WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-04 19:22:32 +08:00
Code Issues Packages Projects Releases Wiki Activity
35,174 Commits 9 Branches 0 Tags
94de49399ac7b579dc7e90bdc42f30044f1f60c0
Commit Graph

140 Commits

Author SHA1 Message Date
Pavel Raiskup
0d070d1941 copr-dist-git: correct patch reference 
Complements 8a08f87d43
 2021-06-02 08:35:03 +02:00
Pavel Raiskup
8a08f87d43 copr-dist-git: fix failing Thunderbird import 
Fixes: https://pagure.io/copr/copr/issue/1700
 2021-06-02 08:32:39 +02:00
Pavel Raiskup
0aede26200 copr-dist-git: simplify cgitrc config, #2 
See previous commit.
 2021-04-27 22:16:01 +02:00
Pavel Raiskup
4e95c76e0b copr-dist-git: simplify cgitrc config 
This is a missing step after:
2e64a15058
 2021-04-27 22:01:45 +02:00
Miroslav Suchý
8cba3702a0 copr: enable prune-dist-git.py 2021-03-29 13:21:12 +02:00
Miroslav Suchý
69e2bd3cb1 copr: define git_gc_depth for copr-dist-git 2021-02-10 12:28:33 +01:00
Pavel Raiskup
2d47ed082f copr-dist-git: drop swap re-mount 
Swap is mounted by tasks/swap.yml.
 2020-11-18 14:01:53 +01:00
Pavel Raiskup
b9bcba056a copr: dist-git: disable copr-dist-git pruner for now 
Per logs sent to us by crond, I suppose there's some bug.
 2020-04-24 21:34:26 +02:00
Miroslav Suchý
ba99028573 copr: mount this swap only on prod 2020-04-24 21:34:25 +02:00
Miroslav Suchý
c0b8624dc4 copr: typo 2020-04-24 21:34:25 +02:00
Miroslav Suchý
18519c9a09 copr: enable swap on be, fe, dist-git 2020-04-24 21:34:25 +02:00
Jakub Kadlcik
795ff4e021 copr: ensure that .config directory exists 2020-04-24 21:34:25 +02:00
Jakub Kadlcik
5ce2fa72b3 copr: automatically prune distgit repos 2020-04-24 21:34:25 +02:00
Pavel Raiskup
e49912067a copr-dist-git: add missing task names 
So we can better orient in playbook output.
 2020-04-24 21:34:24 +02:00
Pavel Raiskup
2d1b607186 copr-dist-git: disable cgit periodic scanning 
That is taking too long, and eats too much io probably (complicates
rsyncing to aws).
 2020-04-24 21:34:24 +02:00
Miroslav Suchý
25b43d9a38 copr: restart copr-dist-git service when config change 2020-04-24 21:34:24 +02:00
Miroslav Suchý
9c7be4c67e copr: correct path to ssl cert 2020-04-24 21:34:24 +02:00
Miroslav Suchý
5723472a5c copr: do not run services on dist-git until migration is done 2020-04-24 21:34:24 +02:00
Pavel Raiskup
35d3004667 copr: drop rest of hot-fix patch files 2020-04-24 21:34:22 +02:00
Pavel Raiskup
70c25021cc copr: update infrastructure password 
https://pagure.io/fedora-infrastructure/issue/8555
 2020-04-24 21:34:21 +02:00
Pavel Raiskup
a73a64213d copr: dist-git: try one hotfix patch 2020-04-24 21:34:18 +02:00
Pavel Raiskup
3cc27430b6 copr: rework letsencrypt 
We need two-phase configuration for Let's Encrypt:

1. initialize; the letsencrypt automation, this is happening only
   once per VM (when it is spawned)
2. periodic; using certbot-renew.timer.

Both those phases are now wrapped into copr/certbot role.

Phase 1. needs to be done before the web-server is started (so
include the role on appropriate place in the playbook), so we can
do 'certbot --standalone' (bounds to port 80).
Phase 2. is accomplished using the running web-server, using
'certbot renew --webroot'.

