infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions
36996 commits 9 branches 0 tags 110 MiB
Commit graph

36996 commits

This branch
This branch
All branches
Author SHA1 Message Date
Kevin Fenzi
b77fdc9637 inventory / staging: switch staging default to mtu of 9000 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-15 13:14:03 -07:00
Kevin Fenzi
3dd582a36c nbde: mark hosts that do not have nbde correctly 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-15 12:34:54 -07:00
Kevin Fenzi
26f69a7ee2 inventory: switch all iad2 virthosts and guests to use 9000 mtu 
All the iad2 hosts are on 10GB network, so should be able to use 9000mtu.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-15 12:13:50 -07:00
Kevin Fenzi
6c343e9906 inventory: add some groups for guests and hosts 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-15 11:58:40 -07:00
Kevin Fenzi
be13248f7c inventory: be more concise 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-15 11:08:06 -07:00
Kevin Fenzi
df45f66004 inventory: also make stg be in iad2 group 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-15 11:05:40 -07:00
Kevin Fenzi
0ec3faf574 should be == instead of = 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-15 11:03:52 -07:00
Kevin Fenzi
9f5cc4eb8b inventory: change how iad domain is constructed. 
We can't use things that are not in the facts cache for this.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-15 11:01:42 -07:00
Kevin Fenzi
6d19254a96 inventory: see if we can make a constructed iad2 group 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-15 10:53:05 -07:00
Kevin Fenzi
90c3bdd90f fix typo with == comparison 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-13 12:20:34 -07:00
Kevin Fenzi
70dc97b732 drop local clevis role and replace with linux-system-roles.nbde_client 
The linux-system-roles.nbde_client does the right things and so one less
thing for us to maintain. It also avoids the problem we have on some
machines now where network interface names are not as the old clevis
role expected, so unlocking didn't work on boot. Hopefully this fixes
all those issues.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-13 12:10:25 -07:00
Aurélien Bompard
0b2bf34545
Deploy ACO on OCP4 in staging too 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-13 13:06:49 +02:00
Mark O Brien
90d6a7be09 add not staging to prod proxy block for coroes-cincinnati 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2022-05-13 11:54:36 +01:00
Mark O Brien
9336a3ce4e add proxy blocks for staging coroes-cincinnati 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2022-05-13 11:49:24 +01:00
Mark O Brien
f4f54f8809 use different nodes for staging updates-coroes-cincinnati 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2022-05-13 11:25:34 +01:00
Mark O Brien
415244f7e6 update routes for the rest of coreos-cincinnati to ocp4 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2022-05-13 10:55:02 +01:00
Aurélien Bompard
7bd5e01276
Fix the noggin gunicorn config 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-13 11:38:22 +02:00
Mark O Brien
b250adcce2 update routes for coreos-cincinnati to ocp4 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2022-05-13 10:29:50 +01:00
Aurélien Bompard
5cbf46d3b4
Move Noggin to OCP4 on staging 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-13 11:03:24 +02:00
Kevin Fenzi
80b61920c2 Revert "Install newer nbde_client collection from git." 
This reverts commit 3916970463.
 2022-05-12 18:28:35 -07:00
Kevin Fenzi
3916970463 Install newer nbde_client collection from git. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-12 18:27:08 -07:00
Kevin Fenzi
4bf6d41cc4 conjunction junction: whats your function? 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-12 17:55:30 -07:00
Kevin Fenzi
d1626cbb3f bvmhost-x86-04.stg: test replacing our janky clevis role with inux-system-roles.nbde_client 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-12 17:50:16 -07:00
Kevin Fenzi
ec6d71f911 bvmhost-x86-04.stg: try setting 9k mtu 
This host doesn't have any guests on it yet.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-12 17:27:33 -07:00
Michal Konečný
bc5e3e6f93 [Zuul] Add configuration file for ansible-lint 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2022-05-12 12:41:43 +00:00
Michal Konečný
9d9e2784d1 [Zuul] Use ansible lint instead ansible review 
Ansible review is no longer maintained upstream, let's use ansible lint instead.

Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2022-05-12 12:41:43 +00:00
Michal Konečný
c296ef0961 [Zuul] Migrate jobs to central repository 
This commit will migrate existing Zuul jobs to pagure.io/fedora-infra/zuul
repository.

This commit also removes one job that is no longer needed.

Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2022-05-12 12:41:43 +00:00
Kevin Fenzi
d7c84cd540 bodhi / backend: allow ftpsync user to read fedora-messaging config 
This should allow the updates sync script to again report when it's
syncing updates.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-11 18:29:01 -07:00
Adam Williamson
e6e0e2f42d openqa: set up for new resultsdb location and auth on lab 
This sets up the openQA lab instance to report to the new stg
instance of resultsdb, and use authentication. The scheduler
config file is now mode 0600 because it has a password in it.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2022-05-11 17:06:35 -07:00
Kevin Fenzi
6d1e07d599 proxies / reverseproxy / openqa: do this in a more sustainable way 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-11 15:45:14 -07:00
Kevin Fenzi
8d38f818e7 proxies / reverseproxy / openqa: drop unneeded conditional that is causing a syntax error 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-11 15:31:26 -07:00
Kevin Fenzi
63adb316a7 proxies / reverseproxy / openqa: make openqa on non iad2 proxies send a 421 
Due to http/2 connection reuse bugs, sometimes firefox will decide to
'reuse' a connection to fedoraproject.org for openqa.fedoraproject.org
(since they both have the same tls cert), but openqa is only available
from the 2 iad2 proxies, not all of them. This results in a 503 timeout
and it just not loading. This should make those reused connections get a
421 from proxies and reconnect to the proper ips. (we hope)

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-11 13:10:43 -07:00
Stephen Gallagher
7d26c4cde9 Use persistent SAML identifiers 
Using "unspecified" will always send just the user's (FAS) username,
which has been known to conflict with existing accounts on Gitlab. The
"persistent" name-id format guarantees uniqueness.

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
 2022-05-11 18:39:05 +00:00
Kevin Fenzi
7aa6310cc0 we are no longer frozen 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-11 11:16:58 -07:00
Kevin Fenzi
3289c63588 bastion / opendkim: set mx2.redhat.com in opendkim PeerList 
Right now we are getting emails from redhat.com addresses and verifying
DKIM and stripping it off and sending on. We should leave redhat.com
emails coming from mx2.redhat.com alone so their own DKIM will still be
on the emails. This hopefully will allow these emails to be accepted by
google on the other side. Right now they don't have the signature so
google thinks they are trickery.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-11 10:51:33 -07:00
Pierre-Yves Chibon
34d6657bc1 Drop the override for user lef - no longer in use 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2022-05-11 14:12:14 +02:00
Kevin Fenzi
16669b17c3 pkgdb/gnome-software: Set f36 to be 'active' instead of 'in development' 
This should allow gnome-software users to see the dist upgrade to 36
from both f34 and f35. It's staggered/randomized, so they don't all
upgrade at once.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-10 06:20:38 -07:00
Mark O Brien
6f75d92c5b correct mac for vmhost-p09-copr01 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2022-05-10 11:44:53 +01:00
Mark O Brien
c89c665d29 add vmhost-p09-copr01 host vars 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2022-05-10 11:39:15 +01:00
Kevin Fenzi
2c060727f6 dnf-automatic / builders: don't allow dnf-automatic to upgrade git for now 
git 2.35.3 broke buildSRPMFromSCM tasks, we want to downgrade back to
2.35.1 for now until it's fixed in koji.
See https://pagure.io/koji/issue/3351 and
https://pagure.io/fedora-infrastructure/issue/10677

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-09 22:32:02 +00:00
Tomas Hrcka
7eb8bbea26 Use fedora 36 key to sign stable IOT release 
Signed-off-by: Tomas Hrcka <thrcka@redhat.com>
 2022-05-09 18:27:42 +00:00
Mark O Brien
34015f4af9 add vmhost-p09-copr01 to inventory 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2022-05-09 18:16:51 +01:00
Michal Konečný
f39ca74d9c [the-new-hotness] Update notification template 
Updating for staging with the latest changes
https://github.com/fedora-infra/the-new-hotness/pull/455

Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2022-05-09 14:54:39 +02:00
Tomas Hrcka
587bbd59f7 F36 is GA 
Signed-off-by: Tomas Hrcka <thrcka@redhat.com>
 2022-05-06 13:31:13 +00:00
Kevin Fenzi
f4484019c8 proxy / stg: make sure zabbix uses stg website in stg 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-05 17:23:11 -07:00
Michal Konečný
04f4298546 [the-new-hotness] Add new topic to consume 
The `anitya.project.version.update` is deprecated in Anitya message schema,
let's consume `anitya.project.version.update.v2` instead. For now this is only
consumed by staging instance, but will be consumed by production instance as
well on next hotness release.

Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2022-05-05 18:10:27 +02:00
Michal Konečný
5d8b5f7bb1 [the-new-hotness] Apply changes to configuration for staging 
Update the message template to latest version.
Schema is no longer part of the-new-hotness repository, they are installed by
pip instead.

Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2022-05-05 17:53:00 +02:00
David Kirwan
f8e34681a9 flask-oidc: updating flask-oidc-dev app to use test-auth fork. 
Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
Signed-off-by: James Richardson <jamricha@redhat.com>
Signed-off-by: Vipul Sidharth <sidharthvipul1@gmail.com>
 2022-05-05 11:26:26 +01:00
Aurélien Bompard
5529a3450e
Fixup 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-05 12:10:55 +02:00
Aurélien Bompard
c8ca0b524a
Use a more recent python 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-05 12:02:32 +02:00