WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-06-27 23:57:02 +08:00
Code Issues Packages Projects Releases Wiki Activity
44,307 Commits 9 Branches 0 Tags
d97e627ae3055451d91887c0a654aa30478a6a40
Commit Graph

44307 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Greg Sutcliffe
d97e627ae3 Zabbix/Postfix: Postqueue map, socket policy, and template update 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-29 11:53:44 +01:00
Greg Sutcliffe
80f01b264f Zabbix/Postfix: Sendmail mmap policy 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-29 11:13:29 +01:00
Aurélien Bompard
56b9c8f150 Start working on keycloak in staging 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-09-29 11:19:07 +02:00
Greg Sutcliffe
c833a49a4b Zabbix: New vars pattern means we don't need an extra task for overrides 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-29 10:05:16 +01:00
Greg Sutcliffe
70058ab25d Use a better pattern for importing OS vars, allows override 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-29 08:51:27 +00:00
Jiri Kyjovsky
2c8af1ec06 copr: disable powerful s390x machines 
See https://github.com/fedora-copr/copr/issues/3856
 2025-09-29 08:53:46 +02:00
Kevin Fenzi
3f5b2c4401 nagios / bvmhost-p10-mgmt: try and fix http exclusion 
This isn't a group, it's just a group variable, so try and change the
conditional to match.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-28 09:51:02 -07:00
Kevin Fenzi
28b78845cf nagios: do not check swap on openqa lab workers either 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-28 09:12:35 -07:00
Kevin Fenzi
097c9b2e6b nagios: do not check swap on openqa workers 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-28 08:29:29 -07:00
Kevin Fenzi
948346f457 rabbitmq: drop some osci queues 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-26 13:35:11 -07:00
Kevin Fenzi
639c91bf22 zabbix: bump the cache size to 1G 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-26 12:34:01 -07:00
Kevin Fenzi
25ef9ffdae ipa: fix typo in logrotate 
Seems this was missing a leading /, so it was not working.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-26 12:22:20 -07:00
Kevin Fenzi
cc1001c543 zabbix01: double memory 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-26 11:30:36 -07:00
Kevin Fenzi
8925ccf7e2 proxies / redirects: do not try and setup redirects for community sites in staging 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-26 08:40:27 -07:00
Greg Sutcliffe
144066c8f4 Zabbix/Postfix: Rules for postqueue using tmpfs 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-26 12:24:21 +01:00
Greg Sutcliffe
5957d2c832 Zabbix/Postfix: Rules for postfix_master 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-26 12:16:08 +01:00
Greg Sutcliffe
a7a2232e7b Zabbix/Postfix: Even more denials, sigh 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-26 12:07:55 +01:00
Greg Sutcliffe
4a97d2cbda Zabbix/Postfix: Add postqueue exec_no_trans 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-26 11:53:08 +01:00
Greg Sutcliffe
0496e663ed Zabbix/Postfix: Add postqueue execution 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-26 11:44:50 +01:00
Greg Sutcliffe
6c8b3337ac Zabbix/Postfix: Apparently postfix_etc_t needs open as well as read 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-26 11:36:04 +01:00
Greg Sutcliffe
a41c0a3546 Zabbix/Postfix: Add missing type for postfix_etc_t 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-26 11:25:07 +01:00
Greg Sutcliffe
224f21142d Zabbix/Postfix: Remove old pp file and add new exception for postfix_etc_t 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-26 11:19:41 +01:00
Greg Sutcliffe
abbb813f6e Zabbix/Postfix: Switch to handler-based local compilation of SELinux module 
We're hitting errors on older hosts because the precompiled module was
on too-new a policy version. This moves the compilation of the module
to the target, via handlers.

Right now this is hardcoded to the specific module in base/postfix, but
we can generalise it to compile all the various SELinux modules later on

Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-26 10:44:04 +01:00
Kevin Fenzi
f75f2c51c1 anubis: try and allow bodhi and badges rss feeds 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-25 16:09:27 -07:00
Kevin Fenzi
3c61b1ecab proxies / websites / getfedora.org: switch this to use a letsencrypt cert 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-25 15:24:02 -07:00
Kevin Fenzi
4d49d0841c ipsilon-website: disable for now 
This site is still pointing to iad2, and I can't find anyone who can
point it to rdu3, so I think it's going to just have to go away.

