This commit creates a custom email address, `bt0@fp.o` to redirect to
@bt0dotninja's FAS email address. As folks who work with Alberto know,
his IRC/Matrix nick is `bt0` and frequently in chats and mailing lists,
his short-hand version of his name is used. So, as @nb did for me
previously with aliasing `jwf@fp.o` to @jflory7, I am doing the same for
@bt0dotninja.
Signed-off-by: Justin W. Flory (he/him) [Fedora Project] <jwf@fedoraproject.org>
This should only affect stg hosts.
We had set all of iad2 the same, prod and stg both.
We need to make sure stg resolves to stg hosts first.
This worked somewhat until now because we replace the resolv.conf on stg
hosts, but without this they are borken right after boot and until we
replace the resolv.conf and restart httpd or other services.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
For the maintainer_tests instances we just want to allow anyone with
shell access ability to sudo with no password. In this case asking for
password/tokens could provide a MITM attack vector. This matches up with
the way they were setup before with fas2.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This just makes it much harder to debug anything as it silently crashes.
With this, it will crash, show a stacktrace and still have a return code
different from 0.
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
Removes the batcave script, retrieve-security-question.py
which is no longer needed with Noggin / FreeIPA-FAS
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
We had a bunch of old el6 conditionals in here, and we have 0 el6
machines. We also now have some CentOS instances, so we shouldn't check
for RedHat or Fedora anymore. Also, everything is using the newer
openvpn now so no need to make sure the old one is stopped.
This should not affect the vast majority of hosts, but it should allow
the el7/el8-test instances vpns to actually work.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
We need to add these hosts to the vpn to use ipa for auth on them.
They are in the 192.168.100 network, which is the 'more restricted'
subnet of vpn. After the freeze we will probibly want to lock this down
more with a rule on all hosts except ipa* to reject everything from
them. In the mean time the firewall rules blocking most things should be
ok for now.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
We need this volume here also because this is where the cron job that
calculates the DIRECTORY_SIZES.txt file lives.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Our fedora_ftp volume is on an SSD aggregate thats running out of space.
So, lets move /pub/archive (17TB) off it on to it's own volume on a
SAS aggregate. archive gets less traffic that other releases, so it
shouldn't be a problem. This will mean however when we archive a release
it will cause a bunch of deletes and re-downloads for mirrors because we
can no longer hardlink content over and then delete it, but there is no
help for that.
I will also notify mirror-admins list about this pending action.
There shouldn't be any short term issues.
Once this PR is merged, we need to run playbooks, then go to a host with
rw access to fedora_ftp and rm the archive tree on it.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
