WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-28 04:22:18 +08:00
Code Issues Packages Projects Releases Wiki Activity
33,968 Commits 9 Branches 0 Tags
ba73b7cb26e3db4fdced705cac221b606c8d50fb
Commit Graph

33968 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nils Philippsen
ba73b7cb26 ipa/client: make mutually exclusive with old FAS way 
The fas_client role and 2fa_client tasks are incompatible with the
ipa/client role, so mask them out for MBS and OSBS hosts in staging,
just as with the bugzilla2fedmsg and github2fedmsg group playbooks.

This will have to be done for all hosts, groups using the ipa/client
role.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-03 15:27:45 +00:00
Mohan Boddu
98edf2c159 Changing master to rawhide 
This change will add the new packages to koji tags when a new repo
ticket is processed.

Signed-off-by: Mohan Boddu <mboddu@bhujji.com>
 2021-02-03 15:11:35 +00:00
Kevin Fenzi
cdc344bb27 koji_hub / kojira: keep repos for 3 days instead of 1 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-03 06:33:32 -08:00
Pierre-Yves Chibon
c625bdc1a7 distgit/pagure:Prevent creating main or rawhide without having it in PDC 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-03 14:31:33 +01:00
Pierre-Yves Chibon
caa56c98bb distgit/pagure: block pushing to master 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-03 14:12:47 +01:00
Adam Saleh
b318b39c27 Attempting to workaround the image definition to reference the cluster-build image in the projects image-stream 2021-02-03 12:34:45 +00:00
Patrick Uiterwijk
163cbc5e9b zezere: back up database 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2021-02-03 12:57:58 +01:00
Adam Saleh
9f53e6b607 Fixed volume definition for fedocal cron in openshift. 2021-02-03 11:44:17 +01:00
Adam Saleh
dec482739b Added an openshift-cronjob for the fedocal openshift deployment. 2021-02-03 11:22:01 +01:00
Kevin Fenzi
25ace56df7 pagure.io / nagios: check only that cert is valid for 25 days 
We renew letsencrypt certs at 30 days, so checking at 60 is pointless.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-02 14:24:07 -08:00
Pavel Raiskup
6586cf0eed copr: backend: tag lighttpd config 2021-02-02 19:54:18 +01:00
Pavel Raiskup
cad2c4dbd0 copr: backend: nicer lighttpd doc 2021-02-02 19:36:14 +01:00
Pavel Raiskup
8ba5a4889f copr: backend: execute PHP only for dir-generator.php 2021-02-02 19:30:03 +01:00
Mark O'Brien
55528ea6ba ipa-client: throttle tasks to one worker at a time to avoid conflicts when talking to server 2021-02-02 17:20:01 +00:00
Kevin Fenzi
a7ddcf5828 rabbitmq_cluster: expire /bodhi queues that are idle more than 1 week. 
Fixes https://pagure.io/fedora-infrastructure/issue/9170

Lets just have rabbitmq cleaup any queues in the /bodhi vhost that are
around for more than a week idle.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-02 17:07:35 +00:00
Kevin Fenzi
0bf41f71ca ipa: install collectd so we can see some basic load graphs 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-02 08:48:31 -08:00
Pierre-Yves Chibon
05caa9f461 distgit/pagure: simplify RCM_BRANCHES and adjust the list of branches blocked 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-02 17:08:41 +01:00
Pierre-Yves Chibon
63437cbb4a pagure: add the lock permission on file 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-02 16:50:04 +01:00
Pierre-Yves Chibon
6969128d11 pagure: give selinux a little more permissions 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-02 16:48:06 +01:00
Nils Philippsen
07b30b3990 ipa: Fix hostgroup/* HBAC rule descriptions 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-02 16:33:11 +01:00
Nils Philippsen
502b3d48b0 ipa: More ansible_fqdn -> inventory_hostname 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-02 16:33:07 +01:00
Nils Philippsen
16cf662b30 ipa/client: Use inventory_hostname instead of ansible_fqdn 
The latter is a fact determined from the client.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-02 16:19:25 +01:00
Nils Philippsen
c3c44e57fc Make OSBS cluster an IPA client 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-02 16:12:11 +01:00
Silvie Chlupova
95d81c153f copr: exec only php files 2021-02-02 15:01:34 +01:00
František Zatloukal
75eea7e3a1 oraculum: Change email definitions 2021-02-02 13:17:03 +01:00
František Zatloukal
63f04629f6 oraculum: Final tweaks 2021-02-02 12:33:10 +01:00
Mark O'Brien
ba7f738f78 batcave: allow new proxy35 ip 2021-02-02 10:43:58 +00:00
František Zatloukal
f787817bda oraculum: Scale up 2021-02-02 10:24:28 +01:00
František Zatloukal
674503e264 oraculum: Try different spacing in dc... 2021-02-02 10:07:46 +01:00
František Zatloukal
b84ccff720 oraculum: Deploy on prod 2021-02-02 09:57:33 +01:00
František Zatloukal
c974a652ee oraculum: Prepare some emailing stuff 2021-02-02 09:56:15 +01:00
Kevin Fenzi
21c84a7ca8 bugzilla2fedmsg / staging: enable ipa ssh/sudo here too 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-01 14:57:36 -08:00
Kevin Fenzi
d8adf3bc11 github2fedmsg / staging: add ipa/client 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-01 14:32:56 -08:00
Kevin Fenzi
3379c9134d ipa/client: do not pass server to ip-client-enroll, it should get them from dns 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-02-01 14:32:37 -08:00
Nils Philippsen
dbbf94a411 ipa/client: configure global shell access and sudo 
Almost global anyway, i.e. inside the VPN.

