WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-26 19:42:55 +08:00
Code Issues Packages Projects Releases Wiki Activity
42,950 Commits 9 Branches 0 Tags
ca8a2e65227f2f8ca42017cbc6fb2d29678e11d4
Commit Graph

9488 Commits

Author SHA1 Message Date
Jakub Kadlcik
7cb8ed7d3b copr-be-dev: deploy experimental ppc64le bootc images 2025-05-18 20:24:17 +02:00
Kevin Fenzi
f103b2a728 Revert "bodhi: leave prod alone for now" 
This reverts commit 5243c435be.

Lets try and move production over.
 2025-05-17 10:52:39 -07:00
Kevin Fenzi
5243c435be bodhi: leave prod alone for now 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-05-16 13:36:22 -07:00
Mattia Verga
9d5d752a88 bodhi: apply 25.5.0 release 
Signed-off-by: Mattia Verga <mattia.verga@tiscali.it>
 2025-05-16 19:13:33 +00:00
Jakub Kadlcik
775d96d222 copr-be-dev: update testing bootc builder image 2025-05-15 17:57:10 +02:00
Kevin Fenzi
8172137887 scrapers: block a bunch more abusing networks 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-05-14 18:00:48 -07:00
Kevin Fenzi
8f1550d7ff proxies: block the same things we are blocking on pagure.io on all proxies 
This includes some clouds that are just completely hammering us.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-05-14 17:30:41 -07:00
Jakub Kadlcik
278dabfd01 copr-be-dev: update testing bootc builder image 2025-05-14 23:24:02 +02:00
Jakub Kadlcik
0287b6b91a copr-be-dev: update testing bootc builder image 2025-05-14 22:24:32 +02:00
Jakub Kadlcik
09cb34b7cd copr-be-dev: update testing bootc builder image 2025-05-14 21:42:29 +02:00
Jakub Kadlcik
de4d24f34a copr-be-dev: update testing bootc builder image 2025-05-14 21:09:15 +02:00
Adam Williamson
3c11437658 openqa nftables: correct tap worker custom rule (per james) 
Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2025-05-14 11:14:45 -07:00
Adam Williamson
177c2b3f2f Enable nftables on all lab workers (but not prod yet) 
Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2025-05-14 10:54:47 -07:00
James Antill
a8f984464e Add nft_nat_rules for openqa 
Signed-off-by: James Antill <james@and.org>
 2025-05-14 17:29:13 +00:00
James Antill
246167dded Move wiki.stg from F40 to F42. 
Signed-off-by: James Antill <james@and.org>
 2025-05-13 15:24:32 -04:00
Kevin Fenzi
2db0be9ae8 pagure: reject a bunch more heavy hitter networks 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-05-13 11:07:57 -07:00
Kevin Fenzi
91c9c3d693 inventory: more machines that were moved to f41 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-05-13 10:21:23 -07:00
Kevin Fenzi
4d6228af14 proxies: all these proxies moved to f41 a while back. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-05-13 10:14:55 -07:00
Jakub Kadlcik
b8105d5c0d copr-be-dev: update testing bootc builder image 2025-05-12 21:55:11 +02:00
Kevin Fenzi
c065fd0e70 db01: add testdays dbs to backups 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-05-12 10:37:09 -07:00
Michal Srb
8aa224bba2 retrace03: Add f42 repos 
Signed-off-by: Michal Srb <michal@redhat.com>
 2025-05-12 12:25:28 +00:00
Kevin Fenzi
e97801b128 proxy01/10: double memory to avoid oom issues 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-05-06 09:16:38 -07:00
Frank Ch. Eigler
6564f8a21c debuginfod vms: update to f42, enable --cors 
elfutils 0.193 (stable on f42) brings a new --cors option, which lets
third-party webapps safely fetch debuginfo from these servers
 2025-05-03 19:02:04 -04:00
Greg Sutcliffe
5835b04785 Zabbix-stg: add placeholder macro dict to the correct group_vars 2025-05-02 08:55:51 +00:00
Greg Sutcliffe
634f70c457 Zabbix-stg: Enable setting host-level overrides to template macros 2025-05-01 15:06:17 +01:00
Kevin Fenzi
35eadbbf4b bastion: move these to block rules too 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-04-29 11:40:13 -07:00
Kevin Fenzi
ebffcee73c nftables: create a block rules section and move pagure blocks to it 
Before the custom rules was actually intended to _allow_ more things
on a particular host. Putting those blocks in there was useless because
custom rules were applied _after_ all the allowed ports, so it wasn't
really blocking anything.

