infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions
26301 commits 9 branches 0 tags 110 MiB
Commit graph

26301 commits

This branch
This branch
All branches
Author SHA1 Message Date
Kevin Fenzi
a806829c4f vhost_update_reboot: when you want to just update and then reboot a vhost 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-09 19:50:36 +00:00
Kevin Fenzi
5be0661c51 vhost_update: switch to package to call the right backend and fix other issues. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-09 19:13:01 +00:00
Kevin Fenzi
3a5f3c7894 ansible-server: just switch to all scp 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-09 18:59:13 +00:00
Kevin Fenzi
678e78acab ansible-server: switch transport to use scp first, then piped, and only then sftp 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-09 18:54:09 +00:00
Kevin Fenzi
41c92c2e9c Revert "basessh: We need a sftp server for ansible, so switch to the internal one." 
This reverts commit 0be4815020.

Instead, we will just switch ansible to scp
 2019-04-09 18:42:28 +00:00
Stephen Smoogen
88e6747363 [repospanner] if you put one thing in quotes.. you need to put all the similar things in quotes 2019-04-09 18:25:22 +00:00
Kevin Fenzi
36672f3ba0 repospanner: fix 3 more variable cases. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-09 18:21:04 +00:00
Kevin Fenzi
157111f4ec repospanner: You have to use "s on variables if they are the first thing in the value. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-09 18:18:06 +00:00
František Zatloukal
47cbd1b97b pagure: add missing comma in inventory/group_vars/pagure 2019-04-09 20:15:52 +02:00
Kevin Fenzi
0be4815020 basessh: We need a sftp server for ansible, so switch to the internal one. 
The external one won't start if it can't read /etc/ssh/sshd_config
and the internal one is likely faster and better anyhow.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-09 18:13:26 +00:00
Kevin Fenzi
78c41502a3 vhost_reboot: switch to using the new ansible 'reboot' module. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-09 17:51:02 +00:00
Kamil Páral
780adf71a1 taskotron: upgrade production to F29 2019-04-09 19:27:11 +02:00
Stephen Smoogen
7c3fa7c396 Make it so our http configs for repoSpanner do not wander off from each other due to too many cooks and too few pots. Change all repospanner related 8443 to use jinja variable repoSpanner_{{region}}_http 2019-04-09 13:50:01 +00:00
Patrick Uiterwijk
d8e632492a Sync bridge port with http port 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-09 12:48:27 +02:00
Mikolaj Izdebski
0fc00d4b41 koji_hub: Fix incorrect channel of secure-boot chain builds (#7674) 2019-04-09 11:42:07 +02:00
Kevin Fenzi
f8fb672f2f fedora-web/ols: also install ols config. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-08 22:51:23 +00:00
Kevin Fenzi
61fc38736e ols.fedoraproject.org: add site on proxies to serve local content. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-08 22:33:11 +00:00
Kevin Fenzi
321c458292 basessh: switch fedora to use dnf here (since package wants dnf-2) 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-08 20:59:29 +00:00
Kevin Fenzi
4e51f101be base: Just change this to run on rhel7 and rhel6 only with yum. The next task works for fedora hosts. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-08 20:55:09 +00:00
Kevin Fenzi
fef0fcbc0e base: fix initial libselinux task to not run on python3 hosts as package: doesn't work there. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-08 20:51:14 +00:00
Kevin Fenzi
28e87b1a1d ppc9-02: ppc9-02 is now a fedora-30 instance too, so use python3 for ansible there. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-08 20:35:21 +00:00
Kevin Fenzi
3359779879 nfs/client: exempt koji01.stg from the nfs route as well. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-08 20:18:38 +00:00
Patrick Uiterwijk
a8d8783c9e Add comment on why blacklist rather than whitelist 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-08 22:01:29 +02:00
Patrick Uiterwijk
0c8c6b085e Also disable TLSv1.1 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-08 21:56:59 +02:00
Stephen Smoogen
001a65c0e3 [pkgs/repospanner] This is what happens when you do parts of one thing in one playbook and also in another 2019-04-08 19:47:16 +00:00
Patrick Uiterwijk
0c7449ea1d Add sslciphers tags 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-08 21:41:17 +02:00
Patrick Uiterwijk
e007dad000 Enable TLSv1.3 and corresponding ciphers 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-08 21:35:27 +02:00
Kevin Fenzi
9f4bf69eae pagure / src.fp.o: Drop fedora-altarch, as it's not used. Add cvsadmin as we want them to have access to everything. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-08 19:26:32 +00:00
Patrick Uiterwijk
83f5127b50 inventory all: add note on sshd_keyhelper 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-08 19:40:58 +02:00
Patrick Uiterwijk
5080bfbee2 basessh: sandbox privsep is not supported on el6 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-08 19:13:21 +02:00
Patrick Uiterwijk
9b09d4d5d0 basessh: Fix EL6 detection logic 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-08 19:11:40 +02:00
Patrick Uiterwijk
27a21881d4 basessh: Make keyhelper explicit 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-08 18:56:03 +02:00
Patrick Uiterwijk
4f3c609815 basessh: Migrate sshd config to single template and strengthen ciphers 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-08 18:51:31 +02:00
Mikolaj Izdebski
1655385dfb koschei/backend: Fix refreshing of dist-git groups 2019-04-08 17:02:20 +02:00
Mikolaj Izdebski
913a8f8efa koji_hub: Fix syntax error in tag policy 2019-04-08 16:32:40 +02:00
Stephen Smoogen
d8a12827e1 [pagure/upgrade] Make it clear we stop ALL workers before the upgrade. Put in TODO for future work 2019-04-08 14:03:32 +00:00
Stephen Smoogen
4fd801d09d [pagure/upgrade] Make httpd stop explicite. 
I moved the httpd down from a pre task to where it is currently running
so that it will not break.

