WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-13 14:19:54 +08:00
Code Issues Packages Projects Releases Wiki Activity
33,959 Commits 9 Branches 0 Tags
25ace56df7efec00cebdf43786b657c2b3053258
Commit Graph

7535 Commits

Author SHA1 Message Date
Nils Philippsen
dbbf94a411 ipa/client: configure global shell access and sudo 
Almost global anyway, i.e. inside the VPN.

The ipa/client-based shell access and sudo rules are only effective for
staging right now, the respective playbook bits are masked out for prod.

- Assign Ansible host groups to IPA host groups, the latter don't care
  about 'stg' in the name and use dashes rather than underscores.
- Distill shell access groups from fas_client_groups in group and host
  vars.
- Let all `sysadmin-*` groups in the previous list run anything via sudo
  in the host group (except bastion & batcave).
- Remove `fas_client_groups` from staging host and group vars.
- Remove sudoers from staging host and group vars if only `sysadmin-*`
  groups have shell access.
- Set up `ipa_client_shell_groups` on bastion to be a super set of the
  same on batcave.

Newly created IPA host groups:
- autosign
- badges
- basset
- bastion
- batcave
- blockerbugs
- bodhi
- bugzilla2fedmsg
- busgateway
- datagrepper
- dbserver
- dns
- fedimg
- github2fedmsg
- ipa
- kernel-qa
- kerneltest
- kojibuilder
- kojihub
- kojipkgs
- logging
- mailman
- memcached
- mirrormanager
- nagios
- notifs
- oci-registry
- odcs
- openqa
- openqa-workers
- osbs
- packages
- pdc-web
- pkgs
- proxies
- rabbitmq
- releng-compose
- resultsdb
- secondary
- sign-bridge
- sundries
- value
- wiki

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-01 22:23:41 +00:00
Nils Philippsen
c994c4e5cd Create badges, badges_stg groups 
This is to have unified IPA client configuration for badges hosts.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-01 22:23:41 +00:00
Nils Philippsen
54b72eba2c Remove obsolete Ansible group var files 
- buildaarch74, buildarm, buildarm_stg
- copr_front, copr_front_dev, copr_front_stg
- dhcp
- faf_stg
- fas, fas_stg
- fedocal, fedocal_stg
- lockbox
- mirrorlist2, mirrorlist2_stg
- nuancier, nuancier_stg
- postgresql_server
- resultsdb_iad_prod

