This removes osbs and allmost all it's associated playbooks and files.
It served long and well, but we no longer need it.
flatpaks are building with a koji-flatpak plugin.
base/minimal/toolbox containers are building with kiwi.
We aren't building any other containers right now, and we did they could
be added to kiwi.
This is the end of an era... I look with nostolga on
ansible-ansible-openshift-ansible (a role to setup ansible on a control
host and run it from our ansible).
Good bye osbs!
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
We want to move (well, really re-install) all these over on the new lpar
in rdu. This will have much higher stats and be in general faster by
both network and cpu. Hopefully all these will replace all the old
boston ones.
We may need to break these up some more into smaller vm's if the number
isn't able to keep up ok. We can adjust after things are all working.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
We want to get core dumps from these builders in order to try and track
down livemedia failures in python with SIGILL.
https://bugzilla.redhat.com/show_bug.cgi?id=2247319
We just enable this on those builders for now and we set it so it is the
limit for the systemd-nspawn containers that mock uses.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Just for staging for now:
- enable 'podman-login' role for the buildvm group, so built Flatpaks
can be pushed to the skopeo registry.
- add the koji-flatpak hub plugin to koji_hub role
- add the koji-flatpak builder plugin to the koji_builder role
and configure it.
Signed-off-by: Owen W. Taylor <otaylor@fishsoup.net>
Right now we run a script on all builders once a minute to update the
api/auth ip's for osbuild. This has a number of problems:
* Sometimes osbuild jobs land on s390x builders that have no internet
access and hang or fail.
* Sometimes the update script hangs or takes a long time to run because
the builder is heavily loaded with builds, resulting in locking emails
to sysadmin-main folks.
So, in this commit we:
* make a new koji channel called 'osbuild' with all the buildhw-x86's in
it. They are usually not too overloaded and there are 16 of them so it
should be available all the time.
* Leave the cron job on all builders for now in case, but make them only
update once a day since they won't be getting jobs. If this works out
we can remove it entirely there.
* Make the buildhw-x86s only update every 5min. This opens a larger
window for it being wrong, but it's still pretty small and should
reduce the number of emails for stalled processes we get.
See https://pagure.io/fedora-infrastructure/issue/10982
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This is a quick, hacked up script that just runs once per minute and
updates the ip addresses for the osbuild koji plugin. The script calls
systemd's resolvectl without cache and puts the ips in a ipset. The
koji_builder firewall has a added rule to check that ipset for outgoing
connections that are allowed.
TODO: add some kind of error checking
TODO: probibly won't work on s390x builders as they can't reach the host
even with open firewalls, but should work for others.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
systemd-oomd seems to be a bit eager and kills builds before the kernel
OOM would have. Disable it for now and see if it helps memory hungry
builds any.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
- configuring koji builders to use image builder
- configure koji hub to handle osbuild jobs
- Separate prod/stg koji builder osbuild plugin config
Signed-off-by: James Richardson <jamricha@redhat.com>
Signed-off-by: Emma Kidney <ekidney@redhat.com>
Signed-off-by: David Kirwan <dkirwan@redhat.com>
Signed-off-by: Stephen Coady <scoady@redhat.com>
This caused a bit of trouble since I disabled nosync in the kojibuilder
role. I think applied that with -t site-defaults, which updated
everything, _including_ bkernel machines. Sadly, bkernel machines have
additional config in site-defaults to allow for secure boot signing and
this was lost. So, make sure only the bkernel role changes site-defaults
on bkernel machines and also drop nosync from it's private config.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
The relevant parts were made conditional and only applied in the staging
environment, change that. Alongside, ensure the obsolete hub plugin
package and plugin configuration files are removed and don't
automatically update any of the involved packages.
Signed-off-by: Nils Philippsen <nils@redhat.com>
Split out the koji_builder package installs so we can drop ntp/ntpdate
for f34 (they were replaced by ntpsec and we use chrony anyhow).
After we move prod to f34 we should merge these back.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
