WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-30 08:50:55 +08:00
Code Issues Packages Projects Releases Wiki Activity
44,546 Commits 9 Branches 0 Tags
386c4e573ecccf3f07e9151a16fc46f7eef6e448
Commit Graph

44546 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Pavel Raiskup
dc4beb8903 copr-be: cleanup after today's debugging 2025-10-16 20:19:53 +02:00
Aurélien Bompard
b4bb584dd8 Try to get keycloak to trust the IPA CA cert 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-10-16 18:05:10 +02:00
Aurélien Bompard
7b0e77aaf4 IPAtuura: selinux perms 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-10-16 17:26:23 +02:00
Aurélien Bompard
d04e809c34 IPAtuura: selinux perms 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-10-16 17:24:00 +02:00
Aurélien Bompard
e7f242aa30 IPAtuura: selinux perms 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-10-16 17:21:54 +02:00
Aurélien Bompard
8851700c1e IPAtuura: selinux perms 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-10-16 17:19:38 +02:00
Aurélien Bompard
fcc66b66cd Add missing file 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-10-16 17:14:52 +02:00
Aurélien Bompard
6caeda2a6a IPAtuura: get a cert from IPA 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-10-16 17:13:41 +02:00
Pavel Raiskup
ef027df700 copr-be: provision_builder_tasks: fix link 2025-10-16 16:56:35 +02:00
Pavel Raiskup
779e78cdaa copr-be: provision_builder_tasks: avoid symlinks in mock override dir 
These are hard to copy from backend -> builder via ansible;  ansible
copy dereferences.
 2025-10-16 16:51:22 +02:00
Pavel Raiskup
c0057ead03 copr-be: provision_builder_tasks: try to not dereference symlinks 2025-10-16 16:17:08 +02:00
Aurélien Bompard
a2452a6c84 Fix handler execution order 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-10-16 16:14:28 +02:00
Aurélien Bompard
1e7b4451a8 Typo 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-10-16 16:09:58 +02:00
Aurélien Bompard
1f416b0215 Typo 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-10-16 16:07:25 +02:00
Aurélien Bompard
1d52c77c99 IPAtuura: more config 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-10-16 16:06:23 +02:00
Pavel Raiskup
7b2518f8a8 copr-be: disable vms on p09 hypervisor 
https://github.com/fedora-copr/copr/issues/3945
 2025-10-16 15:59:46 +02:00
Pavel Raiskup
efe1744357 copr-be: follow=false on file restore 
This was breaking /etc/mock files.
 2025-10-16 15:41:24 +02:00
Aurélien Bompard
b7dfae125c Syntax 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-10-16 15:40:45 +02:00
Aurélien Bompard
00a36aa4f6 Syntax 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-10-16 15:36:41 +02:00
Aurélien Bompard
5dd03158f9 ipatuura01: make it an IPA client 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-10-16 15:28:49 +02:00
Pavel Raiskup
d3f2909991 copr-be: try to fix idempotence again 2025-10-16 14:36:55 +02:00
Pavel Raiskup
7a4e58e55d copr-be: simplify permission setup 2025-10-16 14:31:26 +02:00
Pavel Raiskup
f483ac375e copr-be: debugging idempotence #3 2025-10-16 13:08:02 +02:00
Pavel Raiskup
6b8fcbe5bf copr-be: debugging idempotence #2 2025-10-16 13:03:53 +02:00
Pavel Raiskup
35b3583748 copr-be: debugging rsync idempotence 2025-10-16 13:00:30 +02:00
Pavel Raiskup
37475b0e65 copr-be: one more idempotence fix 2025-10-16 12:56:31 +02:00
Pavel Raiskup
55008b601c copr-be: bisect the idempotence problem 2025-10-16 12:49:09 +02:00
Pavel Raiskup
ddf3cbeb89 copr-be: slight reformat & idempotence again 2025-10-16 12:41:40 +02:00
Pavel Raiskup
9a99beadc2 copr-be: last idempotence provision_config idempotence fix 2025-10-16 12:03:11 +02:00
Pavel Raiskup
909681a962 copr-be: and one more idempotence fix 2025-10-16 12:00:39 +02:00
Pavel Raiskup
051ebab3dd copr-be: one more fix for idempotence 2025-10-16 11:58:17 +02:00
Pavel Raiskup
8034925ccb copr-be: one more try with idempotence 2025-10-16 11:54:22 +02:00
Pavel Raiskup
a7c7e14d22 copr-be: one more idempotence fix 2025-10-16 11:52:08 +02:00
Pavel Raiskup
bcd143e211 copr-be: idempotence fix 2025-10-16 11:47:46 +02:00
Pavel Raiskup
a290f10abf copr-be: avoid rsync_opts (not idempotent) 2025-10-16 11:44:28 +02:00
Pavel Raiskup
898f2add81 copr-be: keep executable files executable after rsync 2025-10-16 11:35:06 +02:00
Pavel Raiskup
7aa8578c1c copr-be: more restrictive permissions for provision files 2025-10-16 11:31:32 +02:00
Pavel Raiskup
a22ec30031 copr-be: hardcode resalloc as provision_user is not defined 2025-10-16 11:27:19 +02:00
Pavel Raiskup
fbe3ad235b copr-be: fix ownership and permissions of provision files 2025-10-16 11:24:18 +02:00
Kevin Fenzi
390f5f12d3 hosts / pkgs: set pkgs locally to use proxy01/10 
When I switched dns to use proxy110/proxy101 for src internally
in order to fix rust crate building, it broke auth on pkgs01/src.

