WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-30 05:20:49 +08:00
Code Issues Packages Projects Releases Wiki Activity
40,414 Commits 9 Branches 0 Tags
f259ca4e04884b6cdcfc8a171de41a60ac55c8c2
Commit Graph

132 Commits

Author SHA1 Message Date
Kevin Fenzi
1c2e14769c koji / hub: deny any tagging for draft builds currently 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2024-02-06 12:12:50 -08:00
Michal Konecny
cd3534157e [ipa/server] Update ipa01 to RHEL9 
Let's try to update ipa01 to RHEL9 and replace the broken ipa01 machine.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-01-24 14:59:46 +01:00
Michal Konecny
51a2ab7e73 [ipa/server] Reinstall ipa03 from scratch 
This will create the ipa03 server from scratch.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-01-22 20:03:44 +00:00
Michal Konecny
dd2093e4c6 [ipa/server] Move ipa-rewrite.conf to templates 
There are some variables that need to be filled in ipa-rewrite.conf, but it was
not in template directory, so that didn't happen.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-11-29 21:57:19 +01:00
Michal Konecny
77b00429d4 [IPA] Fix syntax issue 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-11-29 17:37:29 +01:00
Michal Konecny
df9d9a0d51 [IPA] Use ipa_server variable where posible 
Don't use hardcoded ipa01, use ipa_server variable instead that is set in group_vars.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-11-29 17:29:15 +01:00
Michal Konecny
3858d5841d [IPA] Prepare for staging ipa01 update to RHEL 9 
To deploy the ipa01 again we need to remove it from server first. This will need
to be reverted after deployment.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-11-29 17:15:54 +01:00
Michal Konecny
f4ebb6d0d7 [ipa/server] Fix the parameters for topologysegment-add 
I forgot to use the '--' for the flags and used
`hostvars[item]['ansible_hostname']` instead of just item.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-11-29 13:20:03 +01:00
Michal Konecny
315ff4be8a [ipa/server] Concatenate the strings correctly 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-11-29 13:03:19 +01:00
Michal Konecny
3d200881c4 [ipa/server] Explicitly mark '-' as string 
Previous change split the argument to two, which caused error in number of
parameters for the command. Let's try if this will fix it.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-11-29 12:48:56 +01:00
Michal Konecny
f7cb379e43 [ipa/server] Fix AnsibleUnsafeText error 
The `-` character was evaluated as subtract operation, this should fix that issue.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-11-29 12:34:53 +01:00
Michal Konecny
3d47ce35e4 [ipa/server] Add missing topology segments 
This command adds missing topology segments to already existing IPA nodes.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-11-29 08:40:57 +00:00
Michal Konecny
03edf77f12 [IPA] Start the clean step unattended 
This needs user input if not run with --unattended. Let's add this parameter to
fix that.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-11-16 14:14:42 +01:00
Michal Konecny
405c6a4953 [IPA] Clean client installation before running replica on RHEL 9 
On RHEL9 ipa-replica-install fails if there is already client installed with
"Your system is partly configured." To prevent this we need to uninstall the
existing installation before trying to do replica.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-11-16 13:56:55 +01:00
Michal Konecny
84c25cad71 [IPA] Fix syntax issue 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-11-16 12:54:53 +01:00
Michal Konecny
a3112de954 [IPA] Remove creates parameter from deploy replica 
The deploy replica step wasn't executed because it's checking if
`/etc/ipa/default.conf` exists. Remove that and use only the return code from
ipactl to check if the replication is done.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-11-16 12:39:36 +01:00
Michal Konecny
0969fed462 [IPA] Ignore errors when determining replication status 
The ipactl status returns non 0 code when the IPA server is not set yet. We need
to ignore the error code when checking that.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-11-16 12:22:01 +01:00
Michal Konecny
3e349c80ec [IPA] Use ipactl status output for replication check 
As the /etc/ipa/default.conf is already created by ipa/client role, we need to
find another way to check if replication is needed. Calling `ipactl status`
should be more reliable.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-11-16 12:06:22 +01:00
Aurélien Bompard
94478cc88b Install IPA replicas with a larger nsslapd-maxsasliosize 
Related to https://pagure.io/fedora-infrastructure/issue/10358

