diff options
293 files changed, 2441 insertions, 2796 deletions
diff --git a/CONVENTIONS b/CONVENTIONS index f6c2eec65..f6b37fefe 100644 --- a/CONVENTIONS +++ b/CONVENTIONS @@ -9,7 +9,7 @@ Playbook naming =============== The top level playbooks directory should contain: -* Playbooks that are generic and used by serveral groups/hosts playbooks +* Playbooks that are generic and used by several groups/hosts playbooks * Playbooks used for utility purposes from command line * Groups and Hosts subdirs. @@ -95,7 +95,7 @@ We would like to get ansible running over hosts in an automated way. A git hook could do this. * On commit: - If we have a way to detemine exactly what hosts are affected by a + If we have a way to determine exactly what hosts are affected by a change we could simply run only on those hosts. We might want a short delay (10m) to allow someone to see a problem diff --git a/README.cloud b/README.cloud index f46dd0190..5bff2e419 100644 --- a/README.cloud +++ b/README.cloud @@ -169,7 +169,13 @@ and traceroute and friends). === TERMINATING INSTANCES === For transient: -1. source /srv/private/ansible/files/openstack/transient-admin/keystonerc.sh +1. source /srv/private/ansible/files/openstack/novarc + +2. export OS_TENANT_NAME=transient + +2. nova list | grep <ip of your instance or name of your instance> + +3. nova delete <name of instance or ID of instance> - OR - diff --git a/files/gnome/backup.sh b/files/gnome/backup.sh index 12bb66853..5577df33f 100644 --- a/files/gnome/backup.sh +++ b/files/gnome/backup.sh @@ -32,8 +32,7 @@ MACHINES='signal.gnome.org bugzilla-new.gnome.org socket.gnome.org' -BACKUP_DIR='/fedora_backups/gnome/' -LOGS_DIR='/fedora_backups/gnome/logs' +BACKUP_DIR='/gnome_backups/' for MACHINE in $MACHINES; do rsync -avz -e 'ssh -F /usr/local/etc/gnome_ssh_config' --bwlimit=2000 $MACHINE:/etc/rsyncd/backup.exclude $BACKUP_DIR/excludes/$MACHINE.exclude diff --git a/files/gnome/ssh_config b/files/gnome/ssh_config index c46ffa013..bc151dea5 100644 --- a/files/gnome/ssh_config +++ b/files/gnome/ssh_config @@ -1,4 +1,4 @@ -Host live.gnome.org extensions.gnome.org puppet.gnome.org view.gnome.org drawable.gnome.org +Host live.gnome.org extensions.gnome.org puppet.gnome.org view.gnome.org User root IdentityFile /usr/local/etc/gnome_backup_id.rsa ProxyCommand ssh -W %h:%p bastion.gnome.org -F /usr/local/etc/gnome_ssh_config diff --git a/files/hotfix/autocloud/consumer.py b/files/hotfix/autocloud/consumer.py new file mode 100644 index 000000000..c70cde984 --- /dev/null +++ b/files/hotfix/autocloud/consumer.py @@ -0,0 +1,163 @@ +# -*- coding: utf-8 -*- + +import fedmsg.consumers +import koji + +from autocloud.utils import get_image_url, produce_jobs, get_image_name +import autocloud + +import logging +log = logging.getLogger("fedmsg") + +DEBUG = autocloud.DEBUG + + +class AutoCloudConsumer(fedmsg.consumers.FedmsgConsumer): + + if DEBUG: + topic = [ + 'org.fedoraproject.dev.__main__.buildsys.build.state.change', + 'org.fedoraproject.dev.__main__.buildsys.task.state.change', + ] + + else: + topic = [ + 'org.fedoraproject.prod.buildsys.build.state.change', + 'org.fedoraproject.prod.buildsys.task.state.change', + ] + + config_key = 'autocloud.consumer.enabled' + + def __init__(self, *args, **kwargs): + super(AutoCloudConsumer, self).__init__(*args, **kwargs) + + def _get_tasks(self, builds): + """ Takes a list of koji createImage task IDs and returns dictionary of + build ids and image url corresponding to that build ids""" + + if autocloud.VIRTUALBOX: + _supported_images = ('Fedora-Cloud-Base-Vagrant', + 'Fedora-Cloud-Atomic-Vagrant',) + else: + _supported_images = ('Fedora-Cloud-Base-Vagrant', + 'Fedora-Cloud-Atomic-Vagrant', + 'Fedora-Cloud-Atomic', 'Fedora-Cloud-Base',) + + for build in builds: + log.info('Got Koji build {0}'.format(build)) + + # Create a Koji connection to the Fedora Koji instance + koji_session = koji.ClientSession(autocloud.KOJI_SERVER_URL) + + image_files = [] # list of full URLs of files + + if len(builds) == 1: + task_result = koji_session.getTaskResult(builds[0]) + name = task_result.get('name') + #TODO: Change to get the release information from PDC instead + # of koji once it is set up + release = task_result.get('version') + if name in _supported_images: + task_relpath = koji.pathinfo.taskrelpath(int(builds[0])) + url = get_image_url(task_result.get('files'), task_relpath) + if url: + name = get_image_name(image_name=name) + data = { + 'buildid': builds[0], + 'image_url': url, + 'name': name, + 'release': release, + } + image_files.append(data) + elif len(builds) >= 2: + koji_session.multicall = True + for build in builds: + koji_session.getTaskResult(build) + results = koji_session.multiCall() + for result in results: + + if not result: + continue + + name = result[0].get('name') + if name not in _supported_images: + continue + + #TODO: Change to get the release information from PDC instead + # of koji once it is set up + release = result[0].get('version') + task_relpath = koji.pathinfo.taskrelpath( + int(result[0].get('task_id'))) + url = get_image_url(result[0].get('files'), task_relpath) + if url: + name = get_image_name(image_name=name) + data = { + 'buildid': result[0]['task_id'], + 'image_url': url, + 'name': name, + 'release': release, + } + image_files.append(data) + + return image_files + + def consume(self, msg): + """ This is called when we receive a message matching the topic. """ + + if msg['topic'].endswith('.buildsys.task.state.change'): + # Do the thing you've always done... this will go away soon. + # releng is transitioning away from it. + self._consume_scratch_task(msg) + elif msg['topic'].endswith('.buildsys.build.state.change'): + # Do the new thing we need to do. handle a 'real build' from koji, + # not just a scratch task. + self._consume_real_build(msg) + else: + raise NotImplementedError("Should be impossible to get here...") + + def _consume_real_build(self, msg): + builds = list() # These will be the Koji task IDs to upload, if any. + + msg = msg['body']['msg'] + if msg['owner'] != 'releng': + log.debug("Dropping message. Owned by %r" % msg['owner']) + return + + if msg['instance'] != 'primary': + log.info("Dropping message. From %r instance." % msg['instance']) + return + + # Don't upload *any* images if one of them fails. + if msg['new'] != 1: + log.info("Dropping message. State is %r" % msg['new']) + return + + koji_session = koji.ClientSession(autocloud.KOJI_SERVER_URL) + children = koji_session.getTaskChildren(msg['task_id']) + for child in children: + if child["method"] == "createImage": + builds.append(child["id"]) + + if len(builds) > 0: + produce_jobs(self._get_tasks(builds)) + + def _consume_scratch_task(self, msg): + builds = list() # These will be the Koji build IDs to upload, if any. + + msg_info = msg["body"]["msg"]["info"] + + log.info('Received %r %r' % (msg['topic'], msg['body']['msg_id'])) + + # If the build method is "image", we check to see if the child + # task's method is "createImage". + if msg_info["method"] == "image": + if isinstance(msg_info["children"], list): + for child in msg_info["children"]: + if child["method"] == "createImage": + # We only care about the image if the build + # completed successfully (with state code 2). + if child["state"] == 2: + builds.append(child["id"]) + + if len(builds) > 0: + produce_jobs(self._get_tasks(builds)) diff --git a/files/httpd/qadevel-virtualhost.conf.j2 b/files/httpd/qadevel-virtualhost.conf.j2 new file mode 100644 index 000000000..cca7a7afa --- /dev/null +++ b/files/httpd/qadevel-virtualhost.conf.j2 @@ -0,0 +1,22 @@ +# this is meant for proxied stuff only, hence the lack of ssl + +<VirtualHost *:80> + # Change this to the domain which points to your host. + ServerName {{ item.name }} + + DocumentRoot {{ item.document_root }} + + ErrorLog "/var/log/httpd/{{ item.name }}.error_log" + CustomLog "/var/log/httpd/{{ item.name }}.access_log" common + + <Directory "{{ item.document_root }}"> + Options Indexes FollowSymLinks + Require all granted + </Directory> + + <Location "/"> + Options +Indexes + DirectoryIndex default.html + </Location> + +</VirtualHost> diff --git a/files/iptables/iptables b/files/iptables/iptables deleted file mode 100644 index 43e2190f0..000000000 --- a/files/iptables/iptables +++ /dev/null @@ -1,46 +0,0 @@ -# {{ ansible_managed }} -*filter -:INPUT ACCEPT [0:0] -:FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [0:0] - -# allow ping and traceroute --A INPUT -p icmp -j ACCEPT - -# localhost is fine --A INPUT -i lo -j ACCEPT - -# Established connections allowed --A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT --A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT - -# allow ssh - always --A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT - -# for nrpe - allow it from nocs --A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT -# FIXME - this is the global nat-ip and we need the noc01-specific ip --A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.102 -j ACCEPT --A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT --A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT - - -# if the host/group defines incoming tcp_ports - allow them -{% for port in tcp_ports %} --A INPUT -p tcp -m tcp --dport {{ port }} -j ACCEPT -{% endfor %} - -# if the host/group defines incoming udp_ports - allow them -{% for port in udp_ports %} --A INPUT -p udp -m udp --dport {{ port }} -j ACCEPT -{% endfor %} - -# if there are custom rules - put them in as-is -{% for rule in custom_rules %} -{{ rule }} -{% endfor %} - -# otherwise kick everything out --A INPUT -j REJECT --reject-with icmp-host-prohibited --A FORWARD -j REJECT --reject-with icmp-host-prohibited -COMMIT diff --git a/files/iptables/iptables.sign b/files/iptables/iptables.sign deleted file mode 100644 index f213e8855..000000000 --- a/files/iptables/iptables.sign +++ /dev/null @@ -1,14 +0,0 @@ -# {{ ansible_managed }} -*filter -:INPUT ACCEPT [0:0] -:FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [0:0] --A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT --A INPUT -p icmp -j ACCEPT --A INPUT -i lo -j ACCEPT -# Allow connections from client/server --A INPUT -p tcp -m tcp --dport 44333:44334 -j ACCEPT --A INPUT -j REJECT --reject-with icmp-host-prohibited --A FORWARD -j REJECT --reject-with icmp-host-prohibited -COMMIT - diff --git a/files/iptables/iptables.staging b/files/iptables/iptables.staging deleted file mode 100644 index 5fc0cfa4c..000000000 --- a/files/iptables/iptables.staging +++ /dev/null @@ -1,58 +0,0 @@ -# {{ ansible_managed }} -*nat -:PREROUTING ACCEPT [] -:POSTROUTING ACCEPT [] -:OUTPUT ACCEPT [] - -# Redirect staging attempts to talk to the external proxy to an internal ip. -# This is primarily for openid in staging which needs to get around proxy -# redirects. --A OUTPUT -d 209.132.181.5 -j DNAT --to-destination 10.5.126.88 - -COMMIT - -*filter -:INPUT ACCEPT [0:0] -:FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [0:0] - -# allow ping and traceroute --A INPUT -p icmp -j ACCEPT - -# localhost is fine --A INPUT -i lo -j ACCEPT - -# Established connections allowed --A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT --A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT - -# allow ssh - always --A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT - -# for nrpe - allow it from nocs --A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT -# FIXME - this is the global nat-ip and we need the noc01-specific ip --A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.102 -j ACCEPT --A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT --A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT - - -# if the host/group defines incoming tcp_ports - allow them -{% for port in tcp_ports %} --A INPUT -p tcp -m tcp --dport {{ port }} -j ACCEPT -{% endfor %} - -# if the host/group defines incoming udp_ports - allow them -{% for port in udp_ports %} --A INPUT -p udp -m udp --dport {{ port }} -j ACCEPT -{% endfor %} - -# if there are custom rules - put them in as-is -{% for rule in custom_rules %} -{{ rule }} -{% endfor %} - -# otherwise kick everything out --A INPUT -j REJECT --reject-with icmp-host-prohibited --A FORWARD -j REJECT --reject-with icmp-host-prohibited -COMMIT diff --git a/filter_plugins/fedmsg.py b/filter_plugins/fedmsg.py index de31a2a17..60beaf8bc 100644 --- a/filter_plugins/fedmsg.py +++ b/filter_plugins/fedmsg.py @@ -9,7 +9,7 @@ def invert_fedmsg_policy(groups, vars, env): """ if env == 'staging': - hosts = groups['staging'] + hosts = groups['staging'] + groups['fedmsg-qa-network-stg'] else: hosts = [h for h in groups['all'] if h not in groups['staging']] diff --git a/handlers/restart_services.yml b/handlers/restart_services.yml index 940e11405..75a805bfe 100644 --- a/handlers/restart_services.yml +++ b/handlers/restart_services.yml @@ -45,9 +45,6 @@ - name: restart jenkins action: service name=jenkins state=restarted -- name: restart kojid - action: service name=kojid state=restarted - - name: restart koschei-polling action: service name=koschei-polling state=restarted @@ -63,9 +60,6 @@ - name: restart libvirtd action: service name=libvirtd state=restarted -- name: restart lighttpd - action: service name=lighttpd state=restarted - - name: restart mailman action: service name=mailman state=restarted @@ -111,12 +105,6 @@ - name: restart rpcidmapd action: service name=rpcidmapd state=restarted -- name: restart rsyslog - action: service name=rsyslog state=restarted - -- name: restart sshd - action: service name=sshd state=restarted - - name: restart xinetd action: service name=xinetd state=restarted @@ -126,9 +114,6 @@ - name: restart network action: service name=network state=restarted -- name: restart unbound - action: service name=unbound state=restarted - - name: rebuild postfix transport command: /usr/sbin/postmap /etc/postfix/transport @@ -164,21 +149,6 @@ ignore_errors: true when: ansible_virtualization_role == 'host' -- name: restart haproxy - service: name=haproxy state=restarted - -- name: restart varnish - service: name=varnish state=restarted - -- name: restart keepalived - service: name=keepalived state=restarted - -- name: restart mariadb - service: name=mariadb state=restarted - -- name: restart squid - service: name=squid state=restarted - - name: "update ca-trust" command: /usr/bin/update-ca-trust @@ -196,9 +166,6 @@ - name: restart autocloud service: name=autocloud state=restarted -- name: restart infinoted - service: name=infinoted state=restarted - - name: restart mirrorlist-server service: name=mirrorlist-server state=restarted diff --git a/handlers/update_ca_trust.yml b/handlers/update_ca_trust.yml deleted file mode 100644 index e24c66ae2..000000000 --- a/handlers/update_ca_trust.yml +++ /dev/null @@ -1,6 +0,0 @@ -######################################## -# Handlers for updating ca trust -# - -- name: update ca trust - shell: "update-ca-trust" diff --git a/inventory/builders b/inventory/builders index 105a2cd62..bc20e764e 100644 --- a/inventory/builders +++ b/inventory/builders @@ -33,29 +33,29 @@ buildvm-01.stg.phx2.fedoraproject.org [buildvm-ppc64] buildvm-ppc64-01.ppc.fedoraproject.org -buildvm-ppc64-02.qa.fedoraproject.org -buildvm-ppc64-03.qa.fedoraproject.org -buildvm-ppc64-04.qa.fedoraproject.org -buildvm-ppc64-06.qa.fedoraproject.org -buildvm-ppc64-07.qa.fedoraproject.org -buildvm-ppc64-08.qa.fedoraproject.org +buildvm-ppc64-02.ppc.fedoraproject.org +buildvm-ppc64-03.ppc.fedoraproject.org +buildvm-ppc64-04.ppc.fedoraproject.org +buildvm-ppc64-06.ppc.fedoraproject.org +buildvm-ppc64-07.ppc.fedoraproject.org +buildvm-ppc64-08.ppc.fedoraproject.org [buildvm-ppc64le] buildvm-ppc64le-01.ppc.fedoraproject.org -buildvm-ppc64le-02.qa.fedoraproject.org -buildvm-ppc64le-03.qa.fedoraproject.org -buildvm-ppc64le-04.qa.fedoraproject.org -buildvm-ppc64le-06.qa.fedoraproject.org -buildvm-ppc64le-07.qa.fedoraproject.org -buildvm-ppc64le-08.qa.fedoraproject.org +buildvm-ppc64le-02.ppc.fedoraproject.org +buildvm-ppc64le-03.ppc.fedoraproject.org +buildvm-ppc64le-04.ppc.fedoraproject.org +buildvm-ppc64le-06.ppc.fedoraproject.org +buildvm-ppc64le-07.ppc.fedoraproject.org +buildvm-ppc64le-08.ppc.fedoraproject.org [buildvmhost] buildvmhost-10.phx2.fedoraproject.org buildvmhost-11.phx2.fedoraproject.org buildvmhost-12.phx2.fedoraproject.org -ppc8-02.qa.fedoraproject.org -ppc8-03.qa.fedoraproject.org -ppc8-04.qa.fedoraproject.org +#ppc8-02.ppc.fedoraproject.org +#ppc8-03.ppc.fedoraproject.org +#ppc8-04.ppc.fedoraproject.org [buildhw] buildhw-01.phx2.fedoraproject.org diff --git a/inventory/group_vars/basset b/inventory/group_vars/basset new file mode 100644 index 000000000..8b21f6960 --- /dev/null +++ b/inventory/group_vars/basset @@ -0,0 +1,17 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 4096 +num_cpus: 2 + +custom_rules: [ + # fas01, fas02, and fas03 + '-A INPUT -p tcp -m tcp -s 10.5.126.25 --dport 80 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.126.26 --dport 80 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.126.30 --dport 80 -j ACCEPT', + # wiki01, wiki02 + '-A INPUT -p tcp -m tcp -s 10.5.126.63 --dport 80 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 10.5.126.73 --dport 80 -j ACCEPT', +] + +fas_client_groups: sysadmin-main diff --git a/inventory/group_vars/basset-stg b/inventory/group_vars/basset-stg new file mode 100644 index 000000000..02049e527 --- /dev/null +++ b/inventory/group_vars/basset-stg @@ -0,0 +1,14 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 20000 +mem_size: 4096 +num_cpus: 2 + +custom_rules: [ + # fas01.stg + '-A INPUT -p tcp -m tcp -s 10.5.126.86 --dport 80 -j ACCEPT', + # wiki01.stg + '-A INPUT -p tcp -m tcp -s 10.5.126.60 --dport 80 -j ACCEPT', +] + +fas_client_groups: sysadmin-main diff --git a/inventory/group_vars/bodhi-backend b/inventory/group_vars/bodhi-backend index 796c058f2..dfc9440e8 100644 --- a/inventory/group_vars/bodhi-backend +++ b/inventory/group_vars/bodhi-backend @@ -42,6 +42,6 @@ fedmsg_error_recipients: nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3" fas_client_groups: sysadmin-releng -sudoers: "{{ private }}/files/sudo/releng-sudoers" +sudoers: "{{ private }}/files/sudo/00releng-sudoers" ## XXX - note that the csi_ stuff is kept at the host_vars/ level. diff --git a/inventory/group_vars/bodhi-backend-stg b/inventory/group_vars/bodhi-backend-stg index a4f772395..4f9204ec3 100644 --- a/inventory/group_vars/bodhi-backend-stg +++ b/inventory/group_vars/bodhi-backend-stg @@ -73,7 +73,7 @@ fedmsg_certs: - bodhi.updates.fedora.sync fas_client_groups: sysadmin-releng -sudoers: "{{ private }}/files/sudo/releng-sudoers" +sudoers: "{{ private }}/files/sudo/00releng-sudoers" # For the MOTD diff --git a/inventory/group_vars/bugzilla2fedmsg b/inventory/group_vars/bugzilla2fedmsg index c67496066..41fdecc86 100644 --- a/inventory/group_vars/bugzilla2fedmsg +++ b/inventory/group_vars/bugzilla2fedmsg @@ -7,7 +7,7 @@ freezes: false # for systems that do not match the above - specify the same parameter in # the host_vars/$hostname file -tcp_ports: [ 3000, 3001 ] +tcp_ports: [ 3000, 3001, 3002, 3003 ] fas_client_groups: sysadmin-noc,sysadmin-datanommer diff --git a/inventory/group_vars/buildarm b/inventory/group_vars/buildarm index c57d03776..8d36e739b 100644 --- a/inventory/group_vars/buildarm +++ b/inventory/group_vars/buildarm @@ -1,6 +1,6 @@ host_group: kojibuilder fas_client_groups: sysadmin-releng -sudoers: "{{ private }}/files/sudo/releng-sudoers" +sudoers: "{{ private }}/files/sudo/00releng-sudoers" ansible_ifcfg_blacklist: true koji_server_url: "http://koji.fedoraproject.org/kojihub" diff --git a/inventory/group_vars/buildhw b/inventory/group_vars/buildhw index ab559caab..6c2cc5e39 100644 --- a/inventory/group_vars/buildhw +++ b/inventory/group_vars/buildhw @@ -1,7 +1,7 @@ --- host_group: kojibuilder fas_client_groups: sysadmin-releng -sudoers: "{{ private }}/files/sudo/releng-sudoers" +sudoers: "{{ private }}/files/sudo/00releng-sudoers" freezes: true koji_server_url: "http://koji.fedoraproject.org/kojihub" diff --git a/inventory/group_vars/buildppc b/inventory/group_vars/buildppc index d0891f9f6..76c7e4cc4 100644 --- a/inventory/group_vars/buildppc +++ b/inventory/group_vars/buildppc @@ -21,7 +21,7 @@ virt_install_command: "{{ virt_install_command_two_nic }}" # the host_vars/$hostname file host_group: kojibuilder fas_client_groups: sysadmin-releng -sudoers: "{{ private }}/files/sudo/releng-sudoers" +sudoers: "{{ private }}/files/sudo/00releng-sudoers" koji_server_url: "http://koji.fedoraproject.org/kojihub" koji_weburl: "http://koji.fedoraproject.org/koji" diff --git a/inventory/group_vars/buildppcle b/inventory/group_vars/buildppcle index 8c001a248..9bafafe7a 100644 --- a/inventory/group_vars/buildppcle +++ b/inventory/group_vars/buildppcle @@ -20,7 +20,7 @@ virt_install_command: "{{ virt_install_command_two_nic }}" # the host_vars/$hostname file host_group: kojibuilder fas_client_groups: sysadmin-releng -sudoers: "{{ private }}/files/sudo/releng-sudoers" +sudoers: "{{ private }}/files/sudo/00releng-sudoers" koji_server_url: "http://koji.fedoraproject.org/kojihub" koji_weburl: "http://koji.fedoraproject.org/koji" diff --git a/inventory/group_vars/buildvm b/inventory/group_vars/buildvm index 4b3a6d28a..a16019f5e 100644 --- a/inventory/group_vars/buildvm +++ b/inventory/group_vars/buildvm @@ -16,7 +16,7 @@ virt_install_command: "{{ virt_install_command_two_nic }}" # the host_vars/$hostname file host_group: kojibuilder fas_client_groups: sysadmin-releng -sudoers: "{{ private }}/files/sudo/releng-sudoers" +sudoers: "{{ private }}/files/sudo/00releng-sudoers" koji_server_url: "http://koji.fedoraproject.org/kojihub" koji_weburl: "http://koji.fedoraproject.org/koji" diff --git a/inventory/group_vars/buildvm-ppc64 b/inventory/group_vars/buildvm-ppc64 index dbfbab7d0..2776abb29 100644 --- a/inventory/group_vars/buildvm-ppc64 +++ b/inventory/group_vars/buildvm-ppc64 @@ -6,15 +6,16 @@ mem_size: 10240 num_cpus: 4 ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-23-ppc64 ks_repo: http://10.5.126.23/pub/fedora-secondary/releases/23/Server/ppc64/os/ -nm: 255.255.255.128 -gw: 10.5.124.254 +nm: 255.255.255.0 +gw: 10.5.129.254 dns: 10.5.126.21 +main_bridge: br1 # for systems that do not match the above - specify the same parameter in # the host_vars/$hostname file host_group: kojibuilder fas_client_groups: sysadmin-releng,sysadmin-secondary -sudoers: "{{ private }}/files/sudo/releng-sudoers" +sudoers: "{{ private }}/files/sudo/00releng-sudoers" virt_install_command: "{{ virt_install_command_one_nic }} --graphics none" diff --git a/inventory/group_vars/buildvm-ppc64le b/inventory/group_vars/buildvm-ppc64le index 8c1ebd6d3..1ef361055 100644 --- a/inventory/group_vars/buildvm-ppc64le +++ b/inventory/group_vars/buildvm-ppc64le @@ -6,15 +6,16 @@ mem_size: 10240 num_cpus: 4 ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-23-ppc64le ks_repo: http://10.5.126.23/pub/fedora-secondary/releases/23/Server/ppc64le/os/ -nm: 255.255.255.128 -gw: 10.5.124.254 +nm: 255.255.255.0 +gw: 10.5.129.254 dns: 10.5.126.21 +main_bridge: br1 # for systems that do not match the above - specify the same parameter in # the host_vars/$hostname file host_group: kojibuilder fas_client_groups: sysadmin-releng,sysadmin-secondary -sudoers: "{{ private }}/files/sudo/releng-sudoers" +sudoers: "{{ private }}/files/sudo/00releng-sudoers" virt_install_command: "{{ virt_install_command_one_nic }} --graphics none" diff --git a/inventory/group_vars/buildvm-stg b/inventory/group_vars/buildvm-stg index 293d05b29..08562ba89 100644 --- a/inventory/group_vars/buildvm-stg +++ b/inventory/group_vars/buildvm-stg @@ -14,7 +14,7 @@ dns: 10.5.126.21 # the host_vars/$hostname file host_group: kojibuilder fas_client_groups: sysadmin-releng -sudoers: "{{ private }}/files/sudo/releng-sudoers" +sudoers: "{{ private }}/files/sudo/00releng-sudoers" datacenter: staging nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid" diff --git a/inventory/group_vars/composers b/inventory/group_vars/composers index 61959c029..7976593db 100644 --- a/inventory/group_vars/composers +++ b/inventory/group_vars/composers @@ -15,6 +15,8 @@ virt_install_command: "{{ virt_install_command_two_nic }}" nrpe_procs_warn: 900 nrpe_procs_crit: 1000 +sudoers: "{{ private }}/files/sudo/00releng-sudoers" + host_group: releng # These are consumed by a task in roles/fedmsg/base/main.yml diff --git a/inventory/group_vars/copr-back b/inventory/group_vars/copr-back index db0bd4fcc..f6303f110 100644 --- a/inventory/group_vars/copr-back +++ b/inventory/group_vars/copr-back @@ -26,7 +26,7 @@ frontend_base_url: "https://copr.fedorainfracloud.org" # See http://infrastructure.fedoraproject.org/csi/security-policy/ csi_security_category: High -csi_primary_contact: msuchy (mirek, vgologuz) IRC #fedora-admin, #fedora-buildsys +csi_primary_contact: msuchy (mirek, clime, asamalik, frostyx) IRC #fedora-admin, #fedora-buildsys csi_purpose: Provide the backend for copr (3rd party packages) csi_relationship: | - Backend: Management of copr cloud infrastructure (OpenStack). diff --git a/inventory/group_vars/copr-back-stg