WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-02-03 13:13:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: WarlockFish:rawhide-greenwave
Branches Tags
WarlockFish:main WarlockFish:letsencrypt WarlockFish:rawhide-greenwave WarlockFish:openqa WarlockFish:secarch WarlockFish:darkserver WarlockFish:openvpn_handler WarlockFish:easyfix WarlockFish:denyhosts
..
compare: WarlockFish:secarch
Branches Tags
WarlockFish:main WarlockFish:letsencrypt WarlockFish:rawhide-greenwave WarlockFish:openqa WarlockFish:secarch WarlockFish:darkserver WarlockFish:openvpn_handler WarlockFish:easyfix WarlockFish:denyhosts

5 Commits
rawhide-gr ... secarch

Author SHA1 Message Date
Pierre-Yves Chibon
51308da4cf Specify the nfs_mount_opts when mounting /pub/archive on secondary01 2014-12-07 00:15:01 +01:00
Pierre-Yves Chibon
92577d7a43 Specify the variables and what are tasks 2014-12-06 20:57:54 +01:00
Pierre-Yves Chibon
ec74b9d487 Restructure a bit the secondary01 playbook 2014-12-06 20:56:32 +01:00
Pierre-Yves Chibon
6bc652b8fb Use action instead of command in the playbook 2014-12-06 20:54:11 +01:00
Pierre-Yves Chibon
74c6e79140 Start working on the playbook to build a new secondary01 2014-12-06 20:51:52 +01:00
5769 changed files with 50052 additions and 468344 deletions
Expand all files Collapse all files

4
CONVENTIONS
View File

@@ -9,7 +9,7 @@ Playbook naming
===============
The top level playbooks directory should contain:
* Playbooks that are generic and used by several groups/hosts playbooks
* Playbooks that are generic and used by serveral groups/hosts playbooks
* Playbooks used for utility purposes from command line
* Groups and Hosts subdirs.
@@ -95,7 +95,7 @@ We would like to get ansible running over hosts in an automated way.
A git hook could do this.
* On commit:
If we have a way to determine exactly what hosts are affected by a
If we have a way to detemine exactly what hosts are affected by a
change we could simply run only on those hosts.
We might want a short delay (10m) to allow someone to see a problem

233
README
View File

@@ -15,26 +15,11 @@ library - library of custom local ansible modules
playbooks - collections of plays we want to run on systems
groups: groups of hosts configured from one playbook.
hosts: playbooks for single hosts.
manual: playbooks that are only run manually by an admin as needed.
tasks - snippets of tasks that should be included in plays
roles - specific roles to be use in playbooks.
Each role has it's own files/templates/vars
filter_plugins - Jinja filters
master.yml - This is the master playbook, consisting of all
current group and host playbooks. Note that the
daily cron doesn't run this, it runs even over
playbooks that are not yet included in master.
This playbook is usefull for making changes over
multiple groups/hosts usually with -t (tag).
== Paths ==
public path for everything is:
@@ -49,22 +34,212 @@ In general to run any ansible playbook you will want to run:
sudo -i ansible-playbook /path/to/playbook.yml
== Scheduled check-diff ==
== Cloud information ==
Every night a cron job runs over all playbooks under playbooks/{groups}{hosts}
with the ansible --check --diff options. A report from this is sent to
sysadmin-logs. In the ideal state this report would be empty.
cloud instances:
to startup a new cloud instance and configure for basic server use run (as
root):
== Idempotency ==
el6:
sudo -i ansible-playbook /srv/web/infra/ansible/playbooks/el6_temp_instance.yml
All playbooks should be idempotent. Ie, if run once they should bring the
machine(s) to the desired state, and if run again N times after that they should
make 0 changes (because the machine(s) are in the desired state).
Please make sure your playbooks are idempotent.
f19:
sudo -i ansible-playbook /srv/web/infra/ansible/playbooks/f19_temp_instance.yml
== Can be run anytime ==
When a playbook or change is checked into ansible you should assume
that it could be run at ANY TIME. Always make sure the checked in state
is the desired state. Always test changes when they land so they don't
surprise you later.
The -i is important - ansible's tools need access to root's sshagent as well
as the cloud credentials to run the above playbooks successfully.
This will setup a new instance, provision it and email sysadmin-main that
the instance was created, it's instance id (for terminating it, attaching
volumes, etc) and it's ip address.
You will then be able to login, as root.
You can add various extra vars to the above commands to change the instance
you've just spun up.
variables to define:
instance_type=c1.medium
security_group=default
root_auth_users='username1 username2 @groupname'
hostbase=basename for hostname - will have instance id appended to it
define these with:
--extra-vars="varname=value varname1=value varname2=value"
Name Memory_MB Disk VCPUs
m1.tiny 512 0 1
m1.small 2048 20 1
m1.medium 4096 40 2
m1.large 8192 80 4
m1.xlarge 16384 160 8
m1.builder 5120 50 3
Setting up a new persistent cloud host:
1. select an ip:
source /srv/private/ansible/files/openstack/persistent-admin/ec2rc.sh
oeuca-describe-addresses
- pick an ip from the list that is not assigned anywhere
- add it into dns - normally in the cloud.fedoraproject.org but it doesn't
have to be
2. If needed create a persistent storage disk for the instance:
source /srv/private/ansible/files/openstack/persistent-admin/ec2rc.sh
euca-create-volume -z nova -s <size in gigabytes>
3. set up the host/ip in ansible host inventory
- add to ansible/inventory/inventory under [persistent-cloud]
- either the ip itself or the hostname you want to refer to it as
4. setup the host_vars
- create file named by the hostname or ip you used in the inventory
- for adding persistent volumes add an entry like this into the host_vars file
volumes: ['-d /dev/vdb vol-BCA33FCD', '-d /dev/vdc vol-DC833F48']
for each volume you want to attach to the instance.
The device names matter - they start at /dev/vdb and increment. However,
they are not reliable IN the instance. You should find the device, partition
it, format it and label the formatted device then mount the device by label
or by UUID. Do not count on the device name being the same each time.
Contents should look like this (remove all the comments)
---
# 2cpus, 3GB of ram 20GB of ephemeral space
instance_type: m1.large
# image id - see global vars. You can also use euca-describe-images to find other images as well
image: "{{ el6_qcow_id }}"
keypair: fedora-admin-20130801
# what security group to add the host to
security_group: webserver
zone: fedoracloud
# instance id will be appended
hostbase: hostname_base-
# ip should be in the 209.132.184.XXX range
public_ip: $ip_you_selected
# users/groups who should have root ssh access
root_auth_users: skvidal bkabrda
description: some description so someone else can know what this is
The available images can be found by running::
source /srv/private/ansible/files/openstack/persistent-admin/ec2rc.sh
euca-describe-images | grep ami
4. setup a host playbook ansible/playbooks/hosts/$YOUR_HOSTNAME_HERE.yml
Note: the name of this file doesn't really matter but it should normally
be the hostname of the host you're setting up.
- name: check/create instance
hosts: $YOUR_HOSTNAME/IP HERE
user: root
gather_facts: False
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "{{ private }}/vars.yml"
tasks:
- include: "{{ tasks }}/persistent_cloud.yml"
- name: provision instance
hosts: $YOUR_HOSTNAME/IP HERE
user: root
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "{{ private }}/vars.yml"
- /srv/web/infra/ansible/vars//{{ ansible_distribution }}.yml
tasks:
- include: "{{ tasks }}/cloud_setup_basic.yml
# fill in other actions/includes/etc here
handlers:
- include: "{{ handlers }}/restart_services.yml
5. add/commit the above to the git repo and push your changes
6. set it up:
sudo -i ansible-playbook /srv/web/infra/ansible/playbooks/hosts/$YOUR_HOSTNAME_HERE.yml
7. login, etc
You should be able to run that playbook over and over again safely, it will
only setup/create a new instance if the ip is not up/responding.
SECURITY GROUPS
- to edit security groups you must either have your own cloud account or
be a member of sysadmin-main
This gives you the credential to change things in the persistent tenant
- source /srv/private/ansible/files/openstack/persistent-admin/ec2rc.sh
This lists all security groups in that tenant:
- euca-describe-groups | grep GROUP
the output will look like this:
euca-describe-groups | grep GROU
GROUP d4e664a10e2c4210839150be09c46e5e default default
GROUP d4e664a10e2c4210839150be09c46e5e jenkins jenkins instance group
GROUP d4e664a10e2c4210839150be09c46e5e logstash logstash security group
GROUP d4e664a10e2c4210839150be09c46e5e smtpserver list server group. needs web and smtp
GROUP d4e664a10e2c4210839150be09c46e5e webserver webserver security group
GROUP d4e664a10e2c4210839150be09c46e5e wideopen wideopen
This lets you list the rules in a specific group:
- euca-describe-group groupname
the output will look like this:
euca-describe-group wideopen
GROUP d4e664a10e2c4210839150be09c46e5e wideopen wideopen
PERMISSION d4e664a10e2c4210839150be09c46e5e wideopen ALLOWS tcp 1 65535 FROM CIDR 0.0.0.0/0
PERMISSION d4e664a10e2c4210839150be09c46e5e wideopen ALLOWS icmp -1 -1 FROM CIDR 0.0.0.0/0
To create a new group:
euca-create-group -d "group description here" groupname
To add a rule to a group:
euca-authorize -P tcp -p 22 groupname
euca-authorize -P icmp -t -1:-1 groupname
To delete a rule from a group:
euca-revoke -P tcp -p 22 groupname
Notes:
- Be careful removing or adding rules to existing groups b/c you could be
impacting other instances using that security group.
- You will almost always want to allow 22/tcp (sshd) and icmp -1 -1 (ping
and traceroute and friends).
TERMINATING INSTANCES
For transient:
1. source /srv/private/ansible/files/openstack/transient-admin/ec2rc.sh
- OR -
For persistent:
1. source /srv/private/ansible/files/openstack/persistent-admin/ec2rc.sh
2. euca-describe-instances | grep <ip of your instance>
3. euca-terminate-instances <the id, something like i-00000295>

187
README.cloud
View File

@@ -1,187 +0,0 @@
== Cloud information ==
The dashboard for the production cloud instance is:
https://fedorainfracloud.org/dashboard/
You can download credentials via the dashboard (under security and access)
=== Transient instances ===
Transient instances are short term use instances for Fedora
contributors. They can be terminated at any time and shouldn't be
relied on for any production use. If you have an application
or longer term item that should always be around
please create a persistent playbook instead. (see below)
to startup a new transient cloud instance and configure for basic
server use run (as root):
sudo -i ansible-playbook /srv/web/infra/ansible/playbooks/transient_cloud_instance.yml -e 'name=somename'
The -i is important - ansible's tools need access to root's sshagent as well
as the cloud credentials to run the above playbooks successfully.
This will setup a new instance, provision it and email sysadmin-main that
the instance was created and it's ip address.
You will then be able to login, as root if you are in the sysadmin-main group.
(If you are making the instance for another user, see below)
You MUST pass a name to it, ie: -e 'name=somethingdescriptive'
You can optionally override defaults by passing any of the following:
image=imagename (default is centos70_x86_64)
instance_type=some instance type (default is m1.small)
root_auth_users='user1 user2 user3 @group1' (default always includes sysadmin-main group)
Note: if you run this playbook with the same name= multiple times
openstack is smart enough to just return the current ip of that instance
and go on. This way you can re-run if you want to reconfigure it without
reprovisioning it.
Sizes options
-------------
Name Memory_MB Disk VCPUs
m1.tiny 512 0 1
m1.small 2048 20 1
m1.medium 4096 40 2
m1.large 8192 80 4
m1.xlarge 16384 160 8
m1.builder 5120 50 3
=== Persistent cloud instances ===
Persistent cloud instances are ones that we want to always have up and
configured. These are things like dev instances for various applications,
proof of concept servers for evaluating something, etc. They will be
reprovisioned after a reboot/maint window for the cloud.
Setting up a new persistent cloud host:
1) Select an available floating IP
source /srv/private/ansible/files/openstack/novarc
nova floating-ip-list
Note that an "available floating IP" is one that has only a "-" in the Fixed IP
column of the above `nova` command. Ignore the fact that the "Server Id" column
is completely blank for all instances. If there are no ip's with -, use:
nova floating-ip-create
and retry the list.
2) Add that IP addr to dns (typically as foo.fedorainfracloud.org)
3) Create persistent storage disk for the instance (if necessary.. you might not
need this).
nova volume-create --display-name SOME_NAME SIZE_IN_GB
4) Add to ansible inventory in the persistent-cloud group.
You should use the FQDN for this and not the IP. Names are good.
5) setup the host_vars file. It should looks something like this::
instance_type: m1.medium
image:
keypair: fedora-admin-20130801
security_group: default # NOTE: security_group MUST contain default.
zone: nova
tcp_ports: [22, 80, 443]
inventory_tenant: persistent
inventory_instance_name: taiga
hostbase: taiga
public_ip: 209.132.184.50
root_auth_users: ralph maxamillion
description: taiga frontend server
volumes:
- volume_id: VOLUME_UUID_GOES_HERE
device: /dev/vdc
cloud_networks:
# persistent-net
- net-id: "67b77354-39a4-43de-b007-bb813ac5c35f"
6) setup the host playbook
7) run the playbook:
sudo -i ansible-playbook /srv/web/infra/ansible/playbooks/hosts/$YOUR_HOSTNAME_HERE.yml
You should be able to run that playbook over and over again safely, it will
only setup/create a new instance if the ip is not up/responding.
=== SECURITY GROUPS ===
FIXME: needs work for new cloud.
- to edit security groups you must either have your own cloud account or
be a member of sysadmin-main
This gives you the credential to change things in the persistent tenant
- source /srv/private/ansible/files/openstack/persistent-admin/ec2rc.sh
This lists all security groups in that tenant:
- euca-describe-groups | grep GROUP
the output will look like this:
euca-describe-groups | grep GROU
GROUP d4e664a10e2c4210839150be09c46e5e default default
GROUP d4e664a10e2c4210839150be09c46e5e jenkins jenkins instance group
GROUP d4e664a10e2c4210839150be09c46e5e logstash logstash security group
GROUP d4e664a10e2c4210839150be09c46e5e smtpserver list server group. needs web and smtp
GROUP d4e664a10e2c4210839150be09c46e5e webserver webserver security group
GROUP d4e664a10e2c4210839150be09c46e5e wideopen wideopen
This lets you list the rules in a specific group:
- euca-describe-group groupname
the output will look like this:
euca-describe-group wideopen
GROUP d4e664a10e2c4210839150be09c46e5e wideopen wideopen
PERMISSION d4e664a10e2c4210839150be09c46e5e wideopen ALLOWS tcp 1 65535 FROM CIDR 0.0.0.0/0
PERMISSION d4e664a10e2c4210839150be09c46e5e wideopen ALLOWS icmp -1 -1 FROM CIDR 0.0.0.0/0
To create a new group:
euca-create-group -d "group description here" groupname
To add a rule to a group:
euca-authorize -P tcp -p 22 groupname
euca-authorize -P icmp -t -1:-1 groupname
To delete a rule from a group:
euca-revoke -P tcp -p 22 groupname
Notes:
- Be careful removing or adding rules to existing groups b/c you could be
impacting other instances using that security group.
- You will almost always want to allow 22/tcp (sshd) and icmp -1 -1 (ping
and traceroute and friends).
=== TERMINATING INSTANCES ===
For transient:
1. source /srv/private/ansible/files/openstack/novarc
2. export OS_TENANT_NAME=transient
2. nova list | grep <ip of your instance or name of your instance>
3. nova delete <name of instance or ID of instance>
- OR -
For persistent:
1. source /srv/private/ansible/files/openstack/novarc
2. nova list | grep <ip of your instance or name of your instance>
3. nova delete <name of instance or ID of instance>

7
callback_plugins/fedmsg_callback.py
View File

@@ -22,11 +22,6 @@ import pwd
import fedmsg
import fedmsg.config
try:
from ansible.plugins.callback import CallbackBase
except ImportError:
# Ansible v1 compat
CallbackBase = object
def getlogin():
try:
@@ -36,7 +31,7 @@ def getlogin():
return user
class CallbackModule(CallbackBase):
class CallbackModule(object):
""" Publish playbook starts and stops to fedmsg. """
playbook_path = None

116
callback_plugins/fedmsg_callback2.py
View File

@@ -1,116 +0,0 @@
# (C) 2012, Michael DeHaan, <michael.dehaan@gmail.com>
# based on the log_plays example
# skvidal@fedoraproject.org
# rbean@redhat.com
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
import os
import pwd
import fedmsg
import fedmsg.config
try:
from ansible.plugins.callback import CallbackBase
except ImportError:
# Ansible v1 compat
CallbackBase = object
try:
from ansible.utils.hashing import secure_hash
except ImportError:
from ansible.utils import md5 as secure_hash
def getlogin():
try:
user = os.getlogin()
except OSError, e:
user = pwd.getpwuid(os.geteuid())[0]
return user
class CallbackModule(CallbackBase):
""" Publish playbook starts and stops to fedmsg. """
CALLBACK_NAME = 'fedmsg_callback2'
CALLBACK_TYPE = 'notification'
CALLBACK_VERSION = 2.0
CALLBACK_NEEDS_WHITELIST = True
playbook_path = None
def __init__(self):
config = fedmsg.config.load_config()
config.update(dict(
name='relay_inbound',
cert_prefix='shell',
active=True,
))
# It seems like recursive playbooks call this over and over again and
# fedmsg doesn't like to be initialized more than once. So, here, just
# catch that and ignore it.
try:
fedmsg.init(**config)
except ValueError:
pass
self.play = None
self.playbook = None
super(CallbackModule, self).__init__()
def set_play_context(self, play_context):
self.play_context = play_context
def v2_playbook_on_start(self, playbook):
self.playbook = playbook
def v2_playbook_on_play_start(self, play):
# This gets called once for each play.. but we just issue a message once
# for the first one. One per "playbook"
if self.playbook:
# figure out where the playbook FILE is
path = os.path.abspath(self.playbook._file_name)
# Bail out early without publishing if we're in --check mode
if self.play_context.check_mode:
return
if not self.playbook_path:
fedmsg.publish(
modname="ansible", topic="playbook.start",
msg=dict(
playbook=path,
userid=getlogin(),
extra_vars=play._variable_manager.extra_vars,
inventory=play._variable_manager._inventory._sources,
playbook_checksum=secure_hash(path),
check=self.play_context.check_mode,
),
)
self.playbook_path = path
def v2_playbook_on_stats(self, stats):
if not self.playbook_path:
return
results = dict([(h, stats.summarize(h)) for h in stats.processed])
fedmsg.publish(
modname="ansible", topic="playbook.complete",
msg=dict(
playbook=self.playbook_path,
userid=getlogin(),
results=results,
),
)

23
callback_plugins/logdetail.py
View File

@@ -15,20 +15,12 @@
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
from __future__ import absolute_import
import os
import time
import json
import pwd
from ansible import utils
try:
from ansible.plugins.callback import CallbackBase
except ImportError:
# Ansible v1 compat
CallbackBase = object
TIME_FORMAT="%b %d %Y %H:%M:%S"
MSG_FORMAT="%(now)s\t%(count)s\t%(category)s\t%(name)s\t%(data)s\n"
@@ -146,13 +138,7 @@ class LogMech(object):
elif self.play_info.get('check', False):
category = 'CHECK:' + category
# Sometimes this is None.. othertimes it's fine. Othertimes it has
# trailing whitespace that kills logview. Strip that, when possible.
if name:
name = name.strip()
sanitize_host = host.replace(' ', '_').replace('>', '-')
fd = open(self.logpath_play + '/' + sanitize_host + '.log', 'a')
fd = open(self.logpath_play + '/' + host + '.log', 'a')
now = time.strftime(TIME_FORMAT, time.localtime())
fd.write(MSG_FORMAT % dict(now=now, name=name, count=count, category=category, data=json.dumps(data)))
fd.close()
@@ -160,15 +146,10 @@ class LogMech(object):
logmech = LogMech()
class CallbackModule(CallbackBase):
class CallbackModule(object):
"""
logs playbook results, per host, in /var/log/ansible/hosts
"""
CALLBACK_NAME = 'logdetail'
CALLBACK_TYPE = 'notification'
CALLBACK_VERSION = 2.0
CALLBACK_NEEDS_WHITELIST = True
def __init__(self):
self._task_count = 0
self._play_count = 0

