From 013021a57afab0fa4661a99ee7b5138c91503736 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Tue, 2 May 2017 18:32:22 +0000 Subject: [PATCH 01/90] move cloud to mincheck again now --- .../nagios_server/files/nagios/hosts/templates.cfg | 14 -------------- .../templates/nagios/hosts/cloud-hosts.cfg.j2 | 2 +- 2 files changed, 1 insertion(+), 15 deletions(-) diff --git a/roles/nagios_server/files/nagios/hosts/templates.cfg b/roles/nagios_server/files/nagios/hosts/templates.cfg index d284e3a161..ecfc6e0f8c 100644 --- a/roles/nagios_server/files/nagios/hosts/templates.cfg +++ b/roles/nagios_server/files/nagios/hosts/templates.cfg @@ -28,20 +28,6 @@ define host { register 0 } -define host { - name nocheck - check_command check-host-alive - max_check_attempts 8 - checks_enabled 0 - retain_status_information 0 - retain_nonstatus_information 0 - notification_interval 15 - notifications_enabled 0 - notification_options d,r - contact_groups fedora-sysadmin-ircbot - register 0 -} - define host { name autoqatemplate check_command check-host-alive diff --git a/roles/nagios_server/templates/nagios/hosts/cloud-hosts.cfg.j2 b/roles/nagios_server/templates/nagios/hosts/cloud-hosts.cfg.j2 index e717f36bf6..5674832615 100644 --- a/roles/nagios_server/templates/nagios/hosts/cloud-hosts.cfg.j2 +++ b/roles/nagios_server/templates/nagios/hosts/cloud-hosts.cfg.j2 @@ -4,7 +4,7 @@ define host { {% if hostvars[host].nagios_Check_Services['nrpe'] == true %} use defaulttemplate {% else %} - use nocheck + use mincheck {% endif %} host_name {{ host }} {% if hostvars[host].ansible_hostname is defined %} From f30b5dcb386f231313615e7703fdbc180009c82d Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Tue, 2 May 2017 19:00:04 +0000 Subject: [PATCH 02/90] add nrpe checks to some few cloud instances --- inventory/host_vars/copr-be.cloud.fedoraproject.org | 5 +++++ inventory/host_vars/copr-fe.cloud.fedoraproject.org | 4 ++++ inventory/host_vars/copr-keygen.cloud.fedoraproject.org | 4 ++++ inventory/host_vars/magazine.fedorainfracloud.org | 5 +++++ 4 files changed, 18 insertions(+) diff --git a/inventory/host_vars/copr-be.cloud.fedoraproject.org b/inventory/host_vars/copr-be.cloud.fedoraproject.org index 4eea6d4f8a..92325aaf88 100644 --- a/inventory/host_vars/copr-be.cloud.fedoraproject.org +++ b/inventory/host_vars/copr-be.cloud.fedoraproject.org @@ -42,3 +42,8 @@ copr_hostbase: copr-be host_backup_targets: ['/var/lib/copr/public_html/results'] _copr_be_conf: copr-be.conf + +nagios_Check_Services: + nrpe: true + sshd: true + httpd: true diff --git a/inventory/host_vars/copr-fe.cloud.fedoraproject.org b/inventory/host_vars/copr-fe.cloud.fedoraproject.org index f7f30c1fdf..bcf62d1f02 100644 --- a/inventory/host_vars/copr-fe.cloud.fedoraproject.org +++ b/inventory/host_vars/copr-fe.cloud.fedoraproject.org @@ -30,3 +30,7 @@ dbs_to_backup: # Backup db dumps in /backups host_backup_targets: ['/backups'] +nagios_Check_Services: + nrpe: true + sshd: true + httpd: true diff --git a/inventory/host_vars/copr-keygen.cloud.fedoraproject.org b/inventory/host_vars/copr-keygen.cloud.fedoraproject.org index 4826e632c2..8cd3c9947c 100644 --- a/inventory/host_vars/copr-keygen.cloud.fedoraproject.org +++ b/inventory/host_vars/copr-keygen.cloud.fedoraproject.org @@ -24,3 +24,7 @@ datacenter: cloud # Copr vars copr_hostbase: copr-keygen + +nagios_Check_Services: + nrpe: true + sshd: true diff --git a/inventory/host_vars/magazine.fedorainfracloud.org b/inventory/host_vars/magazine.fedorainfracloud.org index cb5a73ae00..7b04615093 100644 --- a/inventory/host_vars/magazine.fedorainfracloud.org +++ b/inventory/host_vars/magazine.fedorainfracloud.org @@ -21,3 +21,8 @@ extra_enablerepos: '' cloud_networks: # persistent-net - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" + +nagios_Check_Services: + nrpe: true + sshd: true + httpd: true From 27319c01cb8352ce97ea393862148109eac8e351 Mon Sep 17 00:00:00 2001 From: Stephen Smoogen Date: Tue, 2 May 2017 19:14:34 +0000 Subject: [PATCH 03/90] create a group for things which can only be pinged every now and then --- inventory/group_vars/nagios-new | 8 +++++--- roles/nagios_server/tasks/main.yml | 1 + .../nagios_server/templates/nagios/hostgroups/all.cfg.j2 | 9 --------- .../templates/nagios/hostgroups/vpnclients.cfg.j2 | 8 ++++++++ 4 files changed, 14 insertions(+), 12 deletions(-) create mode 100644 roles/nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 diff --git a/inventory/group_vars/nagios-new b/inventory/group_vars/nagios-new index 352a805e3b..6e376b8560 100644 --- a/inventory/group_vars/nagios-new +++ b/inventory/group_vars/nagios-new @@ -131,9 +131,6 @@ phx2_management_limited: - moonshot01-sw2.mgmt.fedoraproject.org - opengear01.mgmt.fedoraproject.org - opengear02.mgmt.fedoraproject.org - - ppc8-01-fsp.mgmt.fedoraproject.org - - ppc8-02-fsp.mgmt.fedoraproject.org - - ppc8-03-fsp.mgmt.fedoraproject.org - qa01.mgmt.fedoraproject.org - qa02.mgmt.fedoraproject.org - qa03.mgmt.fedoraproject.org @@ -161,3 +158,8 @@ phx2_management_limited: - virthost-comm02.mgmt.fedoraproject.org - virthost12.mgmt.fedoraproject.org - virthost14.mgmt.fedoraproject.org + +phx2_management_slowping: + - ppc8-01-fsp.mgmt.fedoraproject.org + - ppc8-02-fsp.mgmt.fedoraproject.org + - ppc8-03-fsp.mgmt.fedoraproject.org diff --git a/roles/nagios_server/tasks/main.yml b/roles/nagios_server/tasks/main.yml index e9e12f51d8..21c425f03a 100644 --- a/roles/nagios_server/tasks/main.yml +++ b/roles/nagios_server/tasks/main.yml @@ -309,6 +309,7 @@ template: src=nagios/hostgroups/{{item}}.j2 dest=/etc/nagios/hostgroups/{{item}} mode=0644 owner=root group=root with_items: - all.cfg + - vpnclients.cfg - nomail.cfg - checkswap.cfg tags: diff --git a/roles/nagios_server/templates/nagios/hostgroups/all.cfg.j2 b/roles/nagios_server/templates/nagios/hostgroups/all.cfg.j2 index 1b21e19f30..7414ca3210 100644 --- a/roles/nagios_server/templates/nagios/hostgroups/all.cfg.j2 +++ b/roles/nagios_server/templates/nagios/hostgroups/all.cfg.j2 @@ -25,15 +25,6 @@ define hostgroup{ {% endif %} {% endfor %} -## -## VPN clients -define hostgroup { - hostgroup_name vpnclients - alias vpnclients - members {% for host in groups['all'] %}{% if hostvars[host].vpn %}{{host}},{% endif %} {% endfor %} - -} - {% endif %} ## diff --git a/roles/nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 b/roles/nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 new file mode 100644 index 0000000000..3225099fc3 --- /dev/null +++ b/roles/nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 @@ -0,0 +1,8 @@ +## +## VPN clients +define hostgroup { + hostgroup_name vpnclients + alias vpnclients + members {% for host in groups['all'] %}{% if hostvars[host].vpn %}{{host}},{% endif %} {% endfor %} + +} From da7df487f9a69ddb42ca7a014d8c2c53b048eb76 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Tue, 2 May 2017 19:15:45 +0000 Subject: [PATCH 04/90] switch this to pkill and use the new process name --- roles/keyserver/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/keyserver/tasks/main.yml b/roles/keyserver/tasks/main.yml index b72c6efb58..9246810ba2 100644 --- a/roles/keyserver/tasks/main.yml +++ b/roles/keyserver/tasks/main.yml @@ -65,7 +65,7 @@ - cron: name="regenerate stats hourly" hour="*" minute="5" - job="killall -SIGUSR2 sks-db" + job="pkill -f -n -SIGUSR2 'sks db'" state=present - name: Set sks-db to run on boot From a510fa10ba671ea0eae580908792e2b160667998 Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Tue, 2 May 2017 19:41:04 +0000 Subject: [PATCH 05/90] Supply list of base modules. For the functionality added in https://pagure.io/robosignatory/pull-request/6 --- roles/robosignatory/files/robosignatory.production.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/robosignatory/files/robosignatory.production.py b/roles/robosignatory/files/robosignatory.production.py index 94ed69b554..f2c199ce00 100644 --- a/roles/robosignatory/files/robosignatory.production.py +++ b/roles/robosignatory/files/robosignatory.production.py @@ -16,6 +16,9 @@ config = { 'robosignatory.pdc_url': 'https://pdc.fedoraproject.org/rest_api/v1', # Any tag prefixed with "module-" will be considered a module. 'robosignatory.module_prefixes': ['module-'], + # These are the base modules which, when found, determine the signing key. + 'robosignatory.base_module_names': ['base-runtime', 'bootstrap'], + 'robosignatory.signing': { 'backend': 'sigul', From d6d664e9aa887155d2daa03945257a8927d1f0a6 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Tue, 2 May 2017 20:01:21 +0000 Subject: [PATCH 06/90] add nagios client on copr prod machines --- playbooks/groups/copr-backend.yml | 1 + playbooks/groups/copr-frontend.yml | 1 + playbooks/groups/copr-keygen.yml | 1 + 3 files changed, 3 insertions(+) diff --git a/playbooks/groups/copr-backend.yml b/playbooks/groups/copr-backend.yml index 42c43a2585..127a7cf3e6 100644 --- a/playbooks/groups/copr-backend.yml +++ b/playbooks/groups/copr-backend.yml @@ -42,3 +42,4 @@ - base - fedmsg/base - copr/backend + - nagios_client diff --git a/playbooks/groups/copr-frontend.yml b/playbooks/groups/copr-frontend.yml index f1b2c83696..97a0f9232d 100644 --- a/playbooks/groups/copr-frontend.yml +++ b/playbooks/groups/copr-frontend.yml @@ -39,3 +39,4 @@ - base - copr/frontend - copr/mbs + - nagios_client diff --git a/playbooks/groups/copr-keygen.yml b/playbooks/groups/copr-keygen.yml index 279f1dc4f5..1a2b3610e7 100644 --- a/playbooks/groups/copr-keygen.yml +++ b/playbooks/groups/copr-keygen.yml @@ -46,3 +46,4 @@ roles: - base - copr/keygen + - nagios_client From 058204b98b9eb10469e9cb365d08445c3bbb6c66 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Tue, 2 May 2017 20:13:52 +0000 Subject: [PATCH 07/90] I said we would forget to update this, then I did --- inventory/cloud | 1 + 1 file changed, 1 insertion(+) diff --git a/inventory/cloud b/inventory/cloud index 38eff38852..b7bd442c2a 100644 --- a/inventory/cloud +++ b/inventory/cloud @@ -49,6 +49,7 @@ fedora-bootstrap.fedorainfracloud.org glittergallery-dev.fedorainfracloud.org grafana.cloud.fedoraproject.org graphite.fedorainfracloud.org +hubs-dev.fedorainfracloud.org iddev.fedorainfracloud.org insim.fedorainfracloud.org java-deptools.fedorainfracloud.org From 77197e7b400854edfff12bad64acf3756842e098 Mon Sep 17 00:00:00 2001 From: Stephen Smoogen Date: Tue, 2 May 2017 20:23:45 +0000 Subject: [PATCH 08/90] are we using this correctly --- inventory/group_vars/all | 2 ++ inventory/host_vars/bastion02.phx2.fedoraproject.org | 3 +++ inventory/host_vars/download-rdu01.fedoraproject.org | 3 +++ inventory/host_vars/virthost-rdu01.fedoraproject.org | 3 +++ .../templates/nagios/hostgroups/vpnclients.cfg.j2 | 2 +- 5 files changed, 12 insertions(+), 1 deletion(-) diff --git a/inventory/group_vars/all b/inventory/group_vars/all index 98a057a63b..5e1e96379b 100644 --- a/inventory/group_vars/all +++ b/inventory/group_vars/all @@ -267,3 +267,5 @@ nagios_Check_Services: httpd: false +nagios_NoCheck_Services: + vpn: false diff --git a/inventory/host_vars/bastion02.phx2.fedoraproject.org b/inventory/host_vars/bastion02.phx2.fedoraproject.org index b8aa7e3235..ba51c34361 100644 --- a/inventory/host_vars/bastion02.phx2.fedoraproject.org +++ b/inventory/host_vars/bastion02.phx2.fedoraproject.org @@ -14,3 +14,6 @@ vpn: true ssh_hostnames: - bastion.fedoraproject.org - bastion02.fedoraproject.org + +nagios_NoCheck_Services: + vpn:true diff --git a/inventory/host_vars/download-rdu01.fedoraproject.org b/inventory/host_vars/download-rdu01.fedoraproject.org index 792376b30a..d6218d696e 100644 --- a/inventory/host_vars/download-rdu01.fedoraproject.org +++ b/inventory/host_vars/download-rdu01.fedoraproject.org @@ -11,3 +11,6 @@ eth0_ip: 204.85.14.1 eth0_nm: 255.255.255.192 eth1_ip: 172.31.1.1 eth1_nm: 255.255.255.0 + +nagios_NoCheck_Services: + vpn:true diff --git a/inventory/host_vars/virthost-rdu01.fedoraproject.org b/inventory/host_vars/virthost-rdu01.fedoraproject.org index ce7d73c0d0..8b0bf26b30 100644 --- a/inventory/host_vars/virthost-rdu01.fedoraproject.org +++ b/inventory/host_vars/virthost-rdu01.fedoraproject.org @@ -9,3 +9,6 @@ postfix_group: vpn br0_ip: 204.85.14.4 br0_nm: 255.255.255.192 vpn: true + +nagios_NoCheck_Services: + vpn:true diff --git a/roles/nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 b/roles/nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 index 3225099fc3..6e4b7755f1 100644 --- a/roles/nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 +++ b/roles/nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 @@ -3,6 +3,6 @@ define hostgroup { hostgroup_name vpnclients alias vpnclients - members {% for host in groups['all'] %}{% if hostvars[host].vpn %}{{host}},{% endif %} {% endfor %} + members {% for host in groups['all'] %}{% if hostvars[host].vpn and (hostvars[host].NoCheckServices['vpn'] == true) %}{{host}},{% endif %} {% endfor %} } From 4fe3c32236c54dbc4b06d9aceb4be4816b4de7e2 Mon Sep 17 00:00:00 2001 From: Stephen Smoogen Date: Tue, 2 May 2017 20:25:24 +0000 Subject: [PATCH 09/90] ok this looks better --- .../nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 b/roles/nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 index 6e4b7755f1..65896824e9 100644 --- a/roles/nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 +++ b/roles/nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 @@ -3,6 +3,6 @@ define hostgroup { hostgroup_name vpnclients alias vpnclients - members {% for host in groups['all'] %}{% if hostvars[host].vpn and (hostvars[host].NoCheckServices['vpn'] == true) %}{{host}},{% endif %} {% endfor %} + members {% for host in groups['all'] %}{% if hostvars[host].vpn and (hostvars[host].nagios_NoCheck_Services['vpn'] == true) %}{{host}},{% endif %} {% endfor %} } From d91c27069610031f803ae9bb7ce55d7fb0c9532e Mon Sep 17 00:00:00 2001 From: Stephen Smoogen Date: Tue, 2 May 2017 20:35:36 +0000 Subject: [PATCH 10/90] nope didnt work --- .../nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 b/roles/nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 index 65896824e9..1c7ea6d35c 100644 --- a/roles/nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 +++ b/roles/nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 @@ -3,6 +3,6 @@ define hostgroup { hostgroup_name vpnclients alias vpnclients - members {% for host in groups['all'] %}{% if hostvars[host].vpn and (hostvars[host].nagios_NoCheck_Services['vpn'] == true) %}{{host}},{% endif %} {% endfor %} + members {% for host in groups['all'] %}{% if ( hostvars[host].vpn is defined ) and (hostvars[host].nagios_NoCheck_Services['vpn'] == true) %}{{host}},{% endif %} {% endfor %} } From 9064b111f3c96e27d2737db15edcec3e510f7438 Mon Sep 17 00:00:00 2001 From: Stephen Smoogen Date: Tue, 2 May 2017 20:40:24 +0000 Subject: [PATCH 11/90] and logic is hard --- .../nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 b/roles/nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 index 1c7ea6d35c..f4d36727ab 100644 --- a/roles/nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 +++ b/roles/nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 @@ -3,6 +3,6 @@ define hostgroup { hostgroup_name vpnclients alias vpnclients - members {% for host in groups['all'] %}{% if ( hostvars[host].vpn is defined ) and (hostvars[host].nagios_NoCheck_Services['vpn'] == true) %}{{host}},{% endif %} {% endfor %} + members {% for host in groups['all'] %}{% if ( hostvars[host].vpn is defined ) %}{{host}},{% endif %} {% endfor %} } From 5afe426f8d75eb4f29d75d7d368ae6e26320a391 Mon Sep 17 00:00:00 2001 From: Stephen Smoogen Date: Tue, 2 May 2017 20:52:55 +0000 Subject: [PATCH 12/90] let us never speak of that hack again --- inventory/group_vars/all | 2 -- inventory/host_vars/bastion02.phx2.fedoraproject.org | 2 -- inventory/host_vars/download-rdu01.fedoraproject.org | 2 -- inventory/host_vars/virthost-rdu01.fedoraproject.org | 2 -- .../nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 | 2 +- 5 files changed, 1 insertion(+), 9 deletions(-) diff --git a/inventory/group_vars/all b/inventory/group_vars/all index 5e1e96379b..98a057a63b 100644 --- a/inventory/group_vars/all +++ b/inventory/group_vars/all @@ -267,5 +267,3 @@ nagios_Check_Services: httpd: false -nagios_NoCheck_Services: - vpn: false diff --git a/inventory/host_vars/bastion02.phx2.fedoraproject.org b/inventory/host_vars/bastion02.phx2.fedoraproject.org index ba51c34361..84d1f969d8 100644 --- a/inventory/host_vars/bastion02.phx2.fedoraproject.org +++ b/inventory/host_vars/bastion02.phx2.fedoraproject.org @@ -15,5 +15,3 @@ ssh_hostnames: - bastion.fedoraproject.org - bastion02.fedoraproject.org -nagios_NoCheck_Services: - vpn:true diff --git a/inventory/host_vars/download-rdu01.fedoraproject.org b/inventory/host_vars/download-rdu01.fedoraproject.org index d6218d696e..11a5061766 100644 --- a/inventory/host_vars/download-rdu01.fedoraproject.org +++ b/inventory/host_vars/download-rdu01.fedoraproject.org @@ -12,5 +12,3 @@ eth0_nm: 255.255.255.192 eth1_ip: 172.31.1.1 eth1_nm: 255.255.255.0 -nagios_NoCheck_Services: - vpn:true diff --git a/inventory/host_vars/virthost-rdu01.fedoraproject.org b/inventory/host_vars/virthost-rdu01.fedoraproject.org index 8b0bf26b30..aee4dcb363 100644 --- a/inventory/host_vars/virthost-rdu01.fedoraproject.org +++ b/inventory/host_vars/virthost-rdu01.fedoraproject.org @@ -10,5 +10,3 @@ br0_ip: 204.85.14.4 br0_nm: 255.255.255.192 vpn: true -nagios_NoCheck_Services: - vpn:true diff --git a/roles/nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 b/roles/nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 index f4d36727ab..6bab4ab103 100644 --- a/roles/nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 +++ b/roles/nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 @@ -3,6 +3,6 @@ define hostgroup { hostgroup_name vpnclients alias vpnclients - members {% for host in groups['all'] %}{% if ( hostvars[host].vpn is defined ) %}{{host}},{% endif %} {% endfor %} + members {% for host in groups['all'] %}{% if ( hostvars[host].vpn == true ) %}{{host}},{% endif %} {% endfor %} } From 7a65798649ba04440be765c2368ca23a898c046c Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Tue, 2 May 2017 22:57:42 +0200 Subject: [PATCH 13/90] Sign rawhide with fedora-27 key Signed-off-by: Patrick Uiterwijk --- roles/robosignatory/files/robosignatory.production.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/robosignatory/files/robosignatory.production.py b/roles/robosignatory/files/robosignatory.production.py index f2c199ce00..c0ee0b326e 100644 --- a/roles/robosignatory/files/robosignatory.production.py +++ b/roles/robosignatory/files/robosignatory.production.py @@ -195,15 +195,15 @@ config = { }, 'fedora-atomic/rawhide/x86_64/docker-host': { 'directory': '/mnt/fedora_koji/koji/compose/atomic/rawhide/', - 'key': 'fedora-26' + 'key': 'fedora-27' }, 'fedora-atomic/rawhide/aarch64/docker-host': { 'directory': '/mnt/fedora_koji/koji/compose/atomic/rawhide/', - 'key': 'fedora-26' + 'key': 'fedora-27' }, 'fedora/rawhide/x86_64/workstation': { 'directory': '/mnt/fedora_koji/koji/compose/ostree/rawhide/', - 'key': 'fedora-26' + 'key': 'fedora-27' }, } } From 5f2422809be91d170856a1a36f97c499d4286795 Mon Sep 17 00:00:00 2001 From: Stephen Smoogen Date: Tue, 2 May 2017 21:09:41 +0000 Subject: [PATCH 14/90] ok general cleanup from old commands to new commands --- .../files/nagios-external/misccommands.cfg | 5 +-- .../server/files/nagios/misccommands.cfg | 3 +- .../files/nagios/commands/notify.cfg | 45 +++++++++++++------ 3 files changed, 36 insertions(+), 17 deletions(-) diff --git a/roles/nagios/server/files/nagios-external/misccommands.cfg b/roles/nagios/server/files/nagios-external/misccommands.cfg index 064c97f879..f85ff0b310 100644 --- a/roles/nagios/server/files/nagios-external/misccommands.cfg +++ b/roles/nagios/server/files/nagios-external/misccommands.cfg @@ -41,7 +41,8 @@ # SAMPLE NOTIFICATION COMMANDS # # These are some example notification commands. They may or may not work on -# your system without modification. +# your system without modification. As an example, some systems will require +# you to use "/usr/bin/mailx" instead of "/usr/bin/mail" in the commands below. # ################################################################################ @@ -111,5 +112,3 @@ define command{ command_name process-service-perfdata command_line /usr/bin/printf "%b" "$LASTSERVICECHECK$\t$HOSTNAME$\t$SERVICEDESC$\t$SERVICESTATE$\t$SERVICEATTEMPT$\t$SERVICESTATETYPE$\t$SERVICEEXECUTIONTIME$\t$SERVICELATENCY$\t$SERVICEOUTPUT$\t$SERVICEPERFDATA$\n" >> /var/log/nagios/service-perfdata.out } - - diff --git a/roles/nagios/server/files/nagios/misccommands.cfg b/roles/nagios/server/files/nagios/misccommands.cfg index 37a59e0e36..9e1a40845e 100644 --- a/roles/nagios/server/files/nagios/misccommands.cfg +++ b/roles/nagios/server/files/nagios/misccommands.cfg @@ -41,7 +41,8 @@ # SAMPLE NOTIFICATION COMMANDS # # These are some example notification commands. They may or may not work on -# your system without modification. +# your system without modification. As an example, some systems will require +# you to use "/usr/bin/mailx" instead of "/usr/bin/mail" in the commands below. # ################################################################################ diff --git a/roles/nagios_server/files/nagios/commands/notify.cfg b/roles/nagios_server/files/nagios/commands/notify.cfg index 6083eeb0bb..5fed94b036 100644 --- a/roles/nagios_server/files/nagios/commands/notify.cfg +++ b/roles/nagios_server/files/nagios/commands/notify.cfg @@ -8,18 +8,13 @@ # ################################################################################ + # 'host-notify-by-email' command definition define command{ command_name host-notify-by-email command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\nSource: $$(hostname)\n\nDate/Time: $LONGDATETIME$\n" | /bin/mail -s "Host $HOSTSTATE$ alert for $HOSTNAME$!" $CONTACTEMAIL$ } -# 'notify-service-by-email' command definition -define command{ - command_name notify-service-by-email - command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$ - } - # 'notify-by-epager' command definition define command{ command_name notify-by-epager @@ -64,17 +59,41 @@ define command{ } # 'notify-by-xmpp' command definition -define command{ - command_name notify-by-xmpp - command_line /usr/local/bin/xmppsend -a /etc/nagios/private/xmppnagios.ini "Service: $SERVICEDESC$\nHost: $HOSTNAME$\nInfo: $SERVICEOUTPUT$\nDate: $LONGDATETIME$" $CONTACTEMAIL$ - } +#define command{ +# command_name notify-by-xmpp +# command_line /usr/local/bin/xmppsend -a /etc/nagios/private/xmppnagios.ini "Service: $SERVICEDESC$\nHost: $HOSTNAME$\nInfo: $SERVICEOUTPUT$\nDate: $LONGDATETIME$" $CONTACTEMAIL$ +# } # 'host-notify-by-xmpp' command definition +#define command{ +# command_name host-notify-by-xmpp +# command_line /usr/local/bin/xmppsend -a /etc/nagios/private/xmppnagios.ini "Host '$HOSTALIAS$' is $HOSTSTATE$\nInfo: $HOSTOUTPUT$\nDate: $LONGDATETIME$" $CONTACTEMAIL$ +# } + + + +################################################################################ +# +# SAMPLE PERFORMANCE DATA COMMANDS +# +# These are sample performance data commands that can be used to send performance +# data output to two text files (one for hosts, another for services). If you +# plan on simply writing performance data out to a file, consider using the +# host_perfdata_file and service_perfdata_file options in the main config file. +# +################################################################################ + + +# 'process-host-perfdata' command definition define command{ - command_name host-notify-by-xmpp - command_line /usr/local/bin/xmppsend -a /etc/nagios/private/xmppnagios.ini "Host '$HOSTALIAS$' is $HOSTSTATE$\nInfo: $HOSTOUTPUT$\nDate: $LONGDATETIME$" $CONTACTEMAIL$ + command_name process-host-perfdata + command_line /usr/bin/printf "%b" "$LASTHOSTCHECK$\t$HOSTNAME$\t$HOSTSTATE$\t$HOSTATTEMPT$\t$HOSTSTATETYPE$\t$HOSTEXECUTIONTIME$\t$HOSTOUTPUT$\t$HOSTPERFDATA$\n" >> /var/log/nagios/host-perfdata.out } - +# 'process-service-perfdata' command definition +define command{ + command_name process-service-perfdata + command_line /usr/bin/printf "%b" "$LASTSERVICECHECK$\t$HOSTNAME$\t$SERVICEDESC$\t$SERVICESTATE$\t$SERVICEATTEMPT$\t$SERVICESTATETYPE$\t$SERVICEEXECUTIONTIME$\t$SERVICELATENCY$\t$SERVICEOUTPUT$\t$SERVICEPERFDATA$\n" >> /var/log/nagios/service-perfdata.out + } From 009d3db36dcb1506ea577d1a66c6bd8e231bd53c Mon Sep 17 00:00:00 2001 From: Tim Flink Date: Tue, 2 May 2017 21:11:23 +0000 Subject: [PATCH 15/90] no longer messing with stg taskotron, can be re-added to master playbook --- master.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/master.yml b/master.yml index 27bb7e7653..d8bf06f949 100644 --- a/master.yml +++ b/master.yml @@ -110,9 +110,7 @@ - include: /srv/web/infra/ansible/playbooks/groups/taskotron-client-hosts.yml - include: /srv/web/infra/ansible/playbooks/groups/taskotron-prod.yml - include: /srv/web/infra/ansible/playbooks/groups/taskotron-dev.yml -# we're poking around with taskotron-stg right now and a full playbook run would disrupt the testing -# 2017-03-03 tflink -#- include: /srv/web/infra/ansible/playbooks/groups/taskotron-stg.yml +- include: /srv/web/infra/ansible/playbooks/groups/taskotron-stg.yml - include: /srv/web/infra/ansible/playbooks/groups/torrent.yml - include: /srv/web/infra/ansible/playbooks/groups/twisted-buildbots.yml - include: /srv/web/infra/ansible/playbooks/groups/unbound.yml From 872019b04d9c188d163531d286fe93058128a320 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Tue, 2 May 2017 21:12:38 +0000 Subject: [PATCH 16/90] qadevel is no longer a thing --- inventory/inventory | 3 --- 1 file changed, 3 deletions(-) diff --git a/inventory/inventory b/inventory/inventory index cf74f6c35b..6f07531e9a 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -15,9 +15,6 @@ qa02.qa.fedoraproject.org qa08.qa.fedoraproject.org qa04.qa.fedoraproject.org -[qadevel] -qadevel.qa.fedoraproject.org:222 - [qa-prod] qa-prod01.qa.fedoraproject.org From f5cbffa2e1bfed7f9f4c39a42cc20d34c749a137 Mon Sep 17 00:00:00 2001 From: Stephen Smoogen Date: Tue, 2 May 2017 21:14:40 +0000 Subject: [PATCH 17/90] a very ugly hack until I get something better tomorrow --- .../nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 b/roles/nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 index 6bab4ab103..964cff5213 100644 --- a/roles/nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 +++ b/roles/nagios_server/templates/nagios/hostgroups/vpnclients.cfg.j2 @@ -3,6 +3,6 @@ define hostgroup { hostgroup_name vpnclients alias vpnclients - members {% for host in groups['all'] %}{% if ( hostvars[host].vpn == true ) %}{{host}},{% endif %} {% endfor %} + members !download-rdu01.fedoraproject.org, !virthost-rdu01.fedoraproject.org, !bastion02.phx2.fedoraproject.org, {% for host in groups['all'] %}{% if ( hostvars[host].vpn == true ) %}{{host}},{% endif %} {% endfor %} } From c16b80195a2051e2c8aa84bdbacac6a862f845f3 Mon Sep 17 00:00:00 2001 From: Stephen Smoogen Date: Tue, 2 May 2017 21:18:30 +0000 Subject: [PATCH 18/90] and we broke this earlier --- .../files/nagios/commands/notify.cfg | 25 ------------------- 1 file changed, 25 deletions(-) diff --git a/roles/nagios_server/files/nagios/commands/notify.cfg b/roles/nagios_server/files/nagios/commands/notify.cfg index 5fed94b036..6ab9d8fdfa 100644 --- a/roles/nagios_server/files/nagios/commands/notify.cfg +++ b/roles/nagios_server/files/nagios/commands/notify.cfg @@ -72,28 +72,3 @@ define command{ # } - -################################################################################ -# -# SAMPLE PERFORMANCE DATA COMMANDS -# -# These are sample performance data commands that can be used to send performance -# data output to two text files (one for hosts, another for services). If you -# plan on simply writing performance data out to a file, consider using the -# host_perfdata_file and service_perfdata_file options in the main config file. -# -################################################################################ - - -# 'process-host-perfdata' command definition -define command{ - command_name process-host-perfdata - command_line /usr/bin/printf "%b" "$LASTHOSTCHECK$\t$HOSTNAME$\t$HOSTSTATE$\t$HOSTATTEMPT$\t$HOSTSTATETYPE$\t$HOSTEXECUTIONTIME$\t$HOSTOUTPUT$\t$HOSTPERFDATA$\n" >> /var/log/nagios/host-perfdata.out - } - - -# 'process-service-perfdata' command definition -define command{ - command_name process-service-perfdata - command_line /usr/bin/printf "%b" "$LASTSERVICECHECK$\t$HOSTNAME$\t$SERVICEDESC$\t$SERVICESTATE$\t$SERVICEATTEMPT$\t$SERVICESTATETYPE$\t$SERVICEEXECUTIONTIME$\t$SERVICELATENCY$\t$SERVICEOUTPUT$\t$SERVICEPERFDATA$\n" >> /var/log/nagios/service-perfdata.out - } From f4eb21e85e94165aa71775cd051e2f7023ab4c1d Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Tue, 2 May 2017 22:49:17 +0000 Subject: [PATCH 19/90] Revert "Enable autosign01" This reverts commit f2006412ab0fa58c62e9edf2fbcc0e2db027a166. --- inventory/inventory | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory/inventory b/inventory/inventory index 6f07531e9a..ba5762d2f1 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -266,7 +266,7 @@ autocloud-backend01.stg.phx2.fedoraproject.org autocloud-backend02.stg.phx2.fedoraproject.org [autosign] -autosign01.phx2.fedoraproject.org +#autosign01.phx2.fedoraproject.org [autosign-stg] autosign01.stg.phx2.fedoraproject.org From d6e8f96a650dafc5d8ab27c21380daa6dc9c14a5 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Tue, 2 May 2017 23:41:30 +0000 Subject: [PATCH 20/90] Do not check the client IP Signed-off-by: Patrick Uiterwijk --- roles/koji_hub/templates/hub.conf.