WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-20 03:57:02 +08:00
Code Issues Packages Projects Releases Wiki Activity
45,334 Commits 9 Branches 0 Tags
0d56b527a6ce27e428d0538052ad4454e67eb7c8
Commit Graph

396 Commits

Author SHA1 Message Date
Ryan Lerch
1d6aa6f15a [webhook2fm] fix typo from 8a61479d64 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2026-02-04 11:18:10 +10:00
Ryan Lerch
8a61479d64 [webhook2fm] update staging rediurect URIs 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2026-02-04 11:06:52 +10:00
Kevin Fenzi
5091fd4373 ocp-rdu3: retire this host/proxy/cert now that we are moved 
There's no need to keep ocp-rdu3 around anymore, we only used
it when we were moving datacenters last year.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-01-30 10:35:10 -08:00
Aurélien Bompard
72fad29431 Ipsilon: fix the GNOME Damned Lies redirect URL 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2026-01-30 13:03:59 +01:00
Kevin Fenzi
a754144f19 Update infra pagure.io links to forge.fp.o (WIP) 
This should update all the references we have to
https://pagure.io/fedora-infrastructure to the
new https://forge.fedoraproject.org/infra/tickets/ area.

Do not merge this before the migration on tuesday.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-01-20 14:39:40 -08:00
Michal Konecny
867111750e [ipsilon] Add OIDC entry for GNOME Damned Lies 
Add staging OIDC entry to ipsilon for GNOME Damned Lies. See more info
in https://pagure.io/fedora-infrastructure/issue/13017.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2026-01-20 15:16:48 +01:00
Adam Williamson
021c63e9df Update some Forgejo-migrated repo URLs 
Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2026-01-09 18:51:10 -08:00
David Kirwan
6a12544029 forgejo: modifying ipsilon config for the staging dist-git instance 
Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
 2025-12-19 13:34:53 +00:00
David Kirwan
53e01287bb forgejo: update ipsilon with the correct temporary hostname for callback 
Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
 2025-12-19 13:26:46 +00:00
David Kirwan
27186ed2cf forgejo: distgit staging config for ipsilon 
Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
 2025-12-10 14:16:14 +00:00
Michal Konecny
aa81d9a1c9 [ipsilon] Fix jinja2 template 
Missing endif caused it to fail during playbook run. This should fix it.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2025-11-21 11:44:00 +01:00
Michal Konecny
a08cbb190f [ipsilon] Separate openID instance on production 
This will apply the changes done for staging on production and
introduces ipsilon03 machine, which will be OpenID only.
 2025-11-18 14:27:58 +01:00
Michal Konecny
ba209ee7df Fixes for OpenID only ipsilon instance in staging 
After some troubleshooting I was finally able to fix the OpenID
authentication on staging. These are the changes I ended up deploying to fix
the remaining issues.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2025-11-03 09:33:32 +00:00
Michal Konecny
446e63e6c6 [ipsilon] Check if the variable is defined first 
Check if the openid variabled defined first, otherwise the playbook will fail.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2025-10-03 13:53:06 +02:00
Michal Konecny
6cbcc82f53 [ipsilon] Add OpenID banner 
This will add OpenID banner to ipsilon instance that is set as OpenID only.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2025-10-03 13:24:55 +02:00
Michal Konecny
f1213c4af8 [ipsilon] Fix nesting in jinja template 
I hope this is the last one.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2025-10-02 13:50:16 +02:00
Michal Konecny
99bebc403e [ipsilon] Fix jinja2 nesting 
This time it should be correct.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2025-10-02 13:30:56 +02:00
Michal Konecny
ebaab04a7b [ipsilon] Add missing endif 
Nesting with jinja2 is somewhat not visible at first glance.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2025-10-02 13:11:03 +02:00
Michal Konecny
3ff5d4fc8b [ipsilon] Enable openid again on production 
I forgot to specify that the changes are only for staging now, so it
disabled OpenID on production when the playbook was played. Let's fix that.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2025-10-02 12:54:50 +02:00
Michal Konecny
b8a41de30e [ipsilon] Fix ansible-lint errors 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2025-10-02 10:09:22 +02:00
Michal Konecny
ca04c6d41a [ipsilon] Use different repo URL 
The current repo URL was evaluated as
https://pagure.io/fedora-infra/ipsilon-fedora.git/ which returns 404 on
pagure.io. Let's use just the
https://pagure.io/fedora-infra/ipsilon-fedora, which works even with the
added / at the end.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2025-10-02 07:40:48 +00:00
Michal Konecny
825069860a [ipsilon] Add OpenID header 
The ipsilon instance with disabled OpenID authentication still needs to
sent the header for OpenID in response so the authentication could
continue with different instance.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2025-10-02 07:25:34 +00:00
Michal Konecny
a9ef982c03 [ipsilon] Check if variable is defined first 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2025-09-25 14:35:57 +02:00
Michal Konecny
4592e463f4 Setup ipsilon02 as OpenID only instance 
This will split the ipsilon config to OpenID and everything else.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2025-09-25 14:17:08 +02:00
Ryan Lerch
9ea5295dca [forgejo] update oauth config to match brand better 
resolves: https://codeberg.org/fedora/forgejo-deployment/issues/144