278
callback_plugins/logdetail2.py
View File

@@ -1,278 +0,0 @@
# (C) 2012, Michael DeHaan, <michael.dehaan@gmail.com>
# based on the log_plays example
# skvidal@fedoraproject.org
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
from __future__ import absolute_import
import os
import time
import json
import pwd
try:
from ansible.utils.hashing import secure_hash
except ImportError:
from ansible.utils import md5 as secure_hash
try:
from ansible.plugins.callback import CallbackBase
except ImportError:
# Ansible v1 compat
CallbackBase = object
TIME_FORMAT="%b %d %Y %H:%M:%S"
MSG_FORMAT="%(now)s\t%(count)s\t%(category)s\t%(name)s\t%(data)s\n"
LOG_PATH = '/var/log/ansible'
def getlogin():
try:
user = os.getlogin()
except OSError, e:
user = pwd.getpwuid(os.geteuid())[0]
return user
class LogMech(object):
def __init__(self):
self.started = time.time()
self.pid = str(os.getpid())
self._pb_fn = None
self._last_task_start = None
self.play_info = {}
self.logpath = LOG_PATH
if not os.path.exists(self.logpath):
try:
os.makedirs(self.logpath, mode=0750)
except OSError, e:
if e.errno != 17:
raise
# checksum of full playbook?
@property
def playbook_id(self):
if self._pb_fn:
return os.path.basename(self._pb_fn).replace('.yml', '').replace('.yaml', '')
else:
return "ansible-cmd"
@playbook_id.setter
def playbook_id(self, value):
self._pb_fn = value
@property
def logpath_play(self):
# this is all to get our path to look nice ish
tstamp = time.strftime('%Y/%m/%d/%H.%M.%S', time.localtime(self.started))
path = os.path.normpath(self.logpath + '/' + self.playbook_id + '/' + tstamp + '/')
if not os.path.exists(path):
try:
os.makedirs(path)
except OSError, e:
if e.errno != 17: # if it is not dir exists then raise it up
raise
return path
def play_log(self, content):
# record out playbook.log
# include path to playbook, checksums, user running playbook
# any args we can get back from the invocation
fd = open(self.logpath_play + '/' + 'playbook-' + self.pid + '.info', 'a')
fd.write('%s\n' % content)
fd.close()
def task_to_json(self, task):
res = {}
res['task_name'] = task.name
res['task_module'] = task.action
res['task_args'] = task.args
if self.playbook_id == 'ansible-cmd':
res['task_userid'] = getlogin()
for k in ("delegate_to", "environment", "with_first_found",
"local_action", "notified_by", "notify",
"register", "sudo", "sudo_user", "tags",
"transport", "when"):
v = getattr(task, k, None)
if v:
res['task_' + k] = v
return res
def log(self, host, category, data, task=None, count=0):
if not host:
host = 'HOSTMISSING'
if type(data) == dict:
name = data.get('module_name',None)
else:
name = "unknown"
# we're in setup - move the invocation info up one level
if 'invocation' in data:
invoc = data['invocation']
if not name and 'module_name' in invoc:
name = invoc['module_name']
#don't add this since it can often contain complete passwords :(
del(data['invocation'])
if task:
name = task.name
data['task_start'] = self._last_task_start
data['task_end'] = time.time()
data.update(self.task_to_json(task))
if 'task_userid' not in data:
data['task_userid'] = getlogin()
if category == 'OK' and data.get('changed', False):
category = 'CHANGED'
if self.play_info.get('check', False) and self.play_info.get('diff', False):
category = 'CHECK_DIFF:' + category
elif self.play_info.get('check', False):
category = 'CHECK:' + category
# Sometimes this is None.. othertimes it's fine. Othertimes it has
# trailing whitespace that kills logview. Strip that, when possible.
if name:
name = name.strip()
sanitize_host = host.replace(' ', '_').replace('>', '-')
fd = open(self.logpath_play + '/' + sanitize_host + '.log', 'a')
now = time.strftime(TIME_FORMAT, time.localtime())
fd.write(MSG_FORMAT % dict(now=now, name=name, count=count, category=category, data=json.dumps(data)))
fd.close()
logmech = LogMech()
class CallbackModule(CallbackBase):
"""
logs playbook results, per host, in /var/log/ansible/hosts
"""
CALLBACK_NAME = 'logdetail2'
CALLBACK_TYPE = 'notification'
CALLBACK_VERSION = 2.0
CALLBACK_NEEDS_WHITELIST = True
def __init__(self):
self._task_count = 0
self._play_count = 0
self.task = None
self.playbook = None
super(CallbackModule, self).__init__()
def set_play_context(self, play_context):
self.play_context = play_context
def v2_runner_on_failed(self, result, ignore_errors=False):
category = 'FAILED'
logmech.log(result._host.get_name(), category, result._result, self.task, self._task_count)
def v2_runner_on_ok(self, result):
category = 'OK'
logmech.log(result._host.get_name(), category, result._result, self.task, self._task_count)
def v2_runner_on_skipped(self, result):
category = 'SKIPPED'
res = {}
res['item'] = self._get_item(getattr(result._result, 'results', {}))
logmech.log(result._host.get_name(), category, res, self.task, self._task_count)
def v2_runner_on_unreachable(self, result):
category = 'UNREACHABLE'
res = {}
res['output'] = result._result
logmech.log(result._host.get_name(), category, res, self.task, self._task_count)
def v2_runner_on_async_failed(self, result):
category = 'ASYNC_FAILED'
logmech.log(result._host.get_name(), category, result._result, self.task, self._task_count)
def v2_playbook_on_start(self, playbook):
self.playbook = playbook
def v2_playbook_on_task_start(self, task, is_conditional):
self.task = task
logmech._last_task_start = time.time()
self._task_count += 1
def v2_playbook_on_setup(self):
self._task_count += 1
def v2_playbook_on_import_for_host(self, result, imported_file):
res = {}
res['imported_file'] = imported_file
logmech.log(result._host.get_name(), 'IMPORTED', res, self.task)
def v2_playbook_on_not_import_for_host(self, result, missing_file):
res = {}
res['missing_file'] = missing_file
logmech.log(result._host.get_name(), 'NOTIMPORTED', res, self.task)
def v2_playbook_on_play_start(self, play):
self._task_count = 0
if play:
# figure out where the playbook FILE is
path = os.path.abspath(self.playbook._file_name)
# tel the logger what the playbook is
logmech.playbook_id = path
# if play count == 0
# write out playbook info now
if not self._play_count:
pb_info = {}
pb_info['playbook_start'] = time.time()
pb_info['playbook'] = path
pb_info['userid'] = getlogin()
pb_info['extra_vars'] = play._variable_manager.extra_vars
pb_info['inventory'] = play._variable_manager._inventory._sources
pb_info['playbook_checksum'] = secure_hash(path)
pb_info['check'] = self.play_context.check_mode
pb_info['diff'] = self.play_context.diff
logmech.play_log(json.dumps(pb_info, indent=4))
self._play_count += 1
# then write per-play info that doesn't duplcate the playbook info
info = {}
info['play'] = play.name
info['hosts'] = play.hosts
info['transport'] = self.play_context.connection
info['number'] = self._play_count
info['check'] = self.play_context.check_mode
info['diff'] = self.play_context.diff
logmech.play_info = info
logmech.play_log(json.dumps(info, indent=4))
def v2_playbook_on_stats(self, stats):
results = {}
for host in stats.processed.keys():
results[host] = stats.summarize(host)
logmech.log(host, 'STATS', results[host])
logmech.play_log(json.dumps({'stats': results}, indent=4))
logmech.play_log(json.dumps({'playbook_end': time.time()}, indent=4))
print('logs written to: %s' % logmech.logpath_play)

40
callback_plugins/profile_tasks.py Normal file
View File

@@ -0,0 +1,40 @@
import time
class CallbackModule(object):
"""
A plugin for timing tasks
"""
def __init__(self):
self.stats = {}
self.current = None
def playbook_on_task_start(self, name, is_conditional):
"""
Logs the start of each task
"""
if self.current is not None:
# Record the running time of the last executed task
self.stats[self.current] = time.time() - self.stats[self.current]
# Record the start time of the current task
self.current = name
self.stats[self.current] = time.time()
def playbook_on_stats(self, stats):
"""
Prints the timings
"""
# Record the timing of the very last task
if self.current is not None:
self.stats[self.current] = time.time() - self.stats[self.current]
# Sort the tasks by their running time
results = sorted(self.stats.items(), key=lambda value: value[1], reverse=True)
# Just keep the top 10
results = results[:10]
# Print the timings
for name, elapsed in results:
print "{0:-<70}{1:->9}".format('{0} '.format(name), ' {0:.02f}s'.format(elapsed))

21
files/2fa/pam_url.conf.fed-cloud09.cloud.fedoraproject.org
View File

@@ -1,21 +0,0 @@
pam_url:
{
settings:
{
url = "https://fas-all.phx2.fedoraproject.org:8443/"; # URI to fetch
returncode = "OK"; # The remote script/cgi should return a 200 http code and this string as its only results
userfield = "user"; # userfield name to send
passwdfield = "token"; # passwdfield name to send
extradata = "&do=login"; # extradata to send
prompt = "Password+Token: "; # password prompt
};
ssl:
{
verify_peer = true; # Should we verify SSL ?
verify_host = true; # Should we verify the CN in the SSL cert?
client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate
client_key = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert)
ca_cert = "/etc/pki/tls/private/totpcgi-ca.cert";
};
};

2
files/2fa/sudo.pam
View File

@@ -3,6 +3,8 @@ auth required pam_env.so
auth sufficient pam_url.so config=/etc/pam_url.conf
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
auth include system-auth
account include system-auth
password include system-auth
session optional pam_keyinit.so revoke

11
files/artboard/artboard.conf
View File

@@ -3,14 +3,7 @@
AllowOverride All
<IfModule mod_authz_core.c>
# Apache 2.4
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order deny,allow
Allow from all
</IfModule>
Order allow,deny
Allow from all
</Directory>

30
files/common/RPM-GPG-KEY-INFRASTRUCTURE-SIGUL
View File

@@ -1,30 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1
mQINBFfZrzsBEADGLYtUW4YZNKSq/bawWYSg3Z8OAD3amoWx9BTdiBjWyIn7PzBQ
g/Y2QpTj9Sylhi4ZDqcP6eikrC2bqZdBeJyOAHSkV6Nvt+D/ijHOViEsSg+OwHmC
9axbsNHI+WKYPR7GBb40/hu7miHTOWd7puuJ000nyeHckicSHNYb+KxwoN9TTyON
utqTtzUb1v0f+GZ2E3XHCa/SgHG+syFbKhFiPRqSmwuhESgz7JIPx9UPz/pkg/rA
qHILJDt5PGaxhRNcK4rOVhpIBxTdjyYvtkCzlMr8ZaLqlQx2B5Ub9osYSv7CwQD5
tJTb9ed/p5HKuT9JEDSgtxV2yy6bxEMkBjlD5m4ISnOnZ8GGjPl434FdufusIwDX
vFUQDH5BSGV1xUcoCoNAMY+CUCoUaTBkv5PqLOgsCirSImvXhSCFBT1VVb2sPhuG
J6q9Nk18+i2sMtjflM9PzCblMe7C1gySiuH4q+hvB6IDnYirLLy0ctBvr3siY4hY
lTydy+4z7UuquLv02t5Zbw9jxqX1LEyiMvUppx5XgGyQ0cGQpkRHXRzQqI6bjUny
e8Ub2sfjidjqRWyycY4F7KGG/DeKE3UeclDjFlA+CTvgu88RGgzTMZym5NxgjgfJ
PYj+etPXth3PNzxd8FAC4tWP5b6kEVVJ2Oxiy6Z8dYQJVsAVP110bo/MFwARAQAB
tEBGZWRvcmEgSW5mcmFzdHJ1Y3R1cmUgKGluZnJhc3RydWN0dXJlKSA8YWRtaW5A
ZmVkb3JhcHJvamVjdC5vcmc+iQI4BBMBAgAiBQJX2a87AhsPBgsJCAcDAgYVCAIJ
CgsEFgIDAQIeAQIXgAAKCRCAWYFeR92O+RbAD/9QzUyyoDPvPjlxn341BdT1iG3s
BvKjNOAtQkHeDzRQ0rBXG40yoTjQ+s4X+3aNumy4C+xeGqUiFMcBED/5EdahWcXm
5dqEAysTpiWOaamVfvQaNuBZjKP6GXXUeAVvkEVXggTI18tpNR/xFqfvHMCYuRUJ
QERNDtEPweQn9U3ewr7VOIrF8OnxVEQe9xOPKnGr0yD22NHz5hCiIKXwt34I7m9j
IlKMETTUflmERzzzwWp9CwmwU2o+g9hILqtvLFV/9TDSiWTvr2Ynj/hlNZPG8MhB
K73S8oQADP/ogmwYkK3cx06CkaSEiQciAkpL4v7GzWfw3hTScIxbf/R5YU5i5qHj
N+XJRLoW4AdNRAtrJ1KsLrFhFso9o7cfUlGGDPOwwQu3etoY3t0vViXYanOJrXqA
DaHZ7Ynj7V5KNB97xbjohT+YiApBV1jmMbydAMhNxo2ZlAC9hmlDEwD9L9CSPt1s
PvjcY20/RjVrm62vmXI/Sqa1zPjjYaxceEZzDIcxVDAneeeAdV99zHRDjZLqucux
GGJWwUNyxnuA7ZNdD3ZQBJlefOCT4Tg2Yj2ssH6PdGBoWS2gibnGdUsc/LhIaES4
afRLHVbHRu1HJ3s7pAgxNRY5Cjc5GEqdvm+5LOt/usyyaUwds0cJp55KKovsqZ1v
+h4JFKdsC+6/ZUHRQQ==
=MNfm
-----END PGP PUBLIC KEY BLOCK-----

6
files/common/fedora-infra-tags-stg.repo
View File

@@ -1,6 +0,0 @@
[infrastructure-tags-stg]
name=Fedora Infrastructure staging tag $releasever - $basearch
baseurl=https://kojipkgs.fedoraproject.org/repos-dist/f$releasever-infra-stg/latest/$basearch/
enabled=1
gpgcheck=1
gpgkey=https://infrastructure.fedoraproject.org/repo/infra/RPM-GPG-KEY-INFRA-TAGS

6
files/common/fedora-infra-tags.repo
View File

@@ -1,6 +0,0 @@
[infrastructure-tags]
name=Fedora Infrastructure tag $releasever - $basearch
baseurl=https://kojipkgs.fedoraproject.org/repos-dist/f$releasever-infra/latest/$basearch/
enabled=1
gpgcheck=1
gpgkey=https://infrastructure.fedoraproject.org/repo/infra/RPM-GPG-KEY-INFRA-TAGS

26
files/common/fedora-updates-testing.repo-arm Normal file
View File

@@ -0,0 +1,26 @@
[updates-testing]
name=Fedora $releasever - $basearch - Test Updates
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/$basearch/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch
[updates-testing-debuginfo]
name=Fedora $releasever - $basearch - Test Updates Debug
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/$basearch/debug/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch
[updates-testing-source]
name=Fedora $releasever - Test Updates Source
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/SRPMS/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch

26
files/common/fedora-updates-testing.repo-secondary
View File

@@ -1,26 +0,0 @@
[updates-testing]
name=Fedora $releasever - $basearch - Test Updates
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/testing/$releasever/$basearch/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
[updates-testing-debuginfo]
name=Fedora $releasever - $basearch - Test Updates Debug
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/testing/$releasever/$basearch/debug/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
[updates-testing-source]
name=Fedora $releasever - Test Updates Source
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/testing/$releasever/SRPMS/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch

26
files/common/fedora-updates.repo-arm Normal file
View File

@@ -0,0 +1,26 @@
[updates]
name=Fedora $releasever - $basearch - Updates
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/$releasever/$basearch/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch
[updates-debuginfo]
name=Fedora $releasever - $basearch - Updates - Debug
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/$releasever/$basearch/debug/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch
[updates-source]
name=Fedora $releasever - Updates Source
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/$releasever/SRPMS/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch

26
files/common/fedora-updates.repo-secondary
View File

@@ -1,26 +0,0 @@
[updates]
name=Fedora $releasever - $basearch - Updates
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/$releasever/$basearch/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
[updates-debuginfo]
name=Fedora $releasever - $basearch - Updates - Debug
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/$releasever/$basearch/debug/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
[updates-source]
name=Fedora $releasever - Updates Source
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/$releasever/SRPMS/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch

4
files/common/fedora.repo
View File

@@ -11,7 +11,7 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
[fedora-debuginfo]
name=Fedora $releasever - $basearch - Debug
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/$basearch/debug/tree/
baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/$basearch/debug/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch
enabled=0
metadata_expire=7d
@@ -21,7 +21,7 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
[fedora-source]
name=Fedora $releasever - Source
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/source/tree/
baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/source/SRPMS/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch
enabled=0
metadata_expire=7d

29
files/common/fedora.repo-arm Normal file
View File

@@ -0,0 +1,29 @@
[fedora]
name=Fedora $releasever - $basearch
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/$basearch/os/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch
enabled=1
metadata_expire=7d
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch
[fedora-debuginfo]
name=Fedora $releasever - $basearch - Debug
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/$basearch/debug/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch
enabled=0
metadata_expire=7d
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch
[fedora-source]
name=Fedora $releasever - Source
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/source/SRPMS/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch
enabled=0
metadata_expire=7d
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch

29
files/common/fedora.repo-secondary
View File

@@ -1,29 +0,0 @@
[fedora]
name=Fedora $releasever - $basearch
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/releases/$releasever/Everything/$basearch/os/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch
enabled=1
metadata_expire=7d
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
[fedora-debuginfo]
name=Fedora $releasever - $basearch - Debug
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/releases/$releasever/Everything/$basearch/debug/tree/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch
enabled=0
metadata_expire=7d
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
[fedora-source]
name=Fedora $releasever - Source
failovermethod=priority
baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/releases/$releasever/Everything/source/tree/
#metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch
enabled=0
metadata_expire=7d
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch

4
files/common/rhel-7-aarch64-server-rpms.repo
View File

@@ -1,4 +0,0 @@
[rhel7-aarch64-server]
name = rhel7 $basearch server
baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-server-rpms
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

6
files/common/rhel-infra-tags-stg.repo
View File

@@ -1,6 +0,0 @@
[infrastructure-tags-stg]
name=Fedora Infrastructure tag $releasever - $basearch
baseurl=https://kojipkgs.fedoraproject.org/repos-dist/epel$releasever-infra-stg/latest/$basearch/
enabled=1
gpgcheck=1
gpgkey=https://infrastructure.fedoraproject.org/repo/infra/RPM-GPG-KEY-INFRA-TAGS

6
files/common/rhel-infra-tags.repo
View File

@@ -1,6 +0,0 @@
[infrastructure-tags]
name=Fedora Infrastructure tag $releasever - $basearch
baseurl=https://kojipkgs.fedoraproject.org/repos-dist/epel$releasever-infra/latest/$basearch/
enabled=1
gpgcheck=1
gpgkey=https://infrastructure.fedoraproject.org/repo/infra/RPM-GPG-KEY-INFRA-TAGS

4
files/common/rhel7-power-rhev.repo
View File

@@ -1,4 +0,0 @@
[rhel7-rhev]
name = rhel7 rhev $basearch
baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-for-rhev-power-agents-rpms
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

4
files/common/rhel7ah.repo
View File

@@ -1,4 +0,0 @@
[rhel7-atomic-host]
name = rhel7 Atomic Host $basearch
baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-server-atomic-host-rpms
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

13
files/common/step-tickers
View File

@@ -1,7 +1,10 @@
208.75.88.4
216.93.242.12
107.170.242.27
108.166.189.70
199.223.248.98
# [clock.redhat.com]
66.187.233.4
# [time.nist.gov]
192.43.244.18
# [otc1.psu.edu]
128.118.25.5
# [clock.isc.org]
204.152.184.72
# [loopback]
127.127.1.0

28
files/copr/DigiCertCA.crt Normal file
View File

@@ -0,0 +1,28 @@
-----BEGIN CERTIFICATE-----
MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL
MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy
YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2
4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC
Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1
itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn
4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X
sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft
bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA
MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy
dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t
L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG
BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ
UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D
aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd
aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH
E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly
/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu
xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF
0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae
cPUeybQ=
-----END CERTIFICATE-----

2
files/copr/boto Normal file
View File

@@ -0,0 +1,2 @@
[Boto]
https_validate_certificates = False

79
files/copr/copr-be.conf Normal file
View File

@@ -0,0 +1,79 @@
[backend]
# URL where are results visible
# default is http://copr
results_baseurl=https://copr-be.cloud.fedoraproject.org/results
# ??? What is this
# default is http://coprs/rest/api
#frontend_url=http://copr-fe.cloud.fedoraproject.org/backend
frontend_url=https://172.16.5.31/backend
# must have same value as BACKEND_PASSWORD from have frontend in /etc/copr/copr.conf
# default is PASSWORDHERE but you really should change it. really.
frontend_auth={{ copr_backend_password }}
# path to ansible playbook which spawns builder
# see /usr/share/copr*/playbooks/ for examples
# default is /etc/copr/builder_playbook.yml
spawn_playbook=/home/copr/provision/builderpb.yml
# path to ansible playbook which terminate builder
# default is /etc/copr/terminate_playbook.yml
terminate_playbook=/home/copr/provision/terminatepb.yml
terminate_vars=vm_name
# directory where jobs are stored
# no defaults
jobsdir=/var/lib/copr/jobs
# directory where results are stored
# should be accessible from web using 'results_baseurl' URL
# no default
destdir=/var/lib/copr/public_html/results
# default is 10
sleeptime=30
# default is 8
num_workers=8
# path to log file
# default is /var/log/copr/backend.log
logfile=/var/log/copr/backend.log
# default is /var/log/copr/workers/
worker_logdir=/var/log/copr/workers/
# exit on worker failure
# default is false
#exit_on_worker=false
# publish fedmsg notifications from workers if true
# default is false
#fedmsg_enabled=false
fedmsg_enabled=true
# minimum age for builds to be pruned
prune_days=14
# path to executable script to clean old build
prune_script=/usr/share/copr/copr_prune_old_builds.sh
# enable package signing, require configured
# signer host and correct /etc/sign.conf
do_sign={{ do_sign }}
# host or ip of machine with copr-keygen
# usually the same as in /etc/sign.conf
keygen_host={{ keygen_host }}
# Spawn builder in advance, before we get task?
# It save time, but consume resources even when
# nothing is in queue
spawn_in_advance={{ spawn_in_advance }}
[builder]
# default is 1800
timeout=3600

75
files/copr/copr-be.conf-dev Normal file
View File

@@ -0,0 +1,75 @@
[backend]
# URL where are results visible
# default is http://copr
results_baseurl=http://copr-be-dev.cloud.fedoraproject.org/results
# ??? What is this
# default is http://coprs/rest/api
frontend_url=http://copr-fe-dev.cloud.fedoraproject.org/backend
# must have same value as BACKEND_PASSWORD from have frontend in /etc/copr/copr.conf
# default is PASSWORDHERE but you really should change it. really.
frontend_auth=PASSWORDHERE
# path to ansible playbook which spawns builder
# see /usr/share/copr*/playbooks/ for examples
# default is /etc/copr/builder_playbook.yml
spawn_playbook=/home/copr/provision/builderpb.yml
# path to ansible playbook which terminate builder
# default is /etc/copr/terminate_playbook.yml
terminate_playbook=/home/copr/provision/terminatepb.yml
# directory where jobs are stored
# no defaults
jobsdir=/var/lib/copr/jobs
# directory where results are stored
# should be accessible from web using 'results_baseurl' URL
# no default
destdir=/var/lib/copr/public_html/results
# default is 10
sleeptime=30
# default is 8
num_workers=5
# path to log file
# default is /var/log/copr/backend.log
logfile=/var/log/copr/backend.log
# default is /var/log/copr/workers/
worker_logdir=/var/log/copr/workers/
# exit on worker failure
# default is false
#exit_on_worker=false
# publish fedmsg notifications from workers if true
# default is false
#fedmsg_enabled=false
# minimum age for builds to be pruned
prune_days=14
# path to executable script to clean old build
prune_script=/usr/share/copr/copr_prune_old_builds.sh
# enable package signing, require configured
# signer host and correct /etc/sign.conf
do_sign={{ do_sign }}
# host or ip of machine with copr-keygen
# usually the same as in /etc/sign.conf
keygen_host={{ keygen_host }}
# Spawn builder in advance, before we get task?
# It save time, but consume resources even when
# nothing is in queue
spawn_in_advance={{ spawn_in_advance }}
[builder]
# default is 1800
timeout=3600

10
files/copr/copr_bashrc Normal file
View File

@@ -0,0 +1,10 @@
# .bashrc
# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi
if [ -f /home/copr/cloud/ec2rc.sh ]; then
. /home/copr/cloud/ec2rc.sh
fi

5
files/copr/delete-forgotten-instances.cron Normal file
View File

@@ -0,0 +1,5 @@
#!/usr/bin/bash
source /home/copr/cloud/ec2rc.sh
/home/copr/delete-forgotten-instances.pl

