ansible

33934 commits 9 branches 0 tags 110 MiB

Author	SHA1	Message	Date
Nils Philippsen	dbbf94a411	ipa/client: configure global shell access and sudo Almost global anyway, i.e. inside the VPN. The ipa/client-based shell access and sudo rules are only effective for staging right now, the respective playbook bits are masked out for prod. - Assign Ansible host groups to IPA host groups, the latter don't care about 'stg' in the name and use dashes rather than underscores. - Distill shell access groups from fas_client_groups in group and host vars. - Let all `sysadmin-` groups in the previous list run anything via sudo in the host group (except bastion & batcave). - Remove `fas_client_groups` from staging host and group vars. - Remove sudoers from staging host and group vars if only `sysadmin-` groups have shell access. - Set up `ipa_client_shell_groups` on bastion to be a super set of the same on batcave. Newly created IPA host groups: - autosign - badges - basset - bastion - batcave - blockerbugs - bodhi - bugzilla2fedmsg - busgateway - datagrepper - dbserver - dns - fedimg - github2fedmsg - ipa - kernel-qa - kerneltest - kojibuilder - kojihub - kojipkgs - logging - mailman - memcached - mirrormanager - nagios - notifs - oci-registry - odcs - openqa - openqa-workers - osbs - packages - pdc-web - pkgs - proxies - rabbitmq - releng-compose - resultsdb - secondary - sign-bridge - sundries - value - wiki Signed-off-by: Nils Philippsen <nils@redhat.com>	2021-02-01 22:23:41 +00:00
Adam Williamson	95f062c07a	openQA: allow all workers NFS write access, other tweaks The main goal of these changes is to allow all workers in each deployment NFS write access to the factory share. This is because I want to try using os-autoinst's at-job-run-time decompression of disk images instead of openQA's at-asset-download-time decompression; it avoids some awkwardness with the asset file name, and should also actually allow us to drop the decompression code from openQA I think. I also rejigged various other things at the same time as they kinda logically go together. It's mostly cleanups and tweaks to group variables. I tried to handle more things explicitly with variables, as it's better for use of these plays outside of Fedora infra. Signed-off-by: Adam Williamson <awilliam@redhat.com>	2020-11-05 16:10:32 -08:00

Author

SHA1

Message

Date

Nils Philippsen

dbbf94a411

ipa/client: configure global shell access and sudo

Almost global anyway, i.e. inside the VPN.

The ipa/client-based shell access and sudo rules are only effective for
staging right now, the respective playbook bits are masked out for prod.

- Assign Ansible host groups to IPA host groups, the latter don't care
  about 'stg' in the name and use dashes rather than underscores.
- Distill shell access groups from fas_client_groups in group and host
  vars.
- Let all `sysadmin-*` groups in the previous list run anything via sudo
  in the host group (except bastion & batcave).
- Remove `fas_client_groups` from staging host and group vars.
- Remove sudoers from staging host and group vars if only `sysadmin-*`
  groups have shell access.
- Set up `ipa_client_shell_groups` on bastion to be a super set of the
  same on batcave.

Newly created IPA host groups:
- autosign
- badges
- basset
- bastion
- batcave
- blockerbugs
- bodhi
- bugzilla2fedmsg
- busgateway
- datagrepper
- dbserver
- dns
- fedimg
- github2fedmsg
- ipa
- kernel-qa
- kerneltest
- kojibuilder
- kojihub
- kojipkgs
- logging
- mailman
- memcached
- mirrormanager
- nagios
- notifs
- oci-registry
- odcs
- openqa
- openqa-workers
- osbs
- packages
- pdc-web
- pkgs
- proxies
- rabbitmq
- releng-compose
- resultsdb
- secondary
- sign-bridge
- sundries
- value
- wiki

Signed-off-by: Nils Philippsen <nils@redhat.com>

2021-02-01 22:23:41 +00:00

Adam Williamson

95f062c07a

openQA: allow all workers NFS write access, other tweaks

The main goal of these changes is to allow all workers in each
deployment NFS write access to the factory share. This is because
I want to try using os-autoinst's at-job-run-time decompression
of disk images instead of openQA's at-asset-download-time
decompression; it avoids some awkwardness with the asset file
name, and should also actually allow us to drop the decompression
code from openQA I think.

I also rejigged various other things at the same time as they
kinda logically go together. It's mostly cleanups and tweaks to
group variables. I tried to handle more things explicitly with
variables, as it's better for use of these plays outside of
Fedora infra.

Signed-off-by: Adam Williamson <awilliam@redhat.com>

2020-11-05 16:10:32 -08:00

Renamed from inventory/group_vars/openqa_common (Browse further)

2 commits