WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-03 23:41:43 +08:00
Code Issues Packages Projects Releases Wiki Activity
33,790 Commits 9 Branches 0 Tags
295564bfbcf1ed90bbba3dcf55866b9ebbce0a4a
Commit Graph

33790 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nils Philippsen
295564bfbc ipa/client: add site-wide & host-based sudo rules 
This also uses HBAC to let all IPA accounts use the sudo command, so
what some user or group may use it for just has to be configured with
sudo rules in IPA.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-01-21 10:21:16 +00:00
Nils Philippsen
5cfd6bd10b ipa/client: Don't create groups 
Rather than creating groups (e.g. those configured for shell access) in
IPA, just verify they exist and fail otherwise.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-01-21 10:21:16 +00:00
Nils Philippsen
dd721909b7 ipa/client: Let sysadmin-main use all services 
It would be embarrassing to lock ourselves out.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-01-21 10:21:16 +00:00
Nils Philippsen
31edc2419f ipa/client: Separate cluster-wide & host tasks 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-01-21 10:21:16 +00:00
Silvie Chlupova
45c6b2d5a3 copr: letsencrypt configuration for copr-fe production instance 2021-01-21 08:50:21 +00:00
Pierre-Yves Chibon
8b0ec42622 pagure: send the logs to stderr instead of stdout 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-20 23:08:38 +01:00
Pierre-Yves Chibon
8850720c2e distgit/pagure: send the logs to stderr instead of stdout 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-20 23:08:04 +01:00
Kevin Fenzi
21ca5bebe9 db01: backup resultsdb 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-20 12:00:34 -08:00
Kevin Fenzi
723e97e5f3 resultsdb / staging: fix name from old phx2 resultsdb to new iad2 one 
In phx2 we had resultsdb-stg01.qa.fedoraproject.org, but now in iad2, we
have resultsdb01.stg.iad2.fedoraproject.org.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-20 11:29:59 -08:00
Michal Konečný
7814a8a649 release-monitoring: Lower the amount of error threshold 
The bug that caused to treat "No new version found" as error is now
fixed. So let's set the error threshold to reasonable amount to get rid
of projects that aren't working and are not mapped to anything.

Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-01-20 14:41:47 +01:00
Michal Konečný
52987bfa73 release-monitoring: Don't use cached layers 
The cached layers were root issue of having outdated anitya date,
because the step wasn't run again if there was no change in the
Dockerfile for the step, the cached version was used instead.

Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-01-20 13:39:01 +01:00
Michal Konečný
1c37cb6b1d release-monitoring: Debug Anitya installation during image build 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-01-20 13:07:58 +01:00
Michal Konečný
383b26eb4f release-monitoring: Let's check if we are really using outdated branch 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-01-20 12:57:20 +01:00
Michal Konečný
d7ac247f6b release-monitoring: Add listing of migrations to mid hook 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-01-20 11:10:52 +01:00
Michal Konečný
c304dace68 release-monitoring: Lower the timeouts 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-01-20 10:38:48 +01:00
Aurélien Bompard
95ca01284a Use a template for ipsilon's sssd.conf instead of replacing lines 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-01-20 10:32:33 +01:00
Michal Konečný
0b0566f7ce release-monitoring: Check if db is on head before deployment 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-01-20 09:12:09 +00:00
Pavel Raiskup
e67c8aca2b copr-be: propagate updated images to production 2021-01-20 09:41:53 +01:00
Pavel Raiskup
e646904fcd copr-be: fix && comment-out the cleanup-vms-aws command 2021-01-19 17:33:32 +01:00
Pavel Raiskup
37c0246379 copr-be-dev: new images with updated swap 2021-01-19 16:03:37 +01:00
Pavel Raiskup
66451136c2 copr-be: provision: don't create SWAP when preparing image 
Only when the real builder is started.
 2021-01-19 15:37:18 +01:00
Pavel Raiskup
d4e1b2d5bc copr-be: increase the chroot tmpfs space on builders 
Mock allocated 75g before, and this started to be not enough for some
projects (tmpfs resides in ram + swap).  Increasing the size isn't a
huge deal for us since the major subset of builders is x86_64 and those
have pretty large (currently unused) swap disk size.  For aarch64 I had
to add a bit more storage to guarantee that the large tmpfs will fit
the swap (+17%).
 2021-01-19 14:58:47 +01:00
Mark O'Brien
9c7342d576 toddlers: comment out staging 2021-01-19 10:46:37 +00:00
Mark O'Brien
b6f8fa05d1 toddlers: give scoady access to run 2021-01-19 10:40:50 +00:00
Mark O'Brien
2edf7f7e91 toddlers: turn on fasjson in stg 2021-01-19 10:36:19 +00:00
Miroslav Suchý
4acfcae34e use python3-libselinux 2021-01-19 10:09:54 +01:00
Miroslav Suchý
afa5c85b2f there is no ntpdate for el8+:x - use chrony 2021-01-19 10:06:27 +01:00
Kevin Fenzi
0da9feb845 koji_hub / gc: do not prune signed copies from epel8-infra 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-18 17:15:27 -08:00
Kevin Fenzi
667d5aca4d fix typo in last commit 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-18 16:12:43 -08:00
Kevin Fenzi
1afc72d77f mbs / staging: sync fas and ipa ssh groups 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-18 16:08:49 -08:00
Kevin Fenzi
68ae773dc6 basessh: in stg setup sssd/ipa to handle ssh keys 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-18 15:51:28 -08:00
Kevin Fenzi
98d6571ea2 mbs: add ipa/client role 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-18 15:50:17 -08:00
Kevin Fenzi
80d9c53b90 mbs: add ipa_client_shell_group to allow for stg ssh access. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-18 15:39:42 -08:00
Kevin Fenzi
ad507411e2 virthost: drop some old stuff we no longer need 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-18 15:34:48 -08:00
Kevin Fenzi
74b513df72 Add seperate kickstart for arm 32 bit builders due to lpae kernel 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-18 15:32:39 -08:00
Kevin Fenzi
babf36a356 buildvm / aarch64/armv7: simplify host vars, drop armv7 special tasks in create, set group vars for f33 on all arm buildvms 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-18 14:46:55 -08:00
Kevin Fenzi
b6415b23cb Revert "tasks / virt_instance_create: revert back to old armv7 setup in stg to test" 
This reverts commit 9277590da5.
 2021-01-18 12:16:18 -08:00
Adam Saleh
3009e09965 Added proxy uri for postgrest 2021-01-18 17:55:57 +01:00
Adam Saleh
6bd6e7ca11 Added postgrest to monitor-dashboard 2021-01-18 17:14:58 +01:00
Aurélien Bompard
b60912e888 The IPA HBAC rule for sysadmin-main should apply on all hosts 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-01-18 15:52:00 +01:00
Pavel Raiskup
a2d65ff508 Move devel servers to elastic IPs, too 2021-01-18 14:58:58 +01:00
Michal Konečný
010377f72e release-monitoring: wait till the db head is newest 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-01-18 11:51:28 +01:00
Kevin Fenzi
0741be6d2a pagure / pkgs: drop provenpackager excludes on firefox, thunderbird, xulrunner 
See https://pagure.io/fedora-infrastructure/issue/9557
Basically we don't need to block commits here anymore,
maintainers are confident they can prevent anything going out that
causes problems for the firefox name. Additionally, xulrunner was
retired a long time ago.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-15 13:40:45 -08:00
Kevin Fenzi
acd335509c proxies / redirects: if you use env_suffix in the sitename, you MUST use it in redirects too 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-15 12:11:25 -08:00
Kevin Fenzi
5927f7b321 distgit / hooks: only tweak perms on batcave hooks perms 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-15 11:39:26 -08:00
Kevin Fenzi
2977ebd42e proxies / websites: add qa.stg to serveraliases for qa 
Right now staging doesn't know it should be answering for
qa.stg.fedoraproject.org only qa.fedoraproject.org, so it needs to know
this to allow access to staging qa hosts.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-15 10:56:44 -08:00
Michal Konečný
3a9988b14a release-monitoring: Use the correct container name 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-01-15 17:39:39 +01:00
Michal Konečný
ceba6b06b9 release-monitoring: Wait for web deployment 
The migrations should be run when no pod is working with database.
This commit will let the other two pods wait till web service pod, which
is running the migrations starts.

Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-01-15 16:26:10 +00:00
Patrick Uiterwijk
f91c08bef3 robosignatory: re-enable file signing for rawhide 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2021-01-15 17:17:20 +01:00
Mark O'Brien
27a986ab85 koji: enable kojira run on boot in koji02 only 2021-01-15 16:08:52 +00:00