28
files/copr/delete-forgotten-instances.pl Normal file
View File

@@ -0,0 +1,28 @@
#!/usr/bin/perl
# this scrip query for all running VM and terminate those
# which are not currently started by some ansible script
while (chomp($a = qx(ps ax |grep -v 'sh -c ps ax' |grep 'Task: ' | grep -v grep))) {
# we are starting some VM and could not determine correct list of running VMs
sleep 5;
}
#print qx(ps ax |grep ' 172.16.3.' |awk '{ print \$33 }');
@IPs = split('\s+', qx(ps ax |grep ' 172.16.3.' |awk '{ print \$33 }'));
#print "Running instances\n";
#print join(", ", @IPs), "\n";
for my $i (@IPs) {
$check{$i} = 1;
}
@instances = split('\n', qx(/bin/euca-describe-instances));
@TO_DELETE = ();
for my $i (@instances) {
my @COLUMNS = split('\s+', $i);
next if $COLUMNS[0] eq 'RESERVATION';
#print $COLUMNS[1], ", ", $COLUMNS[15], "\n";
push(@TO_DELETE, $COLUMNS[1]) unless $check{$COLUMNS[15]};
}
$id_merged = join(" ", @TO_DELETE);
qx|euca-terminate-instances $id_merged| if ($id_merged);

1
files/copr/fe/README Normal file
View File

@@ -0,0 +1 @@
in this dir is where we put all the configs for the copr frontend

36
files/copr/fe/copr.conf Normal file
View File

@@ -0,0 +1,36 @@
# Directory and files where is stored Copr database files
DATA_DIR = '/var/lib/copr/data'
DATABASE = '/var/lib/copr/data/copr.db'
OPENID_STORE = '/var/lib/copr/data/openid_store'
WHOOSHEE_DIR = '/var/lib/copr/data/whooshee'
WHOSHEE_MIN_STRING_LEN = 2
SECRET_KEY = '{{ copr_secret_key }}'
BACKEND_PASSWORD = '{{ copr_backend_password }}'
# restrict access to a set of users
#USE_ALLOWED_USERS = False
#ALLOWED_USERS = ['bonnie', 'clyde']
SQLALCHEMY_DATABASE_URI = '{{ copr_database_uri }}'
# Token length, defaults to 30 (max 255)
#API_TOKEN_LENGTH = 30
# Expiration of API token in days
#API_TOKEN_EXPIRATION = 180
# logging options
#SEND_LOGS_TO = ['root@localhost']
#LOGGING_LEVEL = logging.ERROR
DEBUG = False
SQLALCHEMY_ECHO = False
CSRF_ENABLED = True
WTF_CSRF_ENABLED = True
# send emails when user's perms change in project?
SEND_EMAILS = True
PUBLIC_COPR_HOSTNAME = '{{ copr_frontend_public_hostname }}'

65
files/copr/fe/httpd/coprs.conf Normal file
View File

@@ -0,0 +1,65 @@
NameVirtualHost *:80
LoadModule wsgi_module modules/mod_wsgi.so
WSGISocketPrefix /var/run/wsgi
<VirtualHost *:80>
ServerName copr-fe.cloud.fedoraproject.org
WSGIPassAuthorization On
WSGIDaemonProcess 127.0.0.1 user=copr-fe group=copr-fe threads=5
WSGIScriptAlias / /usr/share/copr/coprs_frontend/application
WSGIProcessGroup 127.0.0.1
#ErrorLog logs/error_coprs
#CustomLog logs/access_coprs common
<Directory /usr/share/copr>
WSGIApplicationGroup %{GLOBAL}
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLProtocol all -SSLv2
# Use secure TLSv1.1 and TLSv1.2 ciphers
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
Header add Strict-Transport-Security "max-age=15768000"
SSLCertificateFile /etc/pki/tls/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
ServerName copr-fe.cloud.fedoraproject.org:443
WSGIPassAuthorization On
#WSGIDaemonProcess 127.0.0.1 user=copr-fe group=copr-fe threads=5
WSGIScriptAlias / /usr/share/copr/coprs_frontend/application
WSGIProcessGroup 127.0.0.1
#ErrorLog logs/error_coprs
#CustomLog logs/access_coprs common
<Directory /usr/share/copr>
WSGIApplicationGroup %{GLOBAL}
Require all granted
</Directory>
</VirtualHost>
<IfModule mod_status.c>
ExtendedStatus On
<Location /server-status>
SetHandler server-status
Require all denied
Require host localhost .redhat.com
</Location>
</IfModule>
<IfModule mpm_prefork_module>
StartServers 8
MinSpareServers 8
MaxSpareServers 20
MaxClients 50
MaxRequestsPerChild 10000
</IfModule>

1
files/copr/fe/httpd/welcome.conf Normal file
View File

@@ -0,0 +1 @@
#commented out so it doesn't do that stupid index page

13
files/copr/fe/pg/pg_hba.conf Normal file
View File

@@ -0,0 +1,13 @@
local coprdb copr-fe md5
host coprdb copr-fe 127.0.0.1/8 md5
host coprdb copr-fe ::1/128 md5
local coprdb postgres ident
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 ident
# IPv6 local connections:
host all all ::1/128 ident

10
files/copr/fe/yum/copr.repo Normal file
View File

@@ -0,0 +1,10 @@
[Copr]
name=Copr
failovermethod=priority
#baseurl=http://copr-be.cloud.fedoraproject.org/results/msuchy/copr/fedora-19-x86_64/
# 172.16.5.4 is copr-be.cloud.fedoraproject.org
# see https://fedorahosted.org/fedora-infrastructure/ticket/4025
baseurl=http://172.16.5.4/results/msuchy/copr/fedora-20-x86_64/
enabled=1
gpgcheck=0

4
files/copr/forward Normal file
View File

@@ -0,0 +1,4 @@
msuchy+coprmachine@redhat.com
kevin@scrye.com
nb@fedoraproject.org
sgallagh@redhat.com

3
files/copr/forward-dev Normal file
View File

@@ -0,0 +1,3 @@
msuchy+coprmachine@redhat.com
asamalik@redhat.com
vgologuz@redhat.com

7
files/copr/hosts Normal file
View File

@@ -0,0 +1,7 @@
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.5.31 copr-fe.cloud.fedoraproject.org
172.16.5.31 copr.fedoraproject.org
172.16.5.4 copr-be.cloud.fedoraproject.org
172.16.5.5 copr-be-dev.cloud.fedoraproject.org
172.16.5.15 copr-fe-dev.cloud.fedoraproject.org

0
roles/copr/backend/templates/keystonerc → files/copr/keystonerc
View File

9
files/copr/lighttpd/dirlisting.conf Normal file
View File

@@ -0,0 +1,9 @@
dir-listing.activate = "enable"
dir-listing.hide-dotfiles = "disable"
dir-listing.exclude = ( "~$" )
dir-listing.encoding = "UTF-8"
dir-listing.hide-header-file = "disable"
dir-listing.show-header = "disable"
dir-listing.hide-readme-file = "disable"
dir-listing.show-readme = "disable"

455
files/copr/lighttpd/lighttpd.conf Normal file
View File

@@ -0,0 +1,455 @@
#######################################################################
##
## /etc/lighttpd/lighttpd.conf
##
## check /etc/lighttpd/conf.d/*.conf for the configuration of modules.
##
#######################################################################
#######################################################################
##
## Some Variable definition which will make chrooting easier.
##
## if you add a variable here. Add the corresponding variable in the
## chroot example aswell.
##
var.log_root = "/var/log/lighttpd"
var.server_root = "/var/www"
var.state_dir = "/var/run"
var.home_dir = "/var/lib/lighttpd"
var.conf_dir = "/etc/lighttpd"
##
## run the server chrooted.
##
## This requires root permissions during startup.
##
## If you run Chrooted set the the variables to directories relative to
## the chroot dir.
##
## example chroot configuration:
##
#var.log_root = "/logs"
#var.server_root = "/"
#var.state_dir = "/run"
#var.home_dir = "/lib/lighttpd"
#var.vhosts_dir = "/vhosts"
#var.conf_dir = "/etc"
#
#server.chroot = "/srv/www"
##
## Some additional variables to make the configuration easier
##
##
## Base directory for all virtual hosts
##
## used in:
## conf.d/evhost.conf
## conf.d/simple_vhost.conf
## vhosts.d/vhosts.template
##
var.vhosts_dir = server_root + "/vhosts"
##
## Cache for mod_compress
##
## used in:
## conf.d/compress.conf
##
var.cache_dir = "/var/cache/lighttpd"
##
## Base directory for sockets.
##
## used in:
## conf.d/fastcgi.conf
## conf.d/scgi.conf
##
var.socket_dir = home_dir + "/sockets"
##
#######################################################################
#######################################################################
##
## Load the modules.
include "modules.conf"
##
#######################################################################
#######################################################################
##
## Basic Configuration
## ---------------------
##
server.port = 80
##
## Use IPv6?
##
server.use-ipv6 = "disable"
##
## bind to a specific IP
##
#server.bind = "localhost"
##
## Run as a different username/groupname.
## This requires root permissions during startup.
##
server.username = "lighttpd"
server.groupname = "lighttpd"
##
## enable core files.
##
#server.core-files = "disable"
##
## Document root
##
server.document-root = "/var/lib/copr/public_html"
##
## The value for the "Server:" response field.
##
## It would be nice to keep it at "lighttpd".
##
#server.tag = "lighttpd"
##
## store a pid file
##
server.pid-file = state_dir + "/lighttpd.pid"
##
#######################################################################
#######################################################################
##
## Logging Options
## ------------------
##
## all logging options can be overwritten per vhost.
##
## Path to the error log file
##
server.errorlog = log_root + "/error.log"
##
## If you want to log to syslog you have to unset the
## server.errorlog setting and uncomment the next line.
##
#server.errorlog-use-syslog = "enable"
##
## Access log config
##
include "conf.d/access_log.conf"
##
## The debug options are moved into their own file.
## see conf.d/debug.conf for various options for request debugging.
##
include "conf.d/debug.conf"
##
#######################################################################
#######################################################################
##
## Tuning/Performance
## --------------------
##
## corresponding documentation:
## http://www.lighttpd.net/documentation/performance.html
##
## set the event-handler (read the performance section in the manual)
##
## possible options on linux are:
##
## select
## poll
## linux-sysepoll
##
## linux-sysepoll is recommended on kernel 2.6.
##
server.event-handler = "linux-sysepoll"
##
## The basic network interface for all platforms at the syscalls read()
## and write(). Every modern OS provides its own syscall to help network
## servers transfer files as fast as possible
##
## linux-sendfile - is recommended for small files.
## writev - is recommended for sending many large files
##
server.network-backend = "linux-sendfile"
##
## As lighttpd is a single-threaded server, its main resource limit is
## the number of file descriptors, which is set to 1024 by default (on
## most systems).
##
## If you are running a high-traffic site you might want to increase this
## limit by setting server.max-fds.
##
## Changing this setting requires root permissions on startup. see
## server.username/server.groupname.
##
## By default lighttpd would not change the operation system default.
## But setting it to 2048 is a better default for busy servers.
##
## With SELinux enabled, this is denied by default and needs to be allowed
## by running the following once : setsebool -P httpd_setrlimit on
#server.max-fds = 2048
##
## Stat() call caching.
##
## lighttpd can utilize FAM/Gamin to cache stat call.
##
## possible values are:
## disable, simple or fam.
##
server.stat-cache-engine = "simple"
##
## Fine tuning for the request handling
##
## max-connections == max-fds/2 (maybe /3)
## means the other file handles are used for fastcgi/files
##
server.max-connections = 1024
##
## How many seconds to keep a keep-alive connection open,
## until we consider it idle.
##
## Default: 5
##
#server.max-keep-alive-idle = 5
##
## How many keep-alive requests until closing the connection.
##
## Default: 16
##
#server.max-keep-alive-requests = 16
##
## Maximum size of a request in kilobytes.
## By default it is unlimited (0).
##
## Uploads to your server cant be larger than this value.
##
#server.max-request-size = 0
##
## Time to read from a socket before we consider it idle.
##
## Default: 60
##
#server.max-read-idle = 60
##
## Time to write to a socket before we consider it idle.
##
## Default: 360
##
#server.max-write-idle = 360
##
## Traffic Shaping
## -----------------
##
## see /usr/share/doc/lighttpd/traffic-shaping.txt
##
## Values are in kilobyte per second.
##
## Keep in mind that a limit below 32kB/s might actually limit the
## traffic to 32kB/s. This is caused by the size of the TCP send
## buffer.
##
## per server:
##
#server.kbytes-per-second = 128
##
## per connection:
##
#connection.kbytes-per-second = 32
##
#######################################################################
#######################################################################
##
## Filename/File handling
## ------------------------
##
## files to check for if .../ is requested
## index-file.names = ( "index.php", "index.rb", "index.html",
## "index.htm", "default.htm" )
##
index-file.names += (
"index.xhtml", "index.html", "index.htm", "default.htm", "index.php"
)
##
## deny access the file-extensions
##
## ~ is for backupfiles from vi, emacs, joe, ...
## .inc is often used for code includes which should in general not be part
## of the document-root
url.access-deny = ( "~", ".inc" )
##
## disable range requests for pdf files
## workaround for a bug in the Acrobat Reader plugin.
##
$HTTP["url"] =~ "\.pdf$" {
server.range-requests = "disable"
}
##
## url handling modules (rewrite, redirect)
##
#url.rewrite = ( "^/$" => "/server-status" )
#url.redirect = ( "^/wishlist/(.+)" => "http://www.example.com/$1" )
##
## both rewrite/redirect support back reference to regex conditional using %n
##
#$HTTP["host"] =~ "^www\.(.*)" {
# url.redirect = ( "^/(.*)" => "http://%1/$1" )
#}
##
## which extensions should not be handle via static-file transfer
##
## .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi
##
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".scgi" )
##
## error-handler for status 404
##
#server.error-handler-404 = "/error-handler.html"
#server.error-handler-404 = "/error-handler.php"
##
## Format: <errorfile-prefix><status-code>.html
## -> ..../status-404.html for 'File not found'
##
#server.errorfile-prefix = "/srv/www/htdocs/errors/status-"
##
## mimetype mapping
##
include "conf.d/mime.conf"
##
## directory listing configuration
##
include "conf.d/dirlisting.conf"
##
## Should lighttpd follow symlinks?
##
server.follow-symlink = "enable"
##
## force all filenames to be lowercase?
##
#server.force-lowercase-filenames = "disable"
##
## defaults to /var/tmp as we assume it is a local harddisk
##
server.upload-dirs = ( "/var/tmp" )
##
#######################################################################
#######################################################################
##
## SSL Support
## -------------
##
## To enable SSL for the whole server you have to provide a valid
## certificate and have to enable the SSL engine.::
##
## ssl.engine = "enable"
## ssl.pemfile = "/path/to/server.pem"
##
## The HTTPS protocol does not allow you to use name-based virtual
## hosting with SSL. If you want to run multiple SSL servers with
## one lighttpd instance you must use IP-based virtual hosting: ::
##
## $SERVER["socket"] == "10.0.0.1:443" {
## ssl.engine = "enable"
## ssl.pemfile = "/etc/ssl/private/www.example.com.pem"
## #
## # Mitigate BEAST attack:
## #
## # A stricter base cipher suite. For details see:
## # http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html
## #
## ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
## #
## # Make the server prefer the order of the server side cipher suite instead of the client suite.
## # This is necessary to mitigate the BEAST attack (unless you disable all non RC4 algorithms).
## # This option is enabled by default, but only used if ssl.cipher-list is set.
## #
## # ssl.honor-cipher-order = "enable"
## #
## # Mitigate CVE-2009-3555 by disabling client triggered renegotation
## # This is enabled by default.
## #
## # ssl.disable-client-renegotiation = "enable"
## #
## server.name = "www.example.com"
##
## server.document-root = "/srv/www/vhosts/example.com/www/"
## }
##
## If you have a .crt and a .key file, cat them together into a
## single PEM file:
## $ cat /etc/ssl/private/lighttpd.key /etc/ssl/certs/lighttpd.crt \
## > /etc/ssl/private/lighttpd.pem
##
#ssl.pemfile = "/etc/ssl/private/lighttpd.pem"
##
## optionally pass the CA certificate here.
##
##
#ssl.ca-file = ""
##
#######################################################################
#######################################################################
##
## custom includes like vhosts.
##
#include "conf.d/config.conf"
#include_shell "cat /etc/lighttpd/vhosts.d/*.conf"
##
#######################################################################
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/copr-be.fedoraproject.org.pem"
ssl.ca-file = "/etc/lighttpd/DigiCertCA.crt"
ssl.disable-client-renegotiation = "enable"
ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
}

77
files/copr/lighttpd/mime.conf Normal file
View File

@@ -0,0 +1,77 @@
#######################################################################
##
## MimeType handling
## -------------------
##
## http://www.lighttpd.net/documentation/configuration.html#mimetypes
##
## Use the "Content-Type" extended attribute to obtain mime type if
## possible
##
mimetype.use-xattr = "disable"
##
## mimetype mapping
##
mimetype.assign = (
".pdf" => "application/pdf",
".sig" => "application/pgp-signature",
".spl" => "application/futuresplash",
".class" => "application/octet-stream",
".ps" => "application/postscript",
".torrent" => "application/x-bittorrent",
".dvi" => "application/x-dvi",
".gz" => "application/x-gzip",
".pac" => "application/x-ns-proxy-autoconfig",
".swf" => "application/x-shockwave-flash",
".tar.gz" => "application/x-tgz",
".tgz" => "application/x-tgz",
".tar" => "application/x-tar",
".zip" => "application/zip",
".mp3" => "audio/mpeg",
".m3u" => "audio/x-mpegurl",
".wma" => "audio/x-ms-wma",
".wax" => "audio/x-ms-wax",
".ogg" => "application/ogg",
".wav" => "audio/x-wav",
".gif" => "image/gif",
".jpg" => "image/jpeg",
".jpeg" => "image/jpeg",
".png" => "image/png",
".xbm" => "image/x-xbitmap",
".xpm" => "image/x-xpixmap",
".xwd" => "image/x-xwindowdump",
".css" => "text/css",
".html" => "text/html",
".htm" => "text/html",
".js" => "text/javascript",
".asc" => "text/plain",
".c" => "text/plain",
".cpp" => "text/plain",
".log" => "text/plain",
".conf" => "text/plain",
".text" => "text/plain",
".txt" => "text/plain",
".spec" => "text/plain",
".dtd" => "text/xml",
".xml" => "text/xml",
".mpeg" => "video/mpeg",
".mpg" => "video/mpeg",
".mov" => "video/quicktime",
".qt" => "video/quicktime",
".avi" => "video/x-msvideo",
".asf" => "video/x-ms-asf",
".asx" => "video/x-ms-asf",
".wmv" => "video/x-ms-wmv",
".bz2" => "application/x-bzip",
".tbz" => "application/x-bzip-compressed-tar",
".tar.bz2" => "application/x-bzip-compressed-tar",
".rpm" => "application/x-rpm",
# make the default mime type application/octet-stream.
"" => "text/plain",
)
#
#######################################################################

93
files/copr/provision/ansible.cfg Normal file
View File

@@ -0,0 +1,93 @@
# config file for ansible -- http://ansible.github.com
# nearly all parameters can be overridden in ansible-playbook or with command line flags
# ansible will read ~/.ansible.cfg or /etc/ansible/ansible.cfg, whichever it finds first
[defaults]
# location of inventory file, eliminates need to specify -i
hostfile = /home/copr/provision/inventory
# location of ansible library, eliminates need to specify --module-path
library = /home/copr/provision/library:/usr/share/ansible
# default module name used in /usr/bin/ansible when -m is not specified
module_name = command
# home directory where temp files are stored on remote systems. Should
# almost always contain $HOME or be a directory writeable by all users
remote_tmp = $HOME/.ansible/tmp
# the default pattern for ansible-playbooks ("hosts:")
pattern = *
# the default number of forks (parallelism) to be used. Usually you
# can crank this up.
forks=25
# the timeout used by various connection types. Usually this corresponds
# to an SSH timeout
timeout=10
# when using --poll or "poll:" in an ansible playbook, and not specifying
# an explicit poll interval, use this interval
poll_interval=15
# when specifying --sudo to /usr/bin/ansible or "sudo:" in a playbook,
# and not specifying "--sudo-user" or "sudo_user" respectively, sudo
# to this user account
sudo_user=root
# connection to use when -c <connection_type> is not specified
#transport=paramiko
transport=ssh
# this is needed for paramiko, ssh already have this said in .ssh/config
host_key_checking = False
# remote SSH port to be used when --port or "port:" or an equivalent inventory
# variable is not specified.
remote_port=22
# if set, always run /usr/bin/ansible commands as this user, and assume this value
# if "user:" is not set in a playbook. If not set, use the current Unix user
# as the default
remote_user=root
# if set, always use this private key file for authentication, same as if passing
# --private-key-file to ansible or ansible-playbook
#private_key_file=/path/to/file
# additional plugin paths for non-core plugins
action_plugins = /usr/lib/python2.7/site-packages/ansible/runner/action_plugins:/home/copr/provision/action_plugins/
private_key_file=/home/copr/.ssh/id_rsa
[paramiko_connection]
record_host_keys=False
# nothing to configure yet
[ssh_connection]
# if uncommented, sets the ansible ssh arguments to the following. Leaving off ControlPersist
# will result in poor performance, so use transport=paramiko on older platforms rather than
# removing it
ssh_args=-o PasswordAuthentication=no -o ControlMaster=auto -o ControlPersist=60s

97
files/copr/provision/builderpb.yml Normal file
View File

@@ -0,0 +1,97 @@
#jinja2:variable_start_string:'[%' , variable_end_string:'%]'
---
- name: check/create instance
hosts: localhost
user: copr
gather_facts: False
vars:
- security_group: builder
- OS_AUTH_URL: http://172.23.0.2:5000/v2.0
- OS_TENANT_NAME: copr
- OS_USERNAME: msuchy
- OS_PASSWORD: [% copr_nova_password %]
# rhel 6.4 2013-02-21 x86_64 - ami
- image_id: cba0c766-84ac-4048-b0f5-6d4000af62f8
tasks:
- name: generate builder name
local_action: command echo "Copr builder {{ 999999999 | random }}"
register: vm_name
- name: spin it up
local_action: nova_compute auth_url={{OS_AUTH_URL}} flavor_id=6 image_id={{ image_id }} key_name=buildsys login_password={{OS_PASSWORD}} login_tenant_name={{OS_TENANT_NAME}} login_username={{OS_USERNAME}} security_groups={{security_group}} wait=yes name="{{vm_name.stdout}}"
register: nova
# should be able to use nova.private_ip, but it does not work with Fedora Cloud.
- debug: msg="IP={{ nova.info.addresses.vlannet_3[0].addr }}"
- debug: msg="vm_name={{vm_name.stdout}}"
- name: add it to the special group
local_action: add_host hostname={{ nova.info.addresses.vlannet_3[0].addr }} groupname=builder_temp_group
- name: wait for the host to be hot
local_action: wait_for host={{ nova.info.addresses.vlannet_3[0].addr }} port=22 delay=5 timeout=600
- hosts: builder_temp_group
user: root
gather_facts: False
vars:
- files: files/
tasks:
- name: edit hostname to be instance name
action: shell hostname `curl -s http://169.254.169.254/2009-04-04/meta-data/instance-id`
- name: install pkgs
action: yum state=present pkg={{ item }}
with_items:
- rsync
- openssh-clients
- libselinux-python
- libsemanage-python
- name: add repos
action: copy src={{ files }}/{{ item }} dest=/etc/yum.repos.d/{{ item }}
with_items:
- builder.repo
- epel6.repo
- name: install additional pkgs
action: yum state=present pkg={{ item }}
with_items:
- mock
- createrepo
- yum-utils
- pyliblzma
- name: make sure newest rpm
action: yum name={{ item }} state=latest
with_items:
- rpm
- glib2
- ca-certificates
- yum: name=mock enablerepo=epel-testing state=latest
- name: mockbuilder user
action: user name=mockbuilder groups=mock
- name: mockbuilder .ssh
action: file state=directory path=/home/mockbuilder/.ssh mode=0700 owner=mockbuilder group=mockbuilder
- name: mockbuilder authorized_keys
action: authorized_key user=mockbuilder key='{{ lookup('file', '/home/copr/provision/files/buildsys.pub') }}'
- name: put updated mock configs into /etc/mock
action: copy src={{ files }}/mock/{{ item }} dest=/etc/mock
with_items:
- site-defaults.cfg
- epel-5-x86_64.cfg
- epel-5-i386.cfg
- fedora-20-x86_64.cfg
- fedora-20-i386.cfg
- epel-7-x86_64.cfg
- lineinfile: dest=/root/.bashrc line="ulimit -n 10240" insertafter=EOF

