Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
37446 commits 9 branches 0 tags 111 MiB
Commit graph

37446 commits

This branch
This branch
All branches
Author SHA1 Message Date
Kevin Fenzi
14687fa862 inventory: re-add ocp hardware nodes, so we can ping monitor them with nagios. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-25 14:44:08 -07:00
Kevin Fenzi
d7a8c7aa57 nagios: only check mote on value01 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-25 13:25:00 -07:00
Aurélien Bompard
5561df1b1d
Initial attempt at hosting ipsilon-project.org. Not functional at the moment. 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-25 18:43:18 +02:00
Adam Williamson
b5be505576 openqa/server: don't hide ISO assets any more 
We were hiding these because in the past the only ISO assets
were those from the compose under test, and we wanted to avoid
people downloading them from openQA when we'd rather they get
them from dl.fp.o or the mirror system. But these days we have
tests that generate ISOs (update netinst and live image build
tests) and we often want to download the generated images to
test them locally.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2022-05-25 09:12:10 -07:00
Aurélien Bompard
c030ab4c77
Ipsilon needs an SELinux boolean to use python-pam 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-25 11:32:57 +02:00
Aurélien Bompard
b6390112af
amend last commit 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-25 11:22:57 +02:00
Aurélien Bompard
cd277a01d8
We now use PAM auth in Ipsilon 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-25 11:21:07 +02:00
Aurélien Bompard
61821fb1ba
Update ipsilon to 3.0.1 in prod 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-25 10:27:02 +02:00
Kevin Fenzi
33403e750e bastion: readd may tls for all non rh sites 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-24 17:46:04 -07:00
Kevin Fenzi
5cde748b58 releng: add local to make a local masher user instead of the ipa one. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-24 16:49:07 -07:00
Kevin Fenzi
a0177f971a compose-branched/rawhide: move to f36 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-24 16:09:50 -07:00
Kevin Fenzi
ebf2b27ab4 virt-install: switch all the unsafe ones to also set unmap for discard 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-24 16:09:18 -07:00
Kevin Fenzi
0e80237cce bodhi-backend01.stg: reinstall with f36 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-24 14:46:25 -07:00
Kevin Fenzi
caf5f130c8 bastion / postfix: clean up tls_policy duplicates 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-24 12:33:26 -07:00
Kevin Fenzi
a1af68173d bastion / postfix: disable tls_resue for now 
Something is broken with smtp_tls_connection_reuse = yes, so disable it
for now. Also, setup a tls_policy map file and tell it to not use tls
for mx2.redhat.com. The normal smtp connection reuse works just fine, so
this will keep mail flowing until we can one day figure out why tls
connection reuse is busted.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-24 12:24:30 -07:00
Aurélien Bompard
8962731dbc
Don't use datetime.fromtimestamp yet 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-24 18:37:27 +02:00
Aurélien Bompard
e979a1955e Update the datanommer Nagios check to query datagrepper directly 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-24 16:17:14 +00:00
Kevin Fenzi
81771937c2 bastion / postfix: need to set session cache for tls connections and timeout 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-24 09:13:08 -07:00
Aurélien Bompard
e62e7b0b80
Fix the datanommer DB URL in alembic 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-24 07:02:29 +02:00
Kevin Fenzi
105cad26dc postfix / main.cf: fix releng and vpn config and drop phx2 
We fixed the config in a PR from aheath1992 for most of the machines,
but we need to fix vpn (proxies in particular) and releng boxes now.
Also, while we are here, lets drop the phx2 file since it's not used
anymore.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-23 16:43:01 -07:00
Kevin Fenzi
f178023895 notifs-backend / staging: more fixes for staging 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-23 15:49:51 -07:00
Kevin Fenzi
7cba0da13f notifs-backend / staging: try using the stg db in stg 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-23 15:39:11 -07:00
Kevin Fenzi
c679788f00 logview: 2to3 it and make sure it is using python3.8 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-23 13:04:17 -07:00
Kevin Fenzi
f7490bfd81 pagure: fix pagure_mirror.service 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-23 10:43:29 -07:00
Kevin Fenzi
b1395e9088 bastion / postfix: re-add missing smtp_connection_cache_destinations 
Without this it wasn't caching tls connections and was going over the
small limit redhat.com mx had. Hopefully this gets mail flowing again.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-23 08:44:36 -07:00
Aurélien Bompard
2050d7112b
Simplify the Bodhi playbooks 
It should not actually change anything on the hosts.

