Non rdu3 hardware doesn't have access to tang.
There's some slight exceptions on some hosts that use tpm,
but we can override that in hosts vars.
Also drop the rdu3 datacenter check, we can just use the
nbde boolean to determine if we run it or not.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
'foo or bar in group_names' is evaluated by ansible as 'foo' or 'bar in
group_names' which turns out to always be true because 'foo' by itself
is true.
So, fix the logic here to test each group and or them together.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This host has no need to copy anything to pub and shouldn't mount this.
Because we are checking if 'releng_compose' is in group names and this
host has 'releng_compose_riscv' in groups it matches, so add a
condtional here to avoid the pub mount.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This was a good change in theory, but in practice it's not.
The 'iptables-legacy' package provides 'iptables' so it gets removed,
but there's some things we still install that depend on it, so it just
gets pulled in later as a dependency.
Examples:
build* machines install oz and ImageFactory that need it
(but we can possibly drop those now)
virthosts have some libvirt subpackages that require it.
I'm not sure we can readd this in a targeted way or should just drop it
for now entirely.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This is useful for places like releng-compose that mount a ton of things
and it's hard to tell which one is failing.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
On rhel the sssd dropin files (which need to be the same owner/group as
the main sssd.conf file) are root:root, but on fedora they are
root:sssd. So, split out this task to handle the two different cases.
Assisted-by: claude
(I had it generate this, and it actually did a reasonable job I think)
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
We want to move things over to the new vlan at ibiblio,
so setup ibiblio02 to have a br1 bridge on that vlan.
Note that the current setup before this commit was not even
correct and after this it should correctly be using 2
interfaces bonded with the 2 bridges over it (one of them
tagged for the new vlan, one of them on the default (old)).
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
We should just always setup files on batcave and sync them over instead
of having local copies of things.
I've saved a copy of the current one off on each noc in case there was
some super special image we didn't save off, but hopefully we don't need
it.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
