diff --git a/files/scripts/create-filelist b/files/scripts/create-filelist index 3b831f8c05..d59c2781cd 100755 --- a/files/scripts/create-filelist +++ b/files/scripts/create-filelist @@ -11,8 +11,14 @@ from __future__ import print_function import argparse import hashlib import os +import stat import sys -from scandir import scandir + +# Get scandir from whatever module provides it today +try: + from os import scandir +except ImportError: + from scandir import scandir # productmd is optional, needed only for the imagelist feature try: @@ -21,13 +27,36 @@ except ImportError: SUPPORTED_IMAGE_FORMATS = [] -def get_ftype(entry): - """Return a simple indicator of the file type.""" - if entry.is_symlink(): - return 'l' - if entry.is_dir(): - return 'd' - return 'f' +class SEntry(object): + """A simpler DirEntry-like object.""" + + def __init__(self, direntry, restricted=False): + self.direntry = direntry + self.restricted = restricted + self.path = direntry.path + self.name = direntry.name + + info = direntry.stat(follow_symlinks=False) + self.modtime = max(info.st_mtime, info.st_ctime) + self.readable_group = info.st_mode & stat.S_IRGRP + self.readable_world = info.st_mode & stat.S_IROTH + self.size = info.st_size + + ftype = 'f' + perm = '' + if direntry.is_symlink(): + ftype = 'l' + elif direntry.is_dir(): + ftype = 'd' + + if self.restricted: + perm = '*' + + # Note that we want an unreadable state to override the restricted state + if not self.readable_world: + perm = '-' + + self.ftype = ftype + perm def sha1(fname): @@ -42,22 +71,40 @@ def sha1(fname): return sha1.hexdigest() -def recursedir(path='.', skip=[], alwaysskip=['.~tmp~']): - """Just like scandir, but recursively. +def recursedir(path='.', skip=[], alwaysskip=['.~tmp~'], in_restricted=False): + """Like scandir, but recursively. Will skip everything in the skip array, but only at the top level directory. + + Returns SEntry objects. If in_restricted is true, all returned entries will + be marked as restricted even if their permissions are not restricted. """ - for entry in scandir(path): - if entry.name in skip: + for dentry in scandir(path): + if dentry.name in skip: continue - if entry.name in alwaysskip: + if dentry.name in alwaysskip: continue - if entry.is_dir(follow_symlinks=False): + + # Skip things which are not at least group readable + # Symlinks are followed here so that clients won't see dangling + # symlinks to content they can't transfer. It's the default, but to + # avoid confusion it's been made explicit. + if not (dentry.stat(follow_symlinks=True).st_mode & stat.S_IRGRP): + # print('{} is not group readable; skipping.'.format(dentry.path)) + continue + + se = SEntry(dentry, in_restricted) + if dentry.is_dir(follow_symlinks=False): + this_restricted = in_restricted + if not se.readable_world: + # print('{} is not world readable; marking as restricted.'.format(se.path), file=sys.stderr) + this_restricted = True + # Don't pass skip here, because we only skip in the top level - for rentry in recursedir(entry.path, alwaysskip=alwaysskip): - yield rentry - yield entry + for re in recursedir(se.path, alwaysskip=alwaysskip, in_restricted=this_restricted): + yield re + yield se def parseopts(): @@ -97,11 +144,11 @@ def parseopts(): opts.skip_files = opts.skip_files or [] if opts.skip: if not opts.timelist.name == '': - opts.skip_files += [opts.timelist.name] + opts.skip_files += [os.path.basename(opts.timelist.name)] if not opts.filelist.name == '': - opts.skip_files += [opts.filelist.name] + opts.skip_files += [os.path.basename(opts.filelist.name)] if not opts.imagelist.name == '': - opts.skip_files += [opts.imagelist.name] + opts.skip_files += [os.path.basename(opts.imagelist.name)] return opts @@ -115,25 +162,27 @@ def main(): os.chdir(opts.dir) print('[Version]', file=opts.timelist) + # XXX Technically this should be version 3. But old clients will simply + # ignore the extended file types for restricted directories, and so we can + # add this now and let things simmer for a while before bumping the format + # and hard-breaking old clients. print('2', file=opts.timelist) print(file=opts.timelist) print('[Files]', file=opts.timelist) for entry in recursedir(skip=opts.skip_files): - # opts.filelist.write(entry.path + '\n') print(entry.path, file=opts.filelist) + # write to filtered list if appropriate imgs = ['.{0}'.format(form) for form in SUPPORTED_IMAGE_FORMATS] if any(entry.path.endswith(img) for img in imgs): print(entry.path, file=opts.imagelist) if entry.name in opts.checksum_files: checksums[entry.path[2:]] = True - info = entry.stat(follow_symlinks=False) - modtime = max(info.st_mtime, info.st_ctime) - size = info.st_size - ftype = get_ftype(entry) - # opts.timelist.write('{0}\t{1}\t{2}\n'.format(modtime, ftype, entry.path[2:])) - print('{0}\t{1}\t{2}\t{3}'.format(modtime, ftype, size, entry.path[2:]), file=opts.timelist) + + print('{0}\t{1}\t{2}\t{3}'.format(entry.modtime, entry.ftype, + entry.size, entry.path[2:]), + file=opts.timelist) print('\n[Checksums SHA1]', file=opts.timelist) diff --git a/inventory/backups b/inventory/backups index 733ff9220f..8f46e5d857 100644 --- a/inventory/backups +++ b/inventory/backups @@ -23,5 +23,5 @@ taiga.fedorainfracloud.org taskotron01.qa.fedoraproject.org nuancier01.phx2.fedoraproject.org piwik.fedorainfracloud.org -magazine.fedorainfracloud.org +#magazine.fedorainfracloud.org communityblog.fedorainfracloud.org diff --git a/inventory/cloud b/inventory/cloud index 38eff38852..0610f02a81 100644 --- a/inventory/cloud +++ b/inventory/cloud @@ -49,6 +49,7 @@ fedora-bootstrap.fedorainfracloud.org glittergallery-dev.fedorainfracloud.org grafana.cloud.fedoraproject.org graphite.fedorainfracloud.org +hubs-dev.fedorainfracloud.org iddev.fedorainfracloud.org insim.fedorainfracloud.org java-deptools.fedorainfracloud.org @@ -60,14 +61,14 @@ jenkins-slave-f25.fedorainfracloud.org jenkins-slave-f25-ppc64le.fedorainfracloud.org kolinahr.fedorainfracloud.org lists-dev.fedorainfracloud.org -magazine.fedorainfracloud.org +magazine2.fedorainfracloud.org modernpaste.fedorainfracloud.org modularity.fedorainfracloud.org piwik.fedorainfracloud.org ppc64le-test.fedorainfracloud.org ppc64-test.fedorainfracloud.org rawhide-test.fedorainfracloud.org -regcfp.fedorainfracloud.org +regcfp2.fedorainfracloud.org respins.fedorainfracloud.org shumgrepper-dev.fedorainfracloud.org taiga.fedorainfracloud.org diff --git a/inventory/group_vars/copr-stg b/inventory/group_vars/copr-stg index 9b8a0bda9c..9fe352bcfb 100644 --- a/inventory/group_vars/copr-stg +++ b/inventory/group_vars/copr-stg @@ -5,7 +5,7 @@ _forward_src: "forward_dev" # don't forget to update ip in ./copr-keygen-stg, due to custom firewall rules -copr_backend_ips: ["172.25.32.160", "209.132.184.53"] +copr_backend_ips: ["172.25.32.175", "172.25.150.48"] keygen_host: "172.25.32.154" resolvconf: "resolv.conf/cloud" diff --git a/inventory/group_vars/nagios-new b/inventory/group_vars/nagios-new index 352a805e3b..6e376b8560 100644 --- a/inventory/group_vars/nagios-new +++ b/inventory/group_vars/nagios-new @@ -131,9 +131,6 @@ phx2_management_limited: - moonshot01-sw2.mgmt.fedoraproject.org - opengear01.mgmt.fedoraproject.org - opengear02.mgmt.fedoraproject.org - - ppc8-01-fsp.mgmt.fedoraproject.org - - ppc8-02-fsp.mgmt.fedoraproject.org - - ppc8-03-fsp.mgmt.fedoraproject.org - qa01.mgmt.fedoraproject.org - qa02.mgmt.fedoraproject.org - qa03.mgmt.fedoraproject.org @@ -161,3 +158,8 @@ phx2_management_limited: - virthost-comm02.mgmt.fedoraproject.org - virthost12.mgmt.fedoraproject.org - virthost14.mgmt.fedoraproject.org + +phx2_management_slowping: + - ppc8-01-fsp.mgmt.fedoraproject.org + - ppc8-02-fsp.mgmt.fedoraproject.org + - ppc8-03-fsp.mgmt.fedoraproject.org diff --git a/inventory/group_vars/pdc-web b/inventory/group_vars/pdc-web index 58a367a3e3..2415326734 100644 --- a/inventory/group_vars/pdc-web +++ b/inventory/group_vars/pdc-web @@ -1,7 +1,7 @@ --- # Define resources for this group of hosts here. lvm_size: 20000 -mem_size: 2048 +mem_size: 4096 num_cpus: 2 # for systems that do not match the above - specify the same parameter in diff --git a/inventory/group_vars/resultsdb-stg b/inventory/group_vars/resultsdb-stg index 62a0636f6c..b433c8dae7 100644 --- a/inventory/group_vars/resultsdb-stg +++ b/inventory/group_vars/resultsdb-stg @@ -35,6 +35,7 @@ resultsdb_secret_key: "{{ stg_resultsdb_secret_key }}" allowed_hosts: - 10.5.124 + - 10.5.131 ############################################################ diff --git a/inventory/host_vars/bastion02.phx2.fedoraproject.org b/inventory/host_vars/bastion02.phx2.fedoraproject.org index b8aa7e3235..84d1f969d8 100644 --- a/inventory/host_vars/bastion02.phx2.fedoraproject.org +++ b/inventory/host_vars/bastion02.phx2.fedoraproject.org @@ -14,3 +14,4 @@ vpn: true ssh_hostnames: - bastion.fedoraproject.org - bastion02.fedoraproject.org + diff --git a/inventory/host_vars/copr-be.cloud.fedoraproject.org b/inventory/host_vars/copr-be.cloud.fedoraproject.org index 4eea6d4f8a..92325aaf88 100644 --- a/inventory/host_vars/copr-be.cloud.fedoraproject.org +++ b/inventory/host_vars/copr-be.cloud.fedoraproject.org @@ -42,3 +42,8 @@ copr_hostbase: copr-be host_backup_targets: ['/var/lib/copr/public_html/results'] _copr_be_conf: copr-be.conf + +nagios_Check_Services: + nrpe: true + sshd: true + httpd: true diff --git a/inventory/host_vars/copr-fe.cloud.fedoraproject.org b/inventory/host_vars/copr-fe.cloud.fedoraproject.org index f7f30c1fdf..bcf62d1f02 100644 --- a/inventory/host_vars/copr-fe.cloud.fedoraproject.org +++ b/inventory/host_vars/copr-fe.cloud.fedoraproject.org @@ -30,3 +30,7 @@ dbs_to_backup: # Backup db dumps in /backups host_backup_targets: ['/backups'] +nagios_Check_Services: + nrpe: true + sshd: true + httpd: true diff --git a/inventory/host_vars/copr-keygen.cloud.fedoraproject.org b/inventory/host_vars/copr-keygen.cloud.fedoraproject.org index 4826e632c2..8cd3c9947c 100644 --- a/inventory/host_vars/copr-keygen.cloud.fedoraproject.org +++ b/inventory/host_vars/copr-keygen.cloud.fedoraproject.org @@ -24,3 +24,7 @@ datacenter: cloud # Copr vars copr_hostbase: copr-keygen + +nagios_Check_Services: + nrpe: true + sshd: true diff --git a/inventory/host_vars/download-rdu01.fedoraproject.org b/inventory/host_vars/download-rdu01.fedoraproject.org index 792376b30a..11a5061766 100644 --- a/inventory/host_vars/download-rdu01.fedoraproject.org +++ b/inventory/host_vars/download-rdu01.fedoraproject.org @@ -11,3 +11,4 @@ eth0_ip: 204.85.14.1 eth0_nm: 255.255.255.192 eth1_ip: 172.31.1.1 eth1_nm: 255.255.255.0 + diff --git a/inventory/host_vars/hubs-dev.fedorainfracloud.org b/inventory/host_vars/hubs-dev.fedorainfracloud.org index 909cdd7604..9045d2b43c 100644 --- a/inventory/host_vars/hubs-dev.fedorainfracloud.org +++ b/inventory/host_vars/hubs-dev.fedorainfracloud.org @@ -10,7 +10,7 @@ inventory_tenant: persistent inventory_instance_name: hubs-dev hostbase: hubs-dev public_ip: 209.132.184.47 -root_auth_users: sayan +root_auth_users: sayanchowdhury abompard description: hubs development instance cloud_networks: diff --git a/inventory/host_vars/magazine.fedorainfracloud.org b/inventory/host_vars/magazine.fedorainfracloud.org index cb5a73ae00..7b04615093 100644 --- a/inventory/host_vars/magazine.fedorainfracloud.org +++ b/inventory/host_vars/magazine.fedorainfracloud.org @@ -21,3 +21,8 @@ extra_enablerepos: '' cloud_networks: # persistent-net - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" + +nagios_Check_Services: + nrpe: true + sshd: true + httpd: true diff --git a/inventory/host_vars/magazine2.fedorainfracloud.org b/inventory/host_vars/magazine2.fedorainfracloud.org new file mode 100644 index 0000000000..6036d05763 --- /dev/null +++ b/inventory/host_vars/magazine2.fedorainfracloud.org @@ -0,0 +1,28 @@ +--- +image: rhel7-20141015 +instance_type: m1.large +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,web-443-anywhere-persistent,allow-nagios-persistent,default,all-icmp-persistent +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: persistent +inventory_instance_name: magazine2 +hostbase: magazine2 +public_ip: 209.132.184.52 +root_auth_users: nb chrisroberts +description: Fedora Magazine + +host_backup_targets: ['/backups', '/var/www/html'] +dbs_to_backup: ['wp'] +mariadb_root_password: "{{ magazine_mariadb_password }}" +extra_enablerepos: '' + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" + +nagios_Check_Services: + nrpe: true + sshd: true + httpd: true diff --git a/inventory/host_vars/os-control01.stg.phx2.fedoraproject.org b/inventory/host_vars/os-control01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..16602435ae --- /dev/null +++ b/inventory/host_vars/os-control01.stg.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.100 +vmhost: virthost04.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/os-master01.stg.phx2.fedoraproject.org b/inventory/host_vars/os-master01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..b3c0bf999e --- /dev/null +++ b/inventory/host_vars/os-master01.stg.phx2.fedoraproject.org @@ -0,0 +1,19 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-atomic-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.101 +vmhost: virthost11.phx2.fedoraproject.org +datacenter: phx2 +host_group: os-stg + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 8192 +max_mem_size: 8192 +num_cpus: 4 diff --git a/inventory/host_vars/os-master02.stg.phx2.fedoraproject.org b/inventory/host_vars/os-master02.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..4ee9672b95 --- /dev/null +++ b/inventory/host_vars/os-master02.stg.phx2.fedoraproject.org @@ -0,0 +1,19 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-atomic-host-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.102 +vmhost: virthost04.phx2.fedoraproject.org +datacenter: phx2 +host_group: os-stg + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 8192 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/host_vars/os-master03.stg.phx2.fedoraproject.org b/inventory/host_vars/os-master03.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..741b8f3f12 --- /dev/null +++ b/inventory/host_vars/os-master03.stg.phx2.fedoraproject.org @@ -0,0 +1,19 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-atomic-host-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.103 +vmhost: virthost04.phx2.fedoraproject.org +datacenter: phx2 +host_group: os-stg + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 8192 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/host_vars/os-node01.stg.phx2.fedoraproject.org b/inventory/host_vars/os-node01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..abddf35d54 --- /dev/null +++ b/inventory/host_vars/os-node01.stg.phx2.fedoraproject.org @@ -0,0 +1,19 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-atomic-host-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.104 +vmhost: virthost11.phx2.fedoraproject.org +datacenter: phx2 +host_group: os-nodes-stg + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 8192 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/host_vars/os-node02.stg.phx2.fedoraproject.org b/inventory/host_vars/os-node02.