WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-19 19:46:38 +08:00
Code Issues Packages Projects Releases Wiki Activity
45,336 Commits 9 Branches 0 Tags
e5d26fea609fce8f48e4e98031754ccd2947b334
Commit Graph

45336 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kevin Fenzi
e5d26fea60 proxies: allow POST for forge 
Some folks were getting posts failing against forge.
See https://forge.fedoraproject.org/forge/forge/issues/401

So, lets just explicitly allow POSTs through anubis as
this should be fine for normal people and should not be something
that scrapers normally do.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-12 16:57:26 -08:00
Kevin Fenzi
fefbc356f0 download: block infinite crawler looping 
The /pub/alt/virtio-win directory had in it some 11 year old things.
One was a readme noting that it moved 11 years ago and nothing was
still here. The others were links to .

The scrapers, being as dumb as posts followed all those links over and
over again to the tune of millions per day.
I removed the links, but of course they were still trying, so
lets be a bit more aggressive and just 403 them all.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-12 16:54:16 -08:00
Kevin Fenzi
0d56b527a6 anubis-el: set correct selinux labels for podman 
selinux was preventing anubis from reading its policy file.
So, set the right context here so it is happy.

Note that we cannot use :Z in the podman call, because it runs as the
anubis user which cannot chcon those files on the host.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-12 09:08:15 -08:00
Lukas Holecek
96be99434e greenwave+waiverdb: Update image repositories 
The image builds where moved to Konflux.

This is similar to the pull request for ResultsDB:
https://pagure.io/fedora-infra/ansible/pull-request/3077

See also the discussion in PR:
https://github.com/release-engineering/resultsdb_frontend/pull/17
 2026-02-12 16:21:29 +00:00
Aurélien Bompard
b80627f26a Add the publish_exchange to DistGit's fedora messaging config 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2026-02-12 17:13:22 +01:00
Jakub Kadlcik
8015bf47c7 copr: change default storage for new projects to Pulp 
See https://fedora-copr.github.io/posts/migrating-copr-results-to-pulp
 2026-02-12 13:40:59 +01:00
Ryan Lerch
e4123e7a7c Forge: add group mapping for fesco 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2026-02-12 19:34:59 +10:00
Akashdeep Dhar
44327a4962 Perform mapping for Fedora Join teams and groups 
Signed-off-by: Akashdeep Dhar <akashdeep.dhar@gmail.com>
 2026-02-12 11:59:34 +05:30
Kevin Fenzi
344adabd4c anubis-el: fix the actual handler typo 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-11 12:38:08 -08:00
Kevin Fenzi
a097beafaf anubis-el: fix syntax issue 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-11 12:33:12 -08:00
Kevin Fenzi
8104cee874 anubis-el: rework config to hopefully work with el podman and add key 
Right now, podman on el9 isn't reading the policy correctly.
This is because the env for the unit isn't getting picked up
by podman, so instead pass --env-file to read it from a file.
Also, we want to setup a private key for the download servers
so they all have the same challenge creation (so if you hit 01
you want your challenge to be good on 02, etc).

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-11 12:24:03 -08:00
Kevin Fenzi
b255f7e2df anubis-el: try and widen the cloudfront allow 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-11 09:05:01 -08:00
Kevin Fenzi
d89d391f87 anubis-el: restart on bot policy changes 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-10 15:22:02 -08:00
James Antill
0633cda299 updates+uptimes: Minor UI tweaks, less hacky sort. 
Signed-off-by: James Antill <james@and.org>
 2026-02-10 17:21:18 -05:00
James Antill
a0cab4f3cc mirror_from_forge: Add mirror_from_forge role, based on mirror_from_pagure. 
Signed-off-by: James Antill <james@and.org>
 2026-02-10 17:19:28 -05:00
Kevin Fenzi
8b94d9a7ce anubis-el: try and match without quotes 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-10 14:13:05 -08:00
Diego Herrera
3a42bab039 Reenable Centos10 sync for EPEL 10.2 mass branching 
Signed-off-by: Diego Herrera <dherrera@redhat.com>
 2026-02-10 18:13:35 -03:00
Kevin Fenzi
c62e1573f7 storinator01: use same vpn ip as it did in rdu-cc 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-10 11:11:39 -08:00
Kevin Fenzi
599656a420 storinator01: add hosts file for rdu3 iso 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-10 10:29:28 -08:00
Kevin Fenzi
7e6d17307a storinator01: update mac addresses 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-10 10:22:38 -08:00
Kevin Fenzi
53a6ce24f3 anubis: switch this to just allowing CloudFront 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-10 08:26:42 -08:00
Kevin Fenzi
e401686427 anubis: switch this to just allowing all repodata 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-10 07:58:07 -08:00
Kevin Fenzi
145e6794fb anubis: allow .zck files universally on el as well 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-10 07:54:59 -08:00
Kevin Fenzi
5615d1b036 anubis: allow .zck files universally 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-10 07:52:53 -08:00
Aurélien Bompard
90ed56ae7b bugzilla2fedmsg: rebase on RHEL9 + Python 3.11 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2026-02-10 15:29:44 +01:00
Aurélien Bompard
d10f2fe3bc bugzilla2fedmsg: update the staging deployment config for the Kafka port 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2026-02-10 14:58:12 +01:00
Angel Cervera Roldan
59debdda2c Update playbooks/openshift-apps/fedora-coreos-pipeline.yml 2026-02-10 13:42:04 +00:00
Jiri Podivin
11d11c214e Skipping ansible-lint rules, in cases when it makes sense 
Signed-off-by: Jiri Podivin <jpodivin@redhat.com>
 2026-02-10 10:23:23 +01:00
Jiri Podivin
28d40d6e0b Resolving style issues of the logdetective role 
Signed-off-by: Jiri Podivin <jpodivin@redhat.com>
 2026-02-10 10:23:23 +01:00
Jiri Podivin
34eaee695e Opening 8090 port for communication with packit interface server 
Signed-off-by: Jiri Podivin <jpodivin@redhat.com>
 2026-02-10 10:23:23 +01:00
Kevin Fenzi
24ea94601d vmhost-x86-copr01/02/03: stop removing nftables 
These hosts are rhel10 now and removing nftables takes out the entire
libvirt stack as it doesn't support iptables anymore.

