WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-26 03:23:08 +08:00
Code Issues Packages Projects Releases Wiki Activity
27,010 Commits 9 Branches 0 Tags
00a07f94e4f682e46d810a3b69080cde8bf18924
Commit Graph

607 Commits

Author SHA1 Message Date
Patrick Uiterwijk
efabd7f30f Fix this defaulting to a /8 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-24 20:54:14 +02:00
Stephen Smoogen
658a22035b remove fas03 from inventory and a LOT of config files where it was hard-coded 2019-05-23 22:53:51 +00:00
Kevin Fenzi
4b31ac5152 ansible: Change all our group names from foo-bar to foo_bar or foo-bar-baz to foo_bar_baz 
In ansible 2.8 the - character isn't supposed to be valid in group names.
While we could override this, might has well just bite the bullet and change it.
So, just switch all group names to use _ instead of -

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-05-20 17:38:09 +00:00
Kevin Fenzi
984f012358 sundries/virthost/base: fix a nummber of cases of a variable being used as a boot (now a warning) 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-05-18 00:00:15 +00:00
Kevin Fenzi
83c4734c43 fedorainfracloud / resolv.conf: remove old tummy unbound ip and replace with rdu2. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-05-10 18:48:48 +00:00
Kevin Fenzi
7e18ec152d mm-frontend-checkin01: add totpci to iptables so sudo will work. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-05-09 16:48:11 +00:00
Kevin Fenzi
80f5658820 base: Fix syntax on dnf command, it should just be the name in this case 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-05-01 22:40:28 +00:00
Kevin Fenzi
b86e4987b8 compose-x86_64-02: Drop compose-x86-02, it's not used for anything anymore. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-12 22:14:58 +00:00
Kevin Fenzi
4e51f101be base: Just change this to run on rhel7 and rhel6 only with yum. The next task works for fedora hosts. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-08 20:55:09 +00:00
Kevin Fenzi
fef0fcbc0e base: fix initial libselinux task to not run on python3 hosts as package: doesn't work there. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-08 20:51:14 +00:00
Kevin Fenzi
b6a8c7d5e5 base: only install policycoreutils-python-utils on f28+ 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-05 22:42:43 +00:00
Kevin Fenzi
4cd704e5fc syncHttpLogs.sh: remove also proxy07, which no longer exists. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-04 22:04:38 +00:00
Patrick Uiterwijk
c7debaf72d Add proxy101/110 to syncHttpLogs 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-04 23:46:02 +02:00
Patrick Uiterwijk
d7fa58f05c Allow nagios to proxy-only ports as well 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-03-29 00:59:47 +01:00
Patrick Uiterwijk
418c704a49 iptables: Use correct interface for correct side 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-03-29 00:32:15 +01:00
Patrick Uiterwijk
03f9a74f8d iptables: use datacenter==phx2 for vpn-detection 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-03-29 00:31:26 +01:00
Patrick Uiterwijk
a8ab545e11 iptables: also remove ansible_facts in prod iptables template 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-03-29 00:25:04 +01:00
Patrick Uiterwijk
63489a3ccb iptables: Try without ansible_facts 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-03-29 00:24:16 +01:00
Patrick Uiterwijk
661e5866c6 Proxy group in staging is named differently 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-03-29 00:19:16 +01:00
Patrick Uiterwijk
2a932db784 Add proxy-only ports to staging iptables 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-03-29 00:18:04 +01:00
Patrick Uiterwijk
030ea6df33 Allow adding proxy-only TCP ports to groups 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-03-29 00:15:05 +01:00
Patrick Uiterwijk
99eee653cc Capture internal proxies in synced HTTP logs 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-03-28 23:52:58 +01:00
Jakub Kadlčík
fee9bd85b7 Add smtpd_recipient_restrictions for copr according to main.cf 2019-03-11 21:18:25 +01:00
Stephen Smoogen
bb8924bf88 [rsyslog systemd] make the file conformant with larger file settings 2019-03-04 19:02:16 +00:00
Kevin Fenzi
f7391dd3fa base: You cannot have two when: clauses, just switch to one of them. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-02-20 01:11:51 +00:00
Kevin Fenzi
c3dc33cacc koji builders: we also want to allow port 80 connections to kojipkgs02. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-02-15 20:47:45 +00:00
Kevin Fenzi
b035dceff5 base/postfix: no need to make a hash here, regexp uses the normal file. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-02-13 18:21:25 +00:00
Kevin Fenzi
6a0a3994ce base/postfix: fix typo. It's regexp not regex. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-02-13 17:58:36 +00:00
Kevin Fenzi
8cd9d8750b base/postfix: convert sender map to a regex so we can reject emails with two @'s in From. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-02-13 17:54:47 +00:00
Kevin Fenzi
df6ecb8a7d base: do not try and install the global set on rhel8 beta yet. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-02-12 22:25:16 +00:00
Kevin Fenzi
ec716db512 base: do not try and install old policycoreutils name on rhel8 beta 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-02-12 22:21:54 +00:00
Patrick Uiterwijk
74adf3d61e Add maptype 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2019-02-07 09:12:11 +00:00
Patrick Uiterwijk
697e09fe7e Do a sender_access for mailman as well 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2019-02-07 09:03:51 +00:00
Patrick Uiterwijk
648c238cfe Add sender_access for mailman 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2019-02-07 09:03:51 +00:00
Mikolaj Izdebski
feeabd07b4 Add parentheses to workaround unexpected jinja2 operator precedence 2019-02-06 09:48:04 +01:00
Mikolaj Izdebski
16b878b802 Make base krb5.conf work with ansible_hostname unset 2019-02-06 09:46:34 +01:00
Mikolaj Izdebski
55bcab7042 Don't require facts gathered for installing base krb5.conf 2019-02-06 09:43:00 +01:00
Adam Williamson
d9db9714d8 Handle systems where the main if is not eth0 a bit better 
ifcfg.j2 has a pretty awkward assumption that the interface
connected to the infra network will be eth0 (or enc900) - it
only includes the GATEWAY, DOMAIN and DNS1/DNS2 lines if the
interface is one of those two. It seems we were trying quite
hard to make eth0 always be "the interface", but now that's
been broken in a few systems. enc900 was added as apparently
that's what the main interface is called on some s390 boxes;
on openqa-ppc64le-01 the if that's connected is eth2 (eth0 is
present, but not connected), and on the new qa01 and qa02, it's
em3 (according to smooge, we have to use 'predictable' interface
names on those boxes as the old names really *do* get assigned
to different interfaces on each boot).

