WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-20 12:07:34 +08:00
Code Issues Packages Projects Releases Wiki Activity
35,639 Commits 9 Branches 0 Tags
58b8a401faac5bf9a8a68edcc94ca34b484e30a7
Commit Graph

35639 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Kirwan
58b8a401fa metrics-for-apps: Altering mac addresses for worker02/worker03 ocp4 
nodes

Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-09-09 12:32:59 +09:00
Kevin Fenzi
1176de7808 pagure / staging: use normal cert, not bundle for stunnel 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-09-08 12:28:33 -07:00
Ryan Lerch
af53fd848b badges-backend-stg: create client keytab 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2021-09-08 18:41:32 +10:00
David Kirwan
b778a45d6c metrics-for-apps: Remove temporary ocp4 bootstrap machine from haproxy 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-09-08 12:35:48 +09:00
David Kirwan
4e8fa0e687 metrics-for-apps: add ocp4 prod CA cert to haproxy 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-09-08 12:32:42 +09:00
Kevin Fenzi
6ba659a130 proxies / staging: set the correct chain file here for ssl 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-09-06 11:24:34 -07:00
David Kirwan
991da5d981 metrics-for-apps: Renamed tag, added firewall rules for proxies 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-09-06 12:36:00 +09:00
Kevin Fenzi
d8193ced1f proxies: env is the full env name 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-09-04 14:34:56 -07:00
Kevin Fenzi
6ce2275510 haproxy: ocp cluster is only in iad2 
If we push this to all proxies (as we have), they will fail to start
haproxy because they cannot resolve the internal ocp iad2 hosts. ;(

The ocp clusters should only apply on the iad2 haproxy nodes, not all
proxies. Also fix logic on the staging one to apply in staging instead
of just production.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-09-04 10:51:00 -07:00
Kevin Fenzi
5a8f655671 proxies: add intermediate certs for mirrors.centos.org 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-09-02 16:56:24 -07:00
Kevin Fenzi
91d645f656 Proxies: also install mirrors.centos.org certs 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-09-02 16:22:56 -07:00
Kevin Fenzi
e5929f6f9b proxies: add mirrors.stg.centos.org for mirrorlist testing in staging 
The cert here is gotten from centos.org folks and checked into private.
At some point we will get a longer term cert here so there's less manual
churn. Otherwise we just make a new mirrors.stg.centos.org and proxy it
to mirrorlists just like mirrors.stg.fedoraproject.org.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-09-02 16:01:50 -07:00
Kevin Fenzi
242d48fdc2 add some missing tags 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-09-02 11:49:55 -07:00
Kevin Fenzi
dfff4c5fa8 matrix: Setup logo and welcome images to be served by proxies. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-09-02 11:44:50 -07:00
Kevin Fenzi
844177a0ae nagios: try and sepecify the additional groups another way 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-09-02 11:25:38 -07:00
Kevin Fenzi
3ae44be726 proxies: LocationMatch here should be uri not path 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-09-02 10:59:10 -07:00
Kevin Fenzi
d4ad74ae5e nagios / vpnclients: fix typo in previous commit 
group was used, but ansible needs groups here.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-09-02 10:28:20 -07:00
Nick Bebout
9d78be4889 Update well-known files for matrix 2021-09-02 10:58:27 -05:00
Brian Stinson
4f635e3ad8 Add a fedora-messaging queue for the CentOS Stream robosignatory 
Signed-off-by: Brian Stinson <bstinson@redhat.com>
 2021-09-02 11:05:58 +00:00
Mark O Brien
54082babef ocp: fix typo in certificate name 2021-09-02 10:42:46 +01:00
David Kirwan
3ffcddf050 metrics-for-apps: commenting out run once directive 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-09-02 12:52:57 +09:00
David Kirwan
22229738d3 metrics-for-apps: fixing hostvars vmhost variables 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-09-02 12:43:43 +09:00
David Kirwan
534ce4dd15 metrics-for-apps: attempting to target specific hosts in tasks 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-09-02 11:48:45 +09:00
David Kirwan
be3ff19ce2 metrics-for-apps: updating when expression to run on certain hostgroups 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-09-02 11:42:05 +09:00
David Kirwan
7a4e8a8542 metrics-for-apps: fixing eror with when statement 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-09-02 11:26:12 +09:00
David Kirwan
766fab92ad metrics-for-apps: updated logic to target hosts based on membership of group 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-09-02 11:17:02 +09:00
David Kirwan
f042ec7a4d metrics-for-apps: update hosts ocp4-place-ignitionfiles playbook targets 
to include new prod ocp hosts

Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-09-02 11:02:44 +09:00
David Kirwan
7b9e35a562 metrics-for-apps: Update hosts target to only tarket existing hosts + 
new staging cluster

Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-09-02 10:47:51 +09:00
David Kirwan
c54d0b3470 metrics-for-apps: Updating asknot ocp install target 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-09-02 10:47:51 +09:00
David Kirwan
9f39d76e2c metrics-for-apps: Adding inventory/groupvars/changes for ocp prod 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
 2021-09-02 01:37:34 +00:00
Mark O Brien
52dadb7d0d ipa: add opeshift host group and tidy grooup vars 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2021-09-01 08:49:35 +00:00
Kevin Fenzi
873b8280fb proxies: add content for matrix files 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-08-31 13:33:26 -07:00
Kevin Fenzi
19188af5b0 staging / CORS: apache syntax fixes 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-08-30 17:55:43 -07:00
Kevin Fenzi
6e4117cb94 fix closing LocationMatch 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-08-30 17:26:22 -07:00
Kevin Fenzi
b4c0acd1b9 staging: add CORS for matrix 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-08-30 17:01:28 -07:00
Kevin Fenzi
d65041c2c1 matrix: aliases will not work here, use redirects 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-08-30 16:26:58 -07:00
Kevin Fenzi
3bdb267ad4 staging: rename the ocp cert 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-08-30 15:53:34 -07:00
Kevin Fenzi
78ae760408 fedora.im: also need to make the /srv/web/fedora.im dir 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-08-30 15:27:14 -07:00
Kevin Fenzi
19b66e404b Add matrix well-known files 
Matrix can use some well-known uri's for configuration (rfc 8615).
This commit:
* Sets up fedora.im as a seperate side on proxies that redirects to
  getfedora.org and serves a server and client static matrix file.
* gets fedora.im it's own ssl cert via letsencrypt so it's all valid
  (currently it points to proxies generically and gets the
fedoraproject.org cert)
* Adds config to serve matrix client/server well-known static files for
  fedoraproject.org site.

Note that all the acutal contents of these files are empty for now, but
once our matrix server is up we can fill them in properly and re-run the
playbook. :)

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-08-30 21:53:56 +00:00
Dusty Mabe
de0b7f9df1 openshift-apps/coreos-koji-tagger: fixup specified keytab username 
This was changed slightly when the datacenter moved from phx2.
 2021-08-30 20:24:36 +00:00
Dusty Mabe
ddc89da862 aws-iam-policies: fcos-upload-amis: add ability to clean up AMIs 
Adding DeregisterImage and DeleteSnapshot will allow us to prune
old AMIs from EC2.
 2021-08-30 20:24:36 +00:00
Dusty Mabe
c2ceab0958 aws-iam-policies: fcos-upload-amis: group some policies with other similar ones 
Move CreateSnapshot to be with ImportSnapshot. Move DescribeImageAttribute
to be with ModifyImageAttribute.
 2021-08-30 20:24:36 +00:00
Stephen Smoogen
2272ab1f6f Add in a test to make that the nagios templates try to add in groups 
with no vpn.

Signed-off-by: Stephen Smoogen <ssmoogen@redhat.com>
 2021-08-27 11:05:40 -04:00
Pavel Raiskup
58c451d6ed copr-be: decrease the amount of AWS builders 2021-08-26 21:00:11 +02:00
Pavel Raiskup
288b487bf5 copr-be: use vmhost x86 02 again 2021-08-26 18:59:58 +02:00
Kevin Fenzi
bfb3e7f26d ocp_stg: no vpn here 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-08-26 09:02:12 -07:00
Mark O Brien
5da8595200 os: add access to os control for sysadmin-openshift group 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2021-08-26 15:25:45 +00:00
Kevin Fenzi
0dade64ba2 ocp / staging: tell nagios not to check nrpe/swap/mails on ocp hosts 
By default nagios assumes it can connect to everything in inventory via
nrpe and monitor things like swap and number of emails in the postfix
queue. For ocp hosts running CoreOS we don't want to have nagios
monitor any of that, we only want it to monitor ping (is the host up).
This change is only in vars here, but it needs a noc run to activate, so
it will need a freeze break to run the noc playbook (as noc is frozen).

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-08-26 15:06:12 +00:00
Pavel Raiskup
6574da16d4 copr-be: prefer ppc64le boxes over AWS non-SPOT for source builds 2021-08-26 13:38:39 +02:00
Pavel Raiskup
1e0279cfbb copr-be: deprioritize AWS (all builds) and ppc64le builders for source builds 2021-08-26 11:29:43 +02:00