This results in base removing libvirt and the hypervisor role
re-installing it every playbook run. It also means the network doesn't
work on guests at all.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-09 15:08:28 -08:00
Kevin Fenzi
faff0d9e0f vmhost-p09-copr01: not encrypted yet, needs reinstall 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-09 13:34:35 -08:00
Jaroslav Groman
09859d9acc Update source branch for Quality apps in staging OpenShift 
Signed-off-by: Jaroslav Groman <jgroman@redhat.com>
 2026-02-09 20:55:08 +00:00
Kevin Fenzi
991273d7f1 copr_hypervisors: enable nbde on all of them 
The x86 ones are now in rdu3 and reinstalled with rhel10.
All the power9 ones are in rdu3 and reinstalled.

So, we should just enable nbde on all of them.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-09 11:30:46 -08:00
Ryan Lerch
080db33424 turn of new projects UI for production 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2026-02-09 12:37:51 +10:00
Pavel Raiskup
30c0defe44 copr-backend: more verbose machine termination 2026-02-07 21:08:10 +01:00
Kevin Fenzi
a9acbd4c0e bodhi/openshift: restore dropped cd to the right directory 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-06 10:17:14 -08:00
Kevin Fenzi
dc3fda7f45 bodhi/openshift: fix missing / 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-06 09:59:07 -08:00
Kevin Fenzi
9503d8df11 bodhi / openshift: adjust critpath to pull from forge instead of pagure.io 
releng moved things from pagure.io/releng to
forge.fedoraproject.org/releng/tooling

Adjust this cron to do likewise.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-06 09:54:04 -08:00
Greg Sutcliffe
1324b1e72a Add more CPU to proxy11 to help with httpd alerts 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2026-02-06 14:03:41 +00:00
Patrik Polakovič
46fbcc5567 Branch Fedora 44 from Rawhide 
Signed-off-by: Patrik Polakovič <patrik@alphamail.org>
 2026-02-05 19:10:58 +00:00
Greg Sutcliffe
0bb245c653 Zabbix | Rabbit: Fix hardcoded STG entry in zabbix agent drop-in 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2026-02-05 11:12:42 +00:00
Miroslav Suchý
6092f3bdb2 set swappiness to 10 for copr machines 2026-02-04 20:45:38 +01:00
Ryan Lerch
1d6aa6f15a [webhook2fm] fix typo from 8a61479d64 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2026-02-04 11:18:10 +10:00
Ryan Lerch
8a61479d64 [webhook2fm] update staging rediurect URIs 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2026-02-04 11:06:52 +10:00
Ryan Lerch
a36c5a7a16 [forge] add staging ips to webhook ALLOWED_HOST_LIST settings 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2026-02-04 10:21:35 +10:00
Ryan Lerch
a425f8715f [forge] set default merge style to rebase 
fixes: forge/forge#353

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2026-02-04 09:24:20 +10:00
Ryan Lerch
6aab5d6da0 [forge] update ALLOWED_HOST_LIST for webhooks to include internal ips 
fixes: forge/forge#368

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2026-02-04 09:20:26 +10:00
Pavel Raiskup
8e09c0498e copr-be: keep one machine running for Kevin's debugging 2026-02-02 16:55:54 +01:00
Gregory Bartholomew
502f7c6273 openshift-apps/websites: requesting access for glb 
Signed-off-by: Gregory Bartholomew <gregory.lee.bartholomew@gmail.com>
 2026-02-01 11:19:51 -06:00