This will unify all the handlers to use first uppercase letter for
ansible-lint to stop complaining.
I went through all `notify:` occurrences and fixed them by running
```
set TEXT "text_to_replace"; set REPLACEMENT "replacement_text"; git grep
-rlz "$TEXT" . | xargs -0 sed -i "s/$TEXT/$REPLACEMENT/g"
```
Then I went through all the changes and removed the ones that wasn't
expected to be changed.
Fixes https://pagure.io/fedora-infrastructure/issue/12391
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
migrated notes from infra/hosts
motd changes; excluding CSI infos
removed csi_* vars from group_vars; converted csi_purpose & csi_relationship into notes
fixed merge conflicts
minor changes; var
updating YAMLs & playbooks
udpated YAMLs & playbooks again
updated correctly; buildhw.yml
fixing merge conflicts
dest added in motd.yml
fix 1900 failures of the following case issue:
`name[casing]: All names should start with an uppercase letter.`
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
dnf5 requires neither python3-rpm nor python3-dnf, so we cannot
assume they are installed (as they always were before). ansible's
package_facts needs python3-rpm (even in the latest upstream
version), so we at least need that. The ansible in rhel9 (which
is what's on batcave01 currently) does not support dnf5 at all,
so we need python3-dnf installed so it can use its dnf3/4
support. python3-dnf relies on python3-rpm, so we can just
check for and install python3-dnf. Once batcave01 is updated to
an ansible that supports dnf5 we won't need python3-dnf, but we
*will* still need python3-rpm.
Stuffing this in yumrepos.yml as it runs on everything, early,
and is packaging-related. We could make it a separate task but
then we'd need to make every playbook include it...
Signed-off-by: Adam Williamson <awilliam@redhat.com>
We don't have any python2 using virthosts left (except one)
so lets try dropping this special handling here and just let ansible
sort out that it should use python3.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Using `git grep el6` and `git grep el7` and variants like EL-7 or
el-7, I found various entries and files which were no longer needed
with the current ansible. I updated text or tests to later versions of
RHEL as needed.
found entries for the fedora ami's for the original cloud and removed
those entries also.
Signed-off-by: Stephen Smoogen <ssmoogen@redhat.com>
This removes osbs and allmost all it's associated playbooks and files.
It served long and well, but we no longer need it.
flatpaks are building with a koji-flatpak plugin.
base/minimal/toolbox containers are building with kiwi.
We aren't building any other containers right now, and we did they could
be added to kiwi.
This is the end of an era... I look with nostolga on
ansible-ansible-openshift-ansible (a role to setup ansible on a control
host and run it from our ansible).
Good bye osbs!
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
The old way of setting Fedora repos was not idempotent for
vmhost-p09-copr01.rdu-cc.fedoraproject.org (was considered both primary
and secondary). And it appears this would be the same for all Fedora
s390x/ppc64le boxes.
We run the playbook first against the `copr-be-temp.aws..`
inventory_hostname, and then once more against `copr-be.aws..`. We need
to re-sign the pub keys for the later run.
https://pagure.io/fedora-infrastructure/issue/11006
These instances served long and well as fallback resolvers for
dnssec-trigger. This is no longer needed or used, so lets remove them.
See https://pagure.io/fedora-infrastructure/issue/11415
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Since F35, the swap service started failing with:
kernel: BTRFS warning (device nvme0n1p5): swapfile must not be copy-on-write
swapon[2976986]: swapon: /swap: swapon failed: Invalid argument
swap.swap: Swap process exited, code=exited, status=255/EXCEPTION
It should be redundant and we observe strage things such as 4x
removing and adding ssh keys, having to manualy confirm "Are you sure
you want to continue connecting (yes/no/[fingerprint])?" and so
on. Let's try to disable the role.
Seems like either the RHEL 8 (batcave) or Fedora 35 system (Fedora Copr
Infra) prefers ed25519 keys over rsa, leading to weird auth problems:
TASK [allow root ssh connections] ***************************************************************************************************************************
Monday 29 November 2021 13:06:43 +0000 (0:00:00.314) 0:00:03.632 *******
Monday 29 November 2021 13:06:43 +0000 (0:00:00.314) 0:00:03.632 *******
fatal: [copr-be-dev.aws.fedoraproject.org]: UNREACHABLE! => {"changed": false, "msg": "Data could not be sent to remote host \"copr-be-dev.aws.fedoraproject.org\". Make sure this host can be reached over ssh: Certificate invalid: name is not a listed principal\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nIT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!\r\nSomeone could be eavesdropping on you right now (man-in-the-middle attack)!\r\nIt is also possible that a host key has just been changed.\r\nThe fingerprint for the ED25519 key sent by the remote host is\nSHA256:Cgs/aoJl9OJheAtZZ2CDiYx9ZeFMwD6dUYUJpPDTl58.\r\nPlease contact your system administrator.\r\nAdd correct host key in /root/.ssh/known_hosts to get rid of this message.\r\nOffending RSA key in /root/.ssh/known_hosts:21\r\nED25519 host key for copr-be-dev.aws.fedoraproject.org has changed and you have requested strict checking.\r\nHost key verification failed.\r\n", "unreachable": true}
This lets us move forward with the tomorrow's update. The previous
hack(s) were not OK.
We observed a situation when two keys were specified in known_hosts, and
only one was removed by the playbook. At least we think this is what is
actually happening.
