WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-06-27 23:57:02 +08:00
Code Issues Packages Projects Releases Wiki Activity
34,864 Commits 9 Branches 0 Tags
4e08a57f48e71ee0d95c7bcab60fd1880bf4786c
Commit Graph

34864 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Adam Saleh
4e08a57f48 Changing bodhi-stg to a generic fedora kickstart file. 2021-05-07 17:40:34 +02:00
Adam Saleh
f6b6440b6f Updating bodhi on staging to run on f34. 2021-05-07 14:34:53 +02:00
Aurélien Bompard
86567270dc The keytab path is hostname-dependant 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-05-07 10:12:11 +02:00
Aurélien Bompard
bfe6cf9d02 Only run the cron job on one server 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-05-07 09:34:27 +02:00
Aurélien Bompard
abaf67b66c Adjust the keytab location to the service 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-05-07 09:16:16 +02:00
Aurélien Bompard
551ba9bd39 Oops. 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-05-06 19:04:34 +02:00
Aurélien Bompard
f1e9387759 Finally, use a service for the stage users cleanup script 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-05-06 19:02:38 +02:00
Aurélien Bompard
3ddc3934da Add a periodic cleanup script for stage users 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-05-06 13:59:21 +02:00
Aurélien Bompard
3719dff88e Add some missing tags 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-05-06 13:58:40 +02:00
Pierre-Yves Chibon
9d4623b8f8 fedmsg/hub: simplify the logic when install fedmsg-hub 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-05-06 13:57:25 +02:00
Pierre-Yves Chibon
a372c6b119 FMN: make the backend be py3 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-05-06 13:48:57 +02:00
Mark O'Brien
2649c23c52 ipa: add env_suffix for stg 2021-05-06 12:30:29 +01:00
Pierre-Yves Chibon
aff35d0dc3 notifs: change the way we notify that notifs_web is py3 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-05-06 12:21:41 +02:00
Pierre-Yves Chibon
0d42d25c45 notifs: make notifs-web02 be python3 for fedmsg 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-05-06 12:15:48 +02:00
František Zatloukal
12913c02bd Blockerbugs: fixup FAS on stg 2021-05-06 07:36:48 +02:00
Kevin Fenzi
866206b9b2 batcave13: use two nick virt-install 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-05 18:39:20 -07:00
Kevin Fenzi
e4d7627ce8 haproxy: disable notifs-web02 until it's ready 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-05 17:40:18 -07:00
Kevin Fenzi
1b1c9c8733 notifs-web02: fix kickstart name 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-05 17:14:49 -07:00
Kevin Fenzi
d03a311132 batcave: drop old openstack packages 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-05 17:12:38 -07:00
Kevin Fenzi
80fce3afbd notifs: make notifs-web02 and notifs-backend02 (ticket 9746) 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-05 17:07:52 -07:00
Kevin Fenzi
a1547eb885 buildvm-a32-03: fix mac address 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-05 16:51:04 -07:00
Kevin Fenzi
7da7d72b5f batcave: drop cgit everywhere. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-05 16:45:32 -07:00
Kevin Fenzi
f9849b7316 git/hooks: everything using this role should be python3 now. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-05 16:28:06 -07:00
Kevin Fenzi
0cf61ae919 ipa / client: do not exclude mock ipa user on people02 
We have a legit user who has the 'mock' account. So, we allow the ipa
one to override on people02 (since they have a shell account there), but
keep the filer everywhere else where we may run 'mock' the command.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-05 16:04:32 -07:00
Kevin Fenzi
c455b7f3bb batcave13: move to rhel8 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-05 15:57:14 -07:00
Kevin Fenzi
5a8f149f62 bastion: bastion13 has to have vpn to enroll in ipa 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-05 15:39:18 -07:00
Kevin Fenzi
3caebd6095 openvpn/server: really remove the group 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-05 15:29:06 -07:00
Kevin Fenzi
a9235bfd3d bastion: move ipa client after vpn 
We need vpn to reach the ipa servers.
