Merge branch 'master' of /git/ansible

2026-05-03 06:00:05 +08:00 · 2018-01-08 07:52:47 +00:00
parent 92e3bd97f3 c54b3f2082
commit 17171a9d0c
23 changed files with 63 additions and 29 deletions
--- a/files/httpd/apachestatus.conf
+++ b/files/httpd/apachestatus.conf
@@ -2,10 +2,13 @@ ExtendedStatus on

 <Location /apache-status>
    SetHandler server-status
+    <IfModule mod_authz_core.c>
+    # Apache 2.4
    <RequireAny>
        Require ip 127.0.0.1
 	Require ip ::1
 	Require host localhost
 	Require valid-user
    </RequireAny>
+    </IfModule>
 </Location>
--- a/files/httpd/h2.conf.j2
+++ b/files/httpd/h2.conf.j2
@@ -1 +1 @@
-Protocols h2 {% if not inventory_hostname.startswith('proxy') %} h2c {% endif %} http/1.1
+#Protocols h2 {% if not inventory_hostname.startswith('proxy') %} h2c {% endif %} http/1.1
--- a/handlers/restart_services.yml
+++ b/handlers/restart_services.yml
@@ -20,7 +20,7 @@
 - name: restart fedmsg-hub
  command: /usr/local/bin/conditional-restart.sh fedmsg-hub fedmsg-hub
  # Note that, we're cool with arbitrary restarts on bodhi-backend02, just
-  # not bodhi-backend01 or bodhi-backend03.  01 and 03 is where the releng/mash 
+  # not bodhi-backend01 or bodhi-backend03.  01 and 03 is where the releng/mash
  # stuff happens and we # don't want to interrupt that.
  when: inventory_hostname not in ['bodhi-backend01.phx2.fedoraproject.org', 'bodhi-backend03.phx2.fedoraproject.org']

@@ -180,3 +180,5 @@
 - name: restart darkserver
  service: name=darkserver state=restarted

+- name: restart buildmaster
+  service: name=buildmaster state=restarted
--- a/inventory/group_vars/all
+++ b/inventory/group_vars/all
@@ -78,7 +78,7 @@ virt_install_command_one_nic: virt-install -n {{ inventory_hostname }}
                  hostname={{ inventory_hostname }} nameserver={{ dns }}
                  ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none'
                 --network bridge={{ main_bridge }},model=virtio
-                 --autostart --noautoconsole --watchdog default
+                 --autostart --noautoconsole --watchdog default --cpu host

 virt_install_command_two_nic: virt-install -n {{ inventory_hostname }}
                 --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
@@ -89,7 +89,7 @@ virt_install_command_two_nic: virt-install -n {{ inventory_hostname }}
                  ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none
                  ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname }}-nfs:eth1:none'
                 --network bridge={{ main_bridge }},model=virtio --network=bridge={{ nfs_bridge }},model=virtio
-                 --autostart --noautoconsole --watchdog default
+                 --autostart --noautoconsole --watchdog default --cpu host

 virt_install_command_aarch64_one_nic: virt-install -n {{ inventory_hostname }}
                 --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
@@ -128,7 +128,7 @@ virt_install_command_rhel6: virt-install -n {{ inventory_hostname }}
                 --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
                 "ksdevice=eth0 ks={{ ks_url }} ip={{ eth0_ip }} netmask={{ nm }}
                  gateway={{ gw }} dns={{ dns }} console=tty0 console=ttyS0
-                  hostname={{ inventory_hostname }}"
+                  hostname={{ inventory_hostname }}" --cpu host
                 --network=bridge=br0 --autostart --noautoconsole --watchdog default

 max_mem_size: "{{ mem_size * 5 }}"
--- a/inventory/group_vars/pkgs
+++ b/inventory/group_vars/pkgs
@@ -66,6 +66,7 @@ fedmsg_certs:
  - git.pkgdb2branch.complete
  - git.pkgdb2branch.start
  - logger.log
+  - pagure.git.receive
 - service: scm
  owner: root
  group: packager
--- a/inventory/group_vars/pkgs-stg
+++ b/inventory/group_vars/pkgs-stg
@@ -61,6 +61,7 @@ fedmsg_certs:
  - git.mass_branch.start
  - git.pkgdb2branch.complete
  - git.pkgdb2branch.start
+  - pagure.git.receive
 - service: scm
  owner: root
  group: packager
--- a/inventory/group_vars/taskotron-stg-client-hosts
+++ b/inventory/group_vars/taskotron-stg-client-hosts
@@ -66,7 +66,7 @@ buildslave_pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4EOTNfPIvIjCLNRYauVquS2L