The ipa/client-based shell access and sudo rules are only effective for
staging right now, the respective playbook bits are masked out for prod.

- Assign Ansible host groups to IPA host groups, the latter don't care
  about 'stg' in the name and use dashes rather than underscores.
- Distill shell access groups from fas_client_groups in group and host
  vars.
- Let all `sysadmin-*` groups in the previous list run anything via sudo
  in the host group (except bastion & batcave).
- Remove `fas_client_groups` from staging host and group vars.
- Remove sudoers from staging host and group vars if only `sysadmin-*`
  groups have shell access.
- Set up `ipa_client_shell_groups` on bastion to be a super set of the
  same on batcave.

Newly created IPA host groups:
- autosign
- badges
- basset
- bastion
- batcave
- blockerbugs
- bodhi
- bugzilla2fedmsg
- busgateway
- datagrepper
- dbserver
- dns
- fedimg
- github2fedmsg
- ipa
- kernel-qa
- kerneltest
- kojibuilder
- kojihub
- kojipkgs
- logging
- mailman
- memcached
- mirrormanager
- nagios
- notifs
- oci-registry
- odcs
- openqa
- openqa-workers
- osbs
- packages
- pdc-web
- pkgs
- proxies
- rabbitmq
- releng-compose
- resultsdb
- secondary
- sign-bridge
- sundries
- value
- wiki

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-01 22:23:41 +00:00
Nils Philippsen
491514e8ba ipa/client: leave out unset host group description 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-01 22:23:41 +00:00
Nils Philippsen
c994c4e5cd Create badges, badges_stg groups 
This is to have unified IPA client configuration for badges hosts.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-01 22:23:41 +00:00
Nils Philippsen
54b72eba2c Remove obsolete Ansible group var files 
- buildaarch74, buildarm, buildarm_stg
- copr_front, copr_front_dev, copr_front_stg
- dhcp
- faf_stg
- fas, fas_stg
- fedocal, fedocal_stg
- lockbox
- mirrorlist2, mirrorlist2_stg
- nuancier, nuancier_stg
- postgresql_server
- resultsdb_iad_prod

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-01 22:23:41 +00:00
Nils Philippsen
d6cdeb7aea Consistency: releng_stg -> releng_compose_stg 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-01 22:23:41 +00:00
Nils Philippsen
ba3ed42158 koji_stg: Remove obsolete sudo special case 
User `mizdebsk` is a member of group `sysadmin-main` now.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-01 22:23:41 +00:00
Nils Philippsen
773e025939 bastion: Remove access for modularity-wg group 
We have `sysadmin-mbs` now which should cover all people needing access.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-01 22:23:41 +00:00
Mark O'Brien
326728414d update proxy35 hostvars 2021-02-01 22:07:12 +00:00
Stephen Smoogen
2ed114aafd add new duke ip address to the download groups 2021-02-01 14:07:13 -05:00
Jakub Kadlcik
c7bcb48be7 copr: make sure that swap is available for our builders 2021-02-01 16:46:39 +00:00
Pierre-Yves Chibon
a6ce5fa016 fedocal: enable header_scheme 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-01 17:27:27 +01:00
František Zatloukal
f5e11a6e62 oraculum: Drop annotations, not needed 2021-02-01 13:29:48 +01:00
František Zatloukal
f8e741cba8 oraculum: Try to disable cookies on the api 2021-02-01 12:55:49 +01:00
František Zatloukal
3bc8bef91d oraculum: Try to workaround some wird caching on the route 2021-02-01 12:46:05 +01:00
Rick Elrod
bc42ad76a3 fedora-web: point staging subdomain sites to a new staging branch 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2021-01-29 15:08:26 -06:00
Brendan Reilly
86b4680c28 Add handlers for restarting mbs poller and workers 2021-01-29 14:26:22 -05:00