james/ansible
1
0
Fork 0
forked from infra/ansible
Code Pull requests Activity
45,368 commits 11 branches 0 tags 128 MiB
Commit graph

45,368 commits

This branch
This branch
All branches
Author SHA1 Message Date
James Antill
d574d28433 people: Use our rsyslog-logrotate to compress, anubis msgs ftw. 
Signed-off-by: James Antill <james@and.org>
 2026-05-02 11:36:39 -04:00
James Antill
03114092f4 proxies / provisioning: redirect https pages to /iot/ 
Signed-off-by: James Antill <james@and.org>
 2026-04-30 23:46:42 -04:00
Samyak Jain
2e01ca9793 Fedora 44 Bodhi enablement and Beta freeze - froze releng not infra 
Signed-off-by: Samyak Jain <samyak.jn11@gmail.com>
 2026-02-17 20:07:41 +05:30
Aurélien Bompard
1e56a66d34
 		Lower the DB connection recycling time in Dist-Git 
Fixes: infra/tickets#13099

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2026-02-17 13:07:51 +01:00
Jiri Kyjovsky
369056132a copr-hv: enable x86 hvs for prod 2026-02-17 13:01:54 +01:00
Jiri Podivin
e6f5f2b8cc Adding jmatufka to root_auth_users 
Signed-off-by: Jiri Podivin <jpodivin@redhat.com>
 2026-02-17 10:53:41 +01:00
James Antill
03865d03b3 batcave: Move from mirror_pagure_ansible to mirror_forge_ansible. 
Signed-off-by: James Antill <james@and.org>
 2026-02-16 18:17:13 -05:00
Kevin Fenzi
7053ad1c4f rabbitmq_cluster: remove two osci queues that are no longer needed 
See infra/tickets#12810

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-16 15:12:11 -08:00
Kevin Fenzi
231dbb29ec nagios: add some more hosts to rdu3_external 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-16 13:25:59 -08:00
Kevin Fenzi
0db48ee5ce nagios: add proxy03/14 to rdu3_external list so noc02 works 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-16 13:14:18 -08:00
Kevin Fenzi
79cb98716a nagios: adjust pagure check some more 
The url was also modified some, so adjust it to be...correct.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-16 12:00:27 -08:00
Kevin Fenzi
947ad7f7ba nagios: this check is really supposed to be against pagure.io 
This was fallout from my sed to change all the references from pagure.io
to forge.fedoraproject.org. In this case though, we do want pagure.io
here because we are using this to check that it's up and working
properly.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-16 11:17:59 -08:00
Kevin Fenzi
b6a7d5edfd nagios: try and rework conditional 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-16 10:23:01 -08:00
Kevin Fenzi
24ecee5ebe nagios: try and fix the proxy03/14 problem with missing host because they are in rdu3-iso instead of rdu3 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-16 10:02:47 -08:00
Kevin Fenzi
b6ec520bc5 buildhw-x86-02: disable in koji and set to not freeze 
I am going to use this builder to test/deploy pesign sigul-dry bridge.
So, it has been disabled in koji and should be ok to test with.
Once things are lined up and tested it can be re-enabled.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-16 09:10:49 -08:00
Kevin Fenzi
6706723eea hardware: adjust inventory to drop p08's and add p09s 
The p08 copr machines were in rdu2-cc and are gone now.
The p09 machines in rdu3 are all up and online now.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-16 09:04:49 -08:00
Pavel Raiskup
bf99504840 copr-fe: drop a redundant rule 
See https://github.com/fedora-copr/copr/issues/4171
 2026-02-16 16:55:45 +01:00
James Antill
c6d0f4e5a3 mirror_from_forge: Change messages from pagure to forgejo. 
Signed-off-by: James Antill <james@and.org>
 2026-02-16 09:39:58 -05:00
Jiri Kyjovsky
8dd7e55028 copr-hv: enable migrated hvs on copr-be-dev 2026-02-16 15:34:54 +01:00
Miroslav Suchý
68ec08de9f copr: fix name of the pool 2026-02-16 13:28:14 +01:00
Miroslav Suchý
2cfcd10d79 copr: fix name of the pool 2026-02-16 13:21:56 +01:00
Miroslav Suchý
23ff808fe3 copr: add x86_64 reserved powerful builders 2026-02-16 11:26:43 +01:00
Pavel Raiskup
d075c470de copr-hv: enable p09 01 2026-02-16 09:59:37 +01:00
Pavel Raiskup
d2b458f041 copr-hv: copy config from 02 to vmhost-p09-copr01 2026-02-16 08:27:45 +01:00
Pavel Raiskup
55f225d428 copr-hv: typofix 2026-02-16 08:11:22 +01:00
Pavel Raiskup
7faef4610c copr-hv: tag the Copr-specific role 2026-02-16 08:09:51 +01:00
Pavel Raiskup
5fa5dd69b1 copr-hv: fix p09_01 host 2026-02-16 07:13:14 +01:00
Kevin Fenzi
dec53be8f0 anubis-el: also allow POST on pagure 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-14 09:49:03 -08:00
James Antill
c4c58299c2 check-etc: Add playbook to check /etc for old/unmanaged files. 
Signed-off-by: James Antill <james@and.org>
 2026-02-14 09:52:16 -05:00
Kevin Fenzi
c4bdfcc897 proxies: block a ip that was hitting release-monitoring.org a lot 
This ip had hit release-monitoring.org like 5,000,000 times in the
course of a few hours and swamped it's web pod.