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..3e06baf710 --- /dev/null +++ b/inventory/host_vars/os-node02.stg.phx2.fedoraproject.org @@ -0,0 +1,19 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-atomic-host-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.105 +vmhost: virthost04.phx2.fedoraproject.org +datacenter: phx2 +host_group: os-nodes-stg + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 8192 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/host_vars/pkgs02.stg.phx2.fedoraproject.org b/inventory/host_vars/pkgs02.stg.phx2.fedoraproject.org index e3fe932666..ebb5cc036a 100644 --- a/inventory/host_vars/pkgs02.stg.phx2.fedoraproject.org +++ b/inventory/host_vars/pkgs02.stg.phx2.fedoraproject.org @@ -12,3 +12,32 @@ datacenter: phx2 # Need a eth0/eth1 install here. virt_install_command: "{{ virt_install_command_two_nic }}" + +# We override fedmsg_certs here because pkgs02.stg doesn't have pagure on it. +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log + - git.branch + - git.mass_branch.complete + - git.mass_branch.start + - git.pkgdb2branch.complete + - git.pkgdb2branch.start +- service: scm + owner: root + group: packager + can_send: + - git.branch + - git.mass_branch.complete + - git.mass_branch.start + - git.pkgdb2branch.complete + - git.pkgdb2branch.start + - git.receive +- service: lookaside + owner: root + group: apache + can_send: + - git.lookaside.new diff --git a/inventory/host_vars/regcfp.fedorainfracloud.org b/inventory/host_vars/regcfp2.fedorainfracloud.org similarity index 73% rename from inventory/host_vars/regcfp.fedorainfracloud.org rename to inventory/host_vars/regcfp2.fedorainfracloud.org index bc4e4e7382..f519eaaef7 100644 --- a/inventory/host_vars/regcfp.fedorainfracloud.org +++ b/inventory/host_vars/regcfp2.fedorainfracloud.org @@ -2,15 +2,15 @@ image: rhel7-20141015 instance_type: m1.medium keypair: fedora-admin-20130801 -security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,web-443-anywhere-persistent,default,all-icmp-persistent +security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,web-443-anywhere-persistent,default,all-icmp-persistent,allow-nagios-persistent zone: nova tcp_ports: [22, 80, 443] inventory_tenant: persistent -inventory_instance_name: regcfp -hostbase: regcfp +inventory_instance_name: regcfp2 +hostbase: regcfp2 public_ip: 209.132.184.127 -root_auth_users: puiterwijk pfrields +root_auth_users: puiterwijk pfrields duffy description: Flock registration software cloud_networks: diff --git a/inventory/host_vars/retrace01.qa.fedoraproject.org b/inventory/host_vars/retrace01.qa.fedoraproject.org index 99dc7bce64..aaf1bd378c 100644 --- a/inventory/host_vars/retrace01.qa.fedoraproject.org +++ b/inventory/host_vars/retrace01.qa.fedoraproject.org @@ -1,5 +1,5 @@ --- -faf_server_name: retrace.fedoraproject.org +faf_server_name: retrace.fedoraproject.org/faf rs_use_faf_packages: true # we do not have enough storage on stg diff --git a/inventory/host_vars/retrace01.stg.phx2.fedoraproject.org b/inventory/host_vars/retrace01.stg.phx2.fedoraproject.org index c4d17343d5..ce6de376dd 100644 --- a/inventory/host_vars/retrace01.stg.phx2.fedoraproject.org +++ b/inventory/host_vars/retrace01.stg.phx2.fedoraproject.org @@ -13,7 +13,7 @@ mem_size: 4096 max_mem_size: 16384 num_cpus: 2 -faf_server_name: retrace01.stg.phx2.fedoraproject.org +faf_server_name: retrace01.stg.phx2.fedoraproject.org/faf rs_use_faf_packages: false # we do not have enough storage on stg diff --git a/inventory/host_vars/virthost-rdu01.fedoraproject.org b/inventory/host_vars/virthost-rdu01.fedoraproject.org index ce7d73c0d0..aee4dcb363 100644 --- a/inventory/host_vars/virthost-rdu01.fedoraproject.org +++ b/inventory/host_vars/virthost-rdu01.fedoraproject.org @@ -9,3 +9,4 @@ postfix_group: vpn br0_ip: 204.85.14.4 br0_nm: 255.255.255.192 vpn: true + diff --git a/inventory/inventory b/inventory/inventory index cf74f6c35b..39356158ff 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -15,9 +15,6 @@ qa02.qa.fedoraproject.org qa08.qa.fedoraproject.org qa04.qa.fedoraproject.org -[qadevel] -qadevel.qa.fedoraproject.org:222 - [qa-prod] qa-prod01.qa.fedoraproject.org @@ -269,7 +266,7 @@ autocloud-backend01.stg.phx2.fedoraproject.org autocloud-backend02.stg.phx2.fedoraproject.org [autosign] -autosign01.phx2.fedoraproject.org +#autosign01.phx2.fedoraproject.org [autosign-stg] autosign01.stg.phx2.fedoraproject.org @@ -779,6 +776,12 @@ osbs-node02.stg.phx2.fedoraproject.org docker-registry01.stg.phx2.fedoraproject.org docker-registry02.stg.phx2.fedoraproject.org docker-candidate-registry01.stg.phx2.fedoraproject.org +os-control01.stg.phx2.fedoraproject.org +os-master01.stg.phx2.fedoraproject.org +os-master02.stg.phx2.fedoraproject.org +os-master03.stg.phx2.fedoraproject.org +os-node01.stg.phx2.fedoraproject.org +os-node02.stg.phx2.fedoraproject.org # This is a list of hosts that are a little "friendly" with staging. # They are exempted from the iptables wall between staging and prod. @@ -1118,9 +1121,10 @@ faitout.fedorainfracloud.org # Community Blog communityblog.fedorainfracloud.org # Fedora Magazine -magazine.fedorainfracloud.org +#magazine.fedorainfracloud.org +magazine2.fedorainfracloud.org # Flock RegCfp instance -regcfp.fedorainfracloud.org +regcfp2.fedorainfracloud.org # Modularity (ticket 5390) modularity.fedorainfracloud.org # Fedora Bootstrap VM @@ -1326,6 +1330,17 @@ osbs-master01.stg.phx2.fedoraproject.org osbs-node01.stg.phx2.fedoraproject.org osbs-node02.stg.phx2.fedoraproject.org +[os-control-stg] +os-control01.stg.phx2.fedoraproject.org + +[os-master-stg] +os-master01.stg.phx2.fedoraproject.org +os-master02.stg.phx2.fedoraproject.org +os-master03.stg.phx2.fedoraproject.org + +[os-node-stg] +os-node01.stg.phx2.fedoraproject.org +os-node02.stg.phx2.fedoraproject.org # Docker (docker-distribution) registries [docker-registry] diff --git a/master.yml b/master.yml index 27bb7e7653..d8bf06f949 100644 --- a/master.yml +++ b/master.yml @@ -110,9 +110,7 @@ - include: /srv/web/infra/ansible/playbooks/groups/taskotron-client-hosts.yml - include: /srv/web/infra/ansible/playbooks/groups/taskotron-prod.yml - include: /srv/web/infra/ansible/playbooks/groups/taskotron-dev.yml -# we're poking around with taskotron-stg right now and a full playbook run would disrupt the testing -# 2017-03-03 tflink -#- include: /srv/web/infra/ansible/playbooks/groups/taskotron-stg.yml +- include: /srv/web/infra/ansible/playbooks/groups/taskotron-stg.yml - include: /srv/web/infra/ansible/playbooks/groups/torrent.yml - include: /srv/web/infra/ansible/playbooks/groups/twisted-buildbots.yml - include: /srv/web/infra/ansible/playbooks/groups/unbound.yml diff --git a/playbooks/groups/anitya.yml b/playbooks/groups/anitya.yml index 3809bd967c..baeae77962 100644 --- a/playbooks/groups/anitya.yml +++ b/playbooks/groups/anitya.yml @@ -14,7 +14,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - sudo diff --git a/playbooks/groups/ask.yml b/playbooks/groups/ask.yml index 2fc89b60ef..f1bed3c506 100644 --- a/playbooks/groups/ask.yml +++ b/playbooks/groups/ask.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/autocloud-backend.yml b/playbooks/groups/autocloud-backend.yml index 1924baf9e4..b849bd876a 100644 --- a/playbooks/groups/autocloud-backend.yml +++ b/playbooks/groups/autocloud-backend.yml @@ -18,7 +18,7 @@ - rkhunter - hosts - fas_client - - nagios/client + - nagios_client - collectd/base - fedmsg/base - sudo diff --git a/playbooks/groups/autocloud-web.yml b/playbooks/groups/autocloud-web.yml index 5554da6a91..e5277b0724 100644 --- a/playbooks/groups/autocloud-web.yml +++ b/playbooks/groups/autocloud-web.yml @@ -16,7 +16,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/backup-server.yml b/playbooks/groups/backup-server.yml index 353b43c2dd..944ed8dffb 100644 --- a/playbooks/groups/backup-server.yml +++ b/playbooks/groups/backup-server.yml @@ -16,7 +16,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - sudo diff --git a/playbooks/groups/badges-backend.yml b/playbooks/groups/badges-backend.yml index e519c76e22..14169d4143 100644 --- a/playbooks/groups/badges-backend.yml +++ b/playbooks/groups/badges-backend.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/badges-web.yml b/playbooks/groups/badges-web.yml index ffa4467052..75f4c94acb 100644 --- a/playbooks/groups/badges-web.yml +++ b/playbooks/groups/badges-web.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/basset.yml b/playbooks/groups/basset.yml index cdf511aa93..a53e99ddeb 100644 --- a/playbooks/groups/basset.yml +++ b/playbooks/groups/basset.yml @@ -15,7 +15,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/bastion.yml b/playbooks/groups/bastion.yml index 6e02bc7091..aa1dab5339 100644 --- a/playbooks/groups/bastion.yml +++ b/playbooks/groups/bastion.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - sudo diff --git a/playbooks/groups/batcave.yml b/playbooks/groups/batcave.yml index cbd3abdb4a..64a97283b2 100644 --- a/playbooks/groups/batcave.yml +++ b/playbooks/groups/batcave.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - ansible-server diff --git a/playbooks/groups/beaker-virthosts.yml b/playbooks/groups/beaker-virthosts.yml index 856ee8540c..109fee1819 100644 --- a/playbooks/groups/beaker-virthosts.yml +++ b/playbooks/groups/beaker-virthosts.yml @@ -17,7 +17,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/beaker.yml b/playbooks/groups/beaker.yml index 13c4b96550..6a8bc24ec1 100644 --- a/playbooks/groups/beaker.yml +++ b/playbooks/groups/beaker.yml @@ -17,7 +17,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/blockerbugs.yml b/playbooks/groups/blockerbugs.yml index e80a76a111..e195795630 100644 --- a/playbooks/groups/blockerbugs.yml +++ b/playbooks/groups/blockerbugs.yml @@ -14,7 +14,7 @@ - base - hosts - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/bodhi-backend.yml b/playbooks/groups/bodhi-backend.yml index fff3efc7e1..9140c6c158 100644 --- a/playbooks/groups/bodhi-backend.yml +++ b/playbooks/groups/bodhi-backend.yml @@ -21,7 +21,7 @@ roles: - base - - nagios/client + - nagios_client - collectd/base - hosts - builder_repo diff --git a/playbooks/groups/bodhi2.yml b/playbooks/groups/bodhi2.yml index 0abce785e5..4d057eff12 100644 --- a/playbooks/groups/bodhi2.yml +++ b/playbooks/groups/bodhi2.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - sudo diff --git a/playbooks/groups/bugyou.yml b/playbooks/groups/bugyou.yml index 399f3aaecc..8a7800338d 100644 --- a/playbooks/groups/bugyou.yml +++ b/playbooks/groups/bugyou.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - collectd/base - hosts - fas_client diff --git a/playbooks/groups/bugzilla2fedmsg.yml b/playbooks/groups/bugzilla2fedmsg.yml index 06e073e342..d9d264d821 100644 --- a/playbooks/groups/bugzilla2fedmsg.yml +++ b/playbooks/groups/bugzilla2fedmsg.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - sudo diff --git a/playbooks/groups/busgateway.yml b/playbooks/groups/busgateway.yml index 00cb88c2ca..45e02b4c71 100644 --- a/playbooks/groups/busgateway.yml +++ b/playbooks/groups/busgateway.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/copr-backend.yml b/playbooks/groups/copr-backend.yml index 42c43a2585..127a7cf3e6 100644 --- a/playbooks/groups/copr-backend.yml +++ b/playbooks/groups/copr-backend.yml @@ -42,3 +42,4 @@ - base - fedmsg/base - copr/backend + - nagios_client diff --git a/playbooks/groups/copr-frontend.yml b/playbooks/groups/copr-frontend.yml index f1b2c83696..97a0f9232d 100644 --- a/playbooks/groups/copr-frontend.yml +++ b/playbooks/groups/copr-frontend.yml @@ -39,3 +39,4 @@ - base - copr/frontend - copr/mbs + - nagios_client diff --git a/playbooks/groups/copr-keygen.yml b/playbooks/groups/copr-keygen.yml index 279f1dc4f5..1a2b3610e7 100644 --- a/playbooks/groups/copr-keygen.yml +++ b/playbooks/groups/copr-keygen.yml @@ -46,3 +46,4 @@ roles: - base - copr/keygen + - nagios_client diff --git a/playbooks/groups/darkserver-backend.yml b/playbooks/groups/darkserver-backend.yml index 669404157c..7df789f355 100644 --- a/playbooks/groups/darkserver-backend.yml +++ b/playbooks/groups/darkserver-backend.yml @@ -21,7 +21,7 @@ - collectd/base - fas_client - hosts - - nagios/client + - nagios_client - rsyncd - sudo - rkhunter diff --git a/playbooks/groups/darkserver-web.yml b/playbooks/groups/darkserver-web.yml index ddc4d419aa..50a06c6784 100644 --- a/playbooks/groups/darkserver-web.yml +++ b/playbooks/groups/darkserver-web.yml @@ -21,7 +21,7 @@ - collectd/base - fas_client - hosts - - nagios/client + - nagios_client - rkhunter - rsyncd - sudo diff --git a/playbooks/groups/darkserver.yml b/playbooks/groups/darkserver.yml index 1d8f180a49..0bcd08cd05 100644 --- a/playbooks/groups/darkserver.yml +++ b/playbooks/groups/darkserver.yml @@ -22,7 +22,7 @@ - fas_client - rkhunter - hosts - - nagios/client + - nagios_client - rsyncd - sudo - { role: openvpn/client, when: env != "staging" } diff --git a/playbooks/groups/datagrepper.yml b/playbooks/groups/datagrepper.yml index 5f19fe3b05..c1751ff442 100644 --- a/playbooks/groups/datagrepper.yml +++ b/playbooks/groups/datagrepper.yml @@ -15,7 +15,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/dhcp.yml b/playbooks/groups/dhcp.yml index 2a2074135b..8cb32b06b7 100644 --- a/playbooks/groups/dhcp.yml +++ b/playbooks/groups/dhcp.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/dns.yml b/playbooks/groups/dns.yml index 46a6b89e8b..f56012e3ec 100644 --- a/playbooks/groups/dns.yml +++ b/playbooks/groups/dns.yml @@ -16,7 +16,7 @@ - base - hosts - rkhunter - - nagios/client + - nagios_client - fas_client - collectd/base - collectd/bind diff --git a/playbooks/groups/docker-registry.yml b/playbooks/groups/docker-registry.yml index 257c1961b3..980b983fba 100644 --- a/playbooks/groups/docker-registry.yml +++ b/playbooks/groups/docker-registry.yml @@ -14,7 +14,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/download.yml b/playbooks/groups/download.yml index e82b86dff7..32f186105c 100644 --- a/playbooks/groups/download.yml +++ b/playbooks/groups/download.yml @@ -29,7 +29,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/elections.yml b/playbooks/groups/elections.yml index 6e11e652f6..2cf9e747d4 100644 --- a/playbooks/groups/elections.yml +++ b/playbooks/groups/elections.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - rsyncd diff --git a/playbooks/groups/fas.yml b/playbooks/groups/fas.yml index 6d6b13f4ac..fedc4c00d1 100644 --- a/playbooks/groups/fas.yml +++ b/playbooks/groups/fas.yml @@ -16,7 +16,7 @@ - base - hosts - rkhunter - - nagios/client + - nagios_client - fas_client - collectd/base - rsyncd diff --git a/playbooks/groups/fas3.yml b/playbooks/groups/fas3.yml index 6bef9f552d..f6ea71da03 100644 --- a/playbooks/groups/fas3.yml +++ b/playbooks/groups/fas3.yml @@ -16,7 +16,7 @@ - base - hosts - rkhunter - #- nagios/client + #- nagios_client - fas_client - collectd/base - rsyncd diff --git a/playbooks/groups/fedimg.yml b/playbooks/groups/fedimg.yml index 92743c9628..abddaeac93 100644 --- a/playbooks/groups/fedimg.yml +++ b/playbooks/groups/fedimg.yml @@ -17,7 +17,7 @@ - base - rkhunter - fas_client - - nagios/client + - nagios_client - hosts - collectd/base - fedmsg/base diff --git a/playbooks/groups/fedocal.yml b/playbooks/groups/fedocal.yml index 6d4cbb6693..3fefb8a33f 100644 --- a/playbooks/groups/fedocal.yml +++ b/playbooks/groups/fedocal.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - rsyncd diff --git a/playbooks/groups/github2fedmsg.yml b/playbooks/groups/github2fedmsg.yml index 89bb97aae6..05da0da440 100644 --- a/playbooks/groups/github2fedmsg.yml +++ b/playbooks/groups/github2fedmsg.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/gnome-backups.yml b/playbooks/groups/gnome-backups.yml index 48b0070931..2f2a0183ef 100644 --- a/playbooks/groups/gnome-backups.yml +++ b/playbooks/groups/gnome-backups.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - sudo diff --git a/playbooks/groups/hosted.yml b/playbooks/groups/hosted.yml index a3a9536b2f..29aa110475 100644 --- a/playbooks/groups/hosted.yml +++ b/playbooks/groups/hosted.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - sudo diff --git a/playbooks/groups/hotness.yml b/playbooks/groups/hotness.yml index a863f2ef78..abc5c69315 100644 --- a/playbooks/groups/hotness.yml +++ b/playbooks/groups/hotness.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - collectd/base - hosts - fas_client diff --git a/playbooks/groups/infinote.yml b/playbooks/groups/infinote.yml index f066188f3a..f503a46dd8 100644 --- a/playbooks/groups/infinote.yml +++ b/playbooks/groups/infinote.yml @@ -14,7 +14,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - sudo diff --git a/playbooks/groups/ipa.yml b/playbooks/groups/ipa.yml index b6682a2878..6783fcf3b7 100644 --- a/playbooks/groups/ipa.yml +++ b/playbooks/groups/ipa.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - rsyncd diff --git a/playbooks/groups/ipsilon.yml b/playbooks/groups/ipsilon.yml index 77f7890a35..8f7cbcfb04 100644 --- a/playbooks/groups/ipsilon.yml +++ b/playbooks/groups/ipsilon.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - rsyncd diff --git a/playbooks/groups/kerneltest.yml b/playbooks/groups/kerneltest.yml index 3dbccb6523..54908ab364 100644 --- a/playbooks/groups/kerneltest.yml +++ b/playbooks/groups/kerneltest.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/keyserver.yml b/playbooks/groups/keyserver.yml index 286c56ecf5..2707c77053 100644 --- a/playbooks/groups/keyserver.yml +++ b/playbooks/groups/keyserver.