So since we now have several different cases where the 'eth0'
assumption doesn't hold, let's build a slightly better system
for handling it. This replaces ifcfg.j2's hard-coded list with
a variable, and sets the default value of the variable to the
two names ifcfg.j2 handled before: [ 'eth0', 'enc900' ]. This
allows the systems where the main interface is *not* one of
these to set the variable accordingly, and hopefully that'll
give them correct ifcfg files.

This *should* solve the problem of openqa-ppc64le-01.qa and qa01
and qa02 constantly dropping out of network connectivity any
time they got rebooted or the network plays got run.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2018-12-15 11:09:49 -08:00
Adam Williamson
a3f2af5a8c openqa: tweak qa01 ethernet config stuff a bit 
Also, allow interface names starting with 'em' in the base
network stuff.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2018-12-14 19:05:20 -08:00
Stephen Smoogen
cc16f56e4f maybe this will make qa02 easier? 2018-12-15 01:14:59 +00:00
Stephen Smoogen
474d84d147 and we break more 2018-12-15 00:20:37 +00:00
Kevin Fenzi
eba72381f8 drop some mirrorlist related logs from rsyslog entirely 2018-12-14 20:09:36 +00:00
Kevin Fenzi
7b10fb8967 remove stray name: 2018-12-13 16:14:17 +00:00
Miroslav Suchý
5f1f04a417 rsyslog: replace obsolete syntax 
addressing:
error during parsing file /etc/rsyslog.d/rsyslog-limits.conf, on or before line 1: invalid character '[' - is there an invalid escape sequence somewhere?
 2018-12-13 11:25:41 +01:00
Miroslav Suchý
03aa9734f5 do not deploy rsyslog-audit.conf in cloud environment 
addressing: https://pagure.io/fedora-infrastructure/issue/7438
 2018-12-13 11:25:41 +01:00
Kevin Fenzi
4e20955cf7 fix postfix config on builders to fix dnf-automatic hangs 2018-12-01 22:31:12 +00:00
Mikolaj Izdebski
8da7c1ce6f iptables.kojibuilder is not used in staging 2018-11-30 07:23:12 +00:00
Mikolaj Izdebski
214f94d000 Configure varnish cache on buildvm-s390x-01.stg 2018-11-30 07:02:56 +00:00
Adam Williamson
2ad471f631 On second thoughts, let's have the quotes... 
Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2018-11-27 15:05:55 -08:00
Adam Williamson
e9f970c058 Try to correct broken 659650ef dnf loop fix 
@msuchy was trying to do something good, here, but didn't get
it quite right - base_pkgs_inst and base_pkgs_erase are already
lists. I think this should be the right way to do it.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2018-11-27 15:03:46 -08:00