WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-16 13:56:03 +08:00
Code Issues Packages Projects Releases Wiki Activity
30,987 Commits 9 Branches 0 Tags
4eee2902301dacae8c75fffc6097656b474c4980
Commit Graph

682 Commits

Author SHA1 Message Date
Kevin Fenzi
4b7c31a882 cleanup: remove all the duplicate tests for selinux python bindings in favor of the ones in base. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-16 10:54:58 -07:00
Kevin Fenzi
98549fd6db base / resolv.conf: we want vpn to be before iad2 here 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-13 16:56:58 -07:00
Kevin Fenzi
c529380547 Spring cleaning time. :) 
I removed all the old files, inventory, playbooks, roles and other from
services we no longer run or use. There was a bunch of cruft in there
and I hope that will make the repo cleaner and easier to look for things
we actually do run and care about.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-13 14:02:41 -07:00
Kevin Fenzi
ce6cd8844a base: postfix: comment duplicate alias_maps thats sending warnings from bastion01.iad2 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-08 20:30:33 -07:00
Kevin Fenzi
b8de4f9d7d iad2: log01: add a rsyslog config file for log01.iad2 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-08 17:49:21 -07:00
Kevin Fenzi
29a4145466 iad2: add a iad2 resolv.conf file. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-06 16:54:48 -07:00
Kevin Fenzi
9edbfa6a39 iad2: only install the default PROD prompt in non iad2 datacenters 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-06 13:56:02 -07:00
Kevin Fenzi
9b49971cae iad2: set prompt in iad2 to avoid confusion 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-06 13:51:16 -07:00
Stephen Smoogen
03a14c6db9 HOTPATCH: Fix pagure-stg email. Formal fix will need updating our postfix files to work with RHEL-8/Fedora 28+ postfix syntax. 2020-05-04 08:48:43 -04:00
Nils Philippsen
5958059b47 Remove remnants of lists-dev and lists01 
Follow-up on:

commit a11e1da4b435928c8895259e12ea1bf895860cb4
Author: Kevin Fenzi <kevin@scrye.com>
Date:   Thu Feb 20 17:09:00 2020 +0000

    lists-dev: farewell

    Signed-off-by: Kevin Fenzi <kevin@scrye.com>

commit dd3bf3b50d
Author: Kevin Fenzi <kevin@scrye.com>
Date:   Fri May 20 18:09:20 2016 +0000

    Drop collab03 and hosted-lists01 (everything is going to mailman01 now).
    Drop hosted01 (we arent going to move hosted to rhel7)

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2020-05-03 22:02:42 +00:00
Stephen Smoogen
bb719cdc5d rsyslogd: fix rsyslogd on all EL8 and F32 boxes 
In 2017, I (Stephen Smoogen), put in a change to copy
roles/base/files/rsyslog/rsyslog-limits.conf to /etc/systemd on
log01. This was to make it so we have adequete limits on the logrunner
on log01. However I missed the fact that all *.conf files are copied
over to /etc/rsyslog.d/ in a previous section. So this file has been
copied over to every system since 2017.. which was ok when rsyslogd just
ignored the syntax. However on EL8, it dies and kills rsyslogd so
servers are not able to run.

Fix: change the file name to one which won't get globbed. Remove the
file from all systems in /etc/rsyslo.d
 2020-04-30 11:25:25 +00:00
Stephen Smoogen
07a8351c1d sync the download logs from download-cc 2020-04-30 10:17:28 +00:00
Stephen Smoogen
d951a6f19e try this logic for later 2020-04-24 21:34:28 +02:00
Stephen Smoogen
05e9125c67 why this works for 90 hosts but not this one I do not know 2020-04-24 21:34:28 +02:00
Stephen Smoogen
3800b05f64 this is the last fix before fing hardcoding the ips 2020-04-24 21:34:28 +02:00
Stephen Smoogen
264360cac8 try to figure out if this will fix the error 2020-04-24 21:34:28 +02:00
Kevin Fenzi
f927c2774f base / selinux module: do not try and load this on el6 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:27 +02:00
Kevin Fenzi
8102d0ca43 base / selinux / rsyslog-audit: bump the version on this policy to get it to reload on all the f31+ machines 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:27 +02:00
Kevin Fenzi
333b791f8a Revert "base: exclude this selinux policy for now since it causes a OOM crash on fedora-armv7-31" 
I am going to test this in staging now.