 buildslave_private_sshkey_file: dev-buildslave-sshkey/dev_buildslave
 buildslave_public_sshkey_file: dev-buildslave-sshkey/dev_buildslave.pub
-buildmaster_pubkey: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDuEn17zELhxb4AcN2S+3j3zcdi0MO/kK+z9iZq63dTHq+SoHyQjiOrwnvWURQvod0Q9ro9fukSlJ0yJCYv+Y7MGxqvavVDrK4oW5VhzpJzr4UpInaxMleDSHHt13NxNOVBy+Dkb4xkQGdPD472WuBdzGG5OSisaFNX/jAkVO88a/klbvJTH4AmHX+KslAhnV+SSxKt5L+zVDYXXJOBCeVNoGRiVmq2ZJQiWlwT+TGreDXCsjW1anqnV/lLoThWAi+u919ur3uFg1JBKIDHM/JRZZjyfapbTSC/1YPNpBs+KdaSZhcCngqXDmOt1Ax3TR7FXQ344KwWk3VD6gV+065B'
+buildmaster_pubkey: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDaxEBD21YcspXmr1qdbKF1BgjlJLChl6rheTMyEG/n7I6KGa43YPcaEsfxkph1y09qvwkzRakknNkLgJMiTczU+6u82EV9dQfHCO44VdYpEbCCyHfvxRWqKBXD/vr+0BKv2oa44w76fuq/bXBie6pt5URJeQIpGj8SxXSYvuJfMu9MUArSCkiJ+unrPySCic9oeec5rTvnq9nja15dCF9wHeDkzA16la+AsYiAdOjxt7AwVAjvSX6IIM8KqtGaAcs3rwaihIDnzqz+edSTEdLdtkyUVlZuVSGtdRy6LAqQzeEI3SmfEG7ABfwIINS97EVH2kTBeZlZgLnbwGOCkluV'


 ############################################################
--- a/inventory/host_vars/autocloud-web01.phx2.fedoraproject.org
+++ b/inventory/host_vars/autocloud-web01.phx2.fedoraproject.org
@@ -3,8 +3,8 @@ nm: 255.255.255.0
 gw: 10.5.126.254
 dns: 10.5.126.21

-ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25
-ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-27
+ks_repo: http://10.5.126.23/pub/fedora/linux/releases/27/Server/x86_64/os/

 eth0_ip: 10.5.126.117

--- a/inventory/host_vars/autocloud-web02.phx2.fedoraproject.org
+++ b/inventory/host_vars/autocloud-web02.phx2.fedoraproject.org
@@ -3,8 +3,8 @@ nm: 255.255.255.0
 gw: 10.5.126.254
 dns: 10.5.126.21

-ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25
-ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-27
+ks_repo: http://10.5.126.23/pub/fedora/linux/releases/27/Server/x86_64/os/

 eth0_ip: 10.5.126.118

--- a/inventory/host_vars/buildvm-ppc64-01.stg.ppc.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64-01.stg.ppc.fedoraproject.org
@@ -1,5 +1,5 @@
 ---
-vmhost: ppc8-02.ppc.fedoraproject.org
+vmhost: ppc8-04.ppc.fedoraproject.org
 eth0_ip: 10.5.129.230
 gw: 10.5.129.254
 main_bridge: br1
--- a/playbooks/groups/buildhw.yml
+++ b/playbooks/groups/buildhw.yml
@@ -25,6 +25,13 @@
  - role: keytab/service
    kt_location: /etc/kojid/kojid.keytab
    service: compile
+  - role: keytab/service
+    owner_user: root
+    owner_group: root
+    service: innercompose
+    host: "odcs{{ env_suffix }}.fedoraproject.org"
+    kt_location: /etc/kojid/secrets/odcs_inner.keytab
+    when: env == "staging"

  tasks:
  - import_tasks: "{{ tasks_path }}/2fa_client.yml"
--- a/playbooks/vhost_reboot.yml
+++ b/playbooks/vhost_reboot.yml
@@ -22,7 +22,7 @@

  tasks:
  - name: get list of guests
-    virt: command=list_vms
+    virt: command=list_vms state=running
    register: vmlist