23
files/copr/provision/files/builder.repo Normal file
View File

@@ -0,0 +1,23 @@
[builder-infrastructure]
name=Builder Packages from Fedora Infrastructure $releasever - $basearch
baseurl=http://infrastructure.fedoraproject.org/repo/builder-rpms/$releasever/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://infrastructure.fedoraproject.org/repo/RPM-GPG-KEY-INFRASTRUCTURE
[msuchy-Mock]
name=Copr repo for Mock owned by msuchy
description=Mock for RHEL6 with patch from https://bugzilla.redhat.com/show_bug.cgi?id=1028438 and https://bugzilla.redhat.com/show_bug.cgi?id=1034805
baseurl=http://172.16.5.4/results/msuchy/Mock/epel-6-$basearch/
skip_if_unavailable=True
gpgcheck=0
enabled=1
[msuchy-scl-utils]
name=Copr repo for scl-utils owned by msuchy
description=scl-utils with patch from https://bugzilla.redhat.com/show_bug.cgi?id=985233
baseurl=http://172.16.5.4/results/msuchy/scl-utils/epel-6-$basearch/
skip_if_unavailable=True
gpgcheck=0
enabled=1

1
files/copr/provision/files/buildsys.pub Normal file
View File

@@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCeTO0ddXuhDZYM9HyM0a47aeV2yIVWhTpddrQ7/RAIs99XyrsicQLABzmdMBfiZnP0FnHBF/e+2xEkT8hHJpX6bX81jjvs2bb8KP18Nh8vaXI3QospWrRygpu1tjzqZT0Llh4ZVFscum8TrMw4VWXclzdDw6x7csCBjSttqq8F3iTJtQ9XM9/5tCAAOzGBKJrsGKV1CNIrfUo5CSzY+IUVIr8XJ93IB2ZQVASK34T/49egmrWlNB32fqAbDMC+XNmobgn6gO33Yq5Ly7Dk4kqTUx2TEaqDkZfhsVu0YcwV81bmqsltRvpj6bIXrEoMeav7nbuqKcPLTxWEY/2icePF

13
files/copr/provision/files/epel6.repo Normal file
View File

@@ -0,0 +1,13 @@
[epel]
name=Extras Packages for Enterprise Linux $releasever - $basearch
baseurl=http://infrastructure.fedoraproject.org/pub/epel/6/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6
[epel-testing]
name=Extras Packages for Enterprise Linux $releasever - $basearch
baseurl=http://infrastructure.fedoraproject.org/pub/epel/testing/6/$basearch/
enabled=0
gpgcheck=1
gpgkey=http://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6

60
files/copr/provision/files/mock/epel-5-i386.cfg Normal file
View File

@@ -0,0 +1,60 @@
config_opts['root'] = 'epel-5-i386'
config_opts['target_arch'] = 'i386'
config_opts['legal_host_arches'] = ('i386', 'i586', 'i686', 'x86_64')
config_opts['chroot_setup_cmd'] = 'install buildsys-build'
config_opts['dist'] = 'el5' # only useful for --resultdir variable subst
if not config_opts.has_key('macros'): config_opts['macros'] = {}
config_opts['macros']['%__arch_install_post'] = '%{nil}'
config_opts['macros']['%rhel'] = '5'
config_opts['macros']['%dist'] = '.el5'
config_opts['macros']['%el5'] = '1'
config_opts['releasever'] = '5'
config_opts['yum.conf'] = """
[main]
cachedir=/var/cache/yum
debuglevel=1
logfile=/var/log/yum.log
reposdir=/dev/null
retries=20
obsoletes=1
gpgcheck=0
assumeyes=1
syslog_ident=mock
syslog_device=
# repos
[core]
name=base
mirrorlist=http://mirrorlist.centos.org/?release=5&arch=i386&repo=os
[update]
name=updates
mirrorlist=http://mirrorlist.centos.org/?release=5&arch=i386&repo=updates
[groups]
name=groups
baseurl=http://buildsys.fedoraproject.org/buildgroups/rhel5/i386/
[extras]
name=epel
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=i386
[testing]
name=epel-testing
enabled=0
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=testing-epel5&arch=i386
[local]
name=local
baseurl=http://kojipkgs.fedoraproject.org/repos/dist-5E-epel-build/latest/i386/
cost=2000
enabled=0
[epel-debug]
name=epel-debug
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-5&arch=i386
failovermethod=priority
enabled=0
"""

60
files/copr/provision/files/mock/epel-5-x86_64.cfg Normal file
View File

@@ -0,0 +1,60 @@
config_opts['root'] = 'epel-5-x86_64'
config_opts['target_arch'] = 'x86_64'
config_opts['legal_host_arches'] = ('x86_64',)
config_opts['chroot_setup_cmd'] = 'install buildsys-build'
config_opts['dist'] = 'el5' # only useful for --resultdir variable subst
if not config_opts.has_key('macros'): config_opts['macros'] = {}
config_opts['macros']['%__arch_install_post'] = '%{nil}'
config_opts['macros']['%rhel'] = '5'
config_opts['macros']['%dist'] = '.el5'
config_opts['macros']['%el5'] = '1'
config_opts['releasever'] = '5'
config_opts['yum.conf'] = """
[main]
cachedir=/var/cache/yum
debuglevel=1
logfile=/var/log/yum.log
reposdir=/dev/null
retries=20
obsoletes=1
gpgcheck=0
assumeyes=1
syslog_ident=mock
syslog_device=
# repos
[core]
name=base
mirrorlist=http://mirrorlist.centos.org/?release=5&arch=x86_64&repo=os
[update]
name=updates
mirrorlist=http://mirrorlist.centos.org/?release=5&arch=x86_64&repo=updates
[groups]
name=groups
baseurl=http://buildsys.fedoraproject.org/buildgroups/rhel5/x86_64/
[extras]
name=epel
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=x86_64
[testing]
name=epel-testing
enabled=0
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=testing-epel5&arch=x86_64
[local]
name=local
baseurl=http://kojipkgs.fedoraproject.org/repos/dist-5E-epel-build/latest/x86_64/
cost=2000
enabled=0
[epel-debug]
name=epel-debug
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-5&arch=x86_64
failovermethod=priority
enabled=0
"""

60
files/copr/provision/files/mock/epel-7-x86_64.cfg Normal file
View File

@@ -0,0 +1,60 @@
config_opts['root'] = 'epel-7-x86_64'
config_opts['target_arch'] = 'x86_64'
config_opts['legal_host_arches'] = ('x86_64',)
config_opts['chroot_setup_cmd'] = 'install @buildsys-build'
config_opts['dist'] = 'el7' # only useful for --resultdir variable subst
config_opts['releasever'] = '7'
config_opts['yum.conf'] = """
[main]
cachedir=/var/cache/yum
debuglevel=1
reposdir=/dev/null
logfile=/var/log/yum.log
retries=20
obsoletes=1
gpgcheck=0
assumeyes=1
syslog_ident=mock
syslog_device=
# repos
[base]
name=BaseOS
mirrorlist=http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os
failovermethod=priority
[updates]
name=updates
enabled=1
mirrorlist=http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=updates
failovermethod=priority
[epel]
name=epel
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-7&arch=x86_64
failovermethod=priority
[extras]
name=extras
mirrorlist=http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=extras
failovermethod=priority
[testing]
name=epel-testing
enabled=0
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=testing-epel7&arch=x86_64
failovermethod=priority
[local]
name=local
baseurl=http://kojipkgs.fedoraproject.org/repos/epel7-build/latest/x86_64/
cost=2000
enabled=0
[epel-debug]
name=epel-debug
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-7&arch=x86_64
failovermethod=priority
enabled=0
"""

62
files/copr/provision/files/mock/fedora-20-i386.cfg Normal file
View File

@@ -0,0 +1,62 @@
config_opts['root'] = 'fedora-20-i386'
config_opts['target_arch'] = 'i686'
config_opts['legal_host_arches'] = ('i386', 'i586', 'i686', 'x86_64')
config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build'
config_opts['dist'] = 'fc20' # only useful for --resultdir variable subst
config_opts['releasever'] = '20'
config_opts['yum.conf'] = """
[main]
cachedir=/var/cache/yum
debuglevel=1
reposdir=/dev/null
logfile=/var/log/yum.log
retries=20
obsoletes=1
gpgcheck=0
assumeyes=1
syslog_ident=mock
syslog_device=
# repos
[fedora]
name=fedora
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-20&arch=i386
failovermethod=priority
[updates]
name=updates
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f20&arch=i386
failovermethod=priority
[updates-testing]
name=updates-testing
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-testing-f20&arch=i386
failovermethod=priority
enabled=0
[local]
name=local
baseurl=http://kojipkgs.fedoraproject.org/repos/f20-build/latest/i386/
cost=2000
enabled=0
[fedora-debuginfo]
name=fedora-debuginfo
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-debug-20&arch=i386
failovermethod=priority
enabled=0
[updates-debuginfo]
name=updates-debuginfo
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-debug-f20&arch=i386
failovermethod=priority
enabled=0
[updates-testing-debuginfo]
name=updates-testing-debuginfo
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-testing-debug-f20&arch=i386
failovermethod=priority
enabled=0
"""

62
files/copr/provision/files/mock/fedora-20-x86_64.cfg Normal file
View File

@@ -0,0 +1,62 @@
config_opts['root'] = 'fedora-20-x86_64'
config_opts['target_arch'] = 'x86_64'
config_opts['legal_host_arches'] = ('x86_64',)
config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build'
config_opts['dist'] = 'fc20' # only useful for --resultdir variable subst
config_opts['releasever'] = '20'
config_opts['yum.conf'] = """
[main]
cachedir=/var/cache/yum
debuglevel=1
reposdir=/dev/null
logfile=/var/log/yum.log
retries=20
obsoletes=1
gpgcheck=0
assumeyes=1
syslog_ident=mock
syslog_device=
# repos
[fedora]
name=fedora
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-20&arch=x86_64
failovermethod=priority
[updates]
name=updates
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f20&arch=x86_64
failovermethod=priority
[updates-testing]
name=updates-testing
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-testing-f20&arch=x86_64
failovermethod=priority
enabled=0
[local]
name=local
baseurl=http://kojipkgs.fedoraproject.org/repos/f20-build/latest/x86_64/
cost=2000
enabled=0
[fedora-debuginfo]
name=fedora-debuginfo
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-debug-20&arch=x86_64
failovermethod=priority
enabled=0
[updates-debuginfo]
name=updates-debuginfo
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-debug-f20&arch=x86_64
failovermethod=priority
enabled=0
[updates-testing-debuginfo]
name=updates-testing-debuginfo
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-testing-debug-f20&arch=x86_64
failovermethod=priority
enabled=0
"""

63
files/copr/provision/files/mock/fedora-21-i386.cfg Normal file
View File

@@ -0,0 +1,63 @@
config_opts['root'] = 'fedora-21-i386'
config_opts['target_arch'] = 'i686'
config_opts['legal_host_arches'] = ('i386', 'i586', 'i686', 'x86_64')
config_opts['chroot_setup_cmd'] = 'install @buildsys-build'
config_opts['dist'] = 'fc21' # only useful for --resultdir variable subst
config_opts['extra_chroot_dirs'] = [ '/run/lock', ]
config_opts['releasever'] = '21'
config_opts['yum.conf'] = """
[main]
cachedir=/var/cache/yum
debuglevel=1
reposdir=/dev/null
logfile=/var/log/yum.log
retries=20
obsoletes=1
gpgcheck=0
assumeyes=1
syslog_ident=mock
syslog_device=
# repos
[fedora]
name=fedora
metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch
failovermethod=priority
[updates]
name=updates
metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch
failovermethod=priority
[updates-testing]
name=updates-testing
metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch
failovermethod=priority
enabled=0
[local]
name=local
baseurl=http://kojipkgs.fedoraproject.org/repos/f21-build/latest/i386/
cost=2000
enabled=0
[fedora-debuginfo]
name=fedora-debuginfo
metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch
failovermethod=priority
enabled=0
[updates-debuginfo]
name=updates-debuginfo
metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch
failovermethod=priority
enabled=0
[updates-testing-debuginfo]
name=updates-testing-debuginfo
metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch
failovermethod=priority
enabled=0
"""

63
files/copr/provision/files/mock/fedora-21-x86_64.cfg Normal file
View File

@@ -0,0 +1,63 @@
config_opts['root'] = 'fedora-21-x86_64'
config_opts['target_arch'] = 'x86_64'
config_opts['legal_host_arches'] = ('x86_64',)
config_opts['chroot_setup_cmd'] = 'install @buildsys-build'
config_opts['dist'] = 'fc21' # only useful for --resultdir variable subst
config_opts['extra_chroot_dirs'] = [ '/run/lock', ]
config_opts['releasever'] = '21'
config_opts['yum.conf'] = """
[main]
cachedir=/var/cache/yum
debuglevel=1
reposdir=/dev/null
logfile=/var/log/yum.log
retries=20
obsoletes=1
gpgcheck=0
assumeyes=1
syslog_ident=mock
syslog_device=
# repos
[fedora]
name=fedora
metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch
failovermethod=priority
[updates]
name=updates
metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch
failovermethod=priority
[updates-testing]
name=updates-testing
metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch
failovermethod=priority
enabled=0
[local]
name=local
baseurl=http://kojipkgs.fedoraproject.org/repos/f21-build/latest/x86_64/
cost=2000
enabled=0
[fedora-debuginfo]
name=fedora-debuginfo
metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch
failovermethod=priority
enabled=0
[updates-debuginfo]
name=updates-debuginfo
metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch
failovermethod=priority
enabled=0
[updates-testing-debuginfo]
name=updates-testing-debuginfo
metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch
failovermethod=priority
enabled=0
"""

152
files/copr/provision/files/mock/site-defaults.cfg Normal file
View File

@@ -0,0 +1,152 @@
# mock defaults
# vim:tw=0:ts=4:sw=4:et:
#
# This config file is for site-specific default values that apply across all
# configurations. Options specified in this config file can be overridden in
# the individual mock config files.
#
# The site-defaults.cfg delivered by default has NO options set. Only set
# options here if you want to override the defaults.
#
# Entries in this file follow the same format as other mock config files.
# config_opts['foo'] = bar
#############################################################################
#
# Things that we recommend you set in site-defaults.cfg:
#
# config_opts['basedir'] = '/var/lib/mock/'
# config_opts['cache_topdir'] = '/var/cache/mock'
# Note: the path pointed to by basedir and cache_topdir must be owned
# by group 'mock' and must have mode: g+rws
# config_opts['rpmbuild_timeout'] = 0
# config_opts['use_host_resolv'] = True
# You can configure log format to pull from logging.ini formats of these names:
# config_opts['build_log_fmt_name'] = "unadorned"
# config_opts['root_log_fmt_name'] = "detailed"
# config_opts['state_log_fmt_name'] = "state"
#
# mock will normally set up a minimal chroot /dev.
# If you want to use a pre-configured /dev, disable this and use the bind-mount
# plugin to mount your special /dev
# config_opts['internal_dev_setup'] = True
#
# internal_setarch defaults to 'True' if the python 'ctypes' package is
# available. It is in the python std lib on >= python 2.5. On older versions,
# it is available as an addon. On systems w/o ctypes, it will default to 'False'
# config_opts['internal_setarch'] = False
#
# the cleanup_on_* options allow you to automatically clean and remove the
# mock build directory, but only take effect if --resultdir is used.
# config_opts provides fine-grained control. cmdline only has big hammer
#
# config_opts['cleanup_on_success'] = 1
# config_opts['cleanup_on_failure'] = 1
# if you want mock to automatically run createrepo on the rpms in your
# resultdir.
# config_opts['createrepo_on_rpms'] = False
# config_opts['createrepo_command'] = '/usr/bin/createrepo -d -q -x *.src.rpm'
#############################################################################
#
# plugin related. Below are the defaults. Change to suit your site
# policy. site-defaults.cfg is a good place to do this.
#
# NOTE: Some of the caching options can theoretically affect build
# reproducability. Change with care.
#
config_opts['plugin_conf']['package_state_enable'] = False
# config_opts['plugin_conf']['ccache_enable'] = True
# config_opts['plugin_conf']['ccache_opts']['max_cache_size'] = '4G'
# config_opts['plugin_conf']['ccache_opts']['compress'] = None
# config_opts['plugin_conf']['ccache_opts']['dir'] = "%(cache_topdir)s/%(root)s/ccache/"
# config_opts['plugin_conf']['yum_cache_enable'] = True
# config_opts['plugin_conf']['yum_cache_opts']['max_age_days'] = 30
# config_opts['plugin_conf']['yum_cache_opts']['dir'] = "%(cache_topdir)s/%(root)s/yum_cache/"
# config_opts['plugin_conf']['root_cache_enable'] = True
# config_opts['plugin_conf']['root_cache_opts']['max_age_days'] = 15
# config_opts['plugin_conf']['root_cache_opts']['dir'] = "%(cache_topdir)s/%(root)s/root_cache/"
# config_opts['plugin_conf']['root_cache_opts']['compress_program'] = "pigz"
# config_opts['plugin_conf']['root_cache_opts']['extension'] = ".gz"
# config_opts['plugin_conf']['root_cache_opts']['exclude_dirs'] = ["./proc", "./sys", "./dev",
# "./tmp/ccache", "./var/cache/yum" ]
#
# bind mount plugin is enabled by default but has no configured directories to
# mount
# config_opts['plugin_conf']['bind_mount_enable'] = True
# config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/host/path', '/bind/mount/path/in/chroot/' ))
#
# config_opts['plugin_conf']['tmpfs_enable'] = False
# config_opts['plugin_conf']['tmpfs_opts']['required_ram_mb'] = 1024
# config_opts['plugin_conf']['tmpfs_opts']['max_fs_size'] = '512m'
#############################################################################
#
# environment for chroot
#
# config_opts['environment']['TERM'] = 'vt100'
# config_opts['environment']['SHELL'] = '/bin/bash'
# config_opts['environment']['HOME'] = '/builddir'
# config_opts['environment']['HOSTNAME'] = 'mock'
# config_opts['environment']['PATH'] = '/usr/bin:/bin:/usr/sbin:/sbin'
# config_opts['environment']['PROMPT_COMMAND'] = 'echo -n "<mock-chroot>"'
# config_opts['environment']['LANG'] = os.environ.setdefault('LANG', 'en_US.UTF-8')
# config_opts['environment']['TZ'] = os.environ.setdefault('TZ', 'EST5EDT')
#############################################################################
#
# Things that you can change, but we dont recommend it:
# config_opts['chroothome'] = '/builddir'
# config_opts['clean'] = True
#############################################################################
#
# Things that must be adjusted if SCM integration is used:
#
# config_opts['scm'] = True
# config_opts['scm_opts']['method'] = 'git'
# config_opts['scm_opts']['cvs_get'] = 'cvs -d /srv/cvs co SCM_BRN SCM_PKG'
# config_opts['scm_opts']['git_get'] = 'git clone SCM_BRN git://localhost/SCM_PKG.git SCM_PKG'
# config_opts['scm_opts']['svn_get'] = 'svn co file:///srv/svn/SCM_PKG/SCM_BRN SCM_PKG'
# config_opts['scm_opts']['spec'] = 'SCM_PKG.spec'
# config_opts['scm_opts']['ext_src_dir'] = '/dev/null'
# config_opts['scm_opts']['write_tar'] = True
# config_opts['scm_opts']['git_timestamps'] = True
# These options are also recognized but usually defined in cmd line
# with --scm-option package=<pkg> --scm-option branch=<branch>
# config_opts['scm_opts']['package'] = 'mypkg'
# config_opts['scm_opts']['branch'] = 'master'
#############################################################################
#
# Things that are best suited for individual chroot config files:
#
# MUST SET (in individual chroot cfg file):
# config_opts['root'] = 'name-of-yum-build-dir'
# config_opts['target_arch'] = 'i386'
# config_opts['yum.conf'] = ''
# config_opts['yum_common_opts'] = []
#
# CAN SET, defaults usually work ok:
# config_opts['chroot_setup_cmd'] = 'install buildsys-build'
# config_opts['log_config_file'] = 'logging.ini'
# config_opts['more_buildreqs']['srpm_name-version-release'] = 'dependencies'
# config_opts['macros']['%Add_your_macro_name_here'] = "add macro value here"
# config_opts['files']['path/name/no/leading/slash'] = "put file contents here."
# config_opts['chrootuid'] = os.getuid()
# If you change chrootgid, you must also change "mock" to the correct group
# name in this line of the mock PAM config:
# auth sufficient pam_succeed_if.so user ingroup mock use_uid quiet
# config_opts['chrootgid'] = grp.getgrnam("mock")[2]
# config_opts['useradd'] = '/usr/sbin/useradd -m -u %(uid)s -g %(gid)s -d %(home)s -n %(user)s' # Fedora/RedHat
#
# Security related
# config_opts['no_root_shells'] = False
#
# Proxy settings (https_proxy, ftp_proxy, and no_proxy can also be set)
# config_opts['http_proxy'] = 'http://localhost:3128'

0
roles/copr/backend/files/provision/inventory → files/copr/provision/inventory
View File

18
files/copr/provision/terminatepb.yml Normal file
View File

@@ -0,0 +1,18 @@
#jinja2:variable_start_string:'[%' , variable_end_string:'%]'
---
- name: terminate instance
hosts: all
user: root
gather_facts: False
vars:
- OS_AUTH_URL: http://172.23.0.2:5000/v2.0
- OS_TENANT_NAME: copr
- OS_USERNAME: msuchy
- OS_PASSWORD: [% copr_nova_password %]
tasks:
- name: terminate it
local_action: nova_compute auth_url={{OS_AUTH_URL}} login_password={{OS_PASSWORD}} login_tenant_name={{OS_TENANT_NAME}} login_username={{OS_USERNAME}} name="{{copr_task.vm_name}}" state=absent