This reverts commit 239f247757868a27df5802392ac24291eed931d0.
 2020-04-24 21:34:27 +02:00
Stephen Smoogen
efcd9b0ead the problem was that some of the host names were listed as cloud-noc01.fedorainfracloud.org and others were named cloud-noc01.cloud.fedoraproject.org. Move to 1 name throughout ansible 2020-04-24 21:34:27 +02:00
Stephen Smoogen
2b9f82f9f4 proxy31 2020-04-24 21:34:26 +02:00
Adam Williamson
ee006a8d3e openqa: update iptables NAT rule implementation 
Since we set this up, @puiterwijk added a nice `nat_rules` thing
that lets us add NAT rules without forking the iptables template,
and I just set up the `openqa_tap_iface` variable to avoid the
stupid thing where I hardcoded all the possible interface names
for different arches. So let's use those two together FOR GREAT
JUSTICE! Or possibly just to break everything, you know, we'll
find out shortly.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2020-04-24 21:34:26 +02:00
Kevin Fenzi
00af04a024 openstack cloud: decomission 
Finally take fed-cloud* out and all playbooks associated with the old (and attempts to make a new one).
This cloud was a pain at times, but it did serve long and well, we salute it!

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:26 +02:00
Stephen Smoogen
b4e46bb0e9 try to figure out why stuff in exclude_hostgroups still get included 2020-04-24 21:34:25 +02:00
Pavel Raiskup
2ff45e328d iptables: No stg ip override in aws.fedoraproject.org 
Complements a90e9070cd
 2020-04-24 21:34:24 +02:00
Stephen Smoogen
c04e8c2652 make sure this is here so we can do the next step 2020-04-24 21:34:22 +02:00
Stephen Smoogen
9d02ba6cf4 add proxy30 to config files 2020-04-24 21:34:21 +02:00
Kevin Fenzi
25160d44aa base / iptables: allow buildvm-s390x-17 to also access koji mount 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:21 +02:00
Kevin Fenzi
73ba1900e6 lock_wrapper: handle --silent with the argument passing 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:20 +02:00
Kevin Fenzi
09bbcdb68a scripts / lock-wrapper: actually pass script arguments as well to the script 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:20 +02:00
Kevin Fenzi
779fa01877 autocloud: fare well autocloud, you served long and well... 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:17 +02:00
Kevin Fenzi
18e16cbcfa base: forgot when conditional on last alternatives add 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:16 +02:00
Kevin Fenzi
5af03fdec0 base: On rhel8 machines set /usr/bin/python to /usr/bin/python3 
The reason we do this is so we can use a few scripts (like nag-once)
as python2 on python2 hosts and python3 on rhel8 hosts.
Note that this depends on the script working on either.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:16 +02:00
Pierre-Yves Chibon
5a25802f9a base: First pass at making nag-once working with python3 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:16 +02:00
Kevin Fenzi
5ecc8a9c4f base / postfix: also work around postfix/systemd bug on buildvmhost-s390x. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:16 +02:00
Kevin Fenzi
e94fcbd825 iptables: fix group name, it's proxies_internal not proxies-internal. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:16 +02:00
Kevin Fenzi
e1bea5fb6b postfix / base: also this is Service not service 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:16 +02:00
Kevin Fenzi
cdeaa2558c base / postfix: reload systemd after changing the postfix service file. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:16 +02:00
Kevin Fenzi
015df8dc65 postfix / base: work around s390x bug in private devices. 
https://bugzilla.redhat.com/show_bug.cgi?id=1769148

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:16 +02:00
Kevin Fenzi
75458a9252 base: further specify rootpw play hosts. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:15 +02:00
Kevin Fenzi
de7bef8146 base: adjust rootpw setting to cover current names 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:15 +02:00
Rick Elrod
0f9a591216 base: don't copy a bunch of postfix stuff for stg 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2020-04-24 21:34:15 +02:00
Rick Elrod
9b60967d7e base: add fix-ifcfg-mac-address.sh to common-scripts. Not my best code, but it should do the trick. 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2020-04-24 21:34:14 +02:00
Kevin Fenzi
f39ba30822 base: exclude this selinux policy for now since it causes a OOM crash on fedora-armv7-31 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:14 +02:00
Kevin Fenzi
fd1c7cf395 base: change conditional, perhaps ansible likes this one better? 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:12 +02:00
Kevin Fenzi
53c3309269 base: Tweak conditionals to be much simpiler. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:12 +02:00
Kevin Fenzi
8315ba9108 koji / buildvm-s390x-01.s390: Move this to a normal builder, remove from compose channel 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:12 +02:00
Kevin Fenzi
1d68465ff2 base: set hostname on all hosts, not just rhel7. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:11 +02:00
Mikolaj Izdebski
12d3da3ebd base: Remove Koschei hosts from syncHttpLogs.sh 2020-04-24 21:34:11 +02:00
Stephen Smoogen
0a87de6e21 [proxies] remove proxy08 from ansible configs 2020-04-24 21:34:11 +02:00