 #  - name: get info on guests (prereboot)
--- a/roles/bodhi2/base/templates/production.ini.j2
+++ b/roles/bodhi2/base/templates/production.ini.j2
@@ -122,7 +122,7 @@ pungi.conf.rpm = pungi.rpm.conf.j2
 pungi.conf.module = pungi.module.conf.j2
 pungi.labeltype = Update
 pungi.extracmdline = --notification-script=/usr/bin/pungi-fedmsg-notification --notification-script=pungi-wait-for-signed-ostree-handler
-max_concurrent_mashes = 3
+max_concurrent_mashes = 4

 ## Our periodic jobs
 #jobs = clean_repo nagmail fix_bug_titles cache_release_data approve_testing_updates
--- a/roles/copr/backend/files/provision/builderpb_nova.yml
+++ b/roles/copr/backend/files/provision/builderpb_nova.yml
@@ -11,7 +11,7 @@
    keypair: buildsys
    max_spawn_time: 600
    spawning_vm_user: "fedora"
-    image_name: "copr-builder-x86_64-f27"
+    image_name: "copr-builder-x86_64-f27-new-kernel"

  tasks:
    - name: generate builder name
--- a/roles/copr/backend/files/provision/builderpb_nova_ppc64le.yml
+++ b/roles/copr/backend/files/provision/builderpb_nova_ppc64le.yml
@@ -11,7 +11,7 @@
    keypair: buildsys
    max_spawn_time: 600
    spawning_vm_user: "fedora"
-    image_name: "copr-builder-ppc64le-f27"
+    image_name: "copr-builder-ppc64le-f27-new-kernel"

  tasks:
    - name: generate builder name
--- a/roles/httpd/website/templates/website.conf
+++ b/roles/httpd/website/templates/website.conf
@@ -33,7 +33,7 @@
  ServerAdmin {{ server_admin }}

 {% if ansible_distribution == 'Fedora' %}
-  Protocols h2 http/1.1
+  # Protocols h2 http/1.1
 {% endif %}

 {% if gzip %}
--- a/roles/mirrormanager/mirrorlist_proxy/templates/mirrorlist.service.j2
+++ b/roles/mirrormanager/mirrorlist_proxy/templates/mirrorlist.service.j2
@@ -8,8 +8,10 @@ TimeoutStartSec=0
 Type=oneshot
 RemainAfterExit=yes
 ExecStart=/usr/bin/docker run --rm --detach --log-driver none --name %n -v /srv/mirrorlist/data/mirrorlist{{ item }}:/var/lib/mirrormanager:z -v /var/log/mirrormanager:/var/log/mirrormanager:z -p 1808{{ item }}:80 {{ mirrorlist_container_image }} -l /var/log/mirrormanager/%n.log
-ExecStop=/usr/bin/docker stop %n
-TimeoutStopSec=30
+ExecStop=/usr/bin/docker stop --time=1 %n
+# Mirrorlist can't take a signal... but docker stop returns before it actually killed everything.
+ExecStop=/usr/bin/sleep 10
+TimeoutStopSec=180

 [Install]
 WantedBy=multi-user.target
--- a/roles/taskotron/buildmaster-configure/tasks/main.yml
+++ b/roles/taskotron/buildmaster-configure/tasks/main.yml
@@ -18,9 +18,14 @@

 - name: generate buildmaster service file
  template: src=buildmaster.service.j2 dest=/lib/systemd/system/buildmaster.service owner=root group=root mode=0744
+  register: buildmaster_service
+
+- name: reload systemd
+  command: systemctl daemon-reload
+  when: buildmaster_service.changed

 - name: start and enable buildmaster service
-  service: name=buildmaster enabled=yes state=started
+  service: name=buildmaster enabled=yes state={{ (buildmaster_service.changed) | ternary('restarted','started') }}

 - name: reconfig master
  become: true
--- a/roles/taskotron/buildmaster-configure/templates/buildmaster.service.j2
+++ b/roles/taskotron/buildmaster-configure/templates/buildmaster.service.j2
@@ -4,7 +4,8 @@ After=network.target

