opensourcemirror
/
fedora-ansible
mirror of https://pagure.io/fedora-infra/ansible.git
1
0
Fork 0
Code Issues Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
38,990 Commits
9 Branches
0 Tags
112 MiB
JavaScript 38.8%
Python 25.7%
CSS 24.3%
Shell 3.9%
Gnuplot 2.5%
Other 4.6%
 
 
 
 
 
 
main
letsencrypt
rawhide-greenwave
openqa
secarch
darkserver
openvpn_handler
easyfix
denyhosts
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
Go to file
Kevin Fenzi 718a84c645 db-koji01: move to rhel9 and postgresql 15 
Set host vars to move to rhel9 on next reinstall and setup postgresql 15
module.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 		6 hours ago
callback_plugins fedora messaging callback: fix severity level 1 week ago
files download-ib01: disable centos mirroring for now as it confuses things with rsync 2 weeks ago
filter_plugins playbooks / staging: adjust playbooks for staging to configure fedmsg if needed 2 years ago
handlers debuginfod: add ansible notify/handler to restart if needed 4 weeks ago
inventory db-koji01: move to rhel9 and postgresql 15 6 hours ago
library Make the python3 fact module compatible with python2 for EL7 boxes 1 week ago
playbooks wiki: drop fedmsg here, we are using fedora-messaging now 23 hours ago
roles db-koji01: move to rhel9 and postgresql 15 6 hours ago
scripts ansible: ansible is using python3.11 now, so adjust these scripts too 2 weeks ago
tasks batcave: adjust packages for rhel9 3 weeks ago
vars [f36-eol] f36 went eol! hence, no previousprevious 2 weeks ago
.ansible-lint [Zuul] Add configuration file for ansible-lint 1 year ago
.gitignore [release-monitoring] Add librariesio consumer 3 years ago
.mailmap Add a .mailmap to map all my commits to one author in git shortlog. This is purely for my sanity, but also demonstrates how someone else could do similarly if needed. 5 years ago
.yamllint.yaml CI: Run yamllint on added or modified YAML files 3 years ago
.zuul.yaml [Zuul] Use ansible lint instead ansible review 1 year ago
CONVENTIONS conventions: you guessed it, another whitespace change 3 years ago
README Convert README to a symlink to README.md 3 years ago
README.md Added section about PR workflow. 2 years ago
STYLEGUIDE style: add initial style guide 4 years ago
main.yml smtp-auth-cc-rdu01: create new smtp auth relay 2 weeks ago

README.md

Fedora Infrastructure

Welcome! This is the Fedora Infrastructure Ansible Pagure project.

Pull requests and forks can be made against this repository hosted at https://pagure.io/fedora-infra/ansible

This repository is also mirrored for production runs to https://infrastructure.fedoraproject.org/infra/ansible/ but this is the working repository where changes are made.

If you would like to help out with Fedora Infrastructure, see:

Ansible repository/structure

files - files and templates for use in playbooks/tasks
      - subdirs for specific tasks/dirs highly recommended

inventory - where the inventory and additional vars is stored
          - All files in this directory in ini format
          - added together for total inventory
  group_vars:
          - per group variables set here in a file per group
  host_vars:
          - per host variables set here in a file per host

library - library of custom local ansible modules

playbooks - collections of plays we want to run on systems

  groups: groups of hosts configured from one playbook.

  hosts: playbooks for single hosts.

  manual: playbooks that are only run manually by an admin as needed.

tasks - snippets of tasks that should be included in plays

roles - specific roles to be use in playbooks.
        Each role has it's own files/templates/vars

filter_plugins - Jinja filters

main.yml - This is the main playbook, consisting of all
             current group and host playbooks. Note that the
             daily cron doesn't run this, it runs even over
             playbooks that are not yet included in main.
             This playbook is usefull for making changes over
             multiple groups/hosts usually with -t (tag).

Paths

The public path on batcave01 (our control host) for everything is /srv/web/infra/ansible

The private path on batcave01 (our control host) (which is sysadmin-main accessible only) is /srv/private/ansible

In general to run any ansible playbook you will want to run:

sudo -i ansible-playbook /path/to/playbook.yml

(On batcave01, our control host)

Scheduled check-diff

Every night a cron job runs over all playbooks under playbooks/{groups}{hosts} with ansible --check --diff. A report from this is sent to sysadmin-logs. In the ideal state this report would be empty.

Idempotency

All playbooks should be idempotent. Ie, if run once they should bring the machine(s) to the desired state, and if run again N times after that they should make 0 changes (because the machine(s) are in the desired state). Please make sure your playbooks are idempotent.

Can be run anytime

When a playbook or change is checked into ansible you should assume that it could be run at ANY TIME. Always make sure the checked in state is the desired state. Always test changes when they land so they don't surprise you later.

Contributing and Licensing

Contributions to this repository are subject to the Fedora Project Contributor Agreement. If no license is specified, the MIT license is used, otherwise the contribution is under the specified acceptable Fedora License. See https://fedoraproject.org/wiki/Legal:Fedora_Project_Contributor_Agreement for more information.

Contributing Pull Requests

If found a way to improve this repository or fix an issue found in our infrastructure tracker (see https://pagure.io/fedora-infrastructure/issues) open a pull-request.

You either should have capability to run the playbooks after they have been reviewed, and merged or find the person responsible and work with them to make sure the changes will be aplied afterwards.

We are currently working on a simple to use list of Point Of Contanct people for the applications here, untill it is done, you can, look at people that recently edited the ansible files, or if you belong to sysadmin group, view the /etc/ansible_utils/rbac.yaml located on batcave01, where you can see the groups of people that have capabilities to run the relevant playbooks.

For example, to upgrade Release Monitoring, you need to run playbook openshift-apps/release-monitoring.yaml. People in sysadmin-releasemonitoring have that capability, and you cand find the members in https://accounts.fedoraproject.org/group/sysadmin-releasemonitoring/

If the application in question is not on the critical path it should be sufficient, if person responsible for the application reviews the PR.

If the files in question are on the critical path, that are necessary for functioning packager workflow, at least two different people should review the PR.

If there is any risk at all, that the application of the changes would induce downtime, work closely with other to ensure that the downtime is properly scheduled:

Applications on critical path: pagure, mirrormanager, toddlers, bodhi, noggin, mdapi, rpmautospec, pagure-dist-git, monitor-gating, mirror_from_pagure, fedora-messaging, dist-git, PDC/FPDC, FMN, sigul robosignatory, tag2distrepo, ci-resultsdb-listener, stylo, mirrorlist resultsdb, Nagios, koschei, wiki / mediawiki, wiki / moin, waiverdb, greenwave, ODCS, Mailman3 / HK, mailman 2, OSBS, pungi, koji, MBS, IPA, rabbitmq, geoip,ipsilon

We are rewiewing PR's during the morning EU standup (https://board.net/p/fedora-infra-daily), so feel free to jump in and discuss.