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/koji_hub/templates/hub.conf.j2 b/roles/koji_hub/templates/hub.conf.j2 index 1631be7583..fb512826f8 100644 --- a/roles/koji_hub/templates/hub.conf.j2 +++ b/roles/koji_hub/templates/hub.conf.j2 @@ -31,6 +31,7 @@ ProxyPrincipals = HTTP/koji.fedoraproject.org@FEDORAPROJECT.ORG,sigul/secondary- KojiDir = /mnt/koji MemoryWarnThreshold = 10000 MaxRequestLength = 167772160 +CheckClientIP = False # Kerb auth {% if env == "staging" %} From 004197d7de42403c67f418bd18f7bda150d8d2c5 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Wed, 3 May 2017 00:12:19 +0000 Subject: [PATCH 21/90] Add koji realms to config Signed-off-by: Patrick Uiterwijk --- roles/sigul/bridge/files/koji-arm.conf | 1 + roles/sigul/bridge/files/koji-ppc.conf | 1 + roles/sigul/bridge/files/koji-primary.stg.conf | 1 + roles/sigul/bridge/files/koji-s390.conf | 1 + roles/sigul/bridge/templates/koji-primary.conf.j2 | 1 + 5 files changed, 5 insertions(+) diff --git a/roles/sigul/bridge/files/koji-arm.conf b/roles/sigul/bridge/files/koji-arm.conf index e57b3fc6b9..57361b260d 100644 --- a/roles/sigul/bridge/files/koji-arm.conf +++ b/roles/sigul/bridge/files/koji-arm.conf @@ -1,4 +1,5 @@ [koji] +realm = FEDORAPROJECT.ORG ;configuration for koji cli tool diff --git a/roles/sigul/bridge/files/koji-ppc.conf b/roles/sigul/bridge/files/koji-ppc.conf index cedfaa67e7..3a9fbd42fe 100644 --- a/roles/sigul/bridge/files/koji-ppc.conf +++ b/roles/sigul/bridge/files/koji-ppc.conf @@ -1,4 +1,5 @@ [koji] +realm = FEDORAPROJECT.ORG ;configuration for koji cli tool diff --git a/roles/sigul/bridge/files/koji-primary.stg.conf b/roles/sigul/bridge/files/koji-primary.stg.conf index cf121171b0..9d416a2841 100644 --- a/roles/sigul/bridge/files/koji-primary.stg.conf +++ b/roles/sigul/bridge/files/koji-primary.stg.conf @@ -1,4 +1,5 @@ [koji] +realm = STG.FEDORAPROJECT.ORG ;configuration for koji cli tool diff --git a/roles/sigul/bridge/files/koji-s390.conf b/roles/sigul/bridge/files/koji-s390.conf index 64a95a7e7a..acd0c3754e 100644 --- a/roles/sigul/bridge/files/koji-s390.conf +++ b/roles/sigul/bridge/files/koji-s390.conf @@ -1,4 +1,5 @@ [koji] +realm = FEDORAPROJECT.ORG ;configuration for koji cli tool diff --git a/roles/sigul/bridge/templates/koji-primary.conf.j2 b/roles/sigul/bridge/templates/koji-primary.conf.j2 index 3cd47b74d7..f033dac4eb 100644 --- a/roles/sigul/bridge/templates/koji-primary.conf.j2 +++ b/roles/sigul/bridge/templates/koji-primary.conf.j2 @@ -1,4 +1,5 @@ [koji] +realm = FEDORAPROJECT.ORG ;configuration for koji cli tool From 8e235ef3ab00dfe21e2ccee71eeee66f38aef1cd Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Wed, 3 May 2017 00:13:01 +0000 Subject: [PATCH 22/90] Add krb_rdns options Signed-off-by: Patrick Uiterwijk --- roles/sigul/bridge/files/koji-arm.conf | 1 + roles/sigul/bridge/files/koji-ppc.conf | 1 + roles/sigul/bridge/files/koji-primary.stg.conf | 1 + roles/sigul/bridge/files/koji-s390.conf | 1 + roles/sigul/bridge/templates/koji-primary.conf.j2 | 1 + 5 files changed, 5 insertions(+) diff --git a/roles/sigul/bridge/files/koji-arm.conf b/roles/sigul/bridge/files/koji-arm.conf index 57361b260d..2341f04c82 100644 --- a/roles/sigul/bridge/files/koji-arm.conf +++ b/roles/sigul/bridge/files/koji-arm.conf @@ -19,3 +19,4 @@ serverca = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem authtype = kerberos principal = sigul/secondary-bridge01.phx2.fedoraproject.org@FEDORAPROJECT.ORG keytab = /etc/krb5.sigul_secondary-bridge01.phx2.fedoraproject.org.keytab +krb_rdns = false diff --git a/roles/sigul/bridge/files/koji-ppc.conf b/roles/sigul/bridge/files/koji-ppc.conf index 3a9fbd42fe..1c5ac6d458 100644 --- a/roles/sigul/bridge/files/koji-ppc.conf +++ b/roles/sigul/bridge/files/koji-ppc.conf @@ -19,3 +19,4 @@ serverca = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem authtype = kerberos principal = sigul/secondary-bridge01.phx2.fedoraproject.org@FEDORAPROJECT.ORG keytab = /etc/krb5.sigul_secondary-bridge01.phx2.fedoraproject.org.keytab +krb_rdns = false diff --git a/roles/sigul/bridge/files/koji-primary.stg.conf b/roles/sigul/bridge/files/koji-primary.stg.conf index 9d416a2841..d7a40692a1 100644 --- a/roles/sigul/bridge/files/koji-primary.stg.conf +++ b/roles/sigul/bridge/files/koji-primary.stg.conf @@ -16,3 +16,4 @@ serverca = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem authtype = kerberos principal = sigul/secondary-bridge01.phx2.fedoraproject.org@FEDORAPROJECT.ORG keytab = /etc/krb5.sigul_secondary-bridge01.phx2.fedoraproject.org.keytab +krb_rdns = false diff --git a/roles/sigul/bridge/files/koji-s390.conf b/roles/sigul/bridge/files/koji-s390.conf index acd0c3754e..d96564d864 100644 --- a/roles/sigul/bridge/files/koji-s390.conf +++ b/roles/sigul/bridge/files/koji-s390.conf @@ -19,3 +19,4 @@ serverca = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem authtype = kerberos principal = sigul/secondary-bridge01.phx2.fedoraproject.org@FEDORAPROJECT.ORG keytab = /etc/krb5.sigul_secondary-bridge01.phx2.fedoraproject.org.keytab +krb_rdns = false diff --git a/roles/sigul/bridge/templates/koji-primary.conf.j2 b/roles/sigul/bridge/templates/koji-primary.conf.j2 index f033dac4eb..bff79891d5 100644 --- a/roles/sigul/bridge/templates/koji-primary.conf.j2 +++ b/roles/sigul/bridge/templates/koji-primary.conf.j2 @@ -21,3 +21,4 @@ serverca = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem authtype = kerberos principal = sigul/{{ inventory_hostname }}@{{ ipa_realm }} keytab = /etc/krb5.sigul_{{ inventory_hostname }}.keytab +krb_rdns = false From 67bb403ef9f808c75061b9dbcc665172d758e91d Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 3 May 2017 00:32:17 +0000 Subject: [PATCH 23/90] fix hubs-dev playbook --- ...edorainfroacloud.org.yml => hubs-dev.fedorainfracloud.org.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename playbooks/hosts/{hubs-dev.fedorainfroacloud.org.yml => hubs-dev.fedorainfracloud.org.yml} (100%) diff --git a/playbooks/hosts/hubs-dev.fedorainfroacloud.org.yml b/playbooks/hosts/hubs-dev.fedorainfracloud.org.yml similarity index 100% rename from playbooks/hosts/hubs-dev.fedorainfroacloud.org.yml rename to playbooks/hosts/hubs-dev.fedorainfracloud.org.yml From 6a1d129f77ea550c8e9e2c808a2d6041b57cc0d9 Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Tue, 2 May 2017 17:37:30 -0700 Subject: [PATCH 24/90] Allow openQA staging to report to ResultsDB staging RDB staging wasn't allowing the 10.5.131 range where openQA staging server lives. Signed-off-by: Adam Williamson --- inventory/group_vars/resultsdb-stg | 1 + 1 file changed, 1 insertion(+) diff --git a/inventory/group_vars/resultsdb-stg b/inventory/group_vars/resultsdb-stg index 62a0636f6c..b433c8dae7 100644 --- a/inventory/group_vars/resultsdb-stg +++ b/inventory/group_vars/resultsdb-stg @@ -35,6 +35,7 @@ resultsdb_secret_key: "{{ stg_resultsdb_secret_key }}" allowed_hosts: - 10.5.124 + - 10.5.131 ############################################################ From 4f10cb437edc2720d8685c01bb77eeee2fd18b8d Mon Sep 17 00:00:00 2001 From: Sayan Chowdhury Date: Wed, 3 May 2017 07:35:11 +0000 Subject: [PATCH 25/90] Fix the root auth users for hubs-dev --- inventory/host_vars/hubs-dev.fedorainfracloud.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory/host_vars/hubs-dev.fedorainfracloud.org b/inventory/host_vars/hubs-dev.fedorainfracloud.org index 909cdd7604..9045d2b43c 100644 --- a/inventory/host_vars/hubs-dev.fedorainfracloud.org +++ b/inventory/host_vars/hubs-dev.fedorainfracloud.org @@ -10,7 +10,7 @@ inventory_tenant: persistent inventory_instance_name: hubs-dev hostbase: hubs-dev public_ip: 209.132.184.47 -root_auth_users: sayan +root_auth_users: sayanchowdhury abompard description: hubs development instance cloud_networks: From 17c52a6e59eb5a4095be47d852bc728aa4e43139 Mon Sep 17 00:00:00 2001 From: clime Date: Tue, 2 May 2017 17:38:43 +0200 Subject: [PATCH 26/90] dist-git: the new upstream dist-git package is now in EPEL7 --- .../distgit/files/clime-dist-git-epel-7.repo | 10 --------- roles/distgit/files/dist-git.conf | 7 +++++++ roles/distgit/tasks/main.yml | 21 ++++++------------- 3 files changed, 13 insertions(+), 25 deletions(-) delete mode 100644 roles/distgit/files/clime-dist-git-epel-7.repo create mode 100644 roles/distgit/files/dist-git.conf diff --git a/roles/distgit/files/clime-dist-git-epel-7.repo b/roles/distgit/files/clime-dist-git-epel-7.repo deleted file mode 100644 index 9f9545bb44..0000000000 --- a/roles/distgit/files/clime-dist-git-epel-7.repo +++ /dev/null @@ -1,10 +0,0 @@ -[clime-dist-git] -name=Copr repo for dist-git owned by clime -baseurl=https://copr-be.cloud.fedoraproject.org/results/clime/dist-git/epel-7-$basearch/ -type=rpm-md -skip_if_unavailable=True -gpgcheck=1 -gpgkey=https://copr-be.cloud.fedoraproject.org/results/clime/dist-git/pubkey.gpg -repo_gpgcheck=0 -enabled=1 -enabled_metadata=1 \ No newline at end of file diff --git a/roles/distgit/files/dist-git.conf b/roles/distgit/files/dist-git.conf new file mode 100644 index 0000000000..8d45800b26 --- /dev/null +++ b/roles/distgit/files/dist-git.conf @@ -0,0 +1,7 @@ +[dist-git] +git_author_name = Fedora Release Engineering +git_author_email = rel-eng@lists.fedoraproject.org + +cache_dir = /srv/cache +gitroot_dir = /srv/git/repositories +gitolite = True diff --git a/roles/distgit/tasks/main.yml b/roles/distgit/tasks/main.yml index e70e0409a0..ecc5eebde3 100644 --- a/roles/distgit/tasks/main.yml +++ b/roles/distgit/tasks/main.yml @@ -66,21 +66,21 @@ # -- Dist Git -------------------------------------------- # This is the Git setup itself: group, root directory, scripts,... -- name: install the Dist Git-related httpd config - copy: src=clime-dist-git-epel-7.repo dest=/etc/yum.repos.d/clime-dist-git-epel-7.repo +- name: install dist-git + yum: pkg=dist-git state=latest when: env == "staging" and inventory_hostname.startswith('pkgs02') tags: - distgit -- name: install dist-git - yum: pkg=dist-git state=present +- name: install the dist-git config + copy: src=dist-git.conf dest=/etc/dist-git/dist-git.conf when: env == "staging" and inventory_hostname.startswith('pkgs02') tags: + - config - distgit - name: create the distgit root directory (/srv/git) file: dest=/srv/git state=directory mode=0755 - when: env != "staging" or inventory_hostname.startswith('pkgs01') tags: - distgit @@ -104,7 +104,6 @@ - name: create the distgit root directory (/srv/git/repositories) file: dest=/srv/git/repositories state=directory mode=2775 group=packager - when: env != "staging" or inventory_hostname.startswith('pkgs01') tags: - distgit @@ -123,21 +122,13 @@ tags: - distgit -- name: install the distgit scripts - copy: src={{item}} dest=/usr/local/bin/{{item}} owner=root group=root mode=0755 - with_items: - - pkgdb2-clone - tags: - - config - - distgit - - name: install the distgit scripts copy: src={{item}} dest=/usr/local/bin/{{item}} owner=root group=root mode=0755 with_items: - setup_git_package - mkbranch - mkbranch_branching - when: env != "staging" or inventory_hostname.startswith('pkgs01') + - pkgdb2-clone tags: - config - distgit From 0a4cbaa9e6f1e3a02052dc68965f4b7b1459da93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20Such=C3=BD?= Date: Wed, 3 May 2017 14:22:30 +0200 Subject: [PATCH 27/90] retrace: update from upstream --- roles/abrt/faf/meta/.galaxy_install_info | 2 +- roles/abrt/faf/templates/etc--.conf.j2 | 31 ---- .../faf/templates/etc--plugins-web.conf.j2 | 50 ------ .../templates/etc-httpd-conf.d--web.conf.j2 | 52 ------ roles/abrt/retrace/meta/.galaxy_install_info | 2 +- .../retrace/templates/-server-httpd.conf.j2 | 47 ----- .../retrace/templates/etc--server.conf.j2 | 162 ------------------ 7 files changed, 2 insertions(+), 344 deletions(-) delete mode 100644 roles/abrt/faf/templates/etc--.conf.j2 delete mode 100644 roles/abrt/faf/templates/etc--plugins-web.conf.j2 delete mode 100644 roles/abrt/faf/templates/etc-httpd-conf.d--web.conf.j2 delete mode 100644 roles/abrt/retrace/templates/-server-httpd.conf.j2 delete mode 100644 roles/abrt/retrace/templates/etc--server.conf.j2 diff --git a/roles/abrt/faf/meta/.galaxy_install_info b/roles/abrt/faf/meta/.galaxy_install_info index 4ee7008b99..e21ae6ea36 100644 --- a/roles/abrt/faf/meta/.galaxy_install_info +++ b/roles/abrt/faf/meta/.galaxy_install_info @@ -1 +1 @@ -{install_date: 'Fri Apr 28 09:36:52 2017', version: ''} +{install_date: 'Wed May 3 11:53:06 2017', version: ''} diff --git a/roles/abrt/faf/templates/etc--.conf.j2 b/roles/abrt/faf/templates/etc--.conf.j2 deleted file mode 100644 index 18c8a19dda..0000000000 --- a/roles/abrt/faf/templates/etc--.conf.j2 +++ /dev/null @@ -1,31 +0,0 @@ -#{{ ansible_managed }} -# Faf site-wide configuration file - -[Main] -PluginsDir = /etc/faf/plugins/ -TemplatesDir = /etc/faf/templates/ -AutoEnablePlugins = False - -[Storage] -ConnectString = {{ faf_db_connectstring }} -LobDir = {{ faf_spool_dir }}/lob -# Using platform-specific location by default. -# Uncomment and change if needed. -# TmpDir = /tmp - -[Mail] -# where to send notification emails, comma separated list -Admins = {{ faf_admin_mail }} -Server = {{ smtp_server }} -Port = {{ smtp_port }} -Username = {{ smtp_username|default("", true) }} -Password = {{ smtp_password|default("", true) }} - -[uReport] -# The directory that holds 'reports' and 'attachments' subdirectories -Directory = {{ faf_spool_dir }} -CreateComponents = False -# attachments accepted by this server -# allowed values: fedora-bugzilla rhel-bugzilla centos-mantisb comment email url -# or * to allow all attachments -AcceptAttachments = fedora-bugzilla rhel-bugzilla centos-mantisbt diff --git a/roles/abrt/faf/templates/etc--plugins-web.conf.j2 b/roles/abrt/faf/templates/etc--plugins-web.conf.j2 deleted file mode 100644 index 21c0d9d8fd..0000000000 --- a/roles/abrt/faf/templates/etc--plugins-web.conf.j2 +++ /dev/null @@ -1,50 +0,0 @@ -#{{ ansible_managed }} -[hub] -debug = {{ faf_web_debug }} -proxy_setup = {{ faf_web_proxy_setup }} -secret_key = {{ faf_web_secret_key }} -{% if faf_web_on_root %} -url = https://{{ domain }}/ -{% else %} -url = https://{{ domain }}/faf/ -{% endif %} -server_name = {{ faf_server_name }} -brand_title = {{ faf_web_brand_title }} -brand_subtitle = {{ faf_web_brand_subtitle }} - -{% if faf_web_fedmenu_url %} -fedmenu_url = {{ faf_web_fedmenu_url }} -fedmenu_data_url = {{ faf_web_fedmenu_data_url }} -{% endif %} - -# When OpenID login is disabled, this option can be used to override permission -# checks and make everyone a package maintainer. -# In that case no login is necessary to access maintainer-only actions. -everyone_is_maintainer = {{ faf_web_everyone_is_admin }} -# When OpenID login is disabled, this option can be used to override permission -# checks and make everyone an admin. -# In that case no login is necessary to access admin-only actions. -everyone_is_admin = {{ faf_web_everyone_is_maintainer }} - -[openid] -enabled = {{ faf_web_openid }} - -{% if faf_web_openid_privileged_teams %} -privileged_teams = {{ faf_web_openid_privileged_teams }} -{% endif %} - -[DumpDir] -CacheDirectory = {{ faf_spool_dir }}/dumpdirs -CacheDirectoryCountQuota = 100 -CacheDirectorySizeQuota = 107374182400 -MaxDumpDirSize = 1073741824 - -[cache] -#types: -# null - no caching -# simple - process-local memory cache -# memcached - requires pylibmc -type = {{ faf_web_cache_type }} -memcached_host = localhost -memcached_port = {{ memcached_port }} -memcached_key_prefix = webfaf diff --git a/roles/abrt/faf/templates/etc-httpd-conf.d--web.conf.j2 b/roles/abrt/faf/templates/etc-httpd-conf.d--web.conf.j2 deleted file mode 100644 index 33829aed97..0000000000 --- a/roles/abrt/faf/templates/etc-httpd-conf.d--web.conf.j2 +++ /dev/null @@ -1,52 +0,0 @@ -#{{ ansible_managed }} -# WSGI handler -WSGIPythonOptimize 1 -WSGISocketPrefix {{ faf_spool_dir }} /wsgi -WSGIDaemonProcess faf user=faf group=faf processes=3 threads=5 - -{% set python = 'python2.7' %} - -WSGIScriptAlias /{{ url_suffix }} /usr/lib/{{ python }}/site-packages/webfaf/hub.wsgi process-group=faf application-group=%{GLOBAL} - - - - # Apache 2.4 - Require all granted - - - # Apache 2.2 - Order allow,deny - Allow from all - - - -# project main - - Options Indexes - IndexOptions FancyIndexing - - # Apache 2.4 - Require all granted - - - # Apache 2.2 - Order allow,deny - Allow from all - - - -# static -Alias {{ url_suffix }}/static "/usr/share/faf/web/static" - - Options Indexes - IndexOptions FancyIndexing - - # Apache 2.4 - Require all granted - - - # Apache 2.2 - Order allow,deny - Allow from all - - diff --git a/roles/abrt/retrace/meta/.galaxy_install_info b/roles/abrt/retrace/meta/.galaxy_install_info index 2be6199311..a75ebdbde0 100644 --- a/roles/abrt/retrace/meta/.galaxy_install_info +++ b/roles/abrt/retrace/meta/.galaxy_install_info @@ -1 +1 @@ -{install_date: 'Fri Apr 28 09:36:53 2017', version: ''} +{install_date: 'Wed May 3 11:53:07 2017', version: ''} diff --git a/roles/abrt/retrace/templates/-server-httpd.conf.j2 b/roles/abrt/retrace/templates/-server-httpd.conf.j2 deleted file mode 100644 index 593b2b8582..0000000000 --- a/roles/abrt/retrace/templates/-server-httpd.conf.j2 +++ /dev/null @@ -1,47 +0,0 @@ -#{{ ansible_managed }} - -WSGISocketPrefix /var/run/retrace -WSGIDaemonProcess retrace user=retrace group=retrace processes=5 threads=3 - -WSGIScriptAliasMatch ^/manager(/.*)?$ /usr/share/retrace-server/manager.wsgi -WSGIScriptAliasMatch ^/settings$ /usr/share/retrace-server/settings.wsgi -WSGIScriptAliasMatch ^/create$ /usr/share/retrace-server/create.wsgi -WSGIScriptAliasMatch ^/stats$ /usr/share/retrace-server/stats.wsgi -WSGIScriptAliasMatch ^/checkpackage$ /usr/share/retrace-server/checkpackage.wsgi -WSGIScriptAliasMatch ^/[0-9]+/?$ /usr/share/retrace-server/status.wsgi -WSGIScriptAliasMatch ^/[0-9]+/delete$ /usr/share/retrace-server/delete.wsgi -WSGIScriptAliasMatch ^/[0-9]+/log$ /usr/share/retrace-server/log.wsgi -WSGIScriptAliasMatch ^/[0-9]+/backtrace$ /usr/share/retrace-server/backtrace.wsgi -WSGIScriptAliasMatch ^/[0-9]+/exploitable$ /usr/share/retrace-server/exploitable.wsgi -WSGIScriptAliasMatch ^/[0-9]+/start$ /usr/share/retrace-server/start.wsgi -WSGIScriptAliasMatch ^/$ /usr/share/retrace-server/index.wsgi - - - Options Indexes FollowSymLinks - AllowOverride None - - # Apache 2.4 - Require all granted - - - # Apache 2.2 - Order allow,deny - Allow from all - - - - - WSGIProcessGroup retrace - Options -Indexes -FollowSymLinks - - # Apache 2.4 - Require all granted - - - # Apache 2.2 - Order allow,deny - Allow from all - - - -Alias /repos /var/cache/retrace-server diff --git a/roles/abrt/retrace/templates/etc--server.conf.j2 b/roles/abrt/retrace/templates/etc--server.conf.j2 deleted file mode 100644 index edda02fab5..0000000000 --- a/roles/abrt/retrace/templates/etc--server.conf.j2 +++ /dev/null @@ -1,162 +0,0 @@ -#{{ ansible_managed }} - -[retrace] -# Which group is used for authentication -# Do not change AuthGroup if you really don't need to! -# When using non-default group "foo", you also need to -# 1) Set group=foo in WSGIDaemonProcess in /etc/httpd/conf.d/retrace-server-httpd.conf -# 2) Make LogDir, SaveDir and RepoDir readable and writable for foo -# 3) Execute all retrace-server-* scripts (including cron jobs!) with foo membership -AuthGroup = {{ rs_auth_group }} - -# Force to use HTTPS - only disable on trusted network -RequireHTTPS = {{ rs_require_https|int }} - -# Allow to delete task data via HTTP API (https://server//delete) -AllowAPIDelete = {{ rs_allow_api_delete|int }} - -# Allow interactive tasks (security risk, do not use on public systems) -AllowInteractive = {{ rs_allow_interactive|int }} - -# Allow X-CoreFileDirectory header -AllowExternalDir = {{ rs_allow_external_dir|int }} - -# Allow to create tasks owned by task manager (security risk) -AllowTaskManager = {{ rs_allow_task_manager|int }} - -# Allow to create VMCore tasks in the task manager -AllowVMCoreTask = {{ rs_allow_vmcore_task|int }} - -# Allow to create Userspace core tasks in the task manager -AllowUsrCoreTask = {{ rs_allow_usrcore_task|int }} - -# If white list is disabled, anyone can delete tasks -TaskManagerAuthDelete = {{ rs_task_manager_auth_delete|int }} - -# Whitespace-separated list of users allowed to delete tasks -TaskManagerDeleteUsers = {{ rs_task_manager_delete_users|default('', true) }} - -# If set to non-empty string, makes the case number clickable in task manager -# The string is expanded by python, with the case number passed -# as the only argument, do not forget %d -CaseNumberURL = {{ rs_case_number_url|default('', true) }} - -# Verify GPG signatures of installed packages -RequireGPGCheck = {{ rs_require_gpg_check|int }} - -# Maximum tasks running at one moment -MaxParallelTasks = {{ rs_max_parallel_tasks|int }} - -# Maximum size of archive uploaded by user (MB) -MaxPackedSize = {{ rs_max_packed_size|int }} - -# Maximum size of archive contents (MB) -MaxUnpackedSize = {{ rs_max_unpacked_size|int }} - -# Minimal storage left on WorkDir FS after unpacking archive (MB) -MinStorageLeft = {{ rs_min_storage_left|int }} - -# Delete old tasks after (hours); <= 0 means never -# This is mutually exclusive with ArchiveTasksAfter (see below) -# The one that occurs first removes the task from the system -# In case DeleteTaskAfter = ArchiveTaskAfter, archiving executes first -DeleteTaskAfter = {{ rs_delete_task_after|int }} - -# Delete old failed tasks after (hours); <= 0 means never -# This is useful for cleanup of failed tasks before the standard -# mechanisms do (DeleteTaskAfter or ArchiveTaskAfter) -# In case DeleteFailedTaskAfter > DeleteTaskAfter -# or DeleteFailedTaskAfter > ArchiveTaskAfter, this option does nothing -DeleteFailedTaskAfter = {{ rs_delete_failed_task_after|int }} - -# Archive old task after (hours); <= 0 means never -# This is mutually exclusive with DeleteTasksAfter (see above) -# The one that occurs first removes the task from the system -# In case DeleteTaskAfter = ArchiveTaskAfter, archiving executes first -ArchiveTaskAfter = {{ rs_archive_task_after|int }} - -# SQLite statistics DB filename -DBFile = {{ rs_db_file }} - -# Log directory -LogDir = {{ rs_log_dir }} - -# Local repos directory -# if changed, you also need to update httpd config -RepoDir = {{ rs_repo_dir }} - -# Directory where the crashes and results are saved -SaveDir = {{ rs_save_dir }} - -# Directory where old tasks are moved -DropDir = {{ rs_drop_dir }} - -# Whether to use explicit working directory, otherwise default mock settings are used -UseWorkDir = {{ rs_use_work_dir|int }} - -# Working directory -WorkDir = {{ rs_work_dir }} - -# Whether to use createrepo's --update option (faster, but requires a lot of memory) -UseCreaterepoUpdate = {{ rs_use_createrepo_update|int }} - -# How many latest packages to keep for rawhide -KeepRawhideLatest = {{ rs_keep_rawhide_latest|int }} - -# Repo used to install chroot for vmcores -KernelChrootRepo = {{ rs_kernel_chroot_repo }} - -# Koji directory structure can be used to search for kernel debuginfo -KojiRoot = {{ rs_koji_root }} - -# Whether task manager should look to an external FTP for task data -UseFTPTasks = {{ rs_use_ftp_tasks|int }} - -# FTP connection parameters -FTPSSL = {{ rs_ftp_ssl|int }} -FTPHost = {{ rs_ftp_host|default('', true) }} -FTPUser = {{ rs_ftp_user|default('', true) }} -FTPPass = {{ rs_ftp_password|default('', true) }} -FTPDir = {{ rs_ftp_dir|default('', true) }} - -# Size of buffer for downloading from FTP (MB) -FTPBufferSize = {{ rs_ftp_buffer_size|int }} - -# Whether to use wget as a fallback to finding kernel debuginfos -WgetKernelDebuginfos = {{ rs_wget_kernel_debuginfos|int }} - -# Where to download kernel debuginfos from -# $VERSION $RELEASE and $ARCH are replaced by the appropriate value -# kernel-debuginfo-VRA.rpm is appended to the end -KernelDebuginfoURL = {{ rs_kernel_debuginfo_url }} - -# Run makedumpfile with specified dumplevel; <= 0 or >= 32 means disabled -VmcoreDumpLevel = {{ rs_vmcore_dump_level|int }} - -# Whether to run kmem command by default (this may take a long time on large vmcores) -# 1 => run 'kmem -f'; 2 => run 'kmem -f' with 'set hash off'; 3 => run 'kmem -z'; anything else => do not run kmem -VmcoreRunKmem = {{ rs_vmcore_run_kmem|int }} - -# EXPERIMENTAL! Use ABRT Server's storage to map build-ids -# into debuginfo packages and resolve dependencies -# Requires support from ABRT Server -UseFafPackages = {{ rs_use_faf_packages|int }} - -# Where to hardlink faf packages -FafLinkDir = {{ rs_faf_link_dir }} - -# Whether to enable e-mail notifications -EmailNotify = {{ rs_email_notify|int }} - -# Who sends the e-mail notifications -EmailNotifyFrom = {{ rs_email_notify_from_user }}@{{ hostname }} - -[archhosts] -{% for a in rs_archhosts %} -{{ a.arch }} = {{ a.url|default('', true) }} -{% endfor %} - -[hookscripts] -{% for h in rs_hookscripts %} -{{ h.hook }} = {{ h.cmd|default('', true) }} -{% endfor %} From 811da4160de11a0bf3c10e180e5c5fb8bb347e3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20Such=C3=BD?