WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-20 03:57:02 +08:00
Code Issues Packages Projects Releases Wiki Activity
45,346 Commits 9 Branches 0 Tags
d075c470de7ad041641ed99298f34a9a4fc399fb
Commit Graph

45346 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Pavel Raiskup
d075c470de copr-hv: enable p09 01 2026-02-16 09:59:37 +01:00
Pavel Raiskup
d2b458f041 copr-hv: copy config from 02 to vmhost-p09-copr01 2026-02-16 08:27:45 +01:00
Pavel Raiskup
55f225d428 copr-hv: typofix 2026-02-16 08:11:22 +01:00
Pavel Raiskup
7faef4610c copr-hv: tag the Copr-specific role 2026-02-16 08:09:51 +01:00
Pavel Raiskup
5fa5dd69b1 copr-hv: fix p09_01 host 2026-02-16 07:13:14 +01:00
Kevin Fenzi
dec53be8f0 anubis-el: also allow POST on pagure 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-14 09:49:03 -08:00
James Antill
c4c58299c2 check-etc: Add playbook to check /etc for old/unmanaged files. 
Signed-off-by: James Antill <james@and.org>
 2026-02-14 09:52:16 -05:00
Kevin Fenzi
c4bdfcc897 proxies: block a ip that was hitting release-monitoring.org a lot 
This ip had hit release-monitoring.org like 5,000,000 times in the
course of a few hours and swamped it's web pod.

Lets block it for now and see if anyone complains.
If this is you: please add some rate limiting.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-13 08:48:01 -08:00
Pavel Raiskup
a943654af2 copr-be: avoid the hacks - we no longer need the testing VMs 2026-02-13 17:36:19 +01:00
Pavel Raiskup
432f23126e copr-be: keep one more p09 machine up for debugging 2026-02-13 12:33:27 +01:00
Kevin Fenzi
e5d26fea60 proxies: allow POST for forge 
Some folks were getting posts failing against forge.
See https://forge.fedoraproject.org/forge/forge/issues/401

So, lets just explicitly allow POSTs through anubis as
this should be fine for normal people and should not be something
that scrapers normally do.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-12 16:57:26 -08:00
Kevin Fenzi
fefbc356f0 download: block infinite crawler looping 
The /pub/alt/virtio-win directory had in it some 11 year old things.
One was a readme noting that it moved 11 years ago and nothing was
still here. The others were links to .

The scrapers, being as dumb as posts followed all those links over and
over again to the tune of millions per day.
I removed the links, but of course they were still trying, so
lets be a bit more aggressive and just 403 them all.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-12 16:54:16 -08:00
Kevin Fenzi
0d56b527a6 anubis-el: set correct selinux labels for podman 
selinux was preventing anubis from reading its policy file.
So, set the right context here so it is happy.

Note that we cannot use :Z in the podman call, because it runs as the
anubis user which cannot chcon those files on the host.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-12 09:08:15 -08:00
Lukas Holecek
96be99434e greenwave+waiverdb: Update image repositories 
The image builds where moved to Konflux.

This is similar to the pull request for ResultsDB:
https://pagure.io/fedora-infra/ansible/pull-request/3077

See also the discussion in PR:
https://github.com/release-engineering/resultsdb_frontend/pull/17
 2026-02-12 16:21:29 +00:00
Aurélien Bompard
b80627f26a Add the publish_exchange to DistGit's fedora messaging config 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2026-02-12 17:13:22 +01:00
Jakub Kadlcik
8015bf47c7 copr: change default storage for new projects to Pulp 
See https://fedora-copr.github.io/posts/migrating-copr-results-to-pulp
 2026-02-12 13:40:59 +01:00
Ryan Lerch
e4123e7a7c Forge: add group mapping for fesco 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2026-02-12 19:34:59 +10:00
Akashdeep Dhar
44327a4962 Perform mapping for Fedora Join teams and groups 
Signed-off-by: Akashdeep Dhar <akashdeep.dhar@gmail.com>
 2026-02-12 11:59:34 +05:30
Kevin Fenzi
344adabd4c anubis-el: fix the actual handler typo 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-11 12:38:08 -08:00
Kevin Fenzi
a097beafaf anubis-el: fix syntax issue 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-11 12:33:12 -08:00
Kevin Fenzi
8104cee874 anubis-el: rework config to hopefully work with el podman and add key 
Right now, podman on el9 isn't reading the policy correctly.
This is because the env for the unit isn't getting picked up
by podman, so instead pass --env-file to read it from a file.
Also, we want to setup a private key for the download servers
so they all have the same challenge creation (so if you hit 01
you want your challenge to be good on 02, etc).