b/inventory/group_vars/copr-back-stg index c6b790985..37905d758 100644 --- a/inventory/group_vars/copr-back-stg +++ b/inventory/group_vars/copr-back-stg @@ -24,6 +24,6 @@ frontend_base_url: "http://copr-fe-dev.cloud.fedoraproject.org" # See http://infrastructure.fedoraproject.org/csi/security-policy/ csi_security_category: Moderate -csi_primary_contact: msuchy (mirek, vgologuz) IRC #fedora-admin, #fedora-buildsys +csi_primary_contact: msuchy (mirek, clime, frostyx, asamalik) IRC #fedora-admin, #fedora-buildsys csi_purpose: Provide the testing environment of copr's backend csi_relationship: This host is the testing environment for the cloud infrastructure of copr's backend diff --git a/inventory/group_vars/copr-front b/inventory/group_vars/copr-front index ac00a6b87..a7d37810e 100644 --- a/inventory/group_vars/copr-front +++ b/inventory/group_vars/copr-front @@ -1,13 +1,13 @@ --- copr_hostname: "copr-fe.cloud.fedoraproject.org" -copr_frontend_public_hostname: "copr.fedoraproject.org" +copr_frontend_public_hostname: "copr.fedorainfracloud.org" # These variables are pushed into /etc/system_identification by the base role. # Groups and individual hosts should override them with specific info. # See http://infrastructure.fedoraproject.org/csi/security-policy/ csi_security_category: Moderate -csi_primary_contact: msuchy (mirek, vgologuz) IRC #fedora-admin, #fedora-buildsys +csi_primary_contact: msuchy (mirek, clime, asamalik, frostyx) IRC #fedora-admin, #fedora-buildsys csi_purpose: Provide a publicly accessible frontend for 3rd party packages (copr) csi_relationship: | - This host provides the frontend part of copr only. diff --git a/inventory/group_vars/docker-registry b/inventory/group_vars/docker-registry new file mode 100644 index 000000000..97faec6be --- /dev/null +++ b/inventory/group_vars/docker-registry @@ -0,0 +1,5 @@ +--- +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +fas_client_groups: sysadmin-releng diff --git a/inventory/group_vars/docker-registry-stg b/inventory/group_vars/docker-registry-stg new file mode 100644 index 000000000..97faec6be --- /dev/null +++ b/inventory/group_vars/docker-registry-stg @@ -0,0 +1,5 @@ +--- +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +fas_client_groups: sysadmin-releng diff --git a/inventory/group_vars/download-phx2 b/inventory/group_vars/download-phx2 index 111eeca3d..8f5e1e5a7 100644 --- a/inventory/group_vars/download-phx2 +++ b/inventory/group_vars/download-phx2 @@ -5,5 +5,9 @@ rsyncd_conf: "rsyncd.conf.download-{{ datacenter }}" nrpe_procs_warn: 900 nrpe_procs_crit: 1000 +host_group: download-phx2 + # nfs mount options, overrides the all/default nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,actimeo=600,nfsvers=3" + +blocked_ips: [ '8.39.100.100', '46.29.92.6', '69.47.68.211', '83.110.159.237', '103.193.116.147', '130.193.57.106', '130.193.60.205', '158.39.4.2', '169.53.165.245', '193.52.32.69', '195.23.131.253', '198.11.167.9', '202.202.43.41' ] diff --git a/inventory/group_vars/faf-stg b/inventory/group_vars/faf-stg new file mode 100644 index 000000000..67f8a43b6 --- /dev/null +++ b/inventory/group_vars/faf-stg @@ -0,0 +1,6 @@ +--- +fas_client_groups: retrace + +tcp_ports: [ 80, 443 ] + +sudoers: "{{ private }}/files/sudo/retrace-sudoers" diff --git a/inventory/group_vars/gnome-backups b/inventory/group_vars/gnome-backups new file mode 100644 index 000000000..5c4a8b59e --- /dev/null +++ b/inventory/group_vars/gnome-backups @@ -0,0 +1,6 @@ +csi_purpose: GNOME Infrastructure Backups facility +csi_relationship: | + Provides rdiff-backup based backups to all the GNOME Infrastructure + machines and services + - This machine mainly relies on the Red Hat sponsored NetApp assigned + to the GNOME Project where all the backups do reside diff --git a/inventory/group_vars/koji b/inventory/group_vars/koji index df2bfa267..6096adbbd 100644 --- a/inventory/group_vars/koji +++ b/inventory/group_vars/koji @@ -19,7 +19,7 @@ custom_rules: [ ] fas_client_groups: sysadmin-releng -sudoers: "{{ private }}/files/sudo/releng-sudoers" +sudoers: "{{ private }}/files/sudo/00releng-sudoers" # These are consumed by a task in roles/fedmsg/base/main.yml fedmsg_certs: diff --git a/inventory/group_vars/koji-stg b/inventory/group_vars/koji-stg index b34c56ddb..487682992 100644 --- a/inventory/group_vars/koji-stg +++ b/inventory/group_vars/koji-stg @@ -36,7 +36,7 @@ fedmsg_certs: # NOTE -- staging mounts read-only nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3" -sudoers: "{{ private }}/files/sudo/releng-sudoers" +sudoers: "{{ private }}/files/sudo/00releng-sudoers" koji_server_url: "http://koji.stg.fedoraproject.org/kojihub" koji_weburl: "http://koji.stg.fedoraproject.org/koji" diff --git a/inventory/group_vars/openqa b/inventory/group_vars/openqa index a7ca00aba..a44b4c5e9 100644 --- a/inventory/group_vars/openqa +++ b/inventory/group_vars/openqa @@ -3,6 +3,8 @@ virt_install_command: "{{ virt_install_command_one_nic }} --cpu=host-passthrough external_hostname: openqa.fedoraproject.org +openqa_static_uid: 601 + openqa_hostname: localhost openqa_email: adamwill@fedoraproject.org openqa_nickname: adamwill @@ -13,6 +15,7 @@ openqa_dbname: openqa openqa_dbhost: db-qa01.qa.fedoraproject.org openqa_dbuser: openqa openqa_dbpassword: "{{ prod_openqa_dbpassword }}" +openqa_assetsize: 300 openqa_key: "{{ prod_openqa_apikey }}" openqa_secret: "{{ prod_openqa_apisecret }}" diff --git a/inventory/group_vars/openqa-stg b/inventory/group_vars/openqa-stg index 4e498de56..69671e76f 100644 --- a/inventory/group_vars/openqa-stg +++ b/inventory/group_vars/openqa-stg @@ -14,6 +14,8 @@ virt_install_command: "{{ virt_install_command_one_nic }} --cpu=host-passthrough external_hostname: openqa.stg.fedoraproject.org +openqa_static_uid: 601 + openqa_hostname: localhost openqa_email: adamwill@fedoraproject.org openqa_nickname: adamwill @@ -24,6 +26,7 @@ openqa_dbname: openqa-stg openqa_dbhost: db-qa01.qa.fedoraproject.org openqa_dbuser: openqastg openqa_dbpassword: "{{ stg_openqa_dbpassword }}" +openqa_assetsize: 300 openqa_workers: 3 diff --git a/inventory/group_vars/osbs-stg b/inventory/group_vars/osbs-stg index 768067ec3..1b6424de3 100644 --- a/inventory/group_vars/osbs-stg +++ b/inventory/group_vars/osbs-stg @@ -7,4 +7,4 @@ num_cpus: 2 tcp_ports: [ 80, 443 ] fas_client_groups: sysadmin-releng,fi-apprentice -sudoers: "{{ private }}/files/sudo/releng-sudoers" +sudoers: "{{ private }}/files/sudo/00releng-sudoers" diff --git a/inventory/group_vars/pagure b/inventory/group_vars/pagure index 19141f5ac..410fb3833 100644 --- a/inventory/group_vars/pagure +++ b/inventory/group_vars/pagure @@ -48,6 +48,7 @@ fedmsg_certs: - pagure.pull-request.flag.added - pagure.pull-request.flag.updated - pagure.pull-request.new + - pagure.request.assigned.added - pagure.git.receive diff --git a/inventory/group_vars/pagure-stg b/inventory/group_vars/pagure-stg index 17e0d624b..367a3e6d0 100644 --- a/inventory/group_vars/pagure-stg +++ b/inventory/group_vars/pagure-stg @@ -47,6 +47,7 @@ fedmsg_certs: - pagure.pull-request.comment.added - pagure.pull-request.flag.added - pagure.pull-request.flag.updated + - pagure.request.assigned.added - pagure.pull-request.new fedmsg_prefix: io.pagure diff --git a/inventory/group_vars/pdc-backend b/inventory/group_vars/pdc-backend index 9c2bd0ad2..0aeef5df0 100644 --- a/inventory/group_vars/pdc-backend +++ b/inventory/group_vars/pdc-backend @@ -4,6 +4,8 @@ lvm_size: 20000 mem_size: 2048 num_cpus: 2 +host_group: pdc-backend + # for systems that do not match the above - specify the same parameter in # the host_vars/$hostname file diff --git a/inventory/group_vars/pdc-backend-stg b/inventory/group_vars/pdc-backend-stg index 94825a1bf..ee576eb03 100644 --- a/inventory/group_vars/pdc-backend-stg +++ b/inventory/group_vars/pdc-backend-stg @@ -4,6 +4,8 @@ lvm_size: 20000 mem_size: 2048 num_cpus: 1 +host_group: pdc-backend + # for systems that do not match the above - specify the same parameter in # the host_vars/$hostname file diff --git a/inventory/group_vars/pdc-web b/inventory/group_vars/pdc-web index f07deb7fe..eeefe04f1 100644 --- a/inventory/group_vars/pdc-web +++ b/inventory/group_vars/pdc-web @@ -29,6 +29,7 @@ fedmsg_certs: - service: pdc owner: root group: apache - # We don't have notifications from PDC yet, but when we do, add them here. - #can_send: - #- pdc.somethingorother + can_send: + - pdc.compose + - pdc.rpms + - pdc.images diff --git a/inventory/group_vars/pdc-web-stg b/inventory/group_vars/pdc-web-stg index 1c55f0735..2afec3241 100644 --- a/inventory/group_vars/pdc-web-stg +++ b/inventory/group_vars/pdc-web-stg @@ -29,6 +29,7 @@ fedmsg_certs: - service: pdc owner: root group: apache - # We don't have notifications from PDC yet, but when we do, add them here. - #can_send: - #- pdc.somethingorother + can_send: + - pdc.compose + - pdc.rpms + - pdc.images diff --git a/inventory/group_vars/pkgs b/inventory/group_vars/pkgs index 2ebef2668..fa294497a 100644 --- a/inventory/group_vars/pkgs +++ b/inventory/group_vars/pkgs @@ -18,7 +18,7 @@ git_group: packager git_port: 9418 git_server: /usr/libexec/git-core/git-daemon git_server_args: --export-all --syslog --inetd --verbose -git_basepath: /srv/git/repositories/rpms +git_basepath: /srv/git/repositories git_daemon_user: nobody clamscan_mailto: admin@fedoraproject.org diff --git a/inventory/group_vars/proxies b/inventory/group_vars/proxies index 3122f29b8..2a4c1d0b6 100644 --- a/inventory/group_vars/proxies +++ b/inventory/group_vars/proxies @@ -46,8 +46,6 @@ custom_rules: [ '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.184.57 -j ACCEPT', # Allow copr-be.cloud to talk to the inbound fedmsg relay. '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.184.48 -j ACCEPT', - # Also, ppc-composer.qa.fedoraproject.org (secondary arch) - '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.181.33 -j ACCEPT', # Also, ppc-hub.qa.fedoraproject.org (secondary arch koji) '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.181.21 -j ACCEPT', # Also, arm-koji01.qa.fedoraproject.org (secondary arch) diff --git a/inventory/group_vars/proxies-stg b/inventory/group_vars/proxies-stg index 6fbf1b242..3b081ed36 100644 --- a/inventory/group_vars/proxies-stg +++ b/inventory/group_vars/proxies-stg @@ -45,8 +45,6 @@ custom_rules: [ '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.184.57 -j ACCEPT', # Allow copr-be.cloud to talk to the inbound fedmsg relay. '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.184.131 -j ACCEPT', - # Also, ppc-composer.qa.fedoraproject.org (secondary arch) - '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.181.33 -j ACCEPT', # Also, ppc-hub.qa.fedoraproject.org (secondary arch koji) '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.181.21 -j ACCEPT', # Also, s390-hub01.qa.fedoraproject.org (secondary arch) diff --git a/inventory/group_vars/qa-stg b/inventory/group_vars/qa-stg index 0640b5dae..6921e8081 100644 --- a/inventory/group_vars/qa-stg +++ b/inventory/group_vars/qa-stg @@ -20,6 +20,8 @@ external_hostname: qa.stg.fedoraproject.org # not needed with new setup #sslcertfile: qa-stg.qa.fedoraproject.org.cert #sslkeyfile: qa-stg.qa.fedoraproject.org.key +sslcertfile: '' +sslkeyfile: '' sslintermediatecertfile: '' mariadb_host: localhost @@ -76,8 +78,8 @@ tcp_ports: [ 80, 222, 443, "{{ buildslave_port }}", 3306 ] # static sites static_sites: - - name: docs.{{ external_hostname }} - document_root: /var/www/docs + - name: docs.{{ inventory_hostname }} + document_root: /srv/content/docs sslonly: false freezes: false diff --git a/inventory/group_vars/retrace-stg b/inventory/group_vars/retrace-stg new file mode 100644 index 000000000..67f8a43b6 --- /dev/null +++ b/inventory/group_vars/retrace-stg @@ -0,0 +1,6 @@ +--- +fas_client_groups: retrace + +tcp_ports: [ 80, 443 ] + +sudoers: "{{ private }}/files/sudo/retrace-sudoers" diff --git a/inventory/group_vars/sign-bridge b/inventory/group_vars/sign-bridge index 55170e5ac..c01cbcd6e 100644 --- a/inventory/group_vars/sign-bridge +++ b/inventory/group_vars/sign-bridge @@ -10,4 +10,4 @@ num_cpus: 4 tcp_ports: [ 44333, 44334 ] fas_client_groups: sysadmin-releng -sudoers: "{{ private }}/files/sudo/releng-sudoers" +sudoers: "{{ private }}/files/sudo/00releng-sudoers" diff --git a/inventory/group_vars/taskotron-dev b/inventory/group_vars/taskotron-dev index 4131f9d3e..1513bc549 100644 --- a/inventory/group_vars/taskotron-dev +++ b/inventory/group_vars/taskotron-dev @@ -25,6 +25,7 @@ grokmirror_repos: - { name: fedoraqa/rpmlint, url: 'https://bitbucket.org/fedoraqa/task-rpmlint.git'} - { name: fedoraqa/depcheck, url: 'https://bitbucket.org/fedoraqa/task-depcheck.git'} - { name: fedoraqa/upgradepath, url: 'https://bitbucket.org/fedoraqa/task-upgradepath.git'} + - { name: fedoraqa/dockerautotest, url: 'https://bitbucket.org/fedoraqa/task-dockerautotest.git'} grokmirror_default_branch: develop @@ -53,7 +54,6 @@ landingpage_title: "Taskotron Development" public_artifacts_dir: /srv/taskotron/artifacts cgit_root_title: "Taskotron Dev Server Git Mirror" - ############################################################ # buildbot details ############################################################ diff --git a/inventory/group_vars/virthost b/inventory/group_vars/virthost index cf05a4b1b..b3008767e 100644 --- a/inventory/group_vars/virthost +++ b/inventory/group_vars/virthost @@ -5,8 +5,8 @@ netapp_nfs01_iscsi_name: iqn.1992-08.com.netapp:sn.1573980325:vf.f88732f4-106e-1 netapp_nfs01_iscsi_portal: 10.5.88.36 virthost: true -nrpe_procs_warn: 900 -nrpe_procs_crit: 1000 +nrpe_procs_warn: 1000 +nrpe_procs_crit: 1100 # These variables are pushed into /etc/system_identification by the base role. # Groups and individual hosts should override them with specific info. diff --git a/inventory/host_vars/basset01.phx2.fedoraproject.org b/inventory/host_vars/basset01.phx2.fedoraproject.org new file mode 100644 index 000000000..e28ba087c --- /dev/null +++ b/inventory/host_vars/basset01.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.194 +vmhost: virthost19.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/basset01.stg.phx2.fedoraproject.org b/inventory/host_vars/basset01.stg.phx2.fedoraproject.org new file mode 100644 index 000000000..147762f3b --- /dev/null +++ b/inventory/host_vars/basset01.stg.phx2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ + +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.138 +vmhost: virthost12.phx2.fedoraproject.org +datacenter: phx2 diff --git a/inventory/host_vars/buildppc-01.phx2.fedoraproject.org b/inventory/host_vars/buildppc-01.phx2.fedoraproject.org index 4a524a11b..aac82d6fc 100644 --- a/inventory/host_vars/buildppc-01.phx2.fedoraproject.org +++ b/inventory/host_vars/buildppc-01.phx2.fedoraproject.org @@ -1,4 +1,4 @@ --- -vmhost: ppc8-02.qa.fedoraproject.org +vmhost: ppc8-02.ppc.fedoraproject.org eth0_ip: 10.5.125.29 eth1_ip: 10.5.127.135 diff --git a/inventory/host_vars/buildppc-02.phx2.fedoraproject.org b/inventory/host_vars/buildppc-02.phx2.fedoraproject.org index 15cf29130..a34a10aeb 100644 --- a/inventory/host_vars/buildppc-02.phx2.fedoraproject.org +++ b/inventory/host_vars/buildppc-02.phx2.fedoraproject.org @@ -1,4 +1,4 @@ --- -vmhost: ppc8-02.qa.fedoraproject.org +vmhost: ppc8-02.ppc.fedoraproject.org eth0_ip: 10.5.125.30 eth1_ip: 10.5.127.136 diff --git a/inventory/host_vars/buildppc-03.phx2.fedoraproject.org b/inventory/host_vars/buildppc-03.phx2.fedoraproject.org index c08410fc7..85e9cb26c 100644 --- a/inventory/host_vars/buildppc-03.phx2.fedoraproject.org +++ b/inventory/host_vars/buildppc-03.phx2.fedoraproject.org @@ -1,4 +1,4 @@ --- -vmhost: ppc8-03.qa.fedoraproject.org +vmhost: ppc8-03.ppc.fedoraproject.org eth0_ip: 10.5.125.27 eth1_ip: 10.5.127.137 diff --git a/inventory/host_vars/buildppc-04.phx2.fedoraproject.org b/inventory/host_vars/buildppc-04.phx2.fedoraproject.org index 33642599c..8a7a354b7 100644 --- a/inventory/host_vars/buildppc-04.phx2.fedoraproject.org +++ b/inventory/host_vars/buildppc-04.phx2.fedoraproject.org @@ -1,4 +1,4 @@ --- -vmhost: ppc8-04.qa.fedoraproject.org +vmhost: ppc8-04.ppc.fedoraproject.org eth0_ip: 10.5.125.28 eth1_ip: 10.5.127.138 diff --git a/inventory/host_vars/buildppcle-01.phx2.fedoraproject.org b/inventory/host_vars/buildppcle-01.phx2.fedoraproject.org index 2b9a239c3..6a516b96a 100644 --- a/inventory/host_vars/buildppcle-01.phx2.fedoraproject.org +++ b/inventory/host_vars/buildppcle-01.phx2.fedoraproject.org @@ -1,4 +1,4 @@ --- -vmhost: ppc8-03.qa.fedoraproject.org +vmhost: ppc8-03.ppc.fedoraproject.org eth0_ip: 10.5.125.23 eth1_ip: 10.5.127.119 diff --git a/inventory/host_vars/buildppcle-02.phx2.fedoraproject.org b/inventory/host_vars/buildppcle-02.phx2.fedoraproject.org index d50d02a99..2c73c31b0 100644 --- a/inventory/host_vars/buildppcle-02.phx2.fedoraproject.org +++ b/inventory/host_vars/buildppcle-02.phx2.fedoraproject.org @@ -1,4 +1,4 @@ --- -vmhost: ppc8-02.qa.fedoraproject.org +vmhost: ppc8-02.ppc.fedoraproject.org eth0_ip: 10.5.125.24 eth1_ip: 10.5.127.120 diff --git a/inventory/host_vars/buildppcle-03.phx2.fedoraproject.org b/inventory/host_vars/buildppcle-03.phx2.fedoraproject.org index f51032323..303dde77c 100644 --- a/inventory/host_vars/buildppcle-03.phx2.fedoraproject.org +++ b/inventory/host_vars/buildppcle-03.phx2.fedoraproject.org @@ -1,4 +1,4 @@ --- -vmhost: ppc8-03.qa.fedoraproject.org +vmhost: ppc8-03.ppc.fedoraproject.org eth0_ip: 10.5.125.25 eth1_ip: 10.5.127.121 diff --git a/inventory/host_vars/buildppcle-04.phx2.fedoraproject.org b/inventory/host_vars/buildppcle-04.phx2.fedoraproject.org index 03f469aec..f68e7ee52 100644 --- a/inventory/host_vars/buildppcle-04.phx2.fedoraproject.org +++ b/inventory/host_vars/buildppcle-04.phx2.fedoraproject.org @@ -1,4 +1,4 @@ --- -vmhost: ppc8-04.qa.fedoraproject.org +vmhost: ppc8-04.ppc.fedoraproject.org eth0_ip: 10.5.125.26 eth1_ip: 10.5.127.122 diff --git a/inventory/host_vars/buildvm-ppc64-01.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64-01.ppc.fedoraproject.org index 9a1667654..cfd338712 100644 --- a/inventory/host_vars/buildvm-ppc64-01.ppc.fedoraproject.org +++ b/inventory/host_vars/buildvm-ppc64-01.ppc.fedoraproject.org @@ -1,6 +1,3 @@ --- -vmhost: ppc8-02.qa.fedoraproject.org +vmhost: ppc8-02.ppc.fedoraproject.org eth0_ip: 10.5.129.64 -nm: 255.255.255.0 -gw: 10.5.129.254 -main_bridge: br1 diff --git a/inventory/host_vars/buildvm-ppc64-02.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64-02.ppc.fedoraproject.org new file mode 100644 index 000000000..472cc05de --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64-02.ppc.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: ppc8-02.ppc.fedoraproject.org +eth0_ip: 10.5.129.66 diff --git a/inventory/host_vars/buildvm-ppc64-02.qa.fedoraproject.org b/inventory/host_vars/buildvm-ppc64-02.qa.fedoraproject.org deleted file mode 100644 index 8d9c277ae..000000000 --- a/inventory/host_vars/buildvm-ppc64-02.qa.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -vmhost: ppc8-02.qa.fedoraproject.org -eth0_ip: 10.5.124.225 -eth0_nm: 255.255.255.128 diff --git a/inventory/host_vars/buildvm-ppc64-03.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64-03.ppc.fedoraproject.org new file mode 100644 index 000000000..7b893f342 --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64-03.ppc.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: ppc8-03.ppc.fedoraproject.org +eth0_ip: 10.5.129.67 diff --git a/inventory/host_vars/buildvm-ppc64-03.qa.fedoraproject.org b/inventory/host_vars/buildvm-ppc64-03.qa.fedoraproject.org deleted file mode 100644 index 0d1f6eb42..000000000 --- a/inventory/host_vars/buildvm-ppc64-03.qa.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -vmhost: ppc8-03.qa.fedoraproject.org -eth0_ip: 10.5.124.201 -eth0_nm: 255.255.255.128 diff --git a/inventory/host_vars/buildvm-ppc64-04.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64-04.ppc.fedoraproject.org new file mode 100644 index 000000000..96e27514e --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64-04.ppc.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: ppc8-04.ppc.fedoraproject.org +eth0_ip: 10.5.129.68 diff --git a/inventory/host_vars/buildvm-ppc64-04.qa.fedoraproject.org b/inventory/host_vars/buildvm-ppc64-04.qa.fedoraproject.org deleted file mode 100644 index 2a0ef40fe..000000000 --- a/inventory/host_vars/buildvm-ppc64-04.qa.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -vmhost: ppc8-04.qa.fedoraproject.org -eth0_ip: 10.5.124.235 -eth0_nm: 255.255.255.128 diff --git a/inventory/host_vars/buildvm-ppc64-05.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64-05.ppc.fedoraproject.org new file mode 100644 index 000000000..5cd7816d1 --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64-05.ppc.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: ppc8-03.ppc.fedoraproject.org +eth0_ip: 10.5.129.69 diff --git a/inventory/host_vars/buildvm-ppc64-06.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64-06.ppc.fedoraproject.org new file mode 100644 index 000000000..88419fe72 --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64-06.ppc.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: ppc8-02.ppc.fedoraproject.org +eth0_ip: 10.5.129.70 diff --git a/inventory/host_vars/buildvm-ppc64-06.qa.fedoraproject.org b/inventory/host_vars/buildvm-ppc64-06.qa.fedoraproject.org deleted file mode 100644 index 8877bb0a6..000000000 --- a/inventory/host_vars/buildvm-ppc64-06.qa.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -vmhost: ppc8-02.qa.fedoraproject.org -eth0_ip: 10.5.124.226 -eth0_nm: 255.255.255.128 diff --git a/inventory/host_vars/buildvm-ppc64-07.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64-07.ppc.fedoraproject.org new file mode 100644 index 000000000..a69618af3 --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64-07.ppc.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: ppc8-03.ppc.fedoraproject.org +eth0_ip: 10.5.129.71 diff --git a/inventory/host_vars/buildvm-ppc64-07.qa.fedoraproject.org b/inventory/host_vars/buildvm-ppc64-07.qa.fedoraproject.org deleted file mode 100644 index 33be80a5c..000000000 --- a/inventory/host_vars/buildvm-ppc64-07.qa.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -vmhost: ppc8-03.qa.fedoraproject.org -eth0_ip: 10.5.124.142 -eth0_nm: 255.255.255.128 diff --git a/inventory/host_vars/buildvm-ppc64-08.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64-08.ppc.fedoraproject.org new file mode 100644 index 000000000..e38469d11 --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64-08.ppc.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: ppc8-04.ppc.fedoraproject.org +eth0_ip: 10.5.129.72 diff --git a/inventory/host_vars/buildvm-ppc64-08.qa.fedoraproject.org b/inventory/host_vars/buildvm-ppc64-08.qa.fedoraproject.org deleted file mode 100644 index 41d5466b1..000000000 --- a/inventory/host_vars/buildvm-ppc64-08.qa.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -vmhost: ppc8-04.qa.fedoraproject.org -eth0_ip: 10.5.124.133 -eth0_nm: 255.255.255.128 diff --git a/inventory/host_vars/buildvm-ppc64le-01.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-01.ppc.fedoraproject.org index 8fb01b39f..63087cc2f 100644 --- a/inventory/host_vars/buildvm-ppc64le-01.ppc.fedoraproject.org +++ b/inventory/host_vars/buildvm-ppc64le-01.ppc.fedoraproject.org @@ -1,6 +1,3 @@ --- -vmhost: ppc8-02.qa.fedoraproject.org +vmhost: ppc8-02.ppc.fedoraproject.org eth0_ip: 10.5.129.65 -nm: 255.255.255.0 -gw: 10.5.129.254 -main_bridge: br1 diff --git a/inventory/host_vars/buildvm-ppc64le-02.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-02.ppc.fedoraproject.org new file mode 100644 index 000000000..78163e80c --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64le-02.ppc.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: ppc8-02.ppc.fedoraproject.org +eth0_ip: 10.5.129.73 diff --git a/inventory/host_vars/buildvm-ppc64le-02.qa.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-02.qa.fedoraproject.org deleted file mode 100644 index 9a3281591..000000000 --- a/inventory/host_vars/buildvm-ppc64le-02.qa.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -vmhost: ppc8-02.qa.fedoraproject.org -eth0_ip: 10.5.124.227 -eth0_nm: 255.255.255.128 diff --git a/inventory/host_vars/buildvm-ppc64le-03.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-03.ppc.fedoraproject.org new file mode 100644 index 000000000..9e6c51790 --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64le-03.ppc.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: ppc8-03.ppc.fedoraproject.org +eth0_ip: 10.5.129.74 diff --git a/inventory/host_vars/buildvm-ppc64le-03.qa.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-03.qa.fedoraproject.org deleted file mode 100644 index bd3adbc6a..000000000 --- a/inventory/host_vars/buildvm-ppc64le-03.qa.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -vmhost: ppc8-03.qa.fedoraproject.org -eth0_ip: 10.5.124.216 -eth0_nm: 255.255.255.128 diff --git a/inventory/host_vars/buildvm-ppc64le-04.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-04.ppc.fedoraproject.org new file mode 100644 index 000000000..fdb075144 --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64le-04.ppc.