= Date: Wed, 3 May 2017 14:55:20 +0200 Subject: [PATCH 28/90] retrace: update from upstream --- roles/abrt/faf/files/group_abrt-el7-epel-7.repo | 10 ---------- roles/abrt/faf/meta/.galaxy_install_info | 2 +- roles/abrt/faf/tasks/cron.yml | 17 +++++++++++++++++ roles/abrt/faf/tasks/install.yml | 2 +- 4 files changed, 19 insertions(+), 12 deletions(-) delete mode 100644 roles/abrt/faf/files/group_abrt-el7-epel-7.repo diff --git a/roles/abrt/faf/files/group_abrt-el7-epel-7.repo b/roles/abrt/faf/files/group_abrt-el7-epel-7.repo deleted file mode 100644 index ec4e5fa897..0000000000 --- a/roles/abrt/faf/files/group_abrt-el7-epel-7.repo +++ /dev/null @@ -1,10 +0,0 @@ -[group_abrt-faf-el7] -name=Copr repo for faf-el7 owned by @abrt -baseurl=https://copr-be.cloud.fedoraproject.org/results/@abrt/faf-el7/epel-7-$basearch/ -type=rpm-md -skip_if_unavailable=True -gpgcheck=1 -gpgkey=https://copr-be.cloud.fedoraproject.org/results/@abrt/faf-el7/pubkey.gpg -repo_gpgcheck=0 -enabled=1 -enabled_metadata=1 diff --git a/roles/abrt/faf/meta/.galaxy_install_info b/roles/abrt/faf/meta/.galaxy_install_info index e21ae6ea36..55282d2e1f 100644 --- a/roles/abrt/faf/meta/.galaxy_install_info +++ b/roles/abrt/faf/meta/.galaxy_install_info @@ -1 +1 @@ -{install_date: 'Wed May 3 11:53:06 2017', version: ''} +{install_date: 'Wed May 3 12:54:28 2017', version: ''} diff --git a/roles/abrt/faf/tasks/cron.yml b/roles/abrt/faf/tasks/cron.yml index 1e702b072d..1858c98ade 100644 --- a/roles/abrt/faf/tasks/cron.yml +++ b/roles/abrt/faf/tasks/cron.yml @@ -47,3 +47,20 @@ with_items: - { type: "core", day: "2,4,6" } - { type: "kerneloops", day: "1,3,5" } + +- name: cron - faf find-crashfn core + cron: + name: "cron for faf find-crashfn for core" + user: faf + job: "faf find-crashfn -p core" + special_time: daily + state: present + +- name: cron - faf find-crashfn kerneloops + cron: + name: "cron for faf find-crashfn for kerneloops" + user: faf + job: "faf find-crashfn -p kerneloops" + minute: 15 + hour: "*/3" + state: present diff --git a/roles/abrt/faf/tasks/install.yml b/roles/abrt/faf/tasks/install.yml index b139bd5ed3..fcfcb6a88a 100644 --- a/roles/abrt/faf/tasks/install.yml +++ b/roles/abrt/faf/tasks/install.yml @@ -1,7 +1,7 @@ --- - name: enable Copr repo - copy: src="{{ roles_path }}/abrt/faf-local/files/group_abrt-faf-el7-epel-7.repo" dest=/etc/yum.repos.d/ + copy: src=group_abrt-faf-el7-epel-7.repo dest=/etc/yum.repos.d/ - name: erase faf packages yum: pkg="faf-*" state=absent From 159b0a37794346513c043d384d9bc62ccc39234b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20Such=C3=BD?= Date: Wed, 3 May 2017 15:02:26 +0200 Subject: [PATCH 29/90] retrace: update from upstream --- .../faf/files/group_abrt-faf-el7-epel-7.repo | 10 ++ roles/abrt/faf/templates/etc-faf-faf.conf.j2 | 31 ++++ .../faf/templates/etc-faf-plugins-web.conf.j2 | 50 ++++++ .../etc-httpd-conf.d-faf-web.conf.j2 | 52 ++++++ .../templates/etc-retrace-server.conf.j2 | 162 ++++++++++++++++++ .../templates/retrace-server-httpd.conf.j2 | 47 +++++ 6 files changed, 352 insertions(+) create mode 100644 roles/abrt/faf/files/group_abrt-faf-el7-epel-7.repo create mode 100644 roles/abrt/faf/templates/etc-faf-faf.conf.j2 create mode 100644 roles/abrt/faf/templates/etc-faf-plugins-web.conf.j2 create mode 100644 roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2 create mode 100644 roles/abrt/retrace/templates/etc-retrace-server.conf.j2 create mode 100644 roles/abrt/retrace/templates/retrace-server-httpd.conf.j2 diff --git a/roles/abrt/faf/files/group_abrt-faf-el7-epel-7.repo b/roles/abrt/faf/files/group_abrt-faf-el7-epel-7.repo new file mode 100644 index 0000000000..ec4e5fa897 --- /dev/null +++ b/roles/abrt/faf/files/group_abrt-faf-el7-epel-7.repo @@ -0,0 +1,10 @@ +[group_abrt-faf-el7] +name=Copr repo for faf-el7 owned by @abrt +baseurl=https://copr-be.cloud.fedoraproject.org/results/@abrt/faf-el7/epel-7-$basearch/ +type=rpm-md +skip_if_unavailable=True +gpgcheck=1 +gpgkey=https://copr-be.cloud.fedoraproject.org/results/@abrt/faf-el7/pubkey.gpg +repo_gpgcheck=0 +enabled=1 +enabled_metadata=1 diff --git a/roles/abrt/faf/templates/etc-faf-faf.conf.j2 b/roles/abrt/faf/templates/etc-faf-faf.conf.j2 new file mode 100644 index 0000000000..18c8a19dda --- /dev/null +++ b/roles/abrt/faf/templates/etc-faf-faf.conf.j2 @@ -0,0 +1,31 @@ +#{{ ansible_managed }} +# Faf site-wide configuration file + +[Main] +PluginsDir = /etc/faf/plugins/ +TemplatesDir = /etc/faf/templates/ +AutoEnablePlugins = False + +[Storage] +ConnectString = {{ faf_db_connectstring }} +LobDir = {{ faf_spool_dir }}/lob +# Using platform-specific location by default. +# Uncomment and change if needed. +# TmpDir = /tmp + +[Mail] +# where to send notification emails, comma separated list +Admins = {{ faf_admin_mail }} +Server = {{ smtp_server }} +Port = {{ smtp_port }} +Username = {{ smtp_username|default("", true) }} +Password = {{ smtp_password|default("", true) }} + +[uReport] +# The directory that holds 'reports' and 'attachments' subdirectories +Directory = {{ faf_spool_dir }} +CreateComponents = False +# attachments accepted by this server +# allowed values: fedora-bugzilla rhel-bugzilla centos-mantisb comment email url +# or * to allow all attachments +AcceptAttachments = fedora-bugzilla rhel-bugzilla centos-mantisbt diff --git a/roles/abrt/faf/templates/etc-faf-plugins-web.conf.j2 b/roles/abrt/faf/templates/etc-faf-plugins-web.conf.j2 new file mode 100644 index 0000000000..21c0d9d8fd --- /dev/null +++ b/roles/abrt/faf/templates/etc-faf-plugins-web.conf.j2 @@ -0,0 +1,50 @@ +#{{ ansible_managed }} +[hub] +debug = {{ faf_web_debug }} +proxy_setup = {{ faf_web_proxy_setup }} +secret_key = {{ faf_web_secret_key }} +{% if faf_web_on_root %} +url = https://{{ domain }}/ +{% else %} +url = https://{{ domain }}/faf/ +{% endif %} +server_name = {{ faf_server_name }} +brand_title = {{ faf_web_brand_title }} +brand_subtitle = {{ faf_web_brand_subtitle }} + +{% if faf_web_fedmenu_url %} +fedmenu_url = {{ faf_web_fedmenu_url }} +fedmenu_data_url = {{ faf_web_fedmenu_data_url }} +{% endif %} + +# When OpenID login is disabled, this option can be used to override permission +# checks and make everyone a package maintainer. +# In that case no login is necessary to access maintainer-only actions. +everyone_is_maintainer = {{ faf_web_everyone_is_admin }} +# When OpenID login is disabled, this option can be used to override permission +# checks and make everyone an admin. +# In that case no login is necessary to access admin-only actions. +everyone_is_admin = {{ faf_web_everyone_is_maintainer }} + +[openid] +enabled = {{ faf_web_openid }} + +{% if faf_web_openid_privileged_teams %} +privileged_teams = {{ faf_web_openid_privileged_teams }} +{% endif %} + +[DumpDir] +CacheDirectory = {{ faf_spool_dir }}/dumpdirs +CacheDirectoryCountQuota = 100 +CacheDirectorySizeQuota = 107374182400 +MaxDumpDirSize = 1073741824 + +[cache] +#types: +# null - no caching +# simple - process-local memory cache +# memcached - requires pylibmc +type = {{ faf_web_cache_type }} +memcached_host = localhost +memcached_port = {{ memcached_port }} +memcached_key_prefix = webfaf diff --git a/roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2 b/roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2 new file mode 100644 index 0000000000..33829aed97 --- /dev/null +++ b/roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2 @@ -0,0 +1,52 @@ +#{{ ansible_managed }} +# WSGI handler +WSGIPythonOptimize 1 +WSGISocketPrefix {{ faf_spool_dir }} /wsgi +WSGIDaemonProcess faf user=faf group=faf processes=3 threads=5 + +{% set python = 'python2.7' %} + +WSGIScriptAlias /{{ url_suffix }} /usr/lib/{{ python }}/site-packages/webfaf/hub.wsgi process-group=faf application-group=%{GLOBAL} + + + + # Apache 2.4 + Require all granted + + + # Apache 2.2 + Order allow,deny + Allow from all + + + +# project main + + Options Indexes + IndexOptions FancyIndexing + + # Apache 2.4 + Require all granted + + + # Apache 2.2 + Order allow,deny + Allow from all + + + +# static +Alias {{ url_suffix }}/static "/usr/share/faf/web/static" + + Options Indexes + IndexOptions FancyIndexing + + # Apache 2.4 + Require all granted + + + # Apache 2.2 + Order allow,deny + Allow from all + + diff --git a/roles/abrt/retrace/templates/etc-retrace-server.conf.j2 b/roles/abrt/retrace/templates/etc-retrace-server.conf.j2 new file mode 100644 index 0000000000..edda02fab5 --- /dev/null +++ b/roles/abrt/retrace/templates/etc-retrace-server.conf.j2 @@ -0,0 +1,162 @@ +#{{ ansible_managed }} + +[retrace] +# Which group is used for authentication +# Do not change AuthGroup if you really don't need to! +# When using non-default group "foo", you also need to +# 1) Set group=foo in WSGIDaemonProcess in /etc/httpd/conf.d/retrace-server-httpd.conf +# 2) Make LogDir, SaveDir and RepoDir readable and writable for foo +# 3) Execute all retrace-server-* scripts (including cron jobs!) with foo membership +AuthGroup = {{ rs_auth_group }} + +# Force to use HTTPS - only disable on trusted network +RequireHTTPS = {{ rs_require_https|int }} + +# Allow to delete task data via HTTP API (https://server//delete) +AllowAPIDelete = {{ rs_allow_api_delete|int }} + +# Allow interactive tasks (security risk, do not use on public systems) +AllowInteractive = {{ rs_allow_interactive|int }} + +# Allow X-CoreFileDirectory header +AllowExternalDir = {{ rs_allow_external_dir|int }} + +# Allow to create tasks owned by task manager (security risk) +AllowTaskManager = {{ rs_allow_task_manager|int }} + +# Allow to create VMCore tasks in the task manager +AllowVMCoreTask = {{ rs_allow_vmcore_task|int }} + +# Allow to create Userspace core tasks in the task manager +AllowUsrCoreTask = {{ rs_allow_usrcore_task|int }} + +# If white list is disabled, anyone can delete tasks +TaskManagerAuthDelete = {{ rs_task_manager_auth_delete|int }} + +# Whitespace-separated list of users allowed to delete tasks +TaskManagerDeleteUsers = {{ rs_task_manager_delete_users|default('', true) }} + +# If set to non-empty string, makes the case number clickable in task manager +# The string is expanded by python, with the case number passed +# as the only argument, do not forget %d +CaseNumberURL = {{ rs_case_number_url|default('', true) }} + +# Verify GPG signatures of installed packages +RequireGPGCheck = {{ rs_require_gpg_check|int }} + +# Maximum tasks running at one moment +MaxParallelTasks = {{ rs_max_parallel_tasks|int }} + +# Maximum size of archive uploaded by user (MB) +MaxPackedSize = {{ rs_max_packed_size|int }} + +# Maximum size of archive contents (MB) +MaxUnpackedSize = {{ rs_max_unpacked_size|int }} + +# Minimal storage left on WorkDir FS after unpacking archive (MB) +MinStorageLeft = {{ rs_min_storage_left|int }} + +# Delete old tasks after (hours); <= 0 means never +# This is mutually exclusive with ArchiveTasksAfter (see below) +# The one that occurs first removes the task from the system +# In case DeleteTaskAfter = ArchiveTaskAfter, archiving executes first +DeleteTaskAfter = {{ rs_delete_task_after|int }} + +# Delete old failed tasks after (hours); <= 0 means never +# This is useful for cleanup of failed tasks before the standard +# mechanisms do (DeleteTaskAfter or ArchiveTaskAfter) +# In case DeleteFailedTaskAfter > DeleteTaskAfter +# or DeleteFailedTaskAfter > ArchiveTaskAfter, this option does nothing +DeleteFailedTaskAfter = {{ rs_delete_failed_task_after|int }} + +# Archive old task after (hours); <= 0 means never +# This is mutually exclusive with DeleteTasksAfter (see above) +# The one that occurs first removes the task from the system +# In case DeleteTaskAfter = ArchiveTaskAfter, archiving executes first +ArchiveTaskAfter = {{ rs_archive_task_after|int }} + +# SQLite statistics DB filename +DBFile = {{ rs_db_file }} + +# Log directory +LogDir = {{ rs_log_dir }} + +# Local repos directory +# if changed, you also need to update httpd config +RepoDir = {{ rs_repo_dir }} + +# Directory where the crashes and results are saved +SaveDir = {{ rs_save_dir }} + +# Directory where old tasks are moved +DropDir = {{ rs_drop_dir }} + +# Whether to use explicit working directory, otherwise default mock settings are used +UseWorkDir = {{ rs_use_work_dir|int }} + +# Working directory +WorkDir = {{ rs_work_dir }} + +# Whether to use createrepo's --update option (faster, but requires a lot of memory) +UseCreaterepoUpdate = {{ rs_use_createrepo_update|int }} + +# How many latest packages to keep for rawhide +KeepRawhideLatest = {{ rs_keep_rawhide_latest|int }} + +# Repo used to install chroot for vmcores +KernelChrootRepo = {{ rs_kernel_chroot_repo }} + +# Koji directory structure can be used to search for kernel debuginfo +KojiRoot = {{ rs_koji_root }} + +# Whether task manager should look to an external FTP for task data +UseFTPTasks = {{ rs_use_ftp_tasks|int }} + +# FTP connection parameters +FTPSSL = {{ rs_ftp_ssl|int }} +FTPHost = {{ rs_ftp_host|default('', true) }} +FTPUser = {{ rs_ftp_user|default('', true) }} +FTPPass = {{ rs_ftp_password|default('', true) }} +FTPDir = {{ rs_ftp_dir|default('', true) }} + +# Size of buffer for downloading from FTP (MB) +FTPBufferSize = {{ rs_ftp_buffer_size|int }} + +# Whether to use wget as a fallback to finding kernel debuginfos +WgetKernelDebuginfos = {{ rs_wget_kernel_debuginfos|int }} + +# Where to download kernel debuginfos from +# $VERSION $RELEASE and $ARCH are replaced by the appropriate value +# kernel-debuginfo-VRA.rpm is appended to the end +KernelDebuginfoURL = {{ rs_kernel_debuginfo_url }} + +# Run makedumpfile with specified dumplevel; <= 0 or >= 32 means disabled +VmcoreDumpLevel = {{ rs_vmcore_dump_level|int }} + +# Whether to run kmem command by default (this may take a long time on large vmcores) +# 1 => run 'kmem -f'; 2 => run 'kmem -f' with 'set hash off'; 3 => run 'kmem -z'; anything else => do not run kmem +VmcoreRunKmem = {{ rs_vmcore_run_kmem|int }} + +# EXPERIMENTAL! Use ABRT Server's storage to map build-ids +# into debuginfo packages and resolve dependencies +# Requires support from ABRT Server +UseFafPackages = {{ rs_use_faf_packages|int }} + +# Where to hardlink faf packages +FafLinkDir = {{ rs_faf_link_dir }} + +# Whether to enable e-mail notifications +EmailNotify = {{ rs_email_notify|int }} + +# Who sends the e-mail notifications +EmailNotifyFrom = {{ rs_email_notify_from_user }}@{{ hostname }} + +[archhosts] +{% for a in rs_archhosts %} +{{ a.arch }} = {{ a.url|default('', true) }} +{% endfor %} + +[hookscripts] +{% for h in rs_hookscripts %} +{{ h.hook }} = {{ h.cmd|default('', true) }} +{% endfor %} diff --git a/roles/abrt/retrace/templates/retrace-server-httpd.conf.j2 b/roles/abrt/retrace/templates/retrace-server-httpd.conf.j2 new file mode 100644 index 0000000000..593b2b8582 --- /dev/null +++ b/roles/abrt/retrace/templates/retrace-server-httpd.conf.j2 @@ -0,0 +1,47 @@ +#{{ ansible_managed }} + +WSGISocketPrefix /var/run/retrace +WSGIDaemonProcess retrace user=retrace group=retrace processes=5 threads=3 + +WSGIScriptAliasMatch ^/manager(/.*)?$ /usr/share/retrace-server/manager.wsgi +WSGIScriptAliasMatch ^/settings$ /usr/share/retrace-server/settings.wsgi +WSGIScriptAliasMatch ^/create$ /usr/share/retrace-server/create.wsgi +WSGIScriptAliasMatch ^/stats$ /usr/share/retrace-server/stats.wsgi +WSGIScriptAliasMatch ^/checkpackage$ /usr/share/retrace-server/checkpackage.wsgi +WSGIScriptAliasMatch ^/[0-9]+/?$ /usr/share/retrace-server/status.wsgi +WSGIScriptAliasMatch ^/[0-9]+/delete$ /usr/share/retrace-server/delete.wsgi +WSGIScriptAliasMatch ^/[0-9]+/log$ /usr/share/retrace-server/log.wsgi +WSGIScriptAliasMatch ^/[0-9]+/backtrace$ /usr/share/retrace-server/backtrace.wsgi +WSGIScriptAliasMatch ^/[0-9]+/exploitable$ /usr/share/retrace-server/exploitable.wsgi +WSGIScriptAliasMatch ^/[0-9]+/start$ /usr/share/retrace-server/start.wsgi +WSGIScriptAliasMatch ^/$ /usr/share/retrace-server/index.wsgi + + + Options Indexes FollowSymLinks + AllowOverride None + + # Apache 2.4 + Require all granted + + + # Apache 2.2 + Order allow,deny + Allow from all + + + + + WSGIProcessGroup retrace + Options -Indexes -FollowSymLinks + + # Apache 2.4 + Require all granted + + + # Apache 2.2 + Order allow,deny + Allow from all + + + +Alias /repos /var/cache/retrace-server From c9203a1b766a30de0d1237d5ef87b06bff92c834 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Wed, 3 May 2017 13:28:48 +0000 Subject: [PATCH 30/90] expose /dist-repos on kojipkgs dist-repos the feature formerly known as signed-repos puts all of its work under /mnt/koji/dist-repos/ so lets expose it to the world. Signed-off-by: Dennis Gilmore --- roles/kojipkgs/files/kojipkgs.conf | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/roles/kojipkgs/files/kojipkgs.conf b/roles/kojipkgs/files/kojipkgs.conf index 7653afe44b..8c07e0ad17 100644 --- a/roles/kojipkgs/files/kojipkgs.conf +++ b/roles/kojipkgs/files/kojipkgs.conf @@ -31,6 +31,15 @@ Alias /toplink/packages /mnt/fedora_koji/koji/packages Require all granted +Alias /dist-repos /mnt/fedora_koji/koji/dist-repos + + + Options Indexes FollowSymLinks + IndexOptions NameWidth=* FancyIndexing + FileETag None + Require all granted + + Alias /repos /mnt/fedora_koji/koji/repos From 2a2b8e83058561394b001faaff2cefd6b021aa29 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Wed, 3 May 2017 13:48:13 +0000 Subject: [PATCH 31/90] n an effort to be super awkward its named repos-dist not dist-repos Signed-off-by: Dennis Gilmore --- roles/kojipkgs/files/kojipkgs.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kojipkgs/files/kojipkgs.conf b/roles/kojipkgs/files/kojipkgs.conf index 8c07e0ad17..5779a7406d 100644 --- a/roles/kojipkgs/files/kojipkgs.conf +++ b/roles/kojipkgs/files/kojipkgs.conf @@ -31,9 +31,9 @@ Alias /toplink/packages /mnt/fedora_koji/koji/packages Require all granted -Alias /dist-repos /mnt/fedora_koji/koji/dist-repos +Alias /repos-dist /mnt/fedora_koji/koji/repos-dist - + Options Indexes FollowSymLinks IndexOptions NameWidth=* FancyIndexing FileETag None From c1b3f1cb9e0cf11ff786362305e2cedc49db8493 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 3 May 2017 15:20:20 +0000 Subject: [PATCH 32/90] move keytab in pkgs to after apache installs --- playbooks/groups/pkgs.yml | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/playbooks/groups/pkgs.yml b/playbooks/groups/pkgs.yml index 879b322dac..64b601c85e 100644 --- a/playbooks/groups/pkgs.yml +++ b/playbooks/groups/pkgs.yml @@ -10,14 +10,6 @@ - "/srv/private/ansible/vars.yml" - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - pre_tasks: - - name: Copy keytab - copy: src={{private}}/files/keytabs/{{env}}/pkgs - dest=/etc/httpd.keytab - owner=apache group=apache mode=0600 - tags: - - krb5 - roles: - base - rkhunter @@ -44,6 +36,13 @@ - { role: distgit/pagure, when: env == "staging" and inventory_hostname.startswith('pkgs01') } tasks: + - name: Copy keytab + copy: src={{private}}/files/keytabs/{{env}}/pkgs + dest=/etc/httpd.keytab + owner=apache group=apache mode=0600 + tags: + - krb5 + - include: "{{ tasks_path }}/yumrepos.yml" - include: "{{ tasks_path }}/motd.yml" - include: "{{ tasks_path }}/2fa_client.yml" From 4c0224d38808f27b5d3f4a2d192b5b63265342ac Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 3 May 2017 15:30:01 +0000 Subject: [PATCH 33/90] override fedmsg_certs for pkgs02.stg --- .../pkgs02.stg.phx2.fedoraproject.org | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/inventory/host_vars/pkgs02.stg.phx2.fedoraproject.org b/inventory/host_vars/pkgs02.stg.phx2.fedoraproject.org index e3fe932666..ebb5cc036a 100644 --- a/inventory/host_vars/pkgs02.stg.phx2.fedoraproject.org +++ b/inventory/host_vars/pkgs02.stg.phx2.fedoraproject.org @@ -12,3 +12,32 @@ datacenter: phx2 # Need a eth0/eth1 install here. virt_install_command: "{{ virt_install_command_two_nic }}" + +# We override fedmsg_certs here because pkgs02.stg doesn't have pagure on it. +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin + can_send: + - logger.log + - git.branch + - git.mass_branch.complete + - git.mass_branch.start + - git.pkgdb2branch.complete + - git.pkgdb2branch.start +- service: scm + owner: root + group: packager + can_send: + - git.branch + - git.mass_branch.complete + - git.mass_branch.start + - git.pkgdb2branch.complete + - git.pkgdb2branch.start + - git.receive +- service: lookaside + owner: root + group: apache + can_send: + - git.lookaside.new From 125e70d12ed283aafbab253c55a2615e4076773c Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 3 May 2017 15:40:33 +0000 Subject: [PATCH 34/90] space: the final fronteer --- roles/distgit/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/distgit/tasks/main.yml b/roles/distgit/tasks/main.yml index ecc5eebde3..a94e914afd 100644 --- a/roles/distgit/tasks/main.yml +++ b/roles/distgit/tasks/main.yml @@ -210,7 +210,7 @@ - distgit - name: Create the rpms symlink (should not be needed, might still be used by some old scripts) - command: ln -s /srv/git/repositories / /srv/git/rpms + command: ln -s /srv/git/repositories/ /srv/git/rpms creates=/srv/git/rpms tags: - config From c1ed4c45371b3c98ada38e988a8fb343abe444f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20Such=C3=BD?= Date: Wed, 3 May 2017 18:21:34 +0200 Subject: [PATCH 35/90] retrace: use correct path --- playbooks/groups/retrace.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/groups/retrace.yml b/playbooks/groups/retrace.yml index 857b335a13..59ce08a767 100644 --- a/playbooks/groups/retrace.yml +++ b/playbooks/groups/retrace.yml @@ -51,5 +51,5 @@ roles: - abrt/retrace-local-pre - - { role: abrt/retrace, rs_require_gpg_check: false, rs_max_parallel_tasks: 12, rs_max_packed_size: 1024, rs_max_unpacked_size: 1280, rs_min_storage_left: 1280, rs_delete_task_after: 8, rs_delete_failed_task_after: 1, rs_repo_dir: /srv/retrace/repos, rs_save_dir: /srv/retrace/tasks, rs_faf_link_dir: /srv/retrace/hardlink-local, hostname: retrace.fedoraproject.org } + - { role: abrt/retrace, rs_require_gpg_check: false, rs_max_parallel_tasks: 12, rs_max_packed_size: 1024, rs_max_unpacked_size: 1280, rs_min_storage_left: 1280, rs_delete_task_after: 8, rs_delete_failed_task_after: 1, rs_repo_dir: /srv/retrace/repos, rs_save_dir: /srv/retrace/tasks, rs_faf_link_dir: /srv/retrace/hardlink-local, hostname: retrace.fedoraproject.org, faf_spool_dir: /srv/faf/ } - abrt/retrace-local From 7753e2387d8c0f14dc015d66ff0a5e7c018ee32a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20Such=C3=BD?= Date: Wed, 3 May 2017 18:42:28 +0200 Subject: [PATCH 36/90] retrace: put variable to correct role --- playbooks/groups/retrace.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/playbooks/groups/retrace.yml b/playbooks/groups/retrace.yml index 59ce08a767..502a437a01 100644 --- a/playbooks/groups/retrace.yml +++ b/playbooks/groups/retrace.yml @@ -38,7 +38,7 @@ roles: - abrt/faf-local - - { role: abrt/faf, faf_web_on_root: false, faf_admin_mail: msuchy@redhat.com, faf_web_openid_privileged_teams: "provenpackager,proventesters", faf_web_secret_key: "{{fedora_faf_web_secret_key}}" } + - { role: abrt/faf, faf_web_on_root: false, faf_admin_mail: msuchy@redhat.com, faf_web_openid_privileged_teams: "provenpackager,proventesters", faf_web_secret_key: "{{fedora_faf_web_secret_key}}", faf_spool_dir: /srv/faf/ } - name: setup retrace server hosts: retrace:retrace-stg @@ -51,5 +51,5 @@ roles: - abrt/retrace-local-pre - - { role: abrt/retrace, rs_require_gpg_check: false, rs_max_parallel_tasks: 12, rs_max_packed_size: 1024, rs_max_unpacked_size: 1280, rs_min_storage_left: 1280, rs_delete_task_after: 8, rs_delete_failed_task_after: 1, rs_repo_dir: /srv/retrace/repos, rs_save_dir: /srv/retrace/tasks, rs_faf_link_dir: /srv/retrace/hardlink-local, hostname: retrace.fedoraproject.org, faf_spool_dir: /srv/faf/ } + - { role: abrt/retrace, rs_require_gpg_check: false, rs_max_parallel_tasks: 12, rs_max_packed_size: 1024, rs_max_unpacked_size: 1280, rs_min_storage_left: 1280, rs_delete_task_after: 8, rs_delete_failed_task_after: 1, rs_repo_dir: /srv/retrace/repos, rs_save_dir: /srv/retrace/tasks, rs_faf_link_dir: /srv/retrace/hardlink-local, hostname: retrace.fedoraproject.org } - abrt/retrace-local From e7c9a2281b61c7a4e7f99585cca994500e517ce2 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 3 May 2017 18:58:45 +0000 Subject: [PATCH 37/90] this is just inventory_hostname --- playbooks/update-proxy-dns.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/playbooks/update-proxy-dns.yml b/playbooks/update-proxy-dns.yml index d3dd6e2abe..0730617a3c 100644 --- a/playbooks/update-proxy-dns.yml +++ b/playbooks/update-proxy-dns.yml @@ -26,11 +26,11 @@ when: nodns is not defined or not "true" in nodns - name: Run zone-template (fedoraproject.org) - local_action: command {{tmp.stdout}}/zone-template {{tmp.stdout}}/fedoraproject.org.cfg {{status}} {{ansible_inventory_hostname}} chdir={{tmp.stdout}} + local_action: command {{tmp.stdout}}/zone-template {{tmp.stdout}}/fedoraproject.org.cfg {{status}} {{inventory_hostname}} chdir={{tmp.stdout}} when: nodns is not defined or not "true" in nodns - name: Run zone-template (getfedora.org) - local_action: command {{tmp.stdout}}/zone-template {{tmp.stdout}}/getfedora.org.cfg {{status}} {{ansible_inventory_hostname}} chdir={{tmp.stdout}} + local_action: command {{tmp.stdout}}/zone-template {{tmp.stdout}}/getfedora.org.cfg {{status}} {{inventory_hostname}} chdir={{tmp.stdout}} when: nodns is not defined or not "true" in nodns - name: Commit once From 8878afbf36c772bc4d91643aa79e4857d30b50f9 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 3 May 2017 19:34:51 +0000 Subject: [PATCH 38/90] up kojira to 15 newrepos --- roles/koji_hub/templates/kojira.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/koji_hub/templates/kojira.conf.j2 b/roles/koji_hub/templates/kojira.conf.j2 index 770049c288..65bfee828d 100644 --- a/roles/koji_hub/templates/kojira.conf.j2 +++ b/roles/koji_hub/templates/kojira.conf.j2 @@ -26,7 +26,7 @@ with_src=no ;delete_batch_size=1 ; prevent kojira from flooding the build system with newRepo tasks -max_repo_tasks=6 +max_repo_tasks=15 ; Server certificate authority krb_rdns=false From 99ad4ac7e2dbb20c72d454d4ef0c7df43ed9adb4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20Such=C3=BD?= Date: Thu, 4 May 2017 09:47:46 +0200 Subject: [PATCH 39/90] retrace: update from upstream --- roles/abrt/retrace/meta/.galaxy_install_info | 2 +- roles/abrt/retrace/templates/retrace-server-httpd.conf.j2 | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/abrt/retrace/meta/.galaxy_install_info b/roles/abrt/retrace/meta/.galaxy_install_info index a75ebdbde0..2644b5b2e6 100644 --- a/roles/abrt/retrace/meta/.galaxy_install_info +++ b/roles/abrt/retrace/meta/.galaxy_install_info @@ -1 +1 @@ -{install_date: 'Wed May 3 11:53:07 2017', version: ''} +{install_date: 'Thu May 4 07:47:06 2017', version: ''} diff --git a/roles/abrt/retrace/templates/retrace-server-httpd.conf.j2 b/roles/abrt/retrace/templates/retrace-server-httpd.conf.j2 index 593b2b8582..8e65e3af30 100644 --- a/roles/abrt/retrace/templates/retrace-server-httpd.conf.j2 +++ b/roles/abrt/retrace/templates/retrace-server-httpd.conf.j2 @@ -4,6 +4,7 @@ WSGISocketPrefix /var/run/retrace WSGIDaemonProcess retrace user=retrace group=retrace processes=5 threads=3 WSGIScriptAliasMatch ^/manager(/.