WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-20 03:57:02 +08:00
Code Issues Packages Projects Releases Wiki Activity
44,610 Commits 9 Branches 0 Tags
e3fb6a82a0b16d8efbbcdacfa200b7dcb0631f9c
Commit Graph

10031 Commits

Author SHA1 Message Date
Greg Sutcliffe
368c6c9b51 Zabbix: Update base template to allow sundries01 to be more flexible on CPU usage alerts 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-10-30 12:17:31 +00:00
Pavel Raiskup
094e3a133d copr-be: enable workers on vmhost-p09-copr0{2,3,4} 2025-10-30 09:00:12 +01:00
Kevin Fenzi
67b6e258ef ipsilon02: we never actually deployed a ipsilon02 in prod after the dc move 
But we should have one in case 01 is not processing correctly.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-29 15:17:32 -07:00
Pavel Raiskup
4b78485abe copr-be: start machines on the three p09 boxes in rdu3 2025-10-22 08:31:48 +02:00
James Antill
be8ab9e311 *-test* hosts: Add el10-test host file 
Signed-off-by: James Antill <james@and.org>
 2025-10-21 19:09:50 -04:00
Kevin Fenzi
6f5c2337d9 copr-hypervisor: add nbde bindings 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-21 14:13:37 -07:00
Kevin Fenzi
3c3ef0a311 copr-hypervisor: add nbde device 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-21 13:56:54 -07:00
Kevin Fenzi
d2b4bbd372 copr-hypervisor / p09: add nbde handling in rdu3 
This adds network block device encryption to the 3 (so far) power9's in
rdu3. This will allow them to unlock encrypted partitions from our
tang server(s).

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-21 13:46:06 -07:00
Pavel Raiskup
37a0d08531 copr_hypervisor: correctly use full hostname 2025-10-21 21:40:09 +02:00
Pavel Raiskup
7c423f25d0 copr-be: bake hypervisor config into hostvars 2025-10-21 21:19:04 +02:00
Kevin Fenzi
aff07cf6e4 communishift: add comminishift-fedora-coreos-ai-helpers 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-21 11:36:11 -07:00
Pavel Raiskup
ae96be8f75 copr_hypervisor: fix typo 2025-10-21 20:09:20 +02:00
Pavel Raiskup
cf97ca7257 copr_hypervisor: fix libvirt conn host spec 2025-10-21 20:05:52 +02:00
Pavel Raiskup
7ee2364ae6 copr-be/copr_hypervisor: access libvirt over ipv6 address 
See https://github.com/fedora-copr/copr/issues/3786
 2025-10-21 20:02:46 +02:00
Kevin Fenzi
4af418b1f5 batcave01: move to vmhost-x86-01 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-17 15:14:11 -07:00
Kevin Fenzi
fc4158d896 proxy10: switch to f43 
We are trying this to see if it has any help or at least datapoints for
the timeout issue.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-17 09:54:11 -07:00
Kevin Fenzi
6c8fb623c4 proxies / staging: set memory to 16g for staging proxies 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-17 08:52:33 -07:00
Pavel Raiskup
865ac61eb2 copr_hypervisor: don't let external world routing through the box 2025-10-17 08:32:37 +02:00
Kevin Fenzi
86256e5884 proxies / staging: switch proxy02.stg to f43 
We want to make sure this generally works fine before redoing a prod one
with f43.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-16 13:46:33 -07:00
Pavel Raiskup
3f4bd0ccf5 copr-be: start building on p09 again 2025-10-16 21:55:47 +02:00
Pavel Raiskup
82522377cd copr_hypervisor: tweak FORWARD nftables 2025-10-16 21:38:29 +02:00
Pavel Raiskup
7b2518f8a8 copr-be: disable vms on p09 hypervisor 
https://github.com/fedora-copr/copr/issues/3945
 2025-10-16 15:59:46 +02:00
Pavel Raiskup
f0790852fe copr_hypervisor: we need to keep iptables on RHEL 8 machines 
https://pagure.io/fedora-infrastructure/issue/12531
 2025-10-15 10:33:52 +02:00
Pavel Raiskup
41d1ed1cdd copr_hypervisor: don't opt-out nftables 
The a1342d4ac5 should fix nftables.
 2025-10-15 09:57:18 +02:00
Pavel Raiskup
a1342d4ac5 copr_hypervisor: fix libvirt nat networking 
Per discussion in:
https://github.com/fedora-copr/copr/issues/3945
 2025-10-15 09:55:17 +02:00
Kevin Fenzi
4a47cfaff2 ibiblio: switch to the new default vlan 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-13 13:56:02 -07:00
Kevin Fenzi
18cd42c22d vmhost-p09-copr: set ipv6 addresses correctly 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-13 13:14:34 -07:00
Kevin Fenzi
ce1307f427 Revert "anubis: disable entirely on proxy110/101" 
This reverts commit 1c8ff36a0f.

This won't work because it's too weak in precidence.
 2025-10-13 10:31:55 -07:00
Kevin Fenzi
1c8ff36a0f anubis: disable entirely on proxy110/101 
These are internal proxies, they don't need to bother running anubis at
all, since they don't get any external traffic.