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - sudo diff --git a/playbooks/groups/koji-hub.yml b/playbooks/groups/koji-hub.yml index 11c80d179a..4f7d3e669c 100644 --- a/playbooks/groups/koji-hub.yml +++ b/playbooks/groups/koji-hub.yml @@ -23,7 +23,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - builder_repo diff --git a/playbooks/groups/kojipkgs.yml b/playbooks/groups/kojipkgs.yml index 4a6bfaf3f0..fd330e2457 100644 --- a/playbooks/groups/kojipkgs.yml +++ b/playbooks/groups/kojipkgs.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - sudo diff --git a/playbooks/groups/koschei-backend.yml b/playbooks/groups/koschei-backend.yml index 2d67ce9862..b96b3df55a 100644 --- a/playbooks/groups/koschei-backend.yml +++ b/playbooks/groups/koschei-backend.yml @@ -16,7 +16,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - builder_repo diff --git a/playbooks/groups/koschei-web.yml b/playbooks/groups/koschei-web.yml index cd1c919c1c..047011bbd5 100644 --- a/playbooks/groups/koschei-web.yml +++ b/playbooks/groups/koschei-web.yml @@ -14,7 +14,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/logserver.yml b/playbooks/groups/logserver.yml index 362ef91539..4a7646461d 100644 --- a/playbooks/groups/logserver.yml +++ b/playbooks/groups/logserver.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - apache diff --git a/playbooks/groups/loopabull.yml b/playbooks/groups/loopabull.yml index 425953dd83..192115e1f9 100644 --- a/playbooks/groups/loopabull.yml +++ b/playbooks/groups/loopabull.yml @@ -17,7 +17,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/mailman.yml b/playbooks/groups/mailman.yml index 1d70e52173..64dad63fa3 100644 --- a/playbooks/groups/mailman.yml +++ b/playbooks/groups/mailman.yml @@ -17,7 +17,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/mariadb-server.yml b/playbooks/groups/mariadb-server.yml index 58814d37ee..3633f4219d 100644 --- a/playbooks/groups/mariadb-server.yml +++ b/playbooks/groups/mariadb-server.yml @@ -20,7 +20,7 @@ - base - rkhunter - fas_client - - nagios/client + - nagios_client - hosts - mariadb_server - collectd/base diff --git a/playbooks/groups/mbs.yml b/playbooks/groups/mbs.yml index 365edb61d9..69edb91f7f 100644 --- a/playbooks/groups/mbs.yml +++ b/playbooks/groups/mbs.yml @@ -16,7 +16,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - rsyncd diff --git a/playbooks/groups/mdapi.yml b/playbooks/groups/mdapi.yml index 5d59f8b36d..f6f9a2046b 100644 --- a/playbooks/groups/mdapi.yml +++ b/playbooks/groups/mdapi.yml @@ -16,7 +16,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - rsyncd diff --git a/playbooks/groups/memcached.yml b/playbooks/groups/memcached.yml index f3660f2a39..e8dfb20e30 100644 --- a/playbooks/groups/memcached.yml +++ b/playbooks/groups/memcached.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/mirrorlist2.yml b/playbooks/groups/mirrorlist2.yml index 68381419ff..d307275bfa 100644 --- a/playbooks/groups/mirrorlist2.yml +++ b/playbooks/groups/mirrorlist2.yml @@ -50,7 +50,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - geoip - hosts - fas_client diff --git a/playbooks/groups/mirrormanager.yml b/playbooks/groups/mirrormanager.yml index d481110210..746ae1a45a 100644 --- a/playbooks/groups/mirrormanager.yml +++ b/playbooks/groups/mirrormanager.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - sudo diff --git a/playbooks/groups/modernpaste.yml b/playbooks/groups/modernpaste.yml index 1a28e43194..0b7b2bd514 100644 --- a/playbooks/groups/modernpaste.yml +++ b/playbooks/groups/modernpaste.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - sudo diff --git a/playbooks/groups/noc.yml b/playbooks/groups/noc.yml index c5c153dc5f..928b0dd0a8 100644 --- a/playbooks/groups/noc.yml +++ b/playbooks/groups/noc.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/notifs-backend.yml b/playbooks/groups/notifs-backend.yml index 58de8307b6..4bd46b99bf 100644 --- a/playbooks/groups/notifs-backend.yml +++ b/playbooks/groups/notifs-backend.yml @@ -20,7 +20,7 @@ - rkhunter - hosts - fas_client - - nagios/client + - nagios_client - collectd/base - fedmsg/base - sudo diff --git a/playbooks/groups/notifs-web.yml b/playbooks/groups/notifs-web.yml index cf5e492346..784a6f9764 100644 --- a/playbooks/groups/notifs-web.yml +++ b/playbooks/groups/notifs-web.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/nuancier.yml b/playbooks/groups/nuancier.yml index d9a2234693..d34748d700 100644 --- a/playbooks/groups/nuancier.yml +++ b/playbooks/groups/nuancier.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/openqa-workers.yml b/playbooks/groups/openqa-workers.yml index b58273550e..0966aa8667 100644 --- a/playbooks/groups/openqa-workers.yml +++ b/playbooks/groups/openqa-workers.yml @@ -11,7 +11,7 @@ roles: - { role: base, tags: ['base'] } - { role: rkhunter, tags: ['rkhunter'] } - - { role: nagios/client, tags: ['nagios/client'] } + - { role: nagios_client, tags: ['nagios_client'] } - { role: hosts, tags: ['hosts']} - { role: fas_client, tags: ['fas_client'] } - { role: collectd/base, tags: ['collectd_base'] } diff --git a/playbooks/groups/openqa.yml b/playbooks/groups/openqa.yml index 7bb4b75d61..15066ea00d 100644 --- a/playbooks/groups/openqa.yml +++ b/playbooks/groups/openqa.yml @@ -13,7 +13,7 @@ roles: - { role: base, tags: ['base'] } - { role: rkhunter, tags: ['rkhunter'] } - - { role: nagios/client, tags: ['nagios/client'] } + - { role: nagios_client, tags: ['nagios_client'] } - { role: hosts, tags: ['hosts']} - { role: fas_client, tags: ['fas_client'] } - { role: collectd/base, tags: ['collectd_base'] } diff --git a/playbooks/groups/openstack-compute-nodes.yml b/playbooks/groups/openstack-compute-nodes.yml index 2340137440..503dca2a34 100644 --- a/playbooks/groups/openstack-compute-nodes.yml +++ b/playbooks/groups/openstack-compute-nodes.yml @@ -14,7 +14,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - fas_client - collectd/base - sudo diff --git a/playbooks/groups/os-cluster.yml b/playbooks/groups/os-cluster.yml new file mode 100644 index 0000000000..5d0185bb5e --- /dev/null +++ b/playbooks/groups/os-cluster.yml @@ -0,0 +1,158 @@ +# create an os server +- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=os-control-stg:os-control" +- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=os-nodes-stg:os-masters-stg:os-nodes:os-masters" + +- name: make the box be real + hosts: os-control:os-control-stg:os-masters-stg:os-nodes-stg:os-masters:os-nodes + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - rsyncd + - sudo + + tasks: + - include: "{{ tasks_path }}/yumrepos.yml" + - include: "{{ tasks_path }}/2fa_client.yml" + - include: "{{ tasks_path }}/motd.yml" + + handlers: + - include: "{{ handlers_path }}/restart_services.yml" + +- name: OSBS control hosts pre-req setup + hosts: os-control:os-control-stg + tags: + - os-cluster-prereq + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: deploy private key to control hosts + copy: + src: "{{private}}/files/os/{{env}}/control_key" + dest: "/root/.ssh/id_rsa" + owner: root + mode: 0600 + + - name: set ansible to use pipelining + ini_file: + dest: /etc/ansible/ansible.cfg + section: ssh_connection + option: pipelining + value: "True" + +- name: Setup cluster masters pre-reqs + hosts: os-masters-stg:os-masters + tags: + - os-cluster-prereq + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: ensure origin conf dir exists + file: + path: "/etc/origin" + state: "directory" + + - name: create cert dir for openshift public facing REST API SSL + file: + path: "/etc/origin/master/named_certificates" + state: "directory" + + - name: install cert for openshift public facing REST API SSL + copy: + src: "{{private}}/files/os/{{env}}/os-internal.pem" + dest: "/etc/origin/master/named_certificates/{{os}}.pem" + + - name: install key for openshift public facing REST API SSL + copy: + src: "{{private}}/files/os/{{env}}/os-internal.key" + dest: "/etc/origin/master/named_certificates/{{os}}.key" + + - name: place htpasswd file + copy: + src: "{{private}}/files/httpd/os-{{env}}.htpasswd" + dest: /etc/origin/htpasswd + + +- name: Setup cluster hosts pre-reqs + hosts: os-masters-stg:os-nodes-stg:os-masters:os-nodes + tags: + - os-cluster-prereq + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + handlers: + - name: restart NetworkManager + service: + name: NetworkManager + state: restarted + + tasks: + - name: Install necessary packages that openshift-ansible needs + package: name="{{ item }}" state=installed + with_items: + - tar + - rsync + - dbus-python + - NetworkManager + - libselinux-python + - origin + + - name: Deploy controller public ssh keys to os cluster hosts + authorized_key: + user: root + key: "{{ lookup('file', '{{private}}/files/os/{{env}}/control_key.pub') }}" + + # This is required for OpenShift built-in SkyDNS inside the overlay network + # of the cluster + - name: ensure NM_CONTROLLED is set to "yes" for os cluster + lineinfile: + dest: "/etc/sysconfig/network-scripts/ifcfg-eth0" + line: "NM_CONTROLLED=yes" + notify: + - restart NetworkManager + + # This is required for OpenShift built-in SkyDNS inside the overlay network + # of the cluster + - name: ensure NetworkManager is enabled and started + service: + name: NetworkManager + state: started + enabled: yes + + - name: cron entry to clean up docker storage + copy: + src: "{{files}}/os/cleanup-docker-storage" + dest: "/etc/cron.d/cleanup-docker-storage" + + - name: copy docker-storage-setup config + copy: + src: "{{files}}/os/docker-storage-setup" + dest: "/etc/sysconfig/docker-storage-setup" diff --git a/playbooks/groups/osbs-cluster.yml b/playbooks/groups/osbs-cluster.yml index 5d9ff0ab6d..726bb92795 100644 --- a/playbooks/groups/osbs-cluster.yml +++ b/playbooks/groups/osbs-cluster.yml @@ -15,7 +15,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/packages.yml b/playbooks/groups/packages.yml index ac256395e1..7d3cabd8bd 100644 --- a/playbooks/groups/packages.yml +++ b/playbooks/groups/packages.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/pagure.yml b/playbooks/groups/pagure.yml index 099a795fe0..88bf0b7969 100644 --- a/playbooks/groups/pagure.yml +++ b/playbooks/groups/pagure.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - sudo diff --git a/playbooks/groups/paste.yml b/playbooks/groups/paste.yml index c26c34e106..0d02d948cf 100644 --- a/playbooks/groups/paste.yml +++ b/playbooks/groups/paste.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/pdc.yml b/playbooks/groups/pdc.yml index 88d329b16d..1e46069a4b 100644 --- a/playbooks/groups/pdc.yml +++ b/playbooks/groups/pdc.yml @@ -16,7 +16,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - collectd/base - hosts - fas_client diff --git a/playbooks/groups/people.yml b/playbooks/groups/people.yml index 31f81e42fa..7877950c07 100644 --- a/playbooks/groups/people.yml +++ b/playbooks/groups/people.yml @@ -59,7 +59,7 @@ - collectd/base - fas_client - hosts - - nagios/client + - nagios_client - rkhunter - rsyncd - sudo diff --git a/playbooks/groups/piwik.yml b/playbooks/groups/piwik.yml index 914e94cb84..1f89218a60 100644 --- a/playbooks/groups/piwik.yml +++ b/playbooks/groups/piwik.yml @@ -15,7 +15,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/pkgdb.yml b/playbooks/groups/pkgdb.yml index 87aaa743b8..98d211e6d9 100644 --- a/playbooks/groups/pkgdb.yml +++ b/playbooks/groups/pkgdb.yml @@ -17,7 +17,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/pkgs.yml b/playbooks/groups/pkgs.yml index 879b322dac..fa0f3c64e4 100644 --- a/playbooks/groups/pkgs.yml +++ b/playbooks/groups/pkgs.yml @@ -10,18 +10,10 @@ - "/srv/private/ansible/vars.yml" - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - pre_tasks: - - name: Copy keytab - copy: src={{private}}/files/keytabs/{{env}}/pkgs - dest=/etc/httpd.keytab - owner=apache group=apache mode=0600 - tags: - - krb5 - roles: - base - rkhunter - - nagios/client + - nagios_client - fas_client - collectd/base - sudo @@ -44,6 +36,13 @@ - { role: distgit/pagure, when: env == "staging" and inventory_hostname.startswith('pkgs01') } tasks: + - name: Copy keytab + copy: src={{private}}/files/keytabs/{{env}}/pkgs + dest=/etc/httpd.keytab + owner=apache group=apache mode=0600 + tags: + - krb5 + - include: "{{ tasks_path }}/yumrepos.yml" - include: "{{ tasks_path }}/motd.yml" - include: "{{ tasks_path }}/2fa_client.yml" diff --git a/playbooks/groups/postgresql-server-bdr.yml b/playbooks/groups/postgresql-server-bdr.yml index e2a63cca1a..d07290b3b3 100644 --- a/playbooks/groups/postgresql-server-bdr.yml +++ b/playbooks/groups/postgresql-server-bdr.yml @@ -20,7 +20,7 @@ - base - rkhunter - fas_client - - nagios/client + - nagios_client - hosts - collectd/base - collectd/postgres # This requires a 'databases' var to be set in host_vars diff --git a/playbooks/groups/postgresql-server.yml b/playbooks/groups/postgresql-server.yml index ae0bd03567..8d78b542dd 100644 --- a/playbooks/groups/postgresql-server.yml +++ b/playbooks/groups/postgresql-server.yml @@ -20,7 +20,7 @@ - base - rkhunter - fas_client - - nagios/client + - nagios_client - hosts - postgresql_server - collectd/base diff --git a/playbooks/groups/proxies.yml b/playbooks/groups/proxies.yml index b4e22dedc0..d86eb2a16e 100644 --- a/playbooks/groups/proxies.yml +++ b/playbooks/groups/proxies.yml @@ -15,7 +15,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - collectd/base - sudo - rsyncd diff --git a/playbooks/groups/qa.yml b/playbooks/groups/qa.yml index d5573d6452..978ad8e0ba 100644 --- a/playbooks/groups/qa.yml +++ b/playbooks/groups/qa.yml @@ -18,7 +18,7 @@ roles: - { role: base, tags: ['base'] } - { role: rkhunter, tags: ['rkhunter'] } - - { role: nagios/client, tags: ['nagios/client'] } + - { role: nagios_client, tags: ['nagios_client'] } - hosts - { role: fas_client, tags: ['fas_client'] } - { role: collectd/base, tags: ['collectd_base'] } diff --git a/playbooks/groups/releng-compose.yml b/playbooks/groups/releng-compose.yml index fdd7b38baa..1e1f7120e3 100644 --- a/playbooks/groups/releng-compose.yml +++ b/playbooks/groups/releng-compose.yml @@ -26,7 +26,7 @@ - builder_repo - fas_client - rkhunter - - nagios/client + - nagios_client - collectd/base - sudo - role: keytab/service diff --git a/playbooks/groups/resultsdb-dev.yml b/playbooks/groups/resultsdb-dev.yml index 141230e0d6..c021506d54 100644 --- a/playbooks/groups/resultsdb-dev.yml +++ b/playbooks/groups/resultsdb-dev.yml @@ -18,7 +18,7 @@ roles: - { role: base, tags: ['base'] } - { role: rkhunter, tags: ['rkhunter'] } - - { role: nagios/client, tags: ['nagios/client'] } + - { role: nagios_client, tags: ['nagios_client'] } - { role: hosts, tags: ['hosts']} - { role: fas_client, tags: ['fas_client'] } - { role: collectd/base, tags: ['collectd_base'] } diff --git a/playbooks/groups/resultsdb-prod.yml b/playbooks/groups/resultsdb-prod.yml index 4e617f126c..cab0770d24 100644 --- a/playbooks/groups/resultsdb-prod.yml +++ b/playbooks/groups/resultsdb-prod.yml @@ -18,7 +18,7 @@ roles: - { role: base, tags: ['base'] } - { role: rkhunter, tags: ['rkhunter'] } - - { role: nagios/client, tags: ['nagios/client'] } + - { role: nagios_client, tags: ['nagios_client'] } - { role: hosts, tags: ['hosts']} - { role: fas_client, tags: ['fas_client'] } - { role: collectd/base, tags: ['collectd_base'] } diff --git a/playbooks/groups/resultsdb-stg.yml b/playbooks/groups/resultsdb-stg.yml index cda7459b5b..7aa517212b 100644 --- a/playbooks/groups/resultsdb-stg.yml +++ b/playbooks/groups/resultsdb-stg.yml @@ -18,7 +18,7 @@ roles: - { role: base, tags: ['base'] } - { role: rkhunter, tags: ['rkhunter'] } - - { role: nagios/client, tags: ['nagios/client'] } + - { role: nagios_client, tags: ['nagios_client'] } - { role: hosts, tags: ['hosts']} - { role: fas_client, tags: ['fas_client'] } - { role: collectd/base, tags: ['collectd_base'] } diff --git a/playbooks/groups/retrace.yml b/playbooks/groups/retrace.yml index 857b335a13..400625c711 100644 --- a/playbooks/groups/retrace.yml +++ b/playbooks/groups/retrace.yml @@ -15,7 +15,7 @@ - hosts - fas_client - rkhunter - - nagios/client + - nagios_client - sudo - fedmsg/base @@ -38,7 +38,7 @@ roles: - abrt/faf-local - - { role: abrt/faf, faf_web_on_root: false, faf_admin_mail: msuchy@redhat.com, faf_web_openid_privileged_teams: "provenpackager,proventesters", faf_web_secret_key: "{{fedora_faf_web_secret_key}}" } + - { role: abrt/faf, faf_web_on_root: false, faf_admin_mail: msuchy@redhat.com, faf_web_openid_privileged_teams: "provenpackager,proventesters", faf_web_secret_key: "{{fedora_faf_web_secret_key}}", faf_spool_dir: /srv/faf/ } - name: setup retrace server hosts: retrace:retrace-stg diff --git a/playbooks/groups/secondary.yml b/playbooks/groups/secondary.yml index b8207f6237..f81a5915b4 100644 --- a/playbooks/groups/secondary.yml +++ b/playbooks/groups/secondary.