoogen
1be05a2039 put in header checks postmap and restart 2019-05-29 14:59:43 +00:00
Patrick Uiterwijk
e65ed43d82 Remove extra endif 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2019-05-29 14:58:55 +00:00
Patrick Uiterwijk
5690551a35 Add vpn configmap 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 16:57:00 +02:00
Stephen Smoogen
22fe4ad0a2 [postfix] and a file to put in drops. 2019-05-29 14:52:52 +00:00
Mikolaj Izdebski
76b7c06f89 Allow coreos-continuous users to untag secure-boot builds 
See https://pagure.io/releng/issue/8390
 2019-05-29 16:50:14 +02:00
Stephen Smoogen
77dcd8034f [postfix] change to header checks needs to be on both bastion and smtp-mm 2019-05-29 14:50:03 +00:00
Stephen Smoogen
0c6f35bf45 Allow postfix on gateway to do header checks 2019-05-29 14:37:23 +00:00
Kamil Páral
879a163936 taskotron: fix imagefactory-server cronjob typo 2019-05-29 16:35:13 +02:00
Kamil Páral
4234d8b3a8 taskotron: put imagefactory server cron jobs to /etc/cron.d/ 2019-05-29 16:32:31 +02:00
Patrick Uiterwijk
2b6e906b70 Add VPN vhost 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 16:31:49 +02:00
Kamil Páral
ddc1e9c7d2 taskotron: install imagefactory-client cron jobs into /etc/cron.d 2019-05-29 15:59:08 +02:00
Kamil Páral
076ce8ea28 taskotron: install grokmirror cron jobs into /etc/cron.d 2019-05-29 15:47:32 +02:00
Kamil Páral
5b5b898c26 taskotron-dev: add a missing cron file 
I forgot about it in my previous commit 987ba63be3.
 2019-05-29 15:34:34 +02:00
Kamil Páral
987ba63be3 taskotron-dev: try a better way to deploy cron files 2019-05-29 15:32:31 +02:00
Kamil Páral
c94ff57bab taskotron: use F30 on minions even in production 2019-05-29 14:56:51 +02:00
Kamil Páral
7f338804b2 taskotron: use F30 minions on stg 2019-05-29 13:27:31 +02:00
Patrick Uiterwijk
743e75249c tag2distrepo is now fully koji-based 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 10:58:27 +02:00
Patrick Uiterwijk
8dbaa4908d Remove fas CA from koji 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 10:55:50 +02:00
Patrick Uiterwijk
432205f3d9 Move tag2distrepo to python hub 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-29 10:50:10 +02:00
Kevin Fenzi
b68a3cf906 nagios / bodhi: change masher to composer 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-05-29 02:57:01 +00:00