Disable for now, but if no one appears, we should delete it entirely,
as well as the openshift app that serves this website.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-25 15:07:30 -07:00
Kevin Fenzi
775d046d8f proxies / download: switch to new 2025 wildcard fedoraproject.org cert 
Switch from the 2024 one that expires in a bit to a new shiny one that
doesn't expire until next year.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-25 14:50:49 -07:00
Gregory Bartholomew
2c70b3b8d8 alt: redirect home page to the new fedoraproject.org/misc page (version 2) 
Signed-off-by: Gregory Bartholomew <gregory.lee.bartholomew@gmail.com>
 2025-09-25 21:18:10 +00:00
Pedro Moura
78abe4774e add tmpwatch back 
Signed-off-by: Pedro Moura <pmoura@redhat.com>
 2025-09-25 21:14:43 +00:00
Gregory Bartholomew
1531796df7 redirect fedoracommunity.org to fedoraproject.org 
also redirect {fr,it,tw}.fedoracommunity.org to their respective sites

closes https://pagure.io/fedora-websites/issue/936

Signed-off-by: Gregory Bartholomew <gregory.lee.bartholomew@gmail.com>
 2025-09-25 21:11:43 +00:00
Greg Sutcliffe
b4a6699e29 Zabbix: update thresholds for noisy services 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-25 16:18:07 +01:00
Michal Konecny
a9ef982c03 [ipsilon] Check if variable is defined first 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2025-09-25 14:35:57 +02:00
Michal Konecny
4592e463f4 Setup ipsilon02 as OpenID only instance 
This will split the ipsilon config to OpenID and everything else.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2025-09-25 14:17:08 +02:00
Greg Sutcliffe
d2a66a0bf4 Zabbix/Postfix: Ensure drop-in dir exists 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-25 12:00:16 +01:00
Michal Konecny
1c9468489a Add second ipsilon host for staging 
This is a test host to try deploy OpenID instance only.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2025-09-25 10:37:16 +00:00
David Kirwan
be7e59eb98 forgejo: configure crunchydata postgres cluster to prune backups 
Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
 2025-09-25 10:54:04 +01:00
Aurélien Bompard
3256e23b37 Datanommer: enable the cronjob in prod 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-09-25 11:06:32 +02:00
Ryan Lerch
1b1071c53c [forge] Configure user profiles to be public by default 
- Add DEFAULT_USER_VISIBILITY: public
- Add ALLOWED_USER_VISIBILITY_MODES: public
- Ensures all user profiles are publicly accessible
 2025-09-25 13:40:23 +10:00
Kevin Fenzi
1095db38bf proxies / badges: drop anubis here for now 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-24 18:11:40 -07:00
Kevin Fenzi
07eef522f4 proxies: drop tag on the task 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-24 17:11:43 -07:00
Kevin Fenzi
c8f5519169 proxies: set local_port_range to under 32k 
This works around a weird problem in rdu3. Proxies have connections to
kojipkgs timeout if the local port is over 32k. We aren't sure why this
happens yet, but this seems to work around the problem for now.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-24 17:08:02 -07:00
Kevin Fenzi
dc5f7ae379 proxies: disable anubis on internal proxies 
This should not have caused any issues, but I want to rule out it being
related to the 503 errors we have been seeing.

it also doesn't do any good to have enabled here as these proxies are
internal only and never would have browsers or crawlers hitting them.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-09-24 11:07:10 -07:00
Greg Sutcliffe
8141b597d5 Zabbix/Postfix: Add tags to SELinux module install so it actually runs 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-24 17:09:28 +01:00
Greg Sutcliffe
17f06ff65f Zabbix/Postfix: Compile the module on an older host so the policy version is compatible 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-24 16:55:30 +01:00
Greg Sutcliffe
325019aa3f Zabbix/Postfix: Update SELinux module to allow the agent to run mailq 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-24 16:47:20 +01:00
Greg Sutcliffe
4651ff72b8 Zabbix: Ensure Postfix role creates the Postfix hostgroup 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-24 15:27:18 +01:00
Greg Sutcliffe
a8d00abea1 Zabbix: Add monitoring to the base/postfix role 
This adds an example implementation of how to add Zabbix agent
monitoring to the Postfix role

There are 5 parts
    - The agent dropin file
    - The (optional) script the agent will call
    - A custom SELinux module to allow the agent to run it's tools
    - An API call to ensure the target template exists
    - An API call to add the host to the right template

See the PR for details on how this works...

Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-24 15:16:02 +01:00
Greg Sutcliffe
a11c879c3e Zabbix: enable Zabbix on autosign hosts 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-24 13:19:22 +01:00
Pavel Raiskup
ae33c9d0d4 copr: define cgit_uri template variable 
And provide updated httpd/conf.d/cgit.conf.
 2025-09-24 14:02:40 +02:00
Greg Sutcliffe
3df29fa809 Zabbix: Add default vars for RedHat-10 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-24 12:57:11 +01:00