Commit Graph

44359 Commits

Author SHA1 Message Date
Michal Konecny
99bebc403e [ipsilon] Fix jinja2 nesting
This time it should be correct.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
2025-10-02 13:30:56 +02:00
Michal Konecny
ebaab04a7b [ipsilon] Add missing endif
Nesting with jinja2 is somewhat not visible at first glance.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
2025-10-02 13:11:03 +02:00
Michal Konecny
3ff5d4fc8b [ipsilon] Enable openid again on production
I forgot to specify that the changes are only for staging now, so it
disabled OpenID on production when the playbook was played. Let's fix that.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
2025-10-02 12:54:50 +02:00
Joel Capitao
60eb1cf3fd fedora-coreos-pipeline: add access for coreosbot
We need coreobot account to be able to access Jenkins WebUI in order
to generate token. This identity will be used by Konflux to trigger
job.
2025-10-02 12:33:08 +02:00
Lenka Segura
8b401a80d7 [poddlers] Make playtime call run on production
Signed-off-by: Lenka Segura <lsegura@redhat.com>
2025-10-02 11:40:37 +02:00
Michal Konecny
3b238ac133 [haproxy] Set permanent cookie for openid
We originally set header value instead of cookie. This will set it up
and do redirect correctly.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
2025-10-02 11:28:38 +02:00
Michal Konecny
b8a41de30e [ipsilon] Fix ansible-lint errors
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
2025-10-02 10:09:22 +02:00
Michal Konecny
ca04c6d41a [ipsilon] Use different repo URL
The current repo URL was evaluated as
https://pagure.io/fedora-infra/ipsilon-fedora.git/ which returns 404 on
pagure.io. Let's use just the
https://pagure.io/fedora-infra/ipsilon-fedora, which works even with the
added / at the end.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
2025-10-02 07:40:48 +00:00
Pavel Raiskup
b22e24a31b copr-be: copr-upload-builder-images: s/stamp/STAMP/ 2025-10-02 09:38:07 +02:00
Michal Konecny
825069860a [ipsilon] Add OpenID header
The ipsilon instance with disabled OpenID authentication still needs to
sent the header for OpenID in response so the authentication could
continue with different instance.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
2025-10-02 07:25:34 +00:00
Pavel Raiskup
0766abbfb4 copr-be: the image upload script is only valid for 'resalloc' 2025-10-02 09:20:46 +02:00
Pavel Raiskup
1cd0278ae8 copr-be: copr-upload-builder-images: better script name
It now lives in /usr/local/bin/copr-upload-builder-images
2025-10-02 09:16:38 +02:00
Pavel Raiskup
5da23ab9dd copr-be: copr-upload-builder-images: allow upload filtering
New variables $TARGETS and $ARCHES that allow us to filter like:
TARGETS=ec2 ARCHES=aarch64 ...
2025-10-02 09:16:35 +02:00
Aurélien Bompard
703e67fd2d Allow W2FM to send gitlab events
Fixes: https://pagure.io/fedora-infrastructure/issue/12816

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2025-10-02 08:52:33 +02:00
Kevin Fenzi
9f07b11d13 dhcpd: fix buildhw-a64 entries.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2025-10-01 18:42:38 -07:00
Kevin Fenzi
7878f57f3d dhcpd: add some more a64 buildhw
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2025-10-01 17:09:45 -07:00
Pavel Raiskup
044396b595 copr-be: drop unused patch 2025-10-02 01:25:23 +02:00
Pavel Raiskup
a896c86e7a copr-be: new AMIs (old removed due to missing FedoraGroup=copr tag) 2025-10-02 01:25:22 +02:00
Adam Williamson
31a4e54d52 greenwave policy: gate updates on aarch64 Workstation tests
We enabled these a month ago, so gating on them now should be OK.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
2025-10-01 11:46:29 -07:00
Adam Williamson
6aca256d37 greenwave policy: gate updates on several tests enabled last year
These were all enabled in
https://pagure.io/fedora-qa/os-autoinst-distri-fedora/c/d88c8e4
last year, so should be fine to gate on them now. Note, I
accidentally disabled desktop_keyring on KDE soon after, so we
can't gate on that. I've just turned it back on again.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
2025-10-01 11:46:29 -07:00
Adam Williamson
94171b3608 greenwave policy: gate updates on desktop_login
We've been running it since July, so this should be fine.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
2025-10-01 11:46:29 -07:00
Adam Williamson
fadea816bf greenwave policy: gate on cloud update tests
These have been running for about a month now, it should be safe
to turn on gating. We can manually schedule them for any very
old updates still stuck in testing.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
2025-10-01 11:46:29 -07:00
Kevin Fenzi
a054b3ce0f zabbix: fix some perms so that zabbix is idempotent
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2025-10-01 09:42:50 -07:00
Michal Konecny
724cb330d7 [haproxy] Don't check the /openid endpoint
The ipsilon is returning redirect when hitting /openid endpoint. Let's
us just check /.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
2025-10-01 14:59:11 +02:00
Michal Konecny
94cf028ed7 [haproxy] Set cookie value for ipsilon openid
To be redirected to openid server during the authentication let's set a
cookie for it and match against that.

