WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-30 13:32:30 +08:00
Code Issues Packages Projects Releases Wiki Activity
43,401 Commits 9 Branches 0 Tags
7aa7553b84af5dc8efa78e9d8a4e50dde369052d
Commit Graph

388 Commits

Author SHA1 Message Date
Kevin Fenzi
ebe5fa82a1 rdu3: fix a logic conditional thinko 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-05-21 16:28:25 -07:00
Kevin Fenzi
835a7156c1 rdu3: fix ps1 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-05-21 16:05:48 -07:00
Kevin Fenzi
b9518cd6cd rdu3: set root prompt for rdu3 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-05-21 15:40:38 -07:00
Kevin Fenzi
174789bad7 base: try and handle undefined external 
Right now we have to add external to everything in iad2, but most of it
isn't external at all. This way we can just assume it's not external if
it's not defined and just define it on the ones where it's true.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-04-28 12:27:23 -07:00
James Antill
50d04f6e95 Remove nftables cron and disable service, when using iptables (for backout). 
Signed-off-by: James Antill <james@and.org>
 2025-04-11 00:33:11 +00:00
Kevin Fenzi
b9eb773848 ipsilon: change crypto policy back to default 
Since https://pagure.io/fedora-infrastructure/issue/12321
is fixed on the bugzilla side, we should be able to move back
to using DEFAULT.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-03-19 20:39:56 +00:00
James Antill
69911c5d72 Enable IPv6 nftables. 
Signed-off-by: James Antill <james@and.org>
 2025-03-04 14:31:54 -05:00
James Antill
e83b42b572 Remove iptables cron and stop/disable services, when using nftables. 
Signed-off-by: James Antill <james@and.org>
 2025-03-04 14:14:37 -05:00
James Antill
4fac049b6a Actually install the nftable template file. 
Signed-off-by: James Antill <james@and.org>
 2025-03-03 21:20:30 +00:00
James Antill
31d65aa439 Actually move to nftables for any host with nftables: true (nothing atm). 
Signed-off-by: James Antill <jantill@redhat.com>
 2025-03-03 21:20:30 +00:00
Michal Konecny
2ec055db6f Use first uppercase letter for all handlers 
This will unify all the handlers to use first uppercase letter for
ansible-lint to stop complaining.

I went through all `notify:` occurrences and fixed them by running
```
set TEXT "text_to_replace"; set REPLACEMENT "replacement_text"; git grep
-rlz "$TEXT" . | xargs -0 sed -i "s/$TEXT/$REPLACEMENT/g"
```

Then I went through all the changes and removed the ones that wasn't
expected to be changed.

Fixes https://pagure.io/fedora-infrastructure/issue/12391

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2025-02-10 20:31:49 +00:00
Kevin Fenzi
77fe8423e0 base: drop system_identification 
We don't need or want this anymore since CSI is gone/dead.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-01-28 10:49:57 -08:00
iamyaash
b3d6a90b9a motd generic template added 
migrated notes from infra/hosts

motd changes; excluding CSI infos

removed csi_* vars from group_vars; converted csi_purpose & csi_relationship into notes

fixed merge conflicts

minor changes; var

updating YAMLs & playbooks

udpated YAMLs & playbooks again

updated correctly; buildhw.yml

fixing merge conflicts

dest added in motd.yml
 2025-01-28 01:10:14 +00:00
Kevin Fenzi
e196958322 base: fix another handler case 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-01-16 14:52:49 -08:00
Kevin Fenzi
1e77199920 base: fix more handler renaming issues 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-01-16 14:44:00 -08:00
Ryan Lerch
47c68f478d ansiblelint fixes - fqcn[action-core] - template to ansible.builtin.template 
Replaces references to template: with ansible.builtin.template

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-15 11:30:29 +10:00
Ryan Lerch
3c41882bb0 ansiblelint fixes - fqcn[action-core] - shell to ansible.builtin.shell 
Replaces references to shell: with ansible.builtin.shell

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-15 11:29:10 +10:00
Ryan Lerch
25391e95b7 ansiblelint fixes - fqcn[action-core] - package to ansible.builtin.package 
Replaces many references to  package: with ansible.builtin.package

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-15 11:28:00 +10:00
Ryan Lerch
462176464b ansiblelint fixes-- fqcn[action-core] - command to ansible.builtin.command 
Replaces many references to  command: with ansible.builtin.command

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-15 11:26:47 +10:00
Ryan Lerch
6a3816dfdc ansiblelint fixes-- fqcn[action-core] - copy to ansible.builtin.copy 
Replaces many references to 'copy' with ansible.builtin.copy

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-15 10:43:31 +10:00
Ryan Lerch
62952df107 ansiblelint fixes-- fqcn[action-core] - file to ansible.builtin.file 
Replaces many references to  file: with ansible.builtin.file

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-15 10:41:52 +10:00
Ryan Lerch
691adee6ee Fix name[casing] ansible-lint issues 
fix 1900 failures of the following case issue:

