Opening a bit more openshift apps

. I am still reading openshift docs on ressources, to see if I missed and/or opened too much. -- Michael Scherer >From c831bb3f9cf79e6a517290a19db09934e7ee60d5 Mon Sep 17 00:00:00 2001 From: Michael Scherer Date: Wed, 26 Feb 2020 16:52:11 +0100 Subject: [PATCH] Add a is_public flag This per

[PATCH] Add a role to deploy buildconfig instead of using openshift/object

Signed-off-by: Michael Scherer --- roles/openshift/buildconfig/tasks/main.yml | 7 .../buildconfig/templates/buildconfig.yml | 42 ++ 2 files changed, 49 insertions(+) create mode 100644 roles/openshift/buildconfig/tasks/main.yml create mode 100644

FBR add containers.fpo on Openshift (#7120)

oxies, etc, are already done. -- Michael Scherer >From 6e7ab14f194981c86ea295debf8270554a14f00b Mon Sep 17 00:00:00 2001 From: Michael Scherer Date: Wed, 29 Aug 2018 23:37:40 +0200 Subject: [PATCH] Add containers.fpo static website --- playbooks/openshift-apps/containers.yml

Website deployment on Fedora openshift cluster

n irc, the deadline is a bit tight, but I will take care of any errors arising) -- Michael Scherer >From ed97ea13c8c5b16d0095a2fa01bc93cf8d4a984b Mon Sep 17 00:00:00 2001 From: Michael Scherer Date: Fri, 15 Jun 2018 12:18:01 +0200 Subject: [PATCH] Deploy coreos.fedoraproject.org on O

Quick note regarding https in doc

rking, please feel free to fix :) -- Michael Scherer ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/infrastructure@lists.fedoraproject.org

[PATCH 3/4] Move the handler for restarting apache to apache role

And make mod_wsgi depend on the role --- roles/apache/handlers/main.yml | 2 ++ roles/mod_wsgi/handlers/main.yml | 2 -- roles/mod_wsgi/meta/main.yml | 2 ++ 3 files changed, 4 insertions(+), 2 deletions(-) create mode 100644 roles/apache/handlers/main.yml delete mode 100644 roles/mod_wsgi

[PATCH 4/4] Remove duplicate role, since mod_wsgi pull apache now

--- playbooks/groups/ask.yml | 1 - playbooks/groups/autocloud-web.yml | 1 - playbooks/groups/badges-web.yml | 1 - playbooks/groups/basset.yml | 1 - playbooks/groups/blockerbugs.yml |

[PATCH 2/4] Use pkg rather than yum/dnf module

--- roles/mod_wsgi/tasks/mod_wsgi.yml | 13 +++-- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/roles/mod_wsgi/tasks/mod_wsgi.yml b/roles/mod_wsgi/tasks/mod_wsgi.yml index 06c8aa5..89f9948 100644 --- a/roles/mod_wsgi/tasks/mod_wsgi.yml +++ b/roles/mod_wsgi/tasks/mod_wsgi.

[PATCH 1/4] Move mod_wsgi to a role rather than a included tasks

--- files/mod_wsgi/wsgi.conf | 14 -- playbooks/groups/ask.yml | 2 +- playbooks/groups/autocloud-web.yml | 2 +- playbooks/groups/badges-web.yml| 2 +- playbooks/groups/basset.yml

[PATCH] Simplify the task to install cronjob

Giving directly the file to deploy and doing magic with the variable permit to have a clearer idea of what is deployed when reading the task for the first time --- roles/mdapi/tasks/main.yml | 9 + 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/roles/mdapi/tasks/main.yml b/r

[PATCH 3/3] Refactor the whole playbook in a block

Also switch the condition, since it is possible that future EL version might use dnf, so checking on Fedora distribution is less future-proof than using the pkg_mgr from ansible. --- roles/dnf-automatic/tasks/main.yml | 63 ++ 1 file changed, 30 insertions(+), 3

[PATCH 1/3] Whitespace cleanup, make ansible-lint happy

--- roles/dnf-automatic/tasks/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/dnf-automatic/tasks/main.yml b/roles/dnf-automatic/tasks/main.yml index 80b8046..2a41f19 100644 --- a/roles/dnf-automatic/tasks/main.yml +++ b/roles/dnf-automatic/tasks/main.yml

