Michal Konecny
99bebc403e
[ipsilon] Fix jinja2 nesting
...
This time it should be correct.
Signed-off-by: Michal Konecny <mkonecny@redhat.com >
2025-10-02 13:30:56 +02:00
Michal Konecny
ebaab04a7b
[ipsilon] Add missing endif
...
Nesting with jinja2 is somewhat not visible at first glance.
Signed-off-by: Michal Konecny <mkonecny@redhat.com >
2025-10-02 13:11:03 +02:00
Michal Konecny
3ff5d4fc8b
[ipsilon] Enable openid again on production
...
I forgot to specify that the changes are only for staging now, so it
disabled OpenID on production when the playbook was played. Let's fix that.
Signed-off-by: Michal Konecny <mkonecny@redhat.com >
2025-10-02 12:54:50 +02:00
Joel Capitao
60eb1cf3fd
fedora-coreos-pipeline: add access for coreosbot
...
We need coreobot account to be able to access Jenkins WebUI in order
to generate token. This identity will be used by Konflux to trigger
job.
2025-10-02 12:33:08 +02:00
Lenka Segura
8b401a80d7
[poddlers] Make playtime call run on production
...
Signed-off-by: Lenka Segura <lsegura@redhat.com >
2025-10-02 11:40:37 +02:00
Michal Konecny
3b238ac133
[haproxy] Set permanent cookie for openid
...
We originally set header value instead of cookie. This will set it up
and do redirect correctly.
Signed-off-by: Michal Konecny <mkonecny@redhat.com >
2025-10-02 11:28:38 +02:00
Michal Konecny
b8a41de30e
[ipsilon] Fix ansible-lint errors
...
Signed-off-by: Michal Konecny <mkonecny@redhat.com >
2025-10-02 10:09:22 +02:00
Michal Konecny
ca04c6d41a
[ipsilon] Use different repo URL
...
The current repo URL was evaluated as
https://pagure.io/fedora-infra/ipsilon-fedora.git/ which returns 404 on
pagure.io. Let's use just the
https://pagure.io/fedora-infra/ipsilon-fedora , which works even with the
added / at the end.
Signed-off-by: Michal Konecny <mkonecny@redhat.com >
2025-10-02 07:40:48 +00:00
Pavel Raiskup
b22e24a31b
copr-be: copr-upload-builder-images: s/stamp/STAMP/
2025-10-02 09:38:07 +02:00
Michal Konecny
825069860a
[ipsilon] Add OpenID header
...
The ipsilon instance with disabled OpenID authentication still needs to
sent the header for OpenID in response so the authentication could
continue with different instance.
Signed-off-by: Michal Konecny <mkonecny@redhat.com >
2025-10-02 07:25:34 +00:00
Pavel Raiskup
0766abbfb4
copr-be: the image upload script is only valid for 'resalloc'
2025-10-02 09:20:46 +02:00
Pavel Raiskup
1cd0278ae8
copr-be: copr-upload-builder-images: better script name
...
It now lives in /usr/local/bin/copr-upload-builder-images
2025-10-02 09:16:38 +02:00
Pavel Raiskup
5da23ab9dd
copr-be: copr-upload-builder-images: allow upload filtering
...
New variables $TARGETS and $ARCHES that allow us to filter like:
TARGETS=ec2 ARCHES=aarch64 ...
2025-10-02 09:16:35 +02:00
Aurélien Bompard
703e67fd2d
Allow W2FM to send gitlab events
...
Fixes: https://pagure.io/fedora-infrastructure/issue/12816
Signed-off-by: Aurélien Bompard <aurelien@bompard.org >
2025-10-02 08:52:33 +02:00
Kevin Fenzi
9f07b11d13
dhcpd: fix buildhw-a64 entries.
...
Signed-off-by: Kevin Fenzi <kevin@scrye.com >
2025-10-01 18:42:38 -07:00
Kevin Fenzi
7878f57f3d
dhcpd: add some more a64 buildhw
...