Lets block it for now and see if anyone complains.
If this is you: please add some rate limiting.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-13 08:48:01 -08:00
Pavel Raiskup
a943654af2 copr-be: avoid the hacks - we no longer need the testing VMs 2026-02-13 17:36:19 +01:00
Pavel Raiskup
432f23126e copr-be: keep one more p09 machine up for debugging 2026-02-13 12:33:27 +01:00
Kevin Fenzi
e5d26fea60 proxies: allow POST for forge 
Some folks were getting posts failing against forge.
See forge/forge#401

So, lets just explicitly allow POSTs through anubis as
this should be fine for normal people and should not be something
that scrapers normally do.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-12 16:57:26 -08:00
Kevin Fenzi
fefbc356f0 download: block infinite crawler looping 
The /pub/alt/virtio-win directory had in it some 11 year old things.
One was a readme noting that it moved 11 years ago and nothing was
still here. The others were links to .

The scrapers, being as dumb as posts followed all those links over and
over again to the tune of millions per day.
I removed the links, but of course they were still trying, so
lets be a bit more aggressive and just 403 them all.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-12 16:54:16 -08:00
Kevin Fenzi
0d56b527a6 anubis-el: set correct selinux labels for podman 
selinux was preventing anubis from reading its policy file.
So, set the right context here so it is happy.

Note that we cannot use :Z in the podman call, because it runs as the
anubis user which cannot chcon those files on the host.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-12 09:08:15 -08:00
Lukas Holecek
96be99434e greenwave+waiverdb: Update image repositories 
The image builds where moved to Konflux.

This is similar to the pull request for ResultsDB:
https://pagure.io/fedora-infra/ansible/pull-request/3077

See also the discussion in PR:
https://github.com/release-engineering/resultsdb_frontend/pull/17
 2026-02-12 16:21:29 +00:00
Aurélien Bompard
b80627f26a
 		Add the publish_exchange to DistGit's fedora messaging config 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2026-02-12 17:13:22 +01:00
Jakub Kadlcik
8015bf47c7 copr: change default storage for new projects to Pulp 
See https://fedora-copr.github.io/posts/migrating-copr-results-to-pulp
 2026-02-12 13:40:59 +01:00
Ryan Lerch
e4123e7a7c Forge: add group mapping for fesco 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2026-02-12 19:34:59 +10:00
Akashdeep Dhar
44327a4962 Perform mapping for Fedora Join teams and groups 
Signed-off-by: Akashdeep Dhar <akashdeep.dhar@gmail.com>
 2026-02-12 11:59:34 +05:30
Kevin Fenzi
344adabd4c anubis-el: fix the actual handler typo 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-11 12:38:08 -08:00
Kevin Fenzi
a097beafaf anubis-el: fix syntax issue 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-11 12:33:12 -08:00
Kevin Fenzi
8104cee874 anubis-el: rework config to hopefully work with el podman and add key 
Right now, podman on el9 isn't reading the policy correctly.
This is because the env for the unit isn't getting picked up
by podman, so instead pass --env-file to read it from a file.
Also, we want to setup a private key for the download servers
so they all have the same challenge creation (so if you hit 01
you want your challenge to be good on 02, etc).

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-11 12:24:03 -08:00
Kevin Fenzi
b255f7e2df anubis-el: try and widen the cloudfront allow 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-11 09:05:01 -08:00
Kevin Fenzi
d89d391f87 anubis-el: restart on bot policy changes 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-10 15:22:02 -08:00
James Antill
0633cda299 updates+uptimes: Minor UI tweaks, less hacky sort. 
Signed-off-by: James Antill <james@and.org>
 2026-02-10 17:21:18 -05:00
James Antill
a0cab4f3cc mirror_from_forge: Add mirror_from_forge role, based on mirror_from_pagure. 
Signed-off-by: James Antill <james@and.org>
 2026-02-10 17:19:28 -05:00
Kevin Fenzi
8b94d9a7ce anubis-el: try and match without quotes 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-10 14:13:05 -08:00
Diego Herrera
3a42bab039 Reenable Centos10 sync for EPEL 10.2 mass branching 
Signed-off-by: Diego Herrera <dherrera@redhat.com>
 2026-02-10 18:13:35 -03:00
Kevin Fenzi
c62e1573f7 storinator01: use same vpn ip as it did in rdu-cc 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2026-02-10 11:11:39 -08:00