*)?$ /usr/share/retrace-server/manager.wsgi +WSGIScriptAliasMatch ^/ftp(/.*)?$ /usr/share/retrace-server/ftp.wsgi WSGIScriptAliasMatch ^/settings$ /usr/share/retrace-server/settings.wsgi WSGIScriptAliasMatch ^/create$ /usr/share/retrace-server/create.wsgi WSGIScriptAliasMatch ^/stats$ /usr/share/retrace-server/stats.wsgi @@ -30,7 +31,7 @@ WSGIScriptAliasMatch ^/$ /usr/share/retrace-server/index.wsgi - + WSGIProcessGroup retrace Options -Indexes -FollowSymLinks From fcf570d42e9a4754b6c8c7acccd2ef4569da7f71 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Thu, 4 May 2017 14:02:02 +0000 Subject: [PATCH 40/90] initial selinux module work for rsyslog to read audit --- roles/base/files/selinux/rsyslog-audit.te | 17 +++++++++++++++++ roles/base/tasks/main.yml | 21 +++++++++++++++++++++ 2 files changed, 38 insertions(+) create mode 100644 roles/base/files/selinux/rsyslog-audit.te diff --git a/roles/base/files/selinux/rsyslog-audit.te b/roles/base/files/selinux/rsyslog-audit.te new file mode 100644 index 0000000000..31f3a22215 --- /dev/null +++ b/roles/base/files/selinux/rsyslog-audit.te @@ -0,0 +1,17 @@ +module rsyslog-audit 1.0; + +require { + type audit_log_t; + class file search; +} + +require { + type audit_log_t; + class file ioctl; + class file open; + class file read; +} + +#============= syslogd_t ============== +allow syslogd_t auditd_log_t:dir { getattr search }; +allow syslogd_t auditd_log_t:file { getattr ioctl open read }; diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index 0a2ff3a0d3..ea3e0c1edd 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -348,6 +348,27 @@ - rsyslogd - config +# Custom selinux policy to allow rsyslog to read and send audit to log01 +#- name: ensure a directory exists for our custom selinux module +# file: dest=/usr/local/share/rsyslog state=directory +# tags: +# - rsyslogd +# - config +# +#- name: copy over our custom selinux module +# copy: src=selinux/rsyslog-audit.pp dest=/usr/local/share/rsyslog/rsyslog-audit.pp +# register: selinux_module +# tags: +# - rsyslogd +# - config +# +#- name: install our custom selinux module +# command: semodule -i /usr/local/share/rsyslog/rsyslog-audit.pp +# when: selinux_module|changed +# tags: +# - rsyslogd +# - config +# - name: Setup postfix include: postfix.yml From f4ae8df39d5f6158a4d783e92b0d4bfefdb9f83f Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Thu, 4 May 2017 14:12:56 +0000 Subject: [PATCH 41/90] Fix up policy source and add EL6 compiled version Signed-off-by: Patrick Uiterwijk --- roles/base/files/selinux/rsyslog-audit.pp | Bin 0 -> 7609 bytes roles/base/files/selinux/rsyslog-audit.te | 13 ++++--------- 2 files changed, 4 insertions(+), 9 deletions(-) create mode 100644 roles/base/files/selinux/rsyslog-audit.pp diff --git a/roles/base/files/selinux/rsyslog-audit.pp b/roles/base/files/selinux/rsyslog-audit.pp new file mode 100644 index 0000000000000000000000000000000000000000..f1a417ff5a9e3468abf151bf1e3bda637b57da36 GIT binary patch literal 7609 zcmc&(O>ZN)5p}+^MuJ@O0|@vc0~+s6lGC2NyWT+t$$VhFlS>c?t!_$U+-fQ$+p>WC zg&_NPbIQI~B-OO6(P+k-34vC#$zoOUv8q_4{{7#7{^v(0CnrC~^IJUM{q*GIUugRc z>epYZKbx+DnXI#eOJpQFlNuPawCpqUgBu%5qXrqw^gHz|#+L%YKz(>h%>tW&;S>5hEz zT=-_O)4%IFOx&e>#hUCnar!vzY{T94eVX z7D!qul)o=g=aawL$8ssZ!w^ zw&ik(3ZHk;fJDk=dh=D*IUj!W$-J^|yX|k&14E@;rZ-=YsTXV>Rps2MGaQdo%MX2o zK9#@on?9fYgF|yW>$LyU#&aLvwD+w|mmO$-P`*R#IsIRhv(qzmWgNWQx{X>PylB^X zHNxc2Pucmpa@A6!)qjq!rx&WR%gS^rY*rc#zq?Si?E+e~lTne=dG7x`25i~KF$bqX zk>BWf-&Rf$?LsAf{!lsz>m$@T6%4L7%c*Tmtyhtgz5q9!SjeQg_1TST?=a3X#-wFo9WB zYd==OD!U@uRoiaR;-(U)wi%075YxB^0sPwttzklO4nv)5ZtF5q1{?BY!B1lTMa)~whzj}P&%5A)850dE}-JK3m8qOb>nHFSZb%&*4;ouZwpc^ zw}K}w;MESswa{LBRf8LeFBk?6!iEq*SqY9tBZ#<)wteh;^3dep@3CToUZTSvqi<#B zf!rTp za&QU62`kFht%WJ>uGExCoq@gxN)4ifV`|uLk`@C@2Wz69(=)8Yx^mqJVEAgDk~h%; z5r{pEqNy`Z^B~)yvk-uJ?d1;>b`JiM*aMA>Ehf0EZs2L%1^`2YS!LP}nBZJ@6CmtH z{E^V6;4?FGH&zb*H1Qf>FIzuJuHNcf-NqJds&hS7e_hsoQX?|XtuxyH?U<;z0|J#` z09uUzwjPD0#ED@!fisafCfw+2 z*V_=7j~jdQ5cn5&G9)8rYFf+{ds*_9FZzIkNO#9#`L;zbIGASK3X zz+<`!se?E^e80wx5ORq*Bbjyp(7FadNMOhC)~>Z@7>PUbLs2SueEoK4XQ z7-_&UsZ9A-Oj3Cm!tNR`3zVeD5X&s>zHz1fR?ettW49gBLD>_^(K}-mB2E_ggfX6p zFSlPAjnJgADQE<@NoR(nK;$f%UR9x*4&;^r!AO9k!)goOj&L_Sc&+_D<5B7c-1K_q8}C8yn0gT2FbjNmf%V50Mumdp*P?u`t{Z z2ieegeB({Anf5{F6oO{CJ0b@1JmwH3uZg#GVt6nxgR{^vV)9_x(EE$zsA`3)>3Hh0 zVuo4QJ(J?3QJV;)DXpRw*9eVLx{P7ZxIyhi0DnxPHnAt{oUMn1! z!|@F56iF(M6z}4QWI?>1H+^C*Ky1J zi+cY0E7?=xcKe>$&r7{7b};UQlBRKgy4v19=UeS8A-zd-@6LHd_sL1v9^(7=!J`}| z9*!XAeOI-(V83@oyGO<_>^hpV8qra=7lQYPP|$-*PDm*)H}8)S>)v|i1sD BHnRW# literal 0 HcmV?d00001 diff --git a/roles/base/files/selinux/rsyslog-audit.te b/roles/base/files/selinux/rsyslog-audit.te index 31f3a22215..a8bf497c24 100644 --- a/roles/base/files/selinux/rsyslog-audit.te +++ b/roles/base/files/selinux/rsyslog-audit.te @@ -1,15 +1,10 @@ module rsyslog-audit 1.0; require { - type audit_log_t; - class file search; -} - -require { - type audit_log_t; - class file ioctl; - class file open; - class file read; + type auditd_log_t; + type syslogd_t; + class file { getattr ioctl open read }; + class dir { getattr search }; } #============= syslogd_t ============== From 9f71fa2295c8a40b83d0847b46739c0d64165806 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Thu, 4 May 2017 14:20:37 +0000 Subject: [PATCH 42/90] comment in rsyslog-audit module in base --- roles/base/tasks/main.yml | 43 +++++++++++++++++++++------------------ 1 file changed, 23 insertions(+), 20 deletions(-) diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index ea3e0c1edd..052ef2efb0 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -349,26 +349,29 @@ - config # Custom selinux policy to allow rsyslog to read and send audit to log01 -#- name: ensure a directory exists for our custom selinux module -# file: dest=/usr/local/share/rsyslog state=directory -# tags: -# - rsyslogd -# - config -# -#- name: copy over our custom selinux module -# copy: src=selinux/rsyslog-audit.pp dest=/usr/local/share/rsyslog/rsyslog-audit.pp -# register: selinux_module -# tags: -# - rsyslogd -# - config -# -#- name: install our custom selinux module -# command: semodule -i /usr/local/share/rsyslog/rsyslog-audit.pp -# when: selinux_module|changed -# tags: -# - rsyslogd -# - config -# +- name: ensure a directory exists for our custom selinux module + file: dest=/usr/local/share/rsyslog state=directory + tags: + - rsyslogd + - config + - rsyslog-audit + +- name: copy over our custom selinux module + copy: src=selinux/rsyslog-audit.pp dest=/usr/local/share/rsyslog/rsyslog-audit.pp + register: selinux_module + tags: + - rsyslogd + - config + - rsyslog-audit + +- name: install our custom selinux module + command: semodule -i /usr/local/share/rsyslog/rsyslog-audit.pp + when: selinux_module|changed + tags: + - rsyslogd + - config + - rsyslog-audit + - name: Setup postfix include: postfix.yml From 516c671cc4fde2f7d7e3646a956c6a8124cf1069 Mon Sep 17 00:00:00 2001 From: clime Date: Thu, 4 May 2017 16:52:15 +0200 Subject: [PATCH 43/90] copr-stg: backend ip update --- inventory/group_vars/copr-stg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory/group_vars/copr-stg b/inventory/group_vars/copr-stg index 9b8a0bda9c..9fe352bcfb 100644 --- a/inventory/group_vars/copr-stg +++ b/inventory/group_vars/copr-stg @@ -5,7 +5,7 @@ _forward_src: "forward_dev" # don't forget to update ip in ./copr-keygen-stg, due to custom firewall rules -copr_backend_ips: ["172.25.32.160", "209.132.184.53"] +copr_backend_ips: ["172.25.32.175", "172.25.150.48"] keygen_host: "172.25.32.154" resolvconf: "resolv.conf/cloud" From 934e545b107ad585bce3c3a45827e5d25ce538d4 Mon Sep 17 00:00:00 2001 From: Sayan Chowdhury Date: Fri, 5 May 2017 09:15:32 +0000 Subject: [PATCH 44/90] Install python-flask in hubs-dev --- playbooks/hosts/hubs-dev.fedorainfracloud.org.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/playbooks/hosts/hubs-dev.fedorainfracloud.org.yml b/playbooks/hosts/hubs-dev.fedorainfracloud.org.yml index 099bae9148..504442074e 100644 --- a/playbooks/hosts/hubs-dev.fedorainfracloud.org.yml +++ b/playbooks/hosts/hubs-dev.fedorainfracloud.org.yml @@ -74,6 +74,7 @@ - python-datanommer-consumer - datanommer-commands - fedmsg-hub + - python-flask - python-psycopg2 - postgresql-devel - postgresql-server From b374e510f833164da3b5e51b939b6f24716df264 Mon Sep 17 00:00:00 2001 From: Sayan Chowdhury Date: Fri, 5 May 2017 10:19:47 +0000 Subject: [PATCH 45/90] hubs-dev: update the dependencies and add certbot role --- playbooks/hosts/hubs-dev.fedorainfracloud.org.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/playbooks/hosts/hubs-dev.fedorainfracloud.org.yml b/playbooks/hosts/hubs-dev.fedorainfracloud.org.yml index 504442074e..f9fecc0989 100644 --- a/playbooks/hosts/hubs-dev.fedorainfracloud.org.yml +++ b/playbooks/hosts/hubs-dev.fedorainfracloud.org.yml @@ -20,6 +20,9 @@ - /srv/private/ansible/files/openstack/passwords.yml - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + roles: + - certbot + pre_tasks: - include: "{{ tasks_path }}/cloud_setup_basic.yml" - name: set hostname (required by some services, at least postfix need it) @@ -75,6 +78,9 @@ - datanommer-commands - fedmsg-hub - python-flask + - python-oauth2client + - python-bleach + - python-dogpile-cache - python-psycopg2 - postgresql-devel - postgresql-server From 0df29d25a8356c3cc6ef0c10fac91c95c2a337cd Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Fri, 5 May 2017 13:04:44 +0000 Subject: [PATCH 46/90] Rename regcfp.fic.o Signed-off-by: Patrick Uiterwijk --- inventory/inventory | 2 +- ...orainfracloud.org.yml => regcfp2.fedorainfracloud.org.yml} | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) rename playbooks/hosts/{regcfp.fedorainfracloud.org.yml => regcfp2.fedorainfracloud.org.yml} (91%) diff --git a/inventory/inventory b/inventory/inventory index ba5762d2f1..5039034ec1 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -1117,7 +1117,7 @@ communityblog.fedorainfracloud.org # Fedora Magazine magazine.fedorainfracloud.org # Flock RegCfp instance -regcfp.fedorainfracloud.org +regcfp2.fedorainfracloud.org # Modularity (ticket 5390) modularity.fedorainfracloud.org # Fedora Bootstrap VM diff --git a/playbooks/hosts/regcfp.fedorainfracloud.org.yml b/playbooks/hosts/regcfp2.fedorainfracloud.org.yml similarity index 91% rename from playbooks/hosts/regcfp.fedorainfracloud.org.yml rename to playbooks/hosts/regcfp2.fedorainfracloud.org.yml index 46d4b4843c..a3df0e5928 100644 --- a/playbooks/hosts/regcfp.fedorainfracloud.org.yml +++ b/playbooks/hosts/regcfp2.fedorainfracloud.org.yml @@ -1,5 +1,5 @@ - name: check/create instance - hosts: regcfp.fedorainfracloud.org + hosts: regcfp2.fedorainfracloud.org gather_facts: False vars_files: @@ -12,7 +12,7 @@ - include: "{{ tasks_path }}/persistent_cloud.yml" - name: setup all the things - hosts: regcfp.fedorainfracloud.org + hosts: regcfp2.fedorainfracloud.org gather_facts: True vars_files: - /srv/web/infra/ansible/vars/global.yml From f886067e19d53f2103d0cac475c7311cf4a1b52c Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Fri, 5 May 2017 13:06:32 +0000 Subject: [PATCH 47/90] Finish rename Signed-off-by: Patrick Uiterwijk --- ...gcfp.fedorainfracloud.org => regcfp2.fedorainfracloud.org} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename inventory/host_vars/{regcfp.fedorainfracloud.org => regcfp2.fedorainfracloud.org} (91%) diff --git a/inventory/host_vars/regcfp.fedorainfracloud.org b/inventory/host_vars/regcfp2.fedorainfracloud.org similarity index 91% rename from inventory/host_vars/regcfp.fedorainfracloud.org rename to inventory/host_vars/regcfp2.fedorainfracloud.org index bc4e4e7382..b302418011 100644 --- a/inventory/host_vars/regcfp.fedorainfracloud.org +++ b/inventory/host_vars/regcfp2.fedorainfracloud.org @@ -7,8 +7,8 @@ zone: nova tcp_ports: [22, 80, 443] inventory_tenant: persistent -inventory_instance_name: regcfp -hostbase: regcfp +inventory_instance_name: regcfp2 +hostbase: regcfp2 public_ip: 209.132.184.127 root_auth_users: puiterwijk pfrields description: Flock registration software From 6db4fd0ca6c97b467508cb4931f33651ba74a9d4 Mon Sep 17 00:00:00 2001 From: Jason Tibbitts Date: Fri, 5 May 2017 15:23:46 +0000 Subject: [PATCH 48/90] Update create-filelist to latest upstream. --- files/scripts/create-filelist | 103 +++++++++++++++++++++++++--------- 1 file changed, 76 insertions(+), 27 deletions(-) diff --git a/files/scripts/create-filelist b/files/scripts/create-filelist index 3b831f8c05..d59c2781cd 100755 --- a/files/scripts/create-filelist +++ b/files/scripts/create-filelist @@ -11,8 +11,14 @@ from __future__ import print_function import argparse import hashlib import os +import stat import sys -from scandir import scandir + +# Get scandir from whatever module provides it today +try: + from os import scandir +except ImportError: + from scandir import scandir # productmd is optional, needed only for the imagelist feature try: @@ -21,13 +27,36 @@ except ImportError: SUPPORTED_IMAGE_FORMATS = [] -def get_ftype(entry): - """Return a simple indicator of the file type.""" - if entry.is_symlink(): - return 'l' - if entry.is_dir(): - return 'd' - return 'f' +class SEntry(object): + """A simpler DirEntry-like object.""" + + def __init__(self, direntry, restricted=False): + self.direntry = direntry + self.restricted = restricted + self.path = direntry.path + self.name = direntry.name + + info = direntry.stat(follow_symlinks=False) + self.modtime = max(info.st_mtime, info.st_ctime) + self.readable_group = info.st_mode & stat.S_IRGRP + self.readable_world = info.st_mode & stat.S_IROTH + self.size = info.st_size + + ftype = 'f' + perm = '' + if direntry.is_symlink(): + ftype = 'l' + elif direntry.is_dir(): + ftype = 'd' + + if self.restricted: + perm = '*' + + # Note that we want an unreadable state to override the restricted state + if not self.readable_world: + perm = '-' + + self.ftype = ftype + perm def sha1(fname): @@ -42,22 +71,40 @@ def sha1(fname): return sha1.hexdigest() -def recursedir(path='.', skip=[], alwaysskip=['.~tmp~']): - """Just like scandir, but recursively. +def recursedir(path='.', skip=[], alwaysskip=['.~tmp~'], in_restricted=False): + """Like scandir, but recursively. Will skip everything in the skip array, but only at the top level directory. + + Returns SEntry objects. If in_restricted is true, all returned entries will + be marked as restricted even if their permissions are not restricted. """ - for entry in scandir(path): - if entry.name in skip: + for dentry in scandir(path): + if dentry.name in skip: continue - if entry.name in alwaysskip: + if dentry.name in alwaysskip: continue - if entry.is_dir(follow_symlinks=False): + + # Skip things which are not at least group readable + # Symlinks are followed here so that clients won't see dangling + # symlinks to content they can't transfer. It's the default, but to + # avoid confusion it's been made explicit. + if not (dentry.stat(follow_symlinks=True).st_mode & stat.S_IRGRP): + # print('{} is not group readable; skipping.'.format(dentry.path)) + continue + + se = SEntry(dentry, in_restricted) + if dentry.is_dir(follow_symlinks=False): + this_restricted = in_restricted + if not se.readable_world: + # print('{} is not world readable; marking as restricted.'.format(se.path), file=sys.stderr) + this_restricted = True + # Don't pass skip here, because we only skip in the top level - for rentry in recursedir(entry.path, alwaysskip=alwaysskip): - yield rentry - yield entry + for re in recursedir(se.path, alwaysskip=alwaysskip, in_restricted=this_restricted): + yield re + yield se def parseopts(): @@ -97,11 +144,11 @@ def parseopts(): opts.skip_files = opts.skip_files or [] if opts.skip: if not opts.timelist.name == '': - opts.skip_files += [opts.timelist.name] + opts.skip_files += [os.path.basename(opts.timelist.name)] if not opts.filelist.name == '': - opts.skip_files += [opts.filelist.name] + opts.skip_files += [os.path.basename(opts.filelist.name)] if not opts.imagelist.name == '': - opts.skip_files += [opts.imagelist.name] + opts.skip_files += [os.path.basename(opts.imagelist.name)] return opts @@ -115,25 +162,27 @@ def main(): os.chdir(opts.dir) print('[Version]', file=opts.timelist) + # XXX Technically this should be version 3. But old clients will simply + # ignore the extended file types for restricted directories, and so we can + # add this now and let things simmer for a while before bumping the format + # and hard-breaking old clients. print('2', file=opts.timelist) print(file=opts.timelist) print('[Files]', file=opts.timelist) for entry in recursedir(skip=opts.skip_files): - # opts.filelist.write(entry.path + '\n') print(entry.path, file=opts.filelist) + # write to filtered list if appropriate imgs = ['.{0}'.format(form) for form in SUPPORTED_IMAGE_FORMATS] if any(entry.path.endswith(img) for img in imgs): print(entry.path, file=opts.imagelist) if entry.name in opts.checksum_files: checksums[entry.path[2:]] = True - info = entry.stat(follow_symlinks=False) - modtime = max(info.st_mtime, info.st_ctime) - size = info.st_size - ftype = get_ftype(entry) - # opts.timelist.write('{0}\t{1}\t{2}\n'.format(modtime, ftype, entry.path[2:])) - print('{0}\t{1}\t{2}\t{3}'.format(modtime, ftype, size, entry.path[2:]), file=opts.timelist) + + print('{0}\t{1}\t{2}\t{3}'.format(entry.modtime, entry.ftype, + entry.size, entry.path[2:]), + file=opts.timelist) print('\n[Checksums SHA1]', file=opts.timelist) From bcf669d1b2510b3e56d72e0401b8deec0c790de2 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Fri, 5 May 2017 16:18:21 +0000 Subject: [PATCH 49/90] weed out openvpn and docker noise until we can drop it --- roles/epylog/files/merged/weed_local.cf | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/epylog/files/merged/weed_local.cf b/roles/epylog/files/merged/weed_local.cf index 71fcc1236d..8b136df56c 100644 --- a/roles/epylog/files/merged/weed_local.cf +++ b/roles/epylog/files/merged/weed_local.cf @@ -190,6 +190,7 @@ openvpn.*:.*Re-using SSL/TLS context.* openvpn.*:.*LZO compression.* openvpn.*: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts.* openvpn.*: WARNING: No server certificate verification method has been enabled.* +openvpn.*: .*peer info.* origin-master.* origin-node.* pam_unix\(.*\): account .* has password changed in future @@ -374,7 +375,8 @@ systemd-udevd: conflicting device node.* systemd.*: Starting user-.*.slice. systemd.*: Started Session.*of user git. systemd.*: Starting Session.*of user git. -systemd: Cannot add dependency job for unit microcode.service.* +systemd.*: Cannot add dependency job for unit microcode.service.* +systemd.*: Scope libcontainer.*has no PIDs. Refusing. supybot.* unix_chkpwd.*: account .* has password changed in future unix_chkpwd.*: password check failed for user \(root\) From e0ff639a31efbd11b340e197aca66dde60e8fc50 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Fri, 5 May 2017 16:21:40 +0000 Subject: [PATCH 50/90] Add regcfp tags Signed-off-by: Patrick Uiterwijk --- roles/regcfp/tasks/main.yml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/roles/regcfp/tasks/main.yml b/roles/regcfp/tasks/main.yml index a8db7bd02c..f9091da5e0 100644 --- a/roles/regcfp/tasks/main.yml +++ b/roles/regcfp/tasks/main.yml @@ -12,10 +12,12 @@ - name: Clone the regcfp master branch git: repo=https://github.com/puiterwijk/regcfp.git dest=/srv/regcfp - version=master + version=develop clone=yes update=yes register: git_result changed_when: "git_result.after|default('after') != git_result.before|default('before')" + tags: + - regcfp notify: - restart regcfp @@ -25,9 +27,13 @@ chdir=/srv/regcfp register: deps changed_when: "deps.stdout|length > 0" + tags: + - regcfp - name: copy over the server config template: src=config.json dest=/srv/regcfp/config/config.json mode=0640 + tags: + - regcfp notify: - restart regcfp @@ -37,19 +43,27 @@ with_items: - flocktofedora.org.cert - flocktofedora.org.intermediate.cert + tags: + - regcfp notify: - restart regcfp - name: Copy over the ftf cert key copy: src="{{private}}/files/httpd/flocktofedora.org.key" dest=/etc/pki/tls/private + tags: + - regcfp notify: - restart regcfp - name: copy over the systemd file copy: src=regcfp.service dest=/etc/systemd/system/regcfp.service mode=0640 + tags: + - regcfp notify: - restart regcfp - name: regcfp service service: name=regcfp state=started enabled=yes + tags: + - regcfp From 6375967a0c973eace68e0e7a4e8d389a5f66333a Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Fri, 5 May 2017 16:37:21 +0000 Subject: [PATCH 51/90] Updated regcfp config Signed-off-by: Patrick Uiterwijk --- roles/regcfp/templates/config.json | 37 ++++++++++++++++-------------- 1 file changed, 20 insertions(+), 17 deletions(-) diff --git a/roles/regcfp/templates/config.json b/roles/regcfp/templates/config.json index 48328fa94b..b24350ab0f 100644 --- a/roles/regcfp/templates/config.json +++ b/roles/regcfp/templates/config.json @@ -1,5 +1,6 @@ { "production": { + "site_url": "https://register.flocktofedora.org", "theming": { "theme": "fedora", "site_name": "Flock 2016 Registration", @@ -43,8 +44,14 @@ }, "auth": { - "module": "persona", - "persona_audience": "https://register.flocktofedora.org" + "module": "openid", + "openid_connect_providers": { + "fedora": { + "discovery_url": "https://id.fedoraproject.org/openidc/.well-known/openid-configuration", + "client_id": "regcfp", + "client_secret": "{{ regcfp_openidc_secret}}" + } + } }, "permissions": { @@ -70,14 +77,16 @@ "accept": ["pfrields@fedoraproject.org", "jwboyer@fedoraproject.org", "spot@fedoraproject.org"] }, "registration": { - "register": [""], + "register": [], "pay": [], "request_receipt": [], "view_public": ["*authenticated*"], - "view_all": ["*authenticated*"], + "view_all": [""], "add_payment": [], - "print_badge": ["puiterwijk@fedoraproject.org", "pfrields@fedoraproject.org", "jwboyer@fedoraproject.org", "jzb@fedoraproject.org", "rsuehle@fedoraproject.org", "spot@fedoraproject.org", "decause@fedoraproject.org"], - "desk": ["puiterwijk@fedoraproject.org", "pfrields@fedoraproject.org", "jwboyer@fedoraproject.org", "jzb@fedoraproject.org", "rsuehle@fedoraproject.org", "spot@fedoraproject.org", "decause@fedoraproject.org"] + "print_badge": [], + "desk": [], + "cancel": [], + "cancel_all": [] } }, @@ -276,28 +285,22 @@ "payment_product_name": "My Event Registration Fee", "currencies": { - "EUR": { - "symbol": "€", + "USD": { + "symbol": "$", "min_amount_for_receipt": 20, "default_amount": 40, "conversion_rate": 1 - }, - "SEK": { - "symbol": "kr", - "min_amount_for_receipt": 190, - "default_amount": 380, - "conversion_rate": 0.11 } }, - "main_currency": "EUR", + "main_currency": "USD", "paypal_experience_profile": "", "desk_word": "something", "paypal": { "api_credentials": { "mode": "live", - "client_id": "", - "client_secret": "" + "client_id": "{{ regcfp_paypal_client_id }}", + "client_secret": "{{ regcfp_paypal_client_secret }}" }, "profile": { From 78237234ddd3557762ec581d4304c75960c53b2c Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Fri, 5 May 2017 16:45:22 +0000 Subject: [PATCH 52/90] Force email domain Signed-off-by: Patrick Uiterwijk --- roles/regcfp/templates/config.json | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/regcfp/templates/config.json b/roles/regcfp/templates/config.json index b24350ab0f..7de8492681 100644 --- a/roles/regcfp/templates/config.json +++ b/roles/regcfp/templates/config.json @@ -48,6 +48,7 @@ "openid_connect_providers": { "fedora": { "discovery_url": "https://id.fedoraproject.org/openidc/.well-known/openid-configuration", + "email_domain": "fedoraproject.org", "client_id": "regcfp", "client_secret": "{{ regcfp_openidc_secret}}" } From dd2a986ea18ca08cce02e355c122f0a5b8fb6ec8 Mon Sep 17 00:00:00 2001 From: Stephen Smoogen Date: Fri, 5 May 2017 20:50:49 +0000 Subject: [PATCH 53/90] first bold step to never sleeping again --- .../files/nagios/contactgroups/fedora-sysadmin-ircbot.cfg | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/nagios_server/files/nagios/contactgroups/fedora-sysadmin-ircbot.cfg b/roles/nagios_server/files/nagios/contactgroups/fedora-sysadmin-ircbot.cfg index 744442d87b..576ade36d8 100644 --- a/roles/nagios_server/files/nagios/contactgroups/fedora-sysadmin-ircbot.cfg +++ b/roles/nagios_server/files/nagios/contactgroups/fedora-sysadmin-ircbot.cfg @@ -1,6 +1,6 @@ define contactgroup{ contactgroup_name fedora-sysadmin-ircbot alias Fedora Sysadmin irc Contacts -# members ircbot,fedmsg - members null + members ircbot,fedmsg + } From 96995c05b7ecd30da6cc8dcab9613d36b6336552 Mon Sep 17 00:00:00 2001 From: Stephen Smoogen Date: Fri, 5 May 2017 21:22:10 +0000 Subject: [PATCH 54/90] and this is how the world ends.. in pager fire --- roles/nagios_server/files/nagios/contactgroups/bodhi.cfg | 4 ++-- .../files/nagios/contactgroups/build-sysadmin-email.cfg | 5 ----- .../files/nagios/contactgroups/fedora-sysadmin-email.cfg | 4 ++-- .../files/nagios/contactgroups/fedora-sysadmin-pager.cfg | 7 +++---- .../files/nagios/contactgroups/ppc-secondary-email.cfg | 6 ------ roles/nagios_server/files/nagios/contactgroups/retrace.cfg | 6 ------ .../files/nagios/contactgroups/sysadmin-qa-email.cfg | 3 +-- roles/nagios_server/files/nagios/hosts/templates.cfg | 6 +++--- 8 files changed, 11 insertions(+), 30 deletions(-) delete mode 100644 roles/nagios_server/files/nagios/contactgroups/build-sysadmin-email.cfg delete mode 100644 roles/nagios_server/files/nagios/contactgroups/ppc-secondary-email.cfg delete mode 100644 roles/nagios_server/files/nagios/contactgroups/retrace.cfg diff --git a/roles/nagios_server/files/nagios/contactgroups/bodhi.cfg b/roles/nagios_server/files/nagios/contactgroups/bodhi.cfg index c43f7e42bf..fc8cedaea1 100644 --- a/roles/nagios_server/files/nagios/contactgroups/bodhi.cfg +++ b/roles/nagios_server/files/nagios/contactgroups/bodhi.cfg @@ -1,6 +1,6 @@ define contactgroup { contactgroup_name bodhi alias Bodhi Notifications -# members bowlofeggs - members null + members bowlofeggs + } diff --git a/roles/nagios_server/files/nagios/contactgroups/build-sysadmin-email.cfg b/roles/nagios_server/files/nagios/contactgroups/build-sysadmin-email.cfg deleted file mode 100644 index 92f56c5750..0000000000 --- a/roles/nagios_server/files/nagios/contactgroups/build-sysadmin-email.cfg +++ /dev/null @@ -1,5 +0,0 @@ -#define contactgroup{ -# contactgroup_name build-sysadmin-email -# alias Build Sysadmin Email Contacts -# members kevin,aditya -# } diff --git a/roles/nagios_server/files/nagios/contactgroups/fedora-sysadmin-email.cfg b/roles/nagios_server/files/nagios/contactgroups/fedora-sysadmin-email.cfg index e6dec971e2..6fd49f1a9d 100644 --- a/roles/nagios_server/files/nagios/contactgroups/fedora-sysadmin-email.cfg +++ b/roles/nagios_server/files/nagios/contactgroups/fedora-sysadmin-email.cfg @@ -2,6 +2,6 @@ define contactgroup{ contactgroup_name fedora-sysadmin-email alias Fedora Sysadmin Email Contacts # sysadmin-main: @ausil codeblock jstanley @kevin pbrobinson pingou puiterwijk ralph @smooge tflink -# members admin,ausil,codeblock,jstanley,kevin,pbrobinson,pingou,puiterwijkp,ralph,smooge,tflink - members null + members admin,ausil,codeblock,jstanley,kevin,pbrobinson,pingou,puiterwijkp,ralph,smooge,tflink +# members null } diff --git a/roles/nagios_server/files/nagios/contactgroups/fedora-sysadmin-pager.cfg b/roles/nagios_server/files/nagios/contactgroups/fedora-sysadmin-pager.cfg index d2a97c3285..f7acb038c3 100644 --- a/roles/nagios_server/files/nagios/contactgroups/fedora-sysadmin-pager.cfg +++ b/roles/nagios_server/files/nagios/contactgroups/fedora-sysadmin-pager.cfg @@ -1,12 +1,11 @@ define contactgroup{ contactgroup_name fedora-sysadmin-pager alias Fedora Sysadmin Pager Contacts -# members smoogep,kevinp,puiterwijkp - members null + members smoogep,kevinp,puiterwijkp } + define contactgroup{ contactgroup_name fedora-sysadmin-emergency alias Fedora Sysadmin Pager Contacts -# members smooge-emergency,kevin-emergency,puiterwijk-emergency - members null + members smooge-emergency,kevin-emergency,puiterwijk-emergency } diff --git a/roles/nagios_server/files/nagios/contactgroups/ppc-secondary-email.cfg b/roles/nagios_server/files/nagios/contactgroups/ppc-secondary-email.cfg deleted file mode 100644 index cd4c2a3128..0000000000 --- a/roles/nagios_server/files/nagios/contactgroups/ppc-secondary-email.cfg +++ /dev/null @@ -1,6 +0,0 @@ -define contactgroup { - contactgroup_name ppc-secondary-email - alias Fedora PPC secondary arch Email Contacts -# members kevin,parasense,karsten - members null -} diff --git a/roles/nagios_server/files/nagios/contactgroups/retrace.cfg b/roles/nagios_server/files/nagios/contactgroups/retrace.cfg deleted file mode 100644 index e99c456c7a..0000000000 --- a/roles/nagios_server/files/nagios/contactgroups/retrace.cfg +++ /dev/null @@ -1,6 +0,0 @@ -define contactgroup { - contactgroup_name retrace-email - alias Fedora Retrace server Email Contacts -# members kevin,mtoman - members null -} diff --git a/roles/nagios_server/files/nagios/contactgroups/sysadmin-qa-email.cfg b/roles/nagios_server/files/nagios/contactgroups/sysadmin-qa-email.cfg index ae7696582b..e25dfe84fa 100644 --- a/roles/nagios_server/files/nagios/contactgroups/sysadmin-qa-email.cfg +++ b/roles/nagios_server/files/nagios/contactgroups/sysadmin-qa-email.cfg @@ -1,6 +1,5 @@ define contactgroup { contactgroup_name sysadmin-qa-email alias Fedora SysAdmin QA Email Contacts -# members sysadmin-qa - members null + members sysadmin-qa } diff --git a/roles/nagios_server/files/nagios/hosts/templates.cfg b/roles/nagios_server/files/nagios/hosts/templates.cfg index ecfc6e0f8c..ee9db1371f 100644 --- a/roles/nagios_server/files/nagios/hosts/templates.cfg +++ b/roles/nagios_server/files/nagios/hosts/templates.cfg @@ -24,7 +24,7 @@ define host { notification_interval 15 notifications_enabled 1 notification_options d,r - contact_groups fedora-sysadmin-ircbot + contact_groups register 0 } @@ -52,7 +52,7 @@ define host { notification_interval 15 notifications_enabled 1 notification_options d,r - contact_groups ppc-secondary-email + contact_groups fedora-sysadmin-ircbot register 0 } @@ -66,7 +66,7 @@ define host { notification_interval 15 notifications_enabled 1 notification_options d,r - contact_groups retrace-email + contact_groups fedora-sysadmin-ircbot register 0 } From bb3e49701286a881be907119bdce8e75f91015b8 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Fri, 5 May 2017 21:31:38 +0000 Subject: [PATCH 55/90] Add nagios_client to regcfp Signed-off-by: Patrick Uiterwijk --- playbooks/hosts/regcfp2.fedorainfracloud.org.