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2023-11-09 09:33:15 +00:00
Aurélien Bompard
f6e6921655 Factor the replication tasks in a block 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2023-11-09 09:33:15 +00:00
Michal Konecny
8a6b5a7c65 [IPA-Server]Don't install pynag on RHEL9 
pynag is not available on rhel9 yet.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-09-20 15:56:10 +02:00
Kevin Fenzi
6aa0ea662a ipa / server: enable sweeper on prod too now 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-03-15 11:28:48 -07:00
Kevin Fenzi
d98e32a15b ipa / staging: set sweepeer job to not output stdout to cron 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-03-06 10:11:40 -08:00
Kevin Fenzi
11496398d0 ipa / staging: adjust the sweeper cron job. 
Right now since minutes aren't specified, it runs it every minute of
03. ;(

Also provide full path to script.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-03-02 20:11:06 -08:00
Andrew Heath
ce6005e573 Updateing the sweeper command and setting it to run only on the stage 
env
 2023-03-02 14:57:14 -05:00
Kevin Fenzi
30ae8977c6 ipa / server: disable sweeper for now until we can sort out the issues with it 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-02-21 11:39:29 -08:00
Andrew Heath
3aa8c192eb Fixing lint issues so zull is happy 2023-02-21 19:14:21 +00:00
Andrew Heath
a128021328 Adding Sweeper to clean up expired tokens 2023-02-21 19:14:21 +00:00
Kevin Fenzi
ef40f9ea6e ipa / server: fix too many newlines 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-02-21 11:11:30 -08:00
Kevin Fenzi
39e20b5e36 ipa / server: fix trailing whitespace 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-02-21 11:09:27 -08:00
Aurélien Bompard
adf5af64bc Not so idempotent after all. 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-07-21 17:47:19 +02:00
Aurélien Bompard
a5be08dab3 Most tasks in the ipa playbook are actually idempotent 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-07-21 17:36:14 +02:00
Kevin Fenzi
a42bb9e383 ipa/server: fix typo: yess to yes 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-07-08 09:45:41 -07:00
Aurélien Bompard
7b650d56c9 Allow people in the sysadmin-main group to manage stage users in Noggin 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-07-02 18:04:30 +02:00
Aurélien Bompard
d0ccea03f2 Add the new collectd plugin for IPA 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-07-02 17:37:54 +02:00
Kevin Fenzi
7b93c69d29 ipa / server: fix delegations 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-10 11:51:16 -07:00
Kevin Fenzi
6b1feadf4f ipa / server: only install the stage user cleanup on 01 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-10 11:43:00 -07:00
Aurélien Bompard
86567270dc The keytab path is hostname-dependant 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-05-07 10:12:11 +02:00
Aurélien Bompard
bfe6cf9d02 Only run the cron job on one server 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-05-07 09:34:27 +02:00
Aurélien Bompard
abaf67b66c Adjust the keytab location to the service 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-05-07 09:16:16 +02:00
Aurélien Bompard
551ba9bd39 Oops. 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-05-06 19:04:34 +02:00
Aurélien Bompard
f1e9387759 Finally, use a service for the stage users cleanup script 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-05-06 19:02:38 +02:00
Aurélien Bompard
3ddc3934da Add a periodic cleanup script for stage users 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-05-06 13:59:21 +02:00
Aurélien Bompard
3719dff88e Add some missing tags 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-05-06 13:58:40 +02:00
Mark O'Brien
2649c23c52 ipa: add env_suffix for stg 2021-05-06 12:30:29 +01:00
Aurélien Bompard
809635c923 Improve the IPA backup process 
Fixes: https://pagure.io/fedora-infrastructure/issue/9916

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-04-30 10:35:33 +02:00
Mark O'Brien
b51c4a5c7b ipa: need more modules enabled 2021-04-23 15:33:35 +01:00
Mark O'Brien
7952914916 ipa: enable correct idm module stg 2021-04-23 12:30:13 +01:00
Mark O'Brien
cba637c5c2 ipa: otp script fix dest name 2021-04-15 21:01:46 +01:00
Mark O'Brien
d3927bb3c9 ipa: otp script add tags 2021-04-15 20:29:58 +01:00