WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-19 19:46:38 +08:00
Code Issues Packages Projects Releases Wiki Activity
45,326 Commits 9 Branches 0 Tags
8104cee874bae4c5a3e98bab110585b74ac9c80b
Commit Graph

27491 Commits

Author SHA1 Message Date
Kevin Fenzi
8104cee874 anubis-el: rework config to hopefully work with el podman and add key 
Right now, podman on el9 isn't reading the policy correctly.
This is because the env for the unit isn't getting picked up
by podman, so instead pass --env-file to read it from a file.
Also, we want to setup a private key for the download servers
so they all have the same challenge creation (so if you hit 01
you want your challenge to be good on 02, etc).

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-11 12:24:03 -08:00
Kevin Fenzi
b255f7e2df anubis-el: try and widen the cloudfront allow 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-11 09:05:01 -08:00
Kevin Fenzi
d89d391f87 anubis-el: restart on bot policy changes 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-10 15:22:02 -08:00
James Antill
a0cab4f3cc mirror_from_forge: Add mirror_from_forge role, based on mirror_from_pagure. 
Signed-off-by: James Antill <james@and.org>
 2026-02-10 17:19:28 -05:00
Kevin Fenzi
8b94d9a7ce anubis-el: try and match without quotes 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-10 14:13:05 -08:00
Diego Herrera
3a42bab039 Reenable Centos10 sync for EPEL 10.2 mass branching 
Signed-off-by: Diego Herrera <dherrera@redhat.com>
 2026-02-10 18:13:35 -03:00
Kevin Fenzi
c62e1573f7 storinator01: use same vpn ip as it did in rdu-cc 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-10 11:11:39 -08:00
Kevin Fenzi
599656a420 storinator01: add hosts file for rdu3 iso 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-10 10:29:28 -08:00
Kevin Fenzi
53a6ce24f3 anubis: switch this to just allowing CloudFront 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-10 08:26:42 -08:00
Kevin Fenzi
e401686427 anubis: switch this to just allowing all repodata 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-10 07:58:07 -08:00
Kevin Fenzi
145e6794fb anubis: allow .zck files universally on el as well 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-10 07:54:59 -08:00
Kevin Fenzi
5615d1b036 anubis: allow .zck files universally 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-10 07:52:53 -08:00
Aurélien Bompard
90ed56ae7b bugzilla2fedmsg: rebase on RHEL9 + Python 3.11 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2026-02-10 15:29:44 +01:00
Aurélien Bompard
d10f2fe3bc bugzilla2fedmsg: update the staging deployment config for the Kafka port 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2026-02-10 14:58:12 +01:00
Jiri Podivin
11d11c214e Skipping ansible-lint rules, in cases when it makes sense 
Signed-off-by: Jiri Podivin <jpodivin@redhat.com>
 2026-02-10 10:23:23 +01:00
Jiri Podivin
28d40d6e0b Resolving style issues of the logdetective role 
Signed-off-by: Jiri Podivin <jpodivin@redhat.com>
 2026-02-10 10:23:23 +01:00
Jiri Podivin
34eaee695e Opening 8090 port for communication with packit interface server 
Signed-off-by: Jiri Podivin <jpodivin@redhat.com>
 2026-02-10 10:23:23 +01:00
Jaroslav Groman
09859d9acc Update source branch for Quality apps in staging OpenShift 
Signed-off-by: Jaroslav Groman <jgroman@redhat.com>
 2026-02-09 20:55:08 +00:00
Ryan Lerch
080db33424 turn of new projects UI for production 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2026-02-09 12:37:51 +10:00
Pavel Raiskup
30c0defe44 copr-backend: more verbose machine termination 2026-02-07 21:08:10 +01:00
Kevin Fenzi
a9acbd4c0e bodhi/openshift: restore dropped cd to the right directory 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-06 10:17:14 -08:00
Kevin Fenzi
dc3fda7f45 bodhi/openshift: fix missing / 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-06 09:59:07 -08:00
Kevin Fenzi
9503d8df11 bodhi / openshift: adjust critpath to pull from forge instead of pagure.io 
releng moved things from pagure.io/releng to
forge.fedoraproject.org/releng/tooling

Adjust this cron to do likewise.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-06 09:54:04 -08:00
Patrik Polakovič
46fbcc5567 Branch Fedora 44 from Rawhide 
Signed-off-by: Patrik Polakovič <patrik@alphamail.org>
 2026-02-05 19:10:58 +00:00
Greg Sutcliffe
0bb245c653 Zabbix | Rabbit: Fix hardcoded STG entry in zabbix agent drop-in 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2026-02-05 11:12:42 +00:00
Miroslav Suchý
6092f3bdb2 set swappiness to 10 for copr machines 2026-02-04 20:45:38 +01:00
Ryan Lerch
1d6aa6f15a [webhook2fm] fix typo from 8a61479d64 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2026-02-04 11:18:10 +10:00
Ryan Lerch
8a61479d64 [webhook2fm] update staging rediurect URIs 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2026-02-04 11:06:52 +10:00
Ryan Lerch
a36c5a7a16 [forge] add staging ips to webhook ALLOWED_HOST_LIST settings 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2026-02-04 10:21:35 +10:00
Ryan Lerch
a425f8715f [forge] set default merge style to rebase 
fixes: forge/forge#353