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-08-21 18:48:30 +10:00
David Kirwan
da2c3cc7bb forgejo: update the ipsilon config for forgejo staging 
Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
 2025-08-20 15:53:15 +00:00
Aurélien Bompard
34f4f8d119 Webhook2fedmsg: Allow the UI's OIDC callback URL 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-08-18 14:45:56 +02:00
Akashdeep Dhar
651b58cee2 badges: add client config for UI revamp testing 
Signed-off-by: Akashdeep Dhar <akashdeep.dhar@gmail.com>
 2025-08-12 07:31:16 +00:00
Greg Sutcliffe
ea4f07c9d7 Revert "Zabbix: Add ipsilon oidc entry for zabbix-stg" 
Zabbix uses SAML, not OIDC, which I misunderstood

Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-07-17 12:20:23 +01:00
Greg Sutcliffe
978916004d Zabbix: Add ipsilon oidc entry for zabbix-stg 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-07-16 10:23:31 +01:00
Akashdeep Dhar
c319941db9 Add client config for W2FM UI test environment 
Signed-off-by: Akashdeep Dhar <akashdeep.dhar@gmail.com>
 2025-07-10 05:16:44 +00:00
Aurélien Bompard
56fb57934b Ipsilon: adjust rewrite rule because apache now adds the / prefix 
Fixes: https://pagure.io/fedora-infrastructure/issue/12624

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-07-07 16:36:42 +02:00
Aurélien Bompard
82b4bb3b4e Change the fedocal OIDC callback URL 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-07-07 12:14:00 +02:00
Francois Andrieu
fb5f6de876 add ocp-rdu3.stg oauth config 2025-06-26 13:10:55 +02:00
Michal Konecny
302e329a54 [ipsilon] Remove secret from w2fm entry for staging 
w2fm doesn't need a secret as it's client application and doesn't use SSO.
 2025-06-03 16:33:36 +02:00
Aurélien Bompard
bcd821a69f Fix typo 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-06-02 14:30:01 +02:00
Akashdeep Dhar
057e02bd1e Add client config for W2FM test environment 
Signed-off-by: Akashdeep Dhar <akashdeep.dhar@gmail.com>
 2025-05-29 09:36:41 +00:00
Michal Konecny
dd230cc1ef [ipsilon] Add toddlers OIDC entry 
Toddlers will not be a standard OIDC client, but we need it to preserve
the toddlers tokens in db-fas01.stg.
 2025-05-22 13:26:00 +02:00
Michal Konecny
9a04135442 [ipsilon] Add blockerbugs OIDC entry 
https://pagure.io/fedora-infrastructure/issue/12516
 2025-05-07 14:47:34 +02:00
Michal Konecny
33c846b516 [ipsilon] Fix redirect URL for staging libravatar 2025-04-24 13:48:03 +02:00
Michal Konecny
a76d88a1f6 [ipsilon] Add libravatar entry for staging 
https://pagure.io/fedora-infrastructure/issue/12493
 2025-04-17 15:57:44 +02:00
Michal Konecny
3a612a4230 [ipsilon] Add OIDC entry for testdays app 
https://pagure.io/fedora-infrastructure/issue/12490
 2025-04-17 13:34:21 +00:00
Adam Williamson
a23c9df05a Make ipsilon static config file public (staging), clean it up 
The only secrets in this file, AFAIK, are the client secrets.
Most of those are already defined as secret variables for the
plays in this repo that deploy the services to use.

So instead of duplicating most of the secrets, and keeping this
file in the private repo where we can't do PRs and editing it is
awkward, let's just make all the client secrets be variables,
and make this file public.

For all the cases where a secret wasn't already defined as a
variable, I've added it, so this should work as-is.

Note that the use of `flask_oidc_dev_stg_oidc_client_secret`
twice is not an error in this PR; that secret was reused for
the staging community blog client config. I have reported this
at https://pagure.io/fedora-infrastructure/issue/12161#comment-963303 .

This also removes the client configurations for several services
which no longer exist.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2025-03-31 23:07:01 +00:00
Adam Williamson
4cd3765cd0 ipsilon: drop obsolete config for beaker and dead bugzillas 
We haven't had a beaker since 2018 or so, and none of these
various staging/test/dev bugzilla instances exist any more.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2025-03-28 18:04:30 +00:00
Kevin Fenzi
58bbbca299 ipa: make sure a bunch of calls do not log sensitive data 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-03-20 14:48:12 -07:00
Michal Konecny
6428f8f772 Sunset github2fedmsg and fedmsg 
This commit is removing all the fedmsg related stuff from ansible
repository.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2025-02-13 10:08:51 +00:00
Michal Konecny
2ec055db6f Use first uppercase letter for all handlers 
This will unify all the handlers to use first uppercase letter for
ansible-lint to stop complaining.

I went through all `notify:` occurrences and fixed them by running
```
set TEXT "text_to_replace"; set REPLACEMENT "replacement_text"; git grep
-rlz "$TEXT" . | xargs -0 sed -i "s/$TEXT/$REPLACEMENT/g"
```

Then I went through all the changes and removed the ones that wasn't
expected to be changed.

Fixes https://pagure.io/fedora-infrastructure/issue/12391

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2025-02-10 20:31:49 +00:00
Kevin Fenzi
13266214d2 ipa / handlers: Fix call to 'restart sssd' that is now 'Restart sssd' 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-01-15 16:36:11 -08:00
Ryan Lerch
47c68f478d ansiblelint fixes - fqcn[action-core] - template to ansible.builtin.template 
Replaces references to template: with ansible.builtin.template

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-15 11:30:29 +10:00
Ryan Lerch
3c41882bb0 ansiblelint fixes - fqcn[action-core] - shell to ansible.builtin.shell 
Replaces references to shell: with ansible.builtin.shell

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-15 11:29:10 +10:00