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/playbooks/hosts/regcfp2.fedorainfracloud.org.yml b/playbooks/hosts/regcfp2.fedorainfracloud.org.yml index a3df0e5928..b517e229c6 100644 --- a/playbooks/hosts/regcfp2.fedorainfracloud.org.yml +++ b/playbooks/hosts/regcfp2.fedorainfracloud.org.yml @@ -26,6 +26,7 @@ hostname: name="{{inventory_hostname}}" roles: + - nagios_client - postgresql_server - regcfp From df0337fa716292b1b393fe05d5a5df062d16ff21 Mon Sep 17 00:00:00 2001 From: Stephen Smoogen Date: Fri, 5 May 2017 21:32:24 +0000 Subject: [PATCH 56/90] templates need to have correct lines for naigos to work --- roles/nagios_server/files/nagios/hosts/templates.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nagios_server/files/nagios/hosts/templates.cfg b/roles/nagios_server/files/nagios/hosts/templates.cfg index ee9db1371f..dd4212ea1d 100644 --- a/roles/nagios_server/files/nagios/hosts/templates.cfg +++ b/roles/nagios_server/files/nagios/hosts/templates.cfg @@ -24,7 +24,7 @@ define host { notification_interval 15 notifications_enabled 1 notification_options d,r - contact_groups + contact_groups fedora-sysadmin-ircbot register 0 } From 594a88c5d5995509be3a449ee33e2630c8caf7fa Mon Sep 17 00:00:00 2001 From: Stephen Smoogen Date: Fri, 5 May 2017 21:43:49 +0000 Subject: [PATCH 57/90] and we have a smaller list of people who are in sysadmin-main than we have taking pages --- .../files/nagios/contactgroups/fedora-sysadmin-email.cfg | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/nagios_server/files/nagios/contactgroups/fedora-sysadmin-email.cfg b/roles/nagios_server/files/nagios/contactgroups/fedora-sysadmin-email.cfg index 6fd49f1a9d..144a5f2084 100644 --- a/roles/nagios_server/files/nagios/contactgroups/fedora-sysadmin-email.cfg +++ b/roles/nagios_server/files/nagios/contactgroups/fedora-sysadmin-email.cfg @@ -2,6 +2,5 @@ define contactgroup{ contactgroup_name fedora-sysadmin-email alias Fedora Sysadmin Email Contacts # sysadmin-main: @ausil codeblock jstanley @kevin pbrobinson pingou puiterwijk ralph @smooge tflink - members admin,ausil,codeblock,jstanley,kevin,pbrobinson,pingou,puiterwijkp,ralph,smooge,tflink -# members null + members admin,ausil,codeblock,jstanley,kevin,puiterwijkp,smooge } From d0b6c8ce0623e6df1c551e07f2a7edb9df39167f Mon Sep 17 00:00:00 2001 From: Stephen Smoogen Date: Fri, 5 May 2017 22:12:33 +0000 Subject: [PATCH 58/90] and this is how you break everything before going on a week vacation --- playbooks/groups/anitya.yml | 2 +- playbooks/groups/ask.yml | 2 +- playbooks/groups/autocloud-backend.yml | 2 +- playbooks/groups/autocloud-web.yml | 2 +- playbooks/groups/backup-server.yml | 2 +- playbooks/groups/badges-backend.yml | 2 +- playbooks/groups/badges-web.yml | 2 +- playbooks/groups/basset.yml | 2 +- playbooks/groups/bastion.yml | 2 +- playbooks/groups/batcave.yml | 2 +- playbooks/groups/beaker-virthosts.yml | 2 +- playbooks/groups/beaker.yml | 2 +- playbooks/groups/blockerbugs.yml | 2 +- playbooks/groups/bodhi-backend.yml | 2 +- playbooks/groups/bodhi2.yml | 2 +- playbooks/groups/bugyou.yml | 2 +- playbooks/groups/bugzilla2fedmsg.yml | 2 +- playbooks/groups/busgateway.yml | 2 +- playbooks/groups/darkserver-backend.yml | 2 +- playbooks/groups/darkserver-web.yml | 2 +- playbooks/groups/darkserver.yml | 2 +- playbooks/groups/datagrepper.yml | 2 +- playbooks/groups/dhcp.yml | 2 +- playbooks/groups/dns.yml | 2 +- playbooks/groups/docker-registry.yml | 2 +- playbooks/groups/download.yml | 2 +- playbooks/groups/elections.yml | 2 +- playbooks/groups/fas.yml | 2 +- playbooks/groups/fas3.yml | 2 +- playbooks/groups/fedimg.yml | 2 +- playbooks/groups/fedocal.yml | 2 +- playbooks/groups/github2fedmsg.yml | 2 +- playbooks/groups/gnome-backups.yml | 2 +- playbooks/groups/hosted.yml | 2 +- playbooks/groups/hotness.yml | 2 +- playbooks/groups/infinote.yml | 2 +- playbooks/groups/ipa.yml | 2 +- playbooks/groups/ipsilon.yml | 2 +- playbooks/groups/kerneltest.yml | 2 +- playbooks/groups/keyserver.yml | 2 +- playbooks/groups/koji-hub.yml | 2 +- playbooks/groups/kojipkgs.yml | 2 +- playbooks/groups/koschei-backend.yml | 2 +- playbooks/groups/koschei-web.yml | 2 +- playbooks/groups/logserver.yml | 2 +- playbooks/groups/loopabull.yml | 2 +- playbooks/groups/mailman.yml | 2 +- playbooks/groups/mariadb-server.yml | 2 +- playbooks/groups/mbs.yml | 2 +- playbooks/groups/mdapi.yml | 2 +- playbooks/groups/memcached.yml | 2 +- playbooks/groups/mirrorlist2.yml | 2 +- playbooks/groups/mirrormanager.yml | 2 +- playbooks/groups/modernpaste.yml | 2 +- playbooks/groups/noc.yml | 2 +- playbooks/groups/notifs-backend.yml | 2 +- playbooks/groups/notifs-web.yml | 2 +- playbooks/groups/nuancier.yml | 2 +- playbooks/groups/openqa-workers.yml | 2 +- playbooks/groups/openqa.yml | 2 +- playbooks/groups/openstack-compute-nodes.yml | 2 +- playbooks/groups/osbs-cluster.yml | 2 +- playbooks/groups/packages.yml | 2 +- playbooks/groups/pagure.yml | 2 +- playbooks/groups/paste.yml | 2 +- playbooks/groups/pdc.yml | 2 +- playbooks/groups/people.yml | 2 +- playbooks/groups/piwik.yml | 2 +- playbooks/groups/pkgdb.yml | 2 +- playbooks/groups/pkgs.yml | 2 +- playbooks/groups/postgresql-server-bdr.yml | 2 +- playbooks/groups/postgresql-server.yml | 2 +- playbooks/groups/proxies.yml | 2 +- playbooks/groups/qa.yml | 2 +- playbooks/groups/releng-compose.yml | 2 +- playbooks/groups/resultsdb-dev.yml | 2 +- playbooks/groups/resultsdb-prod.yml | 2 +- playbooks/groups/resultsdb-stg.yml | 2 +- playbooks/groups/retrace.yml | 2 +- playbooks/groups/secondary.yml | 2 +- playbooks/groups/smtp-mm.yml | 2 +- playbooks/groups/statscache.yml | 2 +- playbooks/groups/summershum.yml | 2 +- playbooks/groups/sundries.yml | 2 +- playbooks/groups/tagger.yml | 2 +- playbooks/groups/taskotron-client-hosts.yml | 2 +- playbooks/groups/taskotron-dev.yml | 2 +- playbooks/groups/taskotron-prod.yml | 2 +- playbooks/groups/taskotron-stg.yml | 2 +- playbooks/groups/taskotron.yml | 2 +- playbooks/groups/torrent.yml | 2 +- playbooks/groups/unbound.yml | 2 +- playbooks/groups/value.yml | 2 +- playbooks/groups/virthost.yml | 2 +- playbooks/groups/wiki.yml | 2 +- playbooks/groups/zanata2fedmsg.yml | 2 +- playbooks/hosts/cloud-noc01.cloud.fedoraproject.org.yml | 2 +- playbooks/hosts/data-analysis01.phx2.fedoraproject.org.yml | 2 +- playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml | 2 +- playbooks/hosts/magazine.fedorainfracloud.org.yml | 2 +- playbooks/hosts/piwik.fedorainfracloud.org.yml | 2 +- playbooks/manual/autosign.yml | 2 +- playbooks/manual/kernel-qa.yml | 2 +- playbooks/manual/qadevel.yml | 2 +- roles/bodhi2/backend/tasks/main.yml | 2 +- roles/copr/backend/meta/main.yml | 2 +- roles/copr/backend/tasks/monitoring.yml | 2 +- 107 files changed, 107 insertions(+), 107 deletions(-) diff --git a/playbooks/groups/anitya.yml b/playbooks/groups/anitya.yml index 3809bd967c..baeae77962 100644 --- a/playbooks/groups/anitya.yml +++ b/playbooks/groups/anitya.yml @@ -14,7 +14,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - sudo diff --git a/playbooks/groups/ask.yml b/playbooks/groups/ask.yml index 2fc89b60ef..f1bed3c506 100644 --- a/playbooks/groups/ask.yml +++ b/playbooks/groups/ask.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/autocloud-backend.yml b/playbooks/groups/autocloud-backend.yml index 1924baf9e4..b849bd876a 100644 --- a/playbooks/groups/autocloud-backend.yml +++ b/playbooks/groups/autocloud-backend.yml @@ -18,7 +18,7 @@ - rkhunter - hosts - fas_client - - nagios/client + - nagios_client - collectd/base - fedmsg/base - sudo diff --git a/playbooks/groups/autocloud-web.yml b/playbooks/groups/autocloud-web.yml index 5554da6a91..e5277b0724 100644 --- a/playbooks/groups/autocloud-web.yml +++ b/playbooks/groups/autocloud-web.yml @@ -16,7 +16,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/backup-server.yml b/playbooks/groups/backup-server.yml index 353b43c2dd..944ed8dffb 100644 --- a/playbooks/groups/backup-server.yml +++ b/playbooks/groups/backup-server.yml @@ -16,7 +16,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - sudo diff --git a/playbooks/groups/badges-backend.yml b/playbooks/groups/badges-backend.yml index e519c76e22..14169d4143 100644 --- a/playbooks/groups/badges-backend.yml +++ b/playbooks/groups/badges-backend.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/badges-web.yml b/playbooks/groups/badges-web.yml index ffa4467052..75f4c94acb 100644 --- a/playbooks/groups/badges-web.yml +++ b/playbooks/groups/badges-web.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/basset.yml b/playbooks/groups/basset.yml index cdf511aa93..a53e99ddeb 100644 --- a/playbooks/groups/basset.yml +++ b/playbooks/groups/basset.yml @@ -15,7 +15,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/bastion.yml b/playbooks/groups/bastion.yml index 6e02bc7091..aa1dab5339 100644 --- a/playbooks/groups/bastion.yml +++ b/playbooks/groups/bastion.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - sudo diff --git a/playbooks/groups/batcave.yml b/playbooks/groups/batcave.yml index cbd3abdb4a..64a97283b2 100644 --- a/playbooks/groups/batcave.yml +++ b/playbooks/groups/batcave.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - ansible-server diff --git a/playbooks/groups/beaker-virthosts.yml b/playbooks/groups/beaker-virthosts.yml index 856ee8540c..109fee1819 100644 --- a/playbooks/groups/beaker-virthosts.yml +++ b/playbooks/groups/beaker-virthosts.yml @@ -17,7 +17,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/beaker.yml b/playbooks/groups/beaker.yml index 13c4b96550..6a8bc24ec1 100644 --- a/playbooks/groups/beaker.yml +++ b/playbooks/groups/beaker.yml @@ -17,7 +17,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/blockerbugs.yml b/playbooks/groups/blockerbugs.yml index e80a76a111..e195795630 100644 --- a/playbooks/groups/blockerbugs.yml +++ b/playbooks/groups/blockerbugs.yml @@ -14,7 +14,7 @@ - base - hosts - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/bodhi-backend.yml b/playbooks/groups/bodhi-backend.yml index fff3efc7e1..9140c6c158 100644 --- a/playbooks/groups/bodhi-backend.yml +++ b/playbooks/groups/bodhi-backend.yml @@ -21,7 +21,7 @@ roles: - base - - nagios/client + - nagios_client - collectd/base - hosts - builder_repo diff --git a/playbooks/groups/bodhi2.yml b/playbooks/groups/bodhi2.yml index 0abce785e5..4d057eff12 100644 --- a/playbooks/groups/bodhi2.yml +++ b/playbooks/groups/bodhi2.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - sudo diff --git a/playbooks/groups/bugyou.yml b/playbooks/groups/bugyou.yml index 399f3aaecc..8a7800338d 100644 --- a/playbooks/groups/bugyou.yml +++ b/playbooks/groups/bugyou.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - collectd/base - hosts - fas_client diff --git a/playbooks/groups/bugzilla2fedmsg.yml b/playbooks/groups/bugzilla2fedmsg.yml index 06e073e342..d9d264d821 100644 --- a/playbooks/groups/bugzilla2fedmsg.yml +++ b/playbooks/groups/bugzilla2fedmsg.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - sudo diff --git a/playbooks/groups/busgateway.yml b/playbooks/groups/busgateway.yml index 00cb88c2ca..45e02b4c71 100644 --- a/playbooks/groups/busgateway.yml +++ b/playbooks/groups/busgateway.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/darkserver-backend.yml b/playbooks/groups/darkserver-backend.yml index 669404157c..7df789f355 100644 --- a/playbooks/groups/darkserver-backend.yml +++ b/playbooks/groups/darkserver-backend.yml @@ -21,7 +21,7 @@ - collectd/base - fas_client - hosts - - nagios/client + - nagios_client - rsyncd - sudo - rkhunter diff --git a/playbooks/groups/darkserver-web.yml b/playbooks/groups/darkserver-web.yml index ddc4d419aa..50a06c6784 100644 --- a/playbooks/groups/darkserver-web.yml +++ b/playbooks/groups/darkserver-web.yml @@ -21,7 +21,7 @@ - collectd/base - fas_client - hosts - - nagios/client + - nagios_client - rkhunter - rsyncd - sudo diff --git a/playbooks/groups/darkserver.yml b/playbooks/groups/darkserver.yml index 1d8f180a49..0bcd08cd05 100644 --- a/playbooks/groups/darkserver.yml +++ b/playbooks/groups/darkserver.yml @@ -22,7 +22,7 @@ - fas_client - rkhunter - hosts - - nagios/client + - nagios_client - rsyncd - sudo - { role: openvpn/client, when: env != "staging" } diff --git a/playbooks/groups/datagrepper.yml b/playbooks/groups/datagrepper.yml index 5f19fe3b05..c1751ff442 100644 --- a/playbooks/groups/datagrepper.yml +++ b/playbooks/groups/datagrepper.yml @@ -15,7 +15,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/dhcp.yml b/playbooks/groups/dhcp.yml index 2a2074135b..8cb32b06b7 100644 --- a/playbooks/groups/dhcp.yml +++ b/playbooks/groups/dhcp.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/dns.yml b/playbooks/groups/dns.yml index 46a6b89e8b..f56012e3ec 100644 --- a/playbooks/groups/dns.yml +++ b/playbooks/groups/dns.yml @@ -16,7 +16,7 @@ - base - hosts - rkhunter - - nagios/client + - nagios_client - fas_client - collectd/base - collectd/bind diff --git a/playbooks/groups/docker-registry.yml b/playbooks/groups/docker-registry.yml index 257c1961b3..980b983fba 100644 --- a/playbooks/groups/docker-registry.yml +++ b/playbooks/groups/docker-registry.yml @@ -14,7 +14,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/download.yml b/playbooks/groups/download.yml index e82b86dff7..32f186105c 100644 --- a/playbooks/groups/download.yml +++ b/playbooks/groups/download.yml @@ -29,7 +29,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/elections.yml b/playbooks/groups/elections.yml index 6e11e652f6..2cf9e747d4 100644 --- a/playbooks/groups/elections.yml +++ b/playbooks/groups/elections.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - rsyncd diff --git a/playbooks/groups/fas.yml b/playbooks/groups/fas.yml index 6d6b13f4ac..fedc4c00d1 100644 --- a/playbooks/groups/fas.yml +++ b/playbooks/groups/fas.yml @@ -16,7 +16,7 @@ - base - hosts - rkhunter - - nagios/client + - nagios_client - fas_client - collectd/base - rsyncd diff --git a/playbooks/groups/fas3.yml b/playbooks/groups/fas3.yml index 6bef9f552d..f6ea71da03 100644 --- a/playbooks/groups/fas3.yml +++ b/playbooks/groups/fas3.yml @@ -16,7 +16,7 @@ - base - hosts - rkhunter - #- nagios/client + #- nagios_client - fas_client - collectd/base - rsyncd diff --git a/playbooks/groups/fedimg.yml b/playbooks/groups/fedimg.yml index 92743c9628..abddaeac93 100644 --- a/playbooks/groups/fedimg.yml +++ b/playbooks/groups/fedimg.yml @@ -17,7 +17,7 @@ - base - rkhunter - fas_client - - nagios/client + - nagios_client - hosts - collectd/base - fedmsg/base diff --git a/playbooks/groups/fedocal.yml b/playbooks/groups/fedocal.yml index 6d4cbb6693..3fefb8a33f 100644 --- a/playbooks/groups/fedocal.yml +++ b/playbooks/groups/fedocal.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - rsyncd diff --git a/playbooks/groups/github2fedmsg.yml b/playbooks/groups/github2fedmsg.yml index 89bb97aae6..05da0da440 100644 --- a/playbooks/groups/github2fedmsg.yml +++ b/playbooks/groups/github2fedmsg.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/gnome-backups.yml b/playbooks/groups/gnome-backups.yml index 48b0070931..2f2a0183ef 100644 --- a/playbooks/groups/gnome-backups.yml +++ b/playbooks/groups/gnome-backups.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - sudo diff --git a/playbooks/groups/hosted.yml b/playbooks/groups/hosted.yml index a3a9536b2f..29aa110475 100644 --- a/playbooks/groups/hosted.yml +++ b/playbooks/groups/hosted.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - sudo diff --git a/playbooks/groups/hotness.yml b/playbooks/groups/hotness.yml index a863f2ef78..abc5c69315 100644 --- a/playbooks/groups/hotness.yml +++ b/playbooks/groups/hotness.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - collectd/base - hosts - fas_client diff --git a/playbooks/groups/infinote.yml b/playbooks/groups/infinote.yml index f066188f3a..f503a46dd8 100644 --- a/playbooks/groups/infinote.yml +++ b/playbooks/groups/infinote.yml @@ -14,7 +14,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - sudo diff --git a/playbooks/groups/ipa.yml b/playbooks/groups/ipa.yml index b6682a2878..6783fcf3b7 100644 --- a/playbooks/groups/ipa.yml +++ b/playbooks/groups/ipa.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - rsyncd diff --git a/playbooks/groups/ipsilon.yml b/playbooks/groups/ipsilon.yml index 77f7890a35..8f7cbcfb04 100644 --- a/playbooks/groups/ipsilon.yml +++ b/playbooks/groups/ipsilon.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - rsyncd diff --git a/playbooks/groups/kerneltest.yml b/playbooks/groups/kerneltest.yml index 3dbccb6523..54908ab364 100644 --- a/playbooks/groups/kerneltest.yml +++ b/playbooks/groups/kerneltest.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/keyserver.yml b/playbooks/groups/keyserver.yml index 286c56ecf5..2707c77053 100644 --- a/playbooks/groups/keyserver.yml +++ b/playbooks/groups/keyserver.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - sudo diff --git a/playbooks/groups/koji-hub.yml b/playbooks/groups/koji-hub.yml index 11c80d179a..4f7d3e669c 100644 --- a/playbooks/groups/koji-hub.yml +++ b/playbooks/groups/koji-hub.yml @@ -23,7 +23,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - builder_repo diff --git a/playbooks/groups/kojipkgs.yml b/playbooks/groups/kojipkgs.yml index 4a6bfaf3f0..fd330e2457 100644 --- a/playbooks/groups/kojipkgs.yml +++ b/playbooks/groups/kojipkgs.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - sudo diff --git a/playbooks/groups/koschei-backend.yml b/playbooks/groups/koschei-backend.yml index 2d67ce9862..b96b3df55a 100644 --- a/playbooks/groups/koschei-backend.yml +++ b/playbooks/groups/koschei-backend.yml @@ -16,7 +16,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - builder_repo diff --git a/playbooks/groups/koschei-web.yml b/playbooks/groups/koschei-web.yml index cd1c919c1c..047011bbd5 100644 --- a/playbooks/groups/koschei-web.yml +++ b/playbooks/groups/koschei-web.yml @@ -14,7 +14,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/logserver.yml b/playbooks/groups/logserver.yml index 362ef91539..4a7646461d 100644 --- a/playbooks/groups/logserver.yml +++ b/playbooks/groups/logserver.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - apache diff --git a/playbooks/groups/loopabull.yml b/playbooks/groups/loopabull.yml index 425953dd83..192115e1f9 100644 --- a/playbooks/groups/loopabull.yml +++ b/playbooks/groups/loopabull.yml @@ -17,7 +17,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/mailman.yml b/playbooks/groups/mailman.yml index 1d70e52173..64dad63fa3 100644 --- a/playbooks/groups/mailman.yml +++ b/playbooks/groups/mailman.yml @@ -17,7 +17,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/mariadb-server.yml b/playbooks/groups/mariadb-server.yml index 58814d37ee..3633f4219d 100644 --- a/playbooks/groups/mariadb-server.yml +++ b/playbooks/groups/mariadb-server.yml @@ -20,7 +20,7 @@ - base - rkhunter - fas_client - - nagios/client + - nagios_client - hosts - mariadb_server - collectd/base diff --git a/playbooks/groups/mbs.yml b/playbooks/groups/mbs.yml index 365edb61d9..69edb91f7f 100644 --- a/playbooks/groups/mbs.yml +++ b/playbooks/groups/mbs.yml @@ -16,7 +16,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - rsyncd diff --git a/playbooks/groups/mdapi.yml b/playbooks/groups/mdapi.yml index 5d59f8b36d..f6f9a2046b 100644 --- a/playbooks/groups/mdapi.yml +++ b/playbooks/groups/mdapi.yml @@ -16,7 +16,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - rsyncd diff --git a/playbooks/groups/memcached.yml b/playbooks/groups/memcached.yml index f3660f2a39..e8dfb20e30 100644 --- a/playbooks/groups/memcached.yml +++ b/playbooks/groups/memcached.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/mirrorlist2.yml b/playbooks/groups/mirrorlist2.yml index 68381419ff..d307275bfa 100644 --- a/playbooks/groups/mirrorlist2.yml +++ b/playbooks/groups/mirrorlist2.yml @@ -50,7 +50,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - geoip - hosts - fas_client diff --git a/playbooks/groups/mirrormanager.yml b/playbooks/groups/mirrormanager.yml index d481110210..746ae1a45a 100644 --- a/playbooks/groups/mirrormanager.yml +++ b/playbooks/groups/mirrormanager.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - sudo diff --git a/playbooks/groups/modernpaste.yml b/playbooks/groups/modernpaste.yml index 1a28e43194..0b7b2bd514 100644 --- a/playbooks/groups/modernpaste.yml +++ b/playbooks/groups/modernpaste.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - sudo diff --git a/playbooks/groups/noc.yml b/playbooks/groups/noc.yml index c5c153dc5f..928b0dd0a8 100644 --- a/playbooks/groups/noc.yml +++ b/playbooks/groups/noc.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/notifs-backend.yml b/playbooks/groups/notifs-backend.yml index 58de8307b6..4bd46b99bf 100644 --- a/playbooks/groups/notifs-backend.yml +++ b/playbooks/groups/notifs-backend.yml @@ -20,7 +20,7 @@ - rkhunter - hosts - fas_client - - nagios/client + - nagios_client - collectd/base - fedmsg/base - sudo diff --git a/playbooks/groups/notifs-web.yml b/playbooks/groups/notifs-web.yml index cf5e492346..784a6f9764 100644 --- a/playbooks/groups/notifs-web.yml +++ b/playbooks/groups/notifs-web.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/nuancier.yml b/playbooks/groups/nuancier.yml index d9a2234693..d34748d700 100644 --- a/playbooks/groups/nuancier.yml +++ b/playbooks/groups/nuancier.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/openqa-workers.yml b/playbooks/groups/openqa-workers.yml index b58273550e..0966aa8667 100644 --- a/playbooks/groups/openqa-workers.yml +++ b/playbooks/groups/openqa-workers.yml @@ -11,7 +11,7 @@ roles: - { role: base, tags: ['base'] } - { role: rkhunter, tags: ['rkhunter'] } - - { role: nagios/client, tags: ['nagios/client'] } + - { role: nagios_client, tags: ['nagios_client'] } - { role: hosts, tags: ['hosts']} - { role: fas_client, tags: ['fas_client'] } - { role: collectd/base, tags: ['collectd_base'] } diff --git a/playbooks/groups/openqa.yml b/playbooks/groups/openqa.yml index 7bb4b75d61..15066ea00d 100644 --- a/playbooks/groups/openqa.yml +++ b/playbooks/groups/openqa.yml @@ -13,7 +13,7 @@ roles: - { role: base, tags: ['base'] } - { role: rkhunter, tags: ['rkhunter'] } - - { role: nagios/client, tags: ['nagios/client'] } + - { role: nagios_client, tags: ['nagios_client'] } - { role: hosts, tags: ['hosts']} - { role: fas_client, tags: ['fas_client'] } - { role: collectd/base, tags: ['collectd_base'] } diff --git a/playbooks/groups/openstack-compute-nodes.yml b/playbooks/groups/openstack-compute-nodes.yml index 2340137440..503dca2a34 100644 --- a/playbooks/groups/openstack-compute-nodes.yml +++ b/playbooks/groups/openstack-compute-nodes.yml @@ -14,7 +14,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - fas_client - collectd/base - sudo diff --git a/playbooks/groups/osbs-cluster.yml b/playbooks/groups/osbs-cluster.yml index 5d9ff0ab6d..726bb92795 100644 --- a/playbooks/groups/osbs-cluster.yml +++ b/playbooks/groups/osbs-cluster.yml @@ -15,7 +15,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/packages.yml b/playbooks/groups/packages.yml index ac256395e1..7d3cabd8bd 100644 --- a/playbooks/groups/packages.yml +++ b/playbooks/groups/packages.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/pagure.yml b/playbooks/groups/pagure.yml index 099a795fe0..88bf0b7969 100644 --- a/playbooks/groups/pagure.yml +++ b/playbooks/groups/pagure.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - sudo diff --git a/playbooks/groups/paste.yml b/playbooks/groups/paste.yml index c26c34e106..0d02d948cf 100644 --- a/playbooks/groups/paste.yml +++ b/playbooks/groups/paste.