WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-30 08:50:55 +08:00
Code Issues Packages Projects Releases Wiki Activity
44,194 Commits 9 Branches 0 Tags
7da7d54653e85c387e5a5065d5400445dc61dbae
Commit Graph

44194 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kevin Fenzi
7da7d54653 We are out of f43 beta freeze 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-17 09:44:51 -07:00
Kevin Fenzi
481081a8f9 kickstarts: add rhel10 nodisk kickstart 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-16 11:45:29 -07:00
Jakub Kadlcik
35971cc180 copr-fe: increase PostgreSQL max_connection to 250 
Fix https://github.com/fedora-copr/copr/issues/3838
 2025-09-16 13:09:07 +02:00
Kevin Fenzi
fc8409c673 src / staging: enable anubis for src.stg.fedoraproject.org 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-15 16:02:22 -07:00
Kevin Fenzi
b91301fb34 pagure / staging: switch to just using the defaults for anubis config for now 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-15 15:52:23 -07:00
Kevin Fenzi
f5484874b5 httpd / website: Don't add proxy headers to requests post anubis 
Do not add proxy headers here as they were already added when we
first got the request and sent it to anubis. This fixes some applications
(like mailman/django) that don't deal well with duplicate x-forwarded-for
entries and keeps the non anubis behavior.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-15 11:43:24 -07:00
Kevin Fenzi
8d035ce038 forge / staging: enable anubis here as well 
This is going to be a place that gets tons of load in production as more
things move over to it, so, put it behind anubis in staging to test
that everything works ok with it.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-15 10:59:50 -07:00
Kevin Fenzi
1af19597c7 koschei / staging: enable anubis 
scrapers hitting koschei are a large source of load on db01.stg.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-15 10:49:21 -07:00
Pavel Raiskup
5f294f31a5 copr-be: promote tested builder images to prod 2025-09-14 02:56:13 +02:00
Pavel Raiskup
81f81d1375 copr-be-dev: one more set of VM images 2025-09-13 18:36:05 +02:00
Pavel Raiskup
d5ff132a2b copr-be: promote new golden images from stg to prod 2025-09-13 12:05:09 +02:00
Pavel Raiskup
7aaa0e439b copr-be-dev: try new set of builder images 2025-09-13 10:04:24 +02:00
Kevin Fenzi
70ef039d5d bodhi / staging: enable anubis 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-12 12:10:08 -07:00
Samyak Jain
e726c4f297 F43 Beta RC 1.3 is a GO 
Signed-off-by: Samyak Jain <samyak.jn11@gmail.com>
 2025-09-12 23:21:37 +05:30
Kevin Fenzi
0bcf3c3be5 fedora-packages-static: increase storage to 100G per volume 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-10 14:55:18 -07:00
Kevin Fenzi
734b560f2c websites: anubis config: proxies via ipv4 
Use 127.0.0.1 here, not ipv6.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-10 13:38:46 -07:00
Kevin Fenzi
2c2710eba1 lists.stg: re-enable anubis for debugging 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-10 13:30:13 -07:00
Kevin Fenzi
b1e701ca19 Revert "anubis testing: revert koji.stg and try lists.stg" 
This reverts commit 148660d2c1.
 2025-09-10 12:25:24 -07:00
Aurélien Bompard
adab09b122 Poddlers: unset the KRB5_CLIENT_KTNAME env var, it's already in krb5.conf 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-09-09 16:19:25 +02:00
Michael Winters
b7d069a1fc Increase resource limits for communishift-avant 
Fixes fedora-infrastructure#12776

Signed-off-by: Michael Winters <fedora@mwinters.net>
 2025-09-09 00:44:43 +00:00
Kevin Fenzi
148660d2c1 anubis testing: revert koji.stg and try lists.stg 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-08 17:07:56 -07:00
Kevin Fenzi
65f69ce847 httpd / websites: drop blank link that would change prod 
We are in freeze and don't want to change production, so
drop this blank line that was added outside a staging
conditional.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-08 13:27:43 -07:00
Kevin Fenzi
3c34a93af0 anubis: test on koji.stg 
This just reuses the existing copr anubis role and adds it into our
proxy setup (in staging only).

A new variable 'anubis' is set globally to false, but can be enabled on
a per site / app basis in the httpd/website role call.
I have set it for koji.stg.

The proxy playbook now should install anubis on staging proxies and then
only use it for the one site thats enabled in configuration.

Before moving to prod:
- testing in staging
- testing with some more staging apps
- perhaps moving the copr anubis role to a base role?
- adding some more bot policy

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-08 11:18:05 -07:00
Michal Konecny
f2f340053b Revert "Change which certs are being used" 
This reverts commit 415d134835.
 2025-09-08 14:32:33 +02:00
Michal Konecny
415d134835 Change which certs are being used 
For some reason certs are named differently than the service itself.
Let's fix that.
 2025-09-08 14:07:22 +02:00
Kevin Fenzi
6c16ba558b Fix lint junk 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-05 16:33:08 +00:00
Kevin Fenzi
c2a32e9b80 stg.pagure.io: add anubis pod 
This adds a setup where we have podman pulling the anubis pod and
running it and then proxying requests through it for weighing.

The pod runs as an unpriv 'anubis' user and uses a systemd service file
to manage it.

Changes then are made in httpd config to terminate ssl and then proxy
via anubis. The flow is:

request -> httpd -> anubis/pod -> httpd (pagure wsgi app).

