We used to do this only on builders, but right now it's causing
problems on all hosts during the infra move:
2025-06-30T23:35:32+0000 INFO Serious error - Curl code (28): Timeout was reached for https://kojipkgs.fedoraproject.org/repos-dist/f42-infra/latest/x86_64/repodata/repomd.xml [Connection timed out after 30001 milliseconds]
and we don't actually need this repo for any infra systems, I
don't think. Let's just disable it for every Fedora host.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
Enables the `image-builder` plugin from `koji-image-builder` in the
production environment for both the koji hub, and the koji builder
(kojid).
This is based on the earlier enablement in staging where I've
succesfully tested some builds and it didn't seem to bring down all of
the staging instance.
Signed-off-by: Simon de Vlieger <supakeen@redhat.com>
Enables the `image-builder` plugin from `koji-image-builder` in the
staging environment for both the koji hub, and the koji builder (kojid).
Signed-off-by: Simon de Vlieger <supakeen@redhat.com>
kernel-firmware is the old provide and it's no longer provided by newer
versions of linux-firmware. This is causing our builders to downgrade to
an older linux-firmware, then dnf-automatic just updates it the next
time to the newer one (because it's a security update).
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This will unify all the handlers to use first uppercase letter for
ansible-lint to stop complaining.
I went through all `notify:` occurrences and fixed them by running
```
set TEXT "text_to_replace"; set REPLACEMENT "replacement_text"; git grep
-rlz "$TEXT" . | xargs -0 sed -i "s/$TEXT/$REPLACEMENT/g"
```
Then I went through all the changes and removed the ones that wasn't
expected to be changed.
Fixes https://pagure.io/fedora-infrastructure/issue/12391
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
These packages were used when we were building containers in OSBS, and
since we don't do that anymore, drop installing that anywhere.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
fix 1900 failures of the following case issue:
`name[casing]: All names should start with an uppercase letter.`
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
In Fedora libvirt switched to a collection of socket activated services
instead of a large single libvirtd service. Restarting that service
caused the socket activated ones to die and then libvirtd exited on
idle, leaving nothing handling virt connections.
So, lets stop trying to restart that and no need to notify other things
because they should idle out/restart on socket activation.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
In f41+ libvirt defaults to using nftables if both it and iptables
are installed, but it doesn't seem to work with imagefactory/oz
virt instances and our iptables setup.
So, lets revert back to iptables for now.
We can switch back if we can fix the incompatiblity, switch builders
to nftables, or stop using oz/IF
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This removes osbs and allmost all it's associated playbooks and files.
It served long and well, but we no longer need it.
flatpaks are building with a koji-flatpak plugin.
base/minimal/toolbox containers are building with kiwi.
We aren't building any other containers right now, and we did they could
be added to kiwi.
This is the end of an era... I look with nostolga on
ansible-ansible-openshift-ansible (a role to setup ansible on a control
host and run it from our ansible).
Good bye osbs!
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
We want to move (well, really re-install) all these over on the new lpar
in rdu. This will have much higher stats and be in general faster by
both network and cpu. Hopefully all these will replace all the old
boston ones.
We may need to break these up some more into smaller vm's if the number
isn't able to keep up ok. We can adjust after things are all working.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
We want to get core dumps from these builders in order to try and track
down livemedia failures in python with SIGILL.
https://bugzilla.redhat.com/show_bug.cgi?id=2247319
We just enable this on those builders for now and we set it so it is the
limit for the systemd-nspawn containers that mock uses.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Just for staging for now:
- enable 'podman-login' role for the buildvm group, so built Flatpaks
can be pushed to the skopeo registry.
- add the koji-flatpak hub plugin to koji_hub role
- add the koji-flatpak builder plugin to the koji_builder role
and configure it.
Signed-off-by: Owen W. Taylor <otaylor@fishsoup.net>
Right now we run a script on all builders once a minute to update the
api/auth ip's for osbuild. This has a number of problems:
* Sometimes osbuild jobs land on s390x builders that have no internet
access and hang or fail.
* Sometimes the update script hangs or takes a long time to run because
the builder is heavily loaded with builds, resulting in locking emails
to sysadmin-main folks.
So, in this commit we:
* make a new koji channel called 'osbuild' with all the buildhw-x86's in
it. They are usually not too overloaded and there are 16 of them so it
should be available all the time.
* Leave the cron job on all builders for now in case, but make them only
update once a day since they won't be getting jobs. If this works out
we can remove it entirely there.
* Make the buildhw-x86s only update every 5min. This opens a larger
window for it being wrong, but it's still pretty small and should
reduce the number of emails for stalled processes we get.
See https://pagure.io/fedora-infrastructure/issue/10982
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This is a quick, hacked up script that just runs once per minute and
updates the ip addresses for the osbuild koji plugin. The script calls
systemd's resolvectl without cache and puts the ips in a ipset. The
koji_builder firewall has a added rule to check that ipset for outgoing
connections that are allowed.
TODO: add some kind of error checking
TODO: probibly won't work on s390x builders as they can't reach the host
even with open firewalls, but should work for others.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
systemd-oomd seems to be a bit eager and kills builds before the kernel
OOM would have. Disable it for now and see if it helps memory hungry
builds any.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