Signed-off-by: Stephen Smoogen <smooge@redhat.com>
 2019-04-08 13:37:51 +00:00
Stephen Smoogen
809f5758ec [pagure/upgrade] Put in basic comments to show when file was last confirmed ot work 2019-04-08 13:19:56 +00:00
Pierre-Yves Chibon
30f7f775b4 Have pagure log commits on all branches 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2019-04-08 12:24:27 +02:00
Kevin Fenzi
1416bd877e loopabull/releng-compost: Do not use state: latest in normal playbooks. 
It causes playbooks to depend on external factors and upgrade things when people don't expect it.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-06 23:57:46 +00:00
Kevin Fenzi
0e8d0b841c buildvm: include global variables before trying to setup yum repos as they use those vars now. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-06 22:10:08 +00:00
Kevin Fenzi
43c318a288 dnf-automatic: stdout seems to always be defined, even if empty. Switch to looking at the return code. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-06 21:56:33 +00:00
Kevin Fenzi
1d9890e102 certgetter: add apache role and make sure certbot is installed 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-06 21:36:05 +00:00
Kevin Fenzi
bedfc92290 epylog: weed out more things that we see all the time. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-06 16:53:36 +00:00
Kevin Fenzi
b9100fd1ac repospanner: Set hosts entry for fedora03 (repospanner01.phx) so it can talk to itself over lo instead of hairpin 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-06 16:30:00 +00:00
Kevin Fenzi
b6a8c7d5e5 base: only install policycoreutils-python-utils on f28+ 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-05 22:42:43 +00:00
Patrick Uiterwijk
1bb89a3799 Add aws-docs 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-05 22:21:15 +02:00
Stephen Smoogen
194b0058c6 remove retrace02 from inventory and files. Leave mgmt as it is still plugged in and may show up. 2019-04-05 19:19:58 +00:00
Patrick Uiterwijk
e4aed9c9f2 Delete object file from disk 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-05 21:07:38 +02:00
Patrick Uiterwijk
dc591da083 Add openshift/object-delete role 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-05 21:05:46 +02:00