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/pdc.yml b/playbooks/groups/pdc.yml index 88d329b16d..1e46069a4b 100644 --- a/playbooks/groups/pdc.yml +++ b/playbooks/groups/pdc.yml @@ -16,7 +16,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - collectd/base - hosts - fas_client diff --git a/playbooks/groups/people.yml b/playbooks/groups/people.yml index 31f81e42fa..7877950c07 100644 --- a/playbooks/groups/people.yml +++ b/playbooks/groups/people.yml @@ -59,7 +59,7 @@ - collectd/base - fas_client - hosts - - nagios/client + - nagios_client - rkhunter - rsyncd - sudo diff --git a/playbooks/groups/piwik.yml b/playbooks/groups/piwik.yml index 914e94cb84..1f89218a60 100644 --- a/playbooks/groups/piwik.yml +++ b/playbooks/groups/piwik.yml @@ -15,7 +15,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/pkgdb.yml b/playbooks/groups/pkgdb.yml index 87aaa743b8..98d211e6d9 100644 --- a/playbooks/groups/pkgdb.yml +++ b/playbooks/groups/pkgdb.yml @@ -17,7 +17,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/pkgs.yml b/playbooks/groups/pkgs.yml index 64b601c85e..fa0f3c64e4 100644 --- a/playbooks/groups/pkgs.yml +++ b/playbooks/groups/pkgs.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - fas_client - collectd/base - sudo diff --git a/playbooks/groups/postgresql-server-bdr.yml b/playbooks/groups/postgresql-server-bdr.yml index e2a63cca1a..d07290b3b3 100644 --- a/playbooks/groups/postgresql-server-bdr.yml +++ b/playbooks/groups/postgresql-server-bdr.yml @@ -20,7 +20,7 @@ - base - rkhunter - fas_client - - nagios/client + - nagios_client - hosts - collectd/base - collectd/postgres # This requires a 'databases' var to be set in host_vars diff --git a/playbooks/groups/postgresql-server.yml b/playbooks/groups/postgresql-server.yml index ae0bd03567..8d78b542dd 100644 --- a/playbooks/groups/postgresql-server.yml +++ b/playbooks/groups/postgresql-server.yml @@ -20,7 +20,7 @@ - base - rkhunter - fas_client - - nagios/client + - nagios_client - hosts - postgresql_server - collectd/base diff --git a/playbooks/groups/proxies.yml b/playbooks/groups/proxies.yml index b4e22dedc0..d86eb2a16e 100644 --- a/playbooks/groups/proxies.yml +++ b/playbooks/groups/proxies.yml @@ -15,7 +15,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - collectd/base - sudo - rsyncd diff --git a/playbooks/groups/qa.yml b/playbooks/groups/qa.yml index d5573d6452..978ad8e0ba 100644 --- a/playbooks/groups/qa.yml +++ b/playbooks/groups/qa.yml @@ -18,7 +18,7 @@ roles: - { role: base, tags: ['base'] } - { role: rkhunter, tags: ['rkhunter'] } - - { role: nagios/client, tags: ['nagios/client'] } + - { role: nagios_client, tags: ['nagios_client'] } - hosts - { role: fas_client, tags: ['fas_client'] } - { role: collectd/base, tags: ['collectd_base'] } diff --git a/playbooks/groups/releng-compose.yml b/playbooks/groups/releng-compose.yml index fdd7b38baa..1e1f7120e3 100644 --- a/playbooks/groups/releng-compose.yml +++ b/playbooks/groups/releng-compose.yml @@ -26,7 +26,7 @@ - builder_repo - fas_client - rkhunter - - nagios/client + - nagios_client - collectd/base - sudo - role: keytab/service diff --git a/playbooks/groups/resultsdb-dev.yml b/playbooks/groups/resultsdb-dev.yml index 141230e0d6..c021506d54 100644 --- a/playbooks/groups/resultsdb-dev.yml +++ b/playbooks/groups/resultsdb-dev.yml @@ -18,7 +18,7 @@ roles: - { role: base, tags: ['base'] } - { role: rkhunter, tags: ['rkhunter'] } - - { role: nagios/client, tags: ['nagios/client'] } + - { role: nagios_client, tags: ['nagios_client'] } - { role: hosts, tags: ['hosts']} - { role: fas_client, tags: ['fas_client'] } - { role: collectd/base, tags: ['collectd_base'] } diff --git a/playbooks/groups/resultsdb-prod.yml b/playbooks/groups/resultsdb-prod.yml index 4e617f126c..cab0770d24 100644 --- a/playbooks/groups/resultsdb-prod.yml +++ b/playbooks/groups/resultsdb-prod.yml @@ -18,7 +18,7 @@ roles: - { role: base, tags: ['base'] } - { role: rkhunter, tags: ['rkhunter'] } - - { role: nagios/client, tags: ['nagios/client'] } + - { role: nagios_client, tags: ['nagios_client'] } - { role: hosts, tags: ['hosts']} - { role: fas_client, tags: ['fas_client'] } - { role: collectd/base, tags: ['collectd_base'] } diff --git a/playbooks/groups/resultsdb-stg.yml b/playbooks/groups/resultsdb-stg.yml index cda7459b5b..7aa517212b 100644 --- a/playbooks/groups/resultsdb-stg.yml +++ b/playbooks/groups/resultsdb-stg.yml @@ -18,7 +18,7 @@ roles: - { role: base, tags: ['base'] } - { role: rkhunter, tags: ['rkhunter'] } - - { role: nagios/client, tags: ['nagios/client'] } + - { role: nagios_client, tags: ['nagios_client'] } - { role: hosts, tags: ['hosts']} - { role: fas_client, tags: ['fas_client'] } - { role: collectd/base, tags: ['collectd_base'] } diff --git a/playbooks/groups/retrace.yml b/playbooks/groups/retrace.yml index 502a437a01..400625c711 100644 --- a/playbooks/groups/retrace.yml +++ b/playbooks/groups/retrace.yml @@ -15,7 +15,7 @@ - hosts - fas_client - rkhunter - - nagios/client + - nagios_client - sudo - fedmsg/base diff --git a/playbooks/groups/secondary.yml b/playbooks/groups/secondary.yml index b8207f6237..f81a5915b4 100644 --- a/playbooks/groups/secondary.yml +++ b/playbooks/groups/secondary.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/smtp-mm.yml b/playbooks/groups/smtp-mm.yml index e0d806d4a3..d93e46f816 100644 --- a/playbooks/groups/smtp-mm.yml +++ b/playbooks/groups/smtp-mm.yml @@ -15,7 +15,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/statscache.yml b/playbooks/groups/statscache.yml index 65725401f9..f1fb38f0b2 100644 --- a/playbooks/groups/statscache.yml +++ b/playbooks/groups/statscache.yml @@ -19,7 +19,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/summershum.yml b/playbooks/groups/summershum.yml index 1706c6ad08..81f70ad0c0 100644 --- a/playbooks/groups/summershum.yml +++ b/playbooks/groups/summershum.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - collectd/base - hosts - fas_client diff --git a/playbooks/groups/sundries.yml b/playbooks/groups/sundries.yml index 729cf9af15..b71977add9 100644 --- a/playbooks/groups/sundries.yml +++ b/playbooks/groups/sundries.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/tagger.yml b/playbooks/groups/tagger.yml index 8bb044cf20..7734daa9fa 100644 --- a/playbooks/groups/tagger.yml +++ b/playbooks/groups/tagger.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/taskotron-client-hosts.yml b/playbooks/groups/taskotron-client-hosts.yml index 4996dbc2fa..dd4dedddd4 100644 --- a/playbooks/groups/taskotron-client-hosts.yml +++ b/playbooks/groups/taskotron-client-hosts.yml @@ -17,7 +17,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/taskotron-dev.yml b/playbooks/groups/taskotron-dev.yml index 093da6047f..a5ba557833 100644 --- a/playbooks/groups/taskotron-dev.yml +++ b/playbooks/groups/taskotron-dev.yml @@ -18,7 +18,7 @@ roles: - { role: base, tags: ['base'] } - { role: rkhunter, tags: ['rkhunter'] } - - { role: nagios/client, tags: ['nagios/client'] } + - { role: nagios_client, tags: ['nagios_client'] } - { role: hosts, tags: ['hosts']} - { role: fas_client, tags: ['fas_client'] } - { role: collectd/base, tags: ['collectd_base'] } diff --git a/playbooks/groups/taskotron-prod.yml b/playbooks/groups/taskotron-prod.yml index 184b11b001..2894c88620 100644 --- a/playbooks/groups/taskotron-prod.yml +++ b/playbooks/groups/taskotron-prod.yml @@ -18,7 +18,7 @@ roles: - { role: base, tags: ['base'] } - { role: rkhunter, tags: ['rkhunter'] } - - { role: nagios/client, tags: ['nagios/client'] } + - { role: nagios_client, tags: ['nagios_client'] } - { role: hosts, tags: ['hosts']} - { role: fas_client, tags: ['fas_client'] } - { role: collectd/base, tags: ['collectd_base'] } diff --git a/playbooks/groups/taskotron-stg.yml b/playbooks/groups/taskotron-stg.yml index 282094aa82..652583c59a 100644 --- a/playbooks/groups/taskotron-stg.yml +++ b/playbooks/groups/taskotron-stg.yml @@ -18,7 +18,7 @@ roles: - { role: base, tags: ['base'] } - { role: rkhunter, tags: ['rkhunter'] } - - { role: nagios/client, tags: ['nagios/client'] } + - { role: nagios_client, tags: ['nagios_client'] } - { role: hosts, tags: ['hosts']} - { role: fas_client, tags: ['fas_client'] } - { role: collectd/base, tags: ['collectd_base'] } diff --git a/playbooks/groups/taskotron.yml b/playbooks/groups/taskotron.yml index d6590747fc..701e427f89 100644 --- a/playbooks/groups/taskotron.yml +++ b/playbooks/groups/taskotron.yml @@ -18,7 +18,7 @@ roles: - { role: base, tags: ['base'] } - { role: rkhunter, tags: ['rkhunter'] } - - { role: nagios/client, tags: ['nagios/client'] } + - { role: nagios_client, tags: ['nagios_client'] } - { role: hosts, tags: ['hosts']} - { role: fas_client, tags: ['fas_client'] } - { role: collectd/base, tags: ['collectd_base'] } diff --git a/playbooks/groups/torrent.yml b/playbooks/groups/torrent.yml index 1d69ed68ab..b196ca95ac 100644 --- a/playbooks/groups/torrent.yml +++ b/playbooks/groups/torrent.yml @@ -14,7 +14,7 @@ - base - hosts - rkhunter - - nagios/client + - nagios_client - fas_client - collectd/base - rsyncd diff --git a/playbooks/groups/unbound.yml b/playbooks/groups/unbound.yml index 76de92e130..a3e3e02778 100644 --- a/playbooks/groups/unbound.yml +++ b/playbooks/groups/unbound.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/value.yml b/playbooks/groups/value.yml index a0fbba22ee..e907c43936 100644 --- a/playbooks/groups/value.yml +++ b/playbooks/groups/value.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/virthost.yml b/playbooks/groups/virthost.yml index dc4cfdc8e7..43f9b4c76c 100644 --- a/playbooks/groups/virthost.yml +++ b/playbooks/groups/virthost.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/wiki.yml b/playbooks/groups/wiki.yml index 1e5adae54b..07c32717ec 100644 --- a/playbooks/groups/wiki.yml +++ b/playbooks/groups/wiki.yml @@ -21,7 +21,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/groups/zanata2fedmsg.yml b/playbooks/groups/zanata2fedmsg.yml index 8365e93de3..687d77c015 100644 --- a/playbooks/groups/zanata2fedmsg.yml +++ b/playbooks/groups/zanata2fedmsg.yml @@ -18,7 +18,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/hosts/cloud-noc01.cloud.fedoraproject.org.yml b/playbooks/hosts/cloud-noc01.cloud.fedoraproject.org.yml index e678d4c97b..49e9070ddd 100644 --- a/playbooks/hosts/cloud-noc01.cloud.fedoraproject.org.yml +++ b/playbooks/hosts/cloud-noc01.cloud.fedoraproject.org.yml @@ -13,7 +13,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/hosts/data-analysis01.phx2.fedoraproject.org.yml b/playbooks/hosts/data-analysis01.phx2.fedoraproject.org.yml index b53b0b4190..5be664e24a 100644 --- a/playbooks/hosts/data-analysis01.phx2.fedoraproject.org.yml +++ b/playbooks/hosts/data-analysis01.phx2.fedoraproject.org.yml @@ -18,7 +18,7 @@ - rkhunter - hosts - fas_client - - nagios/client + - nagios_client - collectd/base - sudo - role: keytab/service diff --git a/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml b/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml index e830789f4b..501d95e65f 100644 --- a/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml +++ b/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml @@ -36,7 +36,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - fas_client - sudo diff --git a/playbooks/hosts/magazine.fedorainfracloud.org.yml b/playbooks/hosts/magazine.fedorainfracloud.org.yml index e42e2c44b4..b0d219a85f 100644 --- a/playbooks/hosts/magazine.fedorainfracloud.org.yml +++ b/playbooks/hosts/magazine.fedorainfracloud.org.yml @@ -51,5 +51,5 @@ service: name=postfix enabled=yes state=started roles: - - nagios/client + - nagios_client - mariadb_server diff --git a/playbooks/hosts/piwik.fedorainfracloud.org.yml b/playbooks/hosts/piwik.fedorainfracloud.org.yml index ab8d538522..d7a65167db 100644 --- a/playbooks/hosts/piwik.fedorainfracloud.org.yml +++ b/playbooks/hosts/piwik.fedorainfracloud.org.yml @@ -29,7 +29,7 @@ - apache - base - piwik - - nagios/client + - nagios_client pre_tasks: - include: "{{ tasks_path }}/yumrepos.yml" diff --git a/playbooks/manual/autosign.yml b/playbooks/manual/autosign.yml index cb07eda7fc..fc98513e3f 100644 --- a/playbooks/manual/autosign.yml +++ b/playbooks/manual/autosign.yml @@ -19,7 +19,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - hosts - fas_client - collectd/base diff --git a/playbooks/manual/kernel-qa.yml b/playbooks/manual/kernel-qa.yml index 72c25a58a7..ccfa6ba2cb 100644 --- a/playbooks/manual/kernel-qa.yml +++ b/playbooks/manual/kernel-qa.yml @@ -15,7 +15,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - fas_client - sudo - hosts diff --git a/playbooks/manual/qadevel.yml b/playbooks/manual/qadevel.yml index b569021061..e8d64a2ee6 100644 --- a/playbooks/manual/qadevel.yml +++ b/playbooks/manual/qadevel.yml @@ -32,7 +32,7 @@ roles: - base - rkhunter - - nagios/client + - nagios_client - fas_client - collectd/base - sudo diff --git a/roles/bodhi2/backend/tasks/main.yml b/roles/bodhi2/backend/tasks/main.yml index 4768231686..2b6ff230cf 100644 --- a/roles/bodhi2/backend/tasks/main.yml +++ b/roles/bodhi2/backend/tasks/main.yml @@ -63,7 +63,7 @@ user: name=nrpe groups=apache append=yes tags: - fedmsgmonitor - - nagios/client + - nagios_client - name: install bodhi.pem file copy: > diff --git a/roles/copr/backend/meta/main.yml b/roles/copr/backend/meta/main.yml index 9c40a7c753..d84917b7ae 100644 --- a/roles/copr/backend/meta/main.yml +++ b/roles/copr/backend/meta/main.yml @@ -1,5 +1,5 @@ --- dependencies: - { role: copr/base } - - { role: nagios/client } + - { role: nagios_client } # - { role: collectd/base } diff --git a/roles/copr/backend/tasks/monitoring.yml b/roles/copr/backend/tasks/monitoring.yml index 8ce3fee003..938b7e7b9b 100644 --- a/roles/copr/backend/tasks/monitoring.yml +++ b/roles/copr/backend/tasks/monitoring.yml @@ -3,7 +3,7 @@ notify: - restart nrpe tags: - - nagios/client + - nagios_client - name: set acl for nrpe on /etc/copr acl: name=/etc/copr entity=nrpe etype=user permissions=rx state=present From 00ed6ca8c6770d333962acfcd8d67d2150555f23 Mon Sep 17 00:00:00 2001 From: Stephen Smoogen Date: Fri, 5 May 2017 22:14:35 +0000 Subject: [PATCH 59/90] do remove the mirrorlist stuff we dont use anymore --- roles/nagios/client/files/scripts/check_testcloud | 4 ++-- roles/nagios_client/tasks/main.yml | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/nagios/client/files/scripts/check_testcloud b/roles/nagios/client/files/scripts/check_testcloud index 2b4ee9bcf8..eb8c7aab3b 100644 --- a/roles/nagios/client/files/scripts/check_testcloud +++ b/roles/nagios/client/files/scripts/check_testcloud @@ -1,8 +1,8 @@ #!/bin/bash RUNNING_VMS=`testcloud instance list | grep -i 'running' | wc -l` -CRITICAL=30 -WARNING=25 +CRITICAL=20 +WARNING=15 if [ $RUNNING_VMS -gt $CRITICAL ] diff --git a/roles/nagios_client/tasks/main.yml b/roles/nagios_client/tasks/main.yml index 1eb7ebb704..7426943d75 100644 --- a/roles/nagios_client/tasks/main.yml +++ b/roles/nagios_client/tasks/main.yml @@ -102,7 +102,6 @@ - name: install nrpe client configs template: src={{ item }}.j2 dest=/etc/nrpe.d/{{ item }} with_items: - - check_mirrorlist_cache.cfg - check_raid.cfg - check_ipa.cfg - check_readonly_fs.cfg From 26ccdc8546543e932807873bc3f7070121c64d74 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Sat, 6 May 2017 00:05:22 +0000 Subject: [PATCH 60/90] Bunch of fields added Signed-off-by: Patrick Uiterwijk --- roles/regcfp/templates/config.json | 310 ++++++++++++++++++----------- 1 file changed, 197 insertions(+), 113 deletions(-) diff --git a/roles/regcfp/templates/config.json b/roles/regcfp/templates/config.json index 7de8492681..23b084045b 100644 --- a/roles/regcfp/templates/config.json +++ b/roles/regcfp/templates/config.json @@ -105,39 +105,71 @@ ] }, + "registration": { "enabled": true, "fields": { + "doc1": { + "type": "documentation", + "display_name": "", + "html": [ + "We are excited to see you at this year's Flock!", + "We're doing things a little differently this year in order to make sure it is a", + "productive event that helps us achieve our goals as a community.", + "Explain regfee etc" + ], + "split": 0 + }, "country": { "display_name": "Country", "short_display_name": "Ctr", - "type": "country", + "type": "select", "required": true, "message": "This will be kept private", "private": true, - "placeholder": "Country of origin" + "placeholder": "Country of origin", + "options": [ + "United States", + "Netherlands" + ], + "onchange": "javascript:update_regfee();", + "split": 0 }, - "subsidyreq": { - "display_name": "Apply for sponsored funding for flight/hotel?", - "short_display_name": "Sub", - "type": "select", - "required": true, + "regfee": { + "display_name": "Registration Fee", + "type": "string", + "required": true, + "private": true, + "placeholder": "25.00", + "readonly": true, + "split": 0 + }, + "reason": { + "display_name": "Why are you interested in attending flock?", + "type": "string", + "required": true, + "private": true, + "placeholder": "", + "split": 0 + }, + + "ircnick": { + "display_name": "IRC Nickname", + "short_display_name": "IRC", + "type": "string", + "required": false, + "private": false, + "placeholder": "IRC Nickname", + "split": 1 + }, + "badgeextra": { + "display_name": "Extra line for badges (if available)", + "short_display_name": "Badge", + "type": "string", + "required": false, "private": false, "placeholder": "", - "options": [ - "Yes", "No" - ] - }, - "inviteletter": { - "display_name": "Do you need an invitation letter to attend?", - "short_display_name": "Inv", - "type": "select", - "required": true, - "private": false, - "placeholder": "", - "options": [ - "Yes", "No" - ] + "split": 1 }, "veg": { "display_name": "Vegetarian", @@ -149,7 +181,8 @@ "placeholder": "", "options": [ "Yes", "No" - ] + ], + "split": 1 }, "dietary": { "display_name": "Medical dietary restrictions", @@ -158,30 +191,20 @@ "required": false, "message": "This will be kept private; note that no guarantees are made, but we will do our best", "private": true, - "placeholder": "" + "placeholder": "", + "split": 1 }, - "volunteer": { - "display_name": "Are you willing to work as a volunteer at the event?", - "short_display_name": "Vol", + "inviteletter": { + "display_name": "Do you need an invitation letter to attend?", + "short_display_name": "Inv", "type": "select", "required": true, - "message": "This will be kept private", - "private": true, + "private": false, "placeholder": "", "options": [ "Yes", "No" - ] - }, - "family": { - "display_name": "Are you bringing family with you to the location?", - "short_display_name": "Fam", - "type": "select", - "required": true, - "private": true, - "placeholder": "", - "options": [ - "Yes", "No" - ] + ], + "split": 1 }, "shirtsize": { "display_name": "T-shirt size", @@ -204,86 +227,147 @@ "Ladies M", "Ladies L", "Ladies XL" - ] + ], + "split": 1 }, - "roomshare": { - "display_name": "Will you share a room?", - "short_display_name": "RmSh", - "type": "select", + + "needassistance": { + "display_name": "Do you need financial assistance in order to attend Flock?", + "short_display_name": "Sub", + "type": "boolean", "required": true, - "private": false, - "placeholder": "", - "options": [ - "Yes", "No" - ] + "private": true, + "split": 2 }, - "roommate": { - "display_name": "If sharing a room, enter a name if you know your roommate", - "short_display_name": "RmWho", - "type": "string", - "required": false, - "private": false, - "placeholder": "" - }, - "hotelbooked": { - "display_name": "Have you booked, or will you book, your hotel reservation?", - "short_display_name": "Bkd", - "type": "select", - "required": true, - "private": false, - "placeholder": "", - "options": [ - "Yes", "No" - ] - }, - "brnobus": { - "display_name": "Are you interested in a bus from Brno, in case that option is offered?", - "short_display_name": "Bus", - "type": "select", - "required": true, - "private": false, - "placeholder": "", - "options": [ - "Yes", "No" - ] - }, - "ircnick": { - "display_name": "IRC Nickname", - "short_display_name": "IRC", + + "sponsor_additional": { + "display_name": "Would you like to help sponsor a Fedora volunteer's attendance?", + "short_display_name": "Spon", + "type": "boolean", + "required": false, + "private": true, + "shownifnot": "needassistance", + "split": 2 + }, + "sponsor_additional_amount": { + "display_name": "Amount", + "short_display_name": "SponAmnt", "type": "string", "required": false, - "private": false, - "placeholder": "IRC Nickname" + "private": true, + "shownif": "sponsor_additional", + "split": 2 }, - "blog": { - "display_name": "Blog URL", - "short_display_name": "Blog", - "type": "string", - "required": false, - "private": false, - "placeholder": "https://example.com/blog" - }, - "twitter": { - "display_name": "Twitter handle", - "short_display_name": "Twt", - "type": "string", - "required": false, - "private": false, - "placeholder": "" - }, - "badgeextra": { - "display_name": "Extra line for badges (if available)", - "short_display_name": "Badge", - "type": "string", - "required": false, - "private": false, - "placeholder": "" - } + + "travel_circumstances": { + "display_name": "If there are any...", + "short_display_name": "travel_circum", + "type": "string", + "required": false, + "private": true, + "shownif": "needassistance", + "split": 2 + }, + "flights_needed": { + "display_name": "My trip to flock requires air travel", + "type": "boolean", + "required": false, + "private": true, + "shownif": "needassistance", + "split": 2 + }, + "doc_flights": { + "display_name": "", + "type": "documentation", + "html": [ + "Show calendar information here" + ], + "shownif": "flights_needed", + "split": 2 + }, + "flight_homeairport": { + "display_name": "Preferred home airport codes", + "type": "string", + "required": false, + "private": true, + "shownif": "flights_needed", + "split": 2 + }, + "flight_price": { + "display_name": "Estimated round-trip airfare (in USD)", + "type": "string", + "required": false, + "private": true, + "shownif": "flights_needed", + "split": 2 + }, + "busservice": { + "display_name": "Do you intend to use the Boston-to-Cape Cod bus service", + "type": "boolean", + "required": false, + "private": true, + "shownif": "needassistance", + "split": 2 + }, + "other_transit": { + "display_name": "Please describe any other transit-related costs you anticipate", + "type": "string", + "required": false, + "private": true, + "shownif": "needassistance", + "split": 2 + }, + "total_othertransit": { + "display_name": "Total cost of other estimated transit costs", + "type": "string", + "required": false, + "private": true, + "shownif": "needassistance", + "split": 2 + }, + "lodging_needed": { + "display_name": "I would like lodging to be part of my travel funding request", + "type": "boolean", + "required": false, + "private": true, + "shownif": "needassistance", + "split": 2 + }, + "lodging_doc": { + "display_name": "", + "type": "documentation", + "html": [ + "Show lodging calendar and other info here..." + ], + "shownif": "lodgin_needed", + "split": 2 + }, + "lodging_nights": { + "display_name": "How many nights of lodging will you require to attend Flock?", + "type": "select", + "options": [ + "1 night", + "2 nights", + "3 nights", + "4 nights", + "5 nights", + "other" + ], + "required": false, + "private": true, + "shownif": "lodging_needed", + "split": 2 + }, + "lodging_roommate": { + "display_name": "Do you have a preferred roommate?", + "type": "string", + "required": false, + "private": true, + "shownif": "lodging_needed", + "split": 2 + } }, - - - - + "max_split": 2, "payment_product_name": "My Event Registration Fee", "currencies": { "USD": { From ef5fb4c46af9c350e9a0387306a7f361b490bbf7 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Sat, 6 May 2017 19:32:55 +0000 Subject: [PATCH 61/90] fix up regcfp issues --- inventory/cloud | 2 +- inventory/host_vars/regcfp2.fedorainfracloud.org | 2 +- playbooks/hosts/modularity.fedorainfracloud.org.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/inventory/cloud b/inventory/cloud index b7bd442c2a..69f7dc49c1 100644 --- a/inventory/cloud +++ b/inventory/cloud @@ -68,7 +68,7 @@ piwik.fedorainfracloud.org ppc64le-test.fedorainfracloud.org ppc64-test.fedorainfracloud.org rawhide-test.fedorainfracloud.org -regcfp.fedorainfracloud.org +regcfp2.fedorainfracloud.org respins.fedorainfracloud.org shumgrepper-dev.fedorainfracloud.org taiga.fedorainfracloud.org diff --git a/inventory/host_vars/regcfp2.fedorainfracloud.org b/inventory/host_vars/regcfp2.fedorainfracloud.org index b302418011..138a6b8d84 100644 --- a/inventory/host_vars/regcfp2.fedorainfracloud.org +++ b/inventory/host_vars/regcfp2.fedorainfracloud.org @@ -2,7 +2,7 @@ image: rhel7-20141015 instance_type: m1.medium keypair: fedora-admin-20130801 -security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,web-443-anywhere-persistent,default,all-icmp-persistent +security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,web-443-anywhere-persistent,default,all-icmp-persistent,allow-nagios-persistent zone: nova tcp_ports: [22, 80, 443] diff --git a/playbooks/hosts/modularity.fedorainfracloud.org.yml b/playbooks/hosts/modularity.fedorainfracloud.org.yml index fa50012c51..7abca157da 100644 --- a/playbooks/hosts/modularity.fedorainfracloud.org.yml +++ b/playbooks/hosts/modularity.fedorainfracloud.org.yml @@ -12,7 +12,7 @@ - include: "{{ tasks_path }}/persistent_cloud.yml" - name: setup all the things - hosts: regcfp.fedorainfracloud.org + hosts: modularity.fedorainfracloud.org gather_facts: True vars_files: - /srv/web/infra/ansible/vars/global.yml From e5ae96a511b342e9b15dab372659855a43b3f48d Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Sat, 6 May 2017 19:52:35 +0000 Subject: [PATCH 62/90] give pdc-web more memory --- inventory/group_vars/pdc-web | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory/group_vars/pdc-web b/inventory/group_vars/pdc-web index 58a367a3e3..2415326734 100644 --- a/inventory/group_vars/pdc-web +++ b/inventory/group_vars/pdc-web @@ -1,7 +1,7 @@ --- # Define resources for this group of hosts here. lvm_size: 20000 -mem_size: 2048 +mem_size: 4096 num_cpus: 2 # for systems that do not match the above - specify the same parameter in From 342cd0c379efedae04007aba24afdcc8e5659c54 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Mon, 8 May 2017 12:04:45 +0000 Subject: [PATCH 63/90] add a new magazine2 --- .../host_vars/magazine2.fedorainfracloud.org | 28 ++++++++++ inventory/inventory | 1 + .../hosts/magazine2.fedorainfracloud.org.yml | 56 +++++++++++++++++++ 3 files changed, 85 insertions(+) create mode 100644 inventory/host_vars/magazine2.fedorainfracloud.org create mode 100644 playbooks/hosts/magazine2.fedorainfracloud.org.yml diff --git a/inventory/host_vars/magazine2.fedorainfracloud.org b/inventory/host_vars/magazine2.fedorainfracloud.org new file mode 100644 index 0000000000..7fd7c54d95 --- /dev/null +++ b/inventory/host_vars/magazine2.fedorainfracloud.org @@ -0,0 +1,28 @@ +--- +image: rhel7-20141015 +instance_type: m1.large +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,web-443-anywhere-persistent,allow-nagios-persistent,default,all-icmp-persistent +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: persistent +inventory_instance_name: magazine +hostbase: magazine +public_ip: 209.132.184.52 +root_auth_users: nb chrisroberts +description: Fedora Magazine + +host_backup_targets: ['/backups', '/var/www/html'] +dbs_to_backup: ['wp'] +mariadb_root_password: "{{ magazine_mariadb_password }}" +extra_enablerepos: '' + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" + +nagios_Check_Services: + nrpe: true + sshd: true + httpd: true diff --git a/inventory/inventory b/inventory/inventory index 5039034ec1..7f51dc46af 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -1116,6 +1116,7 @@ faitout.fedorainfracloud.org communityblog.fedorainfracloud.org # Fedora Magazine magazine.fedorainfracloud.org +magazine2.fedorainfracloud.org # Flock RegCfp instance regcfp2.fedorainfracloud.org # Modularity (ticket 5390) diff --git a/playbooks/hosts/magazine2.fedorainfracloud.org.yml b/playbooks/hosts/magazine2.fedorainfracloud.org.yml new file mode 100644 index 0000000000..a8aea7f1a8 --- /dev/null +++ b/playbooks/hosts/magazine2.fedorainfracloud.org.yml @@ -0,0 +1,56 @@ +- name: check/create instance + hosts: magazine2.fedorainfracloud.org + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - include: "{{ tasks_path }}/persistent_cloud.yml" + +- name: setup all the things + hosts: magazine2.fedorainfracloud.org + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - include: "{{ tasks_path }}/cloud_setup_basic.yml" + - name: set hostname (required by some services, at least postfix need it) + hostname: name="{{inventory_hostname}}" + + tasks: + - name: add packages + yum: state=present name={{ item }} + with_items: + - httpd + - php + - php-mysql + - mariadb-server + - mariadb + - mod_ssl + - php-mcrypt + - php-mbstring + - wget + - unzip + - postfix + - wordpress + + - name: enable httpd service + service: name=httpd enabled=yes state=started + + - name: configure postfix for ipv4 only + raw: postconf -e inet_protocols=ipv4 + + - name: enable local postfix service + service: name=postfix enabled=yes state=started + + roles: + - nagios_client + - mariadb_server From 2666a8b2796eff8e91ebad35ff2ffd368dc404f8 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Mon, 8 May 2017 12:10:07 +0000 Subject: [PATCH 64/90] fix vars --- inventory/host_vars/magazine2.fedorainfracloud.org | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/inventory/host_vars/magazine2.fedorainfracloud.org b/inventory/host_vars/magazine2.fedorainfracloud.org index 7fd7c54d95..6036d05763 100644 --- a/inventory/host_vars/magazine2.fedorainfracloud.org +++ b/inventory/host_vars/magazine2.fedorainfracloud.org @@ -7,8 +7,8 @@ zone: nova tcp_ports: [22, 80, 443] inventory_tenant: persistent -inventory_instance_name: magazine -hostbase: magazine +inventory_instance_name: magazine2 +hostbase: magazine2 public_ip: 209.132.184.52 root_auth_users: nb chrisroberts description: Fedora Magazine From d349a7940d53427ed54643d6a92b3b47c837123d Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Mon, 8 May 2017 20:07:41 +0000 Subject: [PATCH 65/90] point to another magazine instance --- roles/fedora-web/magazine/templates/fedoramagazine-web.