WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-27 03:52:09 +08:00
Code Issues Packages Projects Releases Wiki Activity
44,296 Commits 9 Branches 0 Tags
25ef9ffdaeccfcedea31411807bdab79b06fe180
Commit Graph

44296 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kevin Fenzi
25ef9ffdae ipa: fix typo in logrotate 
Seems this was missing a leading /, so it was not working.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-26 12:22:20 -07:00
Kevin Fenzi
cc1001c543 zabbix01: double memory 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-26 11:30:36 -07:00
Kevin Fenzi
8925ccf7e2 proxies / redirects: do not try and setup redirects for community sites in staging 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-26 08:40:27 -07:00
Greg Sutcliffe
144066c8f4 Zabbix/Postfix: Rules for postqueue using tmpfs 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-26 12:24:21 +01:00
Greg Sutcliffe
5957d2c832 Zabbix/Postfix: Rules for postfix_master 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-26 12:16:08 +01:00
Greg Sutcliffe
a7a2232e7b Zabbix/Postfix: Even more denials, sigh 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-26 12:07:55 +01:00
Greg Sutcliffe
4a97d2cbda Zabbix/Postfix: Add postqueue exec_no_trans 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-26 11:53:08 +01:00
Greg Sutcliffe
0496e663ed Zabbix/Postfix: Add postqueue execution 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-26 11:44:50 +01:00
Greg Sutcliffe
6c8b3337ac Zabbix/Postfix: Apparently postfix_etc_t needs open as well as read 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-26 11:36:04 +01:00
Greg Sutcliffe
a41c0a3546 Zabbix/Postfix: Add missing type for postfix_etc_t 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-26 11:25:07 +01:00
Greg Sutcliffe
224f21142d Zabbix/Postfix: Remove old pp file and add new exception for postfix_etc_t 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-26 11:19:41 +01:00
Greg Sutcliffe
abbb813f6e Zabbix/Postfix: Switch to handler-based local compilation of SELinux module 
We're hitting errors on older hosts because the precompiled module was
on too-new a policy version. This moves the compilation of the module
to the target, via handlers.

Right now this is hardcoded to the specific module in base/postfix, but
we can generalise it to compile all the various SELinux modules later on

Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-26 10:44:04 +01:00
Kevin Fenzi
f75f2c51c1 anubis: try and allow bodhi and badges rss feeds 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-25 16:09:27 -07:00
Kevin Fenzi
3c61b1ecab proxies / websites / getfedora.org: switch this to use a letsencrypt cert 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-25 15:24:02 -07:00
Kevin Fenzi
4d49d0841c ipsilon-website: disable for now 
This site is still pointing to iad2, and I can't find anyone who can
point it to rdu3, so I think it's going to just have to go away.

Disable for now, but if no one appears, we should delete it entirely,
as well as the openshift app that serves this website.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-25 15:07:30 -07:00
Kevin Fenzi
775d046d8f proxies / download: switch to new 2025 wildcard fedoraproject.org cert 
Switch from the 2024 one that expires in a bit to a new shiny one that
doesn't expire until next year.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-25 14:50:49 -07:00
Gregory Bartholomew
2c70b3b8d8 alt: redirect home page to the new fedoraproject.org/misc page (version 2) 
Signed-off-by: Gregory Bartholomew <gregory.lee.bartholomew@gmail.com>
 2025-09-25 21:18:10 +00:00
Pedro Moura
78abe4774e add tmpwatch back 
Signed-off-by: Pedro Moura <pmoura@redhat.com>
 2025-09-25 21:14:43 +00:00
Gregory Bartholomew
1531796df7 redirect fedoracommunity.org to fedoraproject.org 
also redirect {fr,it,tw}.fedoracommunity.org to their respective sites

closes https://pagure.io/fedora-websites/issue/936

Signed-off-by: Gregory Bartholomew <gregory.lee.bartholomew@gmail.com>
 2025-09-25 21:11:43 +00:00
Greg Sutcliffe
b4a6699e29 Zabbix: update thresholds for noisy services 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-25 16:18:07 +01:00
Michal Konecny
a9ef982c03 [ipsilon] Check if variable is defined first 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2025-09-25 14:35:57 +02:00
Michal Konecny
4592e463f4 Setup ipsilon02 as OpenID only instance 
This will split the ipsilon config to OpenID and everything else.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2025-09-25 14:17:08 +02:00
Greg Sutcliffe
d2a66a0bf4 Zabbix/Postfix: Ensure drop-in dir exists 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-25 12:00:16 +01:00
Michal Konecny
1c9468489a Add second ipsilon host for staging 
This is a test host to try deploy OpenID instance only.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2025-09-25 10:37:16 +00:00
David Kirwan
be7e59eb98 forgejo: configure crunchydata postgres cluster to prune backups 
Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
 2025-09-25 10:54:04 +01:00
Aurélien Bompard
3256e23b37 Datanommer: enable the cronjob in prod 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-09-25 11:06:32 +02:00
Ryan Lerch
1b1071c53c [forge] Configure user profiles to be public by default 
- Add DEFAULT_USER_VISIBILITY: public
- Add ALLOWED_USER_VISIBILITY_MODES: public
- Ensures all user profiles are publicly accessible
 2025-09-25 13:40:23 +10:00
Kevin Fenzi
1095db38bf proxies / badges: drop anubis here for now 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-24 18:11:40 -07:00
Kevin Fenzi
07eef522f4 proxies: drop tag on the task 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-24 17:11:43 -07:00
Kevin Fenzi
c8f5519169 proxies: set local_port_range to under 32k 
This works around a weird problem in rdu3. Proxies have connections to
kojipkgs timeout if the local port is over 32k. We aren't sure why this
happens yet, but this seems to work around the problem for now.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-24 17:08:02 -07:00
Kevin Fenzi
dc5f7ae379 proxies: disable anubis on internal proxies 
This should not have caused any issues, but I want to rule out it being
related to the 503 errors we have been seeing.

