The /pub/alt/virtio-win directory had in it some 11 year old things.
One was a readme noting that it moved 11 years ago and nothing was
still here. The others were links to .
The scrapers, being as dumb as posts followed all those links over and
over again to the tune of millions per day.
I removed the links, but of course they were still trying, so
lets be a bit more aggressive and just 403 them all.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Fixed up a few things missed and caught in testing on dl01:
* need to setup subuid/subgid files for podman
* need to allow the right port for httpd to listen in selinux
* need httpd network connect to allow it to connect to anubis
* adjust worker values, we were not using prefork for a long time
so the values were just default up them a bunch.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Looks like the scrapers are hitting the download servers now.
So, look at setting up an anubis pod there like we did for pagure.
anubis package isn't available for epel9, so we just use the container.
Will test this with dl01 and tweak until it's working.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This is another attempt at 86696cf. Appearently the condition must be
set to "always" in order to for the header to be "persisted across
internal redirects".
Signed-off-by: Gregory Bartholomew <gregory.lee.bartholomew@gmail.com>
do let me know if you think it will.
Before we merge this, we will need to adjust things in mirrormanager to
not provide http links most likely (although I suppose the redirects
will work for http clients).
Signed-off-by: Kevin Fenzi kevin@scrye.com
These have to be in "s in order to do a string comparison, since
they were not, they were never matching anything. ;(
Fix them all up, and also block a few more repos on pagure that are
getting heavily crawled.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This will unify all the handlers to use first uppercase letter for
ansible-lint to stop complaining.
I went through all `notify:` occurrences and fixed them by running
```
set TEXT "text_to_replace"; set REPLACEMENT "replacement_text"; git grep
-rlz "$TEXT" . | xargs -0 sed -i "s/$TEXT/$REPLACEMENT/g"
```
Then I went through all the changes and removed the ones that wasn't
expected to be changed.
Fixes https://pagure.io/fedora-infrastructure/issue/12391
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
fix 1900 failures of the following case issue:
`name[casing]: All names should start with an uppercase letter.`
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
Time to retire ODCS. ELN is moved off and that was the last thing using
it. Thanks for all the service ODCS!
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Looked at logs of servers being hit by the 'non-responsive' bots and
the following were hit heavily every day multiple times a day:
100006 nagios.fedoraproject.org-access.log
102150 koschei.fedoraproject.org-access.log
162296 lists.fedoraproject.org-access.log
495776 fedoraproject.org-access.log
850471 dl.fedoraproject.org-access.log
Added bloks to dl.fedoraproject to try and lower its hit rate. Others
need review from people who know their internals more.
Signed-off-by: Stephen Smoogen <ssmoogen@redhat.com>
Using `git grep el6` and `git grep el7` and variants like EL-7 or
el-7, I found various entries and files which were no longer needed
with the current ansible. I updated text or tests to later versions of
RHEL as needed.
found entries for the fedora ami's for the original cloud and removed
those entries also.
Signed-off-by: Stephen Smoogen <ssmoogen@redhat.com>
We had centos stream and altarches and centos linux under /srv/pub on
external download servers. However, this breaks people who sync buffet
or the like from them because they suddenly get centos content that they
want to just get directly elsewhere. So, just move these up a leave so
they are out of the buffet target and people who want them can get them
elsewhere.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This reverts commit 4430178b29.
It's time to put this back before the cert expires and before we go into
Beta freeze. Hopefully the odd issue with armv7 qemu guests having a
time behind real time is not still happening.
This reverts commit 57f0d4fdb6.
For an anoying reason, armv7 image builds come up with the time as 10
days ago, which makes this cert invalid. So, move back to the old cert
for a week or so and then switch to the new one again. ;(
odcs just links to the packages in a compose on the /mnt/koji volume
with relative symlinks. ie (
../../../../../../../../mnt/koji/packages/zip/3.0/28.eln109/data/signed/9867c58f/x86_64/zip-3.0-28.eln109.x86_64.rpm
)
Change odcs on download servers to mount on /mnt like koji and then tell
rsync to chroot at /mnt, so it can follow those links and copy the file
from koji volume.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
The fedora_odcs volume is available on odcs-frontend01, but it's easier
for internal people to get it via dl servers since they already get some
content there. So, we just mount it (ro) there so they can do so.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
The Fedora download servers are experiencing a large number of 408's
every day. This is causing timeouts and breaks on yum update. I talked
with the CentOS admins and they pointed me to
https://github.com/CentOS/ansible-role-httpd/ which I shameless borrowed
some code for just the dl. box.