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/fedora-web/magazine/templates/fedoramagazine-web.conf b/roles/fedora-web/magazine/templates/fedoramagazine-web.conf index 82f43024f7..04f91e001e 100644 --- a/roles/fedora-web/magazine/templates/fedoramagazine-web.conf +++ b/roles/fedora-web/magazine/templates/fedoramagazine-web.conf @@ -8,8 +8,8 @@ RewriteRule ^(.*)$ https://fedoramagazine.org%{REQUEST_URI} [L,R=301] #ProxyPass / http://wp-fedoramag.rhcloud.com/ #ProxyPassReverse / http://wp-fedoramag.rhcloud.com/ {% if env == "production" %} -ProxyPass / http://209.132.184.123/ -ProxyPassReverse / http://209.132.184.123/ +ProxyPass / http://209.132.184.52/ +ProxyPassReverse / http://209.132.184.52/ {% else %} # In staging we point to the staging version of the magazine ProxyPass / http://66.226.72.133/ From 99685139cabdd92ec78179c7efeaa0013b0a46b7 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Mon, 8 May 2017 20:10:00 +0000 Subject: [PATCH 66/90] Use ansible to create database Signed-off-by: Patrick Uiterwijk --- playbooks/hosts/magazine2.fedorainfracloud.org.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/playbooks/hosts/magazine2.fedorainfracloud.org.yml b/playbooks/hosts/magazine2.fedorainfracloud.org.yml index a8aea7f1a8..1a20b0b56e 100644 --- a/playbooks/hosts/magazine2.fedorainfracloud.org.yml +++ b/playbooks/hosts/magazine2.fedorainfracloud.org.yml @@ -54,3 +54,11 @@ roles: - nagios_client - mariadb_server + + posttasks: + - name: create databaseuser + mysql_user: name=magazine + host=localhost + state=present + password="{{ magazine_db_password }}" + priv="magazine.*:ALL" From e3ecddfe2f7342cfb6fa3cedef2cf4e8bfe94847 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Mon, 8 May 2017 20:11:45 +0000 Subject: [PATCH 67/90] This was misnamed Signed-off-by: Patrick Uiterwijk --- playbooks/hosts/magazine2.fedorainfracloud.org.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/hosts/magazine2.fedorainfracloud.org.yml b/playbooks/hosts/magazine2.fedorainfracloud.org.yml index 1a20b0b56e..99388d2e29 100644 --- a/playbooks/hosts/magazine2.fedorainfracloud.org.yml +++ b/playbooks/hosts/magazine2.fedorainfracloud.org.yml @@ -55,7 +55,7 @@ - nagios_client - mariadb_server - posttasks: + post_tasks: - name: create databaseuser mysql_user: name=magazine host=localhost From 75f74682775ebcf81ad3fe82774de118845a2cd0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20Such=C3=BD?= Date: Mon, 8 May 2017 22:52:50 +0200 Subject: [PATCH 68/90] retrace: Remove redundant space --- roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2 b/roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2 index 33829aed97..333ee413ea 100644 --- a/roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2 +++ b/roles/abrt/faf/templates/etc-httpd-conf.d-faf-web.conf.j2 @@ -1,7 +1,7 @@ #{{ ansible_managed }} # WSGI handler WSGIPythonOptimize 1 -WSGISocketPrefix {{ faf_spool_dir }} /wsgi +WSGISocketPrefix {{ faf_spool_dir }}/wsgi WSGIDaemonProcess faf user=faf group=faf processes=3 threads=5 {% set python = 'python2.7' %} From ccaef9663b425b0ec6607b93a52b5c5886e49333 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Mon, 8 May 2017 21:45:41 +0000 Subject: [PATCH 69/90] Add wordpress cron to magazine2 Signed-off-by: Patrick Uiterwijk --- playbooks/hosts/magazine2.fedorainfracloud.org.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/playbooks/hosts/magazine2.fedorainfracloud.org.yml b/playbooks/hosts/magazine2.fedorainfracloud.org.yml index 99388d2e29..bb4eb0f879 100644 --- a/playbooks/hosts/magazine2.fedorainfracloud.org.yml +++ b/playbooks/hosts/magazine2.fedorainfracloud.org.yml @@ -62,3 +62,8 @@ state=present password="{{ magazine_db_password }}" priv="magazine.*:ALL" + + - name: Wordpress cron + cron: name="Wordpress cron" + minute="*/10" + job="curl http://localhost:8008/wp-cron.php" From e0db95580ad5631292ff7006134bbb344a4786c4 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Mon, 8 May 2017 21:46:40 +0000 Subject: [PATCH 70/90] comment old magazine out of inventory --- inventory/inventory | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory/inventory b/inventory/inventory index 7f51dc46af..4ca38861a8 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -1115,7 +1115,7 @@ faitout.fedorainfracloud.org # Community Blog communityblog.fedorainfracloud.org # Fedora Magazine -magazine.fedorainfracloud.org +#magazine.fedorainfracloud.org magazine2.fedorainfracloud.org # Flock RegCfp instance regcfp2.fedorainfracloud.org From 129283a80b527e8fdeec0d0c7edb342dcfe0085a Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Mon, 8 May 2017 21:54:45 +0000 Subject: [PATCH 71/90] I always forget to update this --- inventory/cloud | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory/cloud b/inventory/cloud index 69f7dc49c1..0610f02a81 100644 --- a/inventory/cloud +++ b/inventory/cloud @@ -61,7 +61,7 @@ jenkins-slave-f25.fedorainfracloud.org jenkins-slave-f25-ppc64le.fedorainfracloud.org kolinahr.fedorainfracloud.org lists-dev.fedorainfracloud.org -magazine.fedorainfracloud.org +magazine2.fedorainfracloud.org modernpaste.fedorainfracloud.org modularity.fedorainfracloud.org piwik.fedorainfracloud.org From b2ed7fde8918a8bb731b497183c9c2a0d45da499 Mon Sep 17 00:00:00 2001 From: clime Date: Fri, 5 May 2017 14:42:23 +0200 Subject: [PATCH 72/90] pkgs-stg: use the new dist-git package only upload.cgi script is used for now --- roles/distgit/tasks/main.yml | 62 ++++++++++++++++- .../templates/lookaside-upload-stg.conf | 66 +++++++++++++++++++ 2 files changed, 126 insertions(+), 2 deletions(-) create mode 100644 roles/distgit/templates/lookaside-upload-stg.conf diff --git a/roles/distgit/tasks/main.yml b/roles/distgit/tasks/main.yml index a94e914afd..5fbc629af1 100644 --- a/roles/distgit/tasks/main.yml +++ b/roles/distgit/tasks/main.yml @@ -19,6 +19,15 @@ - name: install the httpd config file copy: src=pkgs.fedoraproject.org.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org.conf + when: env != "staging" + notify: + - reload httpd + tags: + - distgit + +- name: uninstall the httpd config file + file: dest=/etc/httpd/conf.d/pkgs.fedoraproject.org.conf state=absent + when: env == "staging" notify: - reload httpd tags: @@ -26,6 +35,7 @@ - name: install the httpd config directory file: dest=/etc/httpd/conf.d/pkgs.fedoraproject.org state=directory + when: env != "staging" notify: - reload httpd tags: @@ -68,13 +78,13 @@ # This is the Git setup itself: group, root directory, scripts,... - name: install dist-git yum: pkg=dist-git state=latest - when: env == "staging" and inventory_hostname.startswith('pkgs02') + when: env == "staging" tags: - distgit - name: install the dist-git config copy: src=dist-git.conf dest=/etc/dist-git/dist-git.conf - when: env == "staging" and inventory_hostname.startswith('pkgs02') + when: env == "staging" tags: - config - distgit @@ -135,6 +145,15 @@ - name: install the Dist Git-related httpd config copy: src=git-smart-http.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/git-smart-http.conf + when: env != "staging" + notify: + - reload httpd + tags: + - distgit + +- name: install the Dist Git-related httpd config + copy: src=git-smart-http.conf dest=/etc/httpd/conf.d/dist-git/git-smart-http.conf + when: env == "staging" notify: - reload httpd tags: @@ -142,6 +161,15 @@ - name: Symlink pkgs-git-repos-list copy: src=repolist.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/repolist.conf + when: env != "staging" + notify: + - reload httpd + tags: + - distgit + +- name: Symlink pkgs-git-repos-list + copy: src=repolist.conf dest=/etc/httpd/conf.d/dist-git/repolist.conf + when: env == "staging" notify: - reload httpd tags: @@ -331,6 +359,16 @@ - name: install the CGit-related httpd redirect config copy: src=redirect.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/redirect.conf + when: env != "staging" + tags: + - distgit + - cgit + notify: + - reload httpd + +- name: install the CGit-related httpd redirect config + copy: src=redirect.conf dest=/etc/httpd/conf.d/dist-git/redirect.conf + when: env == "staging" tags: - distgit - cgit @@ -353,6 +391,18 @@ with_items: - lookaside.conf - lookaside-upload.conf + when: env != "staging" + notify: + - reload httpd + tags: + - distgit + +- name: install the Lookaside Cache httpd configs + template: src={{item}} dest=/etc/httpd/conf.d/dist-git/{{item}} + with_items: + - lookaside.conf + - lookaside-upload-stg.conf + when: env == "staging" notify: - reload httpd tags: @@ -456,6 +506,14 @@ tags: - distgit +- name: uninstall the httpd config directory + file: dest=/etc/httpd/conf.d/pkgs.fedoraproject.org state=absent + when: env == "staging" + notify: + - reload httpd + tags: + - distgit + - name: check the selinux context of the upload CGI script command: matchpathcon /srv/web/upload.cgi register: upcgicontext diff --git a/roles/distgit/templates/lookaside-upload-stg.conf b/roles/distgit/templates/lookaside-upload-stg.conf new file mode 100644 index 0000000000..16303344ef --- /dev/null +++ b/roles/distgit/templates/lookaside-upload-stg.conf @@ -0,0 +1,66 @@ +Alias /repo/ /srv/cache/lookaside/ + +# default SSL configuration... +Listen 443 + +SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) +SSLSessionCacheTimeout 300 + +Mutex default + +SSLRandomSeed startup file:/dev/urandom 256 +SSLRandomSeed connect builtin +SSLCryptoDevice builtin + + + ServerName pkgs.{{ env_suffix }}fedoraproject.org + #Redirect "/" "https://src{{ env_suffix }}.fedoraproject.org/" + # This is temporary for fixing Kojid because of firewall rules + Alias /repo/ /srv/cache/lookaside/ + + + + # This alias must come before the /repo/ one to avoid being overridden. + ScriptAlias /repo/pkgs/upload.cgi /var/lib/dist-git/web/upload.cgi + + Alias /repo/ /srv/cache/lookaside/ + ServerName pkgs{{ env_suffix }}.fedoraproject.org + ServerAdmin webmaster@fedoraproject.org + + SSLEngine on + + SSLCertificateFile conf/pkgs.fedoraproject.org_key_and_cert.pem + SSLCertificateKeyFile conf/pkgs.fedoraproject.org_key_and_cert.pem + SSLCACertificateFile conf/cacert.pem + SSLCARevocationFile /etc/pki/tls/crl.pem + + SSLProtocol {{ ssl_protocols }} + SSLCipherSuite {{ ssl_ciphers }} + + Redirect "/" "https://src{{ env_suffix }}.fedoraproject.org/" + + +# Allow upload via src + + # This alias must come before the /repo/ one to avoid being overridden. + ScriptAlias /repo/pkgs/upload.cgi /var/lib/dist-git/web/upload.cgi + + Alias /repo/ /srv/cache/lookaside/ + ServerName src{{ env_suffix }}.fedoraproject.org + ServerAdmin webmaster@fedoraproject.org + + ErrorLog logs/ssl_error_log + + + Options +ExecCGI + + AuthType GSSAPI + GssapiSSLonly Off + AuthName "GSSAPI Single Sign On Login" + GssapiCredStore keytab:/etc/httpd.keytab + + Require valid-user + + + + From 40d0882e427c5d2b0bd0118ec309371403f97500 Mon Sep 17 00:00:00 2001 From: clime Date: Fri, 5 May 2017 15:56:10 +0200 Subject: [PATCH 73/90] pkgs-stg: install also dist-git-selinux --- roles/distgit/tasks/main.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/distgit/tasks/main.yml b/roles/distgit/tasks/main.yml index 5fbc629af1..608a0e0e95 100644 --- a/roles/distgit/tasks/main.yml +++ b/roles/distgit/tasks/main.yml @@ -77,7 +77,10 @@ # -- Dist Git -------------------------------------------- # This is the Git setup itself: group, root directory, scripts,... - name: install dist-git - yum: pkg=dist-git state=latest + yum: pkg={{item}} state=latest + with_items: + - dist-git + - dist-git-selinux when: env == "staging" tags: - distgit From c301dd90c3eb85332f7a4682c52bc042fb126b1e Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Tue, 9 May 2017 14:43:38 +0000 Subject: [PATCH 74/90] install libvirt-client on the builders libvirt-client is needed to ensure that we can get a simple view into things when image building goes wrong Signed-off-by: Dennis Gilmore --- roles/koji_builder/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/koji_builder/tasks/main.yml b/roles/koji_builder/tasks/main.yml index 867c875aef..af76818858 100644 --- a/roles/koji_builder/tasks/main.yml +++ b/roles/koji_builder/tasks/main.yml @@ -78,6 +78,7 @@ - audit - pycdio - python-kickstart + - libvirt-client - oz - imagefactory - imagefactory-plugins-TinMan From f902f45114d2fa14a56e0abdb5024372e374c10b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20Such=C3=BD?= Date: Tue, 9 May 2017 16:58:29 +0200 Subject: [PATCH 75/90] retrace: no need to call reposync individual as it is already called in role/abrt/faf --- roles/abrt/faf-local/tasks/cron.yml | 30 ----------------------------- 1 file changed, 30 deletions(-) diff --git a/roles/abrt/faf-local/tasks/cron.yml b/roles/abrt/faf-local/tasks/cron.yml index 2165edc6ae..301a456ad4 100644 --- a/roles/abrt/faf-local/tasks/cron.yml +++ b/roles/abrt/faf-local/tasks/cron.yml @@ -1,35 +1,5 @@ --- -- name: cron for faf reposync - cron: - name: "cron for faf reposync {{ item.repos }}" - user: faf - job: "faf reposync -d {{ item.repos }} >> /var/log/faf/{{ item.log }} 2>&1" - special_time: daily - state: present - when: not devel - with_items: - # rawhide - - { log: "reposync-fedora-rawhide.log", repos: "fedora-rawhide-source fedora-rawhide-x86_64 fedora-rawhide-x86_64-debug fedora-rawhide-i386 fedora-rawhide-i386-debug fedora-rawhide-armhfp fedora-rawhide-armhfp-debug" } - # Fedora 24 - - { log: "reposync-fedora-24.log", repos: "fedora-24-source fedora-24-x86_64 fedora-24-x86_64-debug fedora-24-i386 fedora-24-i386-debug fedora-24-armhfp fedora-24-armhfp-debug" } - - { log: "reposync-fedora-24-updates.log", repos: "fedora-24-updates-source fedora-24-x86_64-updates fedora-24-x86_64-updates-debug fedora-24-i386-updates fedora-24-i386-updates-debug fedora-24-armhfp-updates fedora-24-armhfp-updates-debug" } - - { log: "reposync-fedora-24-testing.log", repos: "fedora-24-testing-source fedora-24-x86_64-testing fedora-24-x86_64-testing-debug fedora-24-i386-testing fedora-24-i386-testing-debug fedora-24-armhfp-testing fedora-24-armhfp-testing-debug" } - - { log: "reposync-fedora-24-kernel-rt.log", repos: "fedora-24-x86_64-kernel-rt fedora-24-x86_64-kernel-rt-testing fedora-24-i386-kernel-rt fedora-24-i386-kernel-rt-testing" } - # Fedora 25 - - { log: "reposync-fedora-25.log", repos: "fedora-25-source fedora-25-x86_64 fedora-25-x86_64-debug fedora-25-i386 fedora-25-i386-debug fedora-25-armhfp fedora-25-armhfp-debug" } - - { log: "reposync-fedora-25-updates.log", repos: "fedora-25-updates-source fedora-25-x86_64-updates fedora-25-x86_64-updates-debug fedora-25-i386-updates fedora-25-i386-updates-debug fedora-25-armhfp-updates fedora-25-armhfp-updates-debug" } - - { log: "reposync-fedora-25-testing.log", repos: "fedora-25-testing-source fedora-25-x86_64-testing fedora-25-x86_64-testing-debug fedora-25-i386-testing fedora-25-i386-testing-debug fedora-25-armhfp-testing fedora-25-armhfp-testing-debug" } - - { log: "reposync-fedora-25-kernel-rt.log", repos: "fedora-25-x86_64-kernel-rt fedora-25-x86_64-kernel-rt-testing fedora-25-i386-kernel-rt fedora-25-i386-kernel-rt-testing" } - # Fedora 26 - - { log: "reposync-fedora-26.log", repos: "fedora-26-source fedora-26-x86_64 fedora-26-x86_64-debug fedora-26-i386 fedora-26-i386-debug fedora-26-armhfp fedora-26-armhfp-debug"} - - { log: "reposync-fedora-26-updates.log", repos: "fedora-26-updates-source fedora-26-x86_64-updates fedora-26-x86_64-updates-debug fedora-26-i386-updates fedora-26-i386-updates-debug fedora-26-armhfp-updates fedora-26-armhfp-updates-debug" } - - { log: "reposync-fedora-26-testing.log", repos: "fedora-26-testing-source fedora-26-x86_64-testing fedora-26-x86_64-testing-debug fedora-26-i386-testing fedora-26-i386-testing-debug fedora-26-armhfp-testing fedora-26-armhfp-testing-debug" } - - { log: "reposync-fedora-26-kernel-rt.log", repos: "fedora-26-x86_64-kernel-rt fedora-26-x86_64-kernel-rt-testing fedora-26-i386-kernel-rt fedora-26-i386-kernel-rt-testing" } - # Centos - - { log: "reposync-centos-7.log", repos: "centos-7-x86_64 centos-7-x86_64-updates centos-7-x86_64-centosplus centos-7-x86_64-extras centos-7-x86_64-fasttrack centos-7-i386-debug centos-7-x86_64-debug" } - - { log: "reposync-epel-7.log", repos: "epel-7-x86_64 epel-7-x86_64-debug" } - - name: backup database cron: name: "backup database" From d061305dff0b9dd1402f800ff7d0a4cb53a45c62 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20Such=C3=BD?= Date: Tue, 9 May 2017 17:21:49 +0200 Subject: [PATCH 76/90] retrace: this should include leading prefix of url --- inventory/host_vars/retrace01.qa.fedoraproject.org | 2 +- inventory/host_vars/retrace01.stg.phx2.fedoraproject.org | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/inventory/host_vars/retrace01.qa.fedoraproject.org b/inventory/host_vars/retrace01.qa.fedoraproject.org index 99dc7bce64..aaf1bd378c 100644 --- a/inventory/host_vars/retrace01.qa.fedoraproject.org +++ b/inventory/host_vars/retrace01.qa.fedoraproject.org @@ -1,5 +1,5 @@ --- -faf_server_name: retrace.fedoraproject.org +faf_server_name: retrace.fedoraproject.org/faf rs_use_faf_packages: true # we do not have enough storage on stg diff --git a/inventory/host_vars/retrace01.stg.phx2.fedoraproject.org b/inventory/host_vars/retrace01.stg.phx2.fedoraproject.org index c4d17343d5..ce6de376dd 100644 --- a/inventory/host_vars/retrace01.stg.phx2.fedoraproject.org +++ b/inventory/host_vars/retrace01.stg.phx2.fedoraproject.org @@ -13,7 +13,7 @@ mem_size: 4096 max_mem_size: 16384 num_cpus: 2 -faf_server_name: retrace01.stg.phx2.fedoraproject.org +faf_server_name: retrace01.stg.phx2.fedoraproject.org/faf rs_use_faf_packages: false # we do not have enough storage on stg From 4b9071fe595b800dd043a62e06c469a6b3ef89d1 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Tue, 9 May 2017 17:21:26 +0000 Subject: [PATCH 77/90] add autosign01 --- inventory/inventory | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory/inventory b/inventory/inventory index 4ca38861a8..c87b3aba05 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -266,7 +266,7 @@ autocloud-backend01.stg.phx2.fedoraproject.org autocloud-backend02.stg.phx2.fedoraproject.org [autosign] -#autosign01.phx2.fedoraproject.org +autosign01.phx2.fedoraproject.org [autosign-stg] autosign01.stg.phx2.fedoraproject.org From 0e5508d13aada145b2eb6643e13ff0bab2736002 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Tue, 9 May 2017 17:59:08 +0000 Subject: [PATCH 78/90] Add sigul dir Signed-off-by: Patrick Uiterwijk --- roles/robosignatory/tasks/main.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/robosignatory/tasks/main.yml b/roles/robosignatory/tasks/main.yml index 22af1606b2..cee6846ab5 100644 --- a/roles/robosignatory/tasks/main.yml +++ b/roles/robosignatory/tasks/main.yml @@ -15,6 +15,12 @@ - robosignatory - name: Create sigul directory + file: path=/etc/sigul state=directory owner=fedmsg group=fedmsg mode=0750 + tags: + - config + - robosignatory + +- name: Create robosignatory sigul directory file: path=/etc/robosignatory/sigul state=directory owner=fedmsg group=fedmsg mode=0750 tags: - config From cc13dcaacf64b3dbf5f439009e35e1d2a189f920 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Tue, 9 May 2017 18:10:03 +0000 Subject: [PATCH 79/90] Add sigul pkg Signed-off-by: Patrick Uiterwijk --- roles/robosignatory/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/robosignatory/tasks/main.yml b/roles/robosignatory/tasks/main.yml index cee6846ab5..12a70bf99f 100644 --- a/roles/robosignatory/tasks/main.yml +++ b/roles/robosignatory/tasks/main.yml @@ -4,6 +4,7 @@ - python-robosignatory - trousers - tpm-tools + - sigul tags: - packages - robosignatory From 2c916ebfe20fa63fe318cda53c77bb8f997e586b Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Tue, 9 May 2017 18:10:40 +0000 Subject: [PATCH 80/90] This dir is in the package Signed-off-by: Patrick Uiterwijk --- roles/robosignatory/tasks/main.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/roles/robosignatory/tasks/main.yml b/roles/robosignatory/tasks/main.yml index 12a70bf99f..39f463d2b4 100644 --- a/roles/robosignatory/tasks/main.yml +++ b/roles/robosignatory/tasks/main.yml @@ -15,12 +15,6 @@ - config - robosignatory -- name: Create sigul directory - file: path=/etc/sigul state=directory owner=fedmsg group=fedmsg mode=0750 - tags: - - config - - robosignatory - - name: Create robosignatory sigul directory file: path=/etc/robosignatory/sigul state=directory owner=fedmsg group=fedmsg mode=0750 tags: From 3a723f6432ab574d2a2b624ce977c9bb8a93dd2c Mon Sep 17 00:00:00 2001 From: Martin Krizek Date: Tue, 9 May 2017 18:12:39 +0000 Subject: [PATCH 81/90] Increase boot timeout in testcloud --- .../taskotron-client/templates/settings.py.testcloud.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/taskotron/taskotron-client/templates/settings.py.testcloud.j2 b/roles/taskotron/taskotron-client/templates/settings.py.testcloud.j2 index b0cec2c08f..19b070ad07 100644 --- a/roles/taskotron/taskotron-client/templates/settings.py.testcloud.j2 +++ b/roles/taskotron/taskotron-client/templates/settings.py.testcloud.j2 @@ -70,7 +70,7 @@ runcmd: # The timeout, in seconds, to wait for an instance to boot before # failing the boot process. Setting this to 0 disables waiting and # returns immediately after starting the boot process. -BOOT_TIMEOUT = 60 +BOOT_TIMEOUT = 90 # ram size, in MiB RAM = 6144 From d082b5b802b248a2d78423c15b5f340c0e25a545 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Tue, 9 May 2017 21:27:31 +0000 Subject: [PATCH 82/90] autosign01 is running along now --- inventory/inventory | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory/inventory b/inventory/inventory index c87b3aba05..4ca38861a8 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -266,7 +266,7 @@ autocloud-backend01.stg.phx2.fedoraproject.org autocloud-backend02.stg.phx2.fedoraproject.org [autosign] -autosign01.phx2.fedoraproject.org +#autosign01.phx2.fedoraproject.org [autosign-stg] autosign01.stg.phx2.fedoraproject.org From a785b2431401249f0e0a620792470874da358833 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Tue, 9 May 2017 22:28:15 +0000 Subject: [PATCH 83/90] Add mizmo to regcfp2 Signed-off-by: Patrick Uiterwijk --- inventory/host_vars/regcfp2.fedorainfracloud.