[PATCH 2/3] Use pure yaml format for tasks

--- roles/dnf-automatic/tasks/main.yml | 13 ++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/roles/dnf-automatic/tasks/main.yml b/roles/dnf-automatic/tasks/main.yml index 2a41f19..eb15a93 100644 --- a/roles/dnf-automatic/tasks/main.yml +++ b/roles/dnf-automatic/tasks/

[PATCH 2/3] Use pure yaml format for tasks

--- roles/dnf-automatic/tasks/main.yml | 13 ++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/roles/dnf-automatic/tasks/main.yml b/roles/dnf-automatic/tasks/main.yml index 2a41f19..eb15a93 100644 --- a/roles/dnf-automatic/tasks/main.yml +++ b/roles/dnf-automatic/tasks/

[PATCH 3/3] Refactor the whole playbook in a block

Also switch the condition, since it is possible that future EL version might use dnf, so checking on Fedora distribution is less future-proof than using the pkg_mgr from ansible. --- roles/dnf-automatic/tasks/main.yml | 63 ++ 1 file changed, 30 insertions(+), 3

[PATCH 1/3] Whitespace cleanup, make ansible-lint happy

--- roles/dnf-automatic/tasks/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/dnf-automatic/tasks/main.yml b/roles/dnf-automatic/tasks/main.yml index 80b8046..2a41f19 100644 --- a/roles/dnf-automatic/tasks/main.yml +++ b/roles/dnf-automatic/tasks/main.yml

[PATCH 2/2] Merge old Fedora 20 condition with EL 7 one

--- roles/nfs/client/tasks/main.yml | 15 +++ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/roles/nfs/client/tasks/main.yml b/roles/nfs/client/tasks/main.yml index 58ee460..138206b 100644 --- a/roles/nfs/client/tasks/main.yml +++ b/roles/nfs/client/tasks/main.yml @@ -4

[PATCH 1/2] Use the new pkg module, to avoid having 2 tasks

--- roles/nfs/client/tasks/main.yml | 14 +++--- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/roles/nfs/client/tasks/main.yml b/roles/nfs/client/tasks/main.yml index 627fab2..58ee460 100644 --- a/roles/nfs/client/tasks/main.yml +++ b/roles/nfs/client/tasks/main.yml @@ -34

[PATCH] Use a more concise form for include of playbook

--- roles/osbs-atomic-reactor/tasks/main.yml | 9 + 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/roles/osbs-atomic-reactor/tasks/main.yml b/roles/osbs-atomic-reactor/tasks/main.yml index fc28ff9..3b5cd32 100644 --- a/roles/osbs-atomic-reactor/tasks/main.yml +++ b/roles/osb

[PATCH 2/2] Replace non working option by a jinja2 snippet

Asking to gluster devs, they were surprised this would be working in the first place. --- roles/gluster/client/templates/client.config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gluster/client/templates/client.config b/roles/gluster/client/templates/client.config in

[PATCH 1/2] Use a more modern style for gluster/client yaml

Use pkg rather than yum, for future proofing with dnf --- roles/gluster/client/tasks/main.yml | 25 + 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/roles/gluster/client/tasks/main.yml b/roles/gluster/client/tasks/main.yml index 2ecc5cf..8db6025 100644 ---

openshift on atomic in the cloud, what binary to use

example, if we take openshift from the rpm in a container, someone need to build that container. Any toughts ? (I will likely decide by fiat anyway, but without the illusion of having got feedback if people do not give it) -- Michael Scherer ___ infrast

Re: url shorteners

; NOT "write". I do not want us > spending developer time writing something like this. There's tons of > them out there. The popular ones are in php (bah), but I am sure we can > pick one that meets our needs if we look. There's even some flask based > ones out there.

Re: Hackfest on ansible repo during flock this summer ?