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: ppc8-04.ppc.fedoraproject.org +eth0_ip: 10.5.129.75 diff --git a/inventory/host_vars/buildvm-ppc64le-04.qa.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-04.qa.fedoraproject.org deleted file mode 100644 index d5417c036..000000000 --- a/inventory/host_vars/buildvm-ppc64le-04.qa.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -vmhost: ppc8-04.qa.fedoraproject.org -eth0_ip: 10.5.124.223 -eth0_nm: 255.255.255.128 diff --git a/inventory/host_vars/buildvm-ppc64le-05.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-05.ppc.fedoraproject.org new file mode 100644 index 000000000..a80294088 --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64le-05.ppc.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: ppc8-03.ppc.fedoraproject.org +eth0_ip: 10.5.129.76 diff --git a/inventory/host_vars/buildvm-ppc64le-06.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-06.ppc.fedoraproject.org new file mode 100644 index 000000000..a5fc09093 --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64le-06.ppc.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: ppc8-02.ppc.fedoraproject.org +eth0_ip: 10.5.129.77 diff --git a/inventory/host_vars/buildvm-ppc64le-06.qa.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-06.qa.fedoraproject.org deleted file mode 100644 index 4e74abcce..000000000 --- a/inventory/host_vars/buildvm-ppc64le-06.qa.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -vmhost: ppc8-02.qa.fedoraproject.org -eth0_ip: 10.5.124.233 -eth0_nm: 255.255.255.128 diff --git a/inventory/host_vars/buildvm-ppc64le-07.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-07.ppc.fedoraproject.org new file mode 100644 index 000000000..7212e8b1d --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64le-07.ppc.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: ppc8-03.ppc.fedoraproject.org +eth0_ip: 10.5.129.78 diff --git a/inventory/host_vars/buildvm-ppc64le-07.qa.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-07.qa.fedoraproject.org deleted file mode 100644 index 4a3760754..000000000 --- a/inventory/host_vars/buildvm-ppc64le-07.qa.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -vmhost: ppc8-03.qa.fedoraproject.org -eth0_ip: 10.5.124.224 -eth0_nm: 255.255.255.128 diff --git a/inventory/host_vars/buildvm-ppc64le-08.ppc.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-08.ppc.fedoraproject.org new file mode 100644 index 000000000..bc1462bd1 --- /dev/null +++ b/inventory/host_vars/buildvm-ppc64le-08.ppc.fedoraproject.org @@ -0,0 +1,3 @@ +--- +vmhost: ppc8-04.ppc.fedoraproject.org +eth0_ip: 10.5.129.79 diff --git a/inventory/host_vars/buildvm-ppc64le-08.qa.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-08.qa.fedoraproject.org deleted file mode 100644 index a23fb0d8e..000000000 --- a/inventory/host_vars/buildvm-ppc64le-08.qa.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -vmhost: ppc8-04.qa.fedoraproject.org -eth0_ip: 10.5.124.242 -eth0_nm: 255.255.255.128 diff --git a/inventory/host_vars/compose-ppc64-01.ppc.fedoraproject.org b/inventory/host_vars/compose-ppc64-01.ppc.fedoraproject.org index 18e381580..f52aa37be 100644 --- a/inventory/host_vars/compose-ppc64-01.ppc.fedoraproject.org +++ b/inventory/host_vars/compose-ppc64-01.ppc.fedoraproject.org @@ -4,13 +4,13 @@ ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-23-ppc64 ks_repo: http://10.5.126.23/pub/fedora-secondary/releases/23/Server/ppc64/os/ virt_install_command: "{{ virt_install_command_one_nic }} --graphics none" -vmhost: ppc8-03.qa.fedoraproject.org +vmhost: ppc8-03.ppc.fedoraproject.org eth0_ip: 10.5.129.14 gw: 10.5.129.254 main_bridge: br1 fas_client_groups: sysadmin-noc,sysadmin-releng -sudoers: "{{ private }}/files/sudo/releng-sudoers" +sudoers: "{{ private }}/files/sudo/00releng-sudoers" host_group: releng diff --git a/inventory/host_vars/compose-ppc64le-01.ppc.fedoraproject.org b/inventory/host_vars/compose-ppc64le-01.ppc.fedoraproject.org index 07d4904ee..aa37587d9 100644 --- a/inventory/host_vars/compose-ppc64le-01.ppc.fedoraproject.org +++ b/inventory/host_vars/compose-ppc64le-01.ppc.fedoraproject.org @@ -4,13 +4,13 @@ ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-23-ppc64le ks_repo: http://10.5.126.23/pub/fedora-secondary/releases/23/Server/ppc64le/os/ virt_install_command: "{{ virt_install_command_one_nic }} --graphics none" -vmhost: ppc8-04.qa.fedoraproject.org +vmhost: ppc8-02.ppc.fedoraproject.org eth0_ip: 10.5.129.15 gw: 10.5.129.254 main_bridge: br1 fas_client_groups: sysadmin-noc,sysadmin-releng -sudoers: "{{ private }}/files/sudo/releng-sudoers" +sudoers: "{{ private }}/files/sudo/00releng-sudoers" host_group: releng diff --git a/inventory/host_vars/copr-be-dev.cloud.fedoraproject.org b/inventory/host_vars/copr-be-dev.cloud.fedoraproject.org index 35a45c7b4..5ce301b0f 100644 --- a/inventory/host_vars/copr-be-dev.cloud.fedoraproject.org +++ b/inventory/host_vars/copr-be-dev.cloud.fedoraproject.org @@ -7,7 +7,7 @@ security_group: web-80-anywhere-persistent,web-443-anywhere-persistent,ssh-anywh zone: nova hostbase: copr-be-dev- public_ip: 209.132.184.53 -root_auth_users: bkabrda msuchy tradej pingou vgologuz frostyx asamalik clime +root_auth_users: msuchy pingou vgologuz frostyx asamalik clime description: copr dispatcher and repo server - dev instance tcp_ports: ['22', '80', '443'] # volumes: copr-be-dev-data diff --git a/inventory/host_vars/copr-dist-git-dev.fedorainfracloud.org b/inventory/host_vars/copr-dist-git-dev.fedorainfracloud.org index e00969534..ede5c47b9 100644 --- a/inventory/host_vars/copr-dist-git-dev.fedorainfracloud.org +++ b/inventory/host_vars/copr-dist-git-dev.fedorainfracloud.org @@ -7,7 +7,7 @@ security_group: web-80-anywhere-persistent,ssh-anywhere-persistent,default zone: nova hostbase: copr-dist-git-dev- public_ip: 209.132.184.179 -root_auth_users: bkabrda ryanlerch pingou msuchy tradej asamalik vgologuz frostyx clime +root_auth_users: ryanlerch pingou msuchy asamalik vgologuz frostyx clime description: dist-git for copr service - dev instance tcp_ports: [22, 80] # volumes: copr-dist-git-dev diff --git a/inventory/host_vars/copr-fe-dev.cloud.fedoraproject.org b/inventory/host_vars/copr-fe-dev.cloud.fedoraproject.org index 36f6e5cf7..99502a2e7 100644 --- a/inventory/host_vars/copr-fe-dev.cloud.fedoraproject.org +++ b/inventory/host_vars/copr-fe-dev.cloud.fedoraproject.org @@ -7,7 +7,7 @@ security_group: web-80-anywhere-persistent,web-443-anywhere-persistent,ssh-anywh zone: nova hostbase: copr-fe-dev- public_ip: 209.132.184.55 -root_auth_users: bkabrda ryanlerch pingou msuchy tradej asamalik vgologuz frostyx clime +root_auth_users: ryanlerch pingou msuchy asamalik vgologuz frostyx clime description: copr frontend server - dev instance tcp_ports: [22, 80, 443] # volumes: copr-fe-dev-db diff --git a/inventory/host_vars/db-arm-koji01.qa.fedoraproject.org b/inventory/host_vars/db-arm-koji01.qa.fedoraproject.org index ba4b991b9..3aa1bf021 100644 --- a/inventory/host_vars/db-arm-koji01.qa.fedoraproject.org +++ b/inventory/host_vars/db-arm-koji01.qa.fedoraproject.org @@ -40,4 +40,5 @@ nrpe_procs_warn: 600 nrpe_procs_crit: 700 host_backup_targets: ['/backups'] -shared_buffers: "4GB" +shared_buffers: "2GB" +effective_cache_size: "6GB" diff --git a/inventory/host_vars/db-datanommer02.phx2.fedoraproject.org b/inventory/host_vars/db-datanommer02.phx2.fedoraproject.org index 2c427e5c7..ed55f8f22 100644 --- a/inventory/host_vars/db-datanommer02.phx2.fedoraproject.org +++ b/inventory/host_vars/db-datanommer02.phx2.fedoraproject.org @@ -29,3 +29,4 @@ kernel_shmmax: 68719476736 host_backup_targets: ['/backups'] shared_buffers: "4GB" +effective_cache_size: "12GB" diff --git a/inventory/host_vars/db-fas01.phx2.fedoraproject.org b/inventory/host_vars/db-fas01.phx2.fedoraproject.org index 83372cc15..f2777a689 100644 --- a/inventory/host_vars/db-fas01.phx2.fedoraproject.org +++ b/inventory/host_vars/db-fas01.phx2.fedoraproject.org @@ -37,6 +37,9 @@ custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.46 --dport 5432 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.47 --dport 5432 -j ACCEPT' , + # basset01 + '-A INPUT -p tcp -m tcp -s 10.5.126.194 --dport 5432 -j ACCEPT', + # sundries02... '-A INPUT -p tcp -m tcp -s 10.5.126.41 --dport 5432 -j ACCEPT', @@ -52,4 +55,5 @@ nrpe_procs_warn: 400 nrpe_procs_crit: 500 host_backup_targets: ['/backups'] -shared_buffers: "32MB" +shared_buffers: "2GB" +effective_cache_size: "6GB" diff --git a/inventory/host_vars/db-fas01.stg.phx2.fedoraproject.org b/inventory/host_vars/db-fas01.stg.phx2.fedoraproject.org index 09a95043e..b67fe110b 100644 --- a/inventory/host_vars/db-fas01.stg.phx2.fedoraproject.org +++ b/inventory/host_vars/db-fas01.stg.phx2.fedoraproject.org @@ -36,4 +36,5 @@ nrpe_procs_warn: 400 nrpe_procs_crit: 500 host_backup_targets: ['/backups'] -shared_buffers: "32MB" +shared_buffers: "1GB" +effective_cache_size: "3GB" diff --git a/inventory/host_vars/db-koji01.phx2.fedoraproject.org b/inventory/host_vars/db-koji01.phx2.fedoraproject.org index 41f3677fc..f4d1f635e 100644 --- a/inventory/host_vars/db-koji01.phx2.fedoraproject.org +++ b/inventory/host_vars/db-koji01.phx2.fedoraproject.org @@ -39,4 +39,5 @@ nrpe_procs_warn: 600 nrpe_procs_crit: 700 host_backup_targets: ['/backups'] -shared_buffers: "4GB" +shared_buffers: "8GB" +effective_cache_size: "24GB" diff --git a/inventory/host_vars/db-qa01.qa.fedoraproject.org b/inventory/host_vars/db-qa01.qa.fedoraproject.org index a0c8899c1..bc62331a8 100644 --- a/inventory/host_vars/db-qa01.qa.fedoraproject.org +++ b/inventory/host_vars/db-qa01.qa.fedoraproject.org @@ -43,4 +43,5 @@ fas_client_groups: sysadmin-qa,sysadmin-noc kernel_shmmax: 68719476736 host_backup_targets: ['/backups'] -shared_buffers: "4GB" +shared_buffers: "2GB" +effective_cache_size: "6GB" diff --git a/inventory/host_vars/db-s390-koji01.qa.fedoraproject.org b/inventory/host_vars/db-s390-koji01.qa.fedoraproject.org index e4b50868a..552030b6b 100644 --- a/inventory/host_vars/db-s390-koji01.qa.fedoraproject.org +++ b/inventory/host_vars/db-s390-koji01.qa.fedoraproject.org @@ -40,4 +40,5 @@ nrpe_procs_warn: 600 nrpe_procs_crit: 700 host_backup_targets: ['/backups'] -shared_buffers: "4GB" +shared_buffers: "6GB" +effective_cache_size: "18GB" diff --git a/inventory/host_vars/db01.phx2.fedoraproject.org b/inventory/host_vars/db01.phx2.fedoraproject.org index ec300a2dc..a3a4f8e81 100644 --- a/inventory/host_vars/db01.phx2.fedoraproject.org +++ b/inventory/host_vars/db01.phx2.fedoraproject.org @@ -76,5 +76,5 @@ nrpe_procs_warn: 800 nrpe_procs_crit: 900 host_backup_targets: ['/backups'] -shared_buffers: "1GB" - +shared_buffers: "4GB" +effective_cache_size: "12GB" diff --git a/inventory/host_vars/db01.stg.phx2.fedoraproject.org b/inventory/host_vars/db01.stg.phx2.fedoraproject.org index e44646efe..a023488f5 100644 --- a/inventory/host_vars/db01.stg.phx2.fedoraproject.org +++ b/inventory/host_vars/db01.stg.phx2.fedoraproject.org @@ -43,4 +43,5 @@ custom_rules: [ '-A INPUT -p tcp -m tcp --dport 5432 -j ACCEPT' ] # nrpe_procs_warn: 800 nrpe_procs_crit: 900 -shared_buffers: "1GB" +shared_buffers: "4GB" +effective_cache_size: "12GB" diff --git a/inventory/host_vars/docker-registry01.phx2.fedoraproject.org b/inventory/host_vars/docker-registry01.phx2.fedoraproject.org index 62015079f..b0ad9f26b 100644 --- a/inventory/host_vars/docker-registry01.phx2.fedoraproject.org +++ b/inventory/host_vars/docker-registry01.phx2.fedoraproject.org @@ -2,7 +2,7 @@ nm: 255.255.255.0 gw: 10.5.125.254 dns: 10.5.126.21 -ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7-docker-reg ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ volgroup: /dev/VirtGuests eth0_ip: 10.5.125.56 diff --git a/inventory/host_vars/docker-registry01.stg.phx2.fedoraproject.org b/inventory/host_vars/docker-registry01.stg.phx2.fedoraproject.org index 7bf36c496..4a65b962b 100644 --- a/inventory/host_vars/docker-registry01.stg.phx2.fedoraproject.org +++ b/inventory/host_vars/docker-registry01.stg.phx2.fedoraproject.org @@ -1,12 +1,12 @@ --- nm: 255.255.255.0 -gw: 10.5.125.254 +gw: 10.5.126.254 dns: 10.5.126.21 -ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7-docker-reg ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ -volgroup: /dev/VirtGuests -eth0_ip: 10.5.125.55 -vmhost: bvirthost07.phx2.fedoraproject.org +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.217 +vmhost: virthost20.phx2.fedoraproject.org datacenter: phx2 nrpe_procs_warn: 900 diff --git a/inventory/host_vars/faf01.stg.phx2.fedoraproject.org b/inventory/host_vars/faf01.stg.phx2.fedoraproject.org new file mode 100644 index 000000000..12f20c94f --- /dev/null +++ b/inventory/host_vars/faf01.stg.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.199 +vmhost: virthost20.phx2.fedoraproject.org +datacenter: phx2 + +mem_size: 4096 +max_mem_size: 16384 +num_cpus: 2 diff --git a/inventory/host_vars/koschei01.stg.phx2.fedoraproject.org b/inventory/host_vars/koschei01.stg.phx2.fedoraproject.org index d9cd3d03c..c408ba6d3 100644 --- a/inventory/host_vars/koschei01.stg.phx2.fedoraproject.org +++ b/inventory/host_vars/koschei01.stg.phx2.fedoraproject.org @@ -3,8 +3,8 @@ nm: 255.255.255.0 gw: 10.5.126.254 dns: 10.5.126.21 -ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 -ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-23 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/23/Server/x86_64/os/ volgroup: /dev/vg_guests eth0_ip: 10.5.126.221 diff --git a/inventory/host_vars/osbs-master01.phx2.fedoraproject.org b/inventory/host_vars/osbs-master01.phx2.fedoraproject.org index 62015079f..919c15d96 100644 --- a/inventory/host_vars/osbs-master01.phx2.fedoraproject.org +++ b/inventory/host_vars/osbs-master01.phx2.fedoraproject.org @@ -2,10 +2,10 @@ nm: 255.255.255.0 gw: 10.5.125.254 dns: 10.5.126.21 -ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7-osbs ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ volgroup: /dev/VirtGuests -eth0_ip: 10.5.125.56 +eth0_ip: 10.5.125.55 vmhost: bvirthost07.phx2.fedoraproject.org datacenter: phx2 diff --git a/inventory/host_vars/osbs-master01.stg.phx2.fedoraproject.org b/inventory/host_vars/osbs-master01.stg.phx2.fedoraproject.org index 3a061663c..4e37cddd8 100644 --- a/inventory/host_vars/osbs-master01.stg.phx2.fedoraproject.org +++ b/inventory/host_vars/osbs-master01.stg.phx2.fedoraproject.org @@ -1,12 +1,12 @@ --- nm: 255.255.255.0 -gw: 10.5.125.254 +gw: 10.5.126.254 dns: 10.5.126.21 -ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7-osbs ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ -volgroup: /dev/VirtGuests -eth0_ip: 10.5.125.53 -vmhost: bvirthost07.phx2.fedoraproject.org +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.216 +vmhost: virthost20.phx2.fedoraproject.org datacenter: phx2 nrpe_procs_warn: 900 diff --git a/inventory/host_vars/pagure-stg01.fedoraproject.org b/inventory/host_vars/pagure-stg01.fedoraproject.org index bdc648e50..c7fca4ee0 100644 --- a/inventory/host_vars/pagure-stg01.fedoraproject.org +++ b/inventory/host_vars/pagure-stg01.fedoraproject.org @@ -18,4 +18,5 @@ datacenter: osuosl # PostgreSQL configuration # -shared_buffers: "32MB" +shared_buffers: "2GB" +effective_cache_size: "6GB" diff --git a/inventory/host_vars/pagure01.fedoraproject.org b/inventory/host_vars/pagure01.fedoraproject.org index 7ec1028c4..9c85e9c13 100644 --- a/inventory/host_vars/pagure01.fedoraproject.org +++ b/inventory/host_vars/pagure01.fedoraproject.org @@ -19,3 +19,4 @@ datacenter: osuosl # shared_buffers: "32MB" +effective_cache_size: "512MB" diff --git a/inventory/host_vars/regcfp.fedorainfracloud.org b/inventory/host_vars/regcfp.fedorainfracloud.org index 540539367..cf8c74bf0 100644 --- a/inventory/host_vars/regcfp.fedorainfracloud.org +++ b/inventory/host_vars/regcfp.fedorainfracloud.org @@ -19,4 +19,4 @@ cloud_networks: custom_rules: [ '-A INPUT -p tcp -m tcp --dport 5432 -j ACCEPT' ] shared_buffers: "1GB" - +effective_cache_size: "2GB" diff --git a/inventory/host_vars/retrace01.stg.phx2.fedoraproject.org b/inventory/host_vars/retrace01.stg.phx2.fedoraproject.org new file mode 100644 index 000000000..952301e02 --- /dev/null +++ b/inventory/host_vars/retrace01.stg.phx2.fedoraproject.org @@ -0,0 +1,14 @@ +--- +nm: 255.255.255.0 +gw: 10.5.126.254 +dns: 10.5.126.21 +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 +ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.5.126.198 +vmhost: virthost20.phx2.fedoraproject.org +datacenter: phx2 + +mem_size: 4096 +max_mem_size: 16384 +num_cpus: 2 diff --git a/inventory/host_vars/testdays.fedorainfracloud.org b/inventory/host_vars/testdays.fedorainfracloud.org index 017650c13..88cf72146 100644 --- a/inventory/host_vars/testdays.fedorainfracloud.org +++ b/inventory/host_vars/testdays.fedorainfracloud.org @@ -24,6 +24,8 @@ freezes: false ############################################################ shared_buffers: "32MB" +effective_cache_size: "256MB" + host_backup_targets: ['/backups'] dbs_to_backup: - testdays diff --git a/inventory/inventory b/inventory/inventory index af109f4eb..54d205525 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -42,6 +42,12 @@ arm01-retrace01.arm.fedoraproject.org retrace01.qa.fedoraproject.org retrace02.qa.fedoraproject.org +[retrace-stg] +retrace01.stg.phx2.fedoraproject.org + +[faf-stg] +faf01.stg.phx2.fedoraproject.org + [ask] ask01.phx2.fedoraproject.org ask02.phx2.fedoraproject.org @@ -68,6 +74,12 @@ badges-web02.phx2.fedoraproject.org [badges-web-stg] badges-web01.stg.phx2.fedoraproject.org +[basset] +basset01.phx2.fedoraproject.org + +[basset-stg] +basset01.stg.phx2.fedoraproject.org + [bastion] bastion01.phx2.fedoraproject.org bastion02.phx2.fedoraproject.org @@ -579,6 +591,7 @@ autocloud-backend01.stg.phx2.fedoraproject.org autocloud-backend02.stg.phx2.fedoraproject.org badges-backend01.stg.phx2.fedoraproject.org badges-web01.stg.phx2.fedoraproject.org +basset01.stg.phx2.fedoraproject.org blockerbugs01.stg.phx2.fedoraproject.org bodhi02.stg.phx2.fedoraproject.org bodhi-backend01.stg.phx2.fedoraproject.org @@ -595,6 +608,7 @@ db01.stg.phx2.fedoraproject.org db03.stg.phx2.fedoraproject.org db-fas01.stg.phx2.fedoraproject.org elections01.stg.phx2.fedoraproject.org +faf01.stg.phx2.fedoraproject.org fas01.stg.phx2.fedoraproject.org fedimg01.stg.phx2.fedoraproject.org fedocal01.stg.phx2.fedoraproject.org @@ -623,6 +637,7 @@ pkgs01.stg.phx2.fedoraproject.org proxy01.stg.phx2.fedoraproject.org qa-stg01.qa.fedoraproject.org:222 resultsdb-stg01.qa.fedoraproject.org +retrace01.stg.phx2.fedoraproject.org statscache-web01.stg.phx2.fedoraproject.org statscache-web02.stg.phx2.fedoraproject.org statscache-backend01.stg.phx2.fedoraproject.org @@ -781,8 +796,8 @@ wiki02.phx2.fedoraproject.org [zanata2fedmsg-stg] zanata2fedmsg01.stg.phx2.fedoraproject.org -[zanata2fedmsg] -zanata2fedmsg01.phx2.fedoraproject.org +#[zanata2fedmsg] +#zanata2fedmsg01.phx2.fedoraproject.org # This is a convenience group listing the hosts that live on the QA network that @@ -790,6 +805,7 @@ zanata2fedmsg01.phx2.fedoraproject.org # See also: # - inventory/group_vars/proxies for the iptables custom_rules list # - roles/fedmsg/base/templates/relay.py.j2 +# - filter_plugins/fedmsg.py [fedmsg-qa-network] retrace01.qa.fedoraproject.org retrace02.qa.fedoraproject.org @@ -939,6 +955,10 @@ pdc-backend01.phx2.fedoraproject.org [pdc-backend-stg] pdc-backend01.stg.phx2.fedoraproject.org +[transient-cloud] +# fedora-hubs-dev +209.132.184.98 + [persistent-cloud] # artboard instance artboard.fedorainfracloud.org @@ -1086,9 +1106,6 @@ copr-back-stg copr-keygen-stg copr-dist-git-stg -[dopr-stg] -dopr-dev.cloud.fedoraproject.org - [pagure] pagure01.fedoraproject.org @@ -1140,6 +1157,14 @@ taskotron-client23.qa.fedoraproject.org taskotron-client24.qa.fedoraproject.org taskotron-client25.qa.fedoraproject.org -[osbs-hurd] -docker-registry01.phx2.fedoraproject.org. -osbs-master01.phx2.fedoraproject.org +#[osbs] +#osbs-master01.phx2.fedoraproject.org + +[osbs-stg] +osbs-master01.stg.phx2.fedoraproject.org + +#[docker-registry] +#docker-registry01.phx2.fedoraproject.org + +[docker-registry-stg] +docker-registry01.stg.phx2.fedoraproject.org diff --git a/master.yml b/master.yml index b75466b38..b7e5ecb6d 100644 --- a/master.yml +++ b/master.yml @@ -26,7 +26,7 @@ - include: /srv/web/infra/ansible/playbooks/groups/bastion.yml - include: /srv/web/infra/ansible/playbooks/groups/batcave.yml - include: /srv/web/infra/ansible/playbooks/groups/beaker.yml -#- include: /srv/web/infra/ansible/playbooks/groups/beaker-stg.yml +- include: /srv/web/infra/ansible/playbooks/groups/beaker-stg.yml - include: /srv/web/infra/ansible/playbooks/groups/beaker-virthosts.yml - include: /srv/web/infra/ansible/playbooks/groups/blockerbugs.yml - include: /srv/web/infra/ansible/playbooks/groups/bodhi2.yml @@ -124,8 +124,6 @@ - include: /srv/web/infra/ansible/playbooks/hosts/darkserver-dev.fedorainfracloud.org.yml - include: /srv/web/infra/ansible/playbooks/hosts/data-analysis01.phx2.fedoraproject.org.yml - include: /srv/web/infra/ansible/playbooks/hosts/developer.fedorainfracloud.org.yml -# currently doesn't complete -#- include: /srv/web/infra/ansible/playbooks/hosts/dopr-dev.cloud.fedoraproject.org.yml - include: /srv/web/infra/ansible/playbooks/hosts/fas2-dev.fedorainfracloud.org.yml - include: /srv/web/infra/ansible/playbooks/hosts/fas3-dev.fedorainfracloud.org.yml # Temporarily disabled due to tests diff --git a/playbooks/groups/backup-server.yml b/playbooks/groups/backup-server.yml index 8ba65e60e..59ca04363 100644 --- a/playbooks/groups/backup-server.yml +++ b/playbooks/groups/backup-server.yml @@ -33,56 +33,5 @@ - include: "{{ tasks }}/motd.yml" - include: "{{ tasks }}/rdiff_backup_server.yml" - - name: Create GNOME backup user - user: name=gnomebackup state=present home=/fedora_backups/gnome/ createhome=yes shell=/sbin/nologin - - - name: Add a Directory for the Excludes list for each of the backed up GNOME machines - file: dest=/fedora_backups/gnome/excludes owner=gnomebackup group=gnomebackup state=directory - - - name: Install the GNOME SSH configuration file - copy: src="{{ files }}/gnome/ssh_config" dest=/usr/local/etc/gnome_ssh_config mode=0600 owner=gnomebackup - - - name: Install GNOME backup key - copy: src="{{ private }}/files/gnome/backup_id.rsa" dest=/usr/local/etc/gnome_backup_id.rsa mode=0600 owner=gnomebackup - - - name: Install GNOME backup script - copy: src="{{ files }}/gnome/backup.sh" dest=/usr/local/bin/gnome_backup mode=0700 owner=gnomebackup - -# - name: Schedule the GNOME backup script -# cron: name="Backup" hour=5 minute=0 job="(cd /fedora_backups/gnome/; /usr/local/bin/lock-wrapper gnomebackup /usr/local/bin/gnome_backup)" user=gnomebackup - - - name: Add a Directory for each of the GNOME machines - file: dest=/fedora_backups/gnome/{{ item }} owner=gnomebackup group=gnomebackup state=directory - with_items: - - signal.gnome.org - - webapps2.gnome.org - - clutter.gnome.org - - blogs.gnome.org - - view.gnome.org - - puppet.gnome.org - - extensions.gnome.org - - chooser.gnome.org - - git.gnome.org - - webapps.gnome.org - - socket.gnome.org - - bugzilla-web.gnome.org - - progress.gnome.org - - clipboard.gnome.org - - drawable.gnome.org - - vbox.gnome.org - - cloud-ssh.gnome.org - - bastion.gnome.org - - spinner.gnome.org - - master.gnome.org - - live.gnome.org - - combobox.gnome.org - - restaurant.gnome.org - - expander.gnome.org - - accelerator.gnome.org - - range.gnome.org - - pentagon.gimp.org - - account.gnome.org - - bugzilla-new.gnome.org - handlers: - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/basset.yml b/playbooks/groups/basset.yml new file mode 100644 index 000000000..684b12734 --- /dev/null +++ b/playbooks/groups/basset.yml @@ -0,0 +1,39 @@ +# create a new basset server + +- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=basset:basset-stg" + +- name: make the box be real + hosts: basset:basset-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios/client + - hosts + - fas_client + - collectd/base + - rsyncd + - sudo + #- { role: openvpn/client, + # when: env != "staging" } + - mongodb + - rabbitmq + - apache + - basset/frontend + - basset/worker + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + - include: "{{ tasks }}/mod_wsgi.