This moves them to a block_rules applied before the ports are allowed
Also move pagure's to that new rule list.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-04-29 11:36:20 -07:00
Kevin Fenzi
240aa7b8e0 bastion: add sysadmin-riscv 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-04-29 09:10:06 -07:00
Kevin Fenzi
5be96729ca builders/builders_stg: not external 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-04-28 11:26:03 -07:00
Kevin Fenzi
fb2a8a82d6 releng-compose: add troubleshoot group for non sudo access to debug ostree issue with kinoite 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-04-28 11:03:08 -07:00
Pavel Raiskup
43b8ee52d8 copr-hypervisor: try to go back with iptables 
VMs fail to boot for some reason, and per recent #copr Matrix discussion
this might be the thing.
 2025-04-28 18:51:38 +02:00
Kevin Fenzi
baade64038 drop iad2 external boolean 
I think this is not needed because we actually test for iad2 in
inventory_hostname and in fact it overrides the groups that set it to
true, making them all come up false. ;(

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-04-26 10:24:43 -07:00
Kevin Fenzi
8302ff44cd pagure: widen ai blockage 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-04-26 09:04:10 -07:00
Kevin Fenzi
d3d07df333 torrent: try switching port range syntax to the nftables one 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-04-24 15:07:17 -07:00
Kevin Fenzi
7c670efbfe openqa: do not do the nftables switch on these until we have more time for testing 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-04-24 13:51:09 -07:00
Kevin Fenzi
4d4365cdf5 nftables: add defined check for nft_nat_rules and set it also [] by default 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-04-24 13:17:03 -07:00
James Antill
68cbd3dc2c Turn nftables on everywhere. 
Signed-off-by: James Antill <james@and.org>
 2025-04-24 20:05:03 +00:00
Pedro Moura
f62c14df02 Add f42-test 
Signed-off-by: Pedro Moura <pmoura@redhat.com>
 2025-04-23 15:56:18 -03:00
Kevin Fenzi
96911acd1e releng-compose: move rawhide/branched composers to f42 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-04-19 09:16:24 -07:00
James Antill
84a8bb3a82 Move all production builders to nftables. 
Signed-off-by: James Antill <james@and.org>
 2025-04-18 20:20:01 +00:00
James Antill
1b1da8f88f Move buildhw-a64-04.iad2 to nftables. 
Signed-off-by: James Antill <james@and.org>
 2025-04-17 16:32:19 -04:00
James Antill
49fe6d4ed2 Move buildhw-x86-04.iad2 to nftables. 
Signed-off-by: James Antill <james@and.org>
 2025-04-17 15:12:01 -04:00
Greg Sutcliffe
7f60fdf690 Zabbix-stg: More base server config 
This adds:
- Matrix media type
- User for a Matrix bot
- Trigger using Matrix & the bot
- PSK configuration, using the PSK file already deployed
- 2 base templates
  - a general one suitable even for Koji
  - a dependant one for all other hosts
- Autoregistration config to use the new base template

This is all scoped to staging via a new include in main.yml
 2025-04-02 17:30:59 +01:00
Pavel Raiskup
5a85ca9211 copr: pulp_content_url needs to be slash-terminated 2025-04-01 07:49:20 +02:00
Adam Williamson
7b84f30429 openqa/server: switch prod to OAuth2 
Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2025-03-28 14:37:00 -07:00
Adam Williamson
5da2faac67 openqa/server: allow OAuth2 authentication, enable on lab 
OpenID support in FAS is going away. openQA has OAuth2 support.
I've tested this config to work with manual edits on lab, now
ansiblizing it (for lab only to start with).

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2025-03-28 13:40:57 -07:00
Kevin Fenzi
5505dff89c bvmhost-p09-04/05: no nbde here 
I had reinstalled these both with no encryption in an attempt to see if
I could get more performance from them. Since we moved to iscsi this is
moot, and we should probibly reinstall them like the others again, but
for now just disable nbde so everything works with the playbook.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-03-27 15:11:49 -07:00
Kevin Fenzi
1cc761ac9b compose-eln01: this is using primary koji 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-03-27 13:39:49 -07:00
Michal Konecny
a807fb3d4f [mailman3] Create gunicorn configuration file 
To make changing the gunicorn configuration more easily let's move
configuration values from systemd service to separate configuration
file.

The file will live in /etc/mailman3/gunicorn.conf.py.
 2025-03-27 13:01:13 +01:00
Kevin Fenzi
f256adda6e bvmhost-p09: also enable nbde here 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-03-26 17:48:52 -07:00