Looks like the scrapers are hitting the download servers now.
So, look at setting up an anubis pod there like we did for pagure.
anubis package isn't available for epel9, so we just use the container.
Will test this with dl01 and tweak until it's working.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
It seems like somebody just copied the production tasks for staging
without changing the LDAP domain, which caused the staging task to fail.
This commit is fixing that. And tagging the related tasks as well.
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
This isn't really a 'buildhw', but it's pretty close.
It's an lpar on a power10 box.
I'm making it a hw builder in staging because if we tried to make
it a bvmhost and put vm's on it, we would need to setup macvtap, which
would be fine, but extra complication where we don't really need it in
staging currently.
01 will be created once we reconfigure the one thats currently serving
as bvmhost-p10-01. Which will happen after we move 1/2 the builders
off to a new bvmhost-p10-02 lpar on this same second power10.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
We had this set before the dc move in iad2, but we didn't ever setup the
config to enable it in rdu3.
This should do that.
Note that I have already manually enabled it, and this should just
ensure that it's enabled if we reinstall or move to the next datacenter.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This adds network block device encryption to the 3 (so far) power9's in
rdu3. This will allow them to unlock encrypted partitions from our
tang server(s).
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This works around a weird problem in rdu3. Proxies have connections to
kojipkgs timeout if the local port is over 32k. We aren't sure why this
happens yet, but this seems to work around the problem for now.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This will setup things on proxies, but will not actually cause any
traffic to start using it yet. Will make sure this is all working before
moving to the next step of enabling a site.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This copies the excellect copr/anubis role to a more generic top level
one. It allows for using a different env per ipa_host_group (but we
could also just add more cases in there) or a default one if that isn't
found.
It moves the defaults and policies to template so we can include a
static key from ansible-private if we like.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