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/smtp-mm.yml b/playbooks/groups/smtp-mm.yml index e0d806d4a3..d93e46f816 100644 --- a/playbooks/groups/smtp-mm.yml +++ b/playbooks/groups/smtp-mm.yml @@ -15,7 +15,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/statscache.yml b/playbooks/groups/statscache.yml index 65725401f9..f1fb38f0b2 100644 --- a/playbooks/groups/statscache.yml +++ b/playbooks/groups/statscache.yml @@ -19,7 +19,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/summershum.yml b/playbooks/groups/summershum.yml index 1706c6ad08..81f70ad0c0 100644 --- a/playbooks/groups/summershum.yml +++ b/playbooks/groups/summershum.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - collectd/base - hosts - fas_client diff --git a/playbooks/groups/sundries.yml b/playbooks/groups/sundries.yml index 729cf9af15..b71977add9 100644 --- a/playbooks/groups/sundries.yml +++ b/playbooks/groups/sundries.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/tagger.yml b/playbooks/groups/tagger.yml index 8bb044cf20..7734daa9fa 100644 --- a/playbooks/groups/tagger.yml +++ b/playbooks/groups/tagger.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/taskotron-client-hosts.yml b/playbooks/groups/taskotron-client-hosts.yml index 4996dbc2fa..dd4dedddd4 100644 --- a/playbooks/groups/taskotron-client-hosts.yml +++ b/playbooks/groups/taskotron-client-hosts.yml @@ -17,7 +17,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/taskotron-dev.yml b/playbooks/groups/taskotron-dev.yml index 093da6047f..a5ba557833 100644 --- a/playbooks/groups/taskotron-dev.yml +++ b/playbooks/groups/taskotron-dev.yml @@ -18,7 +18,7 @@ roles: - { role: base, tags: ['base'] } - { role: rkhunter, tags: ['rkhunter'] } - - { role: nagios/client, tags: ['nagios/client'] } + - { role: nagios_client, tags: ['nagios_client'] } - { role: hosts, tags: ['hosts']} - { role: fas_client, tags: ['fas_client'] } - { role: collectd/base, tags: ['collectd_base'] } diff --git a/playbooks/groups/taskotron-prod.yml b/playbooks/groups/taskotron-prod.yml index 184b11b001..2894c88620 100644 --- a/playbooks/groups/taskotron-prod.yml +++ b/playbooks/groups/taskotron-prod.yml @@ -18,7 +18,7 @@ roles: - { role: base, tags: ['base'] } - { role: rkhunter, tags: ['rkhunter'] } - - { role: nagios/client, tags: ['nagios/client'] } + - { role: nagios_client, tags: ['nagios_client'] } - { role: hosts, tags: ['hosts']} - { role: fas_client, tags: ['fas_client'] } - { role: collectd/base, tags: ['collectd_base'] } diff --git a/playbooks/groups/taskotron-stg.yml b/playbooks/groups/taskotron-stg.yml index 282094aa82..652583c59a 100644 --- a/playbooks/groups/taskotron-stg.yml +++ b/playbooks/groups/taskotron-stg.yml @@ -18,7 +18,7 @@ roles: - { role: base, tags: ['base'] } - { role: rkhunter, tags: ['rkhunter'] } - - { role: nagios/client, tags: ['nagios/client'] } + - { role: nagios_client, tags: ['nagios_client'] } - { role: hosts, tags: ['hosts']} - { role: fas_client, tags: ['fas_client'] } - { role: collectd/base, tags: ['collectd_base'] } diff --git a/playbooks/groups/taskotron.yml b/playbooks/groups/taskotron.yml index d6590747fc..701e427f89 100644 --- a/playbooks/groups/taskotron.yml +++ b/playbooks/groups/taskotron.yml @@ -18,7 +18,7 @@ roles: - { role: base, tags: ['base'] } - { role: rkhunter, tags: ['rkhunter'] } - - { role: nagios/client, tags: ['nagios/client'] } + - { role: nagios_client, tags: ['nagios_client'] } - { role: hosts, tags: ['hosts']} - { role: fas_client, tags: ['fas_client'] } - { role: collectd/base, tags: ['collectd_base'] } diff --git a/playbooks/groups/torrent.yml b/playbooks/groups/torrent.yml index 1d69ed68ab..b196ca95ac 100644 --- a/playbooks/groups/torrent.yml +++ b/playbooks/groups/torrent.yml @@ -14,7 +14,7 @@ - base - hosts - rkhunter - - nagios/client + - nagios_client - fas_client - collectd/base - rsyncd diff --git a/playbooks/groups/unbound.yml b/playbooks/groups/unbound.yml index 76de92e130..a3e3e02778 100644 --- a/playbooks/groups/unbound.yml +++ b/playbooks/groups/unbound.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/value.yml b/playbooks/groups/value.yml index a0fbba22ee..e907c43936 100644 --- a/playbooks/groups/value.yml +++ b/playbooks/groups/value.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/virthost.yml b/playbooks/groups/virthost.yml index dc4cfdc8e7..43f9b4c76c 100644 --- a/playbooks/groups/virthost.yml +++ b/playbooks/groups/virthost.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/wiki.yml b/playbooks/groups/wiki.yml index 1e5adae54b..07c32717ec 100644 --- a/playbooks/groups/wiki.yml +++ b/playbooks/groups/wiki.yml @@ -21,7 +21,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/zanata2fedmsg.yml b/playbooks/groups/zanata2fedmsg.yml index 8365e93de3..687d77c015 100644 --- a/playbooks/groups/zanata2fedmsg.yml +++ b/playbooks/groups/zanata2fedmsg.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/hosts/cloud-noc01.cloud.fedoraproject.org.yml b/playbooks/hosts/cloud-noc01.cloud.fedoraproject.org.yml index e678d4c97b..49e9070ddd 100644 --- a/playbooks/hosts/cloud-noc01.cloud.fedoraproject.org.yml +++ b/playbooks/hosts/cloud-noc01.cloud.fedoraproject.org.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/hosts/data-analysis01.phx2.fedoraproject.org.yml b/playbooks/hosts/data-analysis01.phx2.fedoraproject.org.yml index b53b0b4190..5be664e24a 100644 --- a/playbooks/hosts/data-analysis01.phx2.fedoraproject.org.yml +++ b/playbooks/hosts/data-analysis01.phx2.fedoraproject.org.yml @@ -18,7 +18,7 @@ - rkhunter - hosts - fas_client - - nagios/client + - nagios_client - collectd/base - sudo - role: keytab/service diff --git a/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml b/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml index e830789f4b..501d95e65f 100644 --- a/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml +++ b/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml @@ -36,7 +36,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - fas_client - sudo diff --git a/playbooks/hosts/hubs-dev.fedorainfroacloud.org.yml b/playbooks/hosts/hubs-dev.fedorainfracloud.org.yml similarity index 97% rename from playbooks/hosts/hubs-dev.fedorainfroacloud.org.yml rename to playbooks/hosts/hubs-dev.fedorainfracloud.org.yml index 099bae9148..f9fecc0989 100644 --- a/playbooks/hosts/hubs-dev.fedorainfroacloud.org.yml +++ b/playbooks/hosts/hubs-dev.fedorainfracloud.org.yml @@ -20,6 +20,9 @@ - /srv/private/ansible/files/openstack/passwords.yml - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + roles: + - certbot + pre_tasks: - include: "{{ tasks_path }}/cloud_setup_basic.yml" - name: set hostname (required by some services, at least postfix need it) @@ -74,6 +77,10 @@ - python-datanommer-consumer - datanommer-commands - fedmsg-hub + - python-flask + - python-oauth2client + - python-bleach + - python-dogpile-cache - python-psycopg2 - postgresql-devel - postgresql-server diff --git a/playbooks/hosts/magazine.fedorainfracloud.org.yml b/playbooks/hosts/magazine.fedorainfracloud.org.yml index e42e2c44b4..b0d219a85f 100644 --- a/playbooks/hosts/magazine.fedorainfracloud.org.yml +++ b/playbooks/hosts/magazine.fedorainfracloud.org.yml @@ -51,5 +51,5 @@ service: name=postfix enabled=yes state=started roles: - - nagios/client + - nagios_client - mariadb_server diff --git a/playbooks/hosts/magazine2.fedorainfracloud.org.yml b/playbooks/hosts/magazine2.fedorainfracloud.org.yml new file mode 100644 index 0000000000..bb4eb0f879 --- /dev/null +++ b/playbooks/hosts/magazine2.fedorainfracloud.org.yml @@ -0,0 +1,69 @@ +- name: check/create instance + hosts: magazine2.fedorainfracloud.org + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - include: "{{ tasks_path }}/persistent_cloud.yml" + +- name: setup all the things + hosts: magazine2.fedorainfracloud.org + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - include: "{{ tasks_path }}/cloud_setup_basic.yml" + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{inventory_hostname}}" + + tasks: + - name: add packages + yum: state=present name={{ item }} + with_items: + - httpd + - php + - php-mysql + - mariadb-server + - mariadb + - mod_ssl + - php-mcrypt + - php-mbstring + - wget + - unzip + - postfix + - wordpress + + - name: enable httpd service + service: name=httpd enabled=yes state=started + + - name: configure postfix for ipv4 only + raw: postconf -e inet_protocols=ipv4 + + - name: enable local postfix service + service: name=postfix enabled=yes state=started + + roles: + - nagios_client + - mariadb_server + + post_tasks: + - name: create databaseuser + mysql_user: name=magazine + host=localhost + state=present + password="{{ magazine_db_password }}" + priv="magazine.*:ALL" + + - name: Wordpress cron + cron: name="Wordpress cron" + minute="*/10" + job="curl http://localhost:8008/wp-cron.php" diff --git a/playbooks/hosts/modularity.fedorainfracloud.org.yml b/playbooks/hosts/modularity.fedorainfracloud.org.yml index fa50012c51..7abca157da 100644 --- a/playbooks/hosts/modularity.fedorainfracloud.org.yml +++ b/playbooks/hosts/modularity.fedorainfracloud.org.yml @@ -12,7 +12,7 @@ - include: "{{ tasks_path }}/persistent_cloud.yml" - name: setup all the things - hosts: regcfp.fedorainfracloud.org + hosts: modularity.fedorainfracloud.org gather_facts: True vars_files: - /srv/web/infra/ansible/vars/global.yml diff --git a/playbooks/hosts/piwik.fedorainfracloud.org.yml b/playbooks/hosts/piwik.fedorainfracloud.org.yml index ab8d538522..d7a65167db 100644 --- a/playbooks/hosts/piwik.fedorainfracloud.org.yml +++ b/playbooks/hosts/piwik.fedorainfracloud.org.yml @@ -29,7 +29,7 @@ - apache - base - piwik - - nagios/client + - nagios_client pre_tasks: - include: "{{ tasks_path }}/yumrepos.yml" diff --git a/playbooks/hosts/regcfp.fedorainfracloud.org.yml b/playbooks/hosts/regcfp2.fedorainfracloud.org.yml similarity index 89% rename from playbooks/hosts/regcfp.fedorainfracloud.org.yml rename to playbooks/hosts/regcfp2.fedorainfracloud.org.yml index 46d4b4843c..b517e229c6 100644 --- a/playbooks/hosts/regcfp.fedorainfracloud.org.yml +++ b/playbooks/hosts/regcfp2.fedorainfracloud.org.yml @@ -1,5 +1,5 @@ - name: check/create instance - hosts: regcfp.fedorainfracloud.org + hosts: regcfp2.fedorainfracloud.org gather_facts: False vars_files: @@ -12,7 +12,7 @@ - include: "{{ tasks_path }}/persistent_cloud.yml" - name: setup all the things - hosts: regcfp.fedorainfracloud.org + hosts: regcfp2.fedorainfracloud.org gather_facts: True vars_files: - /srv/web/infra/ansible/vars/global.yml @@ -26,6 +26,7 @@ hostname: name="{{inventory_hostname}}" roles: + - nagios_client - postgresql_server - regcfp diff --git a/playbooks/manual/autosign.yml b/playbooks/manual/autosign.yml index cb07eda7fc..fc98513e3f 100644 --- a/playbooks/manual/autosign.yml +++ b/playbooks/manual/autosign.yml @@ -19,7 +19,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/manual/kernel-qa.yml b/playbooks/manual/kernel-qa.yml index 72c25a58a7..ccfa6ba2cb 100644 --- a/playbooks/manual/kernel-qa.yml +++ b/playbooks/manual/kernel-qa.yml @@ -15,7 +15,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - fas_client - sudo - hosts diff --git a/playbooks/manual/qadevel.yml b/playbooks/manual/qadevel.yml index b569021061..e8d64a2ee6 100644 --- a/playbooks/manual/qadevel.yml +++ b/playbooks/manual/qadevel.yml @@ -32,7 +32,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - fas_client - collectd/base - sudo diff --git a/playbooks/update-proxy-dns.yml b/playbooks/update-proxy-dns.yml index d3dd6e2abe..0730617a3c 100644 --- a/playbooks/update-proxy-dns.yml +++ b/playbooks/update-proxy-dns.yml @@ -26,11 +26,11 @@ when: nodns is not defined or not "true" in nodns - name: Run zone-template (fedoraproject.org) - local_action: command {{tmp.stdout}}/zone-template {{tmp.stdout}}/fedoraproject.org.cfg {{status}} {{ansible_inventory_hostname}} chdir={{tmp.stdout}} + local_action: command {{tmp.stdout}}/zone-template {{tmp.stdout}}/fedoraproject.org.cfg {{status}} {{inventory_hostname}} chdir={{tmp.stdout}} when: nodns is not defined or not "true" in nodns - name: Run zone-template (getfedora.org) - local_action: command {{tmp.stdout}}/zone-template {{tmp.stdout}}/getfedora.org.cfg {{status}} {{ansible_inventory_hostname}} chdir={{tmp.stdout}} + local_action: command {{tmp.stdout}}/zone-template {{tmp.stdout}}/getfedora.org.cfg {{status}} {{inventory_hostname}} chdir={{tmp.stdout}} when: nodns is not defined or not "true" in nodns - name: Commit once diff --git a/roles/abrt/faf-local/tasks/cron.yml b/roles/abrt/faf-local/tasks/cron.yml index 2165edc6ae..301a456ad4 100644 --- a/roles/abrt/faf-local/tasks/cron.yml +++ b/roles/abrt/faf-local/tasks/cron.yml @@ -1,35 +1,5 @@ --- -- name: cron for faf reposync - cron: - name: "cron for faf reposync {{ item.repos }}" - user: faf - job: "faf reposync -d {{ item.repos }} >> /var/log/faf/{{ item.log }} 2>&1" - special_time: daily - state: present - when: not devel - with_items: - # rawhide - - { log: "reposync-fedora-rawhide.log", repos: "fedora-rawhide-source fedora-rawhide-x86_64 fedora-rawhide-x86_64-debug fedora-rawhide-i386 fedora-rawhide-i386-debug fedora-rawhide-armhfp fedora-rawhide-armhfp-debug" } - # Fedora 24 - - { log: "reposync-fedora-24.log", repos: "fedora-24-source fedora-24-x86_64 fedora-24-x86_64-debug fedora-24-i386 fedora-24-i386-debug fedora-24-armhfp fedora-24-armhfp-debug" } - - { log: "reposync-fedora-24-updates.log", repos: "fedora-24-updates-source fedora-24-x86_64-updates fedora-24-x86_64-updates-debug fedora-24-i386-updates fedora-24-i386-updates-debug fedora-24-armhfp-updates fedora-24-armhfp-updates-debug" } - - { log: "reposync-fedora-24-testing.log", repos: "fedora-24-testing-source fedora-24-x86_64-testing fedora-24-x86_64-testing-debug fedora-24-i386-testing fedora-24-i386-testing-debug fedora-24-armhfp-testing fedora-24-armhfp-testing-debug" } - - { log: "reposync-fedora-24-kernel-rt.log", repos: "fedora-24-x86_64-kernel-rt fedora-24-x86_64-kernel-rt-testing fedora-24-i386-kernel-rt fedora-24-i386-kernel-rt-testing" } - # Fedora 25 - - { log: "reposync-fedora-25.log", repos: "fedora-25-source fedora-25-x86_64 fedora-25-x86_64-debug fedora-25-i386 fedora-25-i386-debug fedora-25-armhfp fedora-25-armhfp-debug" } - - { log: "reposync-fedora-25-updates.log", repos: "fedora-25-updates-source fedora-25-x86_64-updates fedora-25-x86_64-updates-debug fedora-25-i386-updates fedora-25-i386-updates-debug fedora-25-armhfp-updates fedora-25-armhfp-updates-debug" } - - { log: "reposync-fedora-25-testing.log", repos: "fedora-25-testing-source fedora-25-x86_64-testing fedora-25-x86_64-testing-debug fedora-25-i386-testing fedora-25-i386-testing-debug fedora-25-armhfp-testing fedora-25-armhfp-testing-debug" } - - { log: "reposync-fedora-25-kernel-rt.log", repos: "fedora-25-x86_64-kernel-rt fedora-25-x86_64-kernel-rt-testing fedora-25-i386-kernel-rt fedora-25-i386-kernel-rt-testing" } - # Fedora 26 - - { log: "reposync-fedora-26.log", repos: "fedora-26-source fedora-26-x86_64 fedora-26-x86_64-debug fedora-26-i386 fedora-26-i386-debug fedora-26-armhfp fedora-26-armhfp-debug"} - - { log: "reposync-fedora-26-updates.log", repos: "fedora-26-updates-source fedora-26-x86_64-updates fedora-26-x86_64-updates-debug fedora-26-i386-updates fedora-26-i386-updates-debug fedora-26-armhfp-updates fedora-26-armhfp-updates-debug" } - - { log: "reposync-fedora-26-testing.log", repos: "fedora-26-testing-source fedora-26-x86_64-testing fedora-26-x86_64-testing-debug fedora-26-i386-testing fedora-26-i386-testing-debug fedora-26-armhfp-testing fedora-26-armhfp-testing-debug" } - - { log: "reposync-fedora-26-kernel-rt.log", repos: "fedora-26-x86_64-kernel-rt fedora-26-x86_64-kernel-rt-testing fedora-26-i386-kernel-rt fedora-26-i386-kernel-rt-testing" } - # Centos - - { log: "reposync-centos-7.log", repos: "centos-7-x86_64 centos-7-x86_64-updates centos-7-x86_64-centosplus centos-7-x86_64-extras centos-7-x86_64-fasttrack centos-7-i386-debug centos-7-x86_64-debug" } - - { log: "reposync-epel-7.log", repos: "epel-7-x86_64 epel-7-x86_64-debug" } - - name: backup database cron: name: "backup database" diff --git a/roles/abrt/faf/files/group_abrt-el7-epel-7.repo b/roles/abrt/faf/files/group_abrt-faf-el7-epel-7.repo similarity index 100% rename from roles/abrt/faf/files/group_abrt-el7-epel-7.repo rename to roles/abrt/faf/files/group_abrt-faf-el7-epel-7.repo diff --git a/roles/abrt/faf/meta/.galaxy_install_info b/roles/abrt/faf/meta/.galaxy_install_info index 4ee7008b99..55282d2e1f 100644 --- a/roles/abrt/faf/meta/.galaxy_install_info +++ b/roles/abrt/faf/meta/.galaxy_install_info @@ -1 +1 @@ -{install_date: 'Fri Apr 28 09:36:52 2017', version: ''} +{install_date: 'Wed May 3 12:54:28 2017', version: ''} diff --git a/roles/abrt/faf/tasks/cron.yml b/roles/abrt/faf/tasks/cron.yml index 1e702b072d..1858c98ade 100644 --- a/roles/abrt/faf/tasks/cron.yml +++ b/roles/abrt/faf/tasks/cron.yml @@ -47,3 +47,20 @@ with_items: - { type: "core", day: "2,4,6" } - { type: "kerneloops", day: "1,3,5" } + +- name: cron - faf find-crashfn core + cron: + name: "cron for faf find-crashfn for core" + user: faf + job: "faf find-crashfn -p core" + special_time: daily + state: present + +- name: cron - faf find-crashfn kerneloops + cron: + name: "cron for faf find-crashfn for kerneloops" + user: faf + job: "faf find-crashfn -p kerneloops" + minute: 15 + hour: "*/3" + state: present diff --git a/roles/abrt/faf/tasks/install.yml b/roles/abrt/faf/tasks/install.yml index b139bd5ed3..fcfcb6a88a 100644 --- a/roles/abrt/faf/tasks/install.yml +++ b/roles/abrt/faf/tasks/install.yml @@ -1,7 +1,7 @@ --- - name: enable Copr repo - copy: src="{{ roles_path }}/abrt/faf-local/files/group_abrt-faf-el7-epel-7.repo" dest=/etc/yum.repos.d/ + copy: src=group_abrt-faf-el7-epel-7.repo dest=/etc/yum.repos.d/ - name: erase faf packages yum: pkg="faf-*" state=absent diff --git a/roles/abrt/faf/templates/etc--.conf.j2 b/roles/abrt/faf/templates/etc-faf-faf.conf.j2 similarity index 100% rename from roles/abrt/faf/templates/etc--.conf.j2 rename to roles/abrt/faf/templates/etc-faf-faf.conf.j2 diff --git a/roles/abrt/faf/templates/etc--plugins-web.conf.j2 b/roles/abrt/faf/templates/etc-faf-plugins-web.conf.j2 similarity index 100% rename from roles/abrt/faf/templates/etc--plugins-web.conf.j2 rename to roles/abrt/faf/templates/etc-faf-plugins-web.conf.j2 diff --git a/roles/abrt/faf/templates/etc-httpd-conf.d--web.conf.j2 b/roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2 similarity index 96% rename from roles/abrt/faf/templates/etc-httpd-conf.d--web.conf.j2 rename to roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2 index 33829aed97..333ee413ea 100644 --- a/roles/abrt/faf/templates/etc-httpd-conf.d--web.conf.j2 +++ b/roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2 @@ -1,7 +1,7 @@ #{{ ansible_managed }} # WSGI handler WSGIPythonOptimize 1 -WSGISocketPrefix {{ faf_spool_dir }} /wsgi +WSGISocketPrefix {{ faf_spool_dir }}/wsgi WSGIDaemonProcess faf user=faf group=faf processes=3 threads=5 {% set python = 'python2.7' %} diff --git a/roles/abrt/retrace/meta/.galaxy_install_info b/roles/abrt/retrace/meta/.galaxy_install_info index 2be6199311..2644b5b2e6 100644 --- a/roles/abrt/retrace/meta/.galaxy_install_info +++ b/roles/abrt/retrace/meta/.galaxy_install_info @@ -1 +1 @@ -{install_date: 'Fri Apr 28 09:36:53 2017', version: ''} +{install_date: 'Thu May 4 07:47:06 2017', version: ''} diff --git a/roles/abrt/retrace/templates/etc--server.conf.j2 b/roles/abrt/retrace/templates/etc-retrace-server.conf.j2 similarity index 100% rename from roles/abrt/retrace/templates/etc--server.conf.j2 rename to roles/abrt/retrace/templates/etc-retrace-server.conf.j2 diff --git a/roles/abrt/retrace/templates/-server-httpd.conf.j2 b/roles/abrt/retrace/templates/retrace-server-httpd.conf.j2 similarity index 89% rename from roles/abrt/retrace/templates/-server-httpd.conf.j2 rename to roles/abrt/retrace/templates/retrace-server-httpd.conf.j2 index 593b2b8582..8e65e3af30 100644 --- a/roles/abrt/retrace/templates/-server-httpd.conf.j2 +++ b/roles/abrt/retrace/templates/retrace-server-httpd.conf.j2 @@ -4,6 +4,7 @@ WSGISocketPrefix /var/run/retrace WSGIDaemonProcess retrace user=retrace group=retrace processes=5 threads=3 WSGIScriptAliasMatch ^/manager(/.*)?$ /usr/share/retrace-server/manager.wsgi +WSGIScriptAliasMatch ^/ftp(/.*)?$ /usr/share/retrace-server/ftp.wsgi WSGIScriptAliasMatch ^/settings$ /usr/share/retrace-server/settings.wsgi WSGIScriptAliasMatch ^/create$ /usr/share/retrace-server/create.wsgi WSGIScriptAliasMatch ^/stats$ /usr/share/retrace-server/stats.wsgi @@ -30,7 +31,7 @@ WSGIScriptAliasMatch ^/$ /usr/share/retrace-server/index.wsgi - + WSGIProcessGroup retrace Options -Indexes -FollowSymLinks diff --git a/roles/base/files/selinux/rsyslog-audit.pp b/roles/base/files/selinux/rsyslog-audit.pp new file mode 100644 index 0000000000..f1a417ff5a Binary files /dev/null and b/roles/base/files/selinux/rsyslog-audit.pp differ diff --git a/roles/base/files/selinux/rsyslog-audit.te b/roles/base/files/selinux/rsyslog-audit.te new file mode 100644 index 0000000000..a8bf497c24 --- /dev/null +++ b/roles/base/files/selinux/rsyslog-audit.te @@ -0,0 +1,12 @@ +module rsyslog-audit 1.0; + +require { + type auditd_log_t; + type syslogd_t; + class file { getattr ioctl open read }; + class dir { getattr search }; +} + +#============= syslogd_t ============== +allow syslogd_t auditd_log_t:dir { getattr search }; +allow syslogd_t auditd_log_t:file { getattr ioctl open read }; diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index 0a2ff3a0d3..052ef2efb0 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -348,6 +348,30 @@ - rsyslogd - config +# Custom selinux policy to allow rsyslog to read and send audit to log01 +- name: ensure a directory exists for our custom selinux module + file: dest=/usr/local/share/rsyslog state=directory + tags: + - rsyslogd + - config + - rsyslog-audit + +- name: copy over our custom selinux module + copy: src=selinux/rsyslog-audit.pp dest=/usr/local/share/rsyslog/rsyslog-audit.pp + register: selinux_module + tags: + - rsyslogd + - config + - rsyslog-audit + +- name: install our custom selinux module + command: semodule -i /usr/local/share/rsyslog/rsyslog-audit.pp + when: selinux_module|changed + tags: + - rsyslogd + - config + - rsyslog-audit + - name: Setup postfix include: postfix.yml diff --git a/roles/batcave/tasks/main.yml b/roles/batcave/tasks/main.yml index c14f0b481b..7b9750c1b2 100644 --- a/roles/batcave/tasks/main.yml +++ b/roles/batcave/tasks/main.yml @@ -21,6 +21,7 @@ - yum-metadata-parser # Needed for rhn sync - yum-rhn-plugin # Needed for rhn sync - createrepo_c # Needed for rhn sync + - ostree # Needed for rhn sync - python-sqlalchemy # Needed for repo2json - pyliblzma # Needed for repo2json - ansible_utils # Needed for rbac-playbook diff --git a/roles/bodhi2/backend/tasks/main.yml b/roles/bodhi2/backend/tasks/main.yml index 4768231686..2b6ff230cf 100644 --- a/roles/bodhi2/backend/tasks/main.yml +++ b/roles/bodhi2/backend/tasks/main.yml @@ -63,7 +63,7 @@ user: name=nrpe groups=apache append=yes tags: - fedmsgmonitor - - nagios/client + - nagios_client - name: install bodhi.pem file copy: > diff --git a/roles/copr/backend/files/provision/files/mock/fedora-26-ppc64le.cfg b/roles/copr/backend/files/provision/files/mock/fedora-26-ppc64le.cfg new file mode 100644 index 0000000000..dfb36e46e7 --- /dev/null +++ b/roles/copr/backend/files/provision/files/mock/fedora-26-ppc64le.cfg @@ -0,0 +1,72 @@ +config_opts['root'] = 'fedora-26-ppc64le' +config_opts['target_arch'] = 'ppc64le' +config_opts['legal_host_arches'] = ('ppc64le',) +config_opts['chroot_setup_cmd'] = 'install @buildsys-build' +config_opts['dist'] = 'fc26' # only useful for --resultdir variable subst +config_opts['extra_chroot_dirs'] = [ '/run/lock', ] +config_opts['releasever'] = '26' +config_opts['package_manager'] = 'dnf' + +config_opts['yum.conf'] = """ +[main] +keepcache=1 +debuglevel=1 +reposdir=/dev/null +logfile=/var/log/yum.log +retries=20 +obsoletes=1 +gpgcheck=0 +assumeyes=1 +syslog_ident=mock +syslog_device= +install_weak_deps=0 +metadata_expire=0 +mdpolicy=group:primary +best=1 + +# repos + +[fedora] +name=fedora +metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch +failovermethod=priority +gpgkey=file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-26-primary +gpgcheck=1 + +[updates] +name=updates +metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch +failovermethod=priority +gpgkey=file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-26-primary +gpgcheck=1 + +[updates-testing] +name=updates-testing +metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch +failovermethod=priority +enabled=0 + +[local] +name=local +baseurl=http://ppcpkgs.fedoraproject.org/repos/f26-build/latest/ppc64le/ +cost=2000 +enabled=0 + +[fedora-debuginfo] +name=fedora-debuginfo +metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch +failovermethod=priority +enabled=0 + +[updates-debuginfo] +name=updates-debuginfo +metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch +failovermethod=priority +enabled=0 + +[updates-testing-debuginfo] +name=updates-testing-debuginfo +metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch +failovermethod=priority +enabled=0 +""" diff --git a/roles/copr/backend/files/provision/provision_builder_tasks_ppc64le.yml b/roles/copr/backend/files/provision/provision_builder_tasks_ppc64le.yml index eba2a30c73..5ef7791eb2 100644 --- a/roles/copr/backend/files/provision/provision_builder_tasks_ppc64le.yml +++ b/roles/copr/backend/files/provision/provision_builder_tasks_ppc64le.yml @@ -57,6 +57,7 @@ - name: put updated mock configs into /etc/mock template: src=files/mock/{{ item }} dest=/etc/mock with_items: + - fedora-26-ppc64le.cfg - site-defaults.cfg # ansible doesn't support simultaneously usage of async and with_* options diff --git a/roles/copr/backend/meta/main.yml b/roles/copr/backend/meta/main.yml index 9c40a7c753..d84917b7ae 100644 --- a/roles/copr/backend/meta/main.yml +++ b/roles/copr/backend/meta/main.yml @@ -1,5 +1,5 @@ --- dependencies: - { role: copr/base } - - { role: nagios/client } + - { role: nagios_client } # - { role: collectd/base } diff --git a/roles/copr/backend/tasks/monitoring.yml b/roles/copr/backend/tasks/monitoring.yml index 8ce3fee003..938b7e7b9b 100644 --- a/roles/copr/backend/tasks/monitoring.yml +++ b/roles/copr/backend/tasks/monitoring.yml @@ -3,7 +3,7 @@ notify: - restart nrpe tags: - - nagios/client + - nagios_client - name: set acl for nrpe on /etc/copr acl: name=/etc/copr entity=nrpe etype=user permissions=rx state=present diff --git a/roles/dhcp_server/files/dhcpd.conf.noc01.phx2.fedoraproject.org b/roles/dhcp_server/files/dhcpd.conf.noc01.phx2.fedoraproject.org index 292a03af17..67ad0e5050 100644 --- a/roles/dhcp_server/files/dhcpd.conf.noc01.phx2.fedoraproject.org +++ b/roles/dhcp_server/files/dhcpd.conf.noc01.phx2.fedoraproject.org @@ -10,6 +10,11 @@ subnet 10.5.126.0 netmask 255.255.255.0 { option domain-name-servers 10.5.126.21, 10.5.126.22; option routers 10.5.126.254; option log-servers 10.5.126.29; + + range 10.5.126.170 10.5.126.175; + next-server 10.5.126.41; + filename "pxelinux.0"; + # option vendor-class-identifier "PXEClient"; # option vendor-encapsulated-options 09:0f:80:00:0c:4e:65:74:77:6f:72:6b:20:62:6f:6f:74:0a:07:00:50:72:6f:6d:70:74:06:01:02:08:03:80:00:00:47:04:80:00:00:00:ff; @@ -159,9 +164,6 @@ subnet 10.5.126.0 netmask 255.255.255.0 { next-server 10.5.126.41; } - range 10.5.126.170 10.5.126.175; - next-server 10.5.126.41; - filename "pxelinux.0"; } subnet 10.5.127.0 netmask 255.255.255.0 { @@ -202,6 +204,263 @@ group macs { } +# staging network (sits on vlan 658) +subnet 10.5.128.0 netmask 255.255.255.0 { + allow booting; + allow bootp; + + option domain-name "phx2.fedoraproject.org qa.fedoraproject.org fedoraproject.org"; + option domain-name-servers 10.5.126.21, 10.5.126.22; + option routers 10.5.128.254; + option log-servers 10.5.126.29; + + range 10.5.128.10 10.5.128.20; + next-server 10.5.126.41; + filename "pxelinux.0"; + + +} + +# secondary arch net +subnet 10.5.129.0 netmask 255.255.255.0 { + allow booting; + allow bootp; + + option domain-name "secarch.fedoraproject.org ppc.fedoraproject.org arm.fedoraproject.org phx2.fedoraproject.org fedoraproject.org"; + option domain-name-servers 10.5.126.21, 10.5.126.22; + option routers 10.5.129.254; + option log-servers 10.5.126.29; + + host ppc8-01 { + hardware ethernet 40:f2:e9:5d:39:43; + fixed-address 10.5.129.20; + option host-name "ppc8-01"; + filename "pxelinux.0"; + } + + host ppc8-02 { + hardware ethernet 40:f2:e9:5d:3c:67; + fixed-address 10.5.129.21; + option host-name "ppc8-02"; + filename "pxelinux.0"; + } + + host ppc8-03 { + hardware ethernet 40:f2:e9:5d:3c:33; + fixed-address 10.5.129.22; + option host-name "ppc8-03"; + filename "pxelinux.0"; + } + + host ppc8-04 { + hardware ethernet 40:f2:e9:5d:3b:c7; + fixed-address 10.5.129.23; + option host-name "ppc8-04"; + filename "pxelinux.0"; + } + + host aarch64-c01n1 { + hardware ethernet 14:58:D0:58:E5:32; + fixed-address 10.5.129.101; + next-server 10.5.126.41; + option host-name "aarch64-c01n1"; + filename "grubaa64.efi"; + } + + host aarch64-c02n1 { + hardware ethernet 14:58:D0:58:95:32; + fixed-address 10.5.129.102; + next-server 10.5.126.41; + option host-name "aarch64-c02n1"; + filename "grubaa64.efi"; + } + + host aarch64-c03n1 { + hardware ethernet 14:58:D0:58:36:02; + fixed-address 10.5.129.103; + next-server 10.5.126.41; + option host-name "aarch64-c03n1"; + filename "grubaa64.efi"; + } + + host aarch64-c04n1 { + hardware ethernet 14:58:D0:58:16:82; + fixed-address 10.5.129.104; + next-server 10.5.126.41; + option host-name "aarch64-c04n1"; + filename "grubaa64.efi"; + } + + host aarch64-c05n1 { + hardware ethernet 14:58:D0:58:16:D2; + fixed-address 10.5.129.105; + next-server 10.5.126.41; + option host-name "aarch64-c05n1"; + filename "grubaa64.efi"; + } + + host aarch64-c06n1 { + hardware ethernet 14:58:D0:58:F5:82; + fixed-address 10.5.129.106; + next-server 10.5.126.41; + option host-name "aarch64-c06n1"; + filename "grubaa64.efi"; + } + + host aarch64-c07n1 { + hardware ethernet 14:58:D0:58:D5:B2; + fixed-address 10.5.129.107; + next-server 10.5.126.41; + option host-name "aarch64-c07n1"; + filename "grubaa64.efi"; + } + + host aarch64-c08n1 { + hardware ethernet 14:58:D0:58:36:62; + fixed-address 10.5.129.108; + next-server 10.5.126.41; + option host-name "aarch64-c08n1"; + filename "grubaa64.efi"; + } + + host aarch64-c09n1 { + hardware ethernet 14:58:D0:58:E5:B2; + fixed-address 10.5.129.109; + next-server 10.5.126.41; + option host-name "aarch64-c09n1"; + filename "grubaa64.efi"; + } + + host aarch64-c10n1 { + hardware ethernet 14:58:D0:58:B5:72; + fixed-address 10.5.129.110; + next-server 10.5.126.41; + option host-name "aarch64-c10n1"; + filename "grubaa64.efi"; + } + + host aarch64-c11n1 { + hardware ethernet 14:58:D0:58:B5:A2; + fixed-address 10.5.129.111; + next-server 10.5.126.41; + option host-name "aarch64-c11n1"; + filename "grubaa64.efi"; + } + + host aarch64-c12n1 { + hardware ethernet 14:58:D0:58:B2:F2; + fixed-address 10.5.129.112; + next-server 10.5.126.41; + option host-name "aarch64-c12n1"; + filename "grubaa64.efi"; + } + + host aarch64-c13n1 { + hardware ethernet 14:58:D0:58:95:22; + fixed-address 10.5.129.113; + next-server 10.5.126.41; + option host-name "aarch64-c13n1"; + filename "grubaa64.efi"; + } + + host aarch64-c14n1 { + hardware ethernet 14:58:D0:58:75:32; + fixed-address 10.5.129.114; + next-server 10.5.126.41; + option host-name "aarch64-c14n1"; + filename "grubaa64.efi"; + } + + host aarch64-c15n1 { + hardware ethernet 14:58:D0:58:C5:52; + fixed-address 10.5.129.115; + next-server 10.5.126.41; + option host-name "aarch64-c15n1"; + filename "grubaa64.efi"; + } + + host aarch64-c16n1 { + hardware ethernet 14:58:D0:58:35:12; + fixed-address 10.5.129.116; + next-server 10.5.126.41; + option host-name "aarch64-c16n1"; + filename "grubaa64.efi"; + } + + host aarch64-c17n1 { + hardware ethernet 14:58:D0:58:C4:F2; + fixed-address 10.5.129.117; + next-server 10.5.126.41; + option host-name "aarch64-c17n1"; + filename "grubaa64.efi"; + } + + host aarch64-c18n1 { + hardware ethernet 14:58:D0:58:74:32; + fixed-address 10.5.129.118; + next-server 10.5.126.41; + option host-name "aarch64-c18n1"; + filename "grubaa64.efi"; + } + + host aarch64-c19n1 { + hardware ethernet 14:58:D0:58:D4:12; + fixed-address 