They have served us long and well, but now we have osbuild and kiwi and
everything should be moved off ImageBuild. This PR will also need to
actually remove those files and packages when we merge this.
(Or I suppose wait until the next reinstall of builders).
Signed-off-by: Kevin Fenzi kevin@scrye.com
These vm's run tasks like newrepos and tagging, so they can handle a lot
more smaller jobs like that. Increase things to 128 for now.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
We used to do this only on builders, but right now it's causing
problems on all hosts during the infra move:
2025-06-30T23:35:32+0000 INFO Serious error - Curl code (28): Timeout was reached for https://kojipkgs.fedoraproject.org/repos-dist/f42-infra/latest/x86_64/repodata/repomd.xml [Connection timed out after 30001 milliseconds]
and we don't actually need this repo for any infra systems, I
don't think. Let's just disable it for every Fedora host.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
Enables the `image-builder` plugin from `koji-image-builder` in the
production environment for both the koji hub, and the koji builder
(kojid).
This is based on the earlier enablement in staging where I've
succesfully tested some builds and it didn't seem to bring down all of
the staging instance.
Signed-off-by: Simon de Vlieger <supakeen@redhat.com>
Enables the `image-builder` plugin from `koji-image-builder` in the
staging environment for both the koji hub, and the koji builder (kojid).
Signed-off-by: Simon de Vlieger <supakeen@redhat.com>
kernel-firmware is the old provide and it's no longer provided by newer
versions of linux-firmware. This is causing our builders to downgrade to
an older linux-firmware, then dnf-automatic just updates it the next
time to the newer one (because it's a security update).
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
It seems sso.redhat.com has a 20 second time to live, so it changes
often. However, it seems to only change the pool of ips from a small
(5-10) number. So, lets just add to the set so we allow any of the ips
we have seen. The set will grow, but if the pool is small it should
stablize to have all the ips in the pool.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This will unify all the handlers to use first uppercase letter for
ansible-lint to stop complaining.
I went through all `notify:` occurrences and fixed them by running
```
set TEXT "text_to_replace"; set REPLACEMENT "replacement_text"; git grep
-rlz "$TEXT" . | xargs -0 sed -i "s/$TEXT/$REPLACEMENT/g"
```
Then I went through all the changes and removed the ones that wasn't
expected to be changed.
Fixes https://pagure.io/fedora-infrastructure/issue/12391
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
These packages were used when we were building containers in OSBS, and
since we don't do that anymore, drop installing that anywhere.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
fix 1900 failures of the following case issue:
`name[casing]: All names should start with an uppercase letter.`
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
We no longer need to keep any config around from boston, so nuke that.
All the buildvm's are now kvm, so we don't need a seperate group/config
for that, so remove it.
Consolidate the variables down to buildvm_s390x group and only have ip
address for host vars.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
In Fedora libvirt switched to a collection of socket activated services
instead of a large single libvirtd service. Restarting that service
caused the socket activated ones to die and then libvirtd exited on
idle, leaving nothing handling virt connections.
So, lets stop trying to restart that and no need to notify other things
because they should idle out/restart on socket activation.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
In f41+ libvirt defaults to using nftables if both it and iptables
are installed, but it doesn't seem to work with imagefactory/oz
virt instances and our iptables setup.
So, lets revert back to iptables for now.
We can switch back if we can fix the incompatiblity, switch builders
to nftables, or stop using oz/IF
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Prior this commit, the script flushed the content of the osbuildapi
set before adding the newly resolved IP addresses into it. Even worse,
the DNS resolve for sso.redhat.com happened after the flush, so there
was no IP address for sso.redhat.com for quite some time (resolving
sso.redhat.com without caching takes 30 ms on my machine).
This commit fixes that by introducing a secondary ipset that is firstly
filled with the resolved IP addresses, and then its content is swapped
with the main set. This should hopefully reduce the likelihood of
random races.
Time to retire ODCS. ELN is moved off and that was the last thing using
it. Thanks for all the service ODCS!
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
