WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-05 03:33:38 +08:00
Code Issues Packages Projects Releases Wiki Activity
26,318 Commits 9 Branches 0 Tags
d1e6ed3c26202bd029ac2e155bcb4fcdabeb732d
Commit Graph

26318 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Patrick Uiterwijk
d1e6ed3c26 repoSpanner/server: add [install] to unit file 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-10 20:08:40 +02:00
Patrick Uiterwijk
ac8246e33d These nodes are in batcave/pagure playbooks 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-10 20:03:11 +02:00
Patrick Uiterwijk
11592f9699 Re-enable repospanner deployments 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-10 20:00:01 +02:00
Mikolaj Izdebski
9cb1e5c248 koji/hub: Enable package_list policy in production 2019-04-10 19:49:32 +02:00
Patrick Uiterwijk
1668c1b41e Remove gitolite from pagure push process 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-10 19:03:25 +02:00
Patrick Uiterwijk
d95028ac9e Start migrating from gitolite to pagure auth on pagure.io 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-10 18:43:56 +02:00
Owen W. Taylor
28bd35410b bodhi: Change pagure_flatpak_namespace to flatpaks (staging) 
This makes Bodhi look for a Flaptak in flatpaks/* in pagure when looking
up ACLs, rather than the (compatibility) default 'modules/
 2019-04-10 16:16:18 +00:00
Owen W. Taylor
76197fc4d0 Prepare staging for a separate flatpaks/ namespace 
Change the distgit staging configuration to allow a flatpaks/ namespace,
and configure Koji and MBS to allow building from there.

Signed-off-by: Owen W. Taylor <otaylor@fishsoup.net>
 2019-04-10 16:15:54 +00:00
Pierre-Yves Chibon
1319bc99f5 distgit/pagure: indicate to pagure that the git hook have a read-only access to the DB 
This way it'll try to interact with the DB using async processes
(the workers) rather than trying to do it where it does not have
the permissions and crash.

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2019-04-10 13:16:39 +02:00
Pierre-Yves Chibon
0c6e803c60 simple-koji-ci: Move the hosts to F29 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2019-04-10 13:15:39 +02:00
Kevin Fenzi
9ed42f8ac2 buildvm-ppc64le: move 4 more ppc64le builders to ppc9-01 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-09 23:02:58 +00:00
Stephen Smoogen
c1b2da2b03 remove el8beta since it is not running and is breaking vhost playbooks 2019-04-09 21:50:34 +00:00
Kevin Fenzi
9f7b58183d loopabull01.stg: increase memory to 4gb from 2gb. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-09 21:33:16 +00:00
František Zatloukal
05768fe5f5 taskotron: Update buildmaster_pubkey 2019-04-09 22:59:30 +02:00
Tim Flink
18b00a20e3 proxies: fixing hostname for taskotron/resultsdb 
When I changed taskotron-prod to new-style proxy declarations,
I used the wrong hostname for the balancers - fixing that to
move traffic over the vpn
 2019-04-09 20:47:11 +00:00
Tim Flink
efbbbc9de6 proxies: changing taskotron-prod to use new-style reverseproxy 
The old-style reverseproxy declarations don't have anything in them for websockets.
This changes the reverseproxy definitions so that we're using the new style ones
for taskotron-prod and get ws handling along with that
 2019-04-09 20:19:33 +00:00
Kevin Fenzi
26a7274e66 buildvm-ppc64le-03/04/05: Move to power9 hw. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-09 20:13:13 +00:00
Kevin Fenzi
a806829c4f vhost_update_reboot: when you want to just update and then reboot a vhost 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-09 19:50:36 +00:00
Kevin Fenzi
5be0661c51 vhost_update: switch to package to call the right backend and fix other issues. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-09 19:13:01 +00:00
Kevin Fenzi
3a5f3c7894 ansible-server: just switch to all scp 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-09 18:59:13 +00:00
Kevin Fenzi
678e78acab ansible-server: switch transport to use scp first, then piped, and only then sftp 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-09 18:54:09 +00:00
Kevin Fenzi
41c92c2e9c Revert "basessh: We need a sftp server for ansible, so switch to the internal one." 
This reverts commit 0be4815020.

