WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-02-02 20:59:02 +08:00
Code Issues Packages Projects Releases Wiki Activity
45,249 Commits 9 Branches 0 Tags
40cc20185a0b08442cf405fb201fc8455d27bc5f
Commit Graph

10213 Commits

Author SHA1 Message Date
Greg Sutcliffe
40cc20185a Zabbix: fix more hosts/groups for apache-status 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2026-01-26 14:18:01 +00:00
Greg Sutcliffe
a72e5b2fbf Zabbix: fix different handling of /apache-status on proxy hosts 
Seems like the proxies don't want to handle port 80 nicely, I get
errors in Zabbix for them using localhost:80/apache-status (which
works elsewhere, like sundries). However using https/443 seems to
work, so we'll do that instead.

Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2026-01-26 11:39:48 +00:00
Kevin Fenzi
27a81038b9 proxies: block a bunch of networks from an abusive asn 
This asn is hammering koji links.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-01-25 10:32:48 -08:00
Kevin Fenzi
896ab6360b download: block subnet thats using rclone against master mirrors 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-01-22 10:35:44 -08:00
Kevin Fenzi
a754144f19 Update infra pagure.io links to forge.fp.o (WIP) 
This should update all the references we have to
https://pagure.io/fedora-infrastructure to the
new https://forge.fedoraproject.org/infra/tickets/ area.

Do not merge this before the migration on tuesday.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-01-20 14:39:40 -08:00
Jakub Kadlcik
7d56f15586 copr-be: upgrade production builders to F43 
Fix https://github.com/fedora-copr/copr/issues/4001

I updated the `copr_builder_images.hypervisor.x86_64` even though the image is
not uploaded there yet because the HV is currently down.

Somebody needs to run this when it gets back online:

    STAMP=$(date -I) \
    ARCHES=x86_64 \
    TARGETS=libvirt \
    copr-upload-builder-images /var/lib/copr/public_html/images/2026-01-14/
 2026-01-20 15:50:20 +01:00
Jakub Kadlcik
82245389e8 copr-be-dev: upgrade builder HV ppc64le images to F43 2026-01-20 11:32:44 +01:00
Kevin Fenzi
bad6a2db89 storinator01: add mac addresses and fix ip var 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-01-19 12:44:01 -08:00
Michal Konecny
5809288d1e Remove proxy05 from mirrorlist proxies 
The proxy05 is unavailable for last few days, let's remove it from
mirrorlist_proxies till the situation is resolved.

This will fix mirrorlist-statistics cronjob. See
https://pagure.io/fedora-infrastructure/issue/12993 for more info.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2026-01-19 13:37:35 +01:00
Kevin Fenzi
5298fcbd4b proxy03/14: fix larger memory sizes 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-01-15 11:41:26 -08:00
Jakub Kadlcik
f68255f1ae copr-be-dev: upgrade builder images to F43 
Except for HV because of https://github.com/fedora-copr/copr/issues/4040
 2026-01-15 14:50:12 +01:00
Greg Sutcliffe
93ed0457e0 Nagios: remove first batch of services 
This removes the known-good things we've had in Zabbix for a while -
RAID, disk space, processes, and mail queue. It also removes swap which
we've decided we don't need.

Also includes some FS overrides on the Zabbix side so the relevant
NFS mounts get monitored on the OCI, and pkgs hosts, as per Nagios had.

Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2026-01-14 10:25:15 +00:00
Jiri Kyjovsky
88102722cb copr-anubis: allow copr-related user agents to pass without challenge 2026-01-12 09:00:32 +00:00
Jiri Kyjovsky
3595436104 copr-anubis: loosen policies (go through defaults), allow essentials 2026-01-08 16:40:34 +01:00
Greg Sutcliffe
5765dd09b5 Zabbix: report warnings to #noc:fpo Matrix room 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2026-01-08 13:56:38 +00:00
Greg Sutcliffe
85ac8eeab7 Zabbix: raise warning levels for openqa disk usage 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2026-01-08 13:55:20 +00:00
Jiri Kyjovsky
d79d6ca487 copr/anubis: fix configuration on frontend to protect only /coprs (same for distgit) 
Anubis was accidentally enabled for all traffic (/) instead of just
the /coprs/ web UI. This caused unnecessary bot challenges for API
clients, dnf/yum, and other automated tools.

