WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-12 19:06:39 +08:00
Code Issues Packages Projects Releases Wiki Activity
34,026 Commits 9 Branches 0 Tags
1fd16eb3e4e829d7a12fffa6db8e63b9767f73d8
Commit Graph

7545 Commits

Author SHA1 Message Date
Kevin Fenzi
1fd16eb3e4 fedocal: re-add group file and port 80 access. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-10 08:31:44 -08:00
Adam Williamson
b2ccba7324 D'oh, missed a comment tag 
Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2021-02-09 17:43:13 -08:00
Adam Williamson
5c23f90dba openqa: deploy new scratch os-autoinst build on lab workers 
Testing it out.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2021-02-09 17:38:25 -08:00
Stephen Smoogen
e4719bdedd make sure that resultsdb is using the IAD2 networks versus PHX2 ones 2021-02-09 19:14:45 -05:00
Kevin Fenzi
cb048328a1 resultsdb: fix db host in ansible playbooks for resultsdb 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-09 15:06:49 -08:00
Stephen Smoogen
8e73b7c5c5 fix the minimum for a guest to be enough to actually install a system 2021-02-08 13:33:25 -05:00
Kevin Fenzi
ce3181ae62 nuancier: open port 80 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-08 08:52:46 -08:00
Kevin Fenzi
dce4be062b nuancier: set wsgi vars for httpd role. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-08 07:58:18 -08:00
Kevin Fenzi
276c2d4f6f buildvm_armv7: switch back to f33 and uefi in staging 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-03 16:29:04 -08:00
Patrick Uiterwijk
163cbc5e9b zezere: back up database 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2021-02-03 12:57:58 +01:00
Nils Philippsen
dbbf94a411 ipa/client: configure global shell access and sudo 
Almost global anyway, i.e. inside the VPN.

The ipa/client-based shell access and sudo rules are only effective for
staging right now, the respective playbook bits are masked out for prod.

- Assign Ansible host groups to IPA host groups, the latter don't care
  about 'stg' in the name and use dashes rather than underscores.
- Distill shell access groups from fas_client_groups in group and host
  vars.
- Let all `sysadmin-*` groups in the previous list run anything via sudo
  in the host group (except bastion & batcave).
- Remove `fas_client_groups` from staging host and group vars.
- Remove sudoers from staging host and group vars if only `sysadmin-*`
  groups have shell access.
- Set up `ipa_client_shell_groups` on bastion to be a super set of the
  same on batcave.

Newly created IPA host groups:
- autosign
- badges
- basset
- bastion
- batcave
- blockerbugs
- bodhi
- bugzilla2fedmsg
- busgateway
- datagrepper
- dbserver
- dns
- fedimg
- github2fedmsg
- ipa
- kernel-qa
- kerneltest
- kojibuilder
- kojihub
- kojipkgs
- logging
- mailman
- memcached
- mirrormanager
- nagios
- notifs
- oci-registry
- odcs
- openqa
- openqa-workers
- osbs
- packages
- pdc-web
- pkgs
- proxies
- rabbitmq
- releng-compose
- resultsdb
- secondary
- sign-bridge
- sundries
- value
- wiki

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-01 22:23:41 +00:00
Nils Philippsen
c994c4e5cd Create badges, badges_stg groups 
This is to have unified IPA client configuration for badges hosts.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-01 22:23:41 +00:00
Nils Philippsen
54b72eba2c Remove obsolete Ansible group var files 
- buildaarch74, buildarm, buildarm_stg
- copr_front, copr_front_dev, copr_front_stg
- dhcp
- faf_stg
- fas, fas_stg
- fedocal, fedocal_stg
- lockbox
- mirrorlist2, mirrorlist2_stg
- nuancier, nuancier_stg
- postgresql_server
- resultsdb_iad_prod

