Done. I have added you as appowner.

I have also added you to sysadmin and sysadmin-releasemonitoring groups.
You can now ssh into batcave01.phx2.fedoraproject.org (see https://docs.pagure.org/infra-docs/sysadmin-guide/sops/sshaccess.html for info on how to set that up) and then setup a 2fa token:
https://docs.pagure.org/infra-docs/sysadmin-guide/sops/2-factor.html and then can use 'sudo rbac-playbook openshift-apps/release-monitoring.yml to run the playbook and deploy.

Before we go to production and replace the prod vm with a prod openshift instance, we need to sort out the cron job, which is enabled in openshift, but it's unclear if it's working.

I was able to login to batcave01 - but I was a little confused by seeing [PROD] in terminal.
Although I tried to run sudo rbac-playbook openshift-apps/release-monitoring.yml
And I'm getting this:
Sorry, user zlopez is not allowed to execute '/bin/rbac-playbook openshift-apps/release-monitoring.yml' as root on batcave01.phx2.fedoraproject.org.

I'm reopening this, because I only have partial access as described above.
I can login to batcave, but I can't run ansible playbook.

ok, I think I have tracked this down and fixed it.

Can you try again now?

Now I'm able to run sudo rbac-playbook openshift-apps/release-monitoring.yml, but it fails on:
fatal: [os-master01.stg.phx2.fedoraproject.org]: UNREACHABLE! => {"changed": false, "msg": "SSH Error: data could not be sent to remote host \"os-master01.stg.phx2.fedoraproject.org\". Make sure this host can be reached over ssh", "unreachable": true}

This should be fixed now. It was due to a namespace change I made and have now reverted.

Sorry about that. Please do check again and confirm it's working...

I got a little further, but now I'm getting this error on ansible:
TASK [openshift/object : Call 'oc apply' on the copied file] ****************************************************************************************************************************************************** Tuesday 28 August 2018 07:03:23 +0000 (0:00:00.055) 0:00:06.636 ******** fatal: [os-master01.stg.phx2.fedoraproject.org]: FAILED! => {"changed": true, "cmd": "oc -n release-monitoring apply -f /etc/openshift_apps/release-monitoring/role-appowners.yml", "delta": "0:00:00.220839", "end": "2018-08-28 07:03:23.908169", "msg": "non-zero return code", "rc": 1, "start": "2018-08-28 07:03:23.687330", "stderr": "error: error when retrieving current configuration of:\n&{0xc4208b86c0 0xc420520a80 release-monitoring appowner /etc/openshift_apps/release-monitoring/role-appowners.yml 0xc420ee4118 false}\nfrom server for: \"/etc/openshift_apps/release-monitoring/role-appowners.yml\": Get https://os-masters.stg.phx2.fedoraproject.org:443/apis/authorization.openshift.io/v1/namespaces/release-monitoring/roles/appowner: dial tcp 10.5.128.103:443: getsockopt: connection refused", "stderr_lines": ["error: error when retrieving current configuration of:", "&{0xc4208b86c0 0xc420520a80 release-monitoring appowner /etc/openshift_apps/release-monitoring/role-appowners.yml 0xc420ee4118 false}", "from server for: \"/etc/openshift_apps/release-monitoring/role-appowners.yml\": Get https://os-masters.stg.phx2.fedoraproject.org:443/apis/authorization.openshift.io/v1/namespaces/release-monitoring/roles/appowner: dial tcp 10.5.128.103:443: getsockopt: connection refused"], "stdout": "", "stdout_lines": []}

There is still some connection refused error.

ok, this was caused by some issues with staging openshift. ;(

I have corrected all those now... and the playbook completes correctly for me now.

Please give it a try and confirm. Thanks.

It's working now. Thanks for your time.