Use Anubis BASE_PREFIX to cleanly protect only specific endpoints:
- Frontend: /coprs/ (web UI)
- Dist-git: /{{ cgit_uri }}/ (package browser)

https://anubis.techaro.lol/docs/admin/installation#using-base-prefix
 2026-01-07 13:58:11 +01:00
Miroslav Suchý
1becdd9e81 bump up number of reserved instances 2026-01-06 12:55:31 +01:00
Kevin Fenzi
ee5c732c8c people01: also increase memory to 32g 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-30 09:34:45 -08:00
Kevin Fenzi
f717aeb615 people01: bump number of cpus to 16 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-30 09:31:39 -08:00
Adam Williamson
37e2d34eb6 proxies: block IP attempting SQL injections on openQA (prod) 
My staging effort seems to have worked, so let's do prod too.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2025-12-30 08:58:11 -08:00
Adam Williamson
3e8c446877 proxies: block IP attempting SQL injections on openQA 
I hope I got this right. This IP is trying Little Bobby Tables
attacks on openQA and it's making the servers crash.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2025-12-30 08:46:28 -08:00
James Antill
c127602949 Remove rest of f41-test. 
Signed-off-by: James Antill <james@and.org>
 2025-12-26 12:46:03 -05:00
James Antill
efa0061ca5 Remove f41-test from inventory. 
Signed-off-by: James Antill <james@and.org>
 2025-12-25 08:35:47 -05:00
Greg Sutcliffe
9fae8c7d2d Zabbix: First try of the CMDB-in-Zabbix-Inventory idea (#12817) 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-12-22 15:09:07 +00:00
Pavel Raiskup
cd95aa0095 copr-be: try to use x86 copr04 2025-12-20 15:54:12 +01:00
James Antill
c68ec66f3e Move prox01.stg to F43. 
Signed-off-by: James Antill <james@and.org>
 2025-12-19 14:39:12 -05:00
Greg Sutcliffe
149047b50d Copr: fix IP hostvars on vmhost-x86-copr04 - again 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-12-19 11:51:57 +00:00
Greg Sutcliffe
f639e26c12 Copr: fix IP hostvars on vmhost-x86-copr04 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-12-19 11:43:49 +00:00
David Kirwan
1a18ff41fd communishift: mark project communishift-fedora-coreos-ai-helpers do not 
clean up.

Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
 2025-12-18 16:09:42 +00:00
Kevin Fenzi
c4f5d8ea2e proxies / proxies_stg: fix comment about max workers and set to 3200 both places 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-14 09:45:38 -08:00
Kevin Fenzi
e6e014780d proxies: sync up prod proxies mem/cpus and add more in stg 
We manually added cpus and memory in the past to 01/10/101/110, so
update ansible so it matches whats deployed now.

On staging, 2 cpus isn't going to cut it anymore, so just bump them up
to be the same as prod.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-13 12:34:17 -08:00
Kevin Fenzi
6ceed5e1b9 smtp-auth-iso01: add ipv6 address 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-12 15:57:15 -08:00
Kevin Fenzi
6789314251 smtp-mm-iso01: add ipv6 address 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-12 15:54:15 -08:00
Kevin Fenzi
5acda7f784 proxy03: set dc to not be rdu3 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-12 15:50:08 -08:00
Kevin Fenzi
52dffb8df4 proxy03: fix dns search order 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-12 15:05:49 -08:00
Kevin Fenzi
182104ec0f proxy03: use mac address from ansible 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-12 14:56:25 -08:00
Kevin Fenzi
e1524d1fd0 smtp-mm-iso01: use correct hostname in inventory 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-12 14:20:16 -08:00
Kevin Fenzi
e8bd81d11d vmhost-x86-iso03: add to inventory 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-12 13:58:12 -08:00
Kevin Fenzi
e7c35d4d2b vmhost-x86-iso02: update mac addresses 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-12 13:56:36 -08:00
Kevin Fenzi
16ce599474 vmhost-x86-iso02: add to inventory 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-12 12:58:15 -08:00
Kevin Fenzi
a81f88f031 vmhost-x86-iso02: update mac addresses 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-12 12:55:07 -08:00
Kevin Fenzi
73c0c6214f proxy14: try and set it for a rdu3-iso datacenter 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-12 10:29:11 -08:00
Michal Konecny
9fb417b79a [proxy14] Fix typo in host_vars 
This caused ticketkey playbook to fail and all proxies started alerting
about old age of ticketkey.
 2025-12-12 10:52:14 +01:00
Kevin Fenzi
a3dbedb3e7 proxy14: adjust dns search path 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-11 21:06:44 -08:00
Kevin Fenzi
2d78574d7e smtp-mm-iso01 host vars to the correct name 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-11 18:57:07 -08:00
Kevin Fenzi
2ea32b924f proxies: update hostnames for proxy03/14 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-11 17:53:29 -08:00
Kevin Fenzi
117c334dae rename smtp-mm-cc-rdu01 to smtp-mm-iso01 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-11 17:13:39 -08:00
Kevin Fenzi
0498dd6bd9 proxy03: correct vmhost 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-11 17:11:40 -08:00
Kevin Fenzi
3b3399c6d8 proxy03 and proxy14 adjustments for rdu3 move 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-11 16:30:02 -08:00