Instead, we will just switch ansible to scp
 2019-04-09 18:42:28 +00:00
Stephen Smoogen
88e6747363 [repospanner] if you put one thing in quotes.. you need to put all the similar things in quotes 2019-04-09 18:25:22 +00:00
Kevin Fenzi
36672f3ba0 repospanner: fix 3 more variable cases. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-09 18:21:04 +00:00
Kevin Fenzi
157111f4ec repospanner: You have to use "s on variables if they are the first thing in the value. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-09 18:18:06 +00:00
František Zatloukal
47cbd1b97b pagure: add missing comma in inventory/group_vars/pagure 2019-04-09 20:15:52 +02:00
Kevin Fenzi
0be4815020 basessh: We need a sftp server for ansible, so switch to the internal one. 
The external one won't start if it can't read /etc/ssh/sshd_config
and the internal one is likely faster and better anyhow.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-09 18:13:26 +00:00
Kevin Fenzi
78c41502a3 vhost_reboot: switch to using the new ansible 'reboot' module. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-09 17:51:02 +00:00
Kamil Páral
780adf71a1 taskotron: upgrade production to F29 2019-04-09 19:27:11 +02:00
Stephen Smoogen
7c3fa7c396 Make it so our http configs for repoSpanner do not wander off from each other due to too many cooks and too few pots. Change all repospanner related 8443 to use jinja variable repoSpanner_{{region}}_http 2019-04-09 13:50:01 +00:00
Patrick Uiterwijk
d8e632492a Sync bridge port with http port 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-09 12:48:27 +02:00
Mikolaj Izdebski
0fc00d4b41 koji_hub: Fix incorrect channel of secure-boot chain builds (#7674) 2019-04-09 11:42:07 +02:00
Kevin Fenzi
f8fb672f2f fedora-web/ols: also install ols config. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-08 22:51:23 +00:00
Kevin Fenzi
61fc38736e ols.fedoraproject.org: add site on proxies to serve local content. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-08 22:33:11 +00:00
Kevin Fenzi
321c458292 basessh: switch fedora to use dnf here (since package wants dnf-2) 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-08 20:59:29 +00:00
Kevin Fenzi
4e51f101be base: Just change this to run on rhel7 and rhel6 only with yum. The next task works for fedora hosts. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-08 20:55:09 +00:00
Kevin Fenzi
fef0fcbc0e base: fix initial libselinux task to not run on python3 hosts as package: doesn't work there. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-08 20:51:14 +00:00
Kevin Fenzi
28e87b1a1d ppc9-02: ppc9-02 is now a fedora-30 instance too, so use python3 for ansible there. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-08 20:35:21 +00:00
Kevin Fenzi
3359779879 nfs/client: exempt koji01.stg from the nfs route as well. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-08 20:18:38 +00:00
Patrick Uiterwijk
a8d8783c9e Add comment on why blacklist rather than whitelist 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-08 22:01:29 +02:00
Patrick Uiterwijk
0c8c6b085e Also disable TLSv1.1 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-08 21:56:59 +02:00
Stephen Smoogen
001a65c0e3 [pkgs/repospanner] This is what happens when you do parts of one thing in one playbook and also in another 2019-04-08 19:47:16 +00:00
Patrick Uiterwijk
0c7449ea1d Add sslciphers tags 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-08 21:41:17 +02:00
Patrick Uiterwijk
e007dad000 Enable TLSv1.3 and corresponding ciphers 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-08 21:35:27 +02:00
Kevin Fenzi
9f4bf69eae pagure / src.fp.o: Drop fedora-altarch, as it's not used. Add cvsadmin as we want them to have access to everything. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-08 19:26:32 +00:00
Patrick Uiterwijk
83f5127b50 inventory all: add note on sshd_keyhelper 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-08 19:40:58 +02:00
Patrick Uiterwijk
5080bfbee2 basessh: sandbox privsep is not supported on el6 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-08 19:13:21 +02:00
Patrick Uiterwijk
9b09d4d5d0 basessh: Fix EL6 detection logic 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-08 19:11:40 +02:00
Patrick Uiterwijk
27a21881d4 basessh: Make keyhelper explicit 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-08 18:56:03 +02:00
Patrick Uiterwijk
4f3c609815 basessh: Migrate sshd config to single template and strengthen ciphers 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-08 18:51:31 +02:00