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory/host_vars/regcfp2.fedorainfracloud.org b/inventory/host_vars/regcfp2.fedorainfracloud.org index 138a6b8d84..f519eaaef7 100644 --- a/inventory/host_vars/regcfp2.fedorainfracloud.org +++ b/inventory/host_vars/regcfp2.fedorainfracloud.org @@ -10,7 +10,7 @@ inventory_tenant: persistent inventory_instance_name: regcfp2 hostbase: regcfp2 public_ip: 209.132.184.127 -root_auth_users: puiterwijk pfrields +root_auth_users: puiterwijk pfrields duffy description: Flock registration software cloud_networks: From f87d43609ed2068fc731d2fcde4e5fa3007a6d56 Mon Sep 17 00:00:00 2001 From: clime Date: Wed, 10 May 2017 12:03:05 +0200 Subject: [PATCH 84/90] copr-backend: provide fixed fedora-26-ppc64le.cfg until mock-1.4.1 is released see https://github.com/rpm-software-management/mock/pull/63 --- .../files/mock/fedora-26-ppc64le.cfg | 72 +++++++++++++++++++ .../provision_builder_tasks_ppc64le.yml | 1 + 2 files changed, 73 insertions(+) create mode 100644 roles/copr/backend/files/provision/files/mock/fedora-26-ppc64le.cfg diff --git a/roles/copr/backend/files/provision/files/mock/fedora-26-ppc64le.cfg b/roles/copr/backend/files/provision/files/mock/fedora-26-ppc64le.cfg new file mode 100644 index 0000000000..dfb36e46e7 --- /dev/null +++ b/roles/copr/backend/files/provision/files/mock/fedora-26-ppc64le.cfg @@ -0,0 +1,72 @@ +config_opts['root'] = 'fedora-26-ppc64le' +config_opts['target_arch'] = 'ppc64le' +config_opts['legal_host_arches'] = ('ppc64le',) +config_opts['chroot_setup_cmd'] = 'install @buildsys-build' +config_opts['dist'] = 'fc26' # only useful for --resultdir variable subst +config_opts['extra_chroot_dirs'] = [ '/run/lock', ] +config_opts['releasever'] = '26' +config_opts['package_manager'] = 'dnf' + +config_opts['yum.conf'] = """ +[main] +keepcache=1 +debuglevel=1 +reposdir=/dev/null +logfile=/var/log/yum.log +retries=20 +obsoletes=1 +gpgcheck=0 +assumeyes=1 +syslog_ident=mock +syslog_device= +install_weak_deps=0 +metadata_expire=0 +mdpolicy=group:primary +best=1 + +# repos + +[fedora] +name=fedora +metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch +failovermethod=priority +gpgkey=file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-26-primary +gpgcheck=1 + +[updates] +name=updates +metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch +failovermethod=priority +gpgkey=file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-26-primary +gpgcheck=1 + +[updates-testing] +name=updates-testing +metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch +failovermethod=priority +enabled=0 + +[local] +name=local +baseurl=http://ppcpkgs.fedoraproject.org/repos/f26-build/latest/ppc64le/ +cost=2000 +enabled=0 + +[fedora-debuginfo] +name=fedora-debuginfo +metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch +failovermethod=priority +enabled=0 + +[updates-debuginfo] +name=updates-debuginfo +metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch +failovermethod=priority +enabled=0 + +[updates-testing-debuginfo] +name=updates-testing-debuginfo +metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch +failovermethod=priority +enabled=0 +""" diff --git a/roles/copr/backend/files/provision/provision_builder_tasks_ppc64le.yml b/roles/copr/backend/files/provision/provision_builder_tasks_ppc64le.yml index eba2a30c73..5ef7791eb2 100644 --- a/roles/copr/backend/files/provision/provision_builder_tasks_ppc64le.yml +++ b/roles/copr/backend/files/provision/provision_builder_tasks_ppc64le.yml @@ -57,6 +57,7 @@ - name: put updated mock configs into /etc/mock template: src=files/mock/{{ item }} dest=/etc/mock with_items: + - fedora-26-ppc64le.cfg - site-defaults.cfg # ansible doesn't support simultaneously usage of async and with_* options From 6ef86f77b1ec40955e725cc455fef7a179185727 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 10 May 2017 11:38:11 +0000 Subject: [PATCH 85/90] comment magazine in backups for now too --- inventory/backups | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory/backups b/inventory/backups index 733ff9220f..8f46e5d857 100644 --- a/inventory/backups +++ b/inventory/backups @@ -23,5 +23,5 @@ taiga.fedorainfracloud.org taskotron01.qa.fedoraproject.org nuancier01.phx2.fedoraproject.org piwik.fedorainfracloud.org -magazine.fedorainfracloud.org +#magazine.fedorainfracloud.org communityblog.fedorainfracloud.org From f63edfb1535e0df9034e12f066d3bbed54fff44b Mon Sep 17 00:00:00 2001 From: Stephen Smoogen Date: Wed, 10 May 2017 14:58:27 +0000 Subject: [PATCH 86/90] and we have a network we are going to use for staging --- .../dhcpd.conf.noc01.phx2.fedoraproject.org | 504 +++++++++--------- 1 file changed, 262 insertions(+), 242 deletions(-) diff --git a/roles/dhcp_server/files/dhcpd.conf.noc01.phx2.fedoraproject.org b/roles/dhcp_server/files/dhcpd.conf.noc01.phx2.fedoraproject.org index 292a03af17..67ad0e5050 100644 --- a/roles/dhcp_server/files/dhcpd.conf.noc01.phx2.fedoraproject.org +++ b/roles/dhcp_server/files/dhcpd.conf.noc01.phx2.fedoraproject.org @@ -10,6 +10,11 @@ subnet 10.5.126.0 netmask 255.255.255.0 { option domain-name-servers 10.5.126.21, 10.5.126.22; option routers 10.5.126.254; option log-servers 10.5.126.29; + + range 10.5.126.170 10.5.126.175; + next-server 10.5.126.41; + filename "pxelinux.0"; + # option vendor-class-identifier "PXEClient"; # option vendor-encapsulated-options 09:0f:80:00:0c:4e:65:74:77:6f:72:6b:20:62:6f:6f:74:0a:07:00:50:72:6f:6d:70:74:06:01:02:08:03:80:00:00:47:04:80:00:00:00:ff; @@ -159,9 +164,6 @@ subnet 10.5.126.0 netmask 255.255.255.0 { next-server 10.5.126.41; } - range 10.5.126.170 10.5.126.175; - next-server 10.5.126.41; - filename "pxelinux.0"; } subnet 10.5.127.0 netmask 255.255.255.0 { @@ -202,6 +204,263 @@ group macs { } +# staging network (sits on vlan 658) +subnet 10.5.128.0 netmask 255.255.255.0 { + allow booting; + allow bootp; + + option domain-name "phx2.fedoraproject.org qa.fedoraproject.org fedoraproject.org"; + option domain-name-servers 10.5.126.21, 10.5.126.22; + option routers 10.5.128.254; + option log-servers 10.5.126.29; + + range 10.5.128.10 10.5.128.20; + next-server 10.5.126.41; + filename "pxelinux.0"; + + +} + +# secondary arch net +subnet 10.5.129.0 netmask 255.255.255.0 { + allow booting; + allow bootp; + + option domain-name "secarch.fedoraproject.org ppc.fedoraproject.org arm.fedoraproject.org phx2.fedoraproject.org fedoraproject.org"; + option domain-name-servers 10.5.126.21, 10.5.126.22; + option routers 10.5.129.254; + option log-servers 10.5.126.29; + + host ppc8-01 { + hardware ethernet 40:f2:e9:5d:39:43; + fixed-address 10.5.129.20; + option host-name "ppc8-01"; + filename "pxelinux.0"; + } + + host ppc8-02 { + hardware ethernet 40:f2:e9:5d:3c:67; + fixed-address 10.5.129.21; + option host-name "ppc8-02"; + filename "pxelinux.0"; + } + + host ppc8-03 { + hardware ethernet 40:f2:e9:5d:3c:33; + fixed-address 10.5.129.22; + option host-name "ppc8-03"; + filename "pxelinux.0"; + } + + host ppc8-04 { + hardware ethernet 40:f2:e9:5d:3b:c7; + fixed-address 10.5.129.23; + option host-name "ppc8-04"; + filename "pxelinux.0"; + } + + host aarch64-c01n1 { + hardware ethernet 14:58:D0:58:E5:32; + fixed-address 10.5.129.101; + next-server 10.5.126.41; + option host-name "aarch64-c01n1"; + filename "grubaa64.efi"; + } + + host aarch64-c02n1 { + hardware ethernet 14:58:D0:58:95:32; + fixed-address 10.5.129.102; + next-server 10.5.126.41; + option host-name "aarch64-c02n1"; + filename "grubaa64.efi"; + } + + host aarch64-c03n1 { + hardware ethernet 14:58:D0:58:36:02; + fixed-address 10.5.129.103; + next-server 10.5.126.41; + option host-name "aarch64-c03n1"; + filename "grubaa64.efi"; + } + + host aarch64-c04n1 { + hardware ethernet 14:58:D0:58:16:82; + fixed-address 10.5.129.104; + next-server 10.5.126.41; + option host-name "aarch64-c04n1"; + filename "grubaa64.efi"; + } + + host aarch64-c05n1 { + hardware ethernet 14:58:D0:58:16:D2; + fixed-address 10.5.129.105; + next-server 10.5.126.41; + option host-name "aarch64-c05n1"; + filename "grubaa64.efi"; + } + + host aarch64-c06n1 { + hardware ethernet 14:58:D0:58:F5:82; + fixed-address 10.5.129.106; + next-server 10.5.126.41; + option host-name "aarch64-c06n1"; + filename "grubaa64.efi"; + } + + host aarch64-c07n1 { + hardware ethernet 14:58:D0:58:D5:B2; + fixed-address 10.5.129.107; + next-server 10.5.126.41; + option host-name "aarch64-c07n1"; + filename "grubaa64.efi"; + } + + host aarch64-c08n1 { + hardware ethernet 14:58:D0:58:36:62; + fixed-address 10.5.129.108; + next-server 10.5.126.41; + option host-name "aarch64-c08n1"; + filename "grubaa64.efi"; + } + + host aarch64-c09n1 { + hardware ethernet 14:58:D0:58:E5:B2; + fixed-address 10.5.129.109; + next-server 10.5.126.41; + option host-name "aarch64-c09n1"; + filename "grubaa64.efi"; + } + + host aarch64-c10n1 { + hardware ethernet 14:58:D0:58:B5:72; + fixed-address 10.5.129.110; + next-server 10.5.126.41; + option host-name "aarch64-c10n1"; + filename "grubaa64.efi"; + } + + host aarch64-c11n1 { + hardware ethernet 14:58:D0:58:B5:A2; + fixed-address 10.5.129.111; + next-server 10.5.126.41; + option host-name "aarch64-c11n1"; + filename "grubaa64.efi"; + } + + host aarch64-c12n1 { + hardware ethernet 14:58:D0:58:B2:F2; + fixed-address 10.5.129.112; + next-server 10.5.126.41; + option host-name "aarch64-c12n1"; + filename "grubaa64.efi"; + } + + host aarch64-c13n1 { + hardware ethernet 14:58:D0:58:95:22; + fixed-address 10.5.129.113; + next-server 10.5.126.41; + option host-name "aarch64-c13n1"; + filename "grubaa64.efi"; + } + + host aarch64-c14n1 { + hardware ethernet 14:58:D0:58:75:32; + fixed-address 10.5.129.114; + next-server 10.5.126.41; + option host-name "aarch64-c14n1"; + filename "grubaa64.efi"; + } + + host aarch64-c15n1 { + hardware ethernet 14:58:D0:58:C5:52; + fixed-address 10.5.129.115; + next-server 10.5.126.41; + option host-name "aarch64-c15n1"; + filename "grubaa64.efi"; + } + + host aarch64-c16n1 { + hardware ethernet 14:58:D0:58:35:12; + fixed-address 10.5.129.116; + next-server 10.5.126.41; + option host-name "aarch64-c16n1"; + filename "grubaa64.efi"; + } + + host aarch64-c17n1 { + hardware ethernet 14:58:D0:58:C4:F2; + fixed-address 10.5.129.117; + next-server 10.5.126.41; + option host-name "aarch64-c17n1"; + filename "grubaa64.efi"; + } + + host aarch64-c18n1 { + hardware ethernet 14:58:D0:58:74:32; + fixed-address 10.5.129.118; + next-server 10.5.126.41; + option host-name "aarch64-c18n1"; + filename "grubaa64.efi"; + } + + host aarch64-c19n1 { + hardware ethernet 14:58:D0:58:D4:12; + fixed-address 10.5.129.119; + next-server 10.5.126.41; + option host-name "aarch64-c19n1"; + filename "grubaa64.efi"; + } + + host aarch64-c20n1 { + hardware ethernet 14:58:D0:58:E4:B2; + fixed-address 10.5.129.120; + next-server 10.5.126.41; + option host-name "aarch64-c20n1"; + filename "grubaa64.efi"; + } + + host aarch64-c21n1 { + hardware ethernet 14:58:D0:58:E4:A2; + fixed-address 10.5.129.121; + next-server 10.5.126.41; + option host-name "aarch64-c21n1"; + filename "grubaa64.efi"; + } + + host aarch64-c22n1 { + hardware ethernet 14:58:D0:58:25:02; + fixed-address 10.5.129.122; + next-server 10.5.126.41; + option host-name "aarch64-c22n1"; + filename "grubaa64.efi"; + } + + host aarch64-c23n1 { + hardware ethernet 14:58:D0:58:05:72; + fixed-address 10.5.129.123; + next-server 10.5.126.41; + option host-name "aarch64-c23n1"; + filename "grubaa64.efi"; + } + + host aarch64-c24n1 { + hardware ethernet 14:58:D0:58:35:C2; + fixed-address 10.5.129.124; + next-server 10.5.126.41; + option host-name "aarch64-c24n1"; + filename "grubaa64.efi"; + } + + host aarch64-c25n1 { + hardware ethernet 14:58:D0:58:64:82; + fixed-address 10.5.129.125; + next-server 10.5.126.41; + option host-name "aarch64-c25n1"; + filename "grubaa64.efi"; + } + +} + subnet 10.5.130.0 netmask 255.255.255.0 { allow booting; allow bootp; @@ -2124,243 +2383,4 @@ shared-network qa { } -# secondary arch net -subnet 10.5.129.0 netmask 255.255.255.0 { - allow booting; - allow bootp; - - option domain-name "secarch.fedoraproject.org ppc.fedoraproject.org arm.fedoraproject.org phx2.fedoraproject.org fedoraproject.org"; - option domain-name-servers 10.5.126.21, 10.5.126.22; - option routers 10.5.129.254; - option log-servers 10.5.126.29; - - host ppc8-01 { - hardware ethernet 40:f2:e9:5d:39:43; - fixed-address 10.5.129.20; - option host-name "ppc8-01"; - filename "pxelinux.0"; - } - - host ppc8-02 { - hardware ethernet 40:f2:e9:5d:3c:67; - fixed-address 10.5.129.21; - option host-name "ppc8-02"; - filename "pxelinux.0"; - } - - host ppc8-03 { - hardware ethernet 40:f2:e9:5d:3c:33; - fixed-address 10.5.129.22; - option host-name "ppc8-03"; - filename "pxelinux.0"; - } - - host ppc8-04 { - hardware ethernet 40:f2:e9:5d:3b:c7; - fixed-address 10.5.129.23; - option host-name "ppc8-04"; - filename "pxelinux.0"; - } - - host aarch64-c01n1 { - hardware ethernet 14:58:D0:58:E5:32; - fixed-address 10.5.129.101; - next-server 10.5.126.41; - option host-name "aarch64-c01n1"; - filename "grubaa64.efi"; - } - - host aarch64-c02n1 { - hardware ethernet 14:58:D0:58:95:32; - fixed-address 10.5.129.102; - next-server 10.5.126.41; - option host-name "aarch64-c02n1"; - filename "grubaa64.efi"; - } - - host aarch64-c03n1 { - hardware ethernet 14:58:D0:58:36:02; - fixed-address 10.5.129.103; - next-server 10.5.126.41; - option host-name "aarch64-c03n1"; - filename "grubaa64.efi"; - } - - host aarch64-c04n1 { - hardware ethernet 14:58:D0:58:16:82; - fixed-address 10.5.129.104; - next-server 10.5.126.41; - option host-name "aarch64-c04n1"; - filename "grubaa64.efi"; - } - - host aarch64-c05n1 { - hardware ethernet 14:58:D0:58:16:D2; - fixed-address 10.5.129.105; - next-server 10.5.126.41; - option host-name "aarch64-c05n1"; - filename "grubaa64.efi"; - } - - host aarch64-c06n1 { - hardware ethernet 14:58:D0:58:F5:82; - fixed-address 10.5.129.106; - next-server 10.5.126.41; - option host-name "aarch64-c06n1"; - filename "grubaa64.efi"; - } - - host aarch64-c07n1 { - hardware ethernet 14:58:D0:58:D5:B2; - fixed-address 10.5.129.107; - next-server 10.5.126.41; - option host-name "aarch64-c07n1"; - filename "grubaa64.efi"; - } - - host aarch64-c08n1 { - hardware ethernet 14:58:D0:58:36:62; - fixed-address 10.5.129.108; - next-server 10.5.126.41; - option host-name "aarch64-c08n1"; - filename "grubaa64.efi"; - } - - host aarch64-c09n1 { - hardware ethernet 14:58:D0:58:E5:B2; - fixed-address 10.5.129.109; - next-server 10.5.126.41; - option host-name "aarch64-c09n1"; - filename "grubaa64.efi"; - } - - host aarch64-c10n1 { - hardware ethernet 14:58:D0:58:B5:72; - fixed-address 10.5.129.110; - next-server 10.5.126.41; - option host-name "aarch64-c10n1"; - filename "grubaa64.efi"; - } - - host aarch64-c11n1 { - hardware ethernet 14:58:D0:58:B5:A2; - fixed-address 10.5.129.111; - next-server 10.5.126.41; - option host-name "aarch64-c11n1"; - filename "grubaa64.efi"; - } - - host aarch64-c12n1 { - hardware ethernet 14:58:D0:58:B2:F2; - fixed-address 10.5.129.112; - next-server 10.5.126.41; - option host-name "aarch64-c12n1"; - filename "grubaa64.efi"; - } - - host aarch64-c13n1 { - hardware ethernet 14:58:D0:58:95:22; - fixed-address 10.5.129.113; - next-server 10.5.126.41; - option host-name "aarch64-c13n1"; - filename "grubaa64.efi"; - } - - host aarch64-c14n1 { - hardware ethernet 14:58:D0:58:75:32; - fixed-address 10.5.129.114; - next-server 10.5.126.41; - option host-name "aarch64-c14n1"; - filename "grubaa64.efi"; - } - - host aarch64-c15n1 { - hardware ethernet 14:58:D0:58:C5:52; - fixed-address 10.5.129.115; - next-server 10.5.126.41; - option host-name "aarch64-c15n1"; - filename "grubaa64.efi"; - } - - host aarch64-c16n1 { - hardware ethernet 14:58:D0:58:35:12; - fixed-address 10.5.129.116; - next-server 10.5.126.41; - option host-name "aarch64-c16n1"; - filename "grubaa64.efi"; - } - - host aarch64-c17n1 { - hardware ethernet 14:58:D0:58:C4:F2; - fixed-address 10.5.129.117; - next-server 10.5.126.41; - option host-name "aarch64-c17n1"; - filename "grubaa64.efi"; - } - - host aarch64-c18n1 { - hardware ethernet 14:58:D0:58:74:32; - fixed-address 10.5.129.118; - next-server 10.5.126.41; - option host-name "aarch64-c18n1"; - filename "grubaa64.efi"; - } - - host aarch64-c19n1 { - hardware ethernet 14:58:D0:58:D4:12; - fixed-address 10.5.129.119; - next-server 10.5.126.41; - option host-name "aarch64-c19n1"; - filename "grubaa64.efi"; - } - - host aarch64-c20n1 { - hardware ethernet 14:58:D0:58:E4:B2; - fixed-address 10.5.129.120; - next-server 10.5.126.41; - option host-name "aarch64-c20n1"; - filename "grubaa64.efi"; - } - - host aarch64-c21n1 { - hardware ethernet 14:58:D0:58:E4:A2; - fixed-address 10.5.129.121; - next-server 10.5.126.41; - option host-name "aarch64-c21n1"; - filename "grubaa64.efi"; - } - - host aarch64-c22n1 { - hardware ethernet 14:58:D0:58:25:02; - fixed-address 10.5.129.122; - next-server 10.5.126.41; - option host-name "aarch64-c22n1"; - filename "grubaa64.efi"; - } - - host aarch64-c23n1 { - hardware ethernet 14:58:D0:58:05:72; - fixed-address 10.5.129.123; - next-server 10.5.126.41; - option host-name "aarch64-c23n1"; - filename "grubaa64.efi"; - } - - host aarch64-c24n1 { - hardware ethernet 14:58:D0:58:35:C2; - fixed-address 10.5.129.124; - next-server 10.5.126.41; - option host-name "aarch64-c24n1"; - filename "grubaa64.efi"; - } - - host aarch64-c25n1 { - hardware ethernet 14:58:D0:58:64:82; - fixed-address 10.5.129.125; - next-server 10.5.126.41; - option host-name "aarch64-c25n1"; - filename "grubaa64.efi"; - } - -} From 9ef313cd4c5f7e439af423a3dbc4ab2707010eb3 Mon Sep 17 00:00:00 2001 From: Stephen Smoogen Date: Wed, 10 May 2017 15:08:58 +0000 Subject: [PATCH 87/90] fix this temp until we make a change --- roles/nagios_server/files/nagios/services/websites.cfg | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/nagios_server/files/nagios/services/websites.cfg b/roles/nagios_server/files/nagios/services/websites.cfg index d1d94a1669..126c0fa675 100644 --- a/roles/nagios_server/files/nagios/services/websites.cfg +++ b/roles/nagios_server/files/nagios/services/websites.cfg @@ -288,8 +288,8 @@ define service { } define service { - host_name magazine.fedorainfracloud.org + host_name magazine2.fedorainfracloud.org service_description http-magazine use websitetemplate - check_command check_website!magazine.fedorainfracloud.org!/ + check_command check_website!magazine2.fedorainfracloud.org!/ } From 4df36b4a6a063d9dbc461f448bbf66a37b8861f7 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 10 May 2017 15:45:51 +0000 Subject: [PATCH 88/90] add openshift instances for stg --- .../os-control01.stg.phx2.fedoraproject.org | 12 ++ .../os-master01.stg.phx2.fedoraproject.org | 19 +++ .../os-master02.stg.phx2.fedoraproject.org | 19 +++ .../os-master03.stg.phx2.fedoraproject.org | 19 +++ .../os-node01.stg.phx2.fedoraproject.org | 19 +++ .../os-node02.stg.phx2.fedoraproject.org | 19 +++ inventory/inventory | 17 ++ playbooks/groups/os-cluster.yml | 158 ++++++++++++++++++ 8 files changed, 282 insertions(+) create mode 100644 inventory/host_vars/os-control01.stg.phx2.fedoraproject.org create mode 100644 inventory/host_vars/os-master01.stg.phx2.fedoraproject.org create mode 100644 inventory/host_vars/os-master02.stg.phx2.fedoraproject.org create mode 100644 inventory/host_vars/os-master03.stg.phx2.fedoraproject.org create mode 100644 inventory/host_vars/os-node01.stg.phx2.fedoraproject.org create mode 100644 inventory/host_vars/os-node02.stg.phx2.fedoraproject.org create mode 100644 playbooks/groups/os-cluster.yml diff --git a/inventory/host_vars/os-control01.stg.phx2.fedoraproject.org b/inventory/host_vars/os-control01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..16602435ae --- /dev/null +++ b/inventory/host_vars/os-control01.stg.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.100 +vmhost: virthost04.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/os-master01.stg.phx2.fedoraproject.org b/inventory/host_vars/os-master01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..b3c0bf999e --- /dev/null +++ b/inventory/host_vars/os-master01.stg.phx2.fedoraproject.org @@ -0,0 +1,19 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-atomic-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.101 +vmhost: virthost11.phx2.fedoraproject.org +datacenter: phx2 +host_group: os-stg + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 8192 +max_mem_size: 8192 +num_cpus: 4 diff --git a/inventory/host_vars/os-master02.stg.phx2.fedoraproject.org b/inventory/host_vars/os-master02.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..4ee9672b95 --- /dev/null +++ b/inventory/host_vars/os-master02.stg.phx2.fedoraproject.org @@ -0,0 +1,19 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-atomic-host-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.102 +vmhost: virthost04.phx2.fedoraproject.org +datacenter: phx2 +host_group: os-stg + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 8192 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/host_vars/os-master03.stg.phx2.fedoraproject.org b/inventory/host_vars/os-master03.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..741b8f3f12 --- /dev/null +++ b/inventory/host_vars/os-master03.stg.phx2.fedoraproject.org @@ -0,0 +1,19 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-atomic-host-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.103 +vmhost: virthost04.phx2.fedoraproject.org +datacenter: phx2 +host_group: os-stg + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 8192 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/host_vars/os-node01.stg.phx2.fedoraproject.org b/inventory/host_vars/os-node01.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..abddf35d54 --- /dev/null +++ b/inventory/host_vars/os-node01.stg.phx2.fedoraproject.org @@ -0,0 +1,19 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-atomic-host-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.104 +vmhost: virthost11.phx2.fedoraproject.org +datacenter: phx2 +host_group: os-nodes-stg + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 8192 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/host_vars/os-node02.stg.phx2.fedoraproject.org b/inventory/host_vars/os-node02.stg.phx2.fedoraproject.org new file mode 100644 index 0000000000..3e06baf710 --- /dev/null +++ b/inventory/host_vars/os-node02.stg.phx2.fedoraproject.org @@ -0,0 +1,19 @@ +--- +nm: 255.255.255.0 +gw: 10.5.128.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-atomic-host-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.128.105 +vmhost: virthost04.phx2.fedoraproject.org +datacenter: phx2 +host_group: os-nodes-stg + +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +lvm_size: 120g +mem_size: 8192 +max_mem_size: 16384 +num_cpus: 4 diff --git a/inventory/inventory b/inventory/inventory index 4ca38861a8..39356158ff 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -776,6 +776,12 @@ osbs-node02.stg.phx2.fedoraproject.org docker-registry01.stg.phx2.fedoraproject.org docker-registry02.stg.phx2.fedoraproject.org docker-candidate-registry01.stg.phx2.fedoraproject.org +os-control01.stg.phx2.fedoraproject.org +os-master01.stg.phx2.fedoraproject.org +os-master02.stg.phx2.fedoraproject.org +os-master03.stg.phx2.fedoraproject.org +os-node01.stg.phx2.fedoraproject.org +os-node02.stg.phx2.fedoraproject.org # This is a list of hosts that are a little "friendly" with staging. # They are exempted from the iptables wall between staging and prod. @@ -1324,6 +1330,17 @@ osbs-master01.stg.phx2.fedoraproject.org osbs-node01.stg.phx2.fedoraproject.org osbs-node02.stg.phx2.fedoraproject.org +[os-control-stg] +os-control01.stg.phx2.fedoraproject.org + +[os-master-stg] +os-master01.stg.phx2.fedoraproject.org +os-master02.stg.phx2.fedoraproject.org +os-master03.stg.phx2.fedoraproject.org + +[os-node-stg] +os-node01.stg.phx2.fedoraproject.org +os-node02.stg.phx2.fedoraproject.org # Docker (docker-distribution) registries [docker-registry] diff --git a/playbooks/groups/os-cluster.yml b/playbooks/groups/os-cluster.yml new file mode 100644 index 0000000000..5d0185bb5e --- /dev/null +++ b/playbooks/groups/os-cluster.yml @@ -0,0 +1,158 @@ +# create an os server +- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=os-control-stg:os-control" +- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=os-nodes-stg:os-masters-stg:os-nodes:os-masters" + +- name: make the box be real + hosts: os-control:os-control-stg:os-masters-stg:os-nodes-stg:os-masters:os-nodes + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios_client + - hosts + - fas_client + - collectd/base + - rsyncd + - sudo + + tasks: + - include: "{{ tasks_path }}/yumrepos.yml" + - include: "{{ tasks_path }}/2fa_client.yml" + - include: "{{ tasks_path }}/motd.yml" + + handlers: + - include: "{{ handlers_path }}/restart_services.yml" + +- name: OSBS control hosts pre-req setup + hosts: os-control:os-control-stg + tags: + - os-cluster-prereq + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: deploy private key to control hosts + copy: + src: "{{private}}/files/os/{{env}}/control_key" + dest: "/root/.ssh/id_rsa" + owner: root + mode: 0600 + + - name: set ansible to use pipelining + ini_file: + dest: /etc/ansible/ansible.cfg + section: ssh_connection + option: pipelining + value: "True" + +- name: Setup cluster masters pre-reqs + hosts: os-masters-stg:os-masters + tags: + - os-cluster-prereq + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: ensure origin conf dir exists + file: + path: "/etc/origin" + state: "directory" + + - name: create cert dir for openshift public facing REST API SSL + file: + path: "/etc/origin/master/named_certificates" + state: "directory" + + - name: install cert for openshift public facing REST API SSL + copy: + src: "{{private}}/files/os/{{env}}/os-internal.pem" + dest: "/etc/origin/master/named_certificates/{{os}}.pem" + + - name: install key for openshift public facing REST API SSL + copy: + src: "{{private}}/files/os/{{env}}/os-internal.key" + dest: "/etc/origin/master/named_certificates/{{os}}.key" + + - name: place htpasswd file + copy: + src: "{{private}}/files/httpd/os-{{env}}.htpasswd" + dest: /etc/origin/htpasswd + + +- name: Setup cluster hosts pre-reqs + hosts: os-masters-stg:os-nodes-stg:os-masters:os-nodes + tags: + - os-cluster-prereq + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + handlers: + - name: restart NetworkManager + service: + name: NetworkManager + state: restarted + + tasks: + - name: Install necessary packages that openshift-ansible needs + package: name="{{ item }}" state=installed + with_items: + - tar + - rsync + - dbus-python + - NetworkManager + - libselinux-python + - origin + + - name: Deploy controller public ssh keys to os cluster hosts + authorized_key: + user: root + key: "{{ lookup('file', '{{private}}/files/os/{{env}}/control_key.pub') }}" + + # This is required for OpenShift built-in SkyDNS inside the overlay network + # of the cluster + - name: ensure NM_CONTROLLED is set to "yes" for os cluster + lineinfile: + dest: "/etc/sysconfig/network-scripts/ifcfg-eth0" + line: "NM_CONTROLLED=yes" + notify: + - restart NetworkManager + + # This is required for OpenShift built-in SkyDNS inside the overlay network + # of the cluster + - name: ensure NetworkManager is enabled and started + service: + name: NetworkManager + state: started + enabled: yes + + - name: cron entry to clean up docker storage + copy: + src: "{{files}}/os/cleanup-docker-storage" + dest: "/etc/cron.d/cleanup-docker-storage" + + - name: copy docker-storage-setup config + copy: + src: "{{files}}/os/docker-storage-setup" + dest: "/etc/sysconfig/docker-storage-setup" From e48710ae3d16045893bca959046fd9215f01f9d8 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Wed, 10 May 2017 15:48:15 +0000 Subject: [PATCH 89/90] Add ostree to batcave Signed-off-by: Patrick Uiterwijk --- roles/batcave/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/batcave/tasks/main.yml b/roles/batcave/tasks/main.yml index c14f0b481b..7b9750c1b2 100644 --- a/roles/batcave/tasks/main.yml +++ b/roles/batcave/tasks/main.yml @@ -21,6 +21,7 @@ - yum-metadata-parser # Needed for rhn sync - yum-rhn-plugin # Needed for rhn sync - createrepo_c # Needed for rhn sync + - ostree # Needed for rhn sync - python-sqlalchemy # Needed for repo2json - pyliblzma # Needed for repo2json - ansible_utils # Needed for rbac-playbook From 5d8b9463d74a6d390abe2195c63c0ae579b51eca Mon Sep 17 00:00:00 2001 From: Stephen Smoogen Date: Wed, 10 May 2017 15:57:46 +0000 Subject: [PATCH 90/90] dns alias does not fix things --- roles/nagios_server/files/nagios/services/nrpe.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nagios_server/files/nagios/services/nrpe.cfg b/roles/nagios_server/files/nagios/services/nrpe.cfg index 0f516f81ba..797d310e17 100644 --- a/roles/nagios_server/files/nagios/services/nrpe.cfg +++ b/roles/nagios_server/files/nagios/services/nrpe.cfg @@ -1,5 +1,5 @@ define service { - host_name bastion02.phx2.fedoraproject.org, bastion01.phx2.fedoraproject.org, sundries01.phx2.fedoraproject.org, sundries01.stg.phx2.fedoraproject.org, sundries02.phx2.fedoraproject.org, wiki01.phx2.fedoraproject.org, wiki01.stg.phx2.fedoraproject.org, wiki02.phx2.fedoraproject.org, pkgdb01.phx2.fedoraproject.org, pkgdb02.phx2.fedoraproject.org, pkgdb01.stg.phx2.fedoraproject.org, magazine.fedorainfracloud.org + host_name bastion02.phx2.fedoraproject.org, bastion01.phx2.fedoraproject.org, sundries01.phx2.fedoraproject.org, sundries01.stg.phx2.fedoraproject.org, sundries02.phx2.fedoraproject.org, wiki01.phx2.fedoraproject.org, wiki01.stg.phx2.fedoraproject.org, wiki02.phx2.fedoraproject.org, pkgdb01.phx2.fedoraproject.org, pkgdb02.phx2.fedoraproject.org, pkgdb01.stg.phx2.fedoraproject.org, magazine2.fedorainfracloud.org service_description nrpe check_command test_nrpe max_check_attempts 2