WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-06-27 23:57:02 +08:00
Code Issues Packages Projects Releases Wiki Activity
33,823 Commits 9 Branches 0 Tags
8f453535dcf14bef9eeeace2dafa25af5ad60794
Commit Graph

33823 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nils Philippsen
8f453535dc ipa/client: Improve naming HBAC, sudo rules 
Rename:
- "group/sysadmin-main" to "usergroup/sysadmin-main" to prepare for
  using host groups
- "sudo/all" to "all-users/sudo" likewise to make it apparent that it's
  about users and to put the resource last to which access is granted

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-01-22 16:05:16 +00:00
Nils Philippsen
71e625c0fd ipa/client: Set config tag in main playbook 
This avoids having to add the tag to every individual task (or
forgetting it).

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-01-22 16:05:16 +00:00
Pavel Raiskup
8c079d8cc3 copr-be: fix bug in loop, second attempt 
Don't ask for 'devel' instance, but rather for 'letsencrypt'
configuration.
 2021-01-22 17:04:06 +01:00
Pavel Raiskup
a1f67eb0bf copr-be: correct typo in the loop 2021-01-22 16:53:50 +01:00
František Zatloukal
62423cb7fa oraculum: Try a different container name 2021-01-22 16:51:13 +01:00
Pavel Raiskup
e7badfc679 copr-be: experiment with ipv6/ipv4 x 80/443 
This is according to lighttpd best practices?
https://redmine.lighttpd.net/projects/lighttpd/wiki/IPv6-Config#Recommended-IPv6-setup
 2021-01-22 16:30:27 +01:00
František Zatloukal
f615877ec7 oraculum: Fixup containername ... please WORK! 2021-01-22 15:45:56 +01:00
Pavel Raiskup
bbb4460c3d copr-be: re-enable port 80 
The socket statement for :80 needs to be configured, otherwise http://
doesn't work at all.

f025f0cc31
 2021-01-22 15:38:03 +01:00
František Zatloukal
3dae7d40d5 oraculum: Try metadata naming change 2021-01-22 15:36:19 +01:00
František Zatloukal
b138ed235f oraculum: Quote false 2021-01-22 15:24:16 +01:00
František Zatloukal
8be44693c0 oraculum: env False with lowercase "f" 2021-01-22 15:22:33 +01:00
Pavel Raiskup
f025f0cc31 copr-be-dev: last missing part for ipv6? 
The socket config ":80" caused that ipv6 for some reason didn't work.

I could just fix it just by "0.0.0.0:80" - but the overall rule wasn't
useful (thé only redirect there wasn't working).  So I dropped the
overal socket construct, and lighttpd starts working on both IPv4 and
IPv6.

Follow up for 619a163447
 2021-01-22 15:13:26 +01:00
František Zatloukal
29a38663e5 oraculum: Different url for redis 2021-01-22 15:08:29 +01:00
František Zatloukal
7409a20ac4 oraculum: Drop strategy for redis pod 2021-01-22 15:07:26 +01:00
František Zatloukal
94dd02fa8c oraculum: Drop usage of OIDC_CLIENT_SECRETS 2021-01-22 14:57:53 +01:00
František Zatloukal
21d9e4e6c2 oraculum: Secrets 2021-01-22 14:40:30 +01:00
Pierre-Yves Chibon
3392b0d8d7 oraculum: rename the folder in roles/openshift-apps 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-22 14:25:49 +01:00
Pierre-Yves Chibon
accafc1807 oraculum: be consistent on the app name used in the playbook 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-22 14:23:49 +01:00
František Zatloukal
58fa2e99cc packager-dashboard: Initial OpenShift work 2021-01-22 14:10:56 +01:00
Michal Konečný
e04145c5a6 release-monitoring: Change the error threshold 
The previous error threshold seems to be too low, approximately 100
hours before the project is deleted if there is no mapping to downstream
and every check fails. Let's rise this up to 1000 retries, to give more
time to fix.

Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-01-22 11:50:00 +01:00
Patrick Uiterwijk
bb829c914e zezere: Use ubi8-python38 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2021-01-22 10:06:57 +01:00
Patrick Uiterwijk
51f732c592 Zezere is now main branch 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2021-01-22 09:59:54 +01:00
Patrick Uiterwijk
18a8895cc0 zezere: add production build 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2021-01-22 09:56:20 +01:00
Patrick Uiterwijk
c0a32daa34 proxies: add zezere 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2021-01-22 09:53:14 +01:00
Patrick Uiterwijk
46139df277 zezere: use netboot for probes 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2021-01-22 09:39:56 +01:00
Patrick Uiterwijk
de4e3bc238 robosignatory: Fix the KeyID for the f34 Fedora-Infra key 
Fixes: 309026d ("Branching F33 from rawhide")
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2021-01-22 08:21:05 +01:00
Kevin Fenzi
ca4d7dbf7c buildvm_armv7: drop mem down to just under 32gb 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-21 14:05:43 -08:00
Pavel Raiskup
619a163447 copr-be: configure lighttpd to respond on ipv6, too 2021-01-21 14:58:37 +01:00
Nils Philippsen
5c61babf95 ipa/client: Let everybody run the sudo command 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-01-21 13:09:14 +01:00
Nils Philippsen
30a1125298 Don't flag checking task as changed 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-01-21 13:08:44 +01:00
Nils Philippsen
4016aca36c MBS stg: lists should be lists 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-01-21 12:59:14 +01:00
Nils Philippsen
5d5cc85d3a MBS stg: Give relevant groups sudo access 
These groups are allowed to run any command as any user on MBS
frontend/backend hosts in staging.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-01-21 12:36:12 +01:00
Nils Philippsen
eb6cca1aec MBS stg: remove FAS compatible variable 
The ipa/client role prefers ipa_client_shell_groups over
fas_client_groups, the variable used by the fas_client role, which isn't
applied to MBA frontend/backend hosts in staging.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-01-21 12:35:26 +01:00
Nils Philippsen
295564bfbc ipa/client: add site-wide & host-based sudo rules 
This also uses HBAC to let all IPA accounts use the sudo command, so
what some user or group may use it for just has to be configured with
sudo rules in IPA.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-01-21 10:21:16 +00:00
Nils Philippsen
5cfd6bd10b ipa/client: Don't create groups 
Rather than creating groups (e.g. those configured for shell access) in
IPA, just verify they exist and fail otherwise.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-01-21 10:21:16 +00:00
Nils Philippsen
dd721909b7 ipa/client: Let sysadmin-main use all services 
It would be embarrassing to lock ourselves out.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-01-21 10:21:16 +00:00
Nils Philippsen
31edc2419f ipa/client: Separate cluster-wide & host tasks 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-01-21 10:21:16 +00:00
Silvie Chlupova
45c6b2d5a3 copr: letsencrypt configuration for copr-fe production instance 2021-01-21 08:50:21 +00:00
Pierre-Yves Chibon
8b0ec42622 pagure: send the logs to stderr instead of stdout 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-20 23:08:38 +01:00
Pierre-Yves Chibon
8850720c2e distgit/pagure: send the logs to stderr instead of stdout 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-20 23:08:04 +01:00
Kevin Fenzi
21ca5bebe9 db01: backup resultsdb 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-20 12:00:34 -08:00
Kevin Fenzi
723e97e5f3 resultsdb / staging: fix name from old phx2 resultsdb to new iad2 one 
In phx2 we had resultsdb-stg01.qa.fedoraproject.org, but now in iad2, we
have resultsdb01.stg.iad2.fedoraproject.org.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-20 11:29:59 -08:00
Michal Konečný
7814a8a649 release-monitoring: Lower the amount of error threshold 
The bug that caused to treat "No new version found" as error is now
fixed. So let's set the error threshold to reasonable amount to get rid
of projects that aren't working and are not mapped to anything.

Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-01-20 14:41:47 +01:00
Michal Konečný
52987bfa73 release-monitoring: Don't use cached layers 
The cached layers were root issue of having outdated anitya date,
because the step wasn't run again if there was no change in the
Dockerfile for the step, the cached version was used instead.

Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-01-20 13:39:01 +01:00
Michal Konečný
1c37cb6b1d release-monitoring: Debug Anitya installation during image build 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-01-20 13:07:58 +01:00
Michal Konečný
383b26eb4f release-monitoring: Let's check if we are really using outdated branch 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-01-20 12:57:20 +01:00
Michal Konečný
d7ac247f6b release-monitoring: Add listing of migrations to mid hook 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-01-20 11:10:52 +01:00
Michal Konečný
c304dace68 release-monitoring: Lower the timeouts 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-01-20 10:38:48 +01:00
Aurélien Bompard
95ca01284a Use a template for ipsilon's sssd.conf instead of replacing lines 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-01-20 10:32:33 +01:00
Michal Konečný
0b0566f7ce release-monitoring: Check if db is on head before deployment 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-01-20 09:12:09 +00:00