WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-01 22:11:01 +08:00
Code Issues Packages Projects Releases Wiki Activity
13,470 Commits 9 Branches 0 Tags
d8b4efb68a9d7010fdfed705248dc4c8f38dc2a2
Commit Graph

340 Commits

Author SHA1 Message Date
Patrick Uiterwijk
d8b4efb68a Allow all traffic over the docker0 interface 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-05-09 21:16:22 +00:00
Patrick Uiterwijk
4ddee387ea Seems it tries to use koji stg over http... 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-05-09 20:56:53 +00:00
Patrick Uiterwijk
4ffd3342d5 Allow https clone from pkgs.stg 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-05-09 20:45:12 +00:00
Patrick Uiterwijk
d1cecec937 Prod != stg 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-05-09 20:38:27 +00:00
Patrick Uiterwijk
44dad913e5 Add iptables for osbs build 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-05-09 19:45:37 +00:00
Adam Williamson
b0b7dc9b47 openqa/worker: give up on GRE, single tap host instead 
OK, this GRE crap ain't working. Let's give up! Instead let's
have one tap-capable host per openQA deployment, so all the
tap jobs will go to it. This...should achieve that. Let's see
what blows up.
 2016-05-05 14:10:46 -07:00
Adam Williamson
62dbe6e6dc openqa: fix iptables stuff 
apparently host_group is not the same thing as inventory group.
 2016-04-27 18:51:09 -07:00
Adam Williamson
59e76a7f37 add an 'ansible_ifcfg_whitelist' feature and use it for openqa 
semi-acked by nirik (but he'll deny it furiously and it's all
my fault if everything blows up): for openQA's openvswitch
stuff I need a 'br0' and a 'tap0' that I don't want the base
role to mess with, but I *do* want the base role to configure
eth0 for me. ansible_ifcfg_blacklist isn't granular enough. So
let's invent ansible_ifcfg_whitelist, which if defined is a
list of interface names you want the base role to configure.
Any interface not in the list is left alone.
 2016-04-27 18:38:57 -07:00
Adam Williamson
178bffc9d0 openqa: setup firewall rules for openqa openvswitch guests 
they need to talk to the bridge and to each other. their
traffic is not directly routed over the bridge, it is NAT'ed,
hence the masquerade rule.
 2016-04-27 17:20:25 -07:00
Michael Scherer
189260776c Move ntp setup in a role 
Since base install ntp on all platforms, we can skip the vars
and place it by default (next step is to convert the
few playbooks duplicating the role)
 2016-04-16 17:47:36 +00:00
Todd Zullinger
b374a0ff03 base: only set PS1 for prod/stage for interactive sessions 
Setting PS1 for non-interactive shells doesn't make sense.  Using tput
in the PS1 causes spurious errors to be logged:

    tput: No value for $TERM and no -T specified
    tput: No value for $TERM and no -T specified

