WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-06-27 23:57:02 +08:00
Code Issues Packages Projects Releases Wiki Activity
44,699 Commits 9 Branches 0 Tags
e468f7b591c420aaa7e84b4908429c663dcd0019
Commit Graph

9103 Commits

Author SHA1 Message Date
David Kirwan
e468f7b591 forgejo: add vars for replicas 
Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
 2025-11-06 09:23:40 +00:00
Shaun McCance
8992d7e0b1 Redirect flocktofedora to 2026 page 2025-11-05 19:09:12 +00:00
Kevin Fenzi
099d86607b buildvm: add buildvm_s390x_stg to groups we virt install 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-11-04 17:43:20 -08:00
Kevin Fenzi
914ac1e646 virthost: no serial on power10 lpars 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-11-04 12:34:55 -08:00
Kevin Fenzi
3b00ae4c60 virthost: setup iscsi on all bvmhost-p10s 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-11-04 11:42:20 -08:00
Kevin Fenzi
57f4a541a0 buildhw-p10-02.stg: add new power10 stg lpar 
This isn't really a 'buildhw', but it's pretty close.
It's an lpar on a power10 box.

I'm making it a hw builder in staging because if we tried to make
it a bvmhost and put vm's on it, we would need to setup macvtap, which
would be fine, but extra complication where we don't really need it in
staging currently.

01 will be created once we reconfigure the one thats currently serving
as bvmhost-p10-01. Which will happen after we move 1/2 the builders
off to a new bvmhost-p10-02 lpar on this same second power10.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-11-03 16:29:11 -08:00
Kevin Fenzi
7d459bcfd0 ipa: enable audit logs on ipa01/ipa01.stg 
We had this set before the dc move in iad2, but we didn't ever setup the
config to enable it in rdu3.

This should do that.

Note that I have already manually enabled it, and this should just
ensure that it's enabled if we reinstall or move to the next datacenter.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-30 18:48:45 +00:00
Kevin Fenzi
b634f6c79d bodhi / web: use 4 replicas by default for web pods 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-29 10:33:30 -07:00
Aurélien Bompard
cb4cb65387 IPA-tuura: configure sssd ourselves 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-10-23 18:05:53 +02:00
Aurélien Bompard
9e8f678437 IPA-tuura: dont use the httpd/mod_ssl role 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-10-22 13:53:15 +02:00
Aurélien Bompard
dc87c6ded8 Deploy IPA-tuura directly in the VM 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-10-22 13:39:50 +02:00
Michal Konecny
6337df3098 [proxies] Add id.stg.fp.o wildcard cert 
There was a wildcard cert for id.stg.fedoraproject.org missing. It's now
available so let's use it.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2025-10-22 11:23:04 +02:00
Kevin Fenzi
210e8b3e16 copr-hypervisor: fix missing name= 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-21 13:53:50 -07:00
Kevin Fenzi
095d5d0cca copr-hypervisor: fix indentation 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-21 13:49:12 -07:00
Kevin Fenzi
d2b4bbd372 copr-hypervisor / p09: add nbde handling in rdu3 
This adds network block device encryption to the 3 (so far) power9's in
rdu3. This will allow them to unlock encrypted partitions from our
tang server(s).

