Remove redis from playbook, it's no longer used. We are using memcached instead.
Start the services automatically after deployment.
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
We hit a case with an old update that was almost ready to be untagged,
but then was submitted as an update and _then_ untagged.
See https://pagure.io/fedora-infrastructure/issue/11058
Telling koji-gc to keep anything in pending tags should avoid this small
window for problems.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
While we actually use SLAAC in aws, there's a dhcp6d sending out the
router advertisements, so without that the instance doesn't get an ipv6
ip and just doesn't work. With this it does.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Get new certs per instructions
Put new certs in ansible_private from letsencrypt
Change the cert name in configs to 2023 to show different from 2017 one.
Signed-off-by: Stephen Smoogen <ssmoogen@redhat.com>
Thanks to @jforbes for reminding me of this - now F35 is EOL,
we don't run the openQA upgrade tests on F36, so we have to
upgrade the gating policy or no F35 updates can be pushed.
Also drop other fedora-35 references in openQA-related rules.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
Now that we've pruned 1.2T from the repo let's put the pruner back
to sleep over the holidays. It's a brand new service and if anything
goes awry we want to be around to investigate.
Will re-enabled in January.
koji hubs are now all behind proxies for tls termination, so they don't
need to run https locally. This allows us to drop the koji self signed
certs, at least the staging version of which had become too weak and was
preventing httpd from starting on boot.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This user is used by osbuild, but autosign and bodhi don't know what
to do with images it builds. Just like the livecd's and such releng
makes. So, just don't auto make updates for them.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Right now we run a script on all builders once a minute to update the
api/auth ip's for osbuild. This has a number of problems:
* Sometimes osbuild jobs land on s390x builders that have no internet
access and hang or fail.
* Sometimes the update script hangs or takes a long time to run because
the builder is heavily loaded with builds, resulting in locking emails
to sysadmin-main folks.
So, in this commit we:
* make a new koji channel called 'osbuild' with all the buildhw-x86's in
it. They are usually not too overloaded and there are 16 of them so it
should be available all the time.
* Leave the cron job on all builders for now in case, but make them only
update once a day since they won't be getting jobs. If this works out
we can remove it entirely there.
* Make the buildhw-x86s only update every 5min. This opens a larger
window for it being wrong, but it's still pretty small and should
reduce the number of emails for stalled processes we get.
See https://pagure.io/fedora-infrastructure/issue/10982
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