Just doing this to rule out some problem with additional proxy layer
and anubis causing the timeouts we are seeing.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-13 09:47:25 -07:00
Kevin Fenzi
ace7783530 copr_hypervisor: also set host_group 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-13 07:56:59 -07:00
Pavel Raiskup
79e47c7018 vmhost-p09-copr01: experiment with nftables 
Relates: https://github.com/fedora-copr/copr/issues/3945
This reverts commit 0a3fc8d4a1.
 2025-10-12 09:08:03 +02:00
Kevin Fenzi
bc878b56ba vmhost-p09-copr03: fix mac address copypasta 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-11 14:34:30 -07:00
Kevin Fenzi
b5cbcb0536 vmhost-p09-copr02/03/04: add 3 power9 machines in rdu3 for copr 
This adds 3 power9 machines in the new 'fedora-isolated' vlan
in rdu3. This is the vlan thats going to house the moved rdu2-cc
hardware in rdu3. We already moved these 3 machines from iad2
so we can use them to try out the new vlan and acls and such.

This adds host vars for the 3 new machines (mac address, ips, etc)
It adds them to the copr_hypervisor group in inventory
It adds their mgmt to dhcpd config so they get known ip's for
their mgmt interfaces instead of dynamic ones.
It adds a 8 disk ppc64le kickstart to install them with.

It also fixes the dhcpd config for the bvmhost-p09-01-stg mgmt
interface, it's off by one.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-10 19:05:37 +00:00
Pavel Raiskup
0a3fc8d4a1 p09 host no longer works with nftables 
Revert "vmhost-p09-copr01: try to go with nftables"

This reverts commit c1f51e0f32.
 2025-10-10 12:25:01 +02:00
Greg Sutcliffe
3d70d99b96 Zabbix: (staging) Try out defining *all* hostgroups as per Nagios 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-10-07 12:30:44 +01:00
Pavel Raiskup
1f1bf582b4 copr-be-dev: pre-allocate one (normal) aarch64 machine 
Fixes: https://github.com/fedora-copr/copr/issues/3865
 2025-10-06 15:33:30 +02:00
Greg Sutcliffe
3fe44802f6 Zabbix: Add ping-only non-Ansible hosts 
We have a bunch of hosts that don't run Ansible or aren't reachable,
such as builders or OpenShift workers. These are currently defined in
group_vars/nagios:rdu3_management_hosts.

This commit replicates the function for Zabbix, defining hosts with
ping-only checks as part of the server role.

I'm not *super happy* about how I've included this, but I'm putting it
on an refactor todo list along with some other things - this works for
now.

Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-10-06 13:40:47 +01:00
Greg Sutcliffe
f565c59e45 Zabbix: Increase disk thresholds for copr hypervisors 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-10-03 16:01:03 +01:00
Aurélien Bompard
991a0a81eb Add the new VM for IPA-tuura 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-10-03 14:50:34 +02:00
Greg Sutcliffe
e30e0e2114 Zabbix: Rework how PSKs are defined in Ansible 
The "file+env_suffix" is a problem when dealing with hosts like
pagure-stg01 that actually exists in prod. We can't override env_suffix
without breaking many things.

Instead, the PSKs are now defined directly in the private vars, instead
of in a file, and the variable name is then read from inventory vars.
This means we can override it for a group/host.

Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-10-03 13:27:05 +01:00
Greg Sutcliffe
de1a667f82 Zabbix: Allow for different mailq thresholds using macros 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-10-03 11:24:45 +01:00
Kevin Fenzi
62ca3a6f7b buildhw_rdu3: make sure buildhw-a64 are in this group to get correct nftables rules 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-02 15:16:09 -07:00
Kevin Fenzi
df4369a4cd buildhw-a64-03 to 07: also add to inventory 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-02 14:06:34 -07:00
Kevin Fenzi
c132d31af4 buildhw-a64-03 to 07: add in last 5 aarch64 boxes from iad2 
These boxes are not the newest ones, but still should be really fine as
buildhw builders.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-02 14:04:30 -07:00
Kevin Fenzi
b3d32cf04c kernel02: add nbde vars 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-02 10:44:52 -07:00
Greg Sutcliffe
74f90c12f6 Zabbix: Fix typo in staging vars 
I caught this one in all, missed it in stg, sigh

Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-10-02 12:42:49 +01:00
Greg Sutcliffe
9bbbdc29ce Zabbix: Move connections vars to inventory, set sane role defaults 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-10-02 12:39:40 +01:00
Pavel Raiskup
a896c86e7a copr-be: new AMIs (old removed due to missing FedoraGroup=copr tag) 2025-10-02 01:25:22 +02:00
Greg Sutcliffe
1b8b300c0d Zabbix: Increase disk read/write threshold for retrace03 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-30 13:33:15 +01:00
Greg Sutcliffe
1dcd5c6e40 Zabbix: Add VPN address for Zabbix back to Copr prod hosts 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-30 12:42:50 +01:00