4
files/copr/ssh_config Normal file
View File

@@ -0,0 +1,4 @@
Host *
IdentityFile ~/.ssh/id_rsa
StrictHostKeyChecking no
UserKnownHostsFile /dev/null

3
files/download/download-sync.cron
View File

@@ -1,4 +1,3 @@
# run twice daily rsync of download. but lock it
MAILTO=smooge@gmail.com,root@fedoraproject.org
MAILTO=smooge@gmail.com
00 11,23 * * * root /usr/local/bin/lock-wrapper sync-up-downloads "/usr/local/bin/sync-up-downloads"

2
files/download/download-sync.cron.ib01
View File

@@ -1,2 +0,0 @@
# Run quick mirror fedora every 10minutes
*/10 * * * * root flock -n -E0 /tmp/download-sync -c '/root/quick-fedora-mirror/quick-fedora-mirror -c /root/quick-fedora-mirror/quick-fedora-mirror.conf'

162
files/download/last-sync
View File

@@ -1,162 +0,0 @@
#!/usr/bin/python
# Copyright (C) 2014 by Adrian Reber
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish,
# distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so, subject to
# the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
import requests
import time
import sys
import getopt
fedora = 'org.fedoraproject.prod.bodhi.updates.fedora.sync'
epel = 'org.fedoraproject.prod.bodhi.updates.epel.sync'
branched = 'org.fedoraproject.prod.compose.branched.rsync.complete'
rawhide = 'org.fedoraproject.prod.compose.rawhide.rsync.complete'
base_url = 'https://apps.fedoraproject.org/datagrepper/raw'
topics = []
# default time interval to query for syncs: 1 day
delta = 86400
# return 0 and no output if a sync happened during <delta>
# if no sync happened 1 is returned
quiet = False
secondary = False
rawtime = False
def usage():
print
print "last-sync queries the Fedora Message Bus if new data is available on the public servers"
print
print "Usage: last-sync [options]"
print
print "Options:"
print " -a, --all query all possible releases (default)"
print " (fedora, epel, branched, rawhide)"
print " -f, --fedora only query if fedora has been updated during <delta>"
print " -e, --epel only query if epel has been updated"
print " -b, --branched only query if the branched off release"
print " has been updated"
print " -r, --rawhide only query if rawhide has been updated"
print " -q, --quiet do not print out any informations"
print " -t, --time print date in seconds since 1970-01-01"
print " -d DELTA, --delta=DELTA specify the time interval which should be used"
print " for the query (default: 86400)"
# -a -f -e -b -r -s -q -d
def parse_args():
global topics
global delta
global quiet
global secondary
global rawtime
try:
opts, args = getopt.getopt(sys.argv[1:], "afhebrsqtd:", ["all", "fedora", "epel", "rawhide", "branched", "secondary", "quiet", "time", "delta="])
except getopt.GetoptError as err:
print str(err)
usage()
sys.exit(2)
for option, argument in opts:
if option in ("-a", "--all"):
topics = [ fedora, epel, branched, rawhide ]
secondary = True
if option in ("-f", "--fedora"):
topics.append(fedora)
if option in ("-e", "--epel"):
topics.append(epel)
if option in ("-r", "--rawhide"):
topics.append(rawhide)
if option in ("-b", "--branched"):
topics.append(branched)
if option in ("-s", "--secondary"):
topics.append(rawhide)
secondary = True
if option in ("-q", "--quiet"):
quiet = True
if option in ("-t", "--time"):
rawtime = True
if option in ("-d", "--delta"):
delta = argument
if option in ("-h"):
usage();
sys.exit(0)
def getKey(item):
return item[1]
def create_url(url, topics, delta):
topic = ""
for i in topics:
topic += "&topic=%s" % i
return '%s?delta=%s%s' % (url, delta, topic)
parse_args()
if topics == []:
topics = [ fedora, epel, branched, rawhide ]
secondary = True
i = 0
data = None
while i < 5:
try:
data = requests.get(create_url(base_url, topics, delta), timeout=1).json()
break
except:
pass
if not data:
sys.exit(1)
repos = []
for i in range(0, data['count']):
try:
repo = "%s-%s" % (data['raw_messages'][i]['msg']['repo'], data['raw_messages'][i]['msg']['release'])
except:
# the rawhide and branch sync message has no repo information
arch = data['raw_messages'][i]['msg']['arch']
if arch == '':
arch = 'primary'
elif not secondary:
continue
repo = "%s-%s" % (data['raw_messages'][i]['msg']['branch'], arch)
repos.append([repo, data['raw_messages'][i]['timestamp']])
if quiet == False:
for repo, timestamp in sorted(repos, key=getKey):
if rawtime == True:
# this is useful if you want to compare the timestamp in seconds versus string
print "%s: %s" % (repo, timestamp)
else:
print "%s: %s" % (repo, time.strftime("%a, %d %b %Y %H:%M:%S +0000", time.gmtime(timestamp)))
if data['count'] > 0:
sys.exit(0)
else:
sys.exit(1)

2
files/download/sync-up-downloads.sh
View File

@@ -8,7 +8,7 @@
RSYNC='/usr/bin/rsync'
RS_OPT="-avSHP --numeric-ids"
RS_DEADLY="--delete --delete-excluded --delete-delay --delay-updates"
ALT_EXCLUDES="--exclude deltaisos/archive --exclude 22_Alpha* --exclude 22_Beta*"
ALT_EXCLUDES="--exclude deltaisos/archive --exclude 21_Alpha* --exclude 21-Alpha* --exclude 21_Beta* --exclude=F21a-TC1"
EPL_EXCLUDES=""
FED_EXCLUDES=""

66
files/download/sync-up-downloads.sh.ib01
View File

@@ -1,66 +0,0 @@
#!/bin/bash
##
## This script is used to sync data from main download servers to
## secondary server at ibiblio.
##
RSYNC='/usr/bin/rsync'
RS_OPT="-avSHP --numeric-ids "
RS_DEADLY="--delete --delete-excluded --delete-delay --delay-updates"
ALT_EXCLUDES=""
EPL_EXCLUDES=""
FED_EXCLUDES=""
DATE_EPEL='/root/last-epel-sync'
DATE_FED='/root/last-fed-sync'
DATE_ARCHIVE='/root/last-archive-sync'
DATE_ALT='/root/last-alt-sync'
DATE_SECOND='/root/last-second-sync'
for i in ${DATE_EPEL} ${DATE_FED} ${DATE_ARCHIVE} ${DATE_ALT} ${DATE_SECOND}; do
touch ${i}
done
LAST_SYNC='/usr/local/bin/last-sync'
SERVER=dl.fedoraproject.org
function sync_stuff() {
if [[ $# -ne 5 ]]; then
echo "Illegal number of arguments to sync_stuff: " $#
exit 1
fi
DATE_FILE=$1
LOGGER_NAME=$2
RSYNC_FROM=$3
RSYNC_TO=$4
FLAG="$5"
CURDATE=$( date +%s )
if [[ -s ${DATE_FILE} ]]; then
LASTRUN=$( cat ${DATE_FILE} | awk '{print int($NF)}' )
else
LASTRUN=$( date +%s --date="Jan 1 00:00:00 UTC 2007" )
fi
DELTA=`echo ${CURDATE}-${LASTRUN} | bc`
${LAST_SYNC} -d ${DELTA} -q ${FLAG}
if [ "$?" -eq "0" ]; then
${RSYNC} ${RS_OPT} ${RS_DEADLY} ${ALT_EXCLUDES} ${SERVER}::${RSYNC_FROM} ${RSYNC_TO} | tail -n2 | logger -p local0.notice -t ${LOGGER_NAME}
echo ${CURDATE} > ${DATE_FILE}
else
logger -p local0.notice -t ${LOGGER_NAME} "No change found. Not syncing"
fi
}
sync_stuff ${DATE_EPEL} rsync_epel fedora-epel0 /srv/pub/epel/ "-e"
sync_stuff ${DATE_FED} rsync_fedora fedora-enchilada0 /srv/pub/fedora/ "-f"
sync_stuff ${DATE_ARCHIVE} rsync_archive fedora-archive0 /srv/pub/archive/ "-f"
sync_stuff ${DATE_ALT} rsync_alt fedora-alt0 /srv/pub/alt/ "-f"
sync_stuff ${DATE_SECOND} rsync_second fedora-secondary0 /srv/pub/fedora-secondary/ "-f"
# Let MM know I'm all up to date
#/usr/bin/report_mirror

28
files/download/sync-up-other.sh.ib01
View File

@@ -1,28 +0,0 @@
#!/bin/bash
##
## This script is used to sync data from main download servers to
## secondary server at ibiblio.
##
RSYNC='/usr/bin/rsync'
RS_OPT="-avSHP --numeric-ids"
RS_DEADLY="--delete --delete-excluded --delete-delay --delay-updates"
ALT_EXCLUDES=""
EPL_EXCLUDES=""
FED_EXCLUDES=""
LAST_SYNC='/usr/local/bin/last-sync'
SERVER=dl.fedoraproject.org
# Alt
${RSYNC} ${RS_OPT} ${RS_DEADLY} ${ALT_EXCLUDES} ${SERVER}::fedora-alt0/ /srv/pub/alt/ | tail -n2 | logger -p local0.notice -t rsync_alt
# Secondary
${RSYNC} ${RS_OPT} ${RS_DEADLY} ${ALT_EXCLUDES} ${SERVER}::fedora-secondary/ /srv/pub/fedora-secondary/ | tail -n2 | logger -p local0.notice -t rsync_2nd
# Archives
${RSYNC} ${RS_OPT} ${RS_DEADLY} ${ALT_EXCLUDES} ${SERVER}::fedora-archive/ /srv/pub/archive/ | tail -n2 | logger -p local0.notice -t rsync_archive
# Let MM know I'm all up to date
#/usr/bin/report_mirror

23
files/fedora-cloud/fed-cloud09.pem
View File

@@ -1,23 +0,0 @@
-----BEGIN CERTIFICATE-----
MIID2DCCAsACCQCxRWmzwjSj6TANBgkqhkiG9w0BAQUFADCBrTELMAkGA1UEBhMC
VVMxCzAJBgNVBAgMAk5NMRAwDgYDVQQHDAdSYWxlaWdoMRAwDgYDVQQKDAdSZWQg
SGF0MRcwFQYDVQQLDA5GZWRvcmEgUHJvamVjdDEsMCoGA1UEAwwjZmVkLWNsb3Vk
MDkuY2xvdWQuZmVkb3JhcHJvamVjdC5vcmcxJjAkBgkqhkiG9w0BCQEWF2FkbWlu
QGZlZG9yYXByb2plY3Qub3JnMB4XDTE0MDkxODEwMjMxMloXDTE1MDkxODEwMjMx
Mlowga0xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOTTEQMA4GA1UEBwwHUmFsZWln
aDEQMA4GA1UECgwHUmVkIEhhdDEXMBUGA1UECwwORmVkb3JhIFByb2plY3QxLDAq
BgNVBAMMI2ZlZC1jbG91ZDA5LmNsb3VkLmZlZG9yYXByb2plY3Qub3JnMSYwJAYJ
KoZIhvcNAQkBFhdhZG1pbkBmZWRvcmFwcm9qZWN0Lm9yZzCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALFOYDRhow6sEyCvm4jNlIAxs9vYDF07q3sEHzVj
zXy0NNlUgZPRCijWFyHRDwy383f7ZtRlqVCGXxm4l8ltQUU+jmXcnIY1xY2A1TPv
nWv+f1dGSv+SfWGAjqgwyajr6wyPAOnpwui2v03/xalAx6Xl7padfdlAEsNjAvNb
5uZkW7DLlDu3jSIroDSKsJUQW9kc1elT90W0mNgw3MpFA5zdj0QRxi2JpBth6PeT
CewN4r7QZ5cP4EzfHMLKT21kJzm+j5jlaQEak4yKWDEeLh4+RxgTnmss4zYKTUit
7H+j9KaxqVsneB8Sg7EtVnXafYLrSlr9fwOV5DWklLzvjBMCAwEAATANBgkqhkiG
9w0BAQUFAAOCAQEAHToeNGFaGlybHICw1ncLCmdu6vikPPn/UShfS25U54Q9eIMn
zqlhbbEyzuF4wKjV35W0BORWKJ+hQ2vpfk21jUMVOsdl7IMEXtIWotfO17ufWM28
zhwcPAlrs/Pr5dF7ihbOGKAHhEYVopSH8OTFayAQKWWKGv52lZsgwfrnDDu0TjIo
zmhCEmOWZf+CeEWT/AP7BJ6g4Apz9grUmaRvaQGft5y5sGC8tsV0im/C9WaMfVhF
wemG2KcOuKJDXtvd7DHNBoHcDrB1cN1i0uKhj0nxXsXpeag9Xh4BmkgHMU8rnegK
q7hOy15qVU/lOBZUtfx69aYHPpOGJ7Jc1xFIiQ==
-----END CERTIFICATE-----

3
files/fedora-cloud/fed09-ssh-key.pub
View File

@@ -1,2 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCv8WqXOuL78Rd7ZvDqoi84M7uRV3uueXTXtvlPdyNQBzIBmxh+spw9IhtoR+FlzgQQ1MN4B7YVLTGki6QDxWDM5jgTVfzxTh/HTg7kJ31HbM1/jDuBK7HMfay2BGx/HCqS2oxIBgIBwIMQAU93jBZUxNyYWvO+5TiU35IHEkYOtHyGYtTtuGCopYRQoAAOIVIIzzDbPvopojCBF5cMYglR/G02YgWM7hMpQ9IqEttLctLmpg6ckcp/sDTHV/8CbXbrSN6pOYxn1YutOgC9MHNmxC1joMH18qkwvSnzXaeVNh4PBWnm1f3KVTSZXKuewPThc3fk2sozgM9BH6KmZoKl
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCfk627wDgkJisjGl4RbrUS457WoPdSate1vzgZXApQeAkTG9LLEstAEyThphnJZzDWRYceId+DqZvyrwZttB6Tfptwqs9qwW60HelSVtvq6RDoiQO5yB1ffbeelM6ci5spvzA0b8llUmYpDlCmrbv/or5IXtO9ScAxK7S6Pp2XQYyHJepEclCqfUkmgOXqnoFPFhKhIdaNe7wXCDKnjHSL0HLQmpTREbJ98HNexI76DMdiuG+II7m42XbfToHZtDrsUfd5HGyWLqUWqFfLFoFSSrARE7Aqa2cS1zrLdKHTFnDitBezNeb2J4Go3/23bHe58LV8RfPdIQG9Z8hqYiD9 root@fed-cloud09.cloud.fedoraproject.org

1
files/fedora-cloud/fed_cloud09_nova_public_key
View File

@@ -1 +0,0 @@
{{fed_cloud09_nova_public_key}}

1
files/fedora-cloud/fedora-admin-20130801.pub
View File

@@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1sBKROSJ3rzI0IlBkM926Dvpiw3a4wYSys0ZeKRohWZg369ilZkUkRhsy0g4JU85lt6rxf5JLwURF+fWBEohauF1Uvklc25LdZpRS3IBQPaXvWeM8lygQQomFc0Df6iUbCYFWnEWMjKd7FGYX3DgOZLnG8tV2vX7jFjqitsh5LRAbmghUBRarw/ix4CFx7+VIeKCBkAybviQIW828N1IqJC6/e7v6/QStpblYpCFPqMflXhQ/KS2D043Yy/uUjmOjMWwOMFS6Qk+py1C0mDU0TUptFYwDP5o9IK/c5HaccmOl2IyUPB1/RCtTfOn6wXPRTMUU+5w+TcPH6MPvvuiSQ== root@lockbox01.phx2.fedoraproject.org

135
files/fedora-cloud/haproxy.cfg
View File

@@ -1,135 +0,0 @@
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
tune.ssl.default-dh-param 1024
ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#frontend keystone_public *:5000
# default_backend keystone_public
#frontend keystone_admin *:35357
# default_backend keystone_admin
frontend neutron
bind 0.0.0.0:9696 ssl no-sslv3 no-tlsv10 crt /etc/haproxy/fedorainfracloud.org.combined
default_backend neutron
# HSTS (15768000 seconds = 6 months)
rspadd Strict-Transport-Security:\ max-age=15768000
frontend cinder
bind 0.0.0.0:8776 ssl no-sslv3 no-tlsv10 crt /etc/haproxy/fedorainfracloud.org.combined
default_backend cinder
# HSTS (15768000 seconds = 6 months)
rspadd Strict-Transport-Security:\ max-age=15768000
frontend swift
bind 0.0.0.0:8080 ssl no-sslv3 no-tlsv10 crt /etc/haproxy/fedorainfracloud.org.combined
default_backend swift
# HSTS (15768000 seconds = 6 months)
rspadd Strict-Transport-Security:\ max-age=15768000
frontend nova
bind 0.0.0.0:8774 ssl no-sslv3 no-tlsv10 crt /etc/haproxy/fedorainfracloud.org.combined
default_backend nova
# HSTS (15768000 seconds = 6 months)
rspadd Strict-Transport-Security:\ max-age=15768000
frontend ceilometer
bind 0.0.0.0:8777 ssl no-sslv3 no-tlsv10 crt /etc/haproxy/fedorainfracloud.org.combined
default_backend ceilometer
# HSTS (15768000 seconds = 6 months)
rspadd Strict-Transport-Security:\ max-age=15768000
frontend ec2
bind 0.0.0.0:8773 ssl no-sslv3 no-tlsv10 crt /etc/haproxy/fedorainfracloud.org.combined
default_backend ec2
# HSTS (15768000 seconds = 6 months)
rspadd Strict-Transport-Security:\ max-age=15768000
frontend glance
bind 0.0.0.0:9292 ssl no-sslv3 no-tlsv10 crt /etc/haproxy/fedorainfracloud.org.combined
default_backend glance
# HSTS (15768000 seconds = 6 months)
rspadd Strict-Transport-Security:\ max-age=15768000
backend neutron
server neutron 127.0.0.1:8696 check
backend cinder
server cinder 127.0.0.1:6776 check
backend swift
server swift 127.0.0.1:7080 check
backend nova
server nova 127.0.0.1:6774 check
backend ceilometer
server ceilometer 127.0.0.1:6777 check
backend ec2
server ec2 127.0.0.1:6773 check
backend glance
server glance 127.0.0.1:7292 check
backend keystone_public
server keystone_public 127.0.0.1:5000 check
backend keystone_admin
server keystone_admin 127.0.0.1:35357 check

15
files/fedora-cloud/hosts
View File

@@ -1,7 +1,7 @@
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
# http://docs.openstack.org/icehouse/install-guide/install/yum/content/basics-neutron-networking-controller-node.html
# http://docs.openstack.org/trunk/install-guide/install/yum/content/basics-neutron-networking-controller-node.html
# controller
{{ controller_public_ip }} controller
@@ -9,16 +9,5 @@
{{ network_public_ip }} network
# compute1
{{ compute1_private_ip }} fed-cloud10.cloud.fedoraproject.org
{{ compute2_private_ip }} fed-cloud11.cloud.fedoraproject.org
{{ compute3_private_ip }} fed-cloud12.cloud.fedoraproject.org
{{ compute4_private_ip }} fed-cloud13.cloud.fedoraproject.org
{{ compute5_private_ip }} fed-cloud14.cloud.fedoraproject.org
{{ compute6_private_ip }} fed-cloud15.cloud.fedoraproject.org
#
# This is needed for 2fa to work correctly.
#
209.132.181.6 infrastructure infrastructure.fedoraproject.org
209.132.181.32 fas-all.phx2.fedoraproject.org
# compute1_public_ip compute1
{{ controller_private_ip }} fed-cloud09.cloud.fedoraproject.org fedorainfracloud.org

8
files/fedora-cloud/ifcfg-eth0
View File

@@ -1,8 +0,0 @@
DEVICE="eth0"
NAME="eth0"
ONBOOT=yes
BOOTPROTO=none
HWADDR="f0:1f:af:e3:5f:0c"
DEVICETYPE=ovs
TYPE=OVSPort
OVS_BRIDGE=br-ex

1
files/fedora-cloud/nova-ssh-config
View File

@@ -1 +0,0 @@
StrictHostKeyChecking no

2
files/fedora-cloud/openstack-nova-novncproxy
View File

@@ -1,2 +0,0 @@
# You may specify other parameters to the nova-novncproxy here
OPTIONS="--novncproxy_host 209.132.184.9 --ssl_only"