10.5.129.119; + next-server 10.5.126.41; + option host-name "aarch64-c19n1"; + filename "grubaa64.efi"; + } + + host aarch64-c20n1 { + hardware ethernet 14:58:D0:58:E4:B2; + fixed-address 10.5.129.120; + next-server 10.5.126.41; + option host-name "aarch64-c20n1"; + filename "grubaa64.efi"; + } + + host aarch64-c21n1 { + hardware ethernet 14:58:D0:58:E4:A2; + fixed-address 10.5.129.121; + next-server 10.5.126.41; + option host-name "aarch64-c21n1"; + filename "grubaa64.efi"; + } + + host aarch64-c22n1 { + hardware ethernet 14:58:D0:58:25:02; + fixed-address 10.5.129.122; + next-server 10.5.126.41; + option host-name "aarch64-c22n1"; + filename "grubaa64.efi"; + } + + host aarch64-c23n1 { + hardware ethernet 14:58:D0:58:05:72; + fixed-address 10.5.129.123; + next-server 10.5.126.41; + option host-name "aarch64-c23n1"; + filename "grubaa64.efi"; + } + + host aarch64-c24n1 { + hardware ethernet 14:58:D0:58:35:C2; + fixed-address 10.5.129.124; + next-server 10.5.126.41; + option host-name "aarch64-c24n1"; + filename "grubaa64.efi"; + } + + host aarch64-c25n1 { + hardware ethernet 14:58:D0:58:64:82; + fixed-address 10.5.129.125; + next-server 10.5.126.41; + option host-name "aarch64-c25n1"; + filename "grubaa64.efi"; + } + +} + subnet 10.5.130.0 netmask 255.255.255.0 { allow booting; allow bootp; @@ -2124,243 +2383,4 @@ shared-network qa { } -# secondary arch net -subnet 10.5.129.0 netmask 255.255.255.0 { - allow booting; - allow bootp; - - option domain-name "secarch.fedoraproject.org ppc.fedoraproject.org arm.fedoraproject.org phx2.fedoraproject.org fedoraproject.org"; - option domain-name-servers 10.5.126.21, 10.5.126.22; - option routers 10.5.129.254; - option log-servers 10.5.126.29; - - host ppc8-01 { - hardware ethernet 40:f2:e9:5d:39:43; - fixed-address 10.5.129.20; - option host-name "ppc8-01"; - filename "pxelinux.0"; - } - - host ppc8-02 { - hardware ethernet 40:f2:e9:5d:3c:67; - fixed-address 10.5.129.21; - option host-name "ppc8-02"; - filename "pxelinux.0"; - } - - host ppc8-03 { - hardware ethernet 40:f2:e9:5d:3c:33; - fixed-address 10.5.129.22; - option host-name "ppc8-03"; - filename "pxelinux.0"; - } - - host ppc8-04 { - hardware ethernet 40:f2:e9:5d:3b:c7; - fixed-address 10.5.129.23; - option host-name "ppc8-04"; - filename "pxelinux.0"; - } - - host aarch64-c01n1 { - hardware ethernet 14:58:D0:58:E5:32; - fixed-address 10.5.129.101; - next-server 10.5.126.41; - option host-name "aarch64-c01n1"; - filename "grubaa64.efi"; - } - - host aarch64-c02n1 { - hardware ethernet 14:58:D0:58:95:32; - fixed-address 10.5.129.102; - next-server 10.5.126.41; - option host-name "aarch64-c02n1"; - filename "grubaa64.efi"; - } - - host aarch64-c03n1 { - hardware ethernet 14:58:D0:58:36:02; - fixed-address 10.5.129.103; - next-server 10.5.126.41; - option host-name "aarch64-c03n1"; - filename "grubaa64.efi"; - } - - host aarch64-c04n1 { - hardware ethernet 14:58:D0:58:16:82; - fixed-address 10.5.129.104; - next-server 10.5.126.41; - option host-name "aarch64-c04n1"; - filename "grubaa64.efi"; - } - - host aarch64-c05n1 { - hardware ethernet 14:58:D0:58:16:D2; - fixed-address 10.5.129.105; - next-server 10.5.126.41; - option host-name "aarch64-c05n1"; - filename "grubaa64.efi"; - } - - host aarch64-c06n1 { - hardware ethernet 14:58:D0:58:F5:82; - fixed-address 10.5.129.106; - next-server 10.5.126.41; - option host-name "aarch64-c06n1"; - filename "grubaa64.efi"; - } - - host aarch64-c07n1 { - hardware ethernet 14:58:D0:58:D5:B2; - fixed-address 10.5.129.107; - next-server 10.5.126.41; - option host-name "aarch64-c07n1"; - filename "grubaa64.efi"; - } - - host aarch64-c08n1 { - hardware ethernet 14:58:D0:58:36:62; - fixed-address 10.5.129.108; - next-server 10.5.126.41; - option host-name "aarch64-c08n1"; - filename "grubaa64.efi"; - } - - host aarch64-c09n1 { - hardware ethernet 14:58:D0:58:E5:B2; - fixed-address 10.5.129.109; - next-server 10.5.126.41; - option host-name "aarch64-c09n1"; - filename "grubaa64.efi"; - } - - host aarch64-c10n1 { - hardware ethernet 14:58:D0:58:B5:72; - fixed-address 10.5.129.110; - next-server 10.5.126.41; - option host-name "aarch64-c10n1"; - filename "grubaa64.efi"; - } - - host aarch64-c11n1 { - hardware ethernet 14:58:D0:58:B5:A2; - fixed-address 10.5.129.111; - next-server 10.5.126.41; - option host-name "aarch64-c11n1"; - filename "grubaa64.efi"; - } - - host aarch64-c12n1 { - hardware ethernet 14:58:D0:58:B2:F2; - fixed-address 10.5.129.112; - next-server 10.5.126.41; - option host-name "aarch64-c12n1"; - filename "grubaa64.efi"; - } - - host aarch64-c13n1 { - hardware ethernet 14:58:D0:58:95:22; - fixed-address 10.5.129.113; - next-server 10.5.126.41; - option host-name "aarch64-c13n1"; - filename "grubaa64.efi"; - } - - host aarch64-c14n1 { - hardware ethernet 14:58:D0:58:75:32; - fixed-address 10.5.129.114; - next-server 10.5.126.41; - option host-name "aarch64-c14n1"; - filename "grubaa64.efi"; - } - - host aarch64-c15n1 { - hardware ethernet 14:58:D0:58:C5:52; - fixed-address 10.5.129.115; - next-server 10.5.126.41; - option host-name "aarch64-c15n1"; - filename "grubaa64.efi"; - } - - host aarch64-c16n1 { - hardware ethernet 14:58:D0:58:35:12; - fixed-address 10.5.129.116; - next-server 10.5.126.41; - option host-name "aarch64-c16n1"; - filename "grubaa64.efi"; - } - - host aarch64-c17n1 { - hardware ethernet 14:58:D0:58:C4:F2; - fixed-address 10.5.129.117; - next-server 10.5.126.41; - option host-name "aarch64-c17n1"; - filename "grubaa64.efi"; - } - - host aarch64-c18n1 { - hardware ethernet 14:58:D0:58:74:32; - fixed-address 10.5.129.118; - next-server 10.5.126.41; - option host-name "aarch64-c18n1"; - filename "grubaa64.efi"; - } - - host aarch64-c19n1 { - hardware ethernet 14:58:D0:58:D4:12; - fixed-address 10.5.129.119; - next-server 10.5.126.41; - option host-name "aarch64-c19n1"; - filename "grubaa64.efi"; - } - - host aarch64-c20n1 { - hardware ethernet 14:58:D0:58:E4:B2; - fixed-address 10.5.129.120; - next-server 10.5.126.41; - option host-name "aarch64-c20n1"; - filename "grubaa64.efi"; - } - - host aarch64-c21n1 { - hardware ethernet 14:58:D0:58:E4:A2; - fixed-address 10.5.129.121; - next-server 10.5.126.41; - option host-name "aarch64-c21n1"; - filename "grubaa64.efi"; - } - - host aarch64-c22n1 { - hardware ethernet 14:58:D0:58:25:02; - fixed-address 10.5.129.122; - next-server 10.5.126.41; - option host-name "aarch64-c22n1"; - filename "grubaa64.efi"; - } - - host aarch64-c23n1 { - hardware ethernet 14:58:D0:58:05:72; - fixed-address 10.5.129.123; - next-server 10.5.126.41; - option host-name "aarch64-c23n1"; - filename "grubaa64.efi"; - } - - host aarch64-c24n1 { - hardware ethernet 14:58:D0:58:35:C2; - fixed-address 10.5.129.124; - next-server 10.5.126.41; - option host-name "aarch64-c24n1"; - filename "grubaa64.efi"; - } - - host aarch64-c25n1 { - hardware ethernet 14:58:D0:58:64:82; - fixed-address 10.5.129.125; - next-server 10.5.126.41; - option host-name "aarch64-c25n1"; - filename "grubaa64.efi"; - } - -} diff --git a/roles/distgit/files/clime-dist-git-epel-7.repo b/roles/distgit/files/clime-dist-git-epel-7.repo deleted file mode 100644 index 9f9545bb44..0000000000 --- a/roles/distgit/files/clime-dist-git-epel-7.repo +++ /dev/null @@ -1,10 +0,0 @@ -[clime-dist-git] -name=Copr repo for dist-git owned by clime -baseurl=https://copr-be.cloud.fedoraproject.org/results/clime/dist-git/epel-7-$basearch/ -type=rpm-md -skip_if_unavailable=True -gpgcheck=1 -gpgkey=https://copr-be.cloud.fedoraproject.org/results/clime/dist-git/pubkey.gpg -repo_gpgcheck=0 -enabled=1 -enabled_metadata=1 \ No newline at end of file diff --git a/roles/distgit/files/dist-git.conf b/roles/distgit/files/dist-git.conf new file mode 100644 index 0000000000..8d45800b26 --- /dev/null +++ b/roles/distgit/files/dist-git.conf @@ -0,0 +1,7 @@ +[dist-git] +git_author_name = Fedora Release Engineering +git_author_email = rel-eng@lists.fedoraproject.org + +cache_dir = /srv/cache +gitroot_dir = /srv/git/repositories +gitolite = True diff --git a/roles/distgit/tasks/main.yml b/roles/distgit/tasks/main.yml index e70e0409a0..608a0e0e95 100644 --- a/roles/distgit/tasks/main.yml +++ b/roles/distgit/tasks/main.yml @@ -19,6 +19,15 @@ - name: install the httpd config file copy: src=pkgs.fedoraproject.org.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org.conf + when: env != "staging" + notify: + - reload httpd + tags: + - distgit + +- name: uninstall the httpd config file + file: dest=/etc/httpd/conf.d/pkgs.fedoraproject.org.conf state=absent + when: env == "staging" notify: - reload httpd tags: @@ -26,6 +35,7 @@ - name: install the httpd config directory file: dest=/etc/httpd/conf.d/pkgs.fedoraproject.org state=directory + when: env != "staging" notify: - reload httpd tags: @@ -66,21 +76,24 @@ # -- Dist Git -------------------------------------------- # This is the Git setup itself: group, root directory, scripts,... -- name: install the Dist Git-related httpd config - copy: src=clime-dist-git-epel-7.repo dest=/etc/yum.repos.d/clime-dist-git-epel-7.repo - when: env == "staging" and inventory_hostname.startswith('pkgs02') +- name: install dist-git + yum: pkg={{item}} state=latest + with_items: + - dist-git + - dist-git-selinux + when: env == "staging" tags: - distgit -- name: install dist-git - yum: pkg=dist-git state=present - when: env == "staging" and inventory_hostname.startswith('pkgs02') +- name: install the dist-git config + copy: src=dist-git.conf dest=/etc/dist-git/dist-git.conf + when: env == "staging" tags: + - config - distgit - name: create the distgit root directory (/srv/git) file: dest=/srv/git state=directory mode=0755 - when: env != "staging" or inventory_hostname.startswith('pkgs01') tags: - distgit @@ -104,7 +117,6 @@ - name: create the distgit root directory (/srv/git/repositories) file: dest=/srv/git/repositories state=directory mode=2775 group=packager - when: env != "staging" or inventory_hostname.startswith('pkgs01') tags: - distgit @@ -123,27 +135,28 @@ tags: - distgit -- name: install the distgit scripts - copy: src={{item}} dest=/usr/local/bin/{{item}} owner=root group=root mode=0755 - with_items: - - pkgdb2-clone - tags: - - config - - distgit - - name: install the distgit scripts copy: src={{item}} dest=/usr/local/bin/{{item}} owner=root group=root mode=0755 with_items: - setup_git_package - mkbranch - mkbranch_branching - when: env != "staging" or inventory_hostname.startswith('pkgs01') + - pkgdb2-clone tags: - config - distgit - name: install the Dist Git-related httpd config copy: src=git-smart-http.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/git-smart-http.conf + when: env != "staging" + notify: + - reload httpd + tags: + - distgit + +- name: install the Dist Git-related httpd config + copy: src=git-smart-http.conf dest=/etc/httpd/conf.d/dist-git/git-smart-http.conf + when: env == "staging" notify: - reload httpd tags: @@ -151,6 +164,15 @@ - name: Symlink pkgs-git-repos-list copy: src=repolist.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/repolist.conf + when: env != "staging" + notify: + - reload httpd + tags: + - distgit + +- name: Symlink pkgs-git-repos-list + copy: src=repolist.conf dest=/etc/httpd/conf.d/dist-git/repolist.conf + when: env == "staging" notify: - reload httpd tags: @@ -219,7 +241,7 @@ - distgit - name: Create the rpms symlink (should not be needed, might still be used by some old scripts) - command: ln -s /srv/git/repositories / /srv/git/rpms + command: ln -s /srv/git/repositories/ /srv/git/rpms creates=/srv/git/rpms tags: - config @@ -340,6 +362,16 @@ - name: install the CGit-related httpd redirect config copy: src=redirect.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/redirect.conf + when: env != "staging" + tags: + - distgit + - cgit + notify: + - reload httpd + +- name: install the CGit-related httpd redirect config + copy: src=redirect.conf dest=/etc/httpd/conf.d/dist-git/redirect.conf + when: env == "staging" tags: - distgit - cgit @@ -362,6 +394,18 @@ with_items: - lookaside.conf - lookaside-upload.conf + when: env != "staging" + notify: + - reload httpd + tags: + - distgit + +- name: install the Lookaside Cache httpd configs + template: src={{item}} dest=/etc/httpd/conf.d/dist-git/{{item}} + with_items: + - lookaside.conf + - lookaside-upload-stg.conf + when: env == "staging" notify: - reload httpd tags: @@ -465,6 +509,14 @@ tags: - distgit +- name: uninstall the httpd config directory + file: dest=/etc/httpd/conf.d/pkgs.fedoraproject.org state=absent + when: env == "staging" + notify: + - reload httpd + tags: + - distgit + - name: check the selinux context of the upload CGI script command: matchpathcon /srv/web/upload.cgi register: upcgicontext diff --git a/roles/distgit/templates/lookaside-upload-stg.conf b/roles/distgit/templates/lookaside-upload-stg.conf new file mode 100644 index 0000000000..16303344ef --- /dev/null +++ b/roles/distgit/templates/lookaside-upload-stg.conf @@ -0,0 +1,66 @@ +Alias /repo/ /srv/cache/lookaside/ + +# default SSL configuration... +Listen 443 + +SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) +SSLSessionCacheTimeout 300 + +Mutex default + +SSLRandomSeed startup file:/dev/urandom 256 +SSLRandomSeed connect builtin +SSLCryptoDevice builtin + + + ServerName pkgs.{{ env_suffix }}fedoraproject.org + #Redirect "/" "https://src{{ env_suffix }}.fedoraproject.org/" + # This is temporary for fixing Kojid because of firewall rules + Alias /repo/ /srv/cache/lookaside/ + + + + # This alias must come before the /repo/ one to avoid being overridden. + ScriptAlias /repo/pkgs/upload.cgi /var/lib/dist-git/web/upload.cgi + + Alias /repo/ /srv/cache/lookaside/ + ServerName pkgs{{ env_suffix }}.fedoraproject.org + ServerAdmin webmaster@fedoraproject.org + + SSLEngine on + + SSLCertificateFile conf/pkgs.fedoraproject.org_key_and_cert.pem + SSLCertificateKeyFile conf/pkgs.fedoraproject.org_key_and_cert.pem + SSLCACertificateFile conf/cacert.pem + SSLCARevocationFile /etc/pki/tls/crl.pem + + SSLProtocol {{ ssl_protocols }} + SSLCipherSuite {{ ssl_ciphers }} + + Redirect "/" "https://src{{ env_suffix }}.fedoraproject.org/" + + +# Allow upload via src + + # This alias must come before the /repo/ one to avoid being overridden. + ScriptAlias /repo/pkgs/upload.cgi /var/lib/dist-git/web/upload.cgi + + Alias /repo/ /srv/cache/lookaside/ + ServerName src{{ env_suffix }}.fedoraproject.org + ServerAdmin webmaster@fedoraproject.org + + ErrorLog logs/ssl_error_log + + + Options +ExecCGI + + AuthType GSSAPI + GssapiSSLonly Off + AuthName "GSSAPI Single Sign On Login" + GssapiCredStore keytab:/etc/httpd.keytab + + Require valid-user + + + + diff --git a/roles/epylog/files/merged/weed_local.cf b/roles/epylog/files/merged/weed_local.cf index 71fcc1236d..8b136df56c 100644 --- a/roles/epylog/files/merged/weed_local.cf +++ b/roles/epylog/files/merged/weed_local.cf @@ -190,6 +190,7 @@ openvpn.*:.*Re-using SSL/TLS context.* openvpn.*:.*LZO compression.* openvpn.*: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts.* openvpn.*: WARNING: No server certificate verification method has been enabled.* +openvpn.*: .*peer info.* origin-master.* origin-node.* pam_unix\(.*\): account .* has password changed in future @@ -374,7 +375,8 @@ systemd-udevd: conflicting device node.* systemd.*: Starting user-.*.slice. systemd.*: Started Session.*of user git. systemd.*: Starting Session.*of user git. -systemd: Cannot add dependency job for unit microcode.service.* +systemd.*: Cannot add dependency job for unit microcode.service.* +systemd.*: Scope libcontainer.*has no PIDs. Refusing. supybot.* unix_chkpwd.*: account .* has password changed in future unix_chkpwd.*: password check failed for user \(root\) diff --git a/roles/fedora-web/magazine/templates/fedoramagazine-web.conf b/roles/fedora-web/magazine/templates/fedoramagazine-web.conf index 82f43024f7..04f91e001e 100644 --- a/roles/fedora-web/magazine/templates/fedoramagazine-web.conf +++ b/roles/fedora-web/magazine/templates/fedoramagazine-web.conf @@ -8,8 +8,8 @@ RewriteRule ^(.