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-23 15:11:30 +02:00
Aurélien Bompard
95ed6285d1
Fix the database name to backup on db-datanommer02 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-23 12:20:22 +02:00
Kevin Fenzi
593356b520 ocp4: we need the control plane in inventory for vhost_reboot to do the right thing 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-22 15:52:27 -07:00
František Zatloukal
6350c8b9c4 oraculum: Try redis image from gcr 2022-05-21 11:48:50 +02:00
Jakub Kadlcik
8bacf413c2 copr: allow resalloc group to read /etc/resallocserver 2022-05-20 17:09:44 -04:00
Jakub Kadlcik
be0a649135 copr: fix with_items 2022-05-20 16:55:33 -04:00
Jakub Kadlcik
1847ad88bc copr: access for lighttpd worked but other users didn't 2022-05-20 16:50:41 -04:00
Jakub Kadlcik
dac9137f49 copr: deploy Resalloc WebUI 2022-05-20 16:31:54 -04:00
Kevin Fenzi
35a977170e ipa: set nolog back on 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-19 17:11:23 -07:00
Kevin Fenzi
ddffeebb63 proxies: drop ipv6 restart script 
Yesterdays fix: a script that restarted networking to bring back a ipv6
route on proxy11, causes:
Todays bug: restarting the interface every minute causes the nameserver
to burp and not find sundries01, so all the rsyncs fail. It seems to
handle this just fine now, so lets retire this glorious hack.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-19 16:31:30 -07:00
Kevin Fenzi
1c13d43c3b inventory: comment ocp4 hosts, we do not manage them from ansible so no need for them to be in there 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-19 16:10:39 -07:00
Kevin Fenzi
d539f9d26f inventory: do not include staging in iad2_staging as there are a few non iad2 hosts in it 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-19 15:57:57 -07:00
Kevin Fenzi
16f7765ba3 virthost: add back in nbde bool to stop it on non encrypted hosts 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-19 15:47:12 -07:00
Kevin Fenzi
9b55eed1dc buildvm-ppc64le-32: reinstall using default ks 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-19 15:41:57 -07:00
Kevin Fenzi
d2d98f5cdb inventory: cannot mix groups and hosts here 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-19 15:36:22 -07:00
Kevin Fenzi
da4bff1515 inventory: split out some more groups that mix iad2 and external 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-19 15:28:23 -07:00
Pavel Raiskup
97f17f4a35 copr-builders: fix c&p mistake in Power9 machine tags 2022-05-20 00:26:09 +02:00
Kevin Fenzi
26e161fa85 inventory: we have to split up 'builders' because it has s390x in it 
and the s390x builders are definitely not iad2.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-19 15:23:44 -07:00
Kevin Fenzi
d7af1f4123 inventory: try and setup iad2_production and iad2_staging groups 
This is needed because I want to override just the mtu setting from
group_vars/all, but I don't want to copy the network_connections block
to every host in iad2 to override it. Hopefully this will allow us to
override it on just iad2_production (staging is already actually set in
group_vars/staging, but for completeness we may want a staging group
someday here, so I went and added it.).

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-19 15:17:31 -07:00
Kevin Fenzi
47ccbd5e1b remove bvmhost-p08-01.stg 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-19 14:32:03 -07:00
Kevin Fenzi
98c47877b5 rhel9: drop collectd until it is in epel 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-19 14:25:24 -07:00
Kevin Fenzi
744b500f2f rhel9 / drop nagios_client for now until it is in epel 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-19 14:21:28 -07:00
Kevin Fenzi
32cf12de74 rhel9: rkhunter is not built yet 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-19 14:09:28 -07:00
Kevin Fenzi
544b6770f8 rhel9: drop mailx and telnet 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-19 14:05:11 -07:00
Kevin Fenzi
a02e57944f rhel9: disable advanced virt for now as it does not exist 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-19 14:02:39 -07:00