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/blockerbugs.yml b/playbooks/groups/blockerbugs.yml index 3916a988d..27d4b16f8 100644 --- a/playbooks/groups/blockerbugs.yml +++ b/playbooks/groups/blockerbugs.yml @@ -33,4 +33,3 @@ handlers: - include: "{{ handlers }}/restart_services.yml" - - include: "{{ handlers }}/semanage.yml" diff --git a/playbooks/groups/buildhw.yml b/playbooks/groups/buildhw.yml index 283ed6b76..bea92d584 100644 --- a/playbooks/groups/buildhw.yml +++ b/playbooks/groups/buildhw.yml @@ -41,6 +41,7 @@ default: { username: "{{ osbs_koji_stg_username }}", password: "{{ osbs_koji_stg_password }}", + koji_certs_secret: "koji", openshift_url: 'https://{{ osbs_fqdn }}:8443/', registry_uri: 'https://{{ docker_registry }}:5000/v2', source_registry_uri: 'https://{{ docker_registry }}:5000/v2', diff --git a/playbooks/groups/buildvm.yml b/playbooks/groups/buildvm.yml index a1b79443a..c1bda784b 100644 --- a/playbooks/groups/buildvm.yml +++ b/playbooks/groups/buildvm.yml @@ -48,6 +48,7 @@ default: { username: "{{ osbs_koji_stg_username }}", password: "{{ osbs_koji_stg_password }}", + koji_certs_secret: "koji", openshift_url: 'https://{{ osbs_fqdn }}:8443/', registry_uri: 'https://{{ docker_registry }}:5000/v2', source_registry_uri: 'https://{{ docker_registry }}:5000/v2', diff --git a/playbooks/groups/composers.yml b/playbooks/groups/composers.yml index 0eb8a0a98..4f198e7ab 100644 --- a/playbooks/groups/composers.yml +++ b/playbooks/groups/composers.yml @@ -35,8 +35,14 @@ mnt_dir: '/mnt/fedora_koji' nfs_src_dir: 'fedora_koji' when: datacenter == 'staging' + - role: nfs/client + mnt_dir: '/mnt/fedora_koji_prod' + nfs_src_dir: 'fedora_koji' + nfs_mount_opts: 'ro,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3' + when: datacenter == 'staging' - releng - fedmsg/base + - sudo tasks: - include: "{{ tasks }}/yumrepos.yml" diff --git a/playbooks/groups/dhcp.yml b/playbooks/groups/dhcp.yml index d0c34bb44..55f25723d 100644 --- a/playbooks/groups/dhcp.yml +++ b/playbooks/groups/dhcp.yml @@ -28,4 +28,3 @@ handlers: - include: "{{ handlers }}/restart_services.yml" - - include: "{{ handlers }}/semanage.yml" diff --git a/playbooks/groups/docker-registry.yml b/playbooks/groups/docker-registry.yml new file mode 100644 index 000000000..8cdfadfdd --- /dev/null +++ b/playbooks/groups/docker-registry.yml @@ -0,0 +1,30 @@ +# create an osbs server +- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=docker-registry:docker-registry-stg" + +- name: make the box be real + hosts: docker-registry:docker-registry-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios/client + - hosts + - fas_client + - collectd/base + - rsyncd + - sudo + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/gnome-backups.yml b/playbooks/groups/gnome-backups.yml index 163087cac..9fc3dac4c 100644 --- a/playbooks/groups/gnome-backups.yml +++ b/playbooks/groups/gnome-backups.yml @@ -18,6 +18,11 @@ - fas_client - sudo - collectd/base + - gnome_backups + - { role: nfs/client, + mnt_dir: '/gnome_backups', + nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3", + nfs_src_dir: 'gnome_backups' } tasks: - include: "{{ tasks }}/yumrepos.yml" diff --git a/playbooks/groups/koji-hub.yml b/playbooks/groups/koji-hub.yml index 1e6373328..21a580070 100644 --- a/playbooks/groups/koji-hub.yml +++ b/playbooks/groups/koji-hub.yml @@ -43,6 +43,7 @@ default: { username: "{{ osbs_koji_stg_username }}", password: "{{ osbs_koji_stg_password }}", + koji_certs_secret: "koji", openshift_url: 'https://{{ osbs_fqdn }}:8443/', registry_uri: 'https://{{ docker_registry }}:5000/v2', source_registry_uri: 'https://{{ docker_registry }}:5000/v2', diff --git a/playbooks/groups/logserver.yml b/playbooks/groups/logserver.yml index 42cf47434..c045a30ee 100644 --- a/playbooks/groups/logserver.yml +++ b/playbooks/groups/logserver.yml @@ -38,7 +38,6 @@ handlers: - include: "{{ handlers }}/restart_services.yml" - - include: "{{ handlers }}/semanage.yml" - name: Cloud Image stats hosts: log01.phx2.fedoraproject.org diff --git a/playbooks/groups/memcached.yml b/playbooks/groups/memcached.yml index b9593d5cd..0e0fea21e 100644 --- a/playbooks/groups/memcached.yml +++ b/playbooks/groups/memcached.yml @@ -28,4 +28,3 @@ handlers: - include: "{{ handlers }}/restart_services.yml" - - include: "{{ handlers }}/semanage.yml" diff --git a/playbooks/groups/openstack-compute-nodes.yml b/playbooks/groups/openstack-compute-nodes.yml index fee696743..af154f695 100644 --- a/playbooks/groups/openstack-compute-nodes.yml +++ b/playbooks/groups/openstack-compute-nodes.yml @@ -27,4 +27,3 @@ handlers: - include: "{{ handlers }}/restart_services.yml" - - include: "{{ handlers }}/semanage.yml" diff --git a/playbooks/groups/osbs-master.yml b/playbooks/groups/osbs-master.yml new file mode 100644 index 000000000..79b90f8e7 --- /dev/null +++ b/playbooks/groups/osbs-master.yml @@ -0,0 +1,30 @@ +# create an osbs server +- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=osbs:osbs-stg" + +- name: make the box be real + hosts: osbs:osbs-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - base + - rkhunter + - nagios/client + - hosts + - fas_client + - collectd/base + - rsyncd + - sudo + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/groups/proxies.yml b/playbooks/groups/proxies.yml index 90d5001c4..4169be2a0 100644 --- a/playbooks/groups/proxies.yml +++ b/playbooks/groups/proxies.yml @@ -71,20 +71,37 @@ pre_tasks: # - # When we have a prerelease we also need to drop the - # config files. + # When we have a prerelease we also need to drop the config files. - - name: Remove prerelease-to-final-spins - file: path=/etc/httpd/conf.d/spins.fedoraproject.org/prerelease-to-final-spins.conf state=absent + - name: Remove prerelease-to-final-spins-1 + file: path=/etc/httpd/conf.d/spins.fedoraproject.org/prerelease-to-final-spins-1-redirectmatch.conf state=absent - - name: Remove prerelease-to-final-labs - file: path=/etc/httpd/conf.d/labs.fedoraproject.org/prerelease-to-final-labs.conf state=absent + - name: Remove prerelease-to-final-spins-2 + file: path=/etc/httpd/conf.d/spins.fedoraproject.org/prerelease-to-final-spins-2-redirectmatch.conf state=absent + + - name: Remove prerelease-to-final-labs-1 + file: path=/etc/httpd/conf.d/labs.fedoraproject.org/prerelease-to-final-labs-1-redirectmatch.conf state=absent + + - name: Remove prerelease-to-final-labs-2 + file: path=/etc/httpd/conf.d/labs.fedoraproject.org/prerelease-to-final-labs-2-redirectmatch.conf state=absent + + - name: Remove prerelease-to-final-arm-1 + file: path=/etc/httpd/conf.d/arm.fedoraproject.org/prerelease-to-final-arm-1-redirectmatch.conf state=absent + + - name: Remove prerelease-to-final-arm-2 + file: path=/etc/httpd/conf.d/arm.fedoraproject.org/prerelease-to-final-arm-2-redirectmatch.conf state=absent - name: Remove prerelease-to-final-gfo - file: path=/etc/httpd/conf.d/getfedora.org/prerelease-to-final-gfo.conf state=absent + file: path=/etc/httpd/conf.d/getfedora.org/prerelease-to-final-gfo-redirectmatch.conf state=absent + + - name: Remove prerelease-to-final-spins + file: path=/etc/httpd/conf.d/spins.fedoraproject.org/prerelease-to-final-spins-redirectmatch.conf state=absent + + - name: Remove prerelease-to-final-labs + file: path=/etc/httpd/conf.d/labs.fedoraproject.org/prerelease-to-final-labs-redirectmatch.conf state=absent - name: Remove prerelease-to-final-arm - file: path=/etc/httpd/conf.d/arm.fedoraproject.org/prerelease-to-final-gfo.conf state=absent + file: path=/etc/httpd/conf.d/arm.fedoraproject.org/prerelease-to-final-arm-redirectmatch.conf state=absent roles: - httpd/proxy diff --git a/playbooks/groups/qa-stg.yml b/playbooks/groups/qa-stg.yml index 48b5b97c7..fcc3d34c2 100644 --- a/playbooks/groups/qa-stg.yml +++ b/playbooks/groups/qa-stg.yml @@ -83,13 +83,6 @@ - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - - name: ensure ServerName is set in ssl.conf - replace: dest=/etc/httpd/conf.d/ssl.conf regexp='^#ServerName .*$' replace='ServerName {{ external_hostname }}:443' - notify: - - reload httpd - tags: - - qastaticsites - - name: ensure ServerName is set in httpd.conf replace: dest=/etc/httpd/conf/httpd.conf regexp='^#ServerName .*$' replace='ServerName {{ external_hostname }}:443' notify: @@ -98,14 +91,14 @@ - qastaticsites - name: create dirs for static sites - file: path={{ item.document_root }} state=directory owner=apache group=apache mode=1755 - with_items: static_sites + file: path={{ item.document_root }} state=directory owner=apache group=apache mode=1755 setype=httpd_sys_content_t + with_items: "{{ static_sites }}" tags: - qastaticsites - name: generate virtualhosts for static sites - template: src={{ files }}/httpd/newvirtualhost.conf.j2 dest=/etc/httpd/conf.d/{{ item.name }}.conf owner=root group=root mode=0644 - with_items: static_sites + template: src={{ files }}/httpd/qadevel-virtualhost.conf.j2 dest=/etc/httpd/conf.d/{{ item.name }}.conf owner=root group=root mode=0644 + with_items: "{{ static_sites }}" notify: - reload httpd tags: diff --git a/playbooks/groups/retrace.yml b/playbooks/groups/retrace.yml index 732d4a21b..4b488a9cf 100644 --- a/playbooks/groups/retrace.yml +++ b/playbooks/groups/retrace.yml @@ -1,6 +1,7 @@ +- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=faf-stg:retrace-stg" - name: Setup retrace hosts - hosts: retrace + hosts: retrace:faf-stg:retrace-stg user: root gather_facts: True diff --git a/playbooks/groups/unbound.yml b/playbooks/groups/unbound.yml index 6e8c62801..068c41604 100644 --- a/playbooks/groups/unbound.yml +++ b/playbooks/groups/unbound.yml @@ -29,4 +29,3 @@ handlers: - include: "{{ handlers }}/restart_services.yml" - - include: "{{ handlers }}/semanage.yml" diff --git a/playbooks/hosts/blockerbugs-dev.cloud.fedoraproject.org.yml b/playbooks/hosts/blockerbugs-dev.cloud.fedoraproject.org.yml index 517c06fb4..1434578b2 100644 --- a/playbooks/hosts/blockerbugs-dev.cloud.fedoraproject.org.yml +++ b/playbooks/hosts/blockerbugs-dev.cloud.fedoraproject.org.yml @@ -26,7 +26,6 @@ tasks: - include: "{{ tasks }}/cloud_setup_basic.yml" - - include: "{{ tasks }}/iptables.yml" - name: mount up blockerbugs-dev to /srv/persistent mount: name=/srv/persistent src='LABEL=blockerbugs-dev' fstype=ext4 state=mounted diff --git a/playbooks/hosts/cloud-noc01.cloud.fedoraproject.org.yml b/playbooks/hosts/cloud-noc01.cloud.fedoraproject.org.yml index aa824a2e4..73fe45c9b 100644 --- a/playbooks/hosts/cloud-noc01.cloud.fedoraproject.org.yml +++ b/playbooks/hosts/cloud-noc01.cloud.fedoraproject.org.yml @@ -28,5 +28,4 @@ handlers: - include: "{{ handlers }}/restart_services.yml" - - include: "{{ handlers }}/semanage.yml" diff --git a/playbooks/hosts/data-analysis01.phx2.fedoraproject.org.yml b/playbooks/hosts/data-analysis01.phx2.fedoraproject.org.yml index 7d7a8b96e..102b0ccb3 100644 --- a/playbooks/hosts/data-analysis01.phx2.fedoraproject.org.yml +++ b/playbooks/hosts/data-analysis01.phx2.fedoraproject.org.yml @@ -29,7 +29,6 @@ handlers: - include: "{{ handlers }}/restart_services.yml" - - include: "{{ handlers }}/semanage.yml" - name: dole out the service-specific config hosts: data-analysis01.phx2.fedoraproject.org @@ -78,4 +77,8 @@ - name: setup mysql items file: path=/srv/mysql state=directory mode=0770 owner=mysql group=mysql setype=mysqld_db_t - ## + - name: semanage mysql tree + command: /usr/sbin/semanage fcontext -a -t mysqld_db_t "/srv/mysql(/.*)?" + + +## diff --git a/playbooks/hosts/dopr-dev.cloud.fedoraproject.org.yml b/playbooks/hosts/dopr-dev.cloud.fedoraproject.org.yml deleted file mode 100644 index 0dcffe5c4..000000000 --- a/playbooks/hosts/dopr-dev.cloud.fedoraproject.org.yml +++ /dev/null @@ -1,36 +0,0 @@ -#- name: clean known hosts -# hosts: dopr-stg -# remote_user: fedora -# sudo: True -# gather_facts: False -# -# tasks: -# - name: clean out old known_hosts for dopr-dev -# local_action: known_hosts path={{item}} host=dopr-dev.cloud.fedoraproject.org state=absent -# ignore_errors: True -# with_items: -# - /root/.ssh/known_hosts -# - /etc/ssh/ssh_known_hosts -# - name: clean out old known_hosts for dopr-dev ip -# local_action: known_hosts path={{item}} host=209.132.184.42 state=absent -# ignore_errors: True -# with_items: -# - /root/.ssh/known_hosts -# - /etc/ssh/ssh_known_hosts - -- name: provision dopr dev instance - hosts: dopr-stg - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - - roles: - - base - - dopr - - handlers: - - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml b/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml index f35020522..4248e09b8 100644 --- a/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml +++ b/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml @@ -24,7 +24,7 @@ vars: # this is actually without admin tenant all_tenants: ['cloudintern', 'cloudsig', 'copr', 'coprdev', 'infrastructure', - 'persistent', 'pythonbots', 'qa', 'scratch', 'transient'] + 'persistent', 'pythonbots', 'qa', 'scratch', 'transient', 'openshift'] vars_files: - /srv/web/infra/ansible/vars/global.yml @@ -688,6 +688,7 @@ - { name: coprdev, desc: 'Development version of Copr' } - { name: pythonbots, desc: 'project for python build bot users - twisted, etc' } - { name: scratch, desc: 'scratch and short term instances' } + - { name: openshift, desc: 'Tenant for openshift deployment' } ##### USERS ##### @@ -727,6 +728,7 @@ - { name: roshi, email: 'roshi@fedoraproject.org', tenant: qa, password: "{{roshi_password}}" } - { name: maxamillion, email: 'maxamillion@fedoraproject.org', tenant: infrastructure, password: "{{maxamillion_password}}" } - { name: clime, email: 'clime@redhat.com', tenant: copr, password: "{{clime_password}}" } + - { name: misc, email: 'misc@redhat.com', tenant: openshift, password: "{{misc_password}}" } tags: - openstack_users @@ -765,6 +767,7 @@ - { username: admin, name: fedora-admin-20130801, tenant: admin, password: "{{ADMIN_PASS}}", public_key: "{{ lookup('file', files + '/fedora-cloud/fedora-admin-20130801.pub') }}" } - { username: asamalik, name: asamalik, tenant: scratch, password: "{{asamalik_password}}", public_key: "{{ lookup('pipe', '/srv/web/infra/ansible/scripts/auth-keys-from-fas asamalik') }}" } - { username: clime, name: clime, tenant: copr, password: "{{clime_password}}", public_key: "{{ lookup('pipe', '/srv/web/infra/ansible/scripts/auth-keys-from-fas clime') }}" } + - { username: misc, name: misc, tenant: openshift, password: "{{misc_password}}", public_key: "{{ lookup('pipe', '/srv/web/infra/ansible/scripts/auth-keys-from-fas misc') }}" } tags: - openstack_users @@ -907,6 +910,7 @@ - { name: qa, shared: false } - { name: scratch, shared: false } - { name: transient, shared: false } + - { name: openshift, shared: false } - name: Create a subnet for all tenants neutron_subnet: login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin" @@ -928,6 +932,7 @@ - { name: qa, cidr: '172.25.112.1/20', gateway: '172.25.112.1' } - { name: scratch, cidr: '172.25.64.1/20', gateway: '172.25.64.1' } - { name: transient, cidr: '172.25.48.1/20', gateway: '172.25.48.1' } + - { name: openshift, cidr: '172.25.160.1/20', gateway: '172.25.160.1' } - name: "Connect router's interface to the TENANT-subnet" neutron_router_interface: login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin" @@ -1033,6 +1038,7 @@ - { name: qa, prefix: "172.25.112.1/20" } - { name: scratch, prefix: '172.25.64.1/20' } - { name: transient, prefix: '172.25.48.1/20' } + - { name: openshift, prefix: '172.25.160.1/20' } - name: "Create 'web-80-anywhere' security group" neutron_sec_group: diff --git a/playbooks/hosts/fedimg-dev.fedorainfracloud.org.yml b/playbooks/hosts/fedimg-dev.fedorainfracloud.org.yml index bb91f9a8b..f63d6107c 100644 --- a/playbooks/hosts/fedimg-dev.fedorainfracloud.org.yml +++ b/playbooks/hosts/fedimg-dev.fedorainfracloud.org.yml @@ -20,9 +20,6 @@ - /srv/private/ansible/files/openstack/passwords.yml - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - roles: - - rkhunter - tasks: - include: "{{ tasks }}/yumrepos.yml" - include: "{{ tasks }}/motd.yml" diff --git a/playbooks/hosts/fedora-hubs-dev.yml b/playbooks/hosts/fedora-hubs-dev.yml new file mode 100644 index 000000000..2fef43dc4 --- /dev/null +++ b/playbooks/hosts/fedora-hubs-dev.yml @@ -0,0 +1,101 @@ +- name: provision instance + hosts: 209.132.184.98 # this is transient.. so may change if we destroy it. + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - include: "{{ tasks }}/yumrepos.yml" + - yum: name={{item}} state=present + with_items: + - git + + - file: dest=/srv/git state=directory + - git: repo=https://pagure.io/fedora-hubs.git + dest=/srv/git/fedora-hubs + version=develop + - file: dest=/etc/fedmsg.d/ state=directory + - name: copy around a number of files we want + command: cp {{item.src}} {{item.dest}} + with_items: + - src: /srv/git/fedora-hubs/fedmsg.d/testconfig.py + dest: /etc/fedmsg.d/testconfig.py + remote_src: True + - src: /srv/git/fedora-hubs/fedmsg.d/base.py + dest: /etc/fedmsg.d/base.py + remote_src: True + - src: /srv/git/fedora-hubs/fedmsg.d/logging.py + dest: /etc/fedmsg.d/logging.py + remote_src: True + - src: /srv/git/fedora-hubs/systemd/hubs-worker@.service + dest: /usr/lib/systemd/system/hubs-worker@.service + remote_src: True + - src: /srv/git/fedora-hubs/systemd/hubs-triage@.service + dest: /usr/lib/systemd/system/hubs-triage@.service + remote_src: True + - src: /srv/git/fedora-hubs/systemd/hubs-webapp.service + dest: /usr/lib/systemd/system/hubs-webapp.service + remote_src: True + - yum: name={{item}} state=present + with_items: + - htop + - tmux + - vim + - redis + - python-pip + - gcc + - gcc-c++ + - sqlite-devel + - libffi-devel + - openssl-devel + - python-datanommer-consumer + - datanommer-commands + - fedmsg-hub + - python-psycopg2 + - postgresql-devel + - postgresql-server + - command: pip install -r requirements.txt + chdir=/srv/git/fedora-hubs + creates=/usr/lib/python2.7/site-packages/fedmsg/ + + # The one in epel7 is too old... :( + - command: pip install --upgrade pygments + + - command: pip install futures + creates=/usr/lib/python2.7/site-packages/concurrent/futures/ + - command: python setup.py develop + chdir=/srv/git/fedora-hubs + creates=/usr/lib/python2.7/site-packages/fedora-hubs.egg-link + + - command: systemctl daemon-reload + + - service: name={{item}} enabled=yes state=running + with_items: + - redis + - hubs-webapp + - hubs-worker@1 + - hubs-worker@2 + - hubs-worker@3 + - hubs-worker@4 + - hubs-worker@5 + - hubs-worker@6 + - hubs-worker@7 + - hubs-worker@8 + - hubs-triage@1 + - hubs-triage@2 + - hubs-triage@3 + - hubs-triage@4 + - hubs-triage@5 + - hubs-triage@6 + + + # Set up the db for datanommer + - command: postgresql-setup initdb creates=/var/lib/pgsql/data/pg_hba.conf + - service: name=postgresql enabled=yes state=running + # TODO -- createdb -E utf-8 datanommer + # TODO -- `datanommer-create-db` + - service: name=fedmsg-hub enabled=yes state=running diff --git a/playbooks/hosts/osbs-dev.fedorainfracloud.org.yml b/playbooks/hosts/osbs-dev.fedorainfracloud.org.yml index be7447ed5..bbfced9e3 100644 --- a/playbooks/hosts/osbs-dev.fedorainfracloud.org.yml +++ b/playbooks/hosts/osbs-dev.fedorainfracloud.org.yml @@ -120,6 +120,7 @@ default: { username: "{{ osbs_koji_stg_username }}", password: "{{ osbs_koji_stg_password }}", + koji_certs_secret: "koji", openshift_url: 'https://osbs-dev.fedorainfracloud.org:8443/', registry_uri: 'https://osbs-dev.fedorainfracloud.org:5000/v2', source_registry_uri: 'https://osbs-dev.fedorainfracloud.org:5000/v2', @@ -166,12 +167,46 @@ osbs_kubeconfig_path: /etc/origin/master/admin.kubeconfig osbs_environment: KUBECONFIG: "{{ osbs_kubeconfig_path }}" + koji_pki_dir: /etc/pki/koji + koji_ca_cert_path: "{{koji_pki_dir}}/fedora-server-ca.cert" + koji_cert_path: "{{koji_pki_dir}}/fedora-builder.pem" + koji_builder_user: dockerbuilder + osbs_builder_user: builder + handlers: - name: buildroot container shell: atomic-reactor create-build-image --reactor-tarball-path /usr/share/atomic-reactor/atomic-reactor.tar.gz /etc/osbs/buildroot/ buildroot + - name: oc secrets new + shell: "oc secrets new koji cert={{ koji_cert_path }} ca={{ koji_ca_cert_path }} serverca={{ koji_ca_cert_path }}" + environment: "{{ osbs_environment }}" + notify: oc secrets add + + - name: oc secrets add + shell: "oc secrets add serviceaccount/{{ osbs_builder_user }} secrets/koji --for=mount" + environment: "{{ osbs_environment }}" + + tasks: + - name: Ensure koji dockerbuilder cert path exists + file: + path: "{{ koji_pki_dir }}" + state: "directory" + mode: 0400 + + - name: Add koji dockerbuilder cert for Content Generator import + copy: + src: "{{private}}/files/koji/containerbuild.pem" + dest: "{{ koji_cert_path }}" + notify: oc secrets new + + - name: Add koji dockerbuilder ca cert for Content Generator import + copy: + src: "{{private}}/files/koji/buildercerts/fedora-ca.cert" + dest: "{{ koji_ca_cert_path }}" + notify: oc secrets new + - name: install docker action: "{{ ansible_pkg_mgr }} name=docker state=installed" @@ -198,6 +233,9 @@ - name: set policy for koji builder in openshift for osbs shell: "oadm policy add-role-to-user -n default edit htpasswd_provider: {{ osbs_koji_stg_username }}" + - name: set policy for koji builder in openshift for atomic-reactor + shell: "oadm policy add-role-to-user -n default edit system:serviceaccount:default:builder" + - name: make sure latest fedora image is pulled and pushed to osbs registry shell: docker pull fedora && docker tag -f fedora:latest osbs-dev.fedorainfracloud.org:5000/fedora:latest && docker push osbs-dev.fedorainfracloud.org:5000/fedora:latest tags: diff --git a/playbooks/include/proxies-redirects.yml b/playbooks/include/proxies-redirects.yml index b1415274a..b87fb8aef 100644 --- a/playbooks/include/proxies-redirects.yml +++ b/playbooks/include/proxies-redirects.yml @@ -170,6 +170,12 @@ website: l10n.fedoraproject.org target: https://translate.fedoraproject.org/ + # This is just a redirect to developer, to make it easier for people to get + # here from Red Hat's developers.redhat.com (ticket #5216). + - role: httpd/redirect + name: developers + website: developers.fedoraproject.org + target: https://developer.fedoraproject.org/ # Redirect specific websites from fedoraproject.org to getfedora.org - role: httpd/redirect @@ -219,105 +225,105 @@ # back to the main release. # This should be disabled when there is a prerelease - - role: httpd/redirectmatch - name: prerelease-to-final-gfo - website: getfedora.org - regex: /(.*)/prerelease.*$ - target: https://stg.getfedora.org/$1 - when: env == 'staging' - - - role: httpd/redirectmatch - name: prerelease-to-final-labs-1 - website: labs.fedoraproject.org - regex: /(.*)/prerelease.*$ - target: https://labs.stg.fedoraproject.org/$1 - when: env == 'staging' - - - role: httpd/redirectmatch - name: prerelease-to-final-spins-1 - website: spins.fedoraproject.org - regex: /(.*)/prerelease.*$ - target: https://spins.stg.fedoraproject.org/$1 - when: env == 'staging' - - - role: httpd/redirectmatch - name: prerelease-to-final-arm-1 - website: arm.fedoraproject.org - regex: /(.*)/prerelease.*$ - target: https://arm.stg.fedoraproject.org/$1 - when: env == 'staging' - - - role: httpd/redirectmatch - name: prerelease-to-final-labs-2 - website: labs.fedoraproject.org - regex: /prerelease.*$ - target: https://labs.stg.fedoraproject.org/$1 - when: env == 'staging' - - - role: httpd/redirectmatch - name: prerelease-to-final-spins-2 - website: spins.fedoraproject.org - regex: /prerelease.*$ - target: https://spins.stg.fedoraproject.org/$1 - when: env == 'staging' - - - role: httpd/redirectmatch - name: prerelease-to-final-arm-2 - website: arm.fedoraproject.org - regex: /prerelease.*$ - target: https://arm.stg.fedoraproject.org/$1 - when: env == 'staging' +# - role: httpd/redirectmatch +# name: prerelease-to-final-gfo +# website: getfedora.org +# regex: /(.*)/prerelease.*$ +# target: https://stg.getfedora.org/$1 +# when: env == 'staging' + +# - role: httpd/redirectmatch +# name: prerelease-to-final-labs-1 +# website: labs.fedoraproject.org +# regex: /(.*)/prerelease.*$ +# target: https://labs.stg.fedoraproject.org/$1 +# when: env == 'staging' + +# - role: httpd/redirectmatch +# name: prerelease-to-final-spins-1 +# website: spins.fedoraproject.org +# regex: /(.*)/prerelease.*$ +# target: https://spins.stg.fedoraproject.org/$1 +# when: env == 'staging' + +# - role: httpd/redirectmatch +# name: prerelease-to-final-arm-1 +# website: arm.fedoraproject.org +# regex: /(.*)/prerelease.*$ +# target: https://arm.stg.fedoraproject.org/$1 +# when: env == 'staging' + +# - role: httpd/redirectmatch +# name: prerelease-to-final-labs-2 +# website: labs.fedoraproject.org +# regex: /prerelease.*$ +# target: https://labs.stg.fedoraproject.org/$1 +# when: env == 'staging' + +# - role: httpd/redirectmatch +# name: prerelease-to-final-spins-2 +# website: spins.fedoraproject.org +# regex: /prerelease.*$ +# target: https://spins.stg.fedoraproject.org/$1 +# when: env == 'staging' + +# - role: httpd/redirectmatch +# name: prerelease-to-final-arm-2 +# website: arm.fedoraproject.org +# regex: /prerelease.*$ +# target: https://arm.stg.fedoraproject.org/$1 +# when: env == 'staging' # end staging - - role: httpd/redirectmatch - name: prerelease-to-final-gfo - website: getfedora.org - regex: /(.*)/prerelease.*$ - target: https://getfedora.org/$1 - when: env != 'staging' - - - role: httpd/redirectmatch - name: prerelease-to-final-labs-1 - website: labs.fedoraproject.org - regex: /(.*)/prerelease.*$ - target: https://labs.fedoraproject.org/$1 - when: env != 'staging' - - - role: httpd/redirectmatch - name: prerelease-to-final-spins-1 - website: spins.fedoraproject.org - regex: /(.*)/prerelease.*$ - target: https://spins.fedoraproject.org/$1 - when: env != 'staging' - - - role: httpd/redirectmatch - name: prerelease-to-final-arm-1 - website: arm.fedoraproject.org - regex: /(.*)/prerelease.