36
files/fedora-cloud/packstack-controller-answers.txt
View File

@@ -86,7 +86,7 @@ CONFIG_AMQP_HOST={{ controller_public_ip }}
CONFIG_AMQP_ENABLE_SSL=n
# Enable Authentication for the AMQP service
CONFIG_AMQP_ENABLE_AUTH=y
CONFIG_AMQP_ENABLE_AUTH=n
# The password for the NSS certificate database of the AMQP service
CONFIG_AMQP_NSS_CERTDB_PW={{ CONFIG_AMQP_NSS_CERTDB_PW }}
@@ -96,14 +96,14 @@ CONFIG_AMQP_SSL_PORT=5671
# The filename of the certificate that the AMQP service is going to
# use
CONFIG_AMQP_SSL_CERT_FILE=/etc/pki/tls/certs/fedorainfracloud.org.pem
CONFIG_AMQP_SSL_CERT_FILE=/etc/pki/tls/certs/amqp_selfcert.pem
# The filename of the private key that the AMQP service is going to
# use
CONFIG_AMQP_SSL_KEY_FILE=/etc/pki/tls/private/fedorainfracloud.org.key
CONFIG_AMQP_SSL_KEY_FILE=/etc/pki/tls/private/amqp_selfkey.pem
# Auto Generates self signed SSL certificate and key
CONFIG_AMQP_SSL_SELF_SIGNED=n
CONFIG_AMQP_SSL_SELF_SIGNED=y
# User for amqp authentication
CONFIG_AMQP_AUTH_USER=amqp_user
@@ -198,10 +198,10 @@ CONFIG_NOVA_COMPUTE_PRIVIF=lo
CONFIG_NOVA_NETWORK_MANAGER=nova.network.manager.FlatDHCPManager
# Public interface on the Nova network server
CONFIG_NOVA_NETWORK_PUBIF=eth0
CONFIG_NOVA_NETWORK_PUBIF={{ controller_public_ip }}
# Private interface for network manager on the Nova network server
CONFIG_NOVA_NETWORK_PRIVIF=eth1
CONFIG_NOVA_NETWORK_PRIVIF=lo
# IP Range for network manager
CONFIG_NOVA_NETWORK_FIXEDRANGE={{ internal_interface_cidr }}
@@ -214,7 +214,7 @@ CONFIG_NOVA_NETWORK_FLOATRANGE={{ public_interface_cidr }}
CONFIG_NOVA_NETWORK_DEFAULTFLOATINGPOOL=external
# Automatically assign a floating IP to new instances
CONFIG_NOVA_NETWORK_AUTOASSIGNFLOATINGIP=n
CONFIG_NOVA_NETWORK_AUTOASSIGNFLOATINGIP=y
# First VLAN for private networks
CONFIG_NOVA_NETWORK_VLAN_START=100
@@ -258,16 +258,6 @@ CONFIG_NEUTRON_L2_PLUGIN=ml2
# metadata agent
CONFIG_NEUTRON_METADATA_PW={{ NEUTRON_PASS }}
# Set to 'y' if you would like Packstack to install Neutron LBaaS
CONFIG_LBAAS_INSTALL=y
# Set to 'y' if you would like Packstack to install Neutron L3
# Metering agent
CONFIG_NEUTRON_METERING_AGENT_INSTALL=y
# Whether to configure neutron Firewall as a Service
CONFIG_NEUTRON_FWAAS=y
# A comma separated list of network type driver entrypoints to be
# loaded from the neutron.ml2.type_drivers namespace.
CONFIG_NEUTRON_ML2_TYPE_DRIVERS=local,flat,gre
@@ -340,7 +330,7 @@ CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=floatnet:br-ex
# A comma separated list of colon-separated OVS bridge:interface
# pairs. The interface will be added to the associated bridge.
CONFIG_NEUTRON_OVS_BRIDGE_IFACES=
CONFIG_NEUTRON_OVS_BRIDGE_IFACES=br-tun:eth1
# A comma separated list of tunnel ranges for the Neutron openvswitch
# plugin (eg. 1:1000)
@@ -360,14 +350,14 @@ CONFIG_HORIZON_SSL=y
# PEM encoded certificate to be used for ssl on the https server,
# leave blank if one should be generated, this certificate should not
# require a passphrase
CONFIG_SSL_CERT=/etc/pki/tls/certs/fedorainfracloud.org.pem
CONFIG_SSL_CERT=/etc/pki/tls/certs/fed-cloud09.pem
# PEM encoded CA certificates from which the certificate chain of the
# # server certificate can be assembled.
CONFIG_SSL_CACHAIN=/etc/pki/tls/certs/fedorainfracloud.org.digicert.pem
CONFIG_SSL_CACHAIN=/etc/pki/tls/certs/fed-cloud09.pem
# Keyfile corresponding to the certificate if one was entered
CONFIG_SSL_KEY=/etc/pki/tls/private/fedorainfracloud.key
CONFIG_SSL_KEY=/etc/pki/tls/private/fed-cloud09.key
# The password to use for the Swift to authenticate with Keystone
CONFIG_SWIFT_KS_PW={{ SWIFT_PASS }}
@@ -378,7 +368,7 @@ CONFIG_SWIFT_KS_PW={{ SWIFT_PASS }}
# on 127.0.0.1 as a swift storage device(packstack does not create the
# filesystem, you must do this first), if /dev is omitted Packstack
# will create a loopback device for a test setup
CONFIG_SWIFT_STORAGES={{ swift_storages }}
CONFIG_SWIFT_STORAGES=
# Number of swift storage zones, this number MUST be no bigger than
# the number of storage devices configured
@@ -453,7 +443,7 @@ CONFIG_CEILOMETER_SECRET={{ CEILOMETER_SECRET }}
CONFIG_CEILOMETER_KS_PW={{ CEILOMETER_PASS }}
# The IP address of the server on which to install mongodb
CONFIG_MONGODB_HOST=127.0.0.1
CONFIG_MONGODB_HOST={{ controller_public_ip }}
# The password of the nagiosadmin user on the Nagios server
CONFIG_NAGIOS_PW=

41
files/gnome/backup.sh Normal file
View File

@@ -0,0 +1,41 @@
#!/bin/bash
# backup.sh will run FROM backup03 TO the various GNOME boxes on the set. (there's two set
# of machines, one being the ones with a public IP and the others being the IP-less ones that
# will forward their agent through bastion.gnome.org)
export PATH=$PATH:/bin:/usr/bin:/usr/local/bin
MACHINES='signal.gnome.org
webapps2.gnome.org
clutter.gnome.org
blogs.gnome.org
chooser.gnome.org
git.gnome.org
webapps.gnome.org
socket.gnome.org
bugzilla-web.gnome.org
progress.gnome.org
clipboard.gnome.org
cloud-ssh.gnome.org
bastion.gnome.org
spinner.gnome.org
master.gnome.org
combobox.gnome.org
restaurant.gnome.org
expander.gnome.org
live.gnome.org
extensions.gnome.org
view.gnome.org
puppet.gnome.org
accelerator.gnome.org
range.gnome.org
pentagon.gimp.org
account.gnome.org'
BACKUP_DIR='/fedora_backups/gnome/'
LOGS_DIR='/fedora_backups/gnome/logs'
for MACHINE in $MACHINES; do
rsync -avz -e 'ssh -F /usr/local/etc/gnome_ssh_config' --bwlimit=2000 $MACHINE:/etc/rsyncd/backup.exclude $BACKUP_DIR/excludes/$MACHINE.exclude
rdiff-backup --remote-schema 'ssh -F /usr/local/etc/gnome_ssh_config %s rdiff-backup --server' --print-statistics --exclude-device-files --exclude /selinux --exclude /sys --exclude /proc --exclude-globbing-filelist $BACKUP_DIR/excludes/$MACHINE.exclude $MACHINE::/ $BACKUP_DIR/$MACHINE/ | mail -s "Daily backup: $MACHINE" backups@gnome.org
done

8
files/gnome/ssh_config Normal file
View File

@@ -0,0 +1,8 @@
Host live.gnome.org extensions.gnome.org puppet.gnome.org view.gnome.org drawable.gnome.org
User root
IdentityFile /usr/local/etc/gnome_backup_id.rsa
ProxyCommand ssh -W %h:%p bastion.gnome.org -F /usr/local/etc/gnome_ssh_config
Host *.gnome.org pentagon.gimp.org
User root
IdentityFile /usr/local/etc/gnome_backup_id.rsa

135
files/hotfix/autocloud/consumer.py
View File

@@ -1,135 +0,0 @@
# -*- coding: utf-8 -*-
from datetime import datetime
import requests
import fedmsg.consumers
import fedfind.release
from sqlalchemy import exc
import autocloud
from autocloud.models import init_model, ComposeDetails, ComposeJobDetails
from autocloud.producer import publish_to_fedmsg
from autocloud.utils import is_valid_image, produce_jobs
import logging
log = logging.getLogger("fedmsg")
DEBUG = autocloud.DEBUG
class AutoCloudConsumer(fedmsg.consumers.FedmsgConsumer):
"""
Fedmsg consumer for Autocloud
"""
if DEBUG:
topic = [
'org.fedoraproject.dev.__main__.pungi.compose.status.change'
]
else:
topic = [
'org.fedoraproject.prod.pungi.compose.status.change'
]
config_key = 'autocloud.consumer.enabled'
def __init__(self, *args, **kwargs):
self.supported_archs = [arch for arch, _ in ComposeJobDetails.ARCH_TYPES]
log.info("Autocloud Consumer is ready for action.")
super(AutoCloudConsumer, self).__init__(*args, **kwargs)
def consume(self, msg):
""" This is called when we receive a message matching the topic. """
log.info('Received %r %r' % (msg['topic'], msg['body']['msg_id']))
STATUS_F = ('FINISHED_INCOMPLETE', 'FINISHED',)
VARIANTS_F = ('CloudImages',)
images = []
compose_db_update = False
msg_body = msg['body']
status = msg_body['msg']['status']
compose_images_json = None
if status in STATUS_F:
location = msg_body['msg']['location']
json_metadata = '{}/metadata/images.json'.format(location)
resp = requests.get(json_metadata)
compose_images_json = getattr(resp, 'json', False)
if compose_images_json is not None:
compose_images_json = compose_images_json()
compose_images = compose_images_json['payload']['images']
compose_details = compose_images_json['payload']['compose']
compose_images = dict((variant, compose_images[variant])
for variant in VARIANTS_F
if variant in compose_images)
compose_id = compose_details['id']
rel = fedfind.release.get_release(cid=compose_id)
release = rel.release
compose_details.update({'release': release})
compose_images_variants = [variant for variant in VARIANTS_F
if variant in compose_images]
for variant in compose_images_variants:
compose_image = compose_images[variant]
for arch, payload in compose_image.iteritems():
if arch not in self.supported_archs:
continue
for item in payload:
relative_path = item['path']
if not is_valid_image(relative_path):
continue
absolute_path = '{}/{}'.format(location, relative_path)
item.update({
'compose': compose_details,
'absolute_path': absolute_path,
})
images.append(item)
compose_db_update = True
if compose_db_update:
session = init_model()
compose_date = datetime.strptime(compose_details['date'], '%Y%m%d')
try:
cd = ComposeDetails(
date=compose_date,
compose_id=compose_details['id'],
respin=compose_details['respin'],
type=compose_details['type'],
status=u'q',
location=location,
)
session.add(cd)
session.commit()
compose_details.update({
'status': 'queued',
'compose_job_id': cd.id,
})
publish_to_fedmsg(topic='compose.queued',
**compose_details)
except exc.IntegrityError:
session.rollback()
cd = session.query(ComposeDetails).filter_by(
compose_id=compose_details['id']).first()
log.info('Compose already exists %s: %s' % (
compose_details['id'],
cd.id
))
session.close()
num_images = len(images)
for pos, image in enumerate(images):
image.update({'pos': (pos+1, num_images)})
produce_jobs(images)

2
files/hotfix/httpd/httpd.sysconfig.el7
View File

@@ -1,2 +0,0 @@
export OPENSSL_NO_DEFAULT_ZLIB=1
export PYTHONHASHSEED=random

243
files/httpd/fedorahosted-redirects.conf
View File

@@ -1,243 +0,0 @@
RewriteEngine On
RewriteRule ^/fedora-commops/ticket/(.*) https://pagure.io/fedora-commops/issue/$1 [R=301]
RewriteRule ^/fedora-commops/report https://pagure.io/fedora-commops/issues [R=301]
RewriteRule ^/fedora-commops https://pagure.io/fedora-commops/ [R=301]
RewriteRule ^/marketing-team/report https://pagure.io/fedora-marketing/issues [R=301]
RewriteRule ^/marketing-team/ticket/(.*) https://pagure.io/fedora-marketing/issue/$1 [R=301]
RewriteRule ^/marketing-team https://pagure.io/fedora-marketing [R=301]
RewriteRule ^/fedora-project-schedule/report https://pagure.io/fedora-project-schedule/issues [R=301]
RewriteRule ^/fedora-project-schedule https://pagure.io/fedora-project-schedule [R=301]
RewriteRule ^/firewalld https://github.com/t-woerner/firewalld [R=301]
RewriteRule ^/fpaste https://pagure.io/fpaste [R=301]
RewriteRule ^/rpmfluff https://pagure.io/rpmfluff [R=301]
RewriteRule ^/weatheralert https://pagure.io/weatheralert [R=301]
RewriteRule ^/create-tx-configuration https://pagure.io/create-tx-configuration [R=301]
RewriteRule ^/fedora-magazine https://pagure.io/fedoramagazine-images [R=301]
RewriteRule ^/newt https://pagure.io/newt [R=301]
RewriteRule ^/releases/n/e/newt/(.*) https://pagure.io/releases/newt/$1 [R=301]
RewriteRule ^/releases/n/e/newt https://pagure.io/releases/newt [R=301]
Rewriterule ^/cloud/report https://pagure.io/atomic-wg/issues [R=301]
Rewriterule ^/cloud/ticket/(.*) https://pagure.io/atomic-wg/issue/$1 [R=301]
Rewriterule ^/cloud https://pagure.io/atomic-wg [R=301]
RewriteRule ^/imapsync https://pagure.io/imapsync [R=301]
RewriteRule ^/releases/i/m/imapsync/(.*) https://pagure.io/releases/imapsync/$1 [R=301]
RewriteRule ^/releases/i/m/imapsync https://pagure.io/releases/imapsync [R=301]
RewriteRule ^/released/i/m/imapsync/(.*) https://pagure.io/releases/imapsync/$1 [R=301]
RewriteRule ^/released/i/m/imapsync https://pagure.io/releases/imapsync [R=301]
RewriteRule ^/released/imapsync https://pagure.io/releases/imapsync [R=301]
RewriteRule ^/fedora-infrastructure/report https://pagure.io/fedora-infrastructure/issues [R=301]
RewriteRule ^/fedora-infrastructure/ticket/(.*) https://pagure.io/fedora-infrastructure/issue/$1 [R=301]
RewriteRule ^/fedora-infrastructure https://pagure.io/fedora-infrastructure [R=301]
RewriteRule ^/fesco/report https://pagure.io/fesco/issues [R=301]
RewriteRule ^/fesco/ticket/(.*) https://pagure.io/fesco/issue/$1 [R=301]
RewriteRule ^/fesco https://pagure.io/fesco [R=301]
Rewriterule ^/fedora-packager/report https://pagure.io/fedora-packager/issues [R=301]
RewriteRule ^/fedora-packager/ticket/(.*) https://pagure.io/fedora-packager/issue/$1 [R=301]
Rewriterule ^/fedora-packager https://pagure.io/fedora-packager [R=301]
RewriteRule ^/rpkg/report https://pagure.io/rpkg/issues [R=301]
RewriteRule ^/rpkg/ticket/(.*) https://pagure.io/rpkg/issue/$1 [R=301]
RewriteRule ^/rpkg https://pagure.io/rpkg [R=301]
RewriteRule ^/fedpkg/report https://pagure.io/fedpkg/issues [R=301]
Rewriterule ^/fedpkg/ticket/(.*) https://pagure.io/fedpkg/issue/$1 [R=301]
Rewriterule ^/fedpkg https://pagure.io/fedpkg [R=301]
RewriteRule ^/ELAPI/report https://pagure.io/ELAPI/issues [R=301]
RewriteRule ^/ELAPI/ticket/(.*) https://pagure.io/ELAPI/issue/$1 [R=301]
RewriteRule ^/ELAPI https://pagure.io/ELAPI [R=301]
RewriteRule ^/irc-support-sig/report https://pagure.io/irc-support-sig/issues [R=301]
Rewriterule ^/irc-support-sig/ticket/(.*) https://pagure.io/irc-support-sig/issue/$1 [R=301]
RewriteRule ^/irc-support-sig https://pagure.io/irc-support-sig [R=301]
RewriteRule ^/packager-sponsors/report https://pagure.io/packager-sponsors/issues [R=301]
Rewriterule ^/packager-sponsors/ticket/(.*) https://pagure.io/packager-sponsors/issue/$1 [R=301]
Rewriterule ^/packager-sponsors https://pagure.io/packager-sponsors [R=301]
RewriteRule ^/epel/report https://pagure.io/epel/issues [R=301]
Rewriterule ^/epel/ticket/(.*) https://pagure.io/epel/issue/$1 [R=301]
RewriteRule ^/epel https://pagure.io/epel [R=301]
RewriteRule ^/elfutils/wiki/(.*) https://sourceware.org/elfutils/$1 [R=301]
RewriteRule ^/elfutils https://sourceware.org/elfutils [R=301]
Rewriterule ^/releases/e/l/elfutils/(.*) https://sourceware.org/elfutils/ftp/$1 [R=301]
RewriteRule ^/rpmdevtools/report https://pagure.io/rpmdevtools/issues [R=301]
RewriteRule ^/rpmdevtools/ticket/(.*) https://pagure.io/rpmdevtools/issue/$1 [R=301]
Rewriterule ^/rpmdevtools https://pagure.io/rpmdevtools [R=301]
RewriteRule ^/fudcon-planning/report https://pagure.io/fudcon-planning/issues [R=301]
RewriteRule ^/fudcon-planning/ticket/(.*) https://pagure.io/fudcon-planning/issue/$1 [R=301]
Rewriterule ^/fudcon-planning https://pagure.io/fudcon-planning [R=301]
RewriteRule ^/gfs2-utils/report https://pagure.io/gfs2-utils/issues [R=301]
RewriteRule ^/gfs2-utils/ticket/(.*) https://pagure.io/gfs2-utils/issue/$1 [R=301]
RewriteRule ^/gfs2-utils https://pagure.io/gfs2-utils [R=301]
RewriteRule ^/elections/report https://pagure.io/elections/issues [R=301]
RewriteRule ^/elections/ticket/(.*) https://pagure.io/elections/issue/$1 [R=301]
RewriteRule ^/elections https://pagure.io/elections [R=301]
RewriteRule ^/fedocal/report https://pagure.io/fedocal/issues [R=301]
RewriteRule ^/fedocal/ticket/(.*) https://pagure.io/fedocal/issue/$1 [R=301]
RewriteRule ^/fedocal https://pagure.io/fedocal [R=301]
RewriteRule ^/FedoraReview/report https://pagure.io/FedoraReview/issues [R=301]
RewriteRule ^/FedoraReview/ticket/(.*) https://pagure.io/FedoraReview/issue/$1 [R=301]
RewriteRule ^/FedoraReview https://pagure.io/FedoraReview [R=301]
RewriteRule ^/packagedb-cli/report https://pagure.io/pkgdb-cli/issues [R=301]
RewriteRule ^/packagedb-cli/ticket/(.*) https://pagure.io/pkgdb-cli/issue/$1 [R=301]
RewriteRule ^/packagedb-cli https://pagure.io/pkgdb-cli [R=301]
RewriteRule ^/r2spec/report https://pagure.io/r2spec/issues [R=301]
RewriteRule ^/r2spec/ticket/(.*) https://pagure.io/r2spec/issue/$1 [R=301]
RewriteRule ^/r2spec https://pagure.io/r2spec [R=301]
RewriteRule ^/pkgdb2/report https://pagure.io/pkgdb2/issues [R=301]
RewriteRule ^/pkgdb2/ticket/(.*) https://pagure.io/pkgdb2/issue/$1 [R=301]
RewriteRule ^/pkgdb2 https://pagure.io/pkgdb2/ [R=301]
RewriteRule ^/tgcapcha22/report https://pagure.io/tgcapcha22/issues [R=301]
RewriteRule ^/tgcapcha22/ticket/(.*) https://pagure.io/tgcapcha22/issue/$1 [R=301]
RewriteRule ^/tgcapcha22 https://pagure.io/tgcapcha22 [R=301]
RewriteRule ^/fedora-gather-easyfix/report https://pagure.io/fedora-gather-easyfi/issues [R=301]
RewriteRule ^/fedora-gather-easyfix/ticket/(.*) https://pagure.io/fedora-gather-easyfile/issue/$1 [R=301]
RewriteRule ^/fedora-gather-easyfix https://pagure.io/fedora-gather-easyfile [R=301]
RewriteRule ^/389/report https://pagure.io/389-ds-base/issues [R=301]
RewriteRule ^/389/ticket/(.*) https://pagure.io/389-ds-base/issue/$1 [R=301]
RewriteRule ^/389 https:///pagure.io/389-ds-base [R=301]
RewriteRule ^/ipsilon/report https://pagure.io/ipsilon/issues [R=301]
RewriteRule ^/ipsilon/ticket/(.*) https://pagure.io/ipsilon/issue/$1 [R=301]
RewriteRule ^/released/ipsilon/(.*) http://releases.pagure.org/ipsilon/$1 [R=301]
RewriteRule ^/released/ipsilon http://releases.pagure.org/ipsilon/ [R=301]
RedirectMatch ^/ipsilon https://pagure.io/ipsilon
RedirectMatch ^/ipsilon/ https://pagure.io/ipsilon/
RewriteRule ^/mod_nss/report https://pagure.io/mod_nss/issues [R=301]
Rewriterule ^/mod_nss/ticket/(.*) https://pagure.io/mod_nss/issue/$1 [R=301]
RewriteRule ^/mod_nss https:///pagure.io/mod_nss [R=301]
RewriteRule ^/mod_revocator/report https://pagure.io/mod_revocator/issues [R=301]
RewriteRule ^/mod_revocator/ticket/(.*) https://pagure.io/mod_revocator/issue/$1 [R=301]
RewriteRule ^/mod_revocator https:///pagure.io/mod_revocator [R=301]
RewriteRule ^/fpc/report https://pagure.io/packaging-committee/issues [R=301]
Rewriterule ^/fpc/ticket/(.*) https://pagure.io/packaging-committee/issue/$1 [R=301]
RewriteRule ^/fpc https:///pagure.io/packaging-committee [R=301]
RewriteRule ^/certmonger/report https://pagure.io/certmonger/issues [R=301]
RewriteRule ^/certmonger/ticket/(.*) https://pagure.io/certmonger/issue/$1 [R=301]
RewriteRule ^/certmonger https:///pagure.io/certmonger [R=301]
RewriteRule ^/publican https:///sourceware.org/publican [R=301]
RewriteRule ^/fedora-apac/report https://pagure.io/ambassadors-apac/issues [R=301]
RewriteRule ^/fedora-apac/ticket/(.*) https://pagure.io/ambassadors-apac/issue/$1 [R=301]
Rewriterule ^/fedora-apac https:///pagure.io/ambassadors-apac [R=301]
RewriteRule ^/sssd/report https://pagure.io/SSSD/sssd/issues [L,R]
RewriteRule ^/sssd/ticket/(.*) https://pagure.io/SSSD/sssd/issue/$1 [L,R]
RewriteRule ^/releases/s/s/sssd/(.*) https://releases.pagure.org/SSSD/sssd/$1 [L,R]
RewriteRule ^/releases/s/s/sssd https://releases.pagure.org/SSSD/sssd/ [L,R]
RewriteRule ^/released/sssd/(.*) https://releases.pagure.org/SSSD/sssd/$1 [L,R]
RewriteRule ^/released/sssd https://releases.pagure.org/SSSD/sssd/ [L,R]
#RewriteRule ^/sssd https://pagure.io/SSSD/sssd [L,R]
#RewriteRule ^/sssd/ https://pagure.io/SSSD/sssd/ [L,R]
RewriteRule ^/freeipa/changeset/(.*) https://pagure.io/freeipa/c/$1 [L,R]
RewriteRule ^/freeipa/report https://pagure.io/freeipa/issues [L,R]
RewriteRule ^/freeipa/ticket/(.*) https://pagure.io/freeipa/issue/$1 [L,R]
RewriteRule ^/freeipa https://pagure.io/freeipa [L,R]
RewriteRule ^/freeipa/(.*) https://pagure.io/freeipa [L,R]
RewriteRule ^/rel-eng/report https://pagure.io/releng/issues [R=301]
RewriteRule ^/rel-eng/ticket/(.*) https://pagure.io/releng/issue/$1 [R=301]
RewriteRule ^/rel-eng https://pagure.io/releng [R=301]
RewriteRule ^/fedora-badges/report https://pagure.io/Fedora-Badges/issues [R=301]
RewriteRule ^/fedora-badges/ticket/(.*) https://pagure.io/Fedora-Badges/issue/$1 [R=301]
RewriteRule ^/fedora-badges https://pagure.io/Fedora-Badges [R=301]
RewriteRule ^/bind-dyndb-ldap/wiki https://docs.pagure.org/bind-dyndb-ldap/ [R=301]
RewriteRule ^/bind-dyndb-ldap/wiki/ https://docs.pagure.org/bind-dyndb-ldap/ [R=301]
RewriteRule ^/bind-dyndb-ldap/wiki/(.*) https://docs.pagure.org/bind-dyndb-ldap/$1.html [R=301]
RewriteRule ^/bind-dyndb-ldap/wiki/(.*)/ https://docs.pagure.org/bind-dyndb-ldap/$1.html [R=301]
RewriteRule ^/bind-dyndb-ldap/report https://pagure.io/bind-dyndb-ldap/issues [R=301]
RewriteRule ^/bind-dyndb-ldap/ticket/(.*) https://pagure.io/bind-dyndb-ldap/issue/$1 [R=301]
RewriteRule ^/bind-dyndb-ldap/changeset/(.*) https://pagure.io/bind-dyndb-ldap/c/$1 [R=301]
RewriteRule ^/bind-dyndb-ldap https://pagure.io/bind-dyndb-ldap [R=301]
RewriteRule ^/released/bind-dyndb-ldap/(.*) https://releases.pagure.io/bind-dyndb-ldap [R=301]
RewriteRule ^/released/bind-dyndb-ldap https://releases.pagure.io/bind-dyndb-ldap [R=301]
RewriteRule ^/released/ding-libs/(.*) https://releases.pagure.org/SSSD/ding-libs/$1 [R=301]
RewriteRule ^/released/ding-libs https://releases.pagure.org/SSSD/ding-libs/ [R=301]
RewriteRule ^/webauthinfra/wiki/mod_lookup_identity https://www.adelton.com/apache/mod_lookup_identity/ [R]
RewriteRule ^/webauthinfra/wiki/mod_intercept_form_submit https://www.adelton.com/apache/mod_intercept_form_submit/ [R]
RewriteRule ^/webauthinfra/wiki/mod_authnz_pam https://www.adelton.com/apache/mod_authnz_pam/ [R]
RewriteRule ^/webauthinfra https://pagure.io/webauthinfra [R]
RewriteRule ^/spacewalk/wiki/(.*) https://github.com/spacewalkproject/spacewalk/wiki/$1 [R]
RewriteRule ^/spacewalk/wiki https://github.com/spacewalkproject/spacewalk/wiki [R]
RewriteRule ^/spacewalk https://github.com/spacewalkproject/spacewalk [R]
RewriteRule ^/famnarequests/report https://pagure.io/ambassadors-na/requests/issues [R=301]
RewriteRule ^/famnarequests/ticket/(.*) https://pagure.io/ambassadors-na/requests/issue/$1 [R=301]
RewriteRule ^/famnarequests https://pagure.io/ambassadors-na/requests [R=301]
RewriteCond %{HTTP_HOST} ^fedorahosted.org [NC,OR]
RewriteCond %{REQUEST_URI} ^/released/javapackages/doc/(.*)
RewriteRule ^/released/javapackages/doc/(.*)$ https://fedora-java.github.io/howto/latest/$1 [L,R=301,NC]
RewriteRule ^/liberation-fonts/report https://pagure.io/liberation-fonts/issues [L,R]
RewriteRule ^/liberation-fonts/ticket/(.*) https://pagure.io/liberation-fonts/issue/$1 [L,R]
RewriteRule ^/liberation-fonts/l/i/liberation-fonts/(.*) https://releases.pagure.org/liberation-fonts/$1 [L,R]
RewriteRule ^/liberation-fonts/l/i/liberation-fonts https://releases.pagure.org/liberation-fonts/ [L,R]
RewriteRule ^/liberation-fonts https://pagure.io/liberation-fonts [R=301]
RewriteRule ^/lohit/report https://pagure.io/lohit/issues [L,R]
RewriteRule ^/lohit/ticket/(.*) https://pagure.io/lohit/issue/$1 [L,R]
RewriteRule ^/lohit/l/i/liberation-fonts/(.*) https://releases.pagure.org/lohit/$1 [L,R]
RewriteRule ^/lohit/l/i/liberation-fonts https://releases.pagure.org/lohit/ [L,R]
RewriteRule ^/lohit/ https://pagure.io/lohit [R=301]
RewriteRule ^/aplaws/ https://aplaws.org/ [R=301]
RewriteRule ^/aplaws https://aplaws.org [R=301]
RewriteRule ^/fedora-medical/report https://pagure.io/fedora-medical/issues [L,R]
RewriteRule ^/fedora-medical/ticket/(.*) https://pagure.io/fedora-medical/issue/$1 [L,R]
RewriteRule ^/fedora-medical/ https://pagure.io/fedora-medical [R=301]
RewriteRule ^/libverto/ https://github.com/latchset/libverto/ [R=301]
RewriteRule ^/libverto https://github.com/latchset/libverto [R=301]
RewriteRule ^/pki/report https://pagure.io/dogtagpki/issues [L,R]
RewriteRule ^/pki/ticket/(.*) https://pagure.io/dogtagpki/issue/$1 [L,R]
RewriteRule ^/pki/p/k/pki/(.*) https://releases.pagure.org/dogtagpki/$1 [L,R]
RewriteRule ^/pki/p/k/pki https://releases.pagure.org/dogtagpki/ [L,R]
RewriteRule ^/pki https://pagure.io/dogtagpki [R=301]
# Ipsilon wiki is now moving content
ReWriteCond %{REQUEST_URI} !^/ipsilon/.*
RewriteRule ^/.* https://fedoraproject.org/wiki/Infrastructure/Fedorahosted-retirement