it also doesn't do any good to have enabled here as these proxies are
internal only and never would have browsers or crawlers hitting them.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-24 11:07:10 -07:00
Greg Sutcliffe
8141b597d5 Zabbix/Postfix: Add tags to SELinux module install so it actually runs 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-24 17:09:28 +01:00
Greg Sutcliffe
17f06ff65f Zabbix/Postfix: Compile the module on an older host so the policy version is compatible 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-24 16:55:30 +01:00
Greg Sutcliffe
325019aa3f Zabbix/Postfix: Update SELinux module to allow the agent to run mailq 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-24 16:47:20 +01:00
Greg Sutcliffe
4651ff72b8 Zabbix: Ensure Postfix role creates the Postfix hostgroup 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-24 15:27:18 +01:00
Greg Sutcliffe
a8d00abea1 Zabbix: Add monitoring to the base/postfix role 
This adds an example implementation of how to add Zabbix agent
monitoring to the Postfix role

There are 5 parts
    - The agent dropin file
    - The (optional) script the agent will call
    - A custom SELinux module to allow the agent to run it's tools
    - An API call to ensure the target template exists
    - An API call to add the host to the right template

See the PR for details on how this works...

Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-24 15:16:02 +01:00
Greg Sutcliffe
a11c879c3e Zabbix: enable Zabbix on autosign hosts 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-24 13:19:22 +01:00
Pavel Raiskup
ae33c9d0d4 copr: define cgit_uri template variable 
And provide updated httpd/conf.d/cgit.conf.
 2025-09-24 14:02:40 +02:00
Greg Sutcliffe
3df29fa809 Zabbix: Add default vars for RedHat-10 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-24 12:57:11 +01:00
Pavel Raiskup
a3460b720f copr-dist-git: host Cgit on a less obvious location 
My hypothesis is that web crawlers are especially attracted to the /cgit
string in the URL, assuming it leads to useful source code for AI
training.

In reality, our cgit instance isn't a valuable source for AI learning.
It primarily contains unstructured changes to spec files that often fail
to comply with guidelines.  It seems unlikely that a human is
intentionally directing AI crawlers to our instance.

I may be wrong, but the experiment is as simple as the change in this
commit.

Closes: https://github.com/fedora-copr/copr/issues/3873

P.S. On the off chance you actually want to use Copr's Git repos for AI
learning, you're welcome to!  But please reach out to us first—we can
find a better way for you to access all that data than using Cgit.

Closes: #2858
 2025-09-24 13:38:05 +02:00
Aashish Radhakrishnan
c7df6f7975 Add user gallen temporarily 
The user gallen would like to perform some tests in the coreos-ci stage
and fedora stage pipeline.
 2025-09-24 08:39:38 +00:00
Ryan Lerch
b3334f2cb4 [forge] Enable ONLY_SHOW_RELEVANT_REPOS UI setting 
- Set ONLY_SHOW_RELEVANT_REPOS to true to improve user experience
- Only shows repositories relevant to the user's context

Resolves: https://codeberg.org/fedora/forgejo-deployment/issues/172
 2025-09-24 14:58:00 +10:00
Ryan Lerch
814836e5c2 [forge] Add server team OIDC group-team mappings 
- Add forge-server-owners -> server Owners mapping
- Add server-wg -> server Members mapping
 2025-09-24 10:46:49 +10:00
Nick Bebout
c8aaf71b12 Fix Ben's commit 2025-09-23 18:57:02 -05:00
Ben Maconi
4bcf63ba93 added redirect for www.pagure.io to pagure.io 2025-09-23 18:35:49 -05:00
Greg Sutcliffe
c3af0e430a Zabbix: allow for specific agent config, add config for autosign01 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-23 14:35:04 +01:00
Greg Sutcliffe
b1d0f7c744 Nagios: remove datacenter key filtering 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-23 12:49:45 +01:00
Greg Sutcliffe
5339774faf Nagios: Revert change to staging template 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-23 11:30:31 +01:00
Greg Sutcliffe
049eca9a7f Fix Nagios checking of staging hosts 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-23 10:56:59 +01:00
Kevin Fenzi
2b1ac6a2df proxies / staging: switch to new wildcard cert for apps.ocp.stg.fedoraproject.org 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-22 13:48:32 -07:00