From 1ef0dfd6c764c5e5c87fad7f9f9df8df49d0182e Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Dec 03 2024 08:58:11 +0000 Subject: Add notes to eol release about robosignatory We need to remove the old release from it's config and restart it. This will require someone able to reenable sshd on it for the playbook run and then restart the signer after. Signed-off-by: Kevin Fenzi --- diff --git a/modules/release_guide/pages/release_eol.adoc b/modules/release_guide/pages/release_eol.adoc index f43318b..30c8e27 100644 --- a/modules/release_guide/pages/release_eol.adoc +++ b/modules/release_guide/pages/release_eol.adoc @@ -121,6 +121,11 @@ The oldest release listed in the `product_versions` section for each of these po Remove the lines for these releases, so the oldest release listed is now *two* higher than the release you are EOLing. You may also remove all lines for the release you are EOLing, but this is not critical. +==== Remove eol release from robosignatory config + +Edit roles/robosignatory/templates/robosignatory.toml.j2 +and remove stansas that use "fedora-{old_release}" in them. + ==== Run the playbooks First, push the above edits. Then run the associated playbooks on _batcave01_: @@ -130,11 +135,18 @@ sudo ansible-playbook /srv/web/infra/ansible/playbooks/groups/bodhi-backend.yml sudo ansible-playbook /srv/web/infra/ansible/playbooks/groups/koji-hub.yml sudo ansible-playbook /srv/web/infra/ansible/playbooks/groups/releng-compose.yml sudo ansible-playbook /srv/web/infra/ansible/playbooks/groups/proxies.yml -t pkgdb2 -sudo ansible-playbook /srv/web/infra/ansible/playbooks/manual/autosign.yml sudo ansible-playbook /srv/web/infra/ansible/playbooks/openshift-apps/bodhi.yml sudo ansible-playbook /srv/web/infra/ansible/playbooks/openshift-apps/greenwave.yml .... +You will need to have someone enable sshd on autosign02 and then run: + +.... +sudo ansible-playbook /srv/web/infra/ansible/playbooks/manual/autosign.yml +.... + +And then someone with the robosignatory passphrase will need to restart it. + [NOTE] ==== Another way to run the playbook is using rbac-playbook, in case you don't have sysadmin-main rights or can't become root.