*$ - target: https://arm.fedoraproject.org/$1 - when: env != 'staging' - - - role: httpd/redirectmatch - name: prerelease-to-final-labs-2 - website: labs.fedoraproject.org - regex: /prerelease.*$ - target: https://labs.fedoraproject.org/$1 - when: env != 'staging' - - - role: httpd/redirectmatch - name: prerelease-to-final-spins-2 - website: spins.fedoraproject.org - regex: /prerelease.*$ - target: https://spins.fedoraproject.org/$1 - when: env != 'staging' - - - role: httpd/redirectmatch - name: prerelease-to-final-arm-2 - website: arm.fedoraproject.org - regex: /prerelease.*$ - target: https://arm.fedoraproject.org/$1 - when: env != 'staging' +# - role: httpd/redirectmatch +# name: prerelease-to-final-gfo +# website: getfedora.org +# regex: /(.*)/prerelease.*$ +# target: https://getfedora.org/$1 +# when: env != 'staging' +# +# - role: httpd/redirectmatch +# name: prerelease-to-final-labs-1 +# website: labs.fedoraproject.org +# regex: /(.*)/prerelease.*$ +# target: https://labs.fedoraproject.org/$1 +# when: env != 'staging' +# +# - role: httpd/redirectmatch +# name: prerelease-to-final-spins-1 +# website: spins.fedoraproject.org +# regex: /(.*)/prerelease.*$ +# target: https://spins.fedoraproject.org/$1 +# when: env != 'staging' +# +# - role: httpd/redirectmatch +# name: prerelease-to-final-arm-1 +# website: arm.fedoraproject.org +# regex: /(.*)/prerelease.*$ +# target: https://arm.fedoraproject.org/$1 +# when: env != 'staging' +# +# - role: httpd/redirectmatch +# name: prerelease-to-final-labs-2 +# website: labs.fedoraproject.org +# regex: /prerelease.*$ +# target: https://labs.fedoraproject.org/$1 +# when: env != 'staging' +# +# - role: httpd/redirectmatch +# name: prerelease-to-final-spins-2 +# website: spins.fedoraproject.org +# regex: /prerelease.*$ +# target: https://spins.fedoraproject.org/$1 +# when: env != 'staging' +# +# - role: httpd/redirectmatch +# name: prerelease-to-final-arm-2 +# website: arm.fedoraproject.org +# regex: /prerelease.*$ +# target: https://arm.fedoraproject.org/$1 +# when: env != 'staging' - role: httpd/redirect name: store diff --git a/playbooks/include/proxies-reverseproxy.yml b/playbooks/include/proxies-reverseproxy.yml index cb466579a..d7ff03d28 100644 --- a/playbooks/include/proxies-reverseproxy.yml +++ b/playbooks/include/proxies-reverseproxy.yml @@ -472,14 +472,26 @@ proxyurl: http://localhost:10029 # Reverse proxy pkgs for integrity protection of anonymous clones - #- role: httpd/reverseproxy - # website: src.fedoraproject.org - # destname: git - # proxyurl: http://pkgs02.phx2.fedoraproject.org - # when: env == "production" + - role: httpd/reverseproxy + website: src.fedoraproject.org + destname: git + proxyurl: http://pkgs02.phx2.fedoraproject.org + when: env == "production" - role: httpd/reverseproxy website: src.fedoraproject.org destname: git proxyurl: http://pkgs01.stg.phx2.fedoraproject.org when: env == "staging" + + - role: httpd/reverseproxy + website: osbs.fedoraproject.org + destname: osbs + proxyurl: http://localhost:10047 + when: env == "staging" + + - role: httpd/reverseproxy + website: registry.fedoraproject.org + destname: registry + proxyurl: http://localhost:10048 + when: env == "staging" diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml index 2c8d98500..15cb47e77 100644 --- a/playbooks/include/proxies-websites.yml +++ b/playbooks/include/proxies-websites.yml @@ -159,7 +159,6 @@ - src.stg.fedoraproject.org cert_name: "{{wildcard_cert_name}}" sslonly: true - when: env == "staging" # Remove after freeze - role: httpd/website name: download.fedoraproject.org @@ -474,6 +473,27 @@ sslonly: true cert_name: "{{wildcard_cert_name}}" + # This is just a redirect to developer, to make it easier for people to get + # here from Red Hat's developers.redhat.com (ticket #5216). + - role: httpd/website + name: developers.fedoraproject.org + sslonly: true + cert_name: "{{wildcard_cert_name}}" + + - role: httpd/website + name: osbs.fedoraproject.org + server_aliases: [osbs.stg.fedoraproject.org] + sslonly: true + cert_name: "{{wildcard_cert_name}}" + when: env == "staging" + + - role: httpd/website + name: registry.fedoraproject.org + server_aliases: [registry.stg.fedoraproject.org] + sslonly: true + cert_name: "{{wildcard_cert_name}}" + when: env == "staging" + # Kinda silly that we have two entries here, one for prod and one for stg. # This is inherited from our puppet setup -- we can collapse them as soon as # is convenient. -- threebean diff --git a/playbooks/manual/staging-sync/koschei.yml b/playbooks/manual/staging-sync/koschei.yml index 73e792c09..830e304d8 100644 --- a/playbooks/manual/staging-sync/koschei.yml +++ b/playbooks/manual/staging-sync/koschei.yml @@ -58,7 +58,13 @@ - include: "{{ handlers }}/restart_services.yml" tasks: - - command: koschei-admin createdb + - command: koschei-admin create-db + - command: > + koschei-admin create-collection {{ koschei_koji_tag }} + --display-name 'Fedora Rawhide' + --build-tag {{ koschei_koji_tag }}-build + --target-tag {{ koschei_koji_tag }} + --branch master - name: bring koschei staging services up diff --git a/playbooks/manual/upgrade/koschei.yml b/playbooks/manual/upgrade/koschei.yml index 8a41f4193..96a2b4278 100644 --- a/playbooks/manual/upgrade/koschei.yml +++ b/playbooks/manual/upgrade/koschei.yml @@ -26,10 +26,10 @@ - name: clean yum metadata command: yum clean all {% if env == 'staging' %} --enablerepo="koschei-jenkins" {% endif %} - name: upgrade koschei package from jenkins - yum: name="koschei" state=latest enablerepo="koschei-jenkins" + package: name="koschei" state=latest enablerepo="koschei-jenkins" when: env == 'staging' - name: upgrade koschei from main repo - yum: name="koschei" state=latest + package: name="koschei" state=latest when: env != 'staging' - name: run db migration become: yes diff --git a/playbooks/manual/upgrade/pdc.yml b/playbooks/manual/upgrade/pdc.yml index e5ce31cac..b741e56be 100644 --- a/playbooks/manual/upgrade/pdc.yml +++ b/playbooks/manual/upgrade/pdc.yml @@ -17,6 +17,7 @@ with_items: - pdc-client - pdc-updater + - python-productmd roles: - pdc/backend @@ -46,7 +47,8 @@ - name: yum update PDC packages yum: name="{{item}}" state=latest with_items: - - python-pdc + - pdc-server + - python-productmd roles: - pdc/frontend diff --git a/roles/apps-fp-o/files/apps.yaml b/roles/apps-fp-o/files/apps.yaml index 54a6ad911..5e82ba162 100644 --- a/roles/apps-fp-o/files/apps.yaml +++ b/roles/apps-fp-o/files/apps.yaml @@ -242,10 +242,8 @@ children: source_url: https://github.com/jmflinuxtx/kerneltest-harness bugs_url: https://github.com/jmflinuxtx/kerneltest-harness/issues docs_url: http://fedoraproject.org/wiki/KernelTestingInitiative - # TODO - write SOPs for this - # https://fedorahosted.org/fedora-infrastructure/ticket/5153 - #sops: - # - url goes here + sops: + - https://infrastructure.fedoraproject.org/infra/docs/kerneltest-harness.rst description: > As part of the <a href="https://fedoraproject.org/wiki/KernelTestingInitiative">kernel @@ -330,10 +328,8 @@ children: source_url: https://github.com/fedora-infra/nuancier bugs_url: https://github.com/fedora-infra/nuancier/issues docs_url: http://nuancier.readthedocs.org/en/latest/ - # TODO - write a SOP for nuancier - # https://fedorahosted.org/fedora-infrastructure/ticket/5155 - #sops: - # - url goes here + sops: + - https://infrastructure.fedoraproject.org/infra/docs/nuancier.rst description: > Nuancier is a simple voting application for the supplementary wallpapers included in Fedora. @@ -629,10 +625,8 @@ children: source_url: https://github.com/fedora-infra/fedora-gather-easyfix bugs_url: https://github.com/fedora-infra/fedora-gather-easyfix/issues docs_url: https://github.com/fedora-infra/fedora-gather-easyfix/blob/master/README - # TODO - write a sop for this thing - # https://fedorahosted.org/fedora-infrastructure/ticket/5160 - #sops: - # - https://infrastructure.fedoraproject.org/infra/docs/easyfix.rst + sops: + - https://infrastructure.fedoraproject.org/infra/docs/gather-easyfix.rst description: > A list of easy-to-fix problems for the different projects in Fedora. Interested in getting into helping out with sysadmin @@ -718,10 +712,8 @@ children: source_url: https://github.com/collectd/collectd bugs_url: https://github.com/collectd/collectd/issues docs_url: https://collectd.org/documentation.shtml - # TODO - write SOP for collectd - # https://fedorahosted.org/fedora-infrastructure/ticket/5161 - #sops: - # - https://infrastructure.fedoraproject.org/infra/docs/collectd.rst + sops: + - https://infrastructure.fedoraproject.org/infra/docs/collectd.rst description: > Tracks and displays statistics on the Fedora Infrastructure machines over time. Useful for debugging @@ -772,7 +764,7 @@ children: promoting it soon.. - name: faitout data: - url: http://209.132.184.152/faitout/ + url: http://faitout.fedorainfracloud.org/ description: > Provides access to temporary postgresql databases. This database can be used for unit-test thus reducing the diff --git a/roles/autocloud/backend/tasks/main.yml b/roles/autocloud/backend/tasks/main.yml index 77bd0ec26..7ea2266a1 100644 --- a/roles/autocloud/backend/tasks/main.yml +++ b/roles/autocloud/backend/tasks/main.yml @@ -59,6 +59,20 @@ - autocloud - autocloud/backend +# +# install koji build fedmsg hotfix +# See issue https://github.com/kushaldas/autocloud/issues/34 +# +- name: hotfix - copy over consumer for autocloud + copy: src="{{ files }}/hotfix/autocloud/consumer.py" dest=/usr/lib/python2.7/site-packages/autocloud + owner=root group=root mode=0644 + notify: + - restart fedmsg-hub + tags: + - autocloud + - hotfix + - autocloud/backend + - name: install vagrant-libvirt for the libvirt host dnf: pkg={{ item }} state=present with_items: diff --git a/roles/badges/backend/files/cron/award-lifecycle-badges b/roles/badges/backend/files/cron/award-lifecycle-badges index 3fc6e1678..865df9baa 100644..100755 --- a/roles/badges/backend/files/cron/award-lifecycle-badges +++ b/roles/badges/backend/files/cron/award-lifecycle-badges @@ -32,8 +32,16 @@ fedmsg.init(**fm_config) import fedbadges.utils +# generates a list of search terms +# alpha map is just a lowercase english alphabet -def get_fas_userlist(fas_credentials): +def gen_fas_searchterms(): + alpha = map(chr, range(97, 123)) + searchterms = [ alpha_ltr + "*" for alpha_ltr in alpha ] + return searchterms + + +def get_fas_userlist(fas_credentials, search_qry): creds = fas_credentials fasclient = fedora.client.fas2.AccountSystem( @@ -46,8 +54,9 @@ def get_fas_userlist(fas_credentials): try: log.info("Downloading FAS cache") request = fasclient.send_request('/user/list', - req_params={'search': '*'}, + req_params={'search': search_qry}, auth=True) + finally: socket.setdefaulttimeout(timeout) @@ -73,15 +82,21 @@ def main(): assert(badge.id) # Then, do a long query against FAS for our candidates. - results = get_fas_userlist(fas_credentials=fm_config['fas_credentials']) + # Here I call search terms to generate a lists of search terms + # Looping over the list of search terms, pass the search term to get_fas_userlists - for badge_id, delta in mapping.items(): - badge = tahrir.get_badge(badge_id=badge_id) - for person in results: - creation = datetime.datetime.strptime( - person.creation.split('.')[0], '%Y-%m-%d %H:%M:%S') - if now - creation > delta: - hit_em_up(badge, person) + fas_credentials = fm_config['fas_credentials'] + searchterms = gen_fas_searchterms() + for search_elem in searchterms: + results = get_fas_userlist(fas_credentials, search_elem) + + for badge_id, delta in mapping.items(): + badge = tahrir.get_badge(badge_id=badge_id) + for person in results: + creation = datetime.datetime.strptime( + person.creation.split('.')[0], '%Y-%m-%d %H:%M:%S') + if now - creation > delta: + hit_em_up(badge, person) def hit_em_up(badge, fas_user): @@ -95,7 +110,7 @@ def hit_em_up(badge, fas_user): print email, "already has", badge.id, "skipping." return - time.sleep(1) + time.sleep(15) print "awarding", badge.id, "to", email try: transaction.begin() diff --git a/roles/badges/backend/files/cron/award-lifecycle-badges-old b/roles/badges/backend/files/cron/award-lifecycle-badges-old new file mode 100755 index 000000000..23139f2c4 --- /dev/null +++ b/roles/badges/backend/files/cron/award-lifecycle-badges-old @@ -0,0 +1,131 @@ +#!/usr/bin/env python + +import __main__ +# This is going to require sqlalchemy 0.8 sooner than later. +__main__.__requires__ = __requires__ = ["tahrir-api", "sqlalchemy>=0.7"]; +import pkg_resources +pkg_resources.require(__requires__) + +import datetime +import time +import urllib +import socket + +from tahrir_api.dbapi import TahrirDatabase +import transaction + +_fas_cache = {} + +import logging +log = logging.getLogger() +logging.basicConfig() +import fedora.client.fas2 + +import fedmsg +import fedmsg.config + +fm_config = fedmsg.config.load_config() +fm_config['cert_prefix'] = 'fedbadges' +fm_config['name'] = 'relay_inbound' +fm_config['active'] = True +fedmsg.init(**fm_config) + +import fedbadges.utils + + +#a simple listcomp to generate a lists of searchterms +#allows us to break the fas userlist down to smaller chunks +#so the cron job doesn't hang +def get_fas_searchterm(): + ast = "*" + alpha = map(chr, range(97, 123)) + searchterms = [ term_str + ast for term_str in alpha ] + return searchterms + + +def get_fas_userlist(fas_credentials): + creds = fas_credentials + + fasclient = fedora.client.fas2.AccountSystem( + username=creds['username'], + password=creds['password'], + ) + + timeout + timeout = socket.getdefaulttimeout() + socket.setdefaulttimeout(600) + searchterm = get_fas_searchterms() + for search_elem in searchterm: + try: + log.info("Downloading FAS cache") + request = fasclient.send_request('/user/list', + req_params={'search': search_elem}, + auth=True) + fas_userlist.update(request) + finally: + socket.setdefaulttimeout(timeout) + + # We don't actually check for CLA+1, just "2 groups" + return [p for p in fas_userlist['people'] if len(p.memberships) > 1] + + +def main(): + now = datetime.datetime.utcnow() + year = datetime.timedelta(days=365.5) + search_terms = get_fas_searchterms() + mapping = { + 'egg': year * 1, + 'embryo': year * 2, + 'tadpole': year * 3, + 'tadpole-with-legs': year * 5, + 'froglet': year * 7, + 'adult-frog': year * 10, + } + + # First, some validation that the badge ids actually exist. + for badge_id, delta in mapping.items(): + badge = tahrir.get_badge(badge_id=badge_id) + assert(badge.id) + + # Then, do a long query against FAS for our candidates. + # looping over a list of search terms allows us to work around the socket timeout + results = get_fas_userlist(fas_credentials=fm_config['fas_credentials']) + + for badge_id, delta in mapping.items(): + badge = tahrir.get_badge(badge_id=badge_id) + for person in results: + creation = datetime.datetime.strptime( + person.creation.split('.')[0], '%Y-%m-%d %H:%M:%S') + if now - creation > delta: + hit_em_up(badge, person) + + +def hit_em_up(badge, fas_user): + email = fas_user.username + "@fedoraproject.org" + user = tahrir.get_person(email) + + if not user: + return + + if tahrir.assertion_exists(badge.id, email): + print email, "already has", badge.id, "skipping." + return + + time.sleep(1) + print "awarding", badge.id, "to", email + try: + transaction.begin() + tahrir.add_assertion(badge.id, email, None) + transaction.commit() + except Exception as e: + transaction.abort() + print "Failure:", e + + +if __name__ == '__main__': + uri = fm_config['badges_global']['database_uri'] + tahrir = TahrirDatabase( + uri, + notification_callback=fedbadges.utils.notification_callback, + ) + main() diff --git a/roles/badges/backend/files/edit-badge b/roles/badges/backend/files/edit-badge index 7565a606a..e83b629a4 100644 --- a/roles/badges/backend/files/edit-badge +++ b/roles/badges/backend/files/edit-badge @@ -20,14 +20,18 @@ import fedbadges.utils def parse_args(): parser = argparse.ArgumentParser(__doc__) parser.add_argument('--badge', default=None, help="A badge id") + # XXX - Note, this script intentionally does not allow changing the badge-id + # of a badge. Some things depend on that field as a foreign key and it is + # unclear what would break if we changed that. + parser.add_argument('--name', default=None, help='Name..') parser.add_argument('--description', default=None, help='Description..') parser.add_argument('--criteria', default=None, help='Criteria link') args = parser.parse_args() if not args.badge: print "You must specify a badge id." sys.exit(1) - if not args.description and not args.criteria: - print "You must specify either description or criteria to edit." + if not args.name and not args.description and not args.criteria: + print "You must specify either name, description or criteria to edit." sys.exit(1) return args @@ -46,7 +50,7 @@ def initialize(): return tahrir -def main(tahrir, badge_id, description, criteria): +def main(tahrir, badge_id, name, description, criteria): badge = tahrir.get_badge(badge_id) if not badge: @@ -55,6 +59,10 @@ def main(tahrir, badge_id, description, criteria): transaction.begin() + if name: + badge.name = name + print "Setting name on %r to %r" % (badge_id, name) + if description: badge.description = description print "Setting description on %r to %r" % (badge_id, description) @@ -69,4 +77,4 @@ def main(tahrir, badge_id, description, criteria): if __name__ == '__main__': args = parse_args() tahrir = initialize() - main(tahrir, args.badge, args.description, args.criteria) + main(tahrir, args.badge, args.name, args.description, args.criteria) diff --git a/roles/badges/frontend/templates/tahrir.ini b/roles/badges/frontend/templates/tahrir.ini index 04b84cfe6..e63b84539 100644 --- a/roles/badges/frontend/templates/tahrir.ini +++ b/roles/badges/frontend/templates/tahrir.ini @@ -31,7 +31,8 @@ sqlalchemy.url = postgresql://{{tahrirDBUser}}:{{tahrirDBPassword}}@db-tahrir/ta mako.directories=tahrir:templates -tahrir.admin = ralph@fedoraproject.org, oddshocks@fedoraproject.org, puiterwijk@fedoraproject.org, decause@fedoraproject.org, nb@fedoraproject.org, cydrobolt@fedoraproject.org +tahrir.admin = ralph@fedoraproject.org, oddshocks@fedoraproject.org, puiterwijk@fedoraproject.org, decause@fedoraproject.org, nb@fedoraproject.org, cydrobolt@fedoraproject.org, aikidouke@fedoraproject.org + tahrir.pngs.uri = /usr/share/badges/pngs dogpile.cache.backend = dogpile.cache.memcached diff --git a/roles/base/handlers/main.yml b/roles/base/handlers/main.yml index e35fdea5a..5852fa8b7 100644 --- a/roles/base/handlers/main.yml +++ b/roles/base/handlers/main.yml @@ -1,6 +1,16 @@ --- -- name: restart watchdog - service: name=watchdog state=restarted +- name: apply interface-changes + command: nmcli con up {{ item.split()[1] }} + async: 1 + poll: 0 + with_items: + - "{{ if_uuid.stdout_lines }}" + +- name: restart iptables + service: name=iptables state=restarted + +- name: restart ip6tables + service: name=ip6tables state=restarted - name: restart NetworkManager service: name=NetworkManager state=restarted @@ -8,9 +18,19 @@ - name: reload NetworkManager-connections command: nmcli c reload -- name: apply interface-changes - command: nmcli con up {{ item.split()[1] }} - async: 1 - poll: 0 - with_items: - - "{{ if_uuid.stdout_lines }}" +- name: restart postfix + service: name=postfix state=restarted + +- name: restart rsyslog + service: name=rsyslog state=restarted + +- name: restart sshd + service: name=sshd state=restarted + +- name: restart watchdog + service: name=watchdog state=restarted + +- name: reload libvirtd + service: name=libvirtd state=reloaded + ignore_errors: true + when: ansible_virtualization_role == 'host' diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml deleted file mode 100644 index 8527f1e32..000000000 --- a/roles/base/tasks/main.yml +++ /dev/null @@ -1,466 +0,0 @@ ---- - -# -# This is the base role for all machines. -# Things in here are things we want to do to every machine no matter what. -# - -# XXX fixme # a datacenter 'fact' from setup -- name: /etc/resolv.conf - copy: src={{ item }} dest=/etc/resolv.conf - with_first_found: - - "{{ resolvconf }}" - - resolv.conf/{{ ansible_fqdn }} - - resolv.conf/{{ host_group }} - - resolv.conf/{{ datacenter }} - - resolv.conf/resolv.conf - tags: - - config - - resolvconf - - base - - ifcfg - -- name: check for NetworkManager/nmcli - command: /usr/bin/test -f /usr/bin/nmcli - register: nmclitest - ignore_errors: true - changed_when: false - failed_when: "1 != 1" - always_run: true - tags: - - config - - resolvconf - - base - - ifcfg - -- name: disable resolv.conf control from NM - ini_file: dest=/etc/NetworkManager/NetworkManager.conf section=main option=dns value=none - notify: - - restart NetworkManager - when: ansible_distribution_major_version|int >=7 and nmclitest|success and ( not ansible_ifcfg_blacklist) - tags: - - config - - resolvconf - - base - - ifcfg - -- name: get interface uuid - shell: nmcli -f "DEVICE,UUID" c show --active | grep -E '^eth|^br' - register: if_uuid - changed_when: false - failed_when: 'if_uuid.stdout == ""' - always_run: yes - when: ansible_distribution_major_version|int >=7 and nmclitest|success and ( not ansible_ifcfg_blacklist ) - tags: - - config - - ifcfg - - base - -- name: copy ifcfg files - non virthost - template: src=ifcfg.j2 dest=/etc/sysconfig/network-scripts/ifcfg-{{item}} mode=644 - with_items: - - "{{ ansible_interfaces }}" - notify: -# - restart NetworkManager - - reload NetworkManager-connections - - apply interface-changes - when: (virthost is not defined) and (not item.startswith('tun')) and (not item.startswith('virbr')) and (not item.startswith('vnet')) and (hostvars[inventory_hostname]['ansible_' + item.replace('-','_')]['type'] == 'ether') and (ansible_distribution_major_version|int >=7) and hostvars[inventory_hostname]['ansible_' + item.replace('-','_')]['active'] and nmclitest|success and ( not ansible_ifcfg_blacklist ) - tags: - - config - - ifcfg - - base - -- name: global default packages to install (yum) - yum: state=present name={{ item }} - with_items: - - "{{ global_pkgs_inst }}" - tags: - - packages - - base - when: ansible_distribution_major_version|int < 22 - -- name: global default packages to install (dnf) - dnf: state=present name={{ item }} - with_items: - - "{{ global_pkgs_inst }}" - tags: - - packages - - base - when: ansible_distribution_major_version|int > 21 and ansible_cmdline.ostree is not defined - -- debug: msg="{{ansible_nodename}} {{inventory_hostname}} {{ansible_distribution_major_version|int}}" - -- name: make sure hostname is set right on rhel7 hosts - command: hostnamectl set-hostname {{ inventory_hostname }} - when: ( ansible_nodename != inventory_hostname ) and ansible_distribution_major_version|int == 7 - -- name: sshd_config - copy: src={{ item }} dest=/etc/ssh/sshd_config mode=600 - with_first_found: - - "{{ sshd_config }}" - - ssh/sshd_config.{{ ansible_fqdn }} - - ssh/sshd_config.{{ host_group }} - - ssh/sshd_config.{{ dist_tag }} - - ssh/sshd_config.{{ ansible_distribution }} - - ssh/sshd_config.{{ ansible_distribution_version }} - - ssh/sshd_config.default - notify: - - restart sshd - tags: - - sshd_config - - config - - sshd - - base - -- name: set root passwd - user: name=root password={{ rootpw }} state=present - tags: - - rootpw - - base - when: not (inventory_hostname.startswith('rawhide') or inventory_hostname.startswith('branched') or inventory_hostname.startswith('compose') or inventory_hostname.startswith('build') or inventory_hostname.startswith('arm') or inventory_hostname.startswith('bkernel') or inventory_hostname.startswith('koji01.stg') or inventory_hostname.startswith('aarch64') or inventory_hostname.startswith('s390') or inventory_hostname.startswith('fed-cloud09')) - -- name: add ansible root key - authorized_key: user=root key="{{ item }}" - with_file: - - ansible-pub-key - tags: - - config - - base - -- name: make sure our resolv.conf is the one being used - set RESOLV_MODS=no in /etc/sysconfig/network - lineinfile: dest=/etc/sysconfig/network create=yes backup=yes state=present line='RESOLV_MODS=no' regexp=^RESOLV_MODS= - tags: - - config - - base - -- name: dist pkgs to remove (yum) - yum: state=absent name={{ item }} - with_items: - - "{{ base_pkgs_erase }}" - tags: - - packages - - base - when: ansible_distribution_major_version|int < 22 - -- name: dist pkgs to install (yum) - yum: state=present name={{ item }} - with_items: - - "{{ base_pkgs_inst }}" - tags: - - packages - - base - when: ansible_distribution_major_version|int < 22 - -- name: dist pkgs to remove (dnf) - dnf: state=absent name={{ item }} - with_items: - - "{{ base_pkgs_erase }}" - tags: - - packages - - base - when: ansible_distribution_major_version|int > 21 and ansible_cmdline.ostree is not defined - -- name: dist pkgs to install (dnf) - dnf: state=present name={{ item }} - with_items: - - "{{ base_pkgs_inst }}" - tags: - - packages - - base - when: ansible_distribution_major_version|int > 21 and ansible_cmdline.ostree is not defined - -- name: dist disabled services - service: state=stopped enabled=false name={{ item }} - with_items: - - "{{ service_disabled }}" - tags: - - service - - config - - base - -- name: dist enabled services - service: state=running enabled=true name={{ item }} - with_items: - - "{{ service_enabled }}" - tags: - - service - - config - - base - -- name: iptables - template: src={{ item }} dest=/etc/sysconfig/iptables mode=600 validate="/sbin/iptables-restore --text %s" - with_first_found: - - iptables/iptables.