WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-20 03:57:02 +08:00
Code Issues Packages Projects Releases Wiki Activity
42,386 Commits 9 Branches 0 Tags
25391e95b72010bd5e2dfa6b9ed28d90f09b3d30
Commit Graph

307 Commits

Author SHA1 Message Date
Ryan Lerch
25391e95b7 ansiblelint fixes - fqcn[action-core] - package to ansible.builtin.package 
Replaces many references to  package: with ansible.builtin.package

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-15 11:28:00 +10:00
Ryan Lerch
462176464b ansiblelint fixes-- fqcn[action-core] - command to ansible.builtin.command 
Replaces many references to  command: with ansible.builtin.command

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-15 11:26:47 +10:00
Ryan Lerch
62952df107 ansiblelint fixes-- fqcn[action-core] - file to ansible.builtin.file 
Replaces many references to  file: with ansible.builtin.file

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-15 10:41:52 +10:00
Ryan Lerch
691adee6ee Fix name[casing] ansible-lint issues 
fix 1900 failures of the following case issue:

`name[casing]: All names should start with an uppercase letter.`

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-14 20:20:07 +10:00
Kevin Fenzi
ce1f5b02e6 ipa_client: on f40 there is no sssd user, so files are owned by root 
On rhel and f41+ there is a sssd user, so we should use that.
If we don't, sssd will change the ownership on restart, meaning we flip
it back and forth each time we run the playbook.

remember to remove this when fedora 40 is all gone from infra

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2024-12-10 14:43:47 -08:00
Kevin Fenzi
df36530d00 ipa_client: add tag for nss ignore file to allow globally updating it. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2024-12-10 14:01:54 -08:00
Kevin Fenzi
aaa29839fa ipa_client: the fedora-sss-ignore.conf file should be owned by sssd user/group 
We change this to root/root and then restart sssd and it changes it
back. So, lets do this right and let it be sssd/sssd.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2024-12-09 17:54:13 -08:00
Ryan Lerch
89f6f1fc32 Fix majority of remaining yamllint warnings and errors 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2024-11-28 17:31:45 +10:00
Kevin Fenzi
3a2623218d ipa client: filer out mysql user from ipa/ldap 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2024-11-20 16:48:40 -08:00
Kevin Fenzi
ae7be1e4e0 ipa: add a tag to fix the ipa re-writes 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2024-11-20 12:42:36 -08:00
Michal Konecny
3860204d34 [ipa/server] Add tags to logrotate config 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-11-07 14:15:35 +01:00
Michal Konecny
d85e39b488 [ipa/server] Correctly format the failure condition 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-11-07 14:07:38 +01:00
Michal Konecny
f1eae89e18 [ipa/server] Move the files to separate line 
It seems that the command module in argv is adding space at the start of
file name when it's not on it's own line.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-11-07 13:41:57 +01:00
Michal Konecny
a40c051f55 [ipa/server] Use full path to ldapmodify binary 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-11-07 13:26:43 +01:00
Michal Konecny
e2ca17657a [ipa/server] Wrap jinja2 parameter in string 
This should hopefully fix the "No such file or directory" error

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-11-07 11:54:45 +01:00
Michal Konecny
a1aaa3183c [ipa/server] Fix ipa_user for noggin user 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-11-07 11:54:45 +01:00
Michal Konecny
f21a270008 [ipa/server] Try to fix the deployment errors 
The answer from ipa03 is ignored, let's hope this will fix it.

The ipa_user module is returning "response user_mod: no modifications to
be performed", which should be OK, but it's treated like fatal error.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-11-06 19:46:48 +01:00
Michal Konecny
3883563303 [ipa/server] Disable yamllint checks 
We already checking yaml related errors with yamllint.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-11-06 19:25:06 +01:00
Michal Konecny
b86cb7dd7c [ipa/server] Add ipa_host to corresponding ipa roles 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-11-06 18:46:41 +01:00
Michal Konecny
e5b2f1afae [ipa/server] Split the long string 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-11-06 18:15:32 +01:00
Michal Konecny
c19563b3db [ipa/server] Use the correct parameters for ipa_user 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-11-06 18:09:14 +01:00
Michal Konecny
5bca4dcea3 [ipa/server] Use correct parameters for ipa_user module 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-11-06 16:56:13 +01:00
Michal Konecny
4a39c39740 [ipa/server] Don't split prompt for pause module 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-11-06 16:54:10 +01:00
Michal Konecny
2f94e51c2e [ipa/server] Fix another typo in module name 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-11-06 16:40:29 +01:00
Michal Konecny
606d446bd0 [ipa/server] Fix the module name typo 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-11-06 16:35:08 +01:00
Michal Konecny
5f6ad93f4f [ipa/server] Use the correct ipa module 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-11-06 16:22:45 +01:00
Michal Konecny
792bc60a8a [ipa/server] Fix ansible-lint errors 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-11-06 15:12:16 +00:00
Michal Konecny
b3a22d9049 [ipa/server] Add logrotate config for krb5kdc 
The log files for krb5kdc had around 1 GB each on ipa01.stg. To prevent this in
future let us replace the original config with one that is compressing the old logs.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-11-06 15:12:16 +00:00
Michal Konecny
f842d785d8 Revert "[ipa/server] Add KRA role to replicas as well" 
This reverts commit 03f57303e2.
 2024-10-11 18:00:55 +02:00
Michal Konecny
03f57303e2 [ipa/server] Add KRA role to replicas as well 
This should prevent error during backup:

```
Error: Local roles CA do not match globally used roles CA, KRA. A backup done on this host would not be complete enough to restore a fully functional, identical cluster.
```

