WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-01 05:51:56 +08:00
Code Issues Packages Projects Releases Wiki Activity
43,401 Commits 9 Branches 0 Tags
7aa7553b84af5dc8efa78e9d8a4e50dde369052d
Commit Graph

214 Commits

Author SHA1 Message Date
Michal Konecny
302e329a54 [ipsilon] Remove secret from w2fm entry for staging 
w2fm doesn't need a secret as it's client application and doesn't use SSO.
 2025-06-03 16:33:36 +02:00
Aurélien Bompard
bcd821a69f Fix typo 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-06-02 14:30:01 +02:00
Akashdeep Dhar
057e02bd1e Add client config for W2FM test environment 
Signed-off-by: Akashdeep Dhar <akashdeep.dhar@gmail.com>
 2025-05-29 09:36:41 +00:00
Michal Konecny
dd230cc1ef [ipsilon] Add toddlers OIDC entry 
Toddlers will not be a standard OIDC client, but we need it to preserve
the toddlers tokens in db-fas01.stg.
 2025-05-22 13:26:00 +02:00
Michal Konecny
9a04135442 [ipsilon] Add blockerbugs OIDC entry 
https://pagure.io/fedora-infrastructure/issue/12516
 2025-05-07 14:47:34 +02:00
Michal Konecny
33c846b516 [ipsilon] Fix redirect URL for staging libravatar 2025-04-24 13:48:03 +02:00
Michal Konecny
a76d88a1f6 [ipsilon] Add libravatar entry for staging 
https://pagure.io/fedora-infrastructure/issue/12493
 2025-04-17 15:57:44 +02:00
Michal Konecny
3a612a4230 [ipsilon] Add OIDC entry for testdays app 
https://pagure.io/fedora-infrastructure/issue/12490
 2025-04-17 13:34:21 +00:00
Adam Williamson
a23c9df05a Make ipsilon static config file public (staging), clean it up 
The only secrets in this file, AFAIK, are the client secrets.
Most of those are already defined as secret variables for the
plays in this repo that deploy the services to use.

So instead of duplicating most of the secrets, and keeping this
file in the private repo where we can't do PRs and editing it is
awkward, let's just make all the client secrets be variables,
and make this file public.

For all the cases where a secret wasn't already defined as a
variable, I've added it, so this should work as-is.

Note that the use of `flask_oidc_dev_stg_oidc_client_secret`
twice is not an error in this PR; that secret was reused for
the staging community blog client config. I have reported this
at https://pagure.io/fedora-infrastructure/issue/12161#comment-963303 .

This also removes the client configurations for several services
which no longer exist.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2025-03-31 23:07:01 +00:00
Adam Williamson
4cd3765cd0 ipsilon: drop obsolete config for beaker and dead bugzillas 
We haven't had a beaker since 2018 or so, and none of these
various staging/test/dev bugzilla instances exist any more.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2025-03-28 18:04:30 +00:00
Michal Konecny
6428f8f772 Sunset github2fedmsg and fedmsg 
This commit is removing all the fedmsg related stuff from ansible
repository.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2025-02-13 10:08:51 +00:00
Ryan Lerch
5bdfe4b1e5 copr and ipsilon - rename yml templates to .j2 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-14 08:37:33 +10:00
Kevin Fenzi
46ca55bcfc ipsilon: update bugzilla.redhat.com saml2 data 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2024-12-03 11:01:49 -08:00
Kevin Fenzi
6d3a53901d ipsilon: just copy the awx metadata in for now since get uri doesnt work for this 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2024-12-02 11:42:52 -08:00
Kevin Fenzi
e3e2cb1d93 odcs: retire service ( infra 12192 ) 
Time to retire ODCS. ELN is moved off and that was the last thing using
it. Thanks for all the service ODCS!

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2024-09-24 18:21:51 +00:00
Jiri Podivin
f513e7cbcd Linting python scripts 
Signed-off-by: Jiri Podivin <jpodivin@redhat.com>
 2024-09-18 19:57:29 +00:00
Michal Konecny
705a839a57 [ipsilon] Remove PDC entries from SAML2 data files 
Forgot to remove it from configuration. This should do the trick.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-08-01 13:22:21 +02:00
Kevin Fenzi
d366194a22 module-build-service (mbs): retire service 
With the EOL of Fedora 38 yesterday, we are no longer building any
modules and can retire our module build service.

Note that toddlers needs to be adjusted still, that will happen after
this.

Thanks for all the modules!

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2024-05-22 13:38:53 -07:00
Kevin Fenzi
9c125b16ea Add aws-pyai group for ticket 11882 
Note that this needs the group created in ipa first and the aws iam
policy setup.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2024-04-18 21:23:57 +00:00
Kevin Fenzi
a60ca7159f nuancier: retire and remove from ansible 
See https://pagure.io/fedora-infrastructure/issue/11371
This service is retired.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-11-15 10:44:00 -08:00
David Kirwan
9c3a24e79a zabbix: Zabbix production configuration 2023-11-09 12:55:26 +00:00
Kevin Fenzi
21a3a4f6ff ipsilon: add SAML2 mapping for aws-openscanhub group 
This adds a mapping for a aws-openscanhub group.
See https://pagure.io/fedora-infrastructure/issue/11384 for more info.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-11-08 22:16:53 +00:00
Francois Andrieu
6af2bb2619 ipsilon: add zabbix stg sp 2023-08-14 16:50:39 +02:00
Francois Andrieu
d86babdfe9 AWX: Initial configuration 2023-07-26 13:34:08 +02:00
Aurélien Bompard
360e184862 FMN: move the old to -old and redirect to the new 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2023-04-26 10:55:25 +02:00
Aurélien Bompard
32938ffc64 Ipsilon: automatically load the SAML2 metadata for PDC in prod as well 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2023-04-20 14:43:10 +02:00
Aurélien Bompard
aa0fbcad18 Ipsilon: automatically load the SAML2 metadata for PDC 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2023-04-20 12:43:24 +02:00
Nick Bebout
6987b8bc1e Add aws-fpl group to ipsilon per mattdm's request 2023-01-10 20:12:27 -06:00
Aurélien Bompard
aa43c7a742 Ipsilon: set CORS headers for OIDC 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-11-22 18:35:44 +01:00
Kevin Fenzi
f183f5262b pagure-stg01 / ipsilon*.stg: split db passwords from stg and prod 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-09-19 13:53:15 -07:00
Mark O Brien
fd0dbee572 add new aws role for readonly access to fcos bucket 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2022-08-03 12:27:30 +01:00
Aurélien Bompard
293cf34e8d Adapt to Ipsilon 3.0.3 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-07-05 17:36:03 +02:00
Mark O Brien
4bd7546413 update bugzilla stage saml 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2022-06-22 20:50:27 +01:00
Mark O Brien
2c46ee6e5e move bugzilla stage to ipsilon stage 
Signed-off-by: Mark O Brien <markobri@redhat.com>
 2022-06-22 20:35:53 +01:00
Kevin Fenzi
a180488e0d ipsilon: drop staging conditional on wsgiscriptalias 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-06-02 15:28:32 -07:00
Kevin Fenzi
4c4be31afb ipsilon / staging: the wsgi is named differently in stg/f36? 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-25 17:42:30 -07:00
Kevin Fenzi
792f082750 Revert "ipsilon / staging: fixes for f36" 
This reverts commit 6d5911cc3c.

Turns out these are the way the new version installs. ;)
 2022-05-25 17:38:04 -07:00
Kevin Fenzi
6d5911cc3c ipsilon / staging: fixes for f36 
The wsgi has changed from /usr/libexec/ipsilon/ipsilon.py to
/usr/libexec/ipsilon, so adjust wsgi and directory perms to handle that.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-05-25 16:58:17 -07:00
Aurélien Bompard
b6390112af amend last commit 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-25 11:22:57 +02:00
Aurélien Bompard
61821fb1ba Update ipsilon to 3.0.1 in prod 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2022-05-25 10:27:02 +02:00
Stephen Gallagher
7d26c4cde9 Use persistent SAML identifiers 
Using "unspecified" will always send just the user's (FAS) username,
which has been known to conflict with existing accounts on Gitlab. The
"persistent" name-id format guarantees uniqueness.

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
 2022-05-11 18:39:05 +00:00
Kevin Fenzi
6260673484 update SAML2 data for bugzilla.redhat.com 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-03-01 16:58:23 -08:00
Kevin Fenzi
9bb24871c3 ipsilon: add saml2 for gitlab.com 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-11-30 15:37:33 +00:00
Aurélien Bompard
286bde8098 Ipsilon: use the pam auth module on staging 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-10-27 10:12:59 +02:00
Clement Verna
ea2354658f Remove fpdc playbooks and config. 
Signed-off-by: Clement Verna <cverna@tutanota.com>
 2021-08-10 20:37:12 +00:00
Kevin Fenzi
79afbb7406 bugzilla: try and update saml2 data for new bugzilla 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-07-31 12:10:38 -07:00
Mattia Verga
15f3dea6a1 Use bugzilla.stage instance after partner-bugzilla shutdown 
Signed-off-by: Mattia Verga <mattia.verga@protonmail.com>
 2021-07-31 17:08:49 +00:00
Kevin Fenzi
f732a95cb3 ipsilon / sssd: try and set ldap_dref_threshold to 0 to improve things with sssd 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-27 11:05:40 -07:00
Aurélien Bompard
06605d7d35 Ipsilon: allow dots in usernames 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-05-27 13:05:33 +02:00
Patrick Uiterwijk
cd8859d7a6 Update RHBZ SAML data 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2021-05-27 07:32:03 +02:00