{{ datacenter }} - - iptables/iptables.{{ ansible_fqdn }} - - iptables/iptables.{{ host_group }} - - iptables/iptables.{{ env }} - - iptables/iptables - when: not inventory_hostname.startswith('fed-cloud09') - notify: - - restart iptables - - reload libvirtd - tags: - - iptables - - config - - base - -- name: iptables service enabled - service: name=iptables state=started enabled=true - tags: - - iptables - - service - - base - -- name: ip6tables - template: src={{ item }} dest=/etc/sysconfig/ip6tables mode=600 backup=yes - with_first_found: - - iptables/ip6tables.{{ datacenter }} - - iptables/ip6tables.{{ ansible_fqdn }} - - iptables/ip6tables.{{ host_group }} - - iptables/ip6tables.{{ env }} - - iptables/ip6tables - when: not inventory_hostname.startswith('fed-cloud09') - notify: - - restart ip6tables - - reload libvirtd - tags: - - ip6tables - - config - - base - -- name: ip6tables service enabled - service: name=ip6tables state=started enabled=true - tags: - - ip6tables - - service - - base - -- name: enable journald persistence - file: path=/var/log/journal state=directory - owner=root group=systemd-journal mode=2755 - when: ansible_distribution_major_version|int >= 7 - tags: - - journald - - config - - base - notify: - - flush journald tmpfiles to persistent store - -- name: rsyslog.conf - copy: src={{ item }} dest=/etc/rsyslog.conf mode=644 - with_first_found: - - rsyslog/rsyslog.conf.{{ ansible_fqdn }} - - rsyslog/rsyslog.conf.{{ dist_tag }} - - rsyslog/rsyslog.conf.default - notify: - - restart rsyslog - tags: - - rsyslogd - - config - - base - -- name: rsyslog log rotate for rsyslog servers - copy: src=rsyslog/merged-rsyslog dest=/etc/logrotate.d/merged-rsyslog mode=644 - when: inventory_hostname.startswith('log') - notify: - - restart rsyslog - tags: - - rsyslogd - - config - - base - -- name: add rsyslog config to /etc/rsyslog.d - copy: src={{ item }} dest=/etc/rsyslog.d/ owner=root group=root mode=0644 - with_fileglob: - - rsyslog/*.conf - notify: - - restart rsyslog - tags: - - rsyslogd - - config - - base - -- name: log everything to log01 except on mirrorlist, do not log local4 there. - copy: src=rsyslog/rsyslog-log01 dest=/etc/rsyslog.d/rsyslog-log01.conf mode=644 - when: not inventory_hostname.startswith(('mirrorlist','copr','jenkins')) - tags: - - rsyslogd - - config - - base - -- name: log everything to log01 except on mirrorlist, do log local4 there. - copy: src=rsyslog/rsyslog-log01-nolocal4 dest=/etc/rsyslog.d/rsyslog-log01.conf mode=644 - when: inventory_hostname.startswith('mirrorlist') - tags: - - rsyslogd - - config - - base - - base - -- name: /etc/postfix/main.cf - copy: src={{ item }} dest=/etc/postfix/main.cf - with_first_found: - - "{{ postfix_maincf }}" - - "postfix/main.cf/main.cf.{{ ansible_fqdn }}" - - "postfix/main.cf/main.cf.{{ host_group }}" - - "postfix/main.cf/main.cf.{{ postfix_group }}" - - "postfix/main.cf/main.cf.{{ datacenter }}" - - "postfix/main.cf/main.cf" - notify: - - restart postfix - tags: - - postfix - - config - - base - -- name: install /etc/postfix/master.cf file - copy: src={{ item }} dest=/etc/postfix/master.cf mode=0644 - with_first_found: - - "{{ postfix_mastercf }}" - - "postfix/master.cf/master.cf.{{ ansible_fqdn }}" - - "postfix/master.cf/master.cf.{{ inventory_hostname }}" - - "postfix/master.cf/master.cf.{{ host_group }}" - - "postfix/master.cf/master.cf.{{ postfix_group }}" - - "postfix/master.cf/master.cf" - when: inventory_hostname.startswith('smtp-mm') - notify: - - restart postfix - tags: - - postfix - - config - - base - -- name: enable postfix to start - service: name=postfix state=running enabled=true - tags: - - service - - base - -- name: install /etc/postfix/transport file - copy: src="postfix/{{ postfix_transport_filename }}" dest=/etc/postfix/transport - when: inventory_hostname.startswith(('smtp-mm','bastion')) - notify: - - restart postfix - - rebuild postfix transport - tags: - - postfix - - base - - config - -- name: install ntp.conf - template: src=ntp/ntp.conf.j2 dest=/etc/ntp.conf - tags: - - ntp - - config - - base - -- name: install ntp step-tickers - copy: src=ntp/step-tickers dest=/etc/ntp/step-tickers - tags: - - ntp - - config - - base - -- name: Start ntpd - service: name=ntpd state=running enabled=true - tags: - - ntp - - service - - base - -# -# This task installs some common scripts to /usr/local/bin -# scripts are under roles/base/files/common-scripts -# - -- name: Install common scripts - copy: src={{ item }} dest=/usr/local/bin/ owner=root group=root mode=0755 - with_fileglob: - - common-scripts/* - tags: - - config - - base - -- name: install a sync httpd logs cron script only on log01 - copy: src=syncHttpLogs.sh dest=/etc/cron.daily/syncHttpLogs.sh mode=755 - when: inventory_hostname.startswith('log01') - tags: - - config - - base - -- name: Drop in a little system_identification note - template: src=system_identification dest=/etc/system_identification - tags: - - config - - base - -# -# Blacklist the cdc_ether module as we don't want it loading mgmt usb0 and spewing to logs. -# -- name: Blacklist cdc_ether module - copy: src=blacklist-cdc_ether.conf dest=/etc/modprobe.d/blacklist-cdc_ether.conf - when: ansible_virtualization_role == 'host' - tags: - - config - - base - - cdc_ether - -# -# Watchdog stuff -# -- name: See if theres a watchdog device - stat: path=/dev/watchdog - when: ansible_virtualization_role == 'guest' - register: watchdog_dev - -- name: install watchdog - yum: pkg={{ item }} state=present - with_items: - - watchdog - tags: - - packages - - watchdog - - base - when: ansible_distribution_major_version|int < 22 and ansible_virtualization_role == 'guest' and watchdog_dev.stat.exists - -- name: install watchdog - dnf: pkg={{ item }} state=present - with_items: - - watchdog - tags: - - packages - - watchdog - - base - when: ansible_distribution_major_version|int > 21 and ansible_virtualization_role == 'guest' and watchdog_dev.stat.exists - -- name: watchdog device configuration - copy: src=watchdog.conf dest=/etc/watchdog.conf owner=root group=root mode=644 - when: ansible_virtualization_role == 'guest' and watchdog_dev.stat.exists - tags: - - config - - watchdog - - base - notify: restart watchdog - -- name: Set watchdog to run on boot - service: name=watchdog enabled=yes - when: ansible_virtualization_role == 'guest' and watchdog_dev.stat.exists - ignore_errors: true - notify: - - restart watchdog - tags: - - service - - watchdog - - base - -# -#Set PS1 to show prod/stage environment at PS1 -#Should work in sh/bash. Needs tested in other shells -# -- name: set PS1 for prod and stage in /etc/profile.d - copy: src=setps1.sh.j2 dest=/etc/profile.d/setps1.sh - when: {{ env in ['production','staging'] }} - tags: - - base - - config - diff --git a/roles/base/tasks/watchdog.yml b/roles/base/tasks/watchdog.yml new file mode 100644 index 000000000..148c856e5 --- /dev/null +++ b/roles/base/tasks/watchdog.yml @@ -0,0 +1,34 @@ +- name: See if theres a watchdog device + stat: path=/dev/watchdog + when: ansible_virtualization_role == 'guest' + register: watchdog_dev + +- block: + + - name: install watchdog + package: pkg={{ item }} state=present + with_items: + - watchdog + tags: + - packages + - watchdog + - base + + - name: watchdog device configuration + copy: src=watchdog.conf dest=/etc/watchdog.conf owner=root group=root mode=644 + tags: + - config + - watchdog + - base + notify: restart watchdog + + - name: Set watchdog to run on boot + service: name=watchdog enabled=yes + ignore_errors: true + notify: + - restart watchdog + tags: + - service + - watchdog + - base + when: ansible_virtualization_role == 'guest' and watchdog_dev.stat.exists diff --git a/roles/base/templates/iptables/ip6tables b/roles/base/templates/iptables/ip6tables index 49db2f785..778599abc 100644 --- a/roles/base/templates/iptables/ip6tables +++ b/roles/base/templates/iptables/ip6tables @@ -17,6 +17,13 @@ -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +# if the blocked_ips is defined - drop them +{% if blocked_ip_v6 is defined %} +{% for ip in blocked_ip_v6 %} +-A INPUT -s {{ ip }} -j DROP +{% endfor %} +{% endif %} + # allow ssh - always -A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT diff --git a/roles/base/templates/iptables/ip6tables.jenkins.fedorainfracloud.org b/roles/base/templates/iptables/ip6tables.jenkins.fedorainfracloud.org index 066f3609e..fb2948702 100644 --- a/roles/base/templates/iptables/ip6tables.jenkins.fedorainfracloud.org +++ b/roles/base/templates/iptables/ip6tables.jenkins.fedorainfracloud.org @@ -33,6 +33,13 @@ COMMIT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +# if the blocked_ip_v6 is defined - drop them +{% if blocked_ip_v6 is defined %} +{% for ip in blocked_ips %} +-A INPUT -s {{ ip }} -j DROP +{% endfor %} +{% endif %} + # allow ssh - always -A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT diff --git a/roles/base/templates/iptables/iptables b/roles/base/templates/iptables/iptables index 4e42a834d..f3ebf6965 100644 --- a/roles/base/templates/iptables/iptables +++ b/roles/base/templates/iptables/iptables @@ -14,6 +14,13 @@ -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +# if the blocked_ips is defined - drop them +{% if blocked_ips is defined %} +{% for ip in blocked_ips %} +-A INPUT -s {{ ip }} -j DROP +{% endfor %} +{% endif %} + # allow ssh - always -A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT @@ -80,6 +87,7 @@ {% endfor %} {% endif %} + # if the host/group defines incoming tcp_ports - allow them {% if tcp_ports is defined %} {% for port in tcp_ports %} diff --git a/roles/base/templates/iptables/iptables.download-phx2 b/roles/base/templates/iptables/iptables.download-phx2 new file mode 100644 index 000000000..9047ba1af --- /dev/null +++ b/roles/base/templates/iptables/iptables.download-phx2 @@ -0,0 +1,114 @@ +# {{ ansible_managed }} +*filter +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] + +# allow ping and traceroute +-A INPUT -p icmp -j ACCEPT + +# localhost is fine +-A INPUT -i lo -j ACCEPT + +# Established connections allowed +-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT + +# allow ssh - always +-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT + +# for nrpe - allow it from nocs +-A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT +# FIXME - this is the global nat-ip and we need the noc01-specific ip +-A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.102 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT + +{% if env != 'staging' and datacenter == 'phx2' and inventory_hostname not in groups['staging-friendly'] %} +# +# In the phx2 datacenter, both production and staging hosts are in the same +# subnet/vlan. We want production hosts to reject connectons from staging group hosts +# to prevent them from interfering with production. There are however a few hosts in +# production we have marked 'staging-friendly' that we do allow staging to talk to for +# mostly read-only data they need. +# +{% for host in groups['staging']|sort %} +{% if 'eth0_ip' in hostvars[host] %}# {{ host }} +-A INPUT -s {{ hostvars[host]['eth0_ip'] }} -j REJECT --reject-with icmp-host-prohibited +{% else %}# {{ host }} has no 'eth0_ip' listed +{% endif %} +{% endfor %} +{% endif %} + +{% if ansible_domain == 'qa.fedoraproject.org' and inventory_hostname not in groups['qa-isolated'] %} +# +# In the qa.fedoraproject.org network, we want machines not in the qa-isolated group +# to block all access from that group. This is to protect them from any possible attack +# vectors from qa-isolated machines. +# +# Here we hard code beaker client nodes. They are managed by beaker and are not in ansible. +-A INPUT -s 10.5.131.31 -j REJECT --reject-with icmp-host-prohibited +-A INPUT -s 10.5.131.32 -j REJECT --reject-with icmp-host-prohibited +-A INPUT -s 10.5.131.33 -j REJECT --reject-with icmp-host-prohibited +-A INPUT -s 10.5.131.34 -j REJECT --reject-with icmp-host-prohibited +-A INPUT -s 10.5.131.35 -j REJECT --reject-with icmp-host-prohibited +-A INPUT -s 10.5.131.36 -j REJECT --reject-with icmp-host-prohibited +-A INPUT -s 10.5.131.37 -j REJECT --reject-with icmp-host-prohibited +-A INPUT -s 10.5.131.38 -j REJECT --reject-with icmp-host-prohibited +-A INPUT -s 10.5.131.39 -j REJECT --reject-with icmp-host-prohibited +-A INPUT -s 10.5.131.40 -j REJECT --reject-with icmp-host-prohibited +-A INPUT -s 10.5.131.41 -j REJECT --reject-with icmp-host-prohibited +-A INPUT -s 10.5.131.42 -j REJECT --reject-with icmp-host-prohibited +-A INPUT -s 10.5.131.43 -j REJECT --reject-with icmp-host-prohibited +-A INPUT -s 10.5.131.44 -j REJECT --reject-with icmp-host-prohibited +-A INPUT -s 10.5.131.45 -j REJECT --reject-with icmp-host-prohibited +-A INPUT -s 10.5.131.46 -j REJECT --reject-with icmp-host-prohibited +-A INPUT -s 10.5.131.47 -j REJECT --reject-with icmp-host-prohibited +-A INPUT -s 10.5.131.48 -j REJECT --reject-with icmp-host-prohibited +-A INPUT -s 10.5.131.49 -j REJECT --reject-with icmp-host-prohibited +{% for host in groups['qa-isolated']|sort %} +{% if 'eth0_ip' in hostvars[host] %}# {{ host }} +-A INPUT -s {{ hostvars[host]['eth0_ip'] }} -j REJECT --reject-with icmp-host-prohibited +{% else %}# {{ host }} has no 'eth0_ip' listed +{% endif %} +{% endfor %} +{% endif %} +# if the host declares a fedmsg-enabled wsgi app, open ports for it +{% if wsgi_fedmsg_service is defined %} +{% for i in range(wsgi_procs * wsgi_threads) %} +-A INPUT -p tcp -m tcp --dport 30{{ '%02d' % i }} -j ACCEPT +{% endfor %} +{% endif %} + +# if the blocked_ips is defined - drop them +{% if blocked_ips is defined %} +{% for ip in blocked_ips %} +-A INPUT -s {{ ip }} -j DROP +{% endfor %} +{% endif %} + +# if the host/group defines incoming tcp_ports - allow them +{% if tcp_ports is defined %} +{% for port in tcp_ports %} +-A INPUT -p tcp -m tcp --dport {{ port }} -j ACCEPT +{% endfor %} +{% endif %} + +# if the host/group defines incoming udp_ports - allow them +{% if udp_ports is defined %} +{% for port in udp_ports %} +-A INPUT -p udp -m udp --dport {{ port }} -j ACCEPT +{% endfor %} +{% endif %} + +# if there are custom rules - put them in as-is +{% if custom_rules is defined %} +{% for rule in custom_rules %} +{{ rule }} +{% endfor %} +{% endif %} + +# otherwise kick everything out +-A INPUT -j REJECT --reject-with icmp-host-prohibited +-A FORWARD -j REJECT --reject-with icmp-host-prohibited +COMMIT diff --git a/roles/base/templates/iptables/iptables.jenkins.fedorainfracloud.org b/roles/base/templates/iptables/iptables.jenkins.fedorainfracloud.org index 1cbe7212f..30f7b56a4 100644 --- a/roles/base/templates/iptables/iptables.jenkins.fedorainfracloud.org +++ b/roles/base/templates/iptables/iptables.jenkins.fedorainfracloud.org @@ -30,6 +30,13 @@ COMMIT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +# if the blocked_ips is defined - drop them +{% if blocked_ips is defined %} +{% for ip in blocked_ips %} +-A INPUT -s {{ ip }} -j DROP +{% endfor %} +{% endif %} + # allow ssh - always -A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT diff --git a/roles/base/templates/iptables/iptables.kojibuilder b/roles/base/templates/iptables/iptables.kojibuilder index ee1462b3a..ee2d5a372 100644 --- a/roles/base/templates/iptables/iptables.kojibuilder +++ b/roles/base/templates/iptables/iptables.kojibuilder @@ -20,6 +20,13 @@ -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +# if the blocked_ips is defined - drop them +{% if blocked_ips is defined %} +{% for ip in blocked_ips %} +-A INPUT -s {{ ip }} -j DROP +{% endfor %} +{% endif %} + # kojipkgs -A OUTPUT -p tcp -m tcp -d 10.5.125.36 --dport 80 -j ACCEPT -A OUTPUT -p tcp -m tcp -d 10.5.125.36 --dport 443 -j ACCEPT @@ -73,6 +80,9 @@ -A OUTPUT -m tcp -p tcp --dport 9418 -d 140.211.169.199 -j ACCEPT -A OUTPUT -m udp -p udp --dport 9418 -d 140.211.169.199 -j ACCEPT +# git on pagure,io +-A OUTPUT -p tcp -m tcp -d 140.211.169.204 --dport 443 -j ACCEPT + # admin.fedoraproject.org for fas (proyx01 and proxy10) -A OUTPUT -p tcp -m tcp -d 10.5.126.51 --dport 80 -j ACCEPT -A OUTPUT -p tcp -m tcp -d 10.5.126.51 --dport 443 -j ACCEPT diff --git a/roles/base/templates/iptables/iptables.openstack-compute b/roles/base/templates/iptables/iptables.openstack-compute index 3b7b11bf1..f8b1049cf 100644 --- a/roles/base/templates/iptables/iptables.openstack-compute +++ b/roles/base/templates/iptables/iptables.openstack-compute @@ -14,6 +14,13 @@ -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +# if the blocked_ips is defined - drop them +{% if blocked_ips is defined %} +{% for ip in blocked_ips %} +-A INPUT -s {{ ip }} -j DROP +{% endfor %} +{% endif %} + # allow ssh - always -A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT diff --git a/roles/base/templates/iptables/iptables.osuosl b/roles/base/templates/iptables/iptables.osuosl index 9efba777f..44ddbad10 100644 --- a/roles/base/templates/iptables/iptables.osuosl +++ b/roles/base/templates/iptables/iptables.osuosl @@ -14,6 +14,13 @@ -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +# if the blocked_ips is defined - drop them +{% if blocked_ips is defined %} +{% for ip in blocked_ips %} +-A INPUT -s {{ ip }} -j DROP +{% endfor %} +{% endif %} + # allow ssh only from needed ips # vpn in from tun0 -A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -s 192.168.0.0/24 -i tun0 -j ACCEPT diff --git a/roles/base/templates/iptables/iptables.releng b/roles/base/templates/iptables/iptables.releng index 7a27e0cb1..7a26944be 100644 --- a/roles/base/templates/iptables/iptables.releng +++ b/roles/base/templates/iptables/iptables.releng @@ -34,6 +34,13 @@ COMMIT -A INPUT -p tcp -m tcp -s 209.132.181.35 --dport 5666 -j ACCEPT -A INPUT -p tcp -m tcp -s 10.5.126.41 --dport 5666 -j ACCEPT +# if the blocked_ips is defined - drop them +{% if blocked_ips is defined %} +{% for ip in blocked_ips %} +-A INPUT -s {{ ip }} -j DROP +{% endfor %} +{% endif %} + # SSH # ssh block against uni in .cz where problem(s) have been cited # added by skvidal on jan 24 2011 - as per request from spot diff --git a/roles/base/templates/iptables/iptables.serverbeach06.fedoraproject.org b/roles/base/templates/iptables/iptables.serverbeach06.fedoraproject.org deleted file mode 100644 index c7542a13e..000000000 --- a/roles/base/templates/iptables/iptables.serverbeach06.fedoraproject.org +++ /dev/null @@ -1,83 +0,0 @@ -# {{ ansible_managed }} -*nat -:PREROUTING ACCEPT [7058:343124] -:INPUT ACCEPT [14:880] -:OUTPUT ACCEPT [3:224] -:POSTROUTING ACCEPT [428:23328] -# dnat and snat everything to the internal virt host -#-A PREROUTING -d guest_ip/32 -j DNAT --to-destination 192.168.122.2 -#-A POSTROUTING -s 192.168.122.2/32 -j SNAT --to-source guest_ip --A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 --A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 --A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE -COMMIT -*filter -:INPUT ACCEPT [0:0] -:FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [0:0] - -# allow ping and traceroute --A INPUT -p icmp -j ACCEPT - -# localhost is fine --A INPUT -i lo -j ACCEPT - -# Established connections allowed --A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT --A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT - -# allow ssh - always --A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT - -# for nrpe - allow it from nocs --A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT -# FIXME - this is the global nat-ip and we need the noc01-specific ip --A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.102 -j ACCEPT --A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT --A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT - -{% if env != 'staging' and datacenter == 'phx2' and inventory_hostname not in groups['staging-friendly'] %} -# -# In the phx2 datacenter, both production and staging hosts are in the same -# subnet/vlan. We want production hosts to reject connectons from staging group hosts -# to prevent them from interfering with production. There are however a few hosts in -# production we have marked 'staging-friendly' that we do allow staging to talk to for -# mostly read-only data they need. -# -{% for host in groups['staging'] %} -{% if 'eth0_ip' in hostvars[host] %}# {{ host }} --A INPUT -s {{ hostvars[host]['eth0_ip'] }} -j REJECT --reject-with icmp-host-prohibited -{% else %}# {{ host }} has no 'eth0_ip' listed -{% endif %} -{% endfor %} -{% endif %} - -# if the host/group defines incoming tcp_ports - allow them -{% if tcp_ports is defined %} -{% for port in tcp_ports %} --A INPUT -p tcp -m tcp --dport {{ port }} -j ACCEPT -{% endfor %} -{% endif %} - -# if the host/group defines incoming udp_ports - allow them -{% if udp_ports is defined %} -{% for port in udp_ports %} --A INPUT -p udp -m udp --dport {{ port }} -j ACCEPT -{% endfor %} -{% endif %} - -# if there are custom rules - put them in as-is -{% if custom_rules is defined %} -{% for rule in custom_rules %} -{{ rule }} -{% endfor %} -{% endif %} - -# otherwise kick everything out --A INPUT -j REJECT --reject-with icmp-host-prohibited - -# source and dest of the guest ip we forward into the guest -#-A FORWARD -d guest_ip/32 -j ACCEPT -#-A FORWARD -s guest_ip/32 -j ACCEPT --A FORWARD -j REJECT --reject-with icmp-host-prohibited -COMMIT diff --git a/roles/base/templates/iptables/iptables.serverbeach07.fedoraproject.org b/roles/base/templates/iptables/iptables.serverbeach07.fedoraproject.org deleted file mode 100644 index 94e4b401b..000000000 --- a/roles/base/templates/iptables/iptables.serverbeach07.fedoraproject.org +++ /dev/null @@ -1,79 +0,0 @@ -# {{ ansible_managed }} -*nat -:PREROUTING ACCEPT [7058:343124] -:INPUT ACCEPT [14:880] -:OUTPUT ACCEPT [3:224] -:POSTROUTING ACCEPT [428:23328] -# dnat and snat everything to the internal virt host --A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 --A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 --A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE -COMMIT -*filter -:INPUT ACCEPT [0:0] -:FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [0:0] - -# allow ping and traceroute --A INPUT -p icmp -j ACCEPT - -# localhost is fine --A INPUT -i lo -j ACCEPT - -# Established connections allowed --A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT --A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT - -# allow ssh - always --A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT - -# for nrpe - allow it from nocs --A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT -# FIXME - this is the global nat-ip and we need the noc01-specific ip --A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.102 -j ACCEPT --A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT --A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT - -{% if env != 'staging' and datacenter == 'phx2' and inventory_hostname not in groups['staging-friendly'] %} -# -# In the phx2 datacenter, both production and staging hosts are in the same -# subnet/vlan. We want production hosts to reject connectons from staging group hosts -# to prevent them from interfering with production. There are however a few hosts in -# production we have marked 'staging-friendly' that we do allow staging to talk to for -# mostly read-only data they need. -# -{% for host in groups['staging'] %} -{% if 'eth0_ip' in hostvars[host] %}# {{ host }} --A INPUT -s {{ hostvars[host]['eth0_ip'] }} -j REJECT --reject-with icmp-host-prohibited -{% else %}# {{ host }} has no 'eth0_ip' listed -{% endif %} -{% endfor %} -{% endif %} - -# if the host/group defines incoming tcp_ports - allow them -{% if tcp_ports is defined %} -{% for port in tcp_ports %} --A INPUT -p tcp -m tcp --dport {{ port }} -j ACCEPT -{% endfor %} -{% endif %} - -# if the host/group defines incoming udp_ports - allow them -{% if udp_ports is defined %} -{% for port in udp_ports %} --A INPUT -p udp -m udp --dport {{ port }} -j ACCEPT -{% endfor %} -{% endif %} - -# if there are custom rules - put them in as-is -{% if custom_rules is defined %} -{% for rule in custom_rules %} -{{ rule }} -{% endfor %} -{% endif %} - -# otherwise kick everything out --A INPUT -j REJECT --reject-with icmp-host-prohibited - -# source and dest of the guest ip we forward into the guest --A FORWARD -j REJECT --reject-with icmp-host-prohibited -COMMIT diff --git a/roles/base/templates/iptables/iptables.serverbeach08.fedoraproject.org b/roles/base/templates/iptables/iptables.serverbeach08.fedoraproject.org deleted file mode 100644 index c7542a13e..000000000 --- a/roles/base/templates/iptables/iptables.serverbeach08.fedoraproject.org +++ /dev/null @@ -1,83 +0,0 @@ -# {{ ansible_managed }} -*nat -:PREROUTING ACCEPT [7058:343124] -:INPUT ACCEPT [14:880] -:OUTPUT ACCEPT [3:224] -:POSTROUTING ACCEPT [428:23328] -# dnat and