#7163 Request permissions for Anitya staging
Closed: Fixed 2 years ago Opened 2 years ago by zlopez.

  • Describe what you need us to do:
    I need admin access to the release-monitoring project on stg.os.fedoraproject.org

  • When do you need this? (YYYY/MM/DD)
    As soon as possible

  • When is this no longer needed or useful? (YYYY/MM/DD)
    NA

  • If we cannot complete your request, what is the impact?
    I can't do any administration on Anitya if needed


Done. I have added you as appowner.

I have also added you to sysadmin and sysadmin-releasemonitoring groups.
You can now ssh into batcave01.phx2.fedoraproject.org (see https://docs.pagure.org/infra-docs/sysadmin-guide/sops/sshaccess.html for info on how to set that up) and then setup a 2fa token:
https://docs.pagure.org/infra-docs/sysadmin-guide/sops/2-factor.html and then can use 'sudo rbac-playbook openshift-apps/release-monitoring.yml to run the playbook and deploy.

Before we go to production and replace the prod vm with a prod openshift instance, we need to sort out the cron job, which is enabled in openshift, but it's unclear if it's working.

Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

2 years ago

I was able to login to batcave01 - but I was a little confused by seeing [PROD] in terminal.
Although I tried to run sudo rbac-playbook openshift-apps/release-monitoring.yml
And I'm getting this:
Sorry, user zlopez is not allowed to execute '/bin/rbac-playbook openshift-apps/release-monitoring.yml' as root on batcave01.phx2.fedoraproject.org.

Metadata Update from @zlopez:
- Issue status updated to: Open (was: Closed)

2 years ago

I'm reopening this, because I only have partial access as described above.
I can login to batcave, but I can't run ansible playbook.

ok, I think I have tracked this down and fixed it.

Can you try again now?

Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

2 years ago

Metadata Update from @zlopez:
- Issue status updated to: Open (was: Closed)

2 years ago

Now I'm able to run sudo rbac-playbook openshift-apps/release-monitoring.yml, but it fails on:
fatal: [os-master01.stg.phx2.fedoraproject.org]: UNREACHABLE! => {"changed": false, "msg": "SSH Error: data could not be sent to remote host \"os-master01.stg.phx2.fedoraproject.org\". Make sure this host can be reached over ssh", "unreachable": true}

This should be fixed now. It was due to a namespace change I made and have now reverted.

Sorry about that. Please do check again and confirm it's working...

I got a little further, but now I'm getting this error on ansible:
TASK [openshift/object : Call 'oc apply' on the copied file] ****************************************************************************************************************************************************** Tuesday 28 August 2018 07:03:23 +0000 (0:00:00.055) 0:00:06.636 ******** fatal: [os-master01.stg.phx2.fedoraproject.org]: FAILED! => {"changed": true, "cmd": "oc -n release-monitoring apply -f /etc/openshift_apps/release-monitoring/role-appowners.yml", "delta": "0:00:00.220839", "end": "2018-08-28 07:03:23.908169", "msg": "non-zero return code", "rc": 1, "start": "2018-08-28 07:03:23.687330", "stderr": "error: error when retrieving current configuration of:\n&{0xc4208b86c0 0xc420520a80 release-monitoring appowner /etc/openshift_apps/release-monitoring/role-appowners.yml 0xc420ee4118 false}\nfrom server for: \"/etc/openshift_apps/release-monitoring/role-appowners.yml\": Get https://os-masters.stg.phx2.fedoraproject.org:443/apis/authorization.openshift.io/v1/namespaces/release-monitoring/roles/appowner: dial tcp 10.5.128.103:443: getsockopt: connection refused", "stderr_lines": ["error: error when retrieving current configuration of:", "&{0xc4208b86c0 0xc420520a80 release-monitoring appowner /etc/openshift_apps/release-monitoring/role-appowners.yml 0xc420ee4118 false}", "from server for: \"/etc/openshift_apps/release-monitoring/role-appowners.yml\": Get https://os-masters.stg.phx2.fedoraproject.org:443/apis/authorization.openshift.io/v1/namespaces/release-monitoring/roles/appowner: dial tcp 10.5.128.103:443: getsockopt: connection refused"], "stdout": "", "stdout_lines": []}

There is still some connection refused error.

ok, this was caused by some issues with staging openshift. ;(

I have corrected all those now... and the playbook completes correctly for me now.

Please give it a try and confirm. Thanks.

It's working now. Thanks for your time.

Metadata Update from @zlopez:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

2 years ago

Login to comment on this ticket.

Metadata