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-11 12:24:03 -08:00
Kevin Fenzi
b255f7e2df anubis-el: try and widen the cloudfront allow 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-11 09:05:01 -08:00
Kevin Fenzi
d89d391f87 anubis-el: restart on bot policy changes 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-10 15:22:02 -08:00
James Antill
0633cda299 updates+uptimes: Minor UI tweaks, less hacky sort. 
Signed-off-by: James Antill <james@and.org>
 2026-02-10 17:21:18 -05:00
James Antill
a0cab4f3cc mirror_from_forge: Add mirror_from_forge role, based on mirror_from_pagure. 
Signed-off-by: James Antill <james@and.org>
 2026-02-10 17:19:28 -05:00
Kevin Fenzi
8b94d9a7ce anubis-el: try and match without quotes 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-10 14:13:05 -08:00
Diego Herrera
3a42bab039 Reenable Centos10 sync for EPEL 10.2 mass branching 
Signed-off-by: Diego Herrera <dherrera@redhat.com>
 2026-02-10 18:13:35 -03:00
Kevin Fenzi
c62e1573f7 storinator01: use same vpn ip as it did in rdu-cc 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-10 11:11:39 -08:00
Kevin Fenzi
599656a420 storinator01: add hosts file for rdu3 iso 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-10 10:29:28 -08:00
Kevin Fenzi
7e6d17307a storinator01: update mac addresses 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-10 10:22:38 -08:00
Kevin Fenzi
53a6ce24f3 anubis: switch this to just allowing CloudFront 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-10 08:26:42 -08:00
Kevin Fenzi
e401686427 anubis: switch this to just allowing all repodata 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-10 07:58:07 -08:00
Kevin Fenzi
145e6794fb anubis: allow .zck files universally on el as well 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-10 07:54:59 -08:00
Kevin Fenzi
5615d1b036 anubis: allow .zck files universally 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-10 07:52:53 -08:00
Aurélien Bompard
90ed56ae7b bugzilla2fedmsg: rebase on RHEL9 + Python 3.11 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2026-02-10 15:29:44 +01:00
Aurélien Bompard
d10f2fe3bc bugzilla2fedmsg: update the staging deployment config for the Kafka port 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2026-02-10 14:58:12 +01:00
Angel Cervera Roldan
59debdda2c Update playbooks/openshift-apps/fedora-coreos-pipeline.yml 2026-02-10 13:42:04 +00:00
Jiri Podivin
11d11c214e Skipping ansible-lint rules, in cases when it makes sense 
Signed-off-by: Jiri Podivin <jpodivin@redhat.com>
 2026-02-10 10:23:23 +01:00
Jiri Podivin
28d40d6e0b Resolving style issues of the logdetective role 
Signed-off-by: Jiri Podivin <jpodivin@redhat.com>
 2026-02-10 10:23:23 +01:00
Jiri Podivin
34eaee695e Opening 8090 port for communication with packit interface server 
Signed-off-by: Jiri Podivin <jpodivin@redhat.com>
 2026-02-10 10:23:23 +01:00
Kevin Fenzi
24ea94601d vmhost-x86-copr01/02/03: stop removing nftables 
These hosts are rhel10 now and removing nftables takes out the entire
libvirt stack as it doesn't support iptables anymore.

This results in base removing libvirt and the hypervisor role
re-installing it every playbook run. It also means the network doesn't
work on guests at all.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-09 15:08:28 -08:00
Kevin Fenzi
faff0d9e0f vmhost-p09-copr01: not encrypted yet, needs reinstall 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-09 13:34:35 -08:00
Jaroslav Groman
09859d9acc Update source branch for Quality apps in staging OpenShift 
Signed-off-by: Jaroslav Groman <jgroman@redhat.com>
 2026-02-09 20:55:08 +00:00
Kevin Fenzi
991273d7f1 copr_hypervisors: enable nbde on all of them 
The x86 ones are now in rdu3 and reinstalled with rhel10.
All the power9 ones are in rdu3 and reinstalled.

So, we should just enable nbde on all of them.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-09 11:30:46 -08:00
Ryan Lerch
080db33424 turn of new projects UI for production 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2026-02-09 12:37:51 +10:00
Pavel Raiskup
30c0defe44 copr-backend: more verbose machine termination 2026-02-07 21:08:10 +01:00
Kevin Fenzi
a9acbd4c0e bodhi/openshift: restore dropped cd to the right directory 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-06 10:17:14 -08:00
Kevin Fenzi
dc3fda7f45 bodhi/openshift: fix missing / 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-06 09:59:07 -08:00
Kevin Fenzi
9503d8df11 bodhi / openshift: adjust critpath to pull from forge instead of pagure.io 
releng moved things from pagure.io/releng to
forge.fedoraproject.org/releng/tooling

Adjust this cron to do likewise.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-06 09:54:04 -08:00
Greg Sutcliffe
1324b1e72a Add more CPU to proxy11 to help with httpd alerts 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2026-02-06 14:03:41 +00:00