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-01 22:23:41 +00:00
Nils Philippsen
d6cdeb7aea Consistency: releng_stg -> releng_compose_stg 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-01 22:23:41 +00:00
Nils Philippsen
ba3ed42158 koji_stg: Remove obsolete sudo special case 
User `mizdebsk` is a member of group `sysadmin-main` now.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-01 22:23:41 +00:00
Nils Philippsen
773e025939 bastion: Remove access for modularity-wg group 
We have `sysadmin-mbs` now which should cover all people needing access.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-01 22:23:41 +00:00
Mark O'Brien
326728414d update proxy35 hostvars 2021-02-01 22:07:12 +00:00
Stephen Smoogen
2ed114aafd add new duke ip address to the download groups 2021-02-01 14:07:13 -05:00
Brendan Reilly
ad3cefb8a7 Add mbs_frontend boolean 2021-01-29 12:58:56 -05:00
Brendan Reilly
2ce9d8e8d3 MBS uses SSL auth for celery 2021-01-28 14:16:24 -05:00
Brendan Reilly
8ed43bb25e Fix MBS frontend configuration 2021-01-28 12:05:50 -05:00
Brendan Reilly
a00708b19b Updated playbooks for MBS v3 deployment 2021-01-27 12:36:04 -05:00
Kevin Fenzi
1a7da5c045 Move armv7 builders back to f32 and GA kernel. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-25 09:49:34 -08:00
Kevin Fenzi
8d2a5e0305 add highmem=off again 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-24 19:42:40 -08:00
Kevin Fenzi
c8031223fb Try and install 32bit arm builders in stg with uefi and f32 and f32 release kernel 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-24 17:25:50 -08:00
Kevin Fenzi
4cb77b2966 Revert "virt instance create: put old armv7 install setup back in stg" 
This reverts commit a34ef07de9.
 2021-01-24 14:39:46 -08:00
Kevin Fenzi
a34ef07de9 virt instance create: put old armv7 install setup back in stg 
Will re-install a bulder without uefi and see if that matters any for
our memory management woes.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-24 10:44:13 -08:00
Nils Philippsen
a64e758ccf Configure IPA host group for MBS 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-01-22 16:05:16 +00:00
Kevin Fenzi
ca4d7dbf7c buildvm_armv7: drop mem down to just under 32gb 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-21 14:05:43 -08:00
Nils Philippsen
4016aca36c MBS stg: lists should be lists 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-01-21 12:59:14 +01:00
Nils Philippsen
5d5cc85d3a MBS stg: Give relevant groups sudo access 
These groups are allowed to run any command as any user on MBS
frontend/backend hosts in staging.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-01-21 12:36:12 +01:00
Nils Philippsen
eb6cca1aec MBS stg: remove FAS compatible variable 
The ipa/client role prefers ipa_client_shell_groups over
fas_client_groups, the variable used by the fas_client role, which isn't
applied to MBA frontend/backend hosts in staging.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-01-21 12:35:26 +01:00
Silvie Chlupova
45c6b2d5a3 copr: letsencrypt configuration for copr-fe production instance 2021-01-21 08:50:21 +00:00
Kevin Fenzi
21ca5bebe9 db01: backup resultsdb 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-20 12:00:34 -08:00
Pavel Raiskup
e67c8aca2b copr-be: propagate updated images to production 2021-01-20 09:41:53 +01:00
Pavel Raiskup
37c0246379 copr-be-dev: new images with updated swap 2021-01-19 16:03:37 +01:00
Kevin Fenzi
667d5aca4d fix typo in last commit 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-18 16:12:43 -08:00
Kevin Fenzi
1afc72d77f mbs / staging: sync fas and ipa ssh groups 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-18 16:08:49 -08:00
Kevin Fenzi
80d9c53b90 mbs: add ipa_client_shell_group to allow for stg ssh access. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-18 15:39:42 -08:00
Kevin Fenzi
74b513df72 Add seperate kickstart for arm 32 bit builders due to lpae kernel 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-18 15:32:39 -08:00
Kevin Fenzi
babf36a356 buildvm / aarch64/armv7: simplify host vars, drop armv7 special tasks in create, set group vars for f33 on all arm buildvms 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-18 14:46:55 -08:00
Pavel Raiskup
a2d65ff508 Move devel servers to elastic IPs, too 2021-01-18 14:58:58 +01:00
Matěj Grabovský
db96e95ded abrt: Update list of Fedora versions for retrace-server 2021-01-14 14:36:26 +01:00
Pavel Raiskup
c2f9f58813 copr-backend: unify dev/prod lighttpd configuration 
By syncing the devel instance with production (not vice versa).  The
exception is that I've dropped the trailing white-spaces in production
config.
 2021-01-10 21:37:15 +01:00
Kevin Fenzi
57a7a855b6 pagure / staging: increase disk to 50G 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-06 12:58:31 -08:00
Pavel Raiskup
7f54d9eb0a copr-hypervisor: allow copr people to ssh there? 2021-01-05 16:21:44 +01:00
Mark O'Brien
07d808f7f9 add aarch64-test01 to cloud inventory 2020-12-23 12:40:58 +00:00
Mark O'Brien
de0c23e293 maintainer-test: remove f31 and el6 as they are EOL 2020-12-23 11:39:33 +00:00
Mark O'Brien
86caab3af2 update aarch64 maintainer test vars 2020-12-21 12:48:34 +00:00
Mark O'Brien
d900232d89 osbs: staging ip tables 2020-12-18 11:33:50 +00:00