Resolves: #5234
 2016-04-14 23:28:35 +00:00
Mikolaj Izdebski
e84a937620 Improve scripts for setting PS1 2016-04-13 23:15:42 +00:00
Kevin Fenzi
193bdc7ba1 Move bodhi02.stg to bodhi01.stg since it's not booting right anyhow. 2016-04-11 19:28:13 +00:00
aikidouke
32f675c261 added tag "prompt" 2016-04-11 13:51:32 +00:00
aikidouke
0dcf06601e set prod/stg colored PS1 depending on env == staging or production 
remove from testing on badges and added to base role
 2016-04-11 13:42:29 +00:00
Kevin Fenzi
abdf1d310d Try this 2016-04-10 16:39:20 +00:00
Kevin Fenzi
5479f08c80 Try and fix watchdog so it doesn't try and install everywhere breaking everything. ;) 2016-04-10 16:33:32 +00:00
Michael Scherer
833269b151 Split postfix in a separate file for clarity 2016-04-09 20:28:14 +00:00
Kevin Fenzi
71684be33c Try and fix up this to work when running with tags that aren't in watchdog tags 2016-04-09 20:16:51 +00:00
Peter Robinson
e1b4ecc674 koji builder: add s390 hub to firewall 2016-04-08 15:52:21 +00:00
aikidouke
0432eca89a Good idea to not delete the base role.. 2016-04-05 21:34:13 +00:00
aikidouke
01bca326b1 Merge branch 'prodprompt' 
Conflicts:
	roles/base/tasks/main.yml
 2016-04-05 18:49:16 +00:00
Kevin Fenzi
8a9e586794 A whitespace change 2016-04-04 21:19:11 +00:00
Kevin Fenzi
5d9e56a45e Move a copy of this handler to the base role 2016-04-04 21:17:55 +00:00
Kevin Fenzi
dd37aa4965 Fix typo 2016-04-04 21:06:40 +00:00
Michael Scherer
2f26bd0f63 Refactor the condition to setup the watchdog with a block 2016-04-04 19:22:14 +00:00
Michael Scherer
2b470d2fa0 Use package module, so we can simplify the package installation 2016-04-04 19:22:12 +00:00
Michael Scherer
465f1d0cb0 Split watchdog related setup in a separate file 2016-04-04 19:22:09 +00:00
Dennis Gilmore
4dd019ffb9 allow the builders to access pagure.io on port 443 
Signed-off-by: Dennis Gilmore <ausil@fedoraproject.org>
 2016-04-04 17:12:56 +00:00
Kevin Fenzi
109c0ece10 Move some handlers around. Some to just base but some also to base. 2016-03-30 15:06:15 +00:00
Kevin Fenzi
dc775203ae We also don't want to track the torrent connections the other direction either. 2016-03-30 14:51:12 +00:00
Stephen Smoogen
e542e889e3 and we are now monday to push change 2016-03-21 18:41:12 +00:00
Stephen Smoogen
134036a9b0 And we have lots of iptables changes so we can block things when we want 2016-03-18 22:57:28 +00:00
Stephen Smoogen
07623cfffa and put in items for the rules 2016-03-18 20:36:52 +00:00
Stephen Smoogen
1da4475134 make an iptables set for download-phx2 2016-03-18 20:31:07 +00:00
Kevin Fenzi
bfb071fabe Nuke old iptables task and files and drop it from blockerbugs-dev. Also kill old serverbeach templates. 2016-03-18 20:28:33 +00:00
aikidouke
9b5b631745 added a when statement to check if environment is stage or production and trigger a template to add a file in /etc/profile.d that sets PS1 2016-03-15 18:09:11 +00:00
Ralph Bean
4043d326b5 No more friends. 2016-03-10 20:21:02 +00:00
Ralph Bean
c31771d0de Also the osuosl proxies. 2016-03-10 18:54:44 +00:00
Ralph Bean
e36d15bbbe Distinguish between ipv4 and ipv6. 2016-03-10 18:32:28 +00:00
Ralph Bean
4fd88f61f4 Friends. 2016-03-10 18:28:18 +00:00
Stephen Smoogen
993b750c82 start off with an awstats for log01 2016-03-02 21:23:30 +00:00
Kevin Fenzi
3382864cee Switch this over to two ip's instead of a hostname so iptables will start on boot. 2016-03-02 16:27:30 +00:00
Kevin Fenzi
f85c389531 Add a custom iptables template for torrent02. We don't want to conntrack torrent tracker connections, there's too many. 2016-02-20 01:57:07 +00:00
Kevin Fenzi
1df91d33fd This should be the default perm: 2755 2016-02-12 15:50:07 +00:00
Kevin Fenzi
0281dc80fe Fix nagios and inventory to switch over to people02 2016-02-11 16:18:27 +00:00
Kevin Fenzi
65699b531d We need to tell systemd-journald that it should sync out to persist storage otherwise it won't work until next reboot 2016-02-10 00:03:09 +00:00
Kevin Fenzi
f105bfd616 Add buildhw eth config info, blacklist some groups and tweak when statement 2016-02-06 00:04:01 +00:00
Kevin Fenzi
064680d892 See if this logic works as I want it to. 2016-02-05 21:26:57 +00:00
Kevin Fenzi
3315549c66 Correctly tag this task so it runs with the rest of the ifcfg things. 2016-02-05 21:21:49 +00:00