On Mon, Apr 11, 2016 at 11:18:47AM +0200, Pierre-Yves Chibon wrote: > On Mon, Apr 11, 2016 at 10:41:44AM +0200, Michael Scherer wrote: > > Hi, > > > > so as people know, the ansible repository is quite old. Fedora was one > > of the first big public ansible user, and

Re: [PATCH] Refactor xinetd in a separate role

limitations setup on one of the 2 rsync groups. While systemd support max connexion, there is no limit per sources (unlike xinetd). At least on EL7, maybe things are different in a more recent version -- Michael Scherer ___ infrastructure mailing list infra

Re: [PATCH] Move yumrepos to a role

On Sat, Apr 09, 2016 at 08:59:53AM -0600, Kevin Fenzi wrote: > On Sat, 9 Apr 2016 16:25:58 +0200 > m...@zarb.org wrote: > > > From: Michael Scherer > > > > Since the role is added a dependencie of base, I also removed > > it from all playbooks, since all of t

Re: [PATCH] Move ntp setup in a role

On Sun, Apr 10, 2016 at 02:23:10PM -0600, Kevin Fenzi wrote: > This one no longer seems to apply cleanly. > > Can you rebase? sure. I sent a new mail. -- Michael Scherer ___ infrastructure mailing list infrastructure@lists.fedoraproject

Hackfest on ansible repo during flock this summer ?

sides me interested ? -- Michael Scherer ___ infrastructure mailing list infrastructure@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/infrastructure@lists.fedoraproject.org

Re: [PATCH 2/2] Do not override the complete systemd config

On Mon, Apr 04, 2016 at 02:45:51PM -0600, Kevin Fenzi wrote: > On Mon, 4 Apr 2016 22:06:46 +0200 > Michael Scherer wrote: > > > On Mon, Apr 04, 2016 at 01:26:28PM -0600, Kevin Fenzi wrote: > > > This one I am not sure about how best to handle. > > > > >

Re: [PATCH 2/2] Do not override the complete systemd config

issues, and will solve itself with next package upgrade or reinstallation of the server. Since that's for fedmsg-gateway, i suspect that we will one day commit code to it and upgrade anyway. -- Michael Scherer ___ infrastructure mailing list inf

Re: Atomic status

On Sat, Jul 19, 2014 at 03:32:14AM +0200, Michael Scherer wrote: > So i would propose: > - have rpm-ostree compose be done outside of koji for now. thanks to > fedmsg, this should be hard. ( of course, everybody will have infered that i mean "shouldn't be hard", and that

Re: Atomic status

nd then come back with data and tested infrastructure, I can try to provide a few hosting ressources for the compose ( nothing fancy for now, but we can always try to find more ressources, i have some idea regarding who could sponsor stuff ), and help

Re: Ask Fedora being badgered by spam

Le samedi 21 juin 2014 à 17:32 +0200, Michael Scherer a écrit : > Le mardi 17 juin 2014 à 20:47 -0400, Rahul Sundaram a écrit : > > Hi > > > > > > On Tue, Jun 17, 2014 at 5:29 PM, Kevin Fenzi wrote: > > > > > > Yeah. If it su

Re: Transifex has become proprietary

rk on supporting the API and a gateway. But having this as our primary platform feel quite wrong, and send the wrong message about our values. If we cared only about API and not the code, we would ship binary drivers and flash. -- Michael Scherer __

Re: Ask Fedora being badgered by spam

eal address. > > > @Ankur, would you mind filing this request upstream? I pushed directly a PR for that: https://github.com/benjaoming/django-stopforumspam/pull/7 However, I didn't test it, so that likely mean it is buggy and I

Re: Review for new rbac_playbook

han git) to an alternate port. What about having the real sshd listening on one ip ( if possible, a rfc1918 one in the VPN ) and git from phabricator on a second ? -- Michael Scherer ___ infrastructure mailing list infrastructure@lists

Re: Review for new rbac_playbook

Le samedi 07 juin 2014 à 19:31 +0200, Till Maas a écrit : > On Sat, Jun 07, 2014 at 04:26:45PM +0100, Michael Scherer wrote: > > > Can i assume that I would be able to say "use this playbook, but instead > > of using the port 22, use port 1234" without changing the

Re: Review for new rbac_playbook

ople who are not in sysadmin-main to run playbooks, I think my assumptions are correct. -- Michael Scherer ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure

Re: Review for new rbac_playbook

the server ), and if the attack/initial user can ssh to a server without much access, then, this would work. ( if not, I may just have won the Oscar for the most convoluted attack of the week ) -- Michael Scherer ___ infrastructure mailing list inf

Re: [PATCH 2/2] add deps to all software that use memcached to have it installed and managed

y each service use, and to restart them selectively. It would also reduce the network trafic and likely improve latency. ( depending on the topology, I didn't really look at it ) -- Michael Scherer ___ infrastructure mailing list infrastructure@lists.fedo

Re: Mailing-List Subscription Capta?