Instead lets try and fix this by not specifying the group in
nagios/client.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-05 15:22:57 -07:00
Kevin Fenzi
43d3fbcdb8 Clean up some no longer used playbooks. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-05 15:16:21 -07:00
Kevin Fenzi
bee623abd2 bastion: move ipa/client before openvpn-server as it needs sysadmin-main group now 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-05 15:05:32 -07:00
Kevin Fenzi
556ad722f2 bastion: move openvpn server role before nagios_client that requires a /etc/openvpn/server/ccd dir 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-05 15:01:58 -07:00
Kevin Fenzi
0760ee57a6 openvpn / server: make the ccd dir idempotent 
Right now this task makes the ccd dir as 0755 and root.root, but then a
later task syncs this from batcave01 and it gets 2755 and
root.sysadmin-main. Just change this to match so we are more idempotent.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-05 14:53:03 -07:00
Kevin Fenzi
8d63ab50b2 bastion13: move to rhel8 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-05 14:34:39 -07:00
Tim Flink
67e0a56c24 blockerbugs: moving stg down to f33 from f34 2021-05-05 13:55:29 -06:00
Mohan Boddu
0d37e41895 Set the ownership in koji based on the dist-git owner 
Fixes: https://pagure.io/releng/issue/7067

Signed-off-by: Mohan Boddu <mboddu@bhujji.com>
 2021-05-05 19:40:33 +00:00
Tim Flink
19579a7fc6 blockerbugs: changing stg to use generic ks 
There is a new ks in the repo that isn't tied to a specific version of
Fedora. Changing blockerbugs-stg to use that instead of the older style
version-fixed kickstart
 2021-05-05 18:31:46 +00:00
Tim Flink
e01711b380 blockerbugs: updating blockerbugs-stg to f34 2021-05-05 18:31:46 +00:00
Kevin Fenzi
3d372b037a batcave: install ansible-collection-community-general for various useful modules 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-05 10:51:20 -07:00
Brendan Reilly
1ca4406918 Prepare script for MBS prod update 2021-05-05 12:59:09 -04:00
Mark O'Brien
c0d84eb154 badges: increase ram to try stop nrpe crashing 2021-05-05 14:43:01 +01:00
Brendan Early
681ea37715 packages-static: change PVs to ReadWriteMany 2021-05-04 21:43:45 +00:00
Kevin Fenzi
8d20a480c2 ipa/client: add apache to ignore for sssd 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-04 14:34:22 -07:00
Kevin Fenzi
eedc86fbcc secondary: enable sftp support 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-04 14:33:08 -07:00
Brendan Early
7bbdf4f679 Add -stg suffix to packages-static and solr PV claims when needed 2021-05-04 21:30:57 +00:00
Kevin Fenzi
ee49c53f08 base / iptables: Adjust iptables on all vpn hosts to drop less secure traffic 
Most of our vpn hosts are on a 192.168.1.0/24 network.
However we have a small number on a 'less secure' 'less trusted' subnet:
192.168.100.0/24. This change adds in logic to:
* on log01, allow rsyslog from 192.168.100.x hosts
* on ipa servers, allow ipa ports for 192.168.100.x hosts
* then reject everything else.
This will make sure 192.168.100.x hosts can only hit ssh and the two
above items, otherwise all vpn hosts will reject their traffic. This
should add a bit of security to having those hosts on the vpn.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-04 21:15:05 +00:00
Kevin Fenzi
6e6dbc0581 ipa/client: ignore 'mock' ipa/fas user and use local one. 
There's a actual legit person with a fas account of 'mock'
We don't want to use their account, we want to use the local mock user
instead.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-04 13:16:34 -07:00
Kevin Fenzi
e8f5700edc new mac address for buildvm-ppc64le-34 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-04 13:00:26 -07:00
Kevin Fenzi
dc3f8a4e72 add eth0_ipv4 for virt-install 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-04 12:49:24 -07:00
Kevin Fenzi
0c22bca328 buildhw-x86-05: turns out we need dns for clevis 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-04 11:48:33 -07:00
Kevin Fenzi
cbf343dd4e fix buildhw-x86-05 nm 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-04 09:54:41 -07:00