2
files/httpd/fpaste.org.conf
View File

@@ -1,2 +0,0 @@
RewriteEngine on
RewriteRule ^/\.well-known/(.*) /srv/web/acme-challenge/.well-known/$1 [L]

49
files/httpd/git.fedorahosted-redirects.conf
View File

@@ -1,49 +0,0 @@
RewriteEngine on
RewriteRule ^/git/ipsilon.git(.*)$ https://pagure.io/ipsilon.git$1 [L,R]
RewriteRule ^/git/rpkg.git(.*)$ https://pagure.io/rpkg.git$1 [L,R]
RewriteRule ^/git/weatheralert.git(.*)$ https://pagure.io/weatheralert.git$1 [L,R]
RewriteRule ^/git/create-tx-configuration.git(.*)$ https://pagure.io/create-tx-configuration.git$1 [L,R]
RewriteRule ^/git/kernel-tests.git(.*)$ https://pagure.io/kernel-tests.git$1 [L,R]
RewriteRule ^/git/elfutils.git$ https://sourceware.org/git/?p=elfutils.git;a=summary [L,R]
RewriteRule ^/c*git/389/ds.git(.*)$ https://pagure.io/389-ds-base [L,R]
RewriteRule ^/c*git/389/lib389.git(.*)$ https://pagure.io/lib389 [L,R]
RewriteRule ^/c*git/389/console.git(.*)$ https://pagure.io/389-console [L,R]
RewriteRule ^/c*git/389/ds-console.git(.*)$ https://pagure.io/389-ds-console [L,R]
RewriteRule ^/c*git/389/dsgw.git(.*)$ https://pagure.io/389-dsgw [L,R]
RewriteRule ^/c*git/389/admin.git(.*)$ https://pagure.io/389-admin [L,R]
RewriteRule ^/c*git/389/adminutil.git(.*)$ https://pagure.io/389-adminutil [L,R]
RewriteRule ^/c*git/389/admin-console.git(.*)$ https://pagure.io/389-admin-console [L,R]
RewriteRule ^/c*git/idm-console-framework.git(.*)$ https://pagure.io/idm-console-framework [L,R]
RewriteRule ^/c*git/gss-ntlmssp.git(.*)$ https://pagure.io/gssntlmssp [L,R]
RewriteRule ^/c*git/mod_nss.git(.*)$ https://pagure.io/mod_nss [L,R]
RewriteRule ^/c*git/freeipa.git(.*)$ https://pagure.io/freeipa [L,R]
RewriteRule ^/c*git/certmonger.git(.*)$ https://pagure.io/certmonger [L,R]
RewriteCond %{REQUEST_URI} /cgit/sanlock\.git/commit/
RewriteCond %{query_string} id=(.+)$
RewriteRule ^/.*$ https://pagure.io/sanlock/c/%1 [R,L,NE]
RewriteRule ^/git/sanlock.git$ https://pagure.io/sanlock.git [L,R]
RewriteCond %{REQUEST_URI} /cgit/dlm\.git/commit/
RewriteCond %{query_string} id=(.+)$
RewriteRule ^/.*$ https://pagure.io/dlm/c/%1 [R,L,NE]
RewriteRule ^/git/dlm.git(.*)$ https://pagure.io/dlm.git$1 [L,R]
RewriteCond %{REQUEST_URI} /cgit/lvm2\.git/commit/
RewriteCond %{query_string} id=(.+)$
RewriteRule ^/.*$ https://sourceware.org/git/?p=lvm2.git;a=commitdiff;h=%1 [R,L,NE]
RewriteCond %{REQUEST_URI} /cgit/lvm2\.git/patch/
RewriteCond %{query_string} id=(.+)$
RewriteRule ^/.*$ https://sourceware.org/git/?p=lvm2.git;a=commitdiff;h=%1 [R,L,NE]
RewriteCond %{REQUEST_URI} /cgit/lvm2\.git(.*)$
RewriteRule ^/.*$ https://sourceware.org/git/?p=lvm2.git [R,L,NE]
RewriteRule ^/git/lvm2.git https://sourceware.org/git/?p=lvm2.git [L,R]
# redirect vdsm to ovirt git server - since ?p == querystring we have to match that sanely
RewriteCond %{QUERY_STRING} ^.*p=(.*vdsm\.git.*)$
RewriteRule ^.*$ http://gerrit.ovirt.org/gitweb\?p=%1 [R,L,NE]
RedirectMatch permanent ^/.* https://fedoraproject.org/wiki/Infrastructure/Fedorahosted-retirement

2
files/httpd/headers.conf.j2
View File

@@ -1,3 +1,5 @@
Header set AppTime "%D"
PassEnv HOSTNAME
Header set AppServer "{{ inventory_hostname }}"

74
files/httpd/newvirtualhost.conf.j2
View File

@@ -1,74 +0,0 @@
<VirtualHost *:443>
# Change this to the domain which points to your host.
ServerName {{ item.name }}
# Use separate log files for the SSL virtual host; note that LogLevel
# is not inherited from httpd.conf.
ErrorLog logs/{{ item.name }}_error_log
TransferLog logs/{{ item.name }}_access_log
LogLevel warn
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# SSL Protocol support:
# List the enable protocol levels with which clients will be able to
# connect. Disable SSLv2 access by default:
SSLProtocol {{ ssl_protocols }}
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite {{ ssl_ciphers }}
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/{{ sslcertfile }}
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/private/{{ sslkeyfile }}
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
{% if sslintermediatecertfile != '' %}
SSLCertificateChainFile /etc/pki/tls/certs/{{ sslintermediatecertfile }}
{% endif %}
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
DocumentRoot {{ item.document_root }}
Options Indexes FollowSymLinks
</VirtualHost>
<VirtualHost *:80>
# Change this to the domain which points to your host.
ServerName {{ item.name }}
{% if sslonly %}
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE]
{% else %}
Options Indexes FollowSymLinks
{% endif %}
</VirtualHost>

27
files/httpd/qadevel-virtualhost.conf.j2
View File

@@ -1,27 +0,0 @@
# this is meant for proxied stuff only, hence the lack of ssl
<VirtualHost *:80>
# Change this to the domain which points to your host.
ServerName {{ item.external_name }}
ServerAlias {{ item.name }}
DocumentRoot {{ item.document_root }}
ErrorLog "/var/log/httpd/{{ item.name }}.error_log"
CustomLog "/var/log/httpd/{{ item.name }}.access_log" common
<Directory "{{ item.document_root }}">
Options Indexes FollowSymLinks
Require all granted
</Directory>
<Location "/">
Options +Indexes
DirectoryIndex default.html
</Location>
<Location "/docs">
DirectoryIndex index.html
</Location>
</VirtualHost>

46
files/iptables/iptables Normal file
View File

@@ -0,0 +1,46 @@
# {{ ansible_managed }}
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
# allow ping and traceroute
-A INPUT -p icmp -j ACCEPT
# localhost is fine
-A INPUT -i lo -j ACCEPT
# Established connections allowed
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# allow ssh - always
-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT
# for nrpe - allow it from nocs
-A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT
# FIXME - this is the global nat-ip and we need the noc01-specific ip
-A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.102 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT
# if the host/group defines incoming tcp_ports - allow them
{% for port in tcp_ports %}
-A INPUT -p tcp -m tcp --dport {{ port }} -j ACCEPT
{% endfor %}
# if the host/group defines incoming udp_ports - allow them
{% for port in udp_ports %}
-A INPUT -p udp -m udp --dport {{ port }} -j ACCEPT
{% endfor %}
# if there are custom rules - put them in as-is
{% for rule in custom_rules %}
{{ rule }}
{% endfor %}
# otherwise kick everything out
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

14
files/iptables/iptables.sign Normal file
View File

@@ -0,0 +1,14 @@
# {{ ansible_managed }}
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
# Allow connections from client/server
-A INPUT -p tcp -m tcp --dport 44333:44334 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

58
files/iptables/iptables.staging Normal file
View File

@@ -0,0 +1,58 @@
# {{ ansible_managed }}
*nat
:PREROUTING ACCEPT []
:POSTROUTING ACCEPT []
:OUTPUT ACCEPT []
# Redirect staging attempts to talk to the external proxy to an internal ip.
# This is primarily for openid in staging which needs to get around proxy
# redirects.
-A OUTPUT -d 209.132.181.14 -j DNAT --to-destination 10.5.126.89
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
# allow ping and traceroute
-A INPUT -p icmp -j ACCEPT
# localhost is fine
-A INPUT -i lo -j ACCEPT
# Established connections allowed
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# allow ssh - always
-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT
# for nrpe - allow it from nocs
-A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT
# FIXME - this is the global nat-ip and we need the noc01-specific ip
-A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.102 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT
# if the host/group defines incoming tcp_ports - allow them
{% for port in tcp_ports %}
-A INPUT -p tcp -m tcp --dport {{ port }} -j ACCEPT
{% endfor %}
# if the host/group defines incoming udp_ports - allow them
{% for port in udp_ports %}
-A INPUT -p udp -m udp --dport {{ port }} -j ACCEPT
{% endfor %}
# if there are custom rules - put them in as-is
{% for rule in custom_rules %}
{{ rule }}
{% endfor %}
# otherwise kick everything out
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

4
files/jenkins/gitconfig Normal file
View File

@@ -0,0 +1,4 @@
[user]
email = sysadmin@fedoraproject.org
name = ${dist_tag} node - Fedora cloud

