infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions
37160 commits 9 branches 0 tags 110 MiB
Commit graph

37160 commits

This branch
This branch
All branches
Author SHA1 Message Date
Pavel Raiskup
2be85a43eb copr-be-dev: valid ipv6 range for p09 box 2022-05-16 17:07:12 +02:00
Pavel Raiskup
46c086000f copr-backend-dev: typo in pools.yaml 2022-05-16 17:01:48 +02:00
Pavel Raiskup
7f53cc41f4 copr-be-dev: deploy the new Power9 machine for VMs 
De-prioritize the OSUOSL stack for Power9 now.
 2022-05-16 16:55:36 +02:00
Mark O Brien
5d5b7776d4 add tags for mirrors.centos.org 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2022-05-16 15:37:41 +01:00
Luca BRUNO
79dfafb454
coreos-cincinnati: drop old OCP3 staging cluster 2022-05-16 14:33:41 +00:00
Luca BRUNO
efddf3d8c6
coreos-cincinnati/staging: deploy latest master (895fa92) 2022-05-16 14:26:48 +00:00
Luca BRUNO
7f5bbe416e
coreos-cincinnati/staging: build latest master (895fa92) 2022-05-16 14:11:25 +00:00
Mark O Brien
75aadffd63 rename proxies_ocp4 hostgroup 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2022-05-16 15:08:17 +01:00
Pavel Raiskup
f03f6f421f copr-hypervisor: install the helpers repo via copr ansible plugin 
Because we already have the EPEL-8 chroot in Fedora Copr.
 2022-05-16 16:01:08 +02:00
Pavel Raiskup
05f41424e8 copr-hypervisor: install libvirt packages earlier 
... even libvirt-daemon
 2022-05-16 15:25:41 +02:00
Pavel Raiskup
8bb92a4d51 copr-hypervisor: re-enable FAS user script 
The original problem that led to disabling this task should be fixed
now.
 2022-05-16 15:13:15 +02:00
Mark O Brien
28db0aa10f update nagios checks for http-accounts for ocp4 proxies only 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2022-05-16 13:59:32 +01:00
Aurélien Bompard
b57ec0f90a
Migrate FASJSON to OCP4 in prod 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-16 13:22:27 +02:00
Aurélien Bompard
6c6792a231
Deploy the Noggin update to prod 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-16 10:34:09 +02:00
Kevin Fenzi
b77fdc9637 inventory / staging: switch staging default to mtu of 9000 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-15 13:14:03 -07:00
Kevin Fenzi
3dd582a36c nbde: mark hosts that do not have nbde correctly 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-15 12:34:54 -07:00
Kevin Fenzi
26f69a7ee2 inventory: switch all iad2 virthosts and guests to use 9000 mtu 
All the iad2 hosts are on 10GB network, so should be able to use 9000mtu.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-15 12:13:50 -07:00
Kevin Fenzi
6c343e9906 inventory: add some groups for guests and hosts 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-15 11:58:40 -07:00
Kevin Fenzi
be13248f7c inventory: be more concise 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-15 11:08:06 -07:00
Kevin Fenzi
df45f66004 inventory: also make stg be in iad2 group 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-15 11:05:40 -07:00
Kevin Fenzi
0ec3faf574 should be == instead of = 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-15 11:03:52 -07:00
Kevin Fenzi
9f5cc4eb8b inventory: change how iad domain is constructed. 
We can't use things that are not in the facts cache for this.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-15 11:01:42 -07:00
Kevin Fenzi
6d19254a96 inventory: see if we can make a constructed iad2 group 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-15 10:53:05 -07:00
Kevin Fenzi
90c3bdd90f fix typo with == comparison 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-13 12:20:34 -07:00
Kevin Fenzi
70dc97b732 drop local clevis role and replace with linux-system-roles.nbde_client 
The linux-system-roles.nbde_client does the right things and so one less
thing for us to maintain. It also avoids the problem we have on some
machines now where network interface names are not as the old clevis
role expected, so unlocking didn't work on boot. Hopefully this fixes
all those issues.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-13 12:10:25 -07:00
Aurélien Bompard
0b2bf34545
Deploy ACO on OCP4 in staging too 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-13 13:06:49 +02:00
Mark O Brien
90d6a7be09 add not staging to prod proxy block for coroes-cincinnati 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2022-05-13 11:54:36 +01:00
Mark O Brien
9336a3ce4e add proxy blocks for staging coroes-cincinnati 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2022-05-13 11:49:24 +01:00
Mark O Brien
f4f54f8809 use different nodes for staging updates-coroes-cincinnati 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2022-05-13 11:25:34 +01:00
Mark O Brien
415244f7e6 update routes for the rest of coreos-cincinnati to ocp4 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2022-05-13 10:55:02 +01:00
Aurélien Bompard
7bd5e01276
Fix the noggin gunicorn config 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-13 11:38:22 +02:00
Mark O Brien
b250adcce2 update routes for coreos-cincinnati to ocp4 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2022-05-13 10:29:50 +01:00
Aurélien Bompard
5cbf46d3b4
Move Noggin to OCP4 on staging 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-13 11:03:24 +02:00
Kevin Fenzi
80b61920c2 Revert "Install newer nbde_client collection from git." 
This reverts commit 3916970463.
 2022-05-12 18:28:35 -07:00
Kevin Fenzi
3916970463 Install newer nbde_client collection from git. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-12 18:27:08 -07:00
Kevin Fenzi
4bf6d41cc4 conjunction junction: whats your function? 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-12 17:55:30 -07:00
Kevin Fenzi
d1626cbb3f bvmhost-x86-04.stg: test replacing our janky clevis role with inux-system-roles.nbde_client 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-12 17:50:16 -07:00
Kevin Fenzi
ec6d71f911 bvmhost-x86-04.stg: try setting 9k mtu 
This host doesn't have any guests on it yet.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-12 17:27:33 -07:00
Michal Konečný
bc5e3e6f93 [Zuul] Add configuration file for ansible-lint 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2022-05-12 12:41:43 +00:00
Michal Konečný
9d9e2784d1 [Zuul] Use ansible lint instead ansible review 
Ansible review is no longer maintained upstream, let's use ansible lint instead.

Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2022-05-12 12:41:43 +00:00
Michal Konečný
c296ef0961 [Zuul] Migrate jobs to central repository 
This commit will migrate existing Zuul jobs to pagure.io/fedora-infra/zuul
repository.

This commit also removes one job that is no longer needed.

Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2022-05-12 12:41:43 +00:00
Kevin Fenzi
d7c84cd540 bodhi / backend: allow ftpsync user to read fedora-messaging config 
This should allow the updates sync script to again report when it's
syncing updates.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-11 18:29:01 -07:00
Adam Williamson
e6e0e2f42d openqa: set up for new resultsdb location and auth on lab 
This sets up the openQA lab instance to report to the new stg
instance of resultsdb, and use authentication. The scheduler
config file is now mode 0600 because it has a password in it.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2022-05-11 17:06:35 -07:00
Kevin Fenzi
6d1e07d599 proxies / reverseproxy / openqa: do this in a more sustainable way 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-11 15:45:14 -07:00
Kevin Fenzi
8d38f818e7 proxies / reverseproxy / openqa: drop unneeded conditional that is causing a syntax error 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-11 15:31:26 -07:00
Kevin Fenzi
63adb316a7 proxies / reverseproxy / openqa: make openqa on non iad2 proxies send a 421 
Due to http/2 connection reuse bugs, sometimes firefox will decide to
'reuse' a connection to fedoraproject.org for openqa.fedoraproject.org
(since they both have the same tls cert), but openqa is only available
from the 2 iad2 proxies, not all of them. This results in a 503 timeout
and it just not loading. This should make those reused connections get a
421 from proxies and reconnect to the proper ips. (we hope)

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-11 13:10:43 -07:00
Stephen Gallagher
7d26c4cde9 Use persistent SAML identifiers 
Using "unspecified" will always send just the user's (FAS) username,
which has been known to conflict with existing accounts on Gitlab. The
"persistent" name-id format guarantees uniqueness.

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
 2022-05-11 18:39:05 +00:00
Kevin Fenzi
7aa6310cc0 we are no longer frozen 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-11 11:16:58 -07:00
Kevin Fenzi
3289c63588 bastion / opendkim: set mx2.redhat.com in opendkim PeerList 
Right now we are getting emails from redhat.com addresses and verifying
DKIM and stripping it off and sending on. We should leave redhat.com
emails coming from mx2.redhat.com alone so their own DKIM will still be
on the emails. This hopefully will allow these emails to be accepted by
google on the other side. Right now they don't have the signature so
google thinks they are trickery.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-11 10:51:33 -07:00
Pierre-Yves Chibon
34d6657bc1 Drop the override for user lef - no longer in use 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2022-05-11 14:12:14 +02:00