WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-20 03:57:02 +08:00
Code Issues Packages Projects Releases Wiki Activity
45,000 Commits 9 Branches 0 Tags
7a96ab49e80b4cd19f8b2ecb9f3691c90425f99e
Commit Graph

45000 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Greg Sutcliffe
7a96ab49e8 Zabbix: proxy playbook is erroring, add this new role elsewhere 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-12-11 13:07:13 +00:00
Greg Sutcliffe
56fc4590f7 Zabbix: try simpler role include 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-12-11 13:04:56 +00:00
Greg Sutcliffe
feee862e77 Zabbix: Add grab-bag of SSL checks to proxy01(.stg) 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-12-11 12:59:31 +00:00
Greg Sutcliffe
140a6eb752 Zabbix: Don't hardcode trigger hostnames 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-12-11 11:52:51 +00:00
Greg Sutcliffe
69fd257fd9 Zabbix: add external-check on Pagure certs 
This is a POC on cert checks - it assigns an item to the Pagure host
(not via a template) but the actual check is executed on the Zabbix
server.

In reality, we should probably add LLD to certgetter01 for all the LE
certs, but this is a useful example for other cert types

Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-12-11 11:47:02 +00:00
Pavel Raiskup
e6cbeaa3f9 copr-be: fix the expected string in frontend check 2025-12-11 08:49:37 +01:00
Pavel Raiskup
e0f9b863d1 copr-be: boost the x86 power a bit more in AWS 
(we still don't have x86 hypervisors re-reacked)
 2025-12-11 08:37:11 +01:00
Pavel Raiskup
2bab0054d8 copr-be: fix the frontend check after enabling Anubis 2025-12-11 08:34:38 +01:00
Pavel Raiskup
87a0161df3 copr-fe: anubis: pass through to all /repo/ routes 2025-12-11 08:12:49 +01:00
Kevin Fenzi
4b16351ce0 rdu2-cc to rdu3 dc move reorg 
move all the rdu2-cc machines to rdu3, reconfigure things.

We will want to fill in a bit more info and check each of these before
using them.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-10 14:02:52 -08:00
Kevin Fenzi
fbb3727fa5 retrace03: use vpn for ipa since it's in the ioslated network 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-10 12:48:25 -08:00
Kevin Fenzi
b2edd04363 retrace03: set ipv6 correctly 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-10 12:23:12 -08:00
Kevin Fenzi
d8319efcb2 retrace03: use correct ip var 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-10 12:18:41 -08:00
Kevin Fenzi
c7ee62b09b retrace03: move to rdu3 and reconfigure 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-10 12:12:50 -08:00
Pavel Raiskup
14d3be6b93 copr-fe: anubis: do not protect .repo routes 
This was breaking testing farm.
 2025-12-10 19:54:40 +01:00
Greg Sutcliffe
353458e043 Zabbix: Deploy external-scripts to Zabbix server 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-12-10 17:17:36 +00:00
James Antill
c4bdc997e3 log*: Compress combined-http on a 12 day cycle. 
Signed-off-by: James Antill <james@and.org>
 2025-12-10 11:59:44 -05:00
Jiri Kyjovsky
9048e49e6a copr-frontend: fix oidc login behind anubis 
Fix OIDC "Invalid redirect_uri" error (Flask generating http:// URLs).
Since SSL is terminated at the frontend/Anubis, traffic reaches this backend via HTTP.
This forces the application to believe it is running over HTTPS based on the header
forwarded by the trusted frontend, ensuring OIDC redirect URLs are generated with https://.
 2025-12-10 16:33:55 +01:00
David Kirwan
fe703aabcc forgejo: rename task for creating runnervm template, and configuration 
Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
 2025-12-10 15:16:22 +00:00
Pavel Raiskup
50223282e7 copr-fe: deploy anubis 
Relates: https://pagure.io/fedora-infrastructure/issue/12971
Fixes: https://github.com/fedora-copr/copr/issues/4064

Co-authored-by: Jiri Kyjovsky <j1.kyjovsky@gmail.com>
 2025-12-10 16:01:04 +01:00
David Kirwan
1c3923c6dc forgejo: rename runnerhost vm creation task/templates 
Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
 2025-12-10 14:56:34 +00:00
Kamil Páral
44df25b2e7 update owners for Quality apps in OpenShift 
frantisekz, lbrabec and jskladan left the team. Adamwill should own everything,
and jgroman is our new app developer.