Signed-off-by: Kevin Fenzi <kevin@scrye.com >
2025-10-01 17:09:45 -07:00
Pavel Raiskup
044396b595
copr-be: drop unused patch
2025-10-02 01:25:23 +02:00
Pavel Raiskup
a896c86e7a
copr-be: new AMIs (old removed due to missing FedoraGroup=copr tag)
2025-10-02 01:25:22 +02:00
Adam Williamson
31a4e54d52
greenwave policy: gate updates on aarch64 Workstation tests
...
We enabled these a month ago, so gating on them now should be OK.
Signed-off-by: Adam Williamson <awilliam@redhat.com >
2025-10-01 11:46:29 -07:00
Adam Williamson
6aca256d37
greenwave policy: gate updates on several tests enabled last year
...
These were all enabled in
https://pagure.io/fedora-qa/os-autoinst-distri-fedora/c/d88c8e4
last year, so should be fine to gate on them now. Note, I
accidentally disabled desktop_keyring on KDE soon after, so we
can't gate on that. I've just turned it back on again.
Signed-off-by: Adam Williamson <awilliam@redhat.com >
2025-10-01 11:46:29 -07:00
Adam Williamson
94171b3608
greenwave policy: gate updates on desktop_login
...
We've been running it since July, so this should be fine.
Signed-off-by: Adam Williamson <awilliam@redhat.com >
2025-10-01 11:46:29 -07:00
Adam Williamson
fadea816bf
greenwave policy: gate on cloud update tests
...
These have been running for about a month now, it should be safe
to turn on gating. We can manually schedule them for any very
old updates still stuck in testing.
Signed-off-by: Adam Williamson <awilliam@redhat.com >
2025-10-01 11:46:29 -07:00
Kevin Fenzi
a054b3ce0f
zabbix: fix some perms so that zabbix is idempotent
...
Signed-off-by: Kevin Fenzi <kevin@scrye.com >
2025-10-01 09:42:50 -07:00
Michal Konecny
724cb330d7
[haproxy] Don't check the /openid endpoint
...
The ipsilon is returning redirect when hitting /openid endpoint. Let's
us just check /.
Signed-off-by: Michal Konecny <mkonecny@redhat.com >
2025-10-01 14:59:11 +02:00
Michal Konecny
94cf028ed7
[haproxy] Set cookie value for ipsilon openid
...
To be redirected to openid server during the authentication let's set a
cookie for it and match against that.
This was tested and it's working, but ipsilon is doing something with
the requests and the cookie is gone after redirect.
Signed-off-by: Michal Konecny <mkonecny@redhat.com >
2025-10-01 12:54:41 +02:00
Michal Konecny
3db583cdfb
[haproxy] Use the correct method
...
req.body_payload is unknown, let's use req.body instead.
Signed-off-by: Michal Konecny <mkonecny@redhat.com >
2025-10-01 10:18:40 +02:00
Michal Konecny
3df75c98bb
[haproxy] Redirect openid based on payload
...
When checking if the server has openid capabilities we are checking for
openid_identifier, let's redirect that to openid backend as well.
Signed-off-by: Michal Konecny <mkonecny@redhat.com >
2025-10-01 10:02:12 +02:00
Michal Konecny
aa5e1674c0
[haproxy] Fix the variable name
...
Signed-off-by: Michal Konecny <mkonecny@redhat.com >
2025-10-01 09:05:03 +02:00
Michal Konecny
b24e4e976f
[haproxy] Add rule for openidc endpoint
...
The paths are too similar and /openidc ended up being routed to wrong
ipsilon server, let's add specific rule for OIDC as well.
Signed-off-by: Michal Konecny <mkonecny@redhat.com >
2025-10-01 08:58:22 +02:00
Michal Konecny
abe254334e
[haproxy] Add redirect for openid only ipsilon
...
Adding redirect to openid ipsilon instance for staging.
Signed-off-by: Michal Konecny <mkonecny@redhat.com >
2025-10-01 08:30:46 +02:00
James Antill
394102a651
updates-uptimes: Add old-list cmd, and UI tweaks to see old data hosts. Fixes.
...
Signed-off-by: James Antill <james@and.org >
2025-09-30 21:56:16 -04:00
Jeremy Cline
b44a22d694
fedora-image-uploader: add ELN toolbox and base container rename
...