38
files/jenkins/jenkins-admin-keys Normal file
View File

@@ -0,0 +1,38 @@
#ausil
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAD9QDskl41P2f4wqBuDBRD3VJ7MfKD6gMetMEaOy2b/CzfxN1vzeoxEvUxefi4+uh5b5ht5+BhQVhvBV7sTxxYftEH+B7IRmWigqcS1Ndnw+ML6zCbSTCJOqDvTLxmkZic0NUBIBP907ztMCoZjaOW9SSCrdA9Vp87V3x/KEQaeSNntmnFqtnpQI/N0NlmqxB78p97W/QDpLuftqJ33sM0uyvxXSusThLSFBHjisezsWox49nEKY8HW+Kwkmw+k7EF4tsDWymPB+S0gMsMlTxzjutNASVDmn6H+lgkzns+5Xxii4/mZWrcjqfLuH7vCI2mWykZJ6ek0LiQea9tNN+KZomqX6NbTUK3riaDPrZPNexa4I83Fp+DYNmYgnGMInqn+cZ5PoUJ3u3LaqZGBQeuuONTw0yQ8Pkkn5xibpPO6qblHKcet0pfmWQ5ab+5BDrsyLcPXolMci5h45GNWebr7UMuXT6+q+EolnYgbgDzzGJ4xPohF04OW8CwflK64KEnYcqlGs+DF4TNgGFlhKiyCWfXSjizmQusxn17ayi6+yrkiGeqfz72qyZ1pSKlwA8XRYC2VkAAquJP6zAtAKjCUdmRTSyYgCpoIAlMwBO07BiPLLov6lKdphZYY1DI7pTXA98fhVU04PDqJJYR1GKkttmCsjbRWnxjkPl/Zka1+ei3k9DNidT6j4hFj+uTj8SS70qZUtKLNpc5IcedHaGEK0vcXJm9lIEKBIEnN0PCLZCa4kQZnfdsbuep1fbXNf4WYPXea29aRKJc4hiqsdrccTp4KueHgWt1Jj6CZDZcFgX+NlUVWwk6djgjRzHUryExtsjCcgGMPRJWdUnVcpgkQ1qJhEXng3W+nFFboArWfwU8u1pXEdeE1Z+m+ows3nJHdEgQevyy/cUx6BPNPZkBh10MWskSV8Z+vb02vJB+QikRMwQs3Ywf6RMaZFrBkWD4FfUaU24f4wgtPQN7j5xxJ2rWLJ/s9ZOWSl9yrytC6ZUQwmayLmiPUdm4u/7ZZmaly39K1YWqFDl3eUrRAZwf1L/NAqFu/qcQQ3Xf20K0nI55nVbZ8ODyx6BtfwoioblnTEcehK0uud5Vamc5mfpErFY0agEecsc0sMZO+ky9pf/gCUdM7je7kMDI2hdx61fOa8Wypb5u9WNBWKRKx8xT1XUKhb2uFumm3sR1iNm1Qhj92mo/NO2aETOA1lsYSL0XK571Yy0iFK3X1nOqp/gCsEGLI8OPQk6XuFqv8hmfiIXNKV8IwuDStw7eIvuQIgT7bmMkj+1Ca25foSmg3w5FqJux1gO9t5F018LeQZ6LVlYHZaQnaN+eTU7KfoCozhWw1H9pprDz Dennis Gilmore
#codeblock
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAACAEAstHxky7hl1inyHBy+q/9M+Aen2HSfy8IoW+sAO6HSuHEUT7qWB8AlSNjHhahjXx7sy/BUkUed+NB/177rjlThokZDJ0yoM9KKymp26ETGaamBSkWBxZatTj96BWfD0P2K9jc/9vxtgKBq3VK9UaOt6VtJ9q6mKY3DdWLZn+K6iGQAKMCAgd8cCMgD6epBB5/litz7WhYv+aYTyjZGUGbBojQUiWgXDv9lR7p0w+VP7pnZEeb3//k4pZhsPrKFwwRVRLxBvWgVKNvA6nMXmsdikHCLLj8YAevhEY1xAba+iCKOpTqT7Bu+1Fnb9St8u5iDod21gRmN7MGGWYsO+Iu2MNAW9sw2nsA/sdNR0HEEgBqJLhERjGv399fWKyiZaF90n59lg8Pb6EzE6wHRs6rSB+9uKApBzPk99BEHLvC6mhn6RjrOC+TWSTcmXojAwQYCadqIdgWUaBsxaugKEXBFcmRuDWtpDfsqmM1kjeGU6MiaMlqPW0KjsMaVVChLO5ZvB/T7qW4wr5ZjLri475MuHocCMP0ECSUk7I3YW2h8RU6FEFmTpuULFRQo01iPreY5XJ7l0+xy2eggAWo+X2h3nGjXhCPOelBg+LYe0WOmPgB5oc1m5HZtFTcFzYbhAE+xQKlbwNeYT8HmNmEMhPjVoNyOOV7NAap+ueS2u/7li5D59O5Iy8aa5n/WiuYfkqH4pG796nFyLr5L/LVudzyaYFb/Gk8C1j/NAWYw53D/9aOA277HHe5t0/daJhbo98u0asF5mvPld3swPuPqkEZzgUfmNgH5CkvcQcMzaOvj6qr6xNmQfgsHroCShb46kplQ2uSf1pMAqsjN7jGhk6l+Bu6hKHnJKhZJVLiuAZtgYvkCB1ahaO3wRVozA1VKCAlqHOqoCq4YLIobUL95H08Kwcz7vIRIadX1TkOoLb2EwPkE/xrhDp4BySh+j6YNklSBkiRHvJMBNnRIj8NTRjYyj2o1Om7kJ770lEdryg2og8QBaFWCmFkwzg1QVrBOuu0dN7kt2l7VI7Ib4lavKSVTrqUdxdSbthUlu/b4Qif+pbyEtUFgykRsHVs+5Ofg7FZpsgCJ8rLFjzeVF/hAYX7t3XaIPLu+DL8kzamb/CRy1b7+iAw9nJbd7ED2SGyU6+c2coMPG23y6+YxgEmNG/rkCLCypkEEDOZe4DuMerZQ/RxMo06+glC6HC/3VN2dHlVLtEEV33B04/6Z0plAhqtjG7PVs08f8a5msV/VYn5ifa4z0oIXX1r5CIg3Ejp1JguLhBHpWa7YbS2Mwu6GAbD+hQfCYrsUkFonoOLu5czpITLo7ceJFTQmAt7OxZEoZBfmtYfzADQsQVYQb6J4QwvM3iKJOn30dgtYnJOVlDZEn+0fivedxoBAt9jHJ8lVp2ov/dOFnimi5V+2QIMB0fKTkChsk10zsDZ/KUk6zfijjEju0WfjRHCd357KswNv3aXHazfRIw77S2UOenD+xmUDZ6WgnxservUSDNDz7NldLf/gdPOMO4uSwKZixzsoCNioeLEmQv4gomNK7DyZBLMHLlWlbliqP+QWuIJO1rfoH2vaxzzA7l5tJW1gfnxm87RrrwIf9v5kpdJM6gQZxqmBCRsKQd5VkrEJ/xaFfkv080pWNV0drWTZW8fAAgfUNYB260Hyk3rHsjQlVtQxGJ1aAcgjMi3eGKQMwptbUMYHqct75czX6xp6zgXPiC/glX6AtuiZQ5bOI07imil20ien/ks/dnel8L+dmYDasL9m0B2jZ3lbl3eR1Dy7UhqGyERx//vYQapEBuwFcqQ9UdIWCGGG2Pte1I39BSehUUGSCOOD38a/GCu0l7OWZKdwq80MK/Ixgz4neiZQZ7MD2wPy6vk6Num18PZPN7OynMrI2UG5MViQ0GAhRgxwbUCvc7uKnGRqZo9q2mCabCxLbv+hJ4bppxpHHJxMDDXilTKMfZb0YRbvjBUi7LFKLN3MBMK2U1jHE+PjBgweqF8Jtuw04CQMxK3unajZOVkYAIq8IdMbw0oBVP4++eGB9z0x1eH+IsqL6IgknbbyoMgQqW9/8atm8HW2QYCX47oPd4FHs8rgJZk3bz8MwN3tp8WCRtYnJuwkWGWSq77ans0Ycl/tUfSSwUjnSvMsJnuSbxvdX0XbP5eRWikk0pJz5lM9sjYFOPHrQ44/U254yBa0N6UhyNTQnMGzRvY+fADE49b10hXZwCCrxpY9KvGr1XNJMnMcUke+4p9RS5LUwcZ8A6v7oWtZaZwnuBzvKk+HAn2gevD7Stjto+TnRCx1qcbx8iOhAEC6nvbLl+U313TmawrO/usrI5w3EFKP/4BnlKJDtNBeklJ0MpU3R1fmisqfegjuBW2bbaxq8Uo6m7uqPsYuAl7E6rOyZHLbtA8szvbQ46MSqAHezqxHJajWn2oZXMtbddgO5vlkxbRp3SSVKaPOeIj3XOGl78Owp4gFNRE0RY2EuUvrwUhXZR4wx1VHYjS6o9HAwOx3dH+pf1OiblUEanLQ9HLuOBkLhP8wn1M2slsSw+A1gyuI0ayjRujYFXdw6Mqp6XKTdU8vNue2c3d0I+TMifBypP0oJtxXmEoPp/VsU9yLKA2FF7Xvv/Xq1gtZcuZWAbSwMok/ENY1xeIFyjV+0yBidmax3jaf9yus/XEpyeBS3iIz63ymU10Kb2vrWjubg/sa2yd+q0y96dLdDRbnbwGwMmg6mXvTlVXf8c= ricky@padlock01.home.elrod.me
#jstanley
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDi5bNJQBrvT/YuvfLO0y6smZW5N+946uISkzmDi9myffLgHAZP4nBGeH/4GcB5ns9HJ19xVtbIwqOz4QwIqKh4gKU7DgaqND2Iu0bUUFL1KXPLGyAIW+9N3yHB+nKkH31alDnF4dpKkvO63DRkqh4ptxwEQbZDCFqn+vXuMnG4cPmDEweR3QZUt5m0Vc7HXzbehZxjUZ3xRWvT/pu+khBhJcRFkLlA60Fnqv7Q+MQP1C0Cpf3hiX1LcXUogXkNooAqx1YYRd8VqvI8e9yQW+a99x8FftnmXKlGCxP33ng6+U6Y2H7u3cRDrlRTbWqkry4SuUYo+6MtvZVgL0fw6PsZ jstanley@hawtness.rmrf.net
#kevin
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJH1lA7WHRCbaFtvzbw0HxHYJstZjuXhax1+eL+SUJ5fFRGosEc4fLrSCP0gSFDfXmNzuspoBgcQTqnNO8FdIUwkJLDEu0vTQls1aT9YUXb+RVwKB7ULA3b1dqFkmOgLEjTJL9AplK4OJ9Su0kq6QBV4mXCxMsgEML/gn6r8muZmu2L/LdzUnxKKggyq7O5q1K/eW5Yy21fpvbHt2UPQX1f6gt4ty7E9Nnuhi7SHCI7fNIa+kHyIesfTm/SzeK/PY9rDwZKjuyS8o22GJXGEScJomK1cjMESH/J+t8Hffaj88BjGHNczvcnXAjq6y73VJQ9DiGLD4zmFquQMxDu0Tf kevin@jelerak.scrye.com
#lmacken
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDefONrBaBJlCxKtDwkYWVhf96lMhRQfwVJyBoBd4Pk6TqKMlAu2eST1xRZlV4cJSxAWgZpOaFgqJ5EGd6mq8PvVk+mKXdtX7CAoWm4f3c6otUFsFDCTw3gVvYSlEk23XBHuACsbAVNL4HmP+9C7PxQBePukbMBFD2smsyQkPcX7lZw+lDJW5lOTz3dHAA92bcopDycxRDI99gGkawzjlmxpm2C9nhRabKS6mpGw3N64d8hwHkkFbtHY7rS0/0Cka0geYYYv0NVki1IIctkhZE9LndcWbVcVe1pIlR0RyW2sorfgCgoa5fRZZhukUCtspdv981h/0b87RpRVUJKuRd1 lmacken@tomservo
#mdomsch
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsmLoA/97DrE7roCHOY7NdB5TV/g7oxAsk74HgHcFRYAbn/rkoa7r9ZsgR7qzwd6Z+5Z77qFqvl1Bs3XtJf+1vJ3kwdcNFdKTw1DgTdE/rNPI7QzUgXKKKv/WCiU6UDBX4HHWq8Yuq4tkr/yepS8sLzMz2e0pHU4uWFQuvr5ttP9ABGohhDnPr0IcaT5vm+uBTJItJBrhqGws2fnVxhWEm8Y96AZb2vFZVwiMdcKKqfVZby3/wTuEtaDbv0krQNtLJcjaOTWLHWnxJEvLWSdFgkuIDvoNKR7ZV2lsmh5UD/smStgf8TkORR59r63dp2kWAn0/Jl59ARsdXDXGCiduF3GamxglTUA+kYbkN/PBQbl6o+nNKy4Q5TI53WNmhpdsbEJWCjzT+V1ju5JejFEHIhnWyBoBUWB2NKxWaSlToI2B9E0iJ0HK68IlA7bO4X7SD8q5cZBVTKMByFxt9uQXFeZeG7QRCPIsg6bXsirnFn5028iz+RfVFe3Mavp18v1hObvH6SDTczQauuAhTwYOtphaPZj+iHbaKvKndvlOWdGoyrNxgcx+t4loyEEcEWD0Astdp0bZD39nag94PD7hnoENOC0oE6mbtyUuSCGrU6ogee8qxYAt0AP3Rq1LLaRWXqe/1rM5A9oaDNwNkWA/JWbJbZQf0vvWTZmTib3rfew== mdomsch@fedoraproject.org
#mmcgrath
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7U0WbKLL/D6iR03/vdDZJ8Lkj1jjAkindSvC4PkXVgi6qJo1YBZnIgsmoQopYcra2yzHFt58crygIh79P/rpQowWY99W+Sk4kB9UNuiAiX/LRi+1YdxwCKcRNTVOwuji6MGZoscACERmIjPY6P1oFPERoXhUkOuzPcrDK/0z/Bp9dpNRVZE/0zN6dvHA9QODLGvcFtgnX73SbZfoIbaVP/37IvOZvjGI1jxC5DwCmY+ihM13GpELP6BM8iihlnl1pjk1vtqPxD9g9Llr14Sc6cZJKl1WCulqhde4SEMOjpMJ8J8cGYBSsdh49hB36pdKQuTTnuCXpEt5Tl8PUKCrr mmcgrath@desktop.mmcgrath.net
#notting
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3eVd6Ccegp1r1mhm7tPnlGUcw0zsAbR2p9hrFZ7RKxdIponuVV9ix4lgwpNEVDs0j4vxAApeLpJrsV8R8+YLUZO3Mzi+2s8nM8LXrKHtJT9wKKqoU3O/lC79drbWk3EMgETyP61Zpjkub0hwG2MjviPee63zCuRbxzxyalzk+AtwkRSxYaS2Ha0uKxGDiq1c/Iu6HRgm8HrtW+Pr6QbSSoHLhGUpR0HkgoC6852xXGhrRMkzXXbD9L6vaK9F39YmzD7Z8yey+xDTFW529avkEIWDeqBpbae+HjKqEQaBx71/rcmXhqKYrEagzUGpS8Bwskp3JMksd/v9tMuUhGQ2XaooCeKzvM0KnVUk/Q031ZtjNYxLpy/rEqbyt18+8wYOvVoGgnRZ/yJ/UVwYbGJrttYrrQmaJv7b357bkgDJobkIki+zGzi1xkvb85JWEt0mfh38H2vCnpwQtSAIyF/hmrS+1xsD/oAoc83IUhsVYcDhLbBEVKMX2IsJLMAPwCE6GexRYyVE5vEN4PMV9A8VmGuIC3IzkPEbStdtlbP4ttNKtfwS+MrY+ceAABDixls6xpedgT1he44R+7C1p+w4uj4TnYReLVce6+KgfJ6mz8CTXVULLWM4l2H3PylEUyoHGRDpVanGAvm7h2D0HgxErWIkjZkL79GFhzQc1xjzixQ== notting@nostromo.devel.redhat.com
#ricky
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDAeAohiRJ2v/RO7R9GS93TF92Gc9ixK6HM7wlbMdlZ4yYAbeoEX8VpeNaSTfo/Nw3zazr9VpmpHg+H70K8ljQsPgRwcgpetRVpF55M5FYjqM5oM+N94HV3nSGcnWbSIho1R31DaDH2ptxVqgh2m5DG7Bc45w9Bd4wjfdQ8nBrGv93tuH7X/cee4g6GvexLm5nXhAngdEmiyxw5MHuJAvj+54l4wMXRWpeF6XlI2iamW42nLSfRMCFkGNiXvBm8zkfkeH2L7I2cNKXXoP/cPCd3G/teIsI9FDqYpZ6CS0zMkWhlTuh7rlCjc9+nJsLdDLgwhb75skiUOOfimGvCCxWeHuCsSL+KpCu4AgI9UAVgO6xblDlmbQXxlGopep29U/s00W/0qv3Zp8Ks4Za0xHdoIwHiaLM0OYymFaNDd3ZqFG0FN23ZjcGqUmFGhGfUQRDt72+e9HtXlBJ0mUaCX9+e4wFGTVciG1/5CKsLHCaLRf+knsWXrv2zcv9BoZ9SCAK32zCZw05wjcmr7jYDCTLmtC6kEBNaOeE9Qqi2oomo4ji8ybg+Qq+1BwOtJKExvmZaooBZud0qd24HmCU0/0ysw732jGcqexzxsCR0VArd+7LKexOD7KwMW0VUss6fdOWac9gwCLx9FaKYh8mVvcQjKhKGI3aO2sXRUWSbBJw8w== ricky@alpha.rzhou.org
#smooge
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAxnzCHH11nDM1m7yvqo6Uanq5vcZjBcs/mr3LccxwJ59ENzSXwUgEQy/P8vby9VKMwsskoaqZcvJdOSZBFhNV970NTPb69OIXPQAl/xhaLwiJOn606fB+/S8WepeuntS0qLiebbEiA9vIQLteZ+bWl1s/didD/sFo3/wItoTGA4GuShUu1AyWJx5Ue7Y34rwGR+kIvDoy2GHUcunn2PjGt4r3v2vpiR8GuK0JRupJAGYbYCiMBDRMkR0cgEyHW6+QQNqMlA6nRJjp94PcUMKaZK6Tc+6h5v8kLLtzuZ6ZupwMMC4X8sh85YcxqoW9DynrvO28pzaMNBHm7qr9LeY9PIhXscSa35GAcGZ7UwPK4aJAAuIzCf8BzazyvUM3Ye7GPCXHxUwY0kdXk+MHMVKFzZDChNp/ovgdhxNrw9Xzcs4yw7XYambN9Bk567cI6/tWcPuYLYD4ZJQP0qSXVzVgFEPss1lDcgd0k4if+pINyxM8eVFZVAqU+BMeDC+6W8HUUPgv6LiyTWs+xTXTuORwBTSF1pOqWB4LjqsCGIiMAc6n/xdALBGUN7qsuKDU6Q7bwPppaxypi4KCvuJsqW+8sDtMUaZ34I5Zo1q7cu03wqnOljUGoAY6IDn3J66F2KlPPyb/q3PDV3WbY/jnH16L29/xUA73nFUW1p+WXutwmSU= ssmoogen@ponyo.int.smoogespace.com
#spot
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFZ3AD/I0OfU84IrK573amZptucuBrDxHoue/c+PUsD3MGIA6QXRceq3ZkLuz25OAAu53hFxzCE4d6eVS299rVR8Cd+tVU8aqBdTHzdqv52Vs8zRfXMW69sV7fhwRLaQDcRTwY90Wmz2MbZmN996XmJDNtUIWI2mML+PBYEdO0PyiB2ttb7mmA3SwtC/rwEMJL2YHh+bTzlJ9W4BgFcFwizMXU3mk5uGp2/q3nKzEvgTROM8yWvqdM34cRYpjFKyOlpo6k3SPt76hgDUEIsAu6Ul1S0FHTCRMIihcxZOSN4frMtXVjX0NhW9mKcn1IRBpzd0Yon/gPB8OJ31ojIIop spot@pterodactyl
#toshio
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDfgKJEBuHFlFc8/IHDeIpdprNnAFQHkicXAFfAzIJSkhUaOJFjsulmgPZn2TJJpYqFAxYUjhWJOdrOwx7AHSg6gWu4TT4a0sTay+Z0eqZOShf5UL/M587DxJk1JZU8g812yDKZMc7Sv7K6zdteONnCvno1kALSg0F2MVMJXFjE/tSontkIRH6IuG19R19NGEj1h56uGwdfe78xjOmv5wk6RZBjaOKqiPSQKNqCKbY9Kyz6yrem2M5uxRK45u3wSPJdmopo8l/nwf0p6ydrUSL5C/aXGh7LPqh31eTBDQUbWHw9LQMk1SibMGQPwJt59lLMlzc5OQZAJEbadsDAgl6VVA6MZkBQROiK9E087kvPesMoGWE0KBgvTqzpBZj0uHATP9i097dv80gjupMyaePsnQOxk0wRho9nRkxRo18Drt3QPVND4YGHzahMe/YR2N83MkbnGoP8K+GsFhLMAp3NKh6yUofFxTgRiB6H8ULKf3CV+hlk0Z9RJR3CpgMTKILYHPlaleJqoP6sXg6tJxI0rUE+0jUKvaTj+N2gX0MjKfUINk5mTbjD2mdVrPtKOBvos2luNhY5nTDpJuAHQqnFHPlPw8l3lXC2VBWOjqfTeeS+qD7ArKe6F7IO5ZNxJ2mTUuodhaPySta1MS37DWoz6UqeJu+wKIsHok90+EU4aAvUABh3RXSQA1E3IaxkooMhhrdIQO6K4L0M+CZ7lP35sW5pnwsN4sFlPec9Xn5e15LTlb9yFlx7Nm4DE2SX1s9QyMRE7z0LNO0X7wiihojuyQM6OQwc+ZaaDw5HerBisX/3LcC9osVLQQg1pt91YcCczUQ08qfUJV6aOD962K+EGzVFQGGauJDzgEH9BHQg7QwCWr0f3mu8/TNBzys2c0YsywDUc3AT1KP6TEJcR/dy6WbhJD3qyO/BLfCzRrHUOIaz+WbwmfTX8tGEQnVV5sEkZ39PWA1hRQ83b3MNV8cRJl+h/FnTk62yM4ZqGu73+x8JiEG3HAJp9/xYfNSwg8++PojJBXe+yM6DrTh5fTnBhxatLEKB658p8jTqJtF4+YD9D8+L39xEns6GQ7FphNqTC6IcpXyqq+zNuzF7vs/T+5n7978dUs3sK6YpBX4BlDxK6MsRF1WYqajEVeBJEMwdX2rfGkN9B5GfWdmdrzBjZQ6yyvlx5Dg++qgxpMiVOXSnw5v7H03PrT1we9wKre/2SQ1A2Oq/UDt/7tR2cMLoaPDNBpFT1W44LJB7o9iDT9YHUG3dC7R8JoeJ5YjyFmxbUQ5xg1oHnrBaPrGCuEYdQWhuDmp9Px2yRu8Agxzr9rNCZ/W8nWJVmvwvlXoldrum2rAECx0wiWqBhQ/+eX65 badger@unaka.lan
#pingou
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2xAeq5uO72kY4mSFgFl9ZSveiAqe4tUv8hemrxwZH+w24RFOGrW1nOV+hjQhRpYVNwvqJkrd9N7VY/HXkd9df2AgQyYoiVfeMPTA7lB0/e/S1Bd6XGdWudvqRU1O6Rug0j3RQOuz7WDJgnanBVcBl8+X7EaPGpv9aILgh6CJDOVAO2GgaFdzI7CHtR99CMqNG7BsQF8C9Y8ALK+8HOPRE0R1wzgaAw85HTo0gyIWcrZqr4HI/QDuLjUQ6AZSgzE7dTiwZuFnUjLBnL0YP1bxJglt9IFx6r6jvdp/yMD+Bn/91WvmBL/AD+GIQ/ZydoeLo+JQW22ibiX/SzdAE4Cd3 FedoraProject

103
files/jenkins/master/config.xml Normal file
View File

@@ -0,0 +1,103 @@
<?xml version='1.0' encoding='UTF-8'?>
<hudson>
<disabledAdministrativeMonitors/>
<version>1.486</version>
<numExecutors>0</numExecutors>
<mode>NORMAL</mode>
<useSecurity>true</useSecurity>
<authorizationStrategy
class="hudson.security.ProjectMatrixAuthorizationStrategy">
<permission>hudson.model.Hudson.Administer:sysadmin-jenkins</permission>
<permission>hudson.model.Hudson.ConfigureUpdateCenter:sysadmin-jenkins</permission>
<permission>hudson.model.Hudson.Read:sysadmin-jenkins</permission>
<permission>hudson.model.Hudson.Read:anonymous</permission>
<permission>hudson.model.Hudson.RunScripts:sysadmin-jenkins</permission>
<permission>hudson.model.Item.Read:anonymous</permission>
</authorizationStrategy>
<securityRealm class="hudson.plugins.openid.OpenIdSsoSecurityRealm"
plugin="openid@1.5">
<endpoint>http://id.fedoraproject.org/</endpoint>
</securityRealm>
<projectNamingStrategy
class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
<workspaceDir>${ITEM_ROOTDIR}/workspace</workspaceDir>
<buildsDir>${ITEM_ROOTDIR}/builds</buildsDir>
<markupFormatter class="hudson.markup.RawHtmlMarkupFormatter">
<disableSyntaxHighlighting>false</disableSyntaxHighlighting>
</markupFormatter>
<jdks/>
<viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
<myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
<clouds/>
<slaves>
<slave>
<name>EL6</name>
<description></description>
<remoteFS>/mnt/jenkins/</remoteFS>
<numExecutors>2</numExecutors>
<mode>NORMAL</mode>
<retentionStrategy class="hudson.slaves.RetentionStrategy$Always"/>
<launcher class="hudson.plugins.sshslaves.SSHLauncher"
plugin="ssh-slaves@0.21">
<host>172.16.5.10</host>
<port>22</port>
<credentialsId>950d5dd7-acb2-402a-8670-21f152d04928</credentialsId>
</launcher>
<label></label>
<nodeProperties/>
</slave>
<slave>
<name>Fedora20</name>
<description></description>
<remoteFS>/mnt/jenkins/</remoteFS>
<numExecutors>2</numExecutors>
<mode>NORMAL</mode>
<retentionStrategy class="hudson.slaves.RetentionStrategy$Always"/>
<launcher class="hudson.plugins.sshslaves.SSHLauncher"
plugin="ssh-slaves@0.21">
<host>172.16.5.23</host>
<port>22</port>
<credentialsId>950d5dd7-acb2-402a-8670-21f152d04928</credentialsId>
</launcher>
<label></label>
<nodeProperties/>
</slave>
<slave>
<name>EL7-beta</name>
<description></description>
<remoteFS>/mnt/jenkins/</remoteFS>
<numExecutors>2</numExecutors>
<mode>NORMAL</mode>
<retentionStrategy class="hudson.slaves.RetentionStrategy$Always"/>
<launcher class="hudson.plugins.sshslaves.SSHLauncher"
plugin="ssh-slaves@0.21">
<host>172.16.5.14</host>
<port>22</port>
<credentialsId>950d5dd7-acb2-402a-8670-21f152d04928</credentialsId>
</launcher>
<label></label>
<nodeProperties/>
</slave>
</slaves>
<quietPeriod>5</quietPeriod>
<scmCheckoutRetryCount>0</scmCheckoutRetryCount>
<views>
<hudson.model.AllView>
<owner class="hudson" reference="../../.."/>
<name>All</name>
<filterExecutors>false</filterExecutors>
<filterQueue>false</filterQueue>
<properties class="hudson.model.View$PropertyList"/>
</hudson.model.AllView>
</views>
<primaryView>All</primaryView>
<slaveAgentPort>0</slaveAgentPort>
<label></label>
<crumbIssuer class="hudson.security.csrf.DefaultCrumbIssuer">
<excludeClientIPFromCrumb>false</excludeClientIPFromCrumb>
<PROXY__HEADER>X-Forwarded-For</PROXY__HEADER>
</crumbIssuer>
<nodeProperties/>
<globalNodeProperties/>
</hudson>

8
files/jenkins/master/hudson.plugins.git.GitSCM.xml Normal file
View File

@@ -0,0 +1,8 @@
<?xml version='1.0' encoding='UTF-8'?>
<hudson.plugins.git.GitSCM_-DescriptorImpl plugin="git@1.1.25">
<helpRedirect/>
<generation>1</generation>
<globalConfigName>jenkins @ fedora infr</globalConfigName>
<globalConfigEmail>infrastructure@fedoraproject.org</globalConfigEmail>
<createAccountBasedOnEmail>false</createAccountBasedOnEmail>
</hudson.plugins.git.GitSCM_-DescriptorImpl>

22
files/jenkins/master/hudson.plugins.warnings.WarningsPublisher.xml Normal file
View File

@@ -0,0 +1,22 @@
<?xml version='1.0' encoding='UTF-8'?>
<!-- plugin requested by user rholy (ticket #4175) -->
<hudson.plugins.warnings.WarningsDescriptor plugin="warnings@4.39">
<groovyParsers>
<hudson.plugins.warnings.GroovyParser>
<name>pyflakes</name>
<regexp>^(.*):([0-9]*):(.*)$</regexp>
<script>import hudson.plugins.warnings.parser.Warning
import hudson.plugins.analysis.util.model.Priority
String fileName = matcher.group(1)
String category = &quot;PyFlakes Error&quot;
String lineNumber = matcher.group(2)
String message = matcher.group(3)
return new Warning(fileName, Integer.parseInt(lineNumber), category, &quot;PyFlakes Parser&quot;, message, Priority.NORMAL);</script>
<example></example>
<linkName>https://pypi.python.org/pypi/pyflakes</linkName>
<trendName>pyflakes errors</trendName>
</hudson.plugins.warnings.GroovyParser>
</groovyParsers>
</hudson.plugins.warnings.WarningsDescriptor>

10
files/jenkins/master/hudson.tasks.Mailer.xml Normal file
View File

@@ -0,0 +1,10 @@
<?xml version='1.0' encoding='UTF-8'?>
<hudson.tasks.Mailer_-DescriptorImpl>
<helpRedirect/>
<defaultSuffix>@fedoraproject.org</defaultSuffix>
<hudsonUrl>http://jenkins.cloud.fedoraproject.org/</hudsonUrl>
<adminAddress>jenkins@fedoraproject.org</adminAddress>
<smtpHost>localhost</smtpHost>
<useSsl>false</useSsl>
<charset>UTF-8</charset>
</hudson.tasks.Mailer_-DescriptorImpl>

6
files/jenkins/master/hudson.triggers.SCMTrigger.xml Normal file
View File

@@ -0,0 +1,6 @@
<?xml version='1.0' encoding='UTF-8'?>
<hudson.triggers.SCMTrigger_-DescriptorImpl>
<helpRedirect/>
<synchronousPolling>false</synchronousPolling>
<maximumThreads>0</maximumThreads>
</hudson.triggers.SCMTrigger_-DescriptorImpl>

9
files/jenkins/master/jenkins-apache.conf Normal file
View File

@@ -0,0 +1,9 @@
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
ProxyRequests Off
# Local reverse proxy authorization override
<Proxy http://localhost:8080/*>
Order deny,allow
Allow from all
</Proxy>

Some files were not shown because too many files have changed in this diff Show More