Le vendredi 14 février 2014 à 07:46 +, Frank Murphy a écrit : > On Thu, 13 Feb 2014 23:38:56 +0100 > Michael Scherer wrote: > > > What is the issue that would be solved by it ? > > Script subscriptions, time wasting, while I understand theses 2 > trying to find

Re: Mailing-List Subscription Capta?

a huge blocker on a project I worked on, and I am not sure it bring much. What is the issue that would be solved by it ? -- Michael Scherer ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.or

Re: ansible variable fix commit

t > were left and also cleaned up any errors that prevented it from > finishing. So maybe that's the right time to add a git commit hook that check this and block commit if that's not the case ? -- Michael Scherer ___ infr

Re: Ansible question

f escaping and > it is unreadable > > Can somebody advise me what should be correct form to replace or add > that line to mock config please? I tested the following playbook, and it work. So I think we may need more information on what you try and how. -- Michael Scherer e.yml

Re: [PATCH] use a simpler syntax for the nrpe config

Le samedi 24 août 2013 à 12:50 -0600, Kevin Fenzi a écrit : > On Sat, 24 Aug 2013 13:47:22 +0200 > m...@zarb.org wrote: > > > From: Michael Scherer > > > > --- > > roles/nagios_client/tasks/main.yml | 16 > > 1 file changed, 8 insertions

[PATCH 8/8] move mirrorlist task to be a role

--- files/mirrorlist/mirrorlist-server.conf | 44 -- files/mirrorlist/mm-authorized_key| 1 - files/mirrorlist/mm_sync_data | 4 -- files/mirrorlist/supervisord.conf | 67 --- handlers/restart_services.yml

[PATCH 5/8] move postgresql_server to roles

--- handlers/restart_services.yml | 3 --- playbooks/groups/postgresl-server.yml | 2 +- roles/postgresql_server/handlers/main.yml | 3 +++ roles/postgresql_server/tasks/main.yml| 27 +++ tasks/postgresql_server.yml | 27

[PATCH 6/8] move geoip to a role

--- files/geoip/geoip_sync | 2 -- playbooks/groups/mirrorlist.yml | 2 +- roles/geoip/files/geoip_sync| 2 ++ roles/geoip/tasks/main.yml | 13 + tasks/geoip.yml | 15 --- 5 files changed, 16 insertions(+), 18 deletions(-) delete mode 1

[PATCH 7/8] move fas_client task to roles

--- files/fas-client/fas-client.cron | 1 - files/fas-client/fas.conf.j2 | 92 -- files/fas-client/nsswitch.conf | 45 - handlers/restart_services.yml | 3 +- playbooks/groups/arm-packager.yml | 2 +- playbook

[PATCH 4/8] move nagios client to roles

--- files/nagios/client/check_cron.cfg | 1 - files/nagios/client/check_disk.cfg | 2 - files/nagios/client/check_lock.cfg | 1 - files/nagios/client/check_mirrorlist_cache.cfg | 1 - files/nagios/client/check_postfix_queue.cfg|

[PATCH 2/8] ignore .pyc ( if ansible is run from checkout )

--- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 1377554..b948985 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ *.swp +*.pyc -- 1.8.3.1 ___ infrastructure mailing list infrastructure@lists.fedor

Re: [PATCH] Add playbook to remove someone from denyhosts

ve a whole range of ip in one go, but then I think this should be explicite in the documentation. ( and so, if the idea is to clean a ip range, then we would not be able to use $, and so we would have potential bug lurking due to usage of '.' ) On the other hand, that's just denyhosts,

Re: Fedora Account Change

ny way to tell you are who registered the account > sadly. What happen if the email was redirected to a manager ? If someone from HR for the previous company can confirm the identity, would it be sufficient ? -- Michael Scherer ___ infr