WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-03 23:41:43 +08:00
Code Issues Packages Projects Releases Wiki Activity
38,290 Commits 9 Branches 0 Tags
4d7c02510fbcb4e16269c1f37624db7635b164f2
Commit Graph

38290 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kevin Fenzi
4d7c02510f more vim spew fixing 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-01-11 08:57:04 -08:00
Kevin Fenzi
c652719988 vim did something weird here 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-01-11 08:53:49 -08:00
Kevin Fenzi
47cf07184e wildcard-2023.fedoraproject.org: new wildcard ssl cert 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-01-11 08:48:40 -08:00
Nick Bebout
6987b8bc1e Add aws-fpl group to ipsilon per mattdm's request 2023-01-10 20:12:27 -06:00
Kevin Fenzi
0aeb60adea collectd: add to selinux policy to prevent denied read for proc/net 
Should fix up these messages from all machines:
audit[865]: AVC avc:  denied  { read } for  pid=865 comm="reader#2" name="net" dev="proc" ino=4026531845 scontext=system_u:system_r:collectd_t:s0 tcontext=system_u:object_r:proc_net_t:s0 tclass=lnk_file permissive=0
audit[865]: AVC avc:  denied  { read } for  pid=865 comm="reader#2" name="net" dev="proc" ino=4026531845 scontext=system_u:system_r:collectd_t:s0 tcontext=system_u:object_r:proc_net_t:s0 tclass=lnk_file permissive=0

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-01-10 14:35:18 -08:00
Kevin Fenzi
584d9e6406 koji-gc: don't untag/gc things in *pending tags 
We hit a case with an old update that was almost ready to be untagged,
but then was submitted as an update and _then_ untagged.
See https://pagure.io/fedora-infrastructure/issue/11058
Telling koji-gc to keep anything in pending tags should avoid this small
window for problems.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-01-10 12:47:45 -08:00
Michal Konečný
f8a250f89b [toddlers] Set the log level back to INFO for production 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2023-01-10 17:27:42 +01:00
Michal Konečný
1cc16e1750 [toddlers] Set log level to debug for toddlers 
Partial setting to debug doesn't seems to work, let's set the whole toddlers to debug.

Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2023-01-10 16:32:19 +01:00
Michal Konečný
c08475fbcb [toddlers] Set the log level for correct class 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2023-01-10 16:25:59 +01:00
Michal Konečný
127a770619 [toddlers] Add debug output to scm_request_processor 
To help fix the issue with creating branch change the log level to DEBUG temporarily.

Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2023-01-10 16:13:45 +01:00
Kevin Fenzi
0d08f15f41 ip6tables: allow dhcp6d from aws 
While we actually use SLAAC in aws, there's a dhcp6d sending out the
router advertisements, so without that the instance doesn't get an ipv6
ip and just doesn't work. With this it does.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-01-09 19:06:27 -08:00
Jakub Kadlcik
98410c9b7b copr: mask the systemd-oomd service 2023-01-09 11:40:08 +01:00
Kevin Fenzi
4b262d7ada apps.ocp.stg new certs for 2023 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-01-08 18:26:33 -08:00
Kevin Fenzi
31f11df469 koschei: increase timeout from 30s to 180s to allow loading larger queries 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-01-08 11:12:00 -08:00
Stephen Smoogen
9b82c517f4 put back in copy of people.conf so that we can get correct config on webserver 2023-01-05 13:38:33 -05:00
Stephen Smoogen
69ba9efed8 Move to using new certs for fedorapeople 
Get new certs per instructions
Put new certs in ansible_private from letsencrypt
Change the cert name in configs to 2023 to show different from 2017 one.

Signed-off-by: Stephen Smoogen <ssmoogen@redhat.com>
 2023-01-05 12:50:34 -05:00
Pavel Raiskup
5e75fa84c6 copr-dist-git: rebuilding cgit data takes one hour 2023-01-03 13:20:07 +01:00
Pavel Raiskup
bf8d23bbfd copr-fe: re-enable automatic PyPI rebuilds 
Relates: https://github.com/fedora-copr/copr/issues/2289
 2023-01-03 13:19:52 +01:00
Jakub Kadlcik
6a386738d7 copr: make sure rpmlint package is up-to-date on builders 
https://pagure.io/FedoraReview/issue/461
 2022-12-21 23:46:12 +01:00
David Kirwan
b33aa64cde fas2discourse: Create playbook/role 
Create task to generate keytab
 2022-12-21 10:09:54 +09:00
David Kirwan
f78802897b mdapi: set correct path to mdapi client inside cronjob 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2022-12-20 18:00:51 +09:00
David Kirwan
01c03085ed mdapi: fix configmap file name 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2022-12-20 17:49:53 +09:00
David Kirwan
15ec523d15 mdapi: add myconfig.py configmap 
add volumemount to deploymentconfig
       add volumemount to cronjob

Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2022-12-20 17:34:49 +09:00
David Kirwan
ab250d7a87 mdapi: change cronjob entrypoint command 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2022-12-20 16:13:35 +09:00
David Kirwan
d59ca4e29f mdapi: point s2i git uri at new repo 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2022-12-20 15:47:55 +09:00
Adam Williamson
d23bfae035 Update one more fedora-36 entry in greenwave config 
Whoops, forgot this one.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2022-12-19 19:04:50 -08:00
Adam Williamson
de979123fa openQA: don't install the fedoraupdaterestart plugin any more 
We don't need it, we use upstream RETRY now.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2022-12-19 16:16:11 -08:00
Adam Williamson
55c7450311 Update greenwave rules for F35 EOL 
Thanks to @jforbes for reminding me of this - now F35 is EOL,
we don't run the openQA upgrade tests on F36, so we have to
upgrade the gating policy or no F35 updates can be pushed.
Also drop other fedora-35 references in openQA-related rules.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2022-12-19 16:11:07 -08:00
Kevin Fenzi
5ca2b2eb36 os.fedoraproject.org / app.os.fedoraproject.org: remove more old openshift 3.11 cluster stuff 
It may be that having this on some of the proxies is causing problems
because it's trying to ping the old openshift 3.11 cluster and filling
up apache slots with it. We do not need this stuff anymore, so remove
it.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-12-16 10:15:27 -08:00
Dusty Mabe
edf56b5611 openshift-apps: put the pruner to sleep again 
Now that we've pruned 1.2T from the repo let's put the pruner back
to sleep over the holidays. It's a brand new service and if anything
goes awry we want to be around to investigate.

Will re-enabled in January.
 2022-12-15 11:18:38 -05:00
David Kirwan
e4b47ff35c communishift: testing venv workaround for dependency issues 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2022-12-15 15:36:35 +09:00
David Kirwan
2378c9cf35 communishift: testing venv workaround for dependency issues 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2022-12-15 15:21:59 +09:00
Adam Williamson
5cd71a659b openQA: don't install from u-t on prod 
The current builds are in stable now.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2022-12-14 15:06:18 -08:00
Dusty Mabe
caf71e42b7 openshift-apps: remove build step from a few apps 
Everytime we run the playbook a new build kicks off, but
the app was just restarted. So what happens is we end up
with the app getting started twice (once when the
deploymentconfig gets updated and once when the build finishes).
This could be bad if the app has some startup steps that need
to not be interrupted.

Let's just manually trigger builds since we have the permissions
to do that in the web interface and via the CLI.
 2022-12-14 15:29:04 -05:00
Dusty Mabe
2f42b33462 openshift-apps: add supplemental groups to fedora-ostree-pruner 
This is similar to what we've done for coreos-ostree-importer. See
https://pagure.io/releng/issue/8811#comment-629051 for more information.
 2022-12-14 14:21:51 -05:00
Dusty Mabe
b6622ab49b Revert "add sleep for coreos-ostree-importer and fedora-ostree-pruner to debug" 
This reverts commit d84897eefc.
 2022-12-14 14:21:20 -05:00
Dusty Mabe
d84897eefc add sleep for coreos-ostree-importer and fedora-ostree-pruner to debug 
Having some trouble with the pruner and importer right now so let's
try to debug further by just getting a terminal in the pods.
 2022-12-14 13:12:14 -05:00
Michal Konečný
222d670bf0 [mdapi] Add t0xic0der to appowners 
https://pagure.io/fedora-infrastructure/issue/11053

Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2022-12-14 10:43:32 +01:00
Dusty Mabe
bf8208c013 fedora-ostree-pruner: start building from correct context dir 
Now that the upstream PR [1] has merged let's start building from that
and also stop using `sleep infinity`.

[1] https://github.com/coreos/fedora-coreos-releng-automation/pull/79
 2022-12-13 16:29:13 -05:00
Dusty Mabe
e8af5458a0 openshift-apps: bump fedora-ostree-pruner to Fedora 37 2022-12-13 16:28:47 -05:00
Tomas Hrcka
148cf4a47e Fedora 35 is End Of Life 
Signed-off-by: Tomas Hrcka <thrcka@redhat.com>
 2022-12-13 14:38:19 +01:00
Jakub Kadlcik
016572ad54 copr: prefer IPv4 on copr-fe because of timeouting OpenID login 
See https://github.com/fedora-copr/copr/issues/2418#issuecomment-1341394581
 2022-12-09 04:14:41 +01:00
Francois Andrieu
495670585f websites: fix permissions 2022-12-09 02:11:22 +01:00
Francois Andrieu
7480cd6cc6 websites: fix variable name 2022-12-09 02:04:26 +01:00
Francois Andrieu
bd4c0ae2a1 websites: add missing deployment 2022-12-09 01:31:27 +01:00
Francois Andrieu
dc0dcb3db9 websites: s3 creds will be manually fetched 2022-12-09 00:14:44 +00:00
Francois Andrieu
5b5edd11eb websites: new main website deployment on stg 2022-12-09 00:14:44 +00:00
Kevin Fenzi
5a1289069c add communishift-fedora-review-service app 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-12-08 15:11:34 -08:00
Kevin Fenzi
8b4bbfa0db mailman: xz compress logs 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-12-08 14:21:22 -08:00
Clement Verna
e3a66f6a91 Use fedora 37 for OSBS buildroot 
Signed-off-by: Clement Verna <cverna@tutanota.com>
 2022-12-08 20:23:20 +01:00