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2026-02-04 09:24:20 +10:00
Ryan Lerch
6aab5d6da0 [forge] update ALLOWED_HOST_LIST for webhooks to include internal ips 
fixes: forge/forge#368

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2026-02-04 09:20:26 +10:00
Pavel Raiskup
8e09c0498e copr-be: keep one machine running for Kevin's debugging 2026-02-02 16:55:54 +01:00
Kevin Fenzi
29a00a8986 bastion: fix conditional for ssh tcpforwarding 
I copy pasted this and left a 'not' in there that made this backwards.
Fix the conditional.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-01-31 08:20:16 -08:00
Kevin Fenzi
423f7c0c52 pagure / dist-git: drop hotfix that was pulled into rpm 
We pulled this fix into the epel8 rpm we are using, so we shouldn't try
and apply it here also.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-01-31 08:18:00 -08:00
Kevin Fenzi
c86adb0115 vmhost-x86-copr01: update mac addesses 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-01-30 13:59:30 -08:00
Kevin Fenzi
278d9427f8 bastion: allow ssh tcp forwarding on bastion hosts 
We need this in order to be able to use them as jumphosts with ssh.
Without it, there's no easy way to get to any internal machines.
Just enable it here and leave the default off.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-01-30 11:16:01 -08:00
Kevin Fenzi
5091fd4373 ocp-rdu3: retire this host/proxy/cert now that we are moved 
There's no need to keep ocp-rdu3 around anymore, we only used
it when we were moving datacenters last year.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-01-30 10:35:10 -08:00
Kevin Fenzi
1bf508dc18 Revert "[robosignatory] Increase the prefetch value" 
This reverts commit 4fdd0c9fca.

This causes robosignatory's priorities to not work.
We want to handle some requests before others, but if we prefetch 25 of
them, there could any mix of requests and we wouldn't process the most
important ones first.
 2026-01-30 09:39:58 -08:00
Kevin Fenzi
2d28e5de7b hosts: set specific gateway for a few iso hosts 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-01-30 09:21:17 -08:00
Aurélien Bompard
72fad29431 Ipsilon: fix the GNOME Damned Lies redirect URL 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2026-01-30 13:03:59 +01:00
Lukas Holecek
81e4fef760 resultsdb: Update image repositories 
ResultsDB frontend and backend image builds where moved to Konflux.

See also the discussion in PR:
https://github.com/release-engineering/resultsdb_frontend/pull/17
 2026-01-29 18:13:15 +00:00
Kevin Fenzi
da680d4ee9 robosignatory: sign f44 also with the f45 ima key 
We are resigning in prep for branching next week, we need to also make
sure to sign things with the f45 ima key.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-01-29 09:19:51 -08:00
David Kirwan
5de7e7921b forgejo: add backup/pruning cronjobs 
Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
 2026-01-29 15:48:00 +00:00
David Kirwan
b5da9bfcc7 forgejo: modify backups pruning retention 
Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
 2026-01-29 15:39:21 +00:00
David Kirwan
0f1dbc8094 forgejo: Add backup handling scripts to ansible role 
Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
 2026-01-29 15:07:15 +00:00
Michal Konecny
10c25c08f4 [flatpak-indexer] Make the deployment simpler 
Update the deployment for quay.io changes to make the whole deployment
simpler.
Staging is now pointing to quay.io only. See
https://forge.fedoraproject.org/infra/tickets/issues/11543 for more
details about these changes.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2026-01-29 13:50:08 +01:00
Ryan Lerch
8782797c47 [forge] fix group mapping syntax error 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2026-01-29 14:29:14 +10:00
Ryan Lerch
a9c38bf0b3 [forge] add team mapping for forge-workstation-owners 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2026-01-29 14:21:10 +10:00
Kevin Fenzi
0f4db8328d Add siguldry pesign bridge role to switch pesign to sigul 
This role is intended to be run on a build{vm|hw} machine that is in the
secure-boot channel in koji. It sets up the siguldry pesign-bridge that
allows builds done there to call pesign to sign artifacts by bind
mounting a socket into the mock chroot.
This then calls sigul's pesign client which sends the artifact to the
sigul vault via the sigul bridge for signing. The vault has access to
a secure token to sign the artifact with.

This should (once confirmed working) replace the roles/bkernel role that
used a secure card that was directly attached to a buildhw device.

This should allow us to add support for aarch64 as well as more easily
use different hardware or vm's as any of them could be setup to query
the sigul server.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-01-29 00:58:41 +00:00
Mattia Verga
c98a72f0c2 bodhi: update to 25.11.3 and disable returning celery results 
Signed-off-by: Mattia Verga <mattia.verga@tiscali.it>
 2026-01-28 16:34:23 +00:00