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-10-11 16:55:35 +02:00
Michal Konecny
0e12908828 [ipa/server] Improve confirmation message 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-10-11 16:01:05 +02:00
Michal Konecny
207ad8f313 [ipa/server] Make the removing replication agreement real 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-10-11 15:36:01 +02:00
Michal Konecny
89a2b057a9 [ipa/server] Let's check what is being executed first 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-10-11 14:59:54 +02:00
Michal Konecny
10dc944bbf [ipa/server] Retrieve admin ticket before removing agreement 
Removing the replication agreement needs admin kerberos ticket. Let's obtain one
before removing the replication agreement.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-10-11 14:12:20 +02:00
Michal Konecny
141c44fe5b [ipa/server] Remove the replication agreement before installing replica 
The replica install will fail otherwise.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-10-11 13:46:39 +02:00
Michal Konecny
7c296fed36 [ipa/server] Add missing tags and remove debug output 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-10-11 13:05:43 +02:00
Michal Konecny
ad52399ecf [ipa/server] Save the results to other hosts in run 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-10-11 12:56:51 +02:00
Michal Konecny
76c167eba6 [ipa/server] Remove the when condition from pause 
It seems that the pause module skips every host if the first one is skipped by
when condition.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-10-11 12:45:13 +02:00
Michal Konecny
f7a8e2ecb1 [ipa/server] Run the confirmation dialog for every machine 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-10-11 12:23:08 +02:00
Michal Konecny
3425914190 [ipa/server] Save the confirmation for other hosts 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-10-11 11:57:37 +02:00
Michal Konecny
59824e4d8b [ipa/server] Use the prompt output for all servers 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-10-07 15:14:31 +02:00
Michal Konecny
f5ae5a017f [ipa/server] Save directly the value of the check 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-10-07 14:48:21 +02:00
Michal Konecny
35bba8046d [ipa/server] Add missing tags 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-10-07 14:36:18 +02:00
Michal Konecny
883cff055f [ipa/server] Ask for confirmation for all hosts 
Ansible `pause` module is only running once per playbook. This is a hacky way to
make it run for each host.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-10-07 12:30:23 +00:00
Michal Konecny
93ba5efa32 [ipa/server] Don't run ipa-replica-install for master node 
When introducing the new validation mechanism I accidentally removed check for
ipa_initial from ipa-replica-install. This commit is adding it back.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-10-07 12:52:09 +02:00
Michal Konecny
83d4dc9546 [ipa/server] Add confirmation prompt for ipa-replica-install 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-10-07 10:32:09 +00:00
Michal Konecny
6f8005c392 [ipa/server] Change how the check for ipa-replica-install is being done 
As found on in https://pagure.io/fedora-infrastructure/issue/12149 the current
method of checking if the ipa-replica-install have to be executed is not
reliable enough.

Let's instead check for log file that is created during the installation. This
will need manual intervention in case the ipa-replica-install needs to be run
again, but it will be much more reliable otherwise.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-10-07 10:32:09 +00:00
Kevin Fenzi
aa5c7bac75 ipa / client / sssd: add rawhide to filter and fix syntax error 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2024-07-17 18:05:41 -07:00
Michal Konecny
b8ea561123 [ipa/server] Remove RHEL 8 entries 
We only now run IPA on RHEL 9, so let's clean the playbook a little bit.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-07-11 12:15:13 +00:00
Pavel Raiskup
23275c26ea Revert "copr-hypervisor/ipa-client: debug variable" 
This reverts commit 9daef0d257.
 2024-02-13 00:04:20 +01:00