*)$ https://fedoramagazine.org%{REQUEST_URI} [L,R=301] #ProxyPass / http://wp-fedoramag.rhcloud.com/ #ProxyPassReverse / http://wp-fedoramag.rhcloud.com/ {% if env == "production" %} -ProxyPass / http://209.132.184.123/ -ProxyPassReverse / http://209.132.184.123/ +ProxyPass / http://209.132.184.52/ +ProxyPassReverse / http://209.132.184.52/ {% else %} # In staging we point to the staging version of the magazine ProxyPass / http://66.226.72.133/ diff --git a/roles/keyserver/tasks/main.yml b/roles/keyserver/tasks/main.yml index b72c6efb58..9246810ba2 100644 --- a/roles/keyserver/tasks/main.yml +++ b/roles/keyserver/tasks/main.yml @@ -65,7 +65,7 @@ - cron: name="regenerate stats hourly" hour="*" minute="5" - job="killall -SIGUSR2 sks-db" + job="pkill -f -n -SIGUSR2 'sks db'" state=present - name: Set sks-db to run on boot diff --git a/roles/koji_builder/tasks/main.yml b/roles/koji_builder/tasks/main.yml index 867c875aef..af76818858 100644 --- a/roles/koji_builder/tasks/main.yml +++ b/roles/koji_builder/tasks/main.yml @@ -78,6 +78,7 @@ - audit - pycdio - python-kickstart + - libvirt-client - oz - imagefactory - imagefactory-plugins-TinMan diff --git a/roles/koji_hub/templates/hub.conf.j2 b/roles/koji_hub/templates/hub.conf.j2 index 1631be7583..fb512826f8 100644 --- a/roles/koji_hub/templates/hub.conf.j2 +++ b/roles/koji_hub/templates/hub.conf.j2 @@ -31,6 +31,7 @@ ProxyPrincipals = HTTP/koji.fedoraproject.org@FEDORAPROJECT.ORG,sigul/secondary- KojiDir = /mnt/koji MemoryWarnThreshold = 10000 MaxRequestLength = 167772160 +CheckClientIP = False # Kerb auth {% if env == "staging" %} diff --git a/roles/koji_hub/templates/kojira.conf.j2 b/roles/koji_hub/templates/kojira.conf.j2 index 770049c288..65bfee828d 100644 --- a/roles/koji_hub/templates/kojira.conf.j2 +++ b/roles/koji_hub/templates/kojira.conf.j2 @@ -26,7 +26,7 @@ with_src=no ;delete_batch_size=1 ; prevent kojira from flooding the build system with newRepo tasks -max_repo_tasks=6 +max_repo_tasks=15 ; Server certificate authority krb_rdns=false diff --git a/roles/kojipkgs/files/kojipkgs.conf b/roles/kojipkgs/files/kojipkgs.conf index 7653afe44b..5779a7406d 100644 --- a/roles/kojipkgs/files/kojipkgs.conf +++ b/roles/kojipkgs/files/kojipkgs.conf @@ -31,6 +31,15 @@ Alias /toplink/packages /mnt/fedora_koji/koji/packages Require all granted +Alias /repos-dist /mnt/fedora_koji/koji/repos-dist + + + Options Indexes FollowSymLinks + IndexOptions NameWidth=* FancyIndexing + FileETag None + Require all granted + + Alias /repos /mnt/fedora_koji/koji/repos diff --git a/roles/nagios/client/files/scripts/check_testcloud b/roles/nagios/client/files/scripts/check_testcloud index 2b4ee9bcf8..eb8c7aab3b 100644 --- a/roles/nagios/client/files/scripts/check_testcloud +++ b/roles/nagios/client/files/scripts/check_testcloud @@ -1,8 +1,8 @@ #!/bin/bash RUNNING_VMS=`testcloud instance list | grep -i 'running' | wc -l` -CRITICAL=30 -WARNING=25 +CRITICAL=20 +WARNING=15 if [ $RUNNING_VMS -gt $CRITICAL ] diff --git a/roles/nagios/server/files/nagios-external/misccommands.cfg b/roles/nagios/server/files/nagios-external/misccommands.cfg index 064c97f879..f85ff0b310 100644 --- a/roles/nagios/server/files/nagios-external/misccommands.cfg +++ b/roles/nagios/server/files/nagios-external/misccommands.cfg @@ -41,7 +41,8 @@ # SAMPLE NOTIFICATION COMMANDS # # These are some example notification commands. They may or may not work on -# your system without modification. +# your system without modification. As an example, some systems will require +# you to use "/usr/bin/mailx" instead of "/usr/bin/mail" in the commands below. # ################################################################################ @@ -111,5 +112,3 @@ define command{ command_name process-service-perfdata command_line /usr/bin/printf "%b" "$LASTSERVICECHECK$\t$HOSTNAME$\t$SERVICEDESC$\t$SERVICESTATE$\t$SERVICEATTEMPT$\t$SERVICESTATETYPE$\t$SERVICEEXECUTIONTIME$\t$SERVICELATENCY$\t$SERVICEOUTPUT$\t$SERVICEPERFDATA$\n" >> /var/log/nagios/service-perfdata.out } - - diff --git a/roles/nagios/server/files/nagios/misccommands.cfg b/roles/nagios/server/files/nagios/misccommands.cfg index 37a59e0e36..9e1a40845e 100644 --- a/roles/nagios/server/files/nagios/misccommands.cfg +++ b/roles/nagios/server/files/nagios/misccommands.cfg @@ -41,7 +41,8 @@ # SAMPLE NOTIFICATION COMMANDS # # These are some example notification commands. They may or may not work on -# your system without modification. +# your system without modification. As an example, some systems will require +# you to use "/usr/bin/mailx" instead of "/usr/bin/mail" in the commands below. # ################################################################################ diff --git a/roles/nagios_client/tasks/main.yml b/roles/nagios_client/tasks/main.yml index 1eb7ebb704..7426943d75 100644 --- a/roles/nagios_client/tasks/main.yml +++ b/roles/nagios_client/tasks/main.yml @@ -102,7 +102,6 @@ - name: install nrpe client configs template: src={{ item }}.j2 dest=/etc/nrpe.d/{{ item }} with_items: - - check_mirrorlist_cache.cfg - check_raid.cfg - check_ipa.cfg - check_readonly_fs.cfg diff --git a/roles/nagios_server/files/nagios/commands/notify.cfg b/roles/nagios_server/files/nagios/commands/notify.cfg index 6083eeb0bb..6ab9d8fdfa 100644 --- a/roles/nagios_server/files/nagios/commands/notify.cfg +++ b/roles/nagios_server/files/nagios/commands/notify.cfg @@ -8,18 +8,13 @@ # ################################################################################ + # 'host-notify-by-email' command definition define command{ command_name host-notify-by-email command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\nSource: $$(hostname)\n\nDate/Time: $LONGDATETIME$\n" | /bin/mail -s "Host $HOSTSTATE$ alert for $HOSTNAME$!" $CONTACTEMAIL$ } -# 'notify-service-by-email' command definition -define command{ - command_name notify-service-by-email - command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$ - } - # 'notify-by-epager' command definition define command{ command_name notify-by-epager @@ -64,17 +59,16 @@ define command{ } # 'notify-by-xmpp' command definition -define command{ - command_name notify-by-xmpp - command_line /usr/local/bin/xmppsend -a /etc/nagios/private/xmppnagios.ini "Service: $SERVICEDESC$\nHost: $HOSTNAME$\nInfo: $SERVICEOUTPUT$\nDate: $LONGDATETIME$" $CONTACTEMAIL$ - } +#define command{ +# command_name notify-by-xmpp +# command_line /usr/local/bin/xmppsend -a /etc/nagios/private/xmppnagios.ini "Service: $SERVICEDESC$\nHost: $HOSTNAME$\nInfo: $SERVICEOUTPUT$\nDate: $LONGDATETIME$" $CONTACTEMAIL$ +# } # 'host-notify-by-xmpp' command definition -define command{ - command_name host-notify-by-xmpp - command_line /usr/local/bin/xmppsend -a /etc/nagios/private/xmppnagios.ini "Host '$HOSTALIAS$' is $HOSTSTATE$\nInfo: $HOSTOUTPUT$\nDate: $LONGDATETIME$" $CONTACTEMAIL$ - } - +#define command{ +# command_name host-notify-by-xmpp +# command_line /usr/local/bin/xmppsend -a /etc/nagios/private/xmppnagios.ini "Host '$HOSTALIAS$' is $HOSTSTATE$\nInfo: $HOSTOUTPUT$\nDate: $LONGDATETIME$" $CONTACTEMAIL$ +# } diff --git a/roles/nagios_server/files/nagios/contactgroups/bodhi.cfg b/roles/nagios_server/files/nagios/contactgroups/bodhi.cfg index c43f7e42bf..fc8cedaea1 100644 --- a/roles/nagios_server/files/nagios/contactgroups/bodhi.cfg +++ b/roles/nagios_server/files/nagios/contactgroups/bodhi.cfg @@ -1,6 +1,6 @@ define contactgroup { contactgroup_name bodhi alias Bodhi Notifications -# members bowlofeggs - members null + members bowlofeggs + } diff --git a/roles/nagios_server/files/nagios/contactgroups/build-sysadmin-email.cfg b/roles/nagios_server/files/nagios/contactgroups/build-sysadmin-email.cfg deleted file mode 100644 index 92f56c5750..0000000000 --- a/roles/nagios_server/files/nagios/contactgroups/build-sysadmin-email.cfg +++ /dev/null @@ -1,5 +0,0 @@ -#define contactgroup{ -# contactgroup_name build-sysadmin-email -# alias Build Sysadmin Email Contacts -# members kevin,aditya -# } diff --git a/roles/nagios_server/files/nagios/contactgroups/fedora-sysadmin-email.cfg b/roles/nagios_server/files/nagios/contactgroups/fedora-sysadmin-email.cfg index e6dec971e2..144a5f2084 100644 --- a/roles/nagios_server/files/nagios/contactgroups/fedora-sysadmin-email.cfg +++ b/roles/nagios_server/files/nagios/contactgroups/fedora-sysadmin-email.cfg @@ -2,6 +2,5 @@ define contactgroup{ contactgroup_name fedora-sysadmin-email alias Fedora Sysadmin Email Contacts # sysadmin-main: @ausil codeblock jstanley @kevin pbrobinson pingou puiterwijk ralph @smooge tflink -# members admin,ausil,codeblock,jstanley,kevin,pbrobinson,pingou,puiterwijkp,ralph,smooge,tflink - members null + members admin,ausil,codeblock,jstanley,kevin,puiterwijkp,smooge } diff --git a/roles/nagios_server/files/nagios/contactgroups/fedora-sysadmin-ircbot.cfg b/roles/nagios_server/files/nagios/contactgroups/fedora-sysadmin-ircbot.cfg index 744442d87b..576ade36d8 100644 --- a/roles/nagios_server/files/nagios/contactgroups/fedora-sysadmin-ircbot.cfg +++ b/roles/nagios_server/files/nagios/contactgroups/fedora-sysadmin-ircbot.cfg @@ -1,6 +1,6 @@ define contactgroup{ contactgroup_name fedora-sysadmin-ircbot alias Fedora Sysadmin irc Contacts -# members ircbot,fedmsg - members null + members ircbot,fedmsg + } diff --git a/roles/nagios_server/files/nagios/contactgroups/fedora-sysadmin-pager.cfg b/roles/nagios_server/files/nagios/contactgroups/fedora-sysadmin-pager.cfg index d2a97c3285..f7acb038c3 100644 --- a/roles/nagios_server/files/nagios/contactgroups/fedora-sysadmin-pager.cfg +++ b/roles/nagios_server/files/nagios/contactgroups/fedora-sysadmin-pager.cfg @@ -1,12 +1,11 @@ define contactgroup{ contactgroup_name fedora-sysadmin-pager alias Fedora Sysadmin Pager Contacts -# members smoogep,kevinp,puiterwijkp - members null + members smoogep,kevinp,puiterwijkp } + define contactgroup{ contactgroup_name fedora-sysadmin-emergency alias Fedora Sysadmin Pager Contacts -# members smooge-emergency,kevin-emergency,puiterwijk-emergency - members null + members smooge-emergency,kevin-emergency,puiterwijk-emergency } diff --git a/roles/nagios_server/files/nagios/contactgroups/ppc-secondary-email.cfg b/roles/nagios_server/files/nagios/contactgroups/ppc-secondary-email.cfg deleted file mode 100644 index cd4c2a3128..0000000000 --- a/roles/nagios_server/files/nagios/contactgroups/ppc-secondary-email.cfg +++ /dev/null @@ -1,6 +0,0 @@ -define contactgroup { - contactgroup_name ppc-secondary-email - alias Fedora PPC secondary arch Email Contacts -# members kevin,parasense,karsten - members null -} diff --git a/roles/nagios_server/files/nagios/contactgroups/retrace.cfg b/roles/nagios_server/files/nagios/contactgroups/retrace.cfg deleted file mode 100644 index e99c456c7a..0000000000 --- a/roles/nagios_server/files/nagios/contactgroups/retrace.cfg +++ /dev/null @@ -1,6 +0,0 @@ -define contactgroup { - contactgroup_name retrace-email - alias Fedora Retrace server Email Contacts -# members kevin,mtoman - members null -} diff --git a/roles/nagios_server/files/nagios/contactgroups/sysadmin-qa-email.cfg b/roles/nagios_server/files/nagios/contactgroups/sysadmin-qa-email.cfg index ae7696582b..e25dfe84fa 100644 --- a/roles/nagios_server/files/nagios/contactgroups/sysadmin-qa-email.cfg +++ b/roles/nagios_server/files/nagios/contactgroups/sysadmin-qa-email.cfg @@ -1,6 +1,5 @@ define contactgroup { contactgroup_name sysadmin-qa-email alias Fedora SysAdmin QA Email Contacts -# members sysadmin-qa - members null + members sysadmin-qa } diff --git a/roles/nagios_server/files/nagios/hosts/templates.cfg b/roles/nagios_server/files/nagios/hosts/templates.cfg index d284e3a161..dd4212ea1d 100644 --- a/roles/nagios_server/files/nagios/hosts/templates.cfg +++ b/roles/nagios_server/files/nagios/hosts/templates.cfg @@ -28,20 +28,6 @@ define host { register 0 } -define host { - name nocheck - check_command check-host-alive - max_check_attempts 8 - checks_enabled 0 - retain_status_information 0 - retain_nonstatus_information 0 - notification_interval 15 - notifications_enabled 0 - notification_options d,r - contact_groups fedora-sysadmin-ircbot - register 0 -} - define host { name autoqatemplate check_command check-host-alive @@ -66,7 +52,7 @@ define host { notification_interval 15 notifications_enabled 1 notification_options d,r - contact_groups ppc-secondary-email + contact_groups fedora-sysadmin-ircbot register 0 } @@ -80,7 +66,7 @@ define host { notification_interval 15 notifications_enabled 1 notification_options d,r - contact_groups retrace-email + contact_groups fedora-sysadmin-ircbot register 0 } diff --git a/roles/nagios_server/files/nagios/services/nrpe.cfg b/roles/nagios_server/files/nagios/services/nrpe.cfg index 0f516f81ba..797d310e17 100644 --- a/roles/nagios_server/files/nagios/services/nrpe.cfg +++ b/roles/nagios_server/files/nagios/services/nrpe.cfg @@ -1,5 +1,5 @@ define service { - host_name bastion02.phx2.fedoraproject.org, bastion01.phx2.fedoraproject.org, sundries01.phx2.fedoraproject.org, sundries01.stg.phx2.fedoraproject.org, sundries02.phx2.fedoraproject.org, wiki01.phx2.fedoraproject.org, wiki01.stg.phx2.fedoraproject.org, wiki02.phx2.fedoraproject.org, pkgdb01.phx2.fedoraproject.org, pkgdb02.phx2.fedoraproject.org, pkgdb01.stg.phx2.fedoraproject.org, magazine.fedorainfracloud.org + host_name bastion02.phx2.fedoraproject.org, bastion01.phx2.fedoraproject.org, sundries01.phx2.fedoraproject.org, sundries01.stg.phx2.fedoraproject.org, sundries02.phx2.fedoraproject.org, wiki01.phx2.fedoraproject.org, wiki01.stg.phx2.fedoraproject.org, wiki02.phx2.fedoraproject.org, pkgdb01.phx2.fedoraproject.org, pkgdb02.phx2.fedoraproject.org, pkgdb01.stg.phx2.fedoraproject.org, magazine2.fedorainfracloud.org service_description nrpe check_command test_nrpe max_check_attempts 2 diff --git a/roles/nagios_server/files/nagios/services/websites.cfg b/roles/nagios_server/files/nagios/services/websites.cfg index d1d94a1669..126c0fa675 100644 --- a/roles/nagios_server/files/nagios/services/websites.cfg +++ b/roles/nagios_server/files/nagios/services/websites.cfg @@ -288,8 +288,8 @@ define service { } define service { - host_name magazine.fedorainfracloud.org + host_name magazine2.fedorainfracloud.org service_description http-magazine use websitetemplate - check_command check_website!magazine.fedorainfracloud.org!/ + check_command check_website!magazine2.fedorainfracloud.org!