snat everything to the internal virt host -#-A PREROUTING -d guest_ip/32 -j DNAT --to-destination 192.168.122.2 -#-A POSTROUTING -s 192.168.122.2/32 -j SNAT --to-source guest_ip --A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 --A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 --A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE -COMMIT -*filter -:INPUT ACCEPT [0:0] -:FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [0:0] - -# allow ping and traceroute --A INPUT -p icmp -j ACCEPT - -# localhost is fine --A INPUT -i lo -j ACCEPT - -# Established connections allowed --A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT --A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT - -# allow ssh - always --A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT - -# for nrpe - allow it from nocs --A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT -# FIXME - this is the global nat-ip and we need the noc01-specific ip --A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.102 -j ACCEPT --A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT --A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT - -{% if env != 'staging' and datacenter == 'phx2' and inventory_hostname not in groups['staging-friendly'] %} -# -# In the phx2 datacenter, both production and staging hosts are in the same -# subnet/vlan. We want production hosts to reject connectons from staging group hosts -# to prevent them from interfering with production. There are however a few hosts in -# production we have marked 'staging-friendly' that we do allow staging to talk to for -# mostly read-only data they need. -# -{% for host in groups['staging'] %} -{% if 'eth0_ip' in hostvars[host] %}# {{ host }} --A INPUT -s {{ hostvars[host]['eth0_ip'] }} -j REJECT --reject-with icmp-host-prohibited -{% else %}# {{ host }} has no 'eth0_ip' listed -{% endif %} -{% endfor %} -{% endif %} - -# if the host/group defines incoming tcp_ports - allow them -{% if tcp_ports is defined %} -{% for port in tcp_ports %} --A INPUT -p tcp -m tcp --dport {{ port }} -j ACCEPT -{% endfor %} -{% endif %} - -# if the host/group defines incoming udp_ports - allow them -{% if udp_ports is defined %} -{% for port in udp_ports %} --A INPUT -p udp -m udp --dport {{ port }} -j ACCEPT -{% endfor %} -{% endif %} - -# if there are custom rules - put them in as-is -{% if custom_rules is defined %} -{% for rule in custom_rules %} -{{ rule }} -{% endfor %} -{% endif %} - -# otherwise kick everything out --A INPUT -j REJECT --reject-with icmp-host-prohibited - -# source and dest of the guest ip we forward into the guest -#-A FORWARD -d guest_ip/32 -j ACCEPT -#-A FORWARD -s guest_ip/32 -j ACCEPT --A FORWARD -j REJECT --reject-with icmp-host-prohibited -COMMIT diff --git a/roles/base/templates/iptables/iptables.serverbeach09.fedoraproject.org b/roles/base/templates/iptables/iptables.serverbeach09.fedoraproject.org deleted file mode 100644 index 634981d24..000000000 --- a/roles/base/templates/iptables/iptables.serverbeach09.fedoraproject.org +++ /dev/null @@ -1,81 +0,0 @@ -# {{ ansible_managed }} -*nat -:PREROUTING ACCEPT [7058:343124] -:INPUT ACCEPT [14:880] -:OUTPUT ACCEPT [3:224] -:POSTROUTING ACCEPT [428:23328] -# dnat and snat everything to the internal virt host --A PREROUTING -d 69.174.247.243/32 -j DNAT --to-destination 192.168.122.3 --A POSTROUTING -s 192.168.122.3/32 -j SNAT --to-source 69.174.247.243 --A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 --A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 --A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE -COMMIT -*filter -:INPUT ACCEPT [0:0] -:FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [0:0] - -# allow ping and traceroute --A INPUT -p icmp -j ACCEPT - -# localhost is fine --A INPUT -i lo -j ACCEPT - -# Established connections allowed --A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT --A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT - -# allow ssh - always --A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT - -# for nrpe - allow it from nocs --A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT -# FIXME - this is the global nat-ip and we need the noc01-specific ip --A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.102 -j ACCEPT --A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT --A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT - -{% if env != 'staging' and datacenter == 'phx2' and inventory_hostname not in groups['staging-friendly'] %} -# -# In the phx2 datacenter, both production and staging hosts are in the same -# subnet/vlan. We want production hosts to reject connectons from staging group hosts -# to prevent them from interfering with production. There are however a few hosts in -# production we have marked 'staging-friendly' that we do allow staging to talk to for -# mostly read-only data they need. -# -{% for host in groups['staging'] %} -{% if 'eth0_ip' in hostvars[host] %}# {{ host }} --A INPUT -s {{ hostvars[host]['eth0_ip'] }} -j REJECT --reject-with icmp-host-prohibited -{% else %}# {{ host }} has no 'eth0_ip' listed -{% endif %} -{% endfor %} -{% endif %} - -# if the host/group defines incoming tcp_ports - allow them -{% if tcp_ports is defined %} -{% for port in tcp_ports %} --A INPUT -p tcp -m tcp --dport {{ port }} -j ACCEPT -{% endfor %} -{% endif %} - -# if the host/group defines incoming udp_ports - allow them -{% if udp_ports is defined %} -{% for port in udp_ports %} --A INPUT -p udp -m udp --dport {{ port }} -j ACCEPT -{% endfor %} -{% endif %} - -# if there are custom rules - put them in as-is -{% if custom_rules is defined %} -{% for rule in custom_rules %} -{{ rule }} -{% endfor %} -{% endif %} - -# otherwise kick everything out --A INPUT -j REJECT --reject-with icmp-host-prohibited - -# source and dest of the guest ip we forward into the guest --A FORWARD -j REJECT --reject-with icmp-host-prohibited -COMMIT diff --git a/roles/base/templates/iptables/iptables.staging b/roles/base/templates/iptables/iptables.staging index fbd082e4f..a0e32ffe1 100644 --- a/roles/base/templates/iptables/iptables.staging +++ b/roles/base/templates/iptables/iptables.staging @@ -26,6 +26,13 @@ COMMIT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +# if the blocked_ips is defined - drop them +{% if blocked_ips is defined %} +{% for ip in blocked_ips %} +-A INPUT -s {{ ip }} -j DROP +{% endfor %} +{% endif %} + # allow ssh - always -A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT diff --git a/roles/base/templates/iptables/iptables.torrent02.fedoraproject.org b/roles/base/templates/iptables/iptables.torrent02.fedoraproject.org index dedc78257..7609fa095 100644 --- a/roles/base/templates/iptables/iptables.torrent02.fedoraproject.org +++ b/roles/base/templates/iptables/iptables.torrent02.fedoraproject.org @@ -14,6 +14,13 @@ -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +# if the blocked_ips is defined - drop them +{% if blocked_ips is defined %} +{% for ip in blocked_ips %} +-A INPUT -s {{ ip }} -j DROP +{% endfor %} +{% endif %} + # allow ssh - always -A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT @@ -80,6 +87,7 @@ {% endfor %} {% endif %} + # if the host/group defines incoming tcp_ports - allow them {% if tcp_ports is defined %} {% for port in tcp_ports %} @@ -112,4 +120,5 @@ COMMIT # We don't want to track all the torrent tracker connections, there's too many. # -A PREROUTING -p tcp -m tcp --dport 6969 -j NOTRACK +-A OUTPUT -p tcp -m tcp --sport 6969 -j NOTRACK COMMIT diff --git a/roles/basset/frontend/files/basset.conf b/roles/basset/frontend/files/basset.conf new file mode 100644 index 000000000..75540eb3a --- /dev/null +++ b/roles/basset/frontend/files/basset.conf @@ -0,0 +1,15 @@ +WSGIDaemonProcess basset user=basset-frontend group=basset-frontend threads=5 +WSGIScriptAlias /basset /usr/share/basset/basset-frontend + +<Location /basset> + AuthType basic + AuthName "Basset Frontend" + AuthUserFile "/etc/httpd/conf.d/basset.htpasswd" + Require valid-user +</Location> + +<Directory /usr/share/basset> + WSGIProcessGroup basset + WSGIApplicationGroup %{GLOBAL} + Require all granted +</Directory> diff --git a/roles/basset/frontend/tasks/main.yml b/roles/basset/frontend/tasks/main.yml new file mode 100644 index 000000000..6ae7f046b --- /dev/null +++ b/roles/basset/frontend/tasks/main.yml @@ -0,0 +1,54 @@ +- name: install needed packages + yum: pkg={{ item }} state=present + with_items: + - basset-frontend + tags: + - basset + - basset/frontend + +- name: install basset config + template: src=frontend.cfg.j2 dest=/etc/basset/frontend.cfg + owner=basset-frontend group=basset-frontend mode=0600 + notify: + - restart httpd + tags: + - basset + - basset/frontend + +- name: install staging htpasswd + copy: src={{private}}/files/httpd/basset.stg.htpasswd dest=/etc/httpd/conf.d/basset.htpasswd + owner=root group=root mode=0644 + when: env == "staging" + notify: + - restart httpd + tags: + - basset + - basset/frontend + +- name: install prod htpasswd + copy: src={{private}}/files/httpd/basset.prod.htpasswd dest=/etc/httpd/conf.d/basset.htpasswd + owner=root group=root mode=0644 + when: env != "staging" + notify: + - restart httpd + tags: + - basset + - basset/frontend + +- name: set sebooleans so basset-frontend can talk to the broker + seboolean: name=httpd_can_network_connect + state=true + persistent=true + tags: + - basset + - basset/frontend + - selinux + +- name: install frontend config + copy: src=basset.conf dest=/etc/httpd/conf.d/basset.conf + owner=root group=root mode=0644 + notify: + - restart httpd + tags: + - basset + - basset/frontend diff --git a/roles/basset/frontend/templates/frontend.cfg.j2 b/roles/basset/frontend/templates/frontend.cfg.j2 new file mode 100644 index 000000000..47fbf97d7 --- /dev/null +++ b/roles/basset/frontend/templates/frontend.cfg.j2 @@ -0,0 +1,11 @@ +[submission_access] +{% if env == "staging" %} +10.5.126.60 = mediawiki.new,mediawiki.edit +10.5.126.86 = fedora.fas.registration,fedora.fas.cla_sign +{% else %} +10.5.126.63 = mediawiki.new,mediawiki.edit +10.5.126.73 = mediawiki.new,mediawiki.edit +10.5.126.25 = fedora.fas.registration,fedora.fas.cla_sign +10.5.126.26 = fedora.fas.registration,fedora.fas.cla_sign +10.5.126.30 = fedora.fas.registration,fedora.fas.cla_sign +{% endif %} diff --git a/roles/basset/worker/tasks/main.yml b/roles/basset/worker/tasks/main.yml new file mode 100644 index 000000000..fe56c9505 --- /dev/null +++ b/roles/basset/worker/tasks/main.yml @@ -0,0 +1,20 @@ +- name: install needed packages + yum: pkg={{ item }} state=present + with_items: + - basset + tags: + - basset + - basset/worker + +- name: install worker config + template: src={{private}}/files/basset/worker.cfg.j2 dest=/etc/basset/worker.cfg + mode=0600 owner=basset-worker group=basset-worker + tags: + - basset + - basset/worker + +- name: start basset worker + service: name=basset-worker state=started enabled=yes + tags: + - basset + - basset/worker diff --git a/roles/batcave/files/ssh_known_hosts b/roles/batcave/files/ssh_known_hosts index 09a71c638..a26182bfc 100644 --- a/roles/batcave/files/ssh_known_hosts +++ b/roles/batcave/files/ssh_known_hosts @@ -1,12 +1,8 @@ -aarch64-02a.arm.fedoraproject.org,aarch64-02a,10.5.78.75 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHBur5PgXaCLSmLMbR6IggynEmBk2A1mL/L5sJtW/McQ5Jwnc/7lO2YdGImQgZPNSFWvepY9pCTpLPLI2Q+Zs0ynlQXR7Y6txckNhK3sPomzcGeNXlZKmXKdUpLGl2NahZgXkVhI7biBZlEt7UIHw2cev/gfWbGLEkq4ICLQzg/dpU8GcZ/KrX9lQUBK34TflDftEQ9OQLaqmeeOu3MXi0kxbpacQihZs14nHJFbBFaWQrXrtW39L4oyq+0Z3T4F5dw0hIyC/fIm7uktrbW2cwKCR52evtEZsrCyJEVRucaNVjUPMX+WxkRFYmRV0ad3n139+W4EMpq9fbhGLN4ayn aarch64-02a.arm.fedoraproject.org -aarch64-05a.arm.fedoraproject.org,aarch64-05a,10.5.78.150 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUdxodcGnvn0iS70Yqd1LvGx7Zz1Mp50evRPu5W64bepTechFZzhqpg8qHEh18RUryA1e/5N0JImHpr24HELbU5Z9l0g2mqt2a3WNU0MCpBh9q3qcVrQ3sUYlAahvQz9SXEoEX9v3hN2ewUjt0a8QDYViZcHMDFED0Xhe7oZ4/3g583cw7N9lYGry2zmch7trejpU9M4A2iavIE1+qBtRAudee9UpDHB3pJvHn+y5hTb/iFt7gx6lBZO8/9yyWsb9u/+VtdQoUyheLpa1Z411UvHuAP7wlsdE2+dcqzfE6OjrKDTcUQSekAsYVPbBgEMbpl+YlhUtHUyu4l/QYMlLJ aarch64-05a.arm.fedoraproject.org -aarch64-07a.arm.fedoraproject.org,aarch64-07a,10.5.78.160 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGi1Xms2zBSVmBfZAUHHaYouaa4VhP0URfqNFjx0Srq8u8ziMtWWYph+a87Ew6U39QAB9/TZ53tZJHetH/3Ysn+k58wvrwTdPyucxyeALRroWazlowJCI26u7SoH0+1J2cs9R83RjsA/RK1IlanjHy7qVkQBebjts020IrhvDzmvOypd07Nfz/9klQ4Gn3Ao5GocvKcxY5Wv5kBjjQ/GqJSTnxq1OIVGjvb6IRKSbDbXQBYsEb4qWmuwzxJY5qhy+F4kuDQp/vMoFj9et0icfwG0uC5g0OOHyQxko1EFZgKfEr+o0Knml4rd6UnVL5RovX7EiaH1H6dXrJSmqOuvPH aarch64-07a.arm.fedoraproject.org +aarch64-02a.arm.fedoraproject.org,aarch64-02a,10.5.78.75 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPV+CexFLFGe0tALhz5xQRxpKcwOlxcC4Oqqc8RcetR5vJAyEb/JrBkCpwLQEh4YXUcjZTXm3ckmjt3SA6PgnY/zzR+udZ/R4mTHjx9lkOzjDw3zP7/BHoe3Kiiu48h+Bwfv5jHVgkSynqu1+nzJXQseR3GCT08UrI0k9YvxJ3kEQnWpKfN1gkJ1BAhZHZrGI/6X1JSlRMSSiyzdClJw9PPyiWOW+oNJc5gb6SdZICoIOyG1BDk/2ZPX5VU1+jUlc93Gjd/cRsaA+xddet7R4tbzR3cTWKmWNGeE7wS8QzRTnw677nMOXTYhM+2GcBf7vVqNynrmwSfqFLPb7gI4vz aarch64-02a.arm.fedoraproject.org aarch64-08a.arm.fedoraproject.org,aarch64-08a,10.5.78.165 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCkOu0UMgfVbw1steEP21WpQ+xyzKYC5PxF7pctbw6kMs4U3q7mgP1fX98lwzSwnLNVpLDQ/le5k2b2zq/IeTfU+kqx4KIun4FA/nXdwfswO8V0Ro/7GU0reSJaJhX4Kua96LTwNIeQJ/yV02oFeEjpz5Vf+DyaBmT/3Gru20ebQbZ8yaQ0+5hM2czyhZTV2wikZbJULazjm6ZmNvNbAqoD9cqOmtz/5eRC+VbrP4Sdii7NGoqqHb0vXfwFYsL3pqI4jSPDlxyFGama8XIxlsKKAtU2FWnn3xhUtprCpFLK8te1R7OjFvWax/ZIoUR9dmT34Ivf0CTAyJY0CU/moToJ aarch64-08a.arm.fedoraproject.org -aarch64-09a.arm.fedoraproject.org,aarch64-09a,10.5.78.170 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRsDx6Z8L2hddr+LrGHotbFNy1eaZTBlnrTvnisP2xhbDOiwdHlTsrs5qPtTet7puaB5V0YlORfOEldGkebyZANnEk3jUQvLb5t9h/EqiGAHHG1wNdWX3+c/NU2dw8BOFmJqqq8UtZGQ2T1bAR3A9eK53E7kyXyBVcBdvRAFc3UtO5H3kdBrtYeDIizK8+xIxlO4oq1sAjhP6w27OJleqgNLNEtMDpLJl9PA+238oUcfIzeNAOVv1zErDAbzIFnC1S7bpyE8EFGVsgL0ailyU+KEGJxrhSVUMQwqAiRpbqbmIQW2Sjis9vUHCf0zsGrIVIpOAwSVeZV+dRePn7Hh4F aarch64-09a.arm.fedoraproject.org aarch64-10a.arm.fedoraproject.org,aarch64-10a,10.5.78.175 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSY+u5CubguVMcLvG/JN6fmNcME/7/eTaDJuGQ+qTBu06cXrsQbN5r/Rj5h6VZKumKSaa17Ea54P5TDS8KneaJSAOu7ybAGhLlPYD/wBzJaThf3/BoeqfWqdVoTAASwxvV27fqIPDypF5AhBatGVY1rUZB7GKtTgm/VP5hVqVzimBImJdYUK+WHhvVsaNZGF4imhtfGQDPk13D+sJzAB+q/v0qN/OM5K0yBQUI2YHxgFjQbA8c9YuT6uy4OWjspd3LJpSS7ohcuKObJzihZVSBuvhO1ha9bHN9+QhatxR7VxlDqTCwsud0ZW2WlOrDIb1JfDYrFMdVJjmCAM3+6BBn aarch64-10a.arm.fedoraproject.org anitya-backend01.fedoraproject.org,anitya-backend01,140.211.169.230,192.168.100.6 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCTqxpo78GMRKV/0RKitRajvGHfZ4hord0xwZHH5hwexVugTWRC1T14oEeyD2vBcO3VY5RaQAg/RWHwHoaAR7WFmS9FQlR0h+wW9NlBuvgI3l8+Gb+FPHGX1XH8ppvAC+3gbPpwBTojErqPVFVIKWX60EP38Aywjm4i5VF+hgGXXG04UTo2cOd9F1NxW+vov8PDVwVwU9DIiLLdlUKb1ckfsMfdnD/Nrr+2He2g+/Qm6VDerl7D8GJsUxST7VizbA8mEBqKHRgksTXK3GyaDYAD0WJHcNpd9/CMyo2iRjSGjPoTyfRDbD3CDVTKumjztC5O+gRxbMEd/KYnVyISjE9d anitya-backend01.fedoraproject.org anitya-frontend01.fedoraproject.org,anitya-frontend01,140.211.169.229,192.168.100.5 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCn+G4xh9W4xyv0i05Ob39mr8e4gnIc6Dd+o2hS5pWy3yif+Yyih+DcTNUNRzWWwKExLNMj9psPqa/eCA/xm8b1BRPotYvfHi033nnrBGz4Cdk3fPDOBf0lZcZRsnb6VLg9OteRz4/NcWUzyZ8ROEdT2FhBsKEC6kgt+muZTVldGTIOsIC1jkWv2SrErJws0Sjq8mUue80CLZBr7gsy10URiDbsMXtHCQPeB2UM0bvNLqvSTzq4KIlsOzlGLj/PAmQl/qNQ+z/Zb95X+qkbYoF7u9bmpRERvFvBeZJYR4vsOs3jHWuWkwOA5xgrS9eaLkH7FUJxSk760u7gzBv9KEQh anitya-frontend01.fedoraproject.org -arm-hub01.qa.fedoraproject.org,arm.koji.fedoraproject.org,arm-koji01,10.5.124.138 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzsfx1T0sWiKS679BX6DiVoFRexrh51/fCdoeHVj8sPm7kNlx/Dzm9qkQhuFwa/61Kv08qKgm8PMftMlEmIfVmCH/yOji9aYxkca6Fk4S7STqBqSD33oMe3IEcRq2nHRNbqAXz0WGmyfn53+H7CF4MTf7damWNTL/QrNKjCxDuup/va98sauNfi+6277JP+USJC82CSh3MgKrTr7BzLVZermk/uQsv7MXnt3ImuD7jcnLqWO3BQuID4aU0JDUyq9oCkmAOnfpVl94UbIT3P3+yj5RkEMdR2TVYJdKUWzKaDFlmsrGdG8ZgHv2Xwkprn2rvq0bf8eTFXpnqrltzQSSZ arm-hub01.qa.fedoraproject.org arm-koji01.qa.fedoraproject.org,arm.koji.fedoraproject.org,arm-koji01,10.5.124.138 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzsfx1T0sWiKS679BX6DiVoFRexrh51/fCdoeHVj8sPm7kNlx/Dzm9qkQhuFwa/61Kv08qKgm8PMftMlEmIfVmCH/yOji9aYxkca6Fk4S7STqBqSD33oMe3IEcRq2nHRNbqAXz0WGmyfn53+H7CF4MTf7damWNTL/QrNKjCxDuup/va98sauNfi+6277JP+USJC82CSh3MgKrTr7BzLVZermk/uQsv7MXnt3ImuD7jcnLqWO3BQuID4aU0JDUyq9oCkmAOnfpVl94UbIT3P3+yj5RkEMdR2TVYJdKUWzKaDFlmsrGdG8ZgHv2Xwkprn2rvq0bf8eTFXpnqrltzQSSZ arm-koji01.qa.fedoraproject.org arm01-builder00.arm.fedoraproject.org,arm01-builder00,10.5.78.10 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDX4ZpZ37wiLVVXPyar44OQuzcxFmy1RlZw8h6Ayg47x/InT4S1kezepwZCPyHK550W/7UWyU8CLFPCEa0ok4/fDAv71Z4RSA3/eJoJ6IuwbhYgiaH5V/J/zF+DXdJPE0YVU+KzQv68qU5Xjtx7azU8+WNXeqw1Wu+6UfG4HC8TwXF+Q7O1MgJeAiDVG1qfM0ZXP3kjPrfcaUgXaLFGAaA49u2VFs8lnbIpROy2xns2s3z3K+Ao4s5eck8A3aC0hogxtRt6G4ZTwyBEpBqi50g9v0p0Qyvqyhgb7W190eCok6Vf3tIRcGBy24a5dvlyrIkMLDkuRHsaFWfmIzjbmTcj arm01-builder00.arm.fedoraproject.org arm01-builder02.arm.fedoraproject.org,arm01-builder02,10.5.78.12 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCk1RKgQEkfODfNzNaRr1jfz/K8CTN6i0ZPObGBx7CFvN+upZwDGMi6sO9QgriT/k1n7LO9mItDvJ1gLgnwnPvC/woCYD39DKyxoDNi2bXa0vkKWyz3UkjkbKTTum1KzzNkzywhppZg4NnJhe9Nl6CkMG4+69Prx/C93uMQ2MqzSPvXYjI5SA0Gr1dGHbJ8Pe+7NPdyb+uwp8VvpF1UL1fRIVrcy1v8N7UVsgkXOx/OM6s+GFEN7J9cERmg4YnHGOyD5ePLc9L9XRzb0TbkV1Urar3x8GH1OvgU8MRF9pmGmf99e6hC8QXN+ygoel97MbeWuiHQf+M+C25ReCYyubip arm01-builder02.arm.fedoraproject.org @@ -36,9 +32,9 @@ arm02-builder00.arm.fedoraproject.org,arm02-builder00,10.5.78.40 ssh-rsa AAAAB3N arm02-builder01.arm.fedoraproject.org,arm02-builder01,10.5.78.41 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDn1cBXGXlwtRnYVVUmFViJQSlSwdhGJYbnPbnbLn/8JcCMU72WZxDgERezDJXyU2ujLVtIvoXmPkKzkj0hWbDjfMvcbVNhI40DwfUm6Y4KNMbWOgL1RFgWsW0TzBj+4oymSeey2lQSgtj1B7oB0t7NG9Zttzjl8JpnJ63PSM6U5HWGitxUUTGztScni+gUG3a7aAXLVc+8sZM27+cFTua0RJKbhvfaJezjxQDDyipjw9wBmkdTKX0zZK/eYJ47XRyaykQ1l/ZDgyPxRrFnmvO6+Bk8nwqkhlIpKY6+0woKnW3lLRKEvM7EM+QDWdhXRPM2VCJclslnt4TuXCzWfvzb arm02-builder01.arm.fedoraproject.org arm02-builder02.arm.fedoraproject.org,arm02-builder02,10.5.78.42 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCgGozxMcXKpx3/H05Gj5ekwz04MCrWkShK94BaFZk0z8QTPb58p/SdppcTbI+69b4h0WiyY2NvFq7kLmB3ilRlrGV9RbdVloCetuMMoDHI5uwQzO0HCkCwObGyaSnT5lvPPGqKz3wGD2wa+7JqVe0oLrFob7r5xkPDaEdy6s1VFnQxTeaxdk4utrSqxeuBK5XGlHMv8H3GzNubA2PQGDmHoj5npRcjeJxgvHkJkVfFXqb9K1B/RN/eLDk4q+FHYy1LcXeTEFiZl0PsrdKE4FFtXWLM80jF7hFqdJWvE2bfq4tNwsyTN6cveaDyxZA1sByaLfsAestEWE1qPLIzKWtP arm02-builder02.arm.fedoraproject.org arm02-builder03.arm.fedoraproject.org,arm02-builder03,10.5.78.43 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWZHci1Be36FZgt8bAo9Yj5dJGnbN6VbPshVgDotS/LU1auyDvP/NEV+efsaRSLfsMrJDAVI+qsbEUIP4vZ8GZDlgiI76jDGC/oO5VlUVSYUlukuU2A6w7KQmqDrKyQGMfIzKWnstyNKr4pJ7Z5FEN0XOja1FDBfEby5UHt0uBUdL0YA+Wsak2Zxb+ooyfyqqoBJPP3LrgGNaFb12jBpdZ4DnciQX333Shk10udcGmXRtBO1eRS7Yt61pSvtaD4sLanPuLRnKlizH6SUeOqgZ1uTOu4nB81Ch7RSvaQIjN00cW0+lqn8sJpqv5RopZLQAQo2GiG8Y6EuRLfm9CQPqT arm02-builder03.arm.fedoraproject.org -arm02-builder04.arm.fedoraproject.org,arm02-builder04,10.5.78.44 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5AKzj/HwkZRfD9pHkBZ1VYA9QZGDDt0xCm/hhuyTPuFhHagA6R52WUG9XW80to/R/fsG9rj+Efybl4hsPEUa8DkL0Ne+GI4OklI2EgOu6vjw5OzoUoTyvbUZG0GUqmShAMIMKV0A9JI8iYcvzpllemrUGfuogtQmVlDKuGR1ocyqiZkuwC4QXi73uwHK5Sm2OxlX6RYmlI/zgpodB3mK/OAiJdVplNHSv+zNFlX8qT0mcaz36534mMGcSRRH/iHAFZd8hw4KgTS34VUwh/9E7Dgz5rhrJqQfaSOHV/EOJEjt+TxaiLIbsOSWKmtZ6DzTrohV4lutoxDPaAZcP7JiH arm02-builder04.arm.fedoraproject.org arm02-builder05.arm.fedoraproject.org,arm02-builder05,10.5.78.45 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCslb9ubOKZGP+fKLtvfkDnDdSDj7InR7b4alVdFxdGrnHMdMFb/fXhbM7GayRfskzTVPmZS5NfccYwz360uUdTHyDRjmEm2+Wn0xFD1LToKbR5zQS9lIkpj4nd74QxiCtsJ61+1ZJY415TofyTQuopnB5Bebe0jUKjlgCf6asxer6DwtCrC0uPnjAbEousXuwcVPZPGGeLYTag5Fl+g2iUn47MtlkpBlFeEmFbXYxmKkQXGPWfD669PTeO2PA0Y5wXOvHefpSMgUwEHAgObFC/dqzNiK39bx0xTRVFK5q2tScZFGVTjUA37c+QGAV/ojqAQC8OoE1KgyVSPLo/Br0v arm02-builder05.arm.fedoraproject.org arm02-builder06.arm.fedoraproject.org,arm02-builder06,10.5.78.46 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVrM07SkNeuI0aZcsKVL0wnFTyPOTsBtVKa5rQvMwNpXEVamyeBHVT74tBLVSU+fUOhwEk1Z521HFJHfg/vJW4DoAGkRu66bDVUMLtFAlZIqWUeb/rA0E623NbX9Jf53DdVqLnw3fx3zBOP/AY6T2Rn9XWybd+T8DH4kk7JIRZ9nU54GsW1BU0GQvMuZcQmmOV/1EsCEZLqUhJRk3OrYmkHpsGvfcQ87nKQMe5/FLdc8ql4+096Q55Wa/MoklCYIcu4FAJFX7C5luHONH9Stz5V9EwP65GZk1k4Hej9kcls+XDGx099C9Z8shj9hJ6DBmWP8J9d69GmbZsKu3VnCcB arm02-builder06.arm.fedoraproject.org +arm02-builder07.arm.fedoraproject.org,arm02-builder07,10.5.78.47 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3KJ5XQYPIHThfGpGyjnkF5B88wtJJ7vl5J+d2ve3nwZYrwoU9c0N+AvnFBsEm9GP6YQJOOfTGPxyZnd943CJLINWfXR9VUUCG6l2yOqhHGBSvxkxKom9EIA5Fxt81oLg3UKXQfbl0Gin3dcdq5GNPG3X2VybXLZJzSb5KelE/RwRJi6hZLyVaru4oEVWjoltXte0ZPInZYTfh4xyn1ZMR1o7woM1BnLCu7tUYDFP2GXEadFl55qeeVkJP9CPfKFceXgWk3lpzNVHR3m9eujMifUQl51PFI44R0Hout2ABp5aFFb8vDxfLZsAg3i07ewHuluD0nl/oNxkjnMYYYRrb arm02-builder07.arm.fedoraproject.org arm02-builder08.arm.fedoraproject.org,arm02-builder08,10.5.78.48 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC19tAmnkscDaSUI22Qk2vuE2sz05/k158ki9OFRbOs2V3fzKw/l2EFneSa02plW5nqsEU9jU+OU4U7dDpOSe6hrOHJrOabEs3kVVV/I2R6LPKF+NmMSYs1IrnGY/F68nmNoJrKJMfe78KDafMKjR/L57+2PFaXSDcBqE+WRBuQJp1qMkXfYlLHOFXFpPfNe14C1hY2zkD4yKUSlLAZL1kXvWdDRiAI2I5kireG6We7XSqIxIsNkatD9c3r95mzHaSxfJdXiaRcNs3Z7KvtID63A3No6sm50DoaZ/ec7QZrGKnr6kH8hlZWc/MIZk/Yqn+hE9i/PR/N+Lu9nWIdSdrL arm02-builder08.arm.fedoraproject.org arm02-builder09.arm.fedoraproject.org,arm02-builder09,10.5.78.49 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9K3DwRuBmkpwvdokoaYzc0b4gZVtroiHRRxIBIClpp7Cd6Tb3WgHThZ79lrViYw4ZfLCOUA4wLmCnngzpuU+HasgwqTvvWEM7i52juU9hsOBKTOoH1/1omEzG1n7D2MW4VAbdO+X80T8itew8bXKMfsn/A/xSv9oh0b0MOLU+dfGcshYCN8TT7hIkaDpA33VHiqW4UZS8yzjFRgIz0KFXbqCEQxC5nlkSSygsNoMzsJpvu2edIUmEwlhn2T8ozK2QGa22r53FzI0HkGM2IqdZMlWSRJU9MDBnqvtdqnATRhaMjseh/rxDfjfY3imSM7zng9Aud0wBG76/qDjlxZ13 arm02-builder09.arm.fedoraproject.org arm02-builder10.arm.fedoraproject.org,arm02-builder10,10.5.78.50 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCaiE2upWuZB1BI2NUkBd2cN7k1+R98JFFIwYpnN5U5WvzfYbOQHDIePeqpFIhEdK7zzGJNWTGalzOYxpOwl3GpuuHx4xppKm8JPNWFFT8k3FSpSMw9yQ3op4sAFYYFXek0a8BfwYSj8NIvys/xtJ2QBeNOETZG3oGY5AwHGEYeYVIHEopzZ9c+tKMlBCrED8paSxnjTzq+Du6IZmgoZ1bnqcRcqro8ygJ9rqitiF28FT58iVkMQ7svp5fWkGTfblBjRZDOK+j4lo9ytAw4JBY+qXobVivMCLkW3R1vX7WT03wpuPPSNENraLr9yNvHrxOVw88LjPmGI0BVNPB2Ju/H arm02-builder10.arm.fedoraproject.org @@ -65,16 +61,15 @@ arm04-builder03.arm.fedoraproject.org,arm04-builder03,10.5.78.103 ssh-rsa AAAAB3 arm04-builder04.arm.fedoraproject.org,arm04-builder04,10.5.78.104 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8Qxz2LtIxM6skcZT2GJVEHmLGtLTDIBnHx0iZi5IRTK0ZruT73aNMGUkM04KeP4DrwenWaofnwHmSAG76Poo7pRyFYqUQOZDeoIT6kLVeGnRfiYQtuo/VTyI4VyaIJ9dpGFNdcrOps/qPc/6EWwwBPlBvv2pE/7gmy8baghv3qt7r5GLiANVGoD/VaSwoyceHysamjVc0GT3+GaqZtQmaqM5d+Fyp0vNCB9vdn4nS6dPms/qRiLks8vl1ZJ2by1HMrWKuRTtglyupMTAQaiaN9xm+PnlkZf3qmnjUL4+1O4tGch4Csgoj/DZjt3SawJDvwLHFTXLBT5S4zYFI9JS/ arm04-builder04.arm.fedoraproject.org arm04-builder05.arm.fedoraproject.org,arm04-builder05,10.5.78.105 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxR7Hylvy+DCLjjkMs4BpdHFJqvQ4l+vOqRM1ZOiKh3WIJ2o4z3lpRlKGmDsM0uLhbWIE59aLcQv4L7ygGVbukRSUDf2H2AdGrZeVN/xuHVo0SHKvQAUB8sN+atQvbkqq1vq0OJOMj+tInQyngV0x/eugznh9oa1ZAFINHMPLc7eL3pvqqAPXvbPZqv23330I5LtCt9vZy4CsGPe32ddDEZn3R+yU2y/zqvlBSrv85T7/Y5S79UHnrrif6jpLhwT8XSP//+yDX5CYpALcfQnQo6T12LmgWMlXc01A5iMA5vXF0/gTXXCl5yrs5ouXE54EUt+wgNj8MLN0dxnidudR7 arm04-builder05.arm.fedoraproject.org arm04-builder06.arm.fedoraproject.org,arm04-builder06,10.5.78.106 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDpo3KulU+i850rwfRYY/TaZf8ARAWVWJ0uqdXgCAYfb5aEwphFhjJWUho9R6DLlVtXlItk+S/VsDC2q7rcG6pSoAaOl4m5FgUfSGBohy9xA3DEXZAlqK14tCC4qMh8NkX+u/Ets7HZd5tIctUTLp5l3BX04fnMetXIAIRoQe/OE2r/IEK3TFZVnekauZBNYzIxv9HptKQAQiUjtlfOmkyB6WGIec1VIBSn/eEEP9HZQDdcFeS/aqsAFTTnzhzcrwS4REx+5gxi4YsXjUhtJtAKcUZIcJ3G2zejH5bz1pFzyekjnyOJ2ZWRPbDBNiehZCaf/1ISGNFsN4672ESQ8ePJ arm04-builder06.arm.fedoraproject.org -arm04-builder07.arm.fedoraproject.org,arm04-builder07,10.5.78.107 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDpVYZEOLHJaFf+aOPUgvArtHjiEeEVXpYfOn/7DgbZzYGrGLvGc2j88bPtKAeEF6dIE+Qog/L7GMl85jIA5Y81HTqyC3TdGSIvI3gao85n2rb46JGduxneekMELyrFZBBXFZj0SjgTTAOth3IxGrKXkgmI5OC700AJHajTlVGDV2v1MhkZmsof1X9pvciKXkvdYKUYews/VDfNW1BNoQiZg7Gzj15CkCi7VkLXOWvaMr2PdS1rJwKNi2jyHuFU2pA8E0hJusmvLjbylQ9NCkx+KPqKrvimHbGeEKmhwFHkAPcM3rloFfoXowH5jvcV0DHoao0l7SjY7zsWKOb6nMGJ arm04-builder07.arm.fedoraproject.org arm04-builder08.arm.fedoraproject.org,arm04-builder08,10.5.78.108 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzomWOY0xLbODvI/8mCqKVMu7hPPEJ58RTPWIMO09bY5KqZfrppMs0xPZiVSiCeIGpEnqqEOMOTXF/qfkpoeP6UIzpXtH4S/5xR+44CVIpjyCiX4BHbei0PGPujnZGnyv50AaDU36cTVUTGkCp0RVuxs0SQxzctboF2BW1gv76zhMmOYNn+xfQNo9Tv5lEEQ7urRlm26ymTIDoQnmx3vB/KMa8ePY0bF1RxSkJa0iJsZMqc4kLAaed91YB12R5iJjFCGn0TMlGQm6xTYJXHg9pls5vvs1UTMiadjeOzqPkayUSS5VZhfXchixKfZdb1T93uFsITkoJI31r59b+xSf7 