Remove redis from playbook, it's no longer used. We are using memcached instead.
Start the services automatically after deployment.
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
Get new certs per instructions
Put new certs in ansible_private from letsencrypt
Change the cert name in configs to 2023 to show different from 2017 one.
Signed-off-by: Stephen Smoogen <ssmoogen@redhat.com>
Our openshift 3.11 cluster(s) served us long and well.
Now we have everything finally moved to the openshift 4 clusters (fas2
was the last holdout). We can finally retire this. :)
🎉🥂
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Some of the openqa workers are encrypted and some aren't (this is a bit of a
mess that's partly a result of all the redeployments we did around
https://bugzilla.redhat.com/show_bug.cgi?id=2009585 ). We should only run
the nbde_client role on workers which are encrypted. Hopefully this gets that
right.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
Trying to solve this issue
TASK [Mount swap]
ERROR! The requested handler 'restart swap.swap' was not found in
either the main handlers list nor in the listening handlers list
If you run these playbooks without any limit, The 4 master hosts (2
x86_64 and 2 aarch64) will be in the play, but they all use local_action
to make the local secrets file thats loaded. This means, whichever of
them happens to be writing the file last, thats the version of the file
that all 4 of them get. This is particularly bad when it's the staging
creds and the prod hosts get it loaded. :(
So, adding {{ env }} here makes the staging and prod versions seperate
so they don't step on each other.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This conditional was intended to not try and install this on rhel9, but
collectd is now available on rhel9. In addition it accidentially didn't
install it on all fedora virthosts. :(
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
The pagure.{{ env_suffix }} user is currently used for both pagure and dist-git,
which makes io.pagure.* and org.fedoraproject.* topics to conflict with each
other.
This will set the permissions for both in one place.
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
This is syntactically wrong, and it's not necessary any more
anyhow because we got someone to disconnect the problematic
network interfaces from the hardware.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
They aren't encrypted, and it causes networking config problems.
We'd like to solve the underlying problem but we don't know how,
this is good enough for now. Also drop the workaround things
again because they don't seem to help.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
nirik did some stuff in the virthost and buildhw groups to try
and deal with a problem where network configuration created
during the initrd phase for the nbde_client role is activated
by NM during the regular system boot phase, which results in
the network configuration not being the one we actually want
and carefully set up. However, he didn't add this stuff to the
openqa-workers group playbook even though that uses the
nbde_client role too, and we sure are having the same problem
on the openQA workers. Adding it now to see if it helps.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
Drop resultsdb vars and playbooks.
resultsdb is now in openshift and on a different url.
Adjust bodhi, pagure dist git for the new url.
Drop taskotron roles.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Only a few apps have topic permissions, if this works well we'll have to
generalize it.
Fixes: #8167
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
Forgot to update this from the original. It's not appropriate
here since we're using this on a non-virt box.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