This was tested and it's working, but ipsilon is doing something with
the requests and the cookie is gone after redirect.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
2025-10-01 12:54:41 +02:00
Michal Konecny
3db583cdfb [haproxy] Use the correct method
req.body_payload is unknown, let's use req.body instead.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
2025-10-01 10:18:40 +02:00
Michal Konecny
3df75c98bb [haproxy] Redirect openid based on payload
When checking if the server has openid capabilities we are checking for
openid_identifier, let's redirect that to openid backend as well.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
2025-10-01 10:02:12 +02:00
Michal Konecny
aa5e1674c0 [haproxy] Fix the variable name
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
2025-10-01 09:05:03 +02:00
Michal Konecny
b24e4e976f [haproxy] Add rule for openidc endpoint
The paths are too similar and /openidc ended up being routed to wrong
ipsilon server, let's add specific rule for OIDC as well.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
2025-10-01 08:58:22 +02:00
Michal Konecny
abe254334e [haproxy] Add redirect for openid only ipsilon
Adding redirect to openid ipsilon instance for staging.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
2025-10-01 08:30:46 +02:00
James Antill
394102a651 updates-uptimes: Add old-list cmd, and UI tweaks to see old data hosts. Fixes.
Signed-off-by: James Antill <james@and.org>
2025-09-30 21:56:16 -04:00
Jeremy Cline
b44a22d694 fedora-image-uploader: add ELN toolbox and base container rename
ELN recently adjusted the subvariants it uses for its built images. What
was previously variant "BaseOS" subvariant "BaseOS" is now subvariant
"container-base". Additionally, they wish to publish a toolbox
container, which is created as variant "BaseOS" with subvariant
"container-toolbox".

These are both confusingly close to the existing Fedora subvariants, so
we may want to consider using the (variant, subvariant) tuple in some
manner in the config to make it clearer.

Signed-off-by: Jeremy Cline <jeremycline@linux.microsoft.com>
2025-09-30 19:22:26 +00:00
James Antill
e53cd1b07a updates-uptimes: Add update cmd back, and other fixes for the cron job.
Signed-off-by: James Antill <james@and.org>
2025-09-30 11:33:31 -04:00
Greg Sutcliffe
6e2c3c34b7 DHCP: correct the MAC for two hosts
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
2025-09-30 16:14:40 +01:00
Greg Sutcliffe
1b8b300c0d Zabbix: Increase disk read/write threshold for retrace03
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
2025-09-30 13:33:15 +01:00
Greg Sutcliffe
1dcd5c6e40 Zabbix: Add VPN address for Zabbix back to Copr prod hosts
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
2025-09-30 12:42:50 +01:00
Aurélien Bompard
3aac757ba1 Add basic ipa-tuura deployment
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2025-09-30 12:35:48 +02:00
Aurélien Bompard
4b2ba27c26 Keycloak: fix config
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2025-09-30 10:38:11 +02:00
Aurélien Bompard
dc94432491 Keycloak: try to add IPA-tuura
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2025-09-30 10:18:56 +02:00
James Antill
5a6e1d8874 updates-uptimes: Big freeze updates. Uses argparse now.
Signed-off-by: James Antill <james@and.org>
2025-09-29 18:39:53 -04:00
Kevin Fenzi
488ead0559 dns: add reverse zones for new isolated rdu3 vlans
These vlans will be used by the stuff moving from the
rd2 community cage over to rdu3. We want it isolated
from the rest of our stuff (in particular pagure and copr builders).

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2025-09-29 13:29:45 -07:00
Greg Sutcliffe
d70a525d79 Revert "Zabbix: cloud servers need to talk to zabbix over the vpn"
This reverts commit 15ba14e0bd.

This breaks for staging/dev hosts, need to rethink
2025-09-29 18:02:03 +01:00
Greg Sutcliffe
cf9f2d9442 Zabbix: Add copr-* hosts to zabbix role
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
2025-09-29 17:10:08 +01:00
Pavel Raiskup
d217ab4b30 logdetective: another workaround
Skip the whole include.
2025-09-29 17:04:07 +02:00
Pavel Raiskup
a1194d943e logdetective: try to work-around buggy zabbix base/ role 2025-09-29 17:00:07 +02:00
Greg Sutcliffe
2dacafc7b6 Zabbix/Rsyslog: add item tags to template item
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
2025-09-29 15:26:01 +01:00
Greg Sutcliffe
af7c2d7145 Zabbix/Rsyslog: fix typo in template path
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
2025-09-29 15:22:26 +01:00
Greg Sutcliffe
f0aa9e747d Zabbix/Rsyslogd: New template & hostgroup for rsyslogd processes
Also some minor fixes for the postfix templates

Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
2025-09-29 15:20:23 +01:00
Aurélien Bompard
c4a1abd36c Keycloak: remove route handled by the operator
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2025-09-29 16:18:12 +02:00
Aurélien Bompard
4cee86cab4 Keycloak: fix db config
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2025-09-29 16:17:17 +02:00