/ } diff --git a/roles/nagios_server/tasks/main.yml b/roles/nagios_server/tasks/main.yml index e9e12f51d8..21c425f03a 100644 --- a/roles/nagios_server/tasks/main.yml +++ b/roles/nagios_server/tasks/main.yml @@ -309,6 +309,7 @@ template: src=nagios/hostgroups/{{item}}.j2 dest=/etc/nagios/hostgroups/{{item}} mode=0644 owner=root group=root with_items: - all.cfg + - vpnclients.cfg - nomail.cfg - checkswap.cfg tags: diff --git a/roles/nagios_server/templates/nagios/hostgroups/all.cfg.j2 b/roles/nagios_server/templates/nagios/hostgroups/all.cfg.j2 index 1b21e19f30..7414ca3210 100644 --- a/roles/nagios_server/templates/nagios/hostgroups/all.cfg.j2 +++ b/roles/nagios_server/templates/nagios/hostgroups/all.cfg.j2 @@ -25,15 +25,6 @@ define hostgroup{ {% endif %} {% endfor %} -## -## VPN clients -define hostgroup { - hostgroup_name vpnclients - alias vpnclients - members {% for host in groups['all'] %}{% if hostvars[host].vpn %}{{host}},{% endif %} {% endfor %} - -} - {% endif %} ## diff --git a/roles/nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 b/roles/nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 new file mode 100644 index 0000000000..964cff5213 --- /dev/null +++ b/roles/nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 @@ -0,0 +1,8 @@ +## +## VPN clients +define hostgroup { + hostgroup_name vpnclients + alias vpnclients + members !download-rdu01.fedoraproject.org, !virthost-rdu01.fedoraproject.org, !bastion02.phx2.fedoraproject.org, {% for host in groups['all'] %}{% if ( hostvars[host].vpn == true ) %}{{host}},{% endif %} {% endfor %} + +} diff --git a/roles/nagios_server/templates/nagios/hosts/cloud-hosts.cfg.j2 b/roles/nagios_server/templates/nagios/hosts/cloud-hosts.cfg.j2 index e717f36bf6..5674832615 100644 --- a/roles/nagios_server/templates/nagios/hosts/cloud-hosts.cfg.j2 +++ b/roles/nagios_server/templates/nagios/hosts/cloud-hosts.cfg.j2 @@ -4,7 +4,7 @@ define host { {% if hostvars[host].nagios_Check_Services['nrpe'] == true %} use defaulttemplate {% else %} - use nocheck + use mincheck {% endif %} host_name {{ host }} {% if hostvars[host].ansible_hostname is defined %} diff --git a/roles/regcfp/tasks/main.yml b/roles/regcfp/tasks/main.yml index a8db7bd02c..f9091da5e0 100644 --- a/roles/regcfp/tasks/main.yml +++ b/roles/regcfp/tasks/main.yml @@ -12,10 +12,12 @@ - name: Clone the regcfp master branch git: repo=https://github.com/puiterwijk/regcfp.git dest=/srv/regcfp - version=master + version=develop clone=yes update=yes register: git_result changed_when: "git_result.after|default('after') != git_result.before|default('before')" + tags: + - regcfp notify: - restart regcfp @@ -25,9 +27,13 @@ chdir=/srv/regcfp register: deps changed_when: "deps.stdout|length > 0" + tags: + - regcfp - name: copy over the server config template: src=config.json dest=/srv/regcfp/config/config.json mode=0640 + tags: + - regcfp notify: - restart regcfp @@ -37,19 +43,27 @@ with_items: - flocktofedora.org.cert - flocktofedora.org.intermediate.cert + tags: + - regcfp notify: - restart regcfp - name: Copy over the ftf cert key copy: src="{{private}}/files/httpd/flocktofedora.org.key" dest=/etc/pki/tls/private + tags: + - regcfp notify: - restart regcfp - name: copy over the systemd file copy: src=regcfp.service dest=/etc/systemd/system/regcfp.service mode=0640 + tags: + - regcfp notify: - restart regcfp - name: regcfp service service: name=regcfp state=started enabled=yes + tags: + - regcfp diff --git a/roles/regcfp/templates/config.json b/roles/regcfp/templates/config.json index 48328fa94b..23b084045b 100644 --- a/roles/regcfp/templates/config.json +++ b/roles/regcfp/templates/config.json @@ -1,5 +1,6 @@ { "production": { + "site_url": "https://register.flocktofedora.org", "theming": { "theme": "fedora", "site_name": "Flock 2016 Registration", @@ -43,8 +44,15 @@ }, "auth": { - "module": "persona", - "persona_audience": "https://register.flocktofedora.org" + "module": "openid", + "openid_connect_providers": { + "fedora": { + "discovery_url": "https://id.fedoraproject.org/openidc/.well-known/openid-configuration", + "email_domain": "fedoraproject.org", + "client_id": "regcfp", + "client_secret": "{{ regcfp_openidc_secret}}" + } + } }, "permissions": { @@ -70,14 +78,16 @@ "accept": ["pfrields@fedoraproject.org", "jwboyer@fedoraproject.org", "spot@fedoraproject.org"] }, "registration": { - "register": [""], + "register": [], "pay": [], "request_receipt": [], "view_public": ["*authenticated*"], - "view_all": ["*authenticated*"], + "view_all": [""], "add_payment": [], - "print_badge": ["puiterwijk@fedoraproject.org", "pfrields@fedoraproject.org", "jwboyer@fedoraproject.org", "jzb@fedoraproject.org", "rsuehle@fedoraproject.org", "spot@fedoraproject.org", "decause@fedoraproject.org"], - "desk": ["puiterwijk@fedoraproject.org", "pfrields@fedoraproject.org", "jwboyer@fedoraproject.org", "jzb@fedoraproject.org", "rsuehle@fedoraproject.org", "spot@fedoraproject.org", "decause@fedoraproject.org"] + "print_badge": [], + "desk": [], + "cancel": [], + "cancel_all": [] } }, @@ -95,39 +105,71 @@ ] }, + "registration": { "enabled": true, "fields": { + "doc1": { + "type": "documentation", + "display_name": "", + "html": [ + "We are excited to see you at this year's Flock!", + "We're doing things a little differently this year in order to make sure it is a", + "productive event that helps us achieve our goals as a community.", + "Explain regfee etc" + ], + "split": 0 + }, "country": { "display_name": "Country", "short_display_name": "Ctr", - "type": "country", + "type": "select", "required": true, "message": "This will be kept private", "private": true, - "placeholder": "Country of origin" + "placeholder": "Country of origin", + "options": [ + "United States", + "Netherlands" + ], + "onchange": "javascript:update_regfee();", + "split": 0 }, - "subsidyreq": { - "display_name": "Apply for sponsored funding for flight/hotel?", - "short_display_name": "Sub", - "type": "select", - "required": true, + "regfee": { + "display_name": "Registration Fee", + "type": "string", + "required": true, + "private": true, + "placeholder": "25.00", + "readonly": true, + "split": 0 + }, + "reason": { + "display_name": "Why are you interested in attending flock?", + "type": "string", + "required": true, + "private": true, + "placeholder": "", + "split": 0 + }, + + "ircnick": { + "display_name": "IRC Nickname", + "short_display_name": "IRC", + "type": "string", + "required": false, + "private": false, + "placeholder": "IRC Nickname", + "split": 1 + }, + "badgeextra": { + "display_name": "Extra line for badges (if available)", + "short_display_name": "Badge", + "type": "string", + "required": false, "private": false, "placeholder": "", - "options": [ - "Yes", "No" - ] - }, - "inviteletter": { - "display_name": "Do you need an invitation letter to attend?", - "short_display_name": "Inv", - "type": "select", - "required": true, - "private": false, - "placeholder": "", - "options": [ - "Yes", "No" - ] + "split": 1 }, "veg": { "display_name": "Vegetarian", @@ -139,7 +181,8 @@ "placeholder": "", "options": [ "Yes", "No" - ] + ], + "split": 1 }, "dietary": { "display_name": "Medical dietary restrictions", @@ -148,30 +191,20 @@ "required": false, "message": "This will be kept private; note that no guarantees are made, but we will do our best", "private": true, - "placeholder": "" + "placeholder": "", + "split": 1 }, - "volunteer": { - "display_name": "Are you willing to work as a volunteer at the event?", - "short_display_name": "Vol", + "inviteletter": { + "display_name": "Do you need an invitation letter to attend?", + "short_display_name": "Inv", "type": "select", "required": true, - "message": "This will be kept private", - "private": true, + "private": false, "placeholder": "", "options": [ "Yes", "No" - ] - }, - "family": { - "display_name": "Are you bringing family with you to the location?", - "short_display_name": "Fam", - "type": "select", - "required": true, - "private": true, - "placeholder": "", - "options": [ - "Yes", "No" - ] + ], + "split": 1 }, "shirtsize": { "display_name": "T-shirt size", @@ -194,110 +227,165 @@ "Ladies M", "Ladies L", "Ladies XL" - ] + ], + "split": 1 }, - "roomshare": { - "display_name": "Will you share a room?", - "short_display_name": "RmSh", - "type": "select", + + "needassistance": { + "display_name": "Do you need financial assistance in order to attend Flock?", + "short_display_name": "Sub", + "type": "boolean", "required": true, - "private": false, - "placeholder": "", - "options": [ - "Yes", "No" - ] + "private": true, + "split": 2 }, - "roommate": { - "display_name": "If sharing a room, enter a name if you know your roommate", - "short_display_name": "RmWho", - "type": "string", - "required": false, - "private": false, - "placeholder": "" - }, - "hotelbooked": { - "display_name": "Have you booked, or will you book, your hotel reservation?", - "short_display_name": "Bkd", - "type": "select", - "required": true, - "private": false, - "placeholder": "", - "options": [ - "Yes", "No" - ] - }, - "brnobus": { - "display_name": "Are you interested in a bus from Brno, in case that option is offered?", - "short_display_name": "Bus", - "type": "select", - "required": true, - "private": false, - "placeholder": "", - "options": [ - "Yes", "No" - ] - }, - "ircnick": { - "display_name": "IRC Nickname", - "short_display_name": "IRC", + + "sponsor_additional": { + "display_name": "Would you like to help sponsor a Fedora volunteer's attendance?", + "short_display_name": "Spon", + "type": "boolean", + "required": false, + "private": true, + "shownifnot": "needassistance", + "split": 2 + }, + "sponsor_additional_amount": { + "display_name": "Amount", + "short_display_name": "SponAmnt", "type": "string", "required": false, - "private": false, - "placeholder": "IRC Nickname" + "private": true, + "shownif": "sponsor_additional", + "split": 2 }, - "blog": { - "display_name": "Blog URL", - "short_display_name": "Blog", - "type": "string", - "required": false, - "private": false, - "placeholder": "https://example.com/blog" - }, - "twitter": { - "display_name": "Twitter handle", - "short_display_name": "Twt", - "type": "string", - "required": false, - "private": false, - "placeholder": "" - }, - "badgeextra": { - "display_name": "Extra line for badges (if available)", - "short_display_name": "Badge", - "type": "string", - "required": false, - "private": false, - "placeholder": "" - } + + "travel_circumstances": { + "display_name": "If there are any...", + "short_display_name": "travel_circum", + "type": "string", + "required": false, + "private": true, + "shownif": "needassistance", + "split": 2 + }, + "flights_needed": { + "display_name": "My trip to flock requires air travel", + "type": "boolean", + "required": false, + "private": true, + "shownif": "needassistance", + "split": 2 + }, + "doc_flights": { + "display_name": "", + "type": "documentation", + "html": [ + "Show calendar information here" + ], + "shownif": "flights_needed", + "split": 2 + }, + "flight_homeairport": { + "display_name": "Preferred home airport codes", + "type": "string", + "required": false, + "private": true, + "shownif": "flights_needed", + "split": 2 + }, + "flight_price": { + "display_name": "Estimated round-trip airfare (in USD)", + "type": "string", + "required": false, + "private": true, + "shownif": "flights_needed", + "split": 2 + }, + "busservice": { + "display_name": "Do you intend to use the Boston-to-Cape Cod bus service", + "type": "boolean", + "required": false, + "private": true, + "shownif": "needassistance", + "split": 2 + }, + "other_transit": { + "display_name": "Please describe any other transit-related costs you anticipate", + "type": "string", + "required": false, + "private": true, + "shownif": "needassistance", + "split": 2 + }, + "total_othertransit": { + "display_name": "Total cost of other estimated transit costs", + "type": "string", + "required": false, + "private": true, + "shownif": "needassistance", + "split": 2 + }, + "lodging_needed": { + "display_name": "I would like lodging to be part of my travel funding request", + "type": "boolean", + "required": false, + "private": true, + "shownif": "needassistance", + "split": 2 + }, + "lodging_doc": { + "display_name": "", + "type": "documentation", + "html": [ + "Show lodging calendar and other info here..." + ], + "shownif": "lodgin_needed", + "split": 2 + }, + "lodging_nights": { + "display_name": "How many nights of lodging will you require to attend Flock?", + "type": "select", + "options": [ + "1 night", + "2 nights", + "3 nights", + "4 nights", + "5 nights", + "other" + ], + "required": false, + "private": true, + "shownif": "lodging_needed", + "split": 2 + }, + "lodging_roommate": { + "display_name": "Do you have a preferred roommate?", + "type": "string", + "required": false, + "private": true, + "shownif": "lodging_needed", + "split": 2 + } }, - - - - + "max_split": 2, "payment_product_name": "My Event Registration Fee", "currencies": { - "EUR": { - "symbol": "€", + "USD": { + "symbol": "$", "min_amount_for_receipt": 20, "default_amount": 40, "conversion_rate": 1 - }, - "SEK": { - "symbol": "kr", - "min_amount_for_receipt": 190, - "default_amount": 380, - "conversion_rate": 0.11 } }, - "main_currency": "EUR", + "main_currency": "USD", "paypal_experience_profile": "", "desk_word": "something", "paypal": { "api_credentials": { "mode": "live", - "client_id": "", - "client_secret": "" + "client_id": "{{ regcfp_paypal_client_id }}", + "client_secret": "{{ regcfp_paypal_client_secret }}" }, "profile": { diff --git a/roles/robosignatory/files/robosignatory.production.py b/roles/robosignatory/files/robosignatory.production.py index 94ed69b554..c0ee0b326e 100644 --- a/roles/robosignatory/files/robosignatory.production.py +++ b/roles/robosignatory/files/robosignatory.production.py @@ -16,6 +16,9 @@ config = { 'robosignatory.pdc_url': 'https://pdc.fedoraproject.org/rest_api/v1', # Any tag prefixed with "module-" will be considered a module. 'robosignatory.module_prefixes': ['module-'], + # These are the base modules which, when found, determine the signing key. + 'robosignatory.base_module_names': ['base-runtime', 'bootstrap'], + 'robosignatory.signing': { 'backend': 'sigul', @@ -192,15 +195,15 @@ config = { }, 'fedora-atomic/rawhide/x86_64/docker-host': { 'directory': '/mnt/fedora_koji/koji/compose/atomic/rawhide/', - 'key': 'fedora-26' + 'key': 'fedora-27' }, 'fedora-atomic/rawhide/aarch64/docker-host': { 'directory': '/mnt/fedora_koji/koji/compose/atomic/rawhide/', - 'key': 'fedora-26' + 'key': 'fedora-27' }, 'fedora/rawhide/x86_64/workstation': { 'directory': '/mnt/fedora_koji/koji/compose/ostree/rawhide/', - 'key': 'fedora-26' + 'key': 'fedora-27' }, } } diff --git a/roles/robosignatory/tasks/main.yml b/roles/robosignatory/tasks/main.yml index 22af1606b2..39f463d2b4 100644 --- a/roles/robosignatory/tasks/main.yml +++ b/roles/robosignatory/tasks/main.yml @@ -4,6 +4,7 @@ - python-robosignatory - trousers - tpm-tools + - sigul tags: - packages - robosignatory @@ -14,7 +15,7 @@ - config - robosignatory -- name: Create sigul directory +- name: Create robosignatory sigul directory file: path=/etc/robosignatory/sigul state=directory owner=fedmsg group=fedmsg mode=0750 tags: - config diff --git a/roles/sigul/bridge/files/koji-arm.conf b/roles/sigul/bridge/files/koji-arm.conf index e57b3fc6b9..2341f04c82 100644 --- a/roles/sigul/bridge/files/koji-arm.conf +++ b/roles/sigul/bridge/files/koji-arm.conf @@ -1,4 +1,5 @@ [koji] +realm = FEDORAPROJECT.ORG ;configuration for koji cli tool @@ -18,3 +19,4 @@ serverca = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem authtype = kerberos principal = sigul/secondary-bridge01.phx2.fedoraproject.org@FEDORAPROJECT.ORG keytab = /etc/krb5.sigul_secondary-bridge01.phx2.fedoraproject.org.keytab +krb_rdns = false diff --git a/roles/sigul/bridge/files/koji-ppc.conf b/roles/sigul/bridge/files/koji-ppc.conf index cedfaa67e7..1c5ac6d458 100644 --- a/roles/sigul/bridge/files/koji-ppc.conf +++ b/roles/sigul/bridge/files/koji-ppc.conf @@ -1,4 +1,5 @@ [koji] +realm = FEDORAPROJECT.ORG ;configuration for koji cli tool @@ -18,3 +19,4 @@ serverca = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem authtype = kerberos principal = sigul/secondary-bridge01.phx2.fedoraproject.org@FEDORAPROJECT.ORG keytab = /etc/krb5.sigul_secondary-bridge01.phx2.fedoraproject.org.keytab +krb_rdns = false diff --git a/roles/sigul/bridge/files/koji-primary.stg.conf b/roles/sigul/bridge/files/koji-primary.stg.conf index cf121171b0..d7a40692a1 100644 --- a/roles/sigul/bridge/files/koji-primary.stg.conf +++ b/roles/sigul/bridge/files/koji-primary.stg.conf @@ -1,4 +1,5 @@ [koji] +realm = STG.FEDORAPROJECT.ORG ;configuration for koji cli tool @@ -15,3 +16,4 @@ serverca = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem authtype = kerberos principal = sigul/secondary-bridge01.phx2.fedoraproject.org@FEDORAPROJECT.ORG keytab = /etc/krb5.sigul_secondary-bridge01.phx2.fedoraproject.org.keytab +krb_rdns = false diff --git a/roles/sigul/bridge/files/koji-s390.conf b/roles/sigul/bridge/files/koji-s390.conf index 64a95a7e7a..d96564d864 100644 --- a/roles/sigul/bridge/files/koji-s390.conf +++ b/roles/sigul/bridge/files/koji-s390.conf @@ -1,4 +1,5 @@ [koji] +realm = FEDORAPROJECT.ORG ;configuration for koji cli tool @@ -18,3 +19,4 @@ serverca = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem authtype = kerberos principal = sigul/secondary-bridge01.phx2.fedoraproject.org@FEDORAPROJECT.ORG keytab = /etc/krb5.sigul_secondary-bridge01.phx2.fedoraproject.org.keytab +krb_rdns = false diff --git a/roles/sigul/bridge/templates/koji-primary.conf.j2 b/roles/sigul/bridge/templates/koji-primary.conf.j2 index 3cd47b74d7..bff79891d5 100644 --- a/roles/sigul/bridge/templates/koji-primary.conf.j2 +++ b/roles/sigul/bridge/templates/koji-primary.conf.j2 @@ -1,4 +1,5 @@ [koji] +realm = FEDORAPROJECT.ORG ;configuration for koji cli tool @@ -20,3 +21,4 @@ serverca = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem authtype = kerberos principal = sigul/{{ inventory_hostname }}@{{ ipa_realm }} keytab = /etc/krb5.sigul_{{ inventory_hostname }}.keytab +krb_rdns = false diff --git a/roles/taskotron/taskotron-client/templates/settings.py.testcloud.j2 b/roles/taskotron/taskotron-client/templates/settings.py.testcloud.j2 index b0cec2c08f..19b070ad07 100644 --- a/roles/taskotron/taskotron-client/templates/settings.py.testcloud.j2 +++ b/roles/taskotron/taskotron-client/templates/settings.py.testcloud.j2 @@ -70,7 +70,7 @@ runcmd: # The timeout, in seconds, to wait for an instance to boot before # failing the boot process. Setting this to 0 disables waiting and # returns immediately after starting the boot process. -BOOT_TIMEOUT = 60 +BOOT_TIMEOUT = 90 # ram size, in MiB RAM = 6144