Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
37181 commits 9 branches 0 tags 111 MiB
Commit graph

37181 commits

This branch
This branch
All branches
Author SHA1 Message Date
Stephen Smoogen
c10120cea2 Fix: splitter.py to put in hack from 2020 to deal with CentOS Stream using xz compression versus gz 2022-05-28 14:38:49 -04:00
Stephen Smoogen
284a8d91e2 Fix: grobisplitter scripts. You cant touch a datefile until after the directory is created 2022-05-28 10:23:50 -04:00
Jakub Kadlcik
4c4652a74a copr: allow pool ID to be specified via --pool or env variable 2022-05-28 10:00:36 -04:00
Stephen Smoogen
45d0034a8f copy takes up lots of disk space and is 2x slower. move back to hardlink 2022-05-28 09:39:47 -04:00
Jakub Kadlcik
eb1c4410e8 copr: make the libvirt-list --connection optional 2022-05-28 08:55:39 -04:00
Jakub Kadlcik
965039a738 copr: deploy resallocwebui only on devel instance 2022-05-28 08:01:35 -04:00
Aurélien Bompard
848170ce72
Too early for certbot, we need to update the DNS first 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-28 10:05:13 +02:00
Kevin Fenzi
0ec6623ba6 pkgs / dnf automatic: exclude mod_auth_openidc-2.3.7-11.module+el8.6.0+14082+b6f23e95 
This update seems to cause segfaults in https pushes.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-27 17:30:10 -07:00
Stephen Smoogen
8db4eb6564 make sure the timestamp file is the same for all arches in case koji freaks out 2022-05-27 20:29:20 +00:00
Stephen Smoogen
824654b955 Changes: Updates splitter.py to the one in upstream modules git repository. 
Removes the two stage process for building repositories
	 Sets all the files to the same timestamp.

Signed-off-by: Stephen Smoogen <ssmoogen@redhat.com>
 2022-05-27 20:29:20 +00:00
Stephen Smoogen
7c77f430dd First attempt to fix rhel8 splitter for multi-tree dirs. 2022-05-27 20:29:20 +00:00
Michal Konečný
37066f172f [the-new-hotness] Add redis deployment 
This PR adds redis service together with deployment config and updates the
configuration of the hotness to work with this new redis deployment.

This will now only work for the staging, but it doesn't break anything if
deployed on production.

Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2022-05-27 20:20:00 +00:00
Kevin Fenzi
a8ffd59c46 flatpak-indexer: update staging and move to ocp4 cluster 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-27 12:51:01 -07:00
Francois Andrieu
e92a87ebd5 mote_v2: lower resources request 2022-05-27 19:42:12 +00:00
Francois Andrieu
57f09e2618 mote_v2: use cephfs storageclass in staging 2022-05-27 19:42:12 +00:00
Francois Andrieu
a24722f830 mote_v2: use rhel9 based redis image 2022-05-27 19:42:12 +00:00
Aurélien Bompard
bb9f43dde1
Setup the proxies for the ipsilon website 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-27 21:28:43 +02:00
Adam Williamson
bf4f704096 openqa: improve how we do the git config thing 
The background to this is
https://bugzilla.redhat.com/show_bug.cgi?id=2073414 , in response
to which git was changed to die if a user runs git commands
on a repo which it doesn't own. In openQA, the test directory
is a git repo and openQA itself likes to run git commands on it,
but this is often going to be as a different user than the owner
of the directory. In fact on the worker hosts, the user that owns
the directory (geekotest on the server box) doesn't even exist.

This just sets the config by copying a file in place rather than
running a git command (which is hard to get to be idempotent) and
uses `/etc/gitconfig` so we don't wind up with a file in the
_openqa-worker user's home directory, which is meant to be empty.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2022-05-27 10:24:34 -07:00
Adam Williamson
3d148f5e7f openqa/worker: handle git 'safety' check for test dir 
Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2022-05-27 09:05:06 -07:00
Aurélien Bompard
f0d1656bae
Add webhook triggers for ipsilon-website 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-27 17:13:42 +02:00
Aurélien Bompard
1bc48f6751
Two routes can't have the same name 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-27 16:30:22 +02:00
Aurélien Bompard
e13e96056c
Fix Alembic integration in datanommer 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-27 16:10:42 +02:00
Aurélien Bompard
e05049f94d
Ipsilon website: set final route 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-27 16:10:42 +02:00
Michal Konečný
974a5be479 [the-new-hotness] Update to F36 on staging 
Update Fedora image to F36. Only for staging for now.

Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2022-05-27 12:52:35 +02:00
Adam Williamson
f869c0f643 Revert "openqa/worker: handle git 'safety' check for test dir" 
This reverts commit 34b3d3a5cc. On
second thoughts it's kinda ugly and I need to think about other
options...
 2022-05-26 15:23:13 -07:00
Adam Williamson
34b3d3a5cc openqa/worker: handle git 'safety' check for test dir 
Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2022-05-26 15:05:00 -07:00
Kevin Fenzi
19d2fbffbf inventory: add some power mgmt interfaces 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-26 10:24:12 -07:00
Kevin Fenzi
4c4be31afb ipsilon / staging: the wsgi is named differently in stg/f36? 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-25 17:42:30 -07:00
Kevin Fenzi
792f082750 Revert "ipsilon / staging: fixes for f36" 
This reverts commit 6d5911cc3c.

Turns out these are the way the new version installs. ;)
 2022-05-25 17:38:04 -07:00
Kevin Fenzi
0302040f3c proxies / reverseproxy / blockerbugs: have proxies return 421 for non iad2 access. 
This is the fun firefox h2 connection reuse bug. blockerbugs is only in
iad2, so if firefox tries to reuse a connection to another proxy for it,
just send it a 421 so it knows thats bad on it.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-25 17:29:37 -07:00
Kevin Fenzi
6d5911cc3c ipsilon / staging: fixes for f36 
The wsgi has changed from /usr/libexec/ipsilon/ipsilon.py to
/usr/libexec/ipsilon, so adjust wsgi and directory perms to handle that.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-25 16:58:17 -07:00
Kevin Fenzi
5b5b2c0b4d rsyncd: drop restarting xinetd handler for fedora hosts, it no longer exists 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-25 16:24:08 -07:00
Kevin Fenzi
053231784f ipsilon / staging: fix old firewall still using log01 ip from phx2 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-25 16:12:40 -07:00
Kevin Fenzi
742d1a4bcd nagios: readd ocp hosts so we can set them to only ping monitor 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-25 16:07:03 -07:00
Kevin Fenzi
133c9a8014 dhcp: fix openqa p09 worker mgmt ips 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-25 15:49:24 -07:00
Kevin Fenzi
14687fa862 inventory: re-add ocp hardware nodes, so we can ping monitor them with nagios. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-25 14:44:08 -07:00
Kevin Fenzi
d7a8c7aa57 nagios: only check mote on value01 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-25 13:25:00 -07:00
Aurélien Bompard
5561df1b1d
Initial attempt at hosting ipsilon-project.org. Not functional at the moment. 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-25 18:43:18 +02:00
Adam Williamson
b5be505576 openqa/server: don't hide ISO assets any more 
We were hiding these because in the past the only ISO assets
were those from the compose under test, and we wanted to avoid
people downloading them from openQA when we'd rather they get
them from dl.fp.o or the mirror system. But these days we have
tests that generate ISOs (update netinst and live image build
tests) and we often want to download the generated images to
test them locally.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2022-05-25 09:12:10 -07:00
Aurélien Bompard
c030ab4c77
Ipsilon needs an SELinux boolean to use python-pam 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-25 11:32:57 +02:00
Aurélien Bompard
b6390112af
amend last commit 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-25 11:22:57 +02:00
Aurélien Bompard
cd277a01d8
We now use PAM auth in Ipsilon 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-25 11:21:07 +02:00
Aurélien Bompard
61821fb1ba
Update ipsilon to 3.0.1 in prod 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-25 10:27:02 +02:00
Kevin Fenzi
33403e750e bastion: readd may tls for all non rh sites 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-24 17:46:04 -07:00
Kevin Fenzi
5cde748b58 releng: add local to make a local masher user instead of the ipa one. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-24 16:49:07 -07:00
Kevin Fenzi
a0177f971a compose-branched/rawhide: move to f36 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-24 16:09:50 -07:00
Kevin Fenzi
ebf2b27ab4 virt-install: switch all the unsafe ones to also set unmap for discard 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-24 16:09:18 -07:00
Kevin Fenzi
0e80237cce bodhi-backend01.stg: reinstall with f36 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-24 14:46:25 -07:00
Kevin Fenzi
caf5f130c8 bastion / postfix: clean up tls_policy duplicates 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-24 12:33:26 -07:00
Kevin Fenzi
a1af68173d bastion / postfix: disable tls_resue for now 
Something is broken with smtp_tls_connection_reuse = yes, so disable it
for now. Also, setup a tls_policy map file and tell it to not use tls
for mx2.redhat.com. The normal smtp connection reuse works just fine, so
this will keep mail flowing until we can one day figure out why tls
connection reuse is busted.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-24 12:24:30 -07:00