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-21 13:46:06 -07:00
Aurélien Bompard
0feed3e810 IPAtuura: fix login IPA rule 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-10-21 17:32:37 +02:00
Aurélien Bompard
8206161d13 Configure authentication in IPA for IPA-tuura 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-10-21 17:26:08 +02:00
Aurélien Bompard
8de72a0f0c Use our postgresql server for IPA-tuura 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-10-21 16:12:10 +02:00
Aurélien Bompard
3cd397629d Declare in IPA the public hostname 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-10-20 15:40:51 +02:00
Kevin Fenzi
146229ae13 proxies: coreos uses env_suffix for website name 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-16 16:38:33 -07:00
Kevin Fenzi
d8ecaa06dd proxies: jenkins and testdays are both prod only 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-16 16:17:57 -07:00
Kevin Fenzi
535eb3dd1b proxies: drop ipsilon-project from reverproxy too 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-16 15:54:00 -07:00
Kevin Fenzi
a82dfa1229 proxies: lists.pagure.io is prod only 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-16 15:33:53 -07:00
Kevin Fenzi
27f007c333 proxies: getfedora.org and fedoracommunity.org only get setup in prod 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-16 15:18:35 -07:00
Aurélien Bompard
b4bb584dd8 Try to get keycloak to trust the IPA CA cert 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-10-16 18:05:10 +02:00
Aurélien Bompard
5dd03158f9 ipatuura01: make it an IPA client 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-10-16 15:28:49 +02:00
Kevin Fenzi
867903b998 Revert "proxies / src: switch anubis back off to allow for rust crate building ( infra 12812 )" 
This reverts commit 2cdbaa0b28.
 2025-10-14 20:04:21 -07:00
Kevin Fenzi
2cdbaa0b28 proxies / src: switch anubis back off to allow for rust crate building ( infra 12812 ) 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-14 15:47:56 -07:00
Aurélien Bompard
8b1cebb867 Declare the HTTP/keycloak service in IPA 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-10-14 16:11:26 +02:00
Aurélien Bompard
6ce536b8a4 Keycloak: fix IPA host name 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-10-14 16:02:21 +02:00
Aurélien Bompard
f4477e0bde Fix moved file 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-10-14 15:48:55 +02:00
Aurélien Bompard
fb967d743a IPA-tuura: add role 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-10-14 15:46:02 +02:00
Alice Frosi
c7bcfa3801 Add access to afrosi to the fedora-coreos-pipeline 
Signed-off-by: Alice Frosi <afrosi@redhat.com>
 2025-10-13 12:21:21 +00:00
Kevin Fenzi
d861b438cc proxies / src: enable anubis to prevent outage 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-12 17:39:41 -07:00
Kevin Fenzi
a8628c6934 src / staging: re-enable anubis on src.stg 
We want to reenable this so we can test solutions to
https://pagure.io/fedora-infrastructure/issue/12812

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-10 10:45:24 -07:00
Greg Sutcliffe
9b38df0550 Certs: Use renewed *.fedorapeople.org cert 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-10-07 22:00:26 +01:00
Aashish Radhakrishnan
a54e3fb728 Remove user gallen from the pipeline users list 
The testing of JMS-Messaging plugin is done, we can now remove gallen
from the list of users

Ref: https://github.com/coreos/fedora-coreos-pipeline/issues/1181
 2025-10-07 12:37:58 -07:00
James Antill
12cc938618 kojipkgs: Add rsyncd role for transfering log files. issue#12833 
Signed-off-by: James Antill <james@and.org>
 2025-10-06 16:13:02 -04:00
Kevin Fenzi
271598a0b6 virthost: collectd is not available in epel10 yet 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-06 08:21:48 -07:00
Kevin Fenzi
cafb5514e8 bodhi: increasing warning threshold for queue 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-05 13:04:34 -07:00
Kevin Fenzi
34f41fe5f4 ipatura: enable nagios_client 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-04 16:47:59 -07:00
Aurélien Bompard
fdfddc6e1f First of a probably long line of fixes to the ipa-tuura playbook 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-10-03 15:15:59 +02:00
Aurélien Bompard
991a0a81eb Add the new VM for IPA-tuura 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-10-03 14:50:34 +02:00
Kevin Fenzi
b2e23ea5bd kernel02: add nbde role 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-10-02 10:43:20 -07:00
Joel Capitao
60eb1cf3fd fedora-coreos-pipeline: add access for coreosbot 
We need coreobot account to be able to access Jenkins WebUI in order
to generate token. This identity will be used by Konflux to trigger
job.
 2025-10-02 12:33:08 +02:00
Aurélien Bompard
703e67fd2d Allow W2FM to send gitlab events 
Fixes: https://pagure.io/fedora-infrastructure/issue/12816

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-10-02 08:52:33 +02:00
Aurélien Bompard
3aac757ba1 Add basic ipa-tuura deployment 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-09-30 12:35:48 +02:00
Aurélien Bompard
dc94432491 Keycloak: try to add IPA-tuura 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-09-30 10:18:56 +02:00
Greg Sutcliffe
cf9f2d9442 Zabbix: Add copr-* hosts to zabbix role 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-09-29 17:10:08 +01:00
Pavel Raiskup
d217ab4b30 logdetective: another workaround 
Skip the whole include.
 2025-09-29 17:04:07 +02:00