arm04-builder08.arm.fedoraproject.org arm04-builder09.arm.fedoraproject.org,arm04-builder09,10.5.78.109 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTfz0xIfDCXlUfCjG5Q0Z4XHavoigNl420atWoJLP2UmhWwvq/OB0tPkxk/1L4c6vRQRwInqc7HZ7XVyZj+7ncOg+ct/+DOYNFBq4xfu7j5D/Ae/wxngWFNjN3NRXTaaFapvp07LqvmyxXH+Z6xAYCveIXgrMm8R8wACacd/ZAhiI+FBRWTWz6bXwG9Y6g5p7954jeWSsY+Ygk8O+eA67WuTOP/mVHxWIx1b5l2SZJSfjPak8/2cedqIc2jSLyebNGnV/nhX1EpJmef+yYudHj5yxhlTTToTEemqdfgMvE0qFr8LIg5zjRgjRJuCcXeiktjmnH2tbV//7FzuJ6CNb3 arm04-builder09.arm.fedoraproject.org -arm04-builder10.arm.fedoraproject.org,arm04-builder10,10.5.78.110 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0LiIwxY2BXcQmRQDdAJDz9/W2vweRPpk3Qr2smc8lnAre4BcHie/+9dPodZanKS6zdTEaKTFiP06An5fiW3x51gvlYa9t1N9AxzEyrK/irdv4bARoTQn0kbmRA8oMW5tl/zhCGRrJNG8kMDzsonbAN9NXOREjksY9tbdtRq2JU7kXjyfmLoycc9cWOXiF/uuWXgcUokloKU4ccEe0qYNTsvLyHnEXK+4Qj7b7+54cTNW20wyc0hKijMpaitSimMDYoiZ+P5XBmKMcpaUHDZogS3Tq/e0k2v7tr+A6nbr8n/DbV31GFWtRafvIfhPSR27cPcHxVWvIGF5So/VJQRCj arm04-builder10.arm.fedoraproject.org arm04-builder11.arm.fedoraproject.org,arm04-builder11,10.5.78.111 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHB1kBSUV74WkoksqW5wfCeUdjNugWPYHCUSr1fcZ59X/841uJjffzinryFg2GqWHXPF+3WIBw7gW3kitW+2cNuA8xa4Js6rRhRezMS0zjYNgqm6tkf+hqURzi0xsWEc4DmOz4DmwBj9xJRRXEDiWnoRJ1coHA3Vd1cdJlRO207Rx1Z4G5fbdTbxkI3lK8TEYDqNji99ZkpECoq5V8Z5YjAU8lwdeuTiWaxG2CV7mq2sezx+6Xpfw9VBP2YRUamuJib0Jz9yx6ukSMu/4kOjc1D/UDyU4Ek+6R+6ETfqCyJL3pbaW7KqHytTa7wyDVU3QRXzSfDLKHdBCJMg9kiNrF arm04-builder11.arm.fedoraproject.org arm04-builder12.arm.fedoraproject.org,arm04-builder12,10.5.78.112 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCfbyD8kXbNnKGV9moQCd0wrgRAxxOu9QPnds6yuItBrd/MVWna7XGvZ8gzShs6IdHJKcPGEBl4MMtlSBdx/CCVDBAwxOrU8yFeppcAcOsJMP4loMFnDa9zydoAosnGQCnuJzHDu33GJ7xHpGWSS418moF4EtHuunNHcOXE2oFvEWUBIhF5dcNrD2J2h/t9luBVgL6J0emViPz8ioIh8j6DPPiB0TcKlP04WioS60VyjjURbydZd1I+XJQpzU4+hrqteuEId5xtM4GgPbS0ahv3TVl5x0x2IOaOxg2aXXefndA/WsG5u8iFp5EhlajefFL3Nhe7CFd/+ii+o1rmSNDP arm04-builder12.arm.fedoraproject.org arm04-builder13.arm.fedoraproject.org,arm04-builder13,10.5.78.113 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/4pGS6k9VUZlQ3xSZ0giFoMEuVDp7GeWwEsasY1LxdFWz5zeN7p9Z9Gr2WKb24D91RXpSxGAWS3kv8TRpC2PUPIkbypVFiEQCUVQLIlM/0UyD7oibwTx51e5mGgGmgTykHnRJSleY+hBdwou82OHWIxSPxk1Hfvi04/sbJ5awn1wquv2JQ0zqaMjSDG3Pn535PuBUKEYgWQpothe0fhoDB9jBpWsvS30f/Z1IjQB6woWNnjilypGjnYgV4KXjH8xsZ1SR3WG77hx3TxcBkPLq58pqcoL+99nvAuX/5YavxiaUfQ/onwxa4IBu3msWu9OjaUQL9NbSGkoif0Bvm5Wb arm04-builder13.arm.fedoraproject.org arm04-builder14.arm.fedoraproject.org,arm04-builder14,10.5.78.114 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVR1hImliBFZGj/q8siqX0WVsuLFx9NWKGawuHwE5UBAG03Ilxss460ed+VCioQAC2mWMQd5iV5H9ICsigpr5Y5tzxV8j9rn1S3FeioMBI4L29rm9MUbr0sJxz9QvVmj1dzXqPc4W9Ik2iSRphTSAfgy8lUV/W2FRrnSRdsrHGxc7nAtYoWcbj7lMGt+dMw6DuqxLZLlucNw/20sPmQDPpgYWCunk4i7GrYHlLU7lHAktL2ltxW14OdSptktpTPfjz4vnoG8FR0f2rOTw7E6nxt/uStuQXg+/yTfYCVVA0AuQcEAO2wSaUloISMH1yMyj6cbZ0HPjqckQCEIjO/VER arm04-builder14.arm.fedoraproject.org arm04-builder15.arm.fedoraproject.org,arm04-builder15,10.5.78.115 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXMR0zi6ixpC3600pzL725zi9WltAbO4vVDdksWKmwf2HpC9hmksuDCnzN0GvTD4F3HHfZ7cu0xqAdNSNljhIdaMcIGXlnhSgVaNtCOjCzbCCp9SQy0sU3zj6RsCfDqOXWQ29JAistypKXyOanfc9fNBk/RFySxFsMzsPWjECwSTnFAWQAcEI2NYLv4BDseHNaX3BexaDPRC9PkMaybitr9MBjKtco2/H4m5btzRr4UATN2YuSvMrbLim5086FPOvjX54AByoN1Wpz9CGK2z4mzLgb5bRMKPc3gVlYP34vV8JnwYIDlChw6a2doe5rNk+IKIX8YCOa8Nfb68Qcd9MD arm04-builder15.arm.fedoraproject.org arm04-builder16.arm.fedoraproject.org,arm04-builder16,10.5.78.116 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6sCF3HGWynLv+YaKUTFLFDIzkvy+YQFGbS8OJVszXY9iO5NRCOqr4gZ/z0DYwzjociaPgnREXysM/tRz0YT+7ML1jQUgetC+R66LPfGD3WSdNkzd066/PmjeVsvKy6eVvGey8Y0X1RTpAupQbP27SnZ3rT0I5LwR47PXR21csFb4ZkRlH9ZfoyODVJZUxuKen9KYEVQqPWkmxM9MpiiivIqCN1FpbfR71rYURuZLwhLy7griz60W5Rcc7yAwZJ5hHUwfut03MHpxsB13d7nKbyikc8Cr33wRpOv1vchctP5tGqWBvqmwAXg0FqHJ8nd1tyssQMqeboXx3+vcMXgpV arm04-builder16.arm.fedoraproject.org +arm04-builder17.arm.fedoraproject.org,arm04-builder17,10.5.78.117 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCn+xFadkFMCzKNy9uU6P+USfnLTrqxfU/YiVyvUfppd8rPo2bIbN6OQJFA4N1tcJG87iSzmOeAfKZI5Ld/El31PlhpvCxb7zN4xTAgPFPPKhXLepru094U864bU2iPWDU5Yd8ziJ85h1NLT3cZ0nFFSZ5UMFjf/7Ox2jYlcO/KWGtwJlvtgBvQ+kJxSo94sZs1xu48mVvaJj+7YaOOr9CY3XjH56YwZPkD1hbpMa9as3ls8oQFaX4t8/Kn+/DgQbXXJH570EvNxOEwO6FAAB+d4Btx/jNXuR4pznYqTL9rNfTIibfn72tt0zLRTkan/UA0R0gDE0O43bfxALP4cO0X arm04-builder17.arm.fedoraproject.org arm04-builder18.arm.fedoraproject.org,arm04-builder18,10.5.78.118 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDkCu5M471wEaMHOyihrJFWVn2HF7CA7XXoryliNhMPiZ7cn00IohzGKnRJBxUdZRZ4x0A7FMPj7+ddAgiP2glV/XkNxaQ/mu15ZZCqxFSdn2LCC+hDSHpGVqavgJP2NN4LvwmdfH4ELS004vq0jPkGsJdNsQtqmQu4aMOhYGGAjQC1slCqIKO2lzr2zlQJItsHY8D8fUFqV1Sutct5lKyWNP6pH6ki3ns7nx/16gAFtAem/onb1WL9XOny6gY0acamj+S9tZDic3wfYlmATSYmJF7vEt1oG+HS3CdADc+0bNBxFaldxlFD0RCj7hwoxDvq5rMzseJJXXuOJ6NKu4Cx arm04-builder18.arm.fedoraproject.org arm04-builder19.arm.fedoraproject.org,arm04-builder19,10.5.78.119 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC38ZG46gPjDhNwvdWkgwjnR+RkLcRbv5imdZLlA4jibXklZP+Ddc5b0SXeVI1cn1YJhJIsBq+w7XwWvs7w78Low4gXRpAINSKyTSu62L122G9ICb6FJw5qvDptaQ4KfBCV0O72FLJeZk8sfudCkJT7rpvDotcEyZ8nj3IGXpRcxIRD869LkBLjsFf3ZSMgAFnzlSwvPF9gK+JOr7KK/UGr1qZBbO/GLVCLntKbTjsDh1dgKQFzqvwBCh/ZkpLtPXFn5HQxZY4S5M5IXnqYxPA6A8b2rQkFhhTWtWTqVXVe0Oovs0ap2ycXiE2UXHfW1Q1+k8kOWvU1EWMVEu4C/anl arm04-builder19.arm.fedoraproject.org arm04-builder20.arm.fedoraproject.org,arm04-builder20,10.5.78.120 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVDqAEpX6gxY7nd/YcVjeV9zzZBdOV8bkch1cPcIu5ARr5863KnxRxASG7S0rzTydwpJQqKNIUIdveiyQvnn7jxnT0O/iG02B8pwa4uhaTA2NjqGIVw6RxHDvgwYvrWaOyWk/iXlOjk4vsiFyEL/kOcrtLTiaa56fFLiQZloy0aoIcg6Md/gChkCh8FrLAQtTFqQLidGKI4XNlhHnUFDkvU+KWiOc7V0IFiQfsVwfciROXHPsUT1zwvS2tVx7dIOUbjBhaIXs/qfaJekTxSr7cWnmP69CcN7wCFOqBDzUjJQhcVAJ8keB2npNkX640hfZIWIUPmcPmZ2VevJ7ZMJI3 arm04-builder20.arm.fedoraproject.org @@ -102,6 +97,8 @@ badges-backend01.stg.phx2.fedoraproject.org,badges-backend01.stg,10.5.126.68 ssh badges-web01.phx2.fedoraproject.org,badges-web01,10.5.126.101,192.168.1.109 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBezF1ZbFlcQd9dPJexUK1phr8wfD3RenN0MnCZmXfCScW953bwnlVoDy4ypueF6Ue+4neZXKmw+9tbN6O1WM+1sTErQ0Hs7OTmhcGMYwvrmcOK25KelUzqL6DcpA33OZi6FJcJVT++pT0XywL1K3/KExcX6lfQyKfykAqofYUbTsoucW2qmYGWic7LBqyaGdUJRTD7JUlzpIBzWrnGGopnTNYIUfne5/HwI2vLFhPUhEymjwRti3OY0lcmUlxN1V6R1b08Qyn4ce8nNvqeon8c+Kv/R3+cXi+2rPGVkmx52wvF9JNagYFgMnwiWxan1b78nOFoAysVHqLOVTL9f4j badges-web01.phx2.fedoraproject.org badges-web01.stg.phx2.fedoraproject.org,badges-web01.stg,10.5.126.69 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDhZxcbFvC9Hr6URul0rrenBvZZXpYf7yRSc9ZkoZWifUt+6HxYmoqC3ncQQ7fVaewSGCjNyTWUomEmirpuFr6W2g2ydbAnPOUlAosPtoppWd4ixNcRJRNUYCwDV4/qXfBcT1rQB4EI/cQve/EdvXBk8IyBu6OW7mH9uC4qQ+vict9Nl5Tm6N9rOsnt4fCTYCgW9szOE+DEtOs085CeEdkce9IAMRxLWvJNqYPflzHDXfo3Aym5sFbDx+fDQjOaFC6no11v8IlXSwijZVGZEygT1qyA7TIj0s6tdGBxHjM4ptuEt/tcfLbxFEV1kuI1sueCEGkzKAIRleYJ06TR8HE3 badges-web01.stg.phx2.fedoraproject.org badges-web02.phx2.fedoraproject.org,badges-web02,10.5.126.102,192.168.1.110 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSoW4wgxQ/aj7josGFqZ6Iuu+CjjOxv/p9zhiP7zbWLAYHb1h+s0gp45QFnydzeH2rkBrM/P67h6CX3Jb0tc1zqdN62UaQ0rGRxoUPK7EdYAKP9BBlGz83xaLM7qqGCxotlYevtvB8REKn58aMRxvVmqdLn6LQp2ejw4JokouhpqqVq3GC1FfigCqAExkuk0aoBW0ZTFseRf3QVbgEihw18Vf1mKjkYyuQ6U+QaCfMBQfpNDxy77zmHzHriFQUQ7juQDQTOzFVnZVzqjymyHcDAV/Bp74lzEXIkp0tdUFLzqq2TcSn+kKiN5aHJxEJdEVAhUFtM5tTHVr5VlVmulEt badges-web02.phx2.fedoraproject.org +basset01.phx2.fedoraproject.org,basset01,10.5.126.194 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9Wk+WDHiaXgQ1psmxTenYzU8hyhxHGT3YJDyjsIarQJ2WZB0kgawr+dhDKpGXosGLf02qhkJ9+wevD4fJEHQUHQQabgAIXxeoabSf791umOaAd84nJ7n/UVgniYR7ZrmNIbd3VvmGsS5u2KpubB6Grj58x4+Bj7/XoI/jbSuP+LcpY0GFkWIyoNeMeJS+9zCT/qVetg4Cb8UPfYdL383X9BD0hT8pKYxR3nM6+UN+pTGsKqLE9N3B3Ale07sLOSI46QZo40mLtWjxg89Jx2HeWEBph3d76A5ZIzjmgcrhuu9J74+2W0hrVVMwCveX0M6JM49maGzsAe7angPlpTBb basset01.phx2.fedoraproject.org +basset01.stg.phx2.fedoraproject.org,basset01.stg,10.5.126.138 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4M+FCL3iWIvwPmSsDjCJ57LbtrNFsCeqMJcBUi6WEoyCSdLds69TdyrpMMnhV66wFrQXiDraZhKOE2XiXCuxhS17GtFCL+cg8b9TRnT7Bq6ku/K7OHEraAEIfPuRvnj6F7U8TAhH2TVLh99/Gk40PbI/nBH8ekpn+uqPFxDIEo/EBJfbg6mtq42IllKadIh3snC+33aY+PTb/6Q32wgRCmbqFPaHmeDjnuEGkSkNg8QY/3u9WUMO5DJ8FSXKgXwn0NBWlDmjYqt0++Rh7MBNoDBlMbG8J+k5jey5/mnPnn8egQY1gU8hn72jM/eAXtIrw7heA9+9Dx4sqW7mRG6bZ basset01.stg.phx2.fedoraproject.org bastion-comm01.qa.fedoraproject.org,bastion-comm01,10.5.124.132 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDAfsgo9+nc69rbmzxjDq4dSgWYrPSAKZ3xkr0rMsBFwiwjPOmY17DBQsdxMLabp7n4wq21xexh0KJyacvOnnQllfFv3zWoY7faLfa5n1HdSQJ9U+udBwIaNH0mI3FnUqnNheAlbHTji/F0IabIEjkOF4Z0+DRJ3QizZDRV3ctzvs6l0DheIzoHk76ciecPhXexzDFd+IrDYdOi5Vvrl36D/YOxLtAk+tgCTy4Wxa+iwoTOxPVripzj1BSofsTdua5AgCrdHE6Ah0ZXHk8UTV9YQXY0OGS18IIaRzmjYCwycvpOsXgR+5GRVOAMrXbKJCjYML8fGmJaWVaUGvsMdvB bastion-comm01.qa.fedoraproject.org bastion01.phx2.fedoraproject.org,bastion01,bastion.fedoraproject.org,10.5.126.12,192.168.0.1 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHDhmuq08Svb9WIi21ZvaEmBdkEffMs/qO+eorxWmR6A0WTqDcvTME6X7W9ZR2AaFARWcI5B+cl4TgKAIK4i/kalpqeLKCT7kcp9hXsnJ8EKlzflm3jk5KcjLXtCqOrIj1RBvz+XmS28pJBlenR7gwX7cDGPbabtXZ/bn3KXmr3xTtcvxCavjA1slZwkvebtu1R96NIddcpNWZwnuJKcpa8l52As2P9hdZvws/HZokro1TpPIAdMVFwi43pvo6QSr8GhytAidPM6kGE+hE3NbcESgEO3tUGskfq+WEti6gK85WBEPUP/XbyjIGdh1t9PCKcQHmZxxsmCu/zjZlLORf bastion01.phx2.fedoraproject.org bastion02.phx2.fedoraproject.org,bastion02,bastion.fedoraproject.org,10.5.126.11 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4UNZ66y1/E8ewnQQBjbESxdR8XXJu9sYdqVynqCnDTK5DJwWiSLShtsRjtlaNsZKoJf4IbvY0F8a2fAVHxzAjQlNCwzMMAkZ29uK5gkZyI5ir+AeX7xCwx0zzRq1ig/Uxv5NNmrcuSLz6eOnzO9PDEl+MxeKj6WSnuQ8KIsagfy7KctmvGzI6+QXR3cQ3QFN6JO5Ehwe+/r3dV06pAJRGG1S7C3pkTJOldvjqDjAJRAFHkqUvuntR0cvA/d0VnUR6RCNinL+rrFLsARbYPZNkv7JWiO5+vTCO/qtbS6b26QSEL2M7Hyaf4Zb+YZ0kY2jOfZkcg0asLvZDATJTF8lF bastion02.phx2.fedoraproject.org @@ -130,6 +127,7 @@ buildhw-02.phx2.fedoraproject.org,buildhw-02,10.5.125.93 ssh-rsa AAAAB3NzaC1yc2E buildhw-03.phx2.fedoraproject.org,buildhw-03,10.5.125.97 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGVRI02DTtivc7IOyEEOKhgwA9dsULvyft3AJrjF66MIh+8GtTgJwsBBra5Ul4eShbuavFTuB5V91KI34CU3YfF1TXCWzwCxBPRa844AOqkkUnJg1vVUIgf4728tvJnv5wm4piVSwjkCnK0wMxrw1y+FJJAMav9j16DMzzm7Ki4JmMBF5ng3ebzhWW4cf+2fMU4Ccp6AIvueR9pRjv6KVnJayJ0n813lSQLt6jo6jAp7Y306Sevz7cpaYQDySpprk47nqeza0vSpNCdxC5xQzzY7TkSl+DR51s1zH4IHqwOBJhfMcbDK3F5A2GYCuHaz9WtMHKR9+v4olvOkCOPwaB buildhw-03.phx2.fedoraproject.org buildhw-04.phx2.fedoraproject.org,buildhw-04,10.5.125.95 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClMJyy9K89GDmbA+Gj2S3qxePw4UmOPbfdo/3F51mg+AnslG4cVqZZorCvukyjtcmRiCAjTsrF+P0236pE9vm0/lvWJcom8cKGRWnTA3dRPRWZp6TGsVYArI4W5OMMlGx/ilWH3IcjLo2EklIVd25gBHCswLehkBTPUWKdJmSWhfbgj+MpAfl45EKcAeZdVuP9wiOK5OJofuZr3ovRTqTso6vkX9U8GuMAjlBkGPOkd2Xh9uvu9LX5pRm74m+oIkv0X/WDxZFyidmHqVwA97B9g48IfqMaiE8fR9zuFHagfZaJweXYs6J973tlCdVhGwouaqtMhb9q3430bl0mR8QZ buildhw-04.phx2.fedoraproject.org buildhw-05.phx2.fedoraproject.org,buildhw-05,10.5.125.96 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQChxQszW+gyJpLXOISGGAs5bS8UxrqZB2Y2IyhWkqyBGoqqMcluT9BRO08CWrSKn3YMZdSiF4DtokPQ/cl9LJa36b0VOXVUf8ckWkKlcFBjWUOxt+ywMM81d+IvTXNWceKbeRj05nwvKRwM1Jv8m566Xni6y8761d3ygQW6x07jfiota8FaGOFKQJQnBo/5hXU4Zj0SacC9lO/n3uEdjc9mMwWXJgRUqDj0kp7ja3xaxhlg+hE2e0Icjc/2IkcMPD0gS9v7nE321E24MgvOsoHD4KKB3Y7l/SBi1r9LBzxFLnfgEO2Od1jihUxL1sXiXRocYzQY3vWc7O8c/99S1vy5 buildhw-05.phx2.fedoraproject.org +buildhw-06.phx2.fedoraproject.org,buildhw-06,10.5.125.114 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCrE5BWp9WcLPfOPcqDvCZFA8LQW6sb1Jdy9HjpiiasHgCRfx44B2KE+HKGeGOlyVyM+erzB46HJjmcZbODX/VO32Hpq7bSo6rIruGaA96dRb4pt3D4j6+l/FwX01W8QHrLn5kIeychpt9ixw8o9NnLCVQg6I0EXRLa0W4ZF9+RwgemQAK+jD7AODgQl3WNfNPqc2f2pHB+jfoVps75MDBXgPlaZubFfSwtG5lfOzJBCa95Zp20/q2qtl/5hbix9Ea3KFa32dqLUn2L/csPH3DKMCTV3RcMe0jeSqHwlVTHKARtQW9ZpC3A+TdwcRmkmqKvzMTOXW9bWU2NAwtwbwYT buildhw-06.phx2.fedoraproject.org buildhw-07.phx2.fedoraproject.org,buildhw-07,10.5.125.115 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0hSFITKxiksyeb9XkPjZjCJ36Bovd4Ta04bcX8TKyi+SRijaPmcXkx6zHjecjPaBIz9lMwtyVQcNyQ9OlT89GdeDluAP+SgXBh8Iw1+xJgbV+f7/i1svEpjtxY5icMJqvXvXylm3Chg7gChqGwzTNMWx+Nucb4vU5yIaXDPRJgM27BS97SMpBy1MZMKS5rKm3TYtdm+5Rx393CUTtCMfbbh1RAijmISFnNkZtbI/WE0u2QM8eR7TSGivoeiNAuHLNBshLlOwXAlPZnVrwYDv1K1MGiBwp1PIv2ULZV3yPPWpN5aY1j+3/Um19XRRCKpwcmJPXiFGK1e+4OVB+vfkN buildhw-07.phx2.fedoraproject.org buildhw-08.phx2.fedoraproject.org,buildhw-08,10.5.125.129 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWaJR7SMZ5ZqOYwnqVn0UUC2i5GTRLp1BU2Sm72vThvYCHrk9QMFLrEPon256ibMUKNsVjLq7IAMe88wMRNbGSsbmyDuccZjgrLV83++LlU3tP729QmXpZbQofeD92xSeLHAUARaAlcGz/P0+TUfbOarQ79fJnltZm1GNasEPvWL5SkiuUrVRMMEUMg7GmZXzBSnwp94AxA6DXJKW5V27gwPlnd2tXFVTw4dXSZFBdnw/DQuY18+STr9rbOkWREMuTIBoVxQ7HeD+APFJBf7Bqt6SMe7Z9Tk7dUUrBd+FLKn1IfnTA8DB7nv7PgHRobxsy2ksSUEgsblSqR1s0YqJ3 buildhw-08.phx2.fedoraproject.org buildhw-09.phx2.fedoraproject.org,buildhw-09,10.5.125.130 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC86NqYm3us5R0NeMhAdHAHDvFQc6IvkXJpEvUKFzdFYYK4cy55Aaebq623JTHduJzUtoxTM4WqOfD6qBjU6Xb1H3YL1DIgHnAT6jiPL9YcOFv3yxs6w2wgaav2f4t56G3gCW6b9+AH8q8Gs73/Fy3sJ2HCh7QbN6eCi6ezvaiKK8/5d7aCwgyBk0X/05ypXf4b8GpjlA8jU0QT8conAvomViRcztuEwcxi7L7a31lEO/BXnzCM1C2+JV7zMNveSBNw2CqwZvNt8PTBhXyftmD/2imId4QctV7FxGq4FOhzOHwjT5ptmY7U1rR/hJpSMtDiELTqj1F1O3ULKCyiEfEJ buildhw-09.phx2.fedoraproject.org @@ -169,12 +167,14 @@ buildvm-24.phx2.fedoraproject.org,buildvm-24,10.5.125.147 ssh-rsa AAAAB3NzaC1yc2 buildvm-25.phx2.fedoraproject.org,buildvm-25,10.5.125.148 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxeERo+egC2fIxz9U6dJ++D2ts+otL9gWPcI+bSd/y8HOdFtVu+IYHMvxCwKqtA7TZ+W73nI0yGucUXpH8+Tht5dQpP7J/mGotTKOWGZZaRrxAUWcrk69KMz6guNnzwAH4jnsroHexLXHkP57n+vvEIpFYGhqRB2p08MO9hfuBAhGIh6fdGh2n3ilaABJH5WWiyRr+1Y9QdakCqvKMZB6+ja8xIH1Rs84ymQ4ZsmNUHnA9EjOUdKO0Lrq1+1AwP0sIZKB4oepqhJIl1wZ1LCBx4l1svT6cp9TUsF8Pc/ja6/CNE0HWKp1uAFSRv1M+XX8LZILSAncjOUyC7wGrbrkB buildvm-25.phx2.fedoraproject.org buildvm-26.phx2.fedoraproject.org,buildvm-26,10.5.125.149 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHtlYw86ay0Jc6LyW6RcEp0qkruESu+8GU9Mqmdv/AgpaDtGepHuTpoq+OxlOThjPnNpPj/AlwO0sPKMFEwtuMybCmw+50Ik4px8KHoVtWy0MPY1Zr6nkcdrJWWylDsKoLB0BfnVZic1eeFZJRFTWCnrxe17U7RuovUNhABoRrwQ6yoxe4K3GA8NjBtQPvY5x2RnDfTZx8GHIQHAjmdoooZAxWga5vfH+Q7dOx8OuBTE/UWiGmHN+XTAmMn8QN74DQ4+8YFoZkrrhjyKwkfvQPPZL44K4AO8fmMvRQrUrIuisAVTHKklbRrOKiT+pALLpqQ6E0DwfMBYYgkZjS8xV9 buildvm-26.phx2.fedoraproject.org buildvm-27.phx2.fedoraproject.org,buildvm-27-nfs.phx2.fedoraproject.org,buildvm-27-nfs,10.5.125.150 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyouW2TM8jE84NgyA179T0QA7S7JiZ5CX5vwVSaee9+PO5HDF9bzPYkMDWoQrsD25jjbJjYjWGrkJqRVVl3zt99JglnWaLlHa9Q0Wieem8io0XpWWeOZtFdME+lYQxH2JXULvqgUyIUbYWnuDt0fIbBf5/Pn7cFbhXkJfqsPYybitVLk8mTi1kdSVZ0OD3sm8hXCsapg9cqo2HwCkbbA7pwVHxQnErVw6EZa3T7iMlbM1iuoyFLlMYZaGU0eCRCw5ezsBr6XOhrJYnjnwt/qyU5ugbmyJNpMugGfTFEo4wh9N08Fi7M3V25bjx9g8Tzkeqda0KKxXznJovqrl1MdjP buildvm-27.phx2.fedoraproject.org +buildvm-ppc64-01.ppc.fedoraproject.org,buildvm-ppc64-01,10.5.129.64 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVPOs7P3ylmezhT6jwCE2n8cz4gXlC1cczVj1yobc2dHYDe2TQ3tLndofI4WPt8FXlghFZPEyZ4cewxkUc3x3USlNJwFysNXDLj6f53WnePc/B9QYAVDEK1p2Gw7Uw4pjlgdNC4uCvSr5z/1V9WBUJ2c4YHDQVEKY/qMl8k4XAMpGrvpV/RWtN1CwLMKO8vkKOZf4QFgTKxkAIEiiz1c/l3uwuRIO2PsimLV9ZxKF9SKny3m14ay0cioHzZIffu9BYX9DTLbz9BhzUjATPM75FKpOBKSW4vQ3/LRt6NMdp4Q5oZ1kdYxdYwo3NLdPzNvcxYieNhI/VSF55qzbWWuTL buildvm-ppc64-01.ppc.fedoraproject.org buildvm-ppc64-02.qa.fedoraproject.org,buildvm-ppc64-02,10.5.124.225 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+klFYiDVNaLIezpBcnuDWb58QdwxYA93vEguChfDM26SiJ9yKDsknkSl37aySripKY8eHJ6BCPFNQlhpW4XZyuQTR+5OH0RzPNr0bbQt/o6ZjEYdjQo+o6bqNdALR9RVwoW6PYgc3KtDW+BkzyoYo1snZBdxt1XnKLNuQAdQTagCR0US6Lry8ff9D+JB0jWslN2WjQLCX+b5Uirfz7E7NmLyqc5zNgljFNYrENBgrVzeqcK89A7uua+5PTkONdfThh6go9YIz6FsIsqdqcvN3pkuW0O7EgITbM0ejTXuS/j5dg+xemwXPAdKcE8DxR3OuFJiaqhq8kRK2Y3VHFllx buildvm-ppc64-02.qa.fedoraproject.org buildvm-ppc64-03.qa.fedoraproject.org,buildvm-ppc64-03,10.5.124.201 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxFnxjLskIyOGuY/ipbpFsmcvmhpderS49WyN5IAHkpw8CGVYxNjHswYb8AA/5yKoIKRfDj6T2dIPfoX4pfzajeKWQo0GZdIxiEkoObMx0Y4kGJV63JV/UDQtnOKrbEoYz9FYYCqYg3dmfJXILxyKK2QIp9pG6m2jo+jFCpl4YczffMNaVLGAXkMr6gEo4WMRns+AAfvfhqme1TTpeUMNwrauRbliuDXku+m+Zx2QyVSRGzZs9504ivs2WETNOri0brXXx2xTsElir2iVl2nyth3TI/wbcJBNbVWup7p+y+TbPAQsbP3sYqxqEELDOfFwdprtMhkXJf0NHqnwkhuF3 buildvm-ppc64-03.qa.fedoraproject.org buildvm-ppc64-04.qa.fedoraproject.org,buildvm-ppc64-04,10.5.124.235 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCWKkM6EeA3O7Z2YddqJCp12DFkFK2FxNDPk1x8ee0PdKjtODpi4RpZMpudvSxG6qYlhHisJ+SC7pW9ly/46IA3IrCGciz6BytLoF9gAWsUMs5j1DcTByRAy1DyweSnF3DSxuzBexGcfur6f3LnIdnKxZgJrnB9G7PZwF8np+IpyqV1vep+1Pj6t3DcftBIW8UaTdZx6b5VC7J0hkuaubZOGYnnyDZPsaLwzwIz5YG3Kud2AaMnSys5533eckAqkLTXyUjCFxDBVqS5S/QFup05yx0Y4qdqTvhqi9FzdOhuf5jYykM7S5oyFTTSYqQh7aLHOBN+f7Ih8QpZJqcT3aD9 buildvm-ppc64-04.qa.fedoraproject.org buildvm-ppc64-06.qa.fedoraproject.org,buildvm-ppc64-06,10.5.124.226 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM7DNrDqcLGjy02hU7d7VdGI+oO5NjRfdEjRIicpBvMTCGSzStftzbDKq5ONGw8c0gS5p9/jBSIeaCrVgbjIZTx+uynFQRQsjfKt6gujiA16J+80sVcH1dUY04dlA3oHgXyEPxDe+Qxv34eBihbIuGxWKopQRN0OEugxkUcLptbCqf+YvbFPGEE8NNTIeEtT4XttJAKj+Ls/0AJh/GcuPUuaEW09KGNQ+ftyL3jXE5wR30MBFNusrP8bmyn3TgXoCl+P0+i1wsClxymP5h4sm5MXknL4rWacoUzmVY6wRjCOuBiTf9S7DBkKOFd1DERn/uwjTKT6jzWRhKE55bfA5N buildvm-ppc64-06.qa.fedoraproject.org buildvm-ppc64-07.qa.fedoraproject.org,buildvm-ppc64-07,10.5.124.142 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUJhDZielkmQY92hfBmIrsu5Kuvn6P7UeSomxDtLxpcsLztBdyFBD43O4s42LejgZA1QvGFmxDQ55etVEjgpvOqSZL9Znv4IznSE3RV9XjGilYc4L+vy3yb61+GMyzoNlhGwodjnevAW49EOkVPFj6SBEUqj7RanBYwzKAj37TndDhpw/Hh+PAWyz2byX5pFWcYUVZjSm22Lb9KmroONO10Eli8xNldaSSvW3b5N8PzA6eWWSrb+9pbSzSAa51X+687dzqhszSd04cRpz68MwMubw59XK6wYEbxLrRIvAZ6XGYR4zuFzmjSK1IeXHX6ot1DjXPNJpEvwsKvchs9r/t buildvm-ppc64-07.qa.fedoraproject.org buildvm-ppc64-08.qa.fedoraproject.org,buildvm-ppc64-08,10.5.124.133 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA8gk+GtRWy9L6geLT0fpYFzyKKwB/1Zl2f42bOoisoediZ6/Xa0MueMQOkOjkRnKNBvWyF5VwFgIDxw4QFJymw+8oHwCksHwOk4sNkgce7Q/Et3dLDgftMivZMNe0yaUq+qpezkj73wOxXP4LRT1to57axRn5IBT3xrowxj2BXLR5Cwu5k6yLufq/PCUT2LFD/Qr6q/ADtqxhxzAV2IZ2NYwjnQ8Ri0dop5DGLGC6TkGWTfscJ8D8+6BdhGdd1ORmGw6zWAy/9WhXgKDOwYwbgOkdOZf6OOXpetFANCrvdlOWspbPuG/iEa6acwhyNgPp85KO/l5v5LjhJC8naJSz buildvm-ppc64-08.qa.fedoraproject.org +buildvm-ppc64le-01.ppc.fedoraproject.org,buildvm-ppc64le-01,10.5.129.65 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGnv+4pIGaiLW1yJn66tlYizK5JXy5P3b8/O7bs+VRWHghua+sLmnfMxXoLc5s8lyPfnOkKmuoUfmdNGyT96I9u5LiRPe07WEIKQYsO47Nd0h4v1ecrlQq/9b5ce1WJSyBKfiuX2rc38jX4CvUqx/z6t+1cTg4PuJizQYMBddSPX4F66mYgBxseQGmVHVPEXmRgEh7JB0L/yhow0YEH2UjyTWUaCKlgslH/yRY4f7hN97RO51KUL3s305AnUg3D7oiz9r6GNld9djXey+uUDCVlm7SedEHE/sUYOMSWtX4KuX51de0ocR2G/0stgKsKT0Fgg7dlya034wxLuSbVHYx buildvm-ppc64le-01.ppc.fedoraproject.org buildvm-ppc64le-02.qa.fedoraproject.org,buildvm-ppc64le-02,10.5.124.227 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3zK2de8UVcpHjgPX1os65s1bUUu1MOKojqFKL2UP4cu6TED027biQLsC8I5UNuWxugHxKmeYkcv/6kaO6SkNWLumNakv1SGYYHi78E3HwKv14XmCuJ91xUTJzyRnCSd+zMD7wJwAIWhDevarUWmSmI5wTz/ZkWZgdAJ6Q6GZBQUe+7JBnWjXPpzL8xgmQabMDsunEcDRiJCdZcZQM+5RJbn/+duNCfDq6sHvHgbnr3X8kAbq4M7ha5Xz6eOK9X5qPrEauYVnWntRKxW7wWSg8+15nR6Sb+lDqINMW9zJYly4jBd1k7h6h2fsCNkqZVkUoZE36kGtrIn5V3LpPg6H1 buildvm-ppc64le-02.qa.fedoraproject.org buildvm-ppc64le-03.qa.fedoraproject.org,buildvm-ppc64le-03,10.5.124.216 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC13HqrZdHWPpW9/BrZYmeuL/16aMPG5f522IGScaTVTvBWFKbzz6iHvVO0Ch9X9BXOeDea307Irnd/Zph9Xq2Zulij+r7Wsh9ksq0KKGYt6RC4u+tuXf7Lrmst/tBX/ziLmb07a7st3BPk0GVCzLElMOdYbLUtiGtKnA3q+76KKu3dMYZx/zTVb+qSd9sRMwD6qa+BFlOVTSC0AId3w6kA28rD//0LI6BHRxLVztCTllb5eylJDn17B/2FzW0XMoIsB/qrKH/Od3lTAZKurEbwRrb+ecX2pTk9b6G5URYKdwlQbNsaMTvdjF44niJith7bpH41By0PWJcUJYk7PVA/ buildvm-ppc64le-03.qa.fedoraproject.org buildvm-ppc64le-04.qa.fedoraproject.org,buildvm-ppc64le-04,10.5.124.223 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVl9CSnF27aysQhH05Wk8u6dCpCb+saBogQ+oMk55v4FxzLucT/cdj/Z0A1TQttjX3jJXRn4YUEwVaq+w2OAOsMXhDmDBWk2N2Ljvit/e3iWNhazxvGW0ysbV6ov09riY8H3xyAJxcFry9QVfrT8epMwneMTi4jupUTE1BQTEYFMmkaNAQUk0yO32IIWXMqBkWE2D6AnzUEWv7R1TanyKaDoPDOAHm3nMjo9/Xv6SzHvnsS7cLzbMG7uwifpvQVbCw2DVYdi5wYTL2tKZzCMkl4psYekH61riVDxxstghMhj3p6M8Zml5e7OwVeY1P1+6gAWmOt97HJsphMltfc9BN buildvm-ppc64le-04.qa.fedoraproject.org @@ -197,12 +197,13 @@ collab03.fedoraproject.org,collab03,140.211.169.198,192.168.1.70 ssh-rsa AAAAB3N coloamer01.fedoraproject.org,coloamer01,67.203.2.66,2607:f188::21e:c9ff:fe42:836d,192.168.1.89 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzMY93iyU+7wDTeYj3Uek+2q0MsBXg4fWxy8Q3roGEn0Hn7GJC1vuH3F1zUbvAAKavKwr9z/e4PrEhdYjfA5/2hZb81f0iuVMqM816fY3CfreopY3fGvWT/ctTS/45cSNrjIKP8f/B6R9cudObDCOsFHTfNwLWPDIwXD0r30veFWv4zBX6CW1ItQIos2S1OykX7T1dEAf1bpB/IkpprkZzqbqnftWB//9xi/dWYM/Phs4QtFZoTTiRU/Y4vg/mXI1jbYTBt9koMCXUPnttGf8rM3bKpcil2HMW8Oz2j00jsMhLQ6IvLvZ+zd1yt5agV7ukeYz0DfILvqjaAnHerccj coloamer01.fedoraproject.org communityblog.fedorainfracloud.org,instance-207.cloud.fedoraproject.org,communityblog,172.25.32.44 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOPvCvfz50iy2T9tgwPDWVBTOXg39Kcf2PTzqV4fGJ1F1cgqqvzM6Peg9ckakP7lCHoYCGwY5hqZW4MVyyJq+VoNsqJ+52u4t+nW1GVZO6tDChI+mvAr21xkz/crhdEe0bRQJ4X3bo2mKo14USE76v0xqGJmymR/emrKbn1QzXi8gTUmh/TYUm62CZCvYFL4BAeWvRgtx9ZQUAn2H1hfj8BH7m6dwH1KMFvXjp1cDkZqJ/dLo9M5t0EDZehbqSIwFpLAk5PTEND/YFNHH66mExs+anaXTuxvlv4wz0hjU94oZ6AtVnT1l7pTgIWYTSPM7UILwg79kFutG6dfcDknzj communityblog.fedorainfracloud.org compose-aarch64-01.arm.fedoraproject.org,compose-aarch64-01,10.5.78.70 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDEdqWXO88MZ2kvayGbFwo46/QZSxv1cKUpmQHSGDqMdQY7j5jzepfMiTt36nRQwIMgqkXbTQ9lUAfm977cc4sXcTnK+6PmZDrVU72PMrp0/dfF0Wz7+jR4Ot3WJMZImeciE9nV/JpAzSJvqRu+yMAa9rO1DlVkA05guqW3FqC7RnHsQ23MZioM7kwVtsiuC1l3undgSiqenLCLdLg6oMjEDmFuOu8xLHo7kH2xubyeiGD1P3SRNvV2VtVoaF+rasPNcuA4hxvHiGrRbm213IjwGrgU3yRCgP2LK0ZTMDLWzK6SDItT2y8Y0iG4grAkWLrfPbkEh8iOA/GQa3vlooTp compose-aarch64-01.arm.fedoraproject.org +compose-ppc64-01.ppc.fedoraproject.org,compose-ppc64-01,10.5.129.14 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQ2XeMax5PYeGunaIqYesSd5vBKfM8CezS5PA7NnwQxUoMo4J4snajEgl3GWs38/52uvzLcuAkxoViSKqBO+j4rCj1nT9InZLnRK80OkYn9G8AgfXo7gTghWCfYgbqwHILU+N4VjpZS+o/8NaQUIJG783JqjjJmrXXE55PaMDjrns/dRdV7yGbScxPFaeg139DpUjczpOcncVvVTVlAvxMsAhum1YCaO5bX5I9bIiM29MLG4DFS/03zQP3GXD5aTyc+nqrct/QlD/4CARt2xa2fSqpDg2AZTqmd//rzoqMgawYnwODGiNMe8hZ7jyrIIIB7a3SYlYbhWgpRGBylA8/ compose-ppc64-01.ppc.fedoraproject.org compose-x86-01.phx2.fedoraproject.org,compose-x86-01,10.5.125.41 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDmg1ib9OddYRDehPCcEZ2GrpTy9ILlOfGxcVOPN+Yz62Wd/ozdz43CFCNWOduGGmQou3e8mFT7ImqXK8TrI6m9vvfv6icYUqyQY2HecKR/coBhWTCoPpC+54LMyDDYjSMitQjMJL/04CZDyICzQJgzjQd2qWEeTRzgEpUg0X2/AC4lomc3AV6G572AjaffavRrk0Cc63EjOiwxMIbNqrK5Rv5NsAcVALODJ4BYI78/58uUupXbNMKY4/bfCSAUtFO9nw/lfWMGCEw4EgEi1vKe+PBpP/c9vhp4AAhHk/W+eU9o+5bEYgIUdhn8Ez0VAZdtQWmUHPFjtI86r3GBfBhd compose-x86-01.phx2.fedoraproject.org composer.stg.phx2.fedoraproject.org,composer.stg,10.5.126.6 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsZy0TyNqbNuAUZ84M7AwRwWYHJG3eY/wmuhBpENyLk/3pjka5Ua/x/I0QidleFcOCsQRLb/UFouxmPiKl3eY083/eK9cjxg1jBsgxc20h5nrTHUSAcVySx9j95KFuNqGW31Y8tcX21FG603sdeTuM0wiz2MrY1tECJIbDfxwij1ShuVSOoIOc1LT9f5XJZWbsWLGa5OaOBl+MX6JOB85oujXsbZiLQE88xezdw9jkz8rhbnLzotBXR+HCQ0q5vbD2ECGaeXcpPBGI6Fw9EK3grgAztXRZnfrGZoLaulaFYy9A7cfpXCN+K8tKivqwKQJP2BZ2wA8WV+CewdikRyDl composer.stg.phx2.fedoraproject.org copr-be-dev.cloud.fedoraproject.org,instance-53.cloud.fedoraproject.org,copr-be-dev,172.25.32.94 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2dM4gaKBM7Y4Ub3M9hkiKnC52lPYFBDtvqxU1G5PaAyCP0SmgYGuzNuFYiCXNx3si1EsqT7OJCpo3ldJkhZQ6Iiqj3xMoCVXgiYsZoVF1nrjGUaK8UDTR6gVdvkMs9ZNhAUUOnRcM5wElffxkXkKW18V+LIFIOr9xVvxZmVbP/4in63YktP9mAQIZswHeuaNuyhR5qQ1angmHA21nnp3EP1QEe8EWTt1jbQdiJcwfAKqQTk5wNuFUchQhsSDIU12QAxpsG10xM0Z0nAn4bBifL4/nh7oGY00BI8xiuzj/LM2AJz3GjHqxY58L/qrVWG2VC4fC5IZMeVeZCLi3OCUN copr-be-dev.cloud.fedoraproject.org copr-be.cloud.fedoraproject.org,copr-be,172.25.32.109 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDbZTY3KM8kRDDqtePFcLM5wQ/5SoA9HGTok/+qBhYDSILCmNYMNe1hJF/owoOwu9v6sFoq9q8CcQcrZqCqBVYwVPbSP1yYhl52XqCVwz2kqAXmuCCZsCR3ij8qwLLVNEUEBIgvyiT9qq1ES6lWOiGP22I5rX/uWqOiIXDfplXiDPcfqKw8Iad1tzQpeFR1u/qmJP9w+wsZtwEn97Ms3TTz3HjUDVT5iBOnWqpuiypOji+Sc729oRZHJpu7qDutglR5oVENssudCQoNoOZK6kgKlVkjgRQC+oN+e5ggayJ3Si2giOMqqcY/EYtj/p/RI3O0wx91cAW48ORwTlOKhgwZ copr-be.cloud.fedoraproject.org copr-dist-git-dev.