Signed-off-by: Kamil Páral <kparal@redhat.com>
 2025-12-10 14:35:07 +00:00
David Kirwan
ad80d54964 forgejo: distgit fix runner configuration task 
Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
 2025-12-10 14:31:14 +00:00
David Kirwan
27186ed2cf forgejo: distgit staging config for ipsilon 
Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
 2025-12-10 14:16:14 +00:00
Greg Sutcliffe
52bee93f7f Zabbix: Use zabbix_api tag for macro/variable setting 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-12-10 10:57:59 +00:00
Greg Sutcliffe
222ecbf573 Zabbix: apply load macro to all copr hosts instead of just the backend 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-12-10 10:54:25 +00:00
Ryan Lerch
f5a1e46632 forge: add seperate group mapping for staging 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-12-10 20:19:29 +10:00
Pavel Raiskup
17fc107bac copr-be: disable storinator backups (the server is being moved) 2025-12-10 09:18:30 +01:00
Kevin Fenzi
144a8e55c4 proxy110: move to f43 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-09 16:16:49 -08:00
Kevin Fenzi
452cb142ac virthost: install collectd on fedora based virthosts 
collectd would be nice on bvmhost-p10-01/02.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-09 15:40:08 -08:00
Kevin Fenzi
f24a9cbda9 dhcpd: fix more duplicates 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-09 13:07:40 -08:00
Kevin Fenzi
a9418545f3 dhcp: fix mgmt ips for rdu2-cc mgmt 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-09 12:06:30 -08:00
Kevin Fenzi
065a89faeb pagure.io: increase processes 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-09 11:34:04 -08:00
Kevin Fenzi
79c110457c proxies: do not sync docs if they are already synced 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-09 11:33:19 -08:00
Greg Sutcliffe
b46074af58 Zabbix: Add the correct shebang to the Datanommer script 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-12-09 17:08:17 +00:00
Greg Sutcliffe
8bea488272 Zabbix: Add Datanommer monitoring to noc01 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-12-09 16:59:35 +00:00
Miroslav Suchý
360d90e907 bump up number of reserved instances 2025-12-09 14:31:52 +01:00
Greg Sutcliffe
426ef4df32 Zabbix: Increase vcpu to zabbix01 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-12-09 10:56:16 +00:00
Tomas Hrcka
aca5a237fc [forge] - Add forge-infra-* groups mappings to infra org 
Signed-off-by: Tomas Hrcka <thrcka@redhat.com>
 2025-12-09 09:30:17 +00:00
Pavel Raiskup
287960a5d6 copr: more power in AWS, since hypervisors are being moved to a different lab 2025-12-09 10:16:57 +01:00
Akashdeep Dhar
23f52cc48a anubis: allow Pagure attachment paths for Fedora Forge references 
Allow attachment file requests (/issue/raw/files/*) through Anubis for
Fedora Forge integration, while maintaining the usual bot protection.

Signed-off-by: Akashdeep Dhar <akashdeep.dhar@gmail.com>
 2025-12-08 22:01:54 +00:00
Akashdeep Dhar
1a58c8ff14 Restrict the changes to the staging environment temporarily 
Signed-off-by: Akashdeep Dhar <akashdeep.dhar@gmail.com>
 2025-12-08 22:00:38 +00:00
Akashdeep Dhar
ed1103649c proxies/forge: proxy attachment requests from Forge to Pagure 
redirect attachment file requests from Fedora Forge to Pagure for migrated
projects, allowing attachments to remain on this existing instance without
needing to be migrated.

Signed-off-by: Akashdeep Dhar <akashdeep.dhar@gmail.com>
 2025-12-08 22:00:38 +00:00
Kevin Fenzi
29a4165b81 nagios: pagure/pagure-stg: adjust smtp ssl check to use external ips 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-08 13:33:03 -08:00
Kevin Fenzi
e2eeee78f2 nagios / pagure.io/stg.pagure.io: setup external hosts for these 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-08 12:46:13 -08:00
Kevin Fenzi
929f957cb2 nagios: fix check_disk on the client side of log01 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-08 12:29:33 -08:00
Kevin Fenzi
a7a060af87 nagios: use logging_rdu3 host group and drop non rdu3 duplicate group 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-08 11:48:31 -08:00
Kevin Fenzi
737608a2e2 Revert "nagios / external: try and put pagure01 in rdu3_external to see if that makes noc02 happy" 
This reverts commit 2d3797de65.

This just adds confusion, try reverting it for now.
 2025-12-08 11:09:56 -08:00
Kevin Fenzi
fd342ee1a4 pagure.io: forbid generating archives from forks 
pagure will generate a zip or gz archive of any particular thing on a
fork. scrapers crawl this and generate an archive for every single
tag in a fork.

Since we don't really need these in forks, lets forbid that.

Users that somehow need an archive for a fork can clone locally and
generate one. Non forks we are leaving enabled at this time as they
can/do use this for releases.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-08 10:15:16 -08:00
Kevin Fenzi
88686312db pagure: enable rewriteengine 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-12-08 10:03:20 -08:00