 [Service]
 Type=forking
-PIDFile={{ buildmaster_dir }}/twistd.pid
+# disabled because of https://pagure.io/taskotron/issue/236
+#PIDFile={{ buildmaster_dir }}/twistd.pid
 ExecStart=/bin/buildbot start {{ buildmaster_dir }}
 ExecStop=/bin/buildbot stop {{ buildmaster_dir }}
 ExecReload=/bin/buildbot reconfig {{ buildmaster_dir }}
--- a/roles/taskotron/buildslave-configure/tasks/main.yml
+++ b/roles/taskotron/buildslave-configure/tasks/main.yml
@@ -40,12 +40,16 @@
 - name: generate buildslave service file
  template: src=buildslave.service.j2 dest=/lib/systemd/system/buildslave.service owner=root group=root mode=0744
  when: deployment_type in ['local', 'qa-stg']
+  register: buildslave_service
+
+- name: reload systemd
+  command: systemctl daemon-reload
+  when: deployment_type in ['local', 'qa-stg'] and buildslave_service.changed

 - name: start and enable buildslave service
-  service: name=buildslave enabled=yes state=started
+  service: name=buildslave enabled=yes state={{ (buildslave_service.changed) | ternary('restarted','started') }}
  when: deployment_type in ['local', 'qa-stg']

-
 - name: create slave
  become: true
  become_user: '{{ item.user }}'
@@ -111,9 +115,14 @@
 - name: generate buildslave service file
  template: src=buildslave@.service.j2 dest=/lib/systemd/system/buildslave@.service owner=root group=root mode=0644
  when: deployment_type in ['dev', 'stg', 'prod']
+  register: buildslave_service
+
+- name: reload systemd
+  command: systemctl daemon-reload
+  when: deployment_type in ['dev', 'stg', 'prod'] and buildslave_service.changed

 - name: start and enable buildslave services
-  service: name=buildslave@{{ item.user }} enabled=yes state=started
+  service: name=buildslave@{{ item.user }} enabled=yes state={{ (buildslave_service.changed) | ternary('restarted','started') }}
  with_items:
    - '{{ slaves|default([dict(user="", home="", dir="")]) }}'
  when: deployment_type in ['dev', 'stg', 'prod']
--- a/roles/taskotron/buildslave-configure/templates/buildslave.service.j2
+++ b/roles/taskotron/buildslave-configure/templates/buildslave.service.j2
@@ -4,7 +4,8 @@ After=network.target

 [Service]
 Type=forking
-PIDFile=/home/buildslave/slave/twistd.pid
+# disabled because of https://pagure.io/taskotron/issue/236
+#PIDFile=/home/buildslave/slave/twistd.pid
 ExecStart=/bin/buildslave start /home/buildslave/slave/
 ExecStop=/bin/buildslave stop /home/buildslave/slave/
 User=buildslave
--- a/roles/taskotron/buildslave-configure/templates/buildslave@.service.j2
+++ b/roles/taskotron/buildslave-configure/templates/buildslave@.service.j2
@@ -4,13 +4,15 @@ After=network.target

 [Service]
 Type=forking
-{% if deployment_type in ['stg', 'prod'] %}
-PIDFile=/home/%i/slave/twistd.pid
+{% if deployment_type in ['prod'] %}
+# disabled because of https://pagure.io/taskotron/issue/236
+#PIDFile=/home/%i/slave/twistd.pid
 ExecStart=/bin/buildslave start /home/%i/slave/
 ExecStop=/bin/buildslave stop /home/%i/slave/
 {% endif %}
-{% if deployment_type in ['dev'] %}
-PIDFile=/srv/buildslaves/%i/slave/twistd.pid
+{% if deployment_type in ['dev', 'stg'] %}
+# disabled because of https://pagure.io/taskotron/issue/236
+#PIDFile=/srv/buildslaves/%i/slave/twistd.pid
 ExecStart=/bin/buildslave start /srv/buildslaves/%i/slave/
 ExecStop=/bin/buildslave stop /srv/buildslaves/%i/slave/
 {% endif %}
--- a/roles/virthost/files/rhel7-os.repo
+++ b/roles/virthost/files/rhel7-os.repo
@@ -1,5 +1,5 @@
 [rhel7-os]
 name = rhel7 os $basearch
-baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-openstack-8-rpms
+baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-openstack-10-rpms
 includepkgs=qemu*
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release