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-01 22:23:41 +00:00
Nils Philippsen
d6cdeb7aea Consistency: releng_stg -> releng_compose_stg 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-01 22:23:41 +00:00
Nils Philippsen
ba3ed42158 koji_stg: Remove obsolete sudo special case 
User `mizdebsk` is a member of group `sysadmin-main` now.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-01 22:23:41 +00:00
Nils Philippsen
773e025939 bastion: Remove access for modularity-wg group 
We have `sysadmin-mbs` now which should cover all people needing access.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-01 22:23:41 +00:00
Mark O'Brien
326728414d update proxy35 hostvars 2021-02-01 22:07:12 +00:00
Stephen Smoogen
2ed114aafd add new duke ip address to the download groups 2021-02-01 14:07:13 -05:00
Brendan Reilly
ad3cefb8a7 Add mbs_frontend boolean 2021-01-29 12:58:56 -05:00
Brendan Reilly
2ce9d8e8d3 MBS uses SSL auth for celery 2021-01-28 14:16:24 -05:00
Brendan Reilly
8ed43bb25e Fix MBS frontend configuration 2021-01-28 12:05:50 -05:00
Brendan Reilly
a00708b19b Updated playbooks for MBS v3 deployment 2021-01-27 12:36:04 -05:00
Kevin Fenzi
1a7da5c045 Move armv7 builders back to f32 and GA kernel. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-25 09:49:34 -08:00
Kevin Fenzi
8d2a5e0305 add highmem=off again 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-24 19:42:40 -08:00
Kevin Fenzi
c8031223fb Try and install 32bit arm builders in stg with uefi and f32 and f32 release kernel 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-24 17:25:50 -08:00
Kevin Fenzi
4cb77b2966 Revert "virt instance create: put old armv7 install setup back in stg" 
This reverts commit a34ef07de9.
 2021-01-24 14:39:46 -08:00
Kevin Fenzi
a34ef07de9 virt instance create: put old armv7 install setup back in stg 
Will re-install a bulder without uefi and see if that matters any for
our memory management woes.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-24 10:44:13 -08:00
Nils Philippsen
a64e758ccf Configure IPA host group for MBS 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-01-22 16:05:16 +00:00
Kevin Fenzi
ca4d7dbf7c buildvm_armv7: drop mem down to just under 32gb 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-21 14:05:43 -08:00
Nils Philippsen
4016aca36c MBS stg: lists should be lists 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-01-21 12:59:14 +01:00
Nils Philippsen
5d5cc85d3a MBS stg: Give relevant groups sudo access 
These groups are allowed to run any command as any user on MBS
frontend/backend hosts in staging.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-01-21 12:36:12 +01:00
Nils Philippsen
eb6cca1aec MBS stg: remove FAS compatible variable 
The ipa/client role prefers ipa_client_shell_groups over
fas_client_groups, the variable used by the fas_client role, which isn't
applied to MBA frontend/backend hosts in staging.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-01-21 12:35:26 +01:00
Silvie Chlupova
45c6b2d5a3 copr: letsencrypt configuration for copr-fe production instance 2021-01-21 08:50:21 +00:00
Kevin Fenzi
21ca5bebe9 db01: backup resultsdb 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-20 12:00:34 -08:00
Pavel Raiskup
e67c8aca2b copr-be: propagate updated images to production 2021-01-20 09:41:53 +01:00
Pavel Raiskup
37c0246379 copr-be-dev: new images with updated swap 2021-01-19 16:03:37 +01:00
Kevin Fenzi
667d5aca4d fix typo in last commit 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-18 16:12:43 -08:00
Kevin Fenzi
1afc72d77f mbs / staging: sync fas and ipa ssh groups 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-18 16:08:49 -08:00
Kevin Fenzi
80d9c53b90 mbs: add ipa_client_shell_group to allow for stg ssh access. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-18 15:39:42 -08:00
Kevin Fenzi
74b513df72 Add seperate kickstart for arm 32 bit builders due to lpae kernel 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-18 15:32:39 -08:00
Kevin Fenzi
babf36a356 buildvm / aarch64/armv7: simplify host vars, drop armv7 special tasks in create, set group vars for f33 on all arm buildvms 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-18 14:46:55 -08:00
Pavel Raiskup
a2d65ff508 Move devel servers to elastic IPs, too 2021-01-18 14:58:58 +01:00
Matěj Grabovský
db96e95ded abrt: Update list of Fedora versions for retrace-server 2021-01-14 14:36:26 +01:00
Pavel Raiskup
c2f9f58813 copr-backend: unify dev/prod lighttpd configuration 
By syncing the devel instance with production (not vice versa).  The
exception is that I've dropped the trailing white-spaces in production
config.
 2021-01-10 21:37:15 +01:00
Kevin Fenzi
57a7a855b6 pagure / staging: increase disk to 50G 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-06 12:58:31 -08:00
Pavel Raiskup
7f54d9eb0a copr-hypervisor: allow copr people to ssh there? 2021-01-05 16:21:44 +01:00
Mark O'Brien
07d808f7f9 add aarch64-test01 to cloud inventory 2020-12-23 12:40:58 +00:00
Mark O'Brien
de0c23e293 maintainer-test: remove f31 and el6 as they are EOL 2020-12-23 11:39:33 +00:00
Mark O'Brien
86caab3af2 update aarch64 maintainer test vars 2020-12-21 12:48:34 +00:00
Mark O'Brien
d900232d89 osbs: staging ip tables 2020-12-18 11:33:50 +00:00
Kevin Fenzi
83dfeb4dac rabbitmq: bump memory to 4gb 
There's no reason to be singy on memory and this cluster is handling
more and more queues.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-12-15 09:17:58 -08:00
Miroslav Suchý
9133abed3b retrace: rename group var from retrace_stg to retrace_stg_aws 2020-12-15 10:36:21 +01:00
Jakub Kadlcik
9fd267a52d copr: update production builders (still F33 but updated image) 2020-12-13 00:09:11 +01:00
Jakub Kadlcik
3e783cadfc copr: update dev builders (still F33 but updated image) 2020-12-12 14:19:56 +01:00
Silvie Chlupova
92b95548c6 copr: set rpm_vendor_copr_name to Fedora Copr 2020-12-09 19:04:32 +00:00
Kevin Fenzi
26b9aadf4b inventory / builders: comment out buildhw-a64-07, it's dead jim. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-12-07 15:26:44 -08:00
Stephen Smoogen
4a0e428a4a Update rsync allows for download servers for tu-chemnitz.de hosts 
Currently the rsync control for various the tier0 download servers are
controlled by inventory/group_vars/download. These hosts are allowed
to get downloads days in advance. Control is done by adding them to a
template in the rsync file and controlled by an inventory file for the
download group. [TODO: this is obscure and needs a rethink. It also
uses host names versus ip addresses so we end up with changes like
this one where the reverse DNS name changed.]

Signed-off-by: Stephen Smoogen <ssmoogen@redhat.com>
 2020-12-07 11:32:05 -05:00
Jan Kaluza
f96df6a048 ODCS: Add compose_ci source to test possible compose-ci packages gating. 
The idea is that we will start minimal compose for every new
Koji build for package which appears in the boot.iso and therefore
can break its generation.

These composes will be built using ODCS on releng backend for now.

Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
 2020-12-07 08:42:03 +01:00
Kevin Fenzi
2b884126ac koji: move koji hubs to f33 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-12-06 14:47:49 -08:00
Kevin Fenzi
e44c1f28f5 buildvm: use f33 for ppc64le builders too 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-12-05 16:47:24 -08:00