ELN recently adjusted the subvariants it uses for its built images. What
was previously variant "BaseOS" subvariant "BaseOS" is now subvariant
"container-base". Additionally, they wish to publish a toolbox
container, which is created as variant "BaseOS" with subvariant
"container-toolbox".
These are both confusingly close to the existing Fedora subvariants, so
we may want to consider using the (variant, subvariant) tuple in some
manner in the config to make it clearer.
Signed-off-by: Jeremy Cline <jeremycline@linux.microsoft.com >
2025-09-30 19:22:26 +00:00
James Antill
e53cd1b07a
updates-uptimes: Add update cmd back, and other fixes for the cron job.
...
Signed-off-by: James Antill <james@and.org >
2025-09-30 11:33:31 -04:00
Greg Sutcliffe
6e2c3c34b7
DHCP: correct the MAC for two hosts
...
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org >
2025-09-30 16:14:40 +01:00
Greg Sutcliffe
1b8b300c0d
Zabbix: Increase disk read/write threshold for retrace03
...
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org >
2025-09-30 13:33:15 +01:00
Greg Sutcliffe
1dcd5c6e40
Zabbix: Add VPN address for Zabbix back to Copr prod hosts
...
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org >
2025-09-30 12:42:50 +01:00
Aurélien Bompard
3aac757ba1
Add basic ipa-tuura deployment
...
Signed-off-by: Aurélien Bompard <aurelien@bompard.org >
2025-09-30 12:35:48 +02:00
Aurélien Bompard
4b2ba27c26
Keycloak: fix config
...
Signed-off-by: Aurélien Bompard <aurelien@bompard.org >
2025-09-30 10:38:11 +02:00
Aurélien Bompard
dc94432491
Keycloak: try to add IPA-tuura
...
Signed-off-by: Aurélien Bompard <aurelien@bompard.org >
2025-09-30 10:18:56 +02:00
James Antill
5a6e1d8874
updates-uptimes: Big freeze updates. Uses argparse now.
...
Signed-off-by: James Antill <james@and.org >
2025-09-29 18:39:53 -04:00
Kevin Fenzi
488ead0559
dns: add reverse zones for new isolated rdu3 vlans
...
These vlans will be used by the stuff moving from the
rd2 community cage over to rdu3. We want it isolated
from the rest of our stuff (in particular pagure and copr builders).
Signed-off-by: Kevin Fenzi <kevin@scrye.com >
2025-09-29 13:29:45 -07:00
Greg Sutcliffe
d70a525d79
Revert "Zabbix: cloud servers need to talk to zabbix over the vpn"
...
This reverts commit 15ba14e0bd .
This breaks for staging/dev hosts, need to rethink
2025-09-29 18:02:03 +01:00
Greg Sutcliffe
cf9f2d9442
Zabbix: Add copr-* hosts to zabbix role
...
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org >
2025-09-29 17:10:08 +01:00
Pavel Raiskup
d217ab4b30
logdetective: another workaround
...
Skip the whole include.
2025-09-29 17:04:07 +02:00
Pavel Raiskup
a1194d943e
logdetective: try to work-around buggy zabbix base/ role
2025-09-29 17:00:07 +02:00
Greg Sutcliffe
2dacafc7b6
Zabbix/Rsyslog: add item tags to template item
...
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org >
2025-09-29 15:26:01 +01:00
Greg Sutcliffe
af7c2d7145
Zabbix/Rsyslog: fix typo in template path
...
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org >
2025-09-29 15:22:26 +01:00
Greg Sutcliffe
f0aa9e747d
Zabbix/Rsyslogd: New template & hostgroup for rsyslogd processes
...
Also some minor fixes for the postfix templates
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org >
2025-09-29 15:20:23 +01:00
Aurélien Bompard
c4a1abd36c
Keycloak: remove route handled by the operator
...
Signed-off-by: Aurélien Bompard <aurelien@bompard.org >
2025-09-29 16:18:12 +02:00
Aurélien Bompard
4cee86cab4
Keycloak: fix db config
...
Signed-off-by: Aurélien Bompard <aurelien@bompard.org >
2025-09-29 16:17:17 +02:00