The problem is that proxy01/10 are setup with a keytab that has
proxy01/proxy10 listed as principals so it can accept auth via them.
However, 101/110 are not listed and thus you get a permission denied.

We might look at a better way to fix this, but for now,
lets just override that here.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-15 17:13:50 -07:00
Kevin Fenzi
d5e1fa08f2 proxies: drop some requests that use referrer of some forks 
there's about... 7million hits a day from sites passing a referrer
of forks/kernel or forks/firefox where they are fetching static content
over and over and over. This may be because before they were blocked
from the forks themselves they were also downloading the js and static
content, and now they are just too dumb to see the 403 and still
want to fetch the old static content. Fortunately, they send a
referrer we can match on.

So, this should cut load another chunk.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-15 13:53:28 -07:00
James Antill
90f30deb45 docs-rsync.stg: Cleanup the code adding comments. 
Signed-off-by: James Antill <james@and.org>
 2025-10-15 13:02:37 -04:00
Siteshwar Vashisht
55fd4eb825 openscanhub: change to ami-09e7e359019156824 
... as previous fix used wrong image.

Signed-off-by: Siteshwar Vashisht <svashisht@redhat.com>
 2025-10-15 16:03:54 +00:00
Kevin Fenzi
58c8447d1a proxies / src: block all kernel forks for now 
Some scraper(s) were very very agressively crawling kernel fork repos
and causing all kinds of problems for koji and src.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-15 07:58:11 -07:00
Jiri Podivin
041a0e468a Change firewall setup to work with containerized service 
We are no longer going to force a different firewall driver for containers.
At the same time, nftables service is disabled and stopped. We don't need it
since firewalld is using nftables as a library anyway.

The rule for opening port 8080 has been replaced with rule for 443.
Service has moved to HTTPS.

Signed-off-by: Jiri Podivin <jpodivin@redhat.com>
 2025-10-15 09:12:15 +00:00
Pavel Raiskup
f0790852fe copr_hypervisor: we need to keep iptables on RHEL 8 machines 
https://pagure.io/fedora-infrastructure/issue/12531
 2025-10-15 10:33:52 +02:00
Siteshwar Vashisht
c739da870b openscanhub: update to ami-005984cdd73d72d6c 
Signed-off-by: Siteshwar Vashisht <svashisht@redhat.com>
 2025-10-15 08:00:40 +00:00
Pavel Raiskup
41d1ed1cdd copr_hypervisor: don't opt-out nftables 
The a1342d4ac5 should fix nftables.
 2025-10-15 09:57:18 +02:00
Pavel Raiskup
a1342d4ac5 copr_hypervisor: fix libvirt nat networking 
Per discussion in:
https://github.com/fedora-copr/copr/issues/3945
 2025-10-15 09:55:17 +02:00
Kevin Fenzi
867903b998 Revert "proxies / src: switch anubis back off to allow for rust crate building ( infra 12812 )" 
This reverts commit 2cdbaa0b28.
 2025-10-14 20:04:21 -07:00