`name[casing]: All names should start with an uppercase letter.`

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-14 20:20:07 +10:00
Kevin Fenzi
6743920113 crypto-policies: fix copypasta for ipsilon servers 
Looks like this conditional was copied and I failed to update the name.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2024-12-15 10:28:34 -08:00
Kevin Fenzi
c11d415d86 crypto-policies / ipsilon: set policy to FEDORA40 on ipsilon servers 
We need this policy to get bugzilla SAML2 auth working (for now)
See https://pagure.io/fedora-infrastructure/issue/12321

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2024-12-13 10:29:42 -08:00
Pavel Raiskup
501b5ce8de copr: skip the base's rootpw settings 2024-11-29 18:51:16 +01:00
Ryan Lerch
89f6f1fc32 Fix majority of remaining yamllint warnings and errors 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2024-11-28 17:31:45 +10:00
Kevin Fenzi
43fa9928d6 dns: adjust crypto policy to be idempotent 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2024-10-13 10:30:51 -07:00
Kevin Fenzi
a018c15c33 dns: all nameservers are rhel9 now 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2024-10-13 09:44:13 -07:00
James Antill
602723ed45 Compress fedora_stats *.log files automatically with xz. 
Signed-off-by: James Antill <james@and.org>
 2024-07-17 19:17:40 +00:00
Stephen Smoogen
432a3a497b Go through and remove entries for EL6 and EL7 
Using `git grep el6` and `git grep el7` and variants like EL-7 or
el-7, I found various entries and files which were no longer needed
with the current ansible. I updated text or tests to later versions of
RHEL as needed.

found entries for the fedora ami's for the original cloud and removed
those entries also.

Signed-off-by: Stephen Smoogen <ssmoogen@redhat.com>
 2024-07-03 22:20:30 +00:00
Kevin Fenzi
4a6cb460ca buildvm_s390x in boston: retire 
We have moved over to the rdu mainframe, drop all the bos kvm hosts.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2024-02-27 08:33:41 -08:00
Kevin Fenzi
dd12a25400 logrotate: this has to replace the rsyslog file, not add rsyslog-logroate 
Missed this in review, but if we do this it causes logrotate to error
out because there's a rsyslog and a rsyslog-logrotate files with the
same log files mentioned. So, we need to just replace the stock rsyslog
file and not use the ryslog-logrotate one. ;)

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2024-01-17 08:47:07 -08:00
Michal Konecny
b502cbbc19 [base] Fix proxy playbook 
https://pagure.io/fedora-infra/ansible/pull-request/1718 introduced failure when
running proxies ansible playbook, this commit should fix that.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-01-16 10:42:27 +01:00
Andrew Heath
f97666a75d Add logrotate for proxy systems 
Added rsyslog logrotate cong for proxy systems and a task land the
configs as well as fix some yamllint errors.
 2024-01-15 09:55:20 +00:00
Kevin Fenzi
e8a7d63a5e base: run update with force to make sure its setup right 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-11-27 13:30:56 -08:00
Kevin Fenzi
4cd2c924c3 smtp-auth: actually install the master.cf file too 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-11-15 17:51:16 -08:00
Kevin Fenzi
590819397c blocklist: drop output for now until I can sort out why its outputting anything 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 18:18:51 -07:00
Kevin Fenzi
3200014f8f base / blocklist: use bool filter 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 16:15:44 -07:00
Kevin Fenzi
a57c71a170 base: tag blocklist 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 15:36:15 -07:00
Kevin Fenzi
623c0f45bd base / iptables: rework how this blocklist works 
Just rip out the parts here as they are no longer needed.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-08-15 12:41:54 -07:00
Kevin Fenzi
0fb53e0fba base: only compress logs on log01, not everything 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-06-27 08:31:31 -07:00
Kevin Fenzi
e06db2465a base / iptables: fix last conditional 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-06-26 13:27:06 -07:00
Kevin Fenzi
f1eaa5d773 base / iptables: simplify logic 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-06-26 13:23:38 -07:00
Kevin Fenzi
03abad159d base / iptables: one more typo 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-06-26 13:04:43 -07:00
Kevin Fenzi
c5773c8c45 base / iptables: fix some syntax issues 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-06-26 13:04:15 -07:00
Kevin Fenzi
765363e04d base / iptables: fix protocol, use creates for commands 
iptables -p is expecting all, not any.
And create a file to track when we have made the ipset.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-06-26 12:58:21 -07:00
Kevin Fenzi
fbe288a422 base / iptables: adjust conditional to not depend on datacenter for non iad2 hosts 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-06-26 12:52:25 -07:00
Kevin Fenzi
679f7f6f16 iptables: clean up osbuild and add a external block set scaffolding 
Setup osbuild so it only needs to exist on the specific builders in the
osbuild channel, not all builders.
Also, setup things so we can add a blocklist that will block external
subnets/ip's if we need to do so. Currently it should just be an empty
set, but we can implement it as needed/desired starting with the ips we
already were blocking on just some hosts.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-06-26 12:41:07 -07:00
Seddik Alaoui Ismaili
b79003cfda compress merged logs under /var/log/hosts 2023-06-22 20:50:46 +00:00
Pavel Raiskup
bee7b64fe5 main.cf files need to be moved before we claim they are templates 
Revert "postfix: install main.cf as template"

This reverts commit 57f75cbcab.
 2023-06-19 10:39:39 +02:00