If (and only if) the certificate is renewed, web server needs to
be restarted (and lighttpd needs to have post-processed
certificate format).  So we also need the deploy hook script in
hand (two actually, lighttpd/httpd) so 'certbot renew'
automatically does what we expect it to do.
 2019-07-19 11:20:00 +02:00
Pavel Raiskup
ab78c47a51 copr: letsencrypt: don't force renewal daily 
The `renew` command will automatically renew the certificate once
the validity is smaller tan 30 days:
https://certbot.eff.org/docs/using.html?highlight=renew#renewing-certificates
 2019-07-18 14:28:46 +02:00
Pavel Raiskup
2b238c9c88 copr: dist-git: install nfs-utils package 
This is needed since we are going to move to NFS storage soon.
 2019-07-17 10:16:59 +02:00
Jakub Kadlcik
742f68d258 I've added some templates, but forgot to install them 2019-06-11 02:17:13 +02:00
Jakub Kadlčík
022ed16be9 Fix indentation 2019-06-07 00:17:24 +02:00
Jakub Kadlčík
f68efa7797 copr-dist-git: automatize cert renewal with certbot-renew.timer 2019-06-07 00:02:48 +02:00
Jakub Kadlčík
49d6f8343d copr: distgit: fix selinux context for letsencrypt, see d6b034984 2019-06-04 14:35:05 +02:00
Jakub Kadlčík
96de11a1bf Create manual playbooks for upgrading Copr instances 
There is a problem with our current playbooks, that they can be
executed automatically without us knowing about it. That is an issue
particularly during release process because we can prepare new
packages into infra-tags repo or bodhi and a nightly reprovision
can upgrade to them outside of an outage window or any of us being
prepared for it.

Therefore `groups/copr-*.yml` playbooks *should not* upgrade any
packages, but only ensure, that those packages are installed. For
upgrade, there should be separate `manual/copr/copr-*-upgrade.yml`
playbooks. Because they are located under `manual` directory, it
is secured, that they can't be run automatically.
 2019-05-01 18:39:27 +02:00
Miroslav Suchý
16c80501f5 copr: squash_actions is deprecated 2019-04-02 10:27:39 +02:00
clime
81ede91dd7 copr-dist-git: enable ssl conf for letsencrypt 2018-06-29 11:19:13 +02:00
clime
0adb8eaabc copr-dist-git: add exception for acme challenge, fix indenting 2018-06-29 11:03:44 +02:00
clime
04f75f2423 copr-dist-git: include certbot role 2018-06-29 10:41:16 +02:00
clime
4daee14690 copr-dist-git-dev: install ssl.conf 2018-06-29 10:33:03 +02:00
clime
1fa75c53fa copr-dist-git-dev: include certbot role 2018-06-28 14:23:12 +02:00
Kevin Fenzi
a8714caab3 first cut at changing all the old |changed to is changed per ansible deprecations 2018-05-07 23:51:48 +00:00
clime
6122dd4901 copr-dist-git: create directory for custom SELinux policies 2018-01-03 14:18:43 +01:00
clime
c0631fed5d copr-dist-git: give map permission on git_user_content_t to cgit 2018-01-03 14:07:40 +01:00
Kevin Fenzi
afef097a3d switch all the include tasks to import tasks 2017-10-17 17:37:03 +00:00
Kevin Fenzi
a4ca0db30c more include cleanups 2017-10-15 20:22:53 +00:00
clime
6d2dadf8b5 copr-dist-git: switch selinux to enforcing 2017-07-31 09:39:15 +02:00
clime
420205573a copr-dist-git: remove no longer needed groups 2017-07-19 19:20:43 +02:00
clime
1a29d4f8c9 copr-dist-git: install scl-utils-build to able to parse scl-enabled specfiles 2017-07-18 16:14:59 +02:00
clime
474f0c5648 copr-dist-git: pre-create some more groups 2017-06-27 22:27:27 +02:00
clime
aa871d3842 copr-dist-git: raise number of inodes for the mounted tmpfs volume 2017-06-09 08:14:50 +02:00
clime
fedf0525b0 copr-dist-git: make /tmp tmpfs mount larger in size 2017-05-23 11:22:02 +02:00
clime
ca805c553d copr-dist-git: logrotate fix 2017-04-11 02:46:31 +02:00
clime
af9ab8ce5d copr-dist-git: adjust cron script to new Git repo path 2017-04-11 02:46:31 +02:00
clime
c470ebc124 copr-dist-git: remove unnecessary chown on /var/lib/copr-dist-git 2017-04-11 02:46:31 +02:00
clime
fba2becab3 copr-dist-git: use now what is built in @copr/copr-dev and @copr/copr repos 2017-04-10 15:23:09 +02:00