This is already manually setup on stg.pagure.io and this pr
should not change pagure.io any.

If/when we wish to enable this for pagure.io, we just need to adjust the
0_pagure.conf file and the playbook to include the role.

Note that we will want to use a different approach for proxies/other
applications. There we can use the native fedora anubis package, and
will need to adjust templates to handle the middle proxying.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-05 16:33:08 +00:00
Jiri Kyjovsky
55419296b7 copr: fix forgotten item in task 2025-09-05 13:58:37 +02:00
Jiri Kyjovsky
8897f83782 copr: fix typo in badly placed file and forgotten file 2025-09-05 13:47:40 +02:00
Jiri Kyjovsky
f1cc8ca3df copr: create role for anubis 2025-09-05 10:42:40 +00:00
Jakub Kadlcik
72f4323fa8 copr: don't freeze copr servers 
See https://pagure.io/fedora-infrastructure/issue/12746

    $ ./scripts/freezelist -i inventory |grep copr
    NF: copr-be-dev.aws.fedoraproject.org
    NF: copr-be.aws.fedoraproject.org
    NF: copr-dist-git-dev.aws.fedoraproject.org
    NF: copr-dist-git-dev.fedorainfracloud.org
    NF: copr-dist-git.aws.fedoraproject.org
    NF: copr-fe-dev.aws.fedoraproject.org
    NF: copr-fe.aws.fedoraproject.org
    NF: copr-keygen-dev.aws.fedoraproject.org
    NF: copr-keygen.aws.fedoraproject.org
    NF: copr-pulp-dev.aws.fedoraproject.org
    NF: vmhost-p08-copr01.rdu-cc.fedoraproject.org
    NF: vmhost-p08-copr02.rdu-cc.fedoraproject.org
    NF: vmhost-p09-copr01.rdu-cc.fedoraproject.org
    NF: vmhost-x86-copr01.rdu-cc.fedoraproject.org
    NF: vmhost-x86-copr02.rdu-cc.fedoraproject.org
    NF: vmhost-x86-copr03.rdu-cc.fedoraproject.org
    NF: vmhost-x86-copr04.rdu-cc.fedoraproject.org
 2025-09-04 19:18:53 +00:00
Greg Sutcliffe
6c990442c9 Added buildhw-x86-08.rdu3.fedoraproject.org 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-04 14:43:45 +01:00
Jiri Kyjovsky
d0acb4aed9 copr: fix typo in destination file for anubis 2025-09-04 14:27:54 +02:00
Jiri Kyjovsky
3c609c8a4c copr: set up anubis bot blocker for copr-dist-git 2025-09-04 14:04:30 +02:00
Adam Williamson
e1d8d18c3e openqa/server: update and correct aarch64 update asset quota 
We weren't actually applying the quota we had defined (only) for
lab, so both lab and prod had the upstream default (which now
seems to be 200GB, not 100GB). Let's fix it so we do apply the
value, and set it to 250GB for both prod and stg, because we're
now aiming to have full parity in the update test sets between
aarch64 and x86_64, and we have the space on the rdu3 hosts.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2025-09-03 14:19:23 -07:00
Greg Sutcliffe
1b6daba47b Added buildhw-x86-09.rdu3.fedoraproject.org to inventory too 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-03 16:29:40 +01:00
Greg Sutcliffe
02ddf4ebdc Added buildhw-x86-09.rdu3.fedoraproject.org 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-03 15:09:38 +01:00
David Kirwan
5a60c5789c communishift: add project communishift-avant 
Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
 2025-09-03 12:47:06 +01:00
Jiri Kyjovsky
8a848d91a8 copr: fix typo in restarting services 2025-09-02 18:51:19 +02:00
Greg Sutcliffe
4ac40e1cc3 Add buildhw-x86-10.rdu3.fedoraproject.org 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-02 14:39:46 +01:00
Greg Sutcliffe
ce54370f13 Add buildhw-x86-12.rdu3.fedoraproject.org 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-01 13:10:36 +01:00
Miroslav Suchý
f24be45644 copr: bought more reserved aarch64 builder and lower x86_64 
... to accomodate one normal instance running in dev and one running in prod in normal_prod pool.
 2025-09-01 13:47:37 +02:00
Aurélien Bompard
40bb4ef9bf Fix syntax 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-09-01 12:04:13 +02:00
Aurélien Bompard
b2bc91cbff Fixup last commit 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-09-01 11:56:01 +02:00
Aurélien Bompard
bff3307e5e Datanommer: add a cron job for refresh-view 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-09-01 11:53:51 +02:00
Aurélien Bompard
beb724ee65 IPA: setup a permission to modify group managers 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-09-01 11:18:45 +02:00
Miroslav Suchý
2f2a22dcd9 copr: we need at least one aarch on dev 2025-09-01 09:44:01 +02:00
Miroslav Suchý
164047ebba copr: move number of reserved machines to group_var file 
because otherwise max_$ARCH_workers in copr-be.conf does not count them.
 2025-09-01 09:38:39 +02:00
Miroslav Suchý
7de65fa6bf copr: change pools numbers for resalloc 
Adding new aws_powerful variable to group_var.
And do not prealloc too much spot and normal machines because we
have lots of reserved instances.
 2025-09-01 09:23:42 +02:00
Adam Williamson
1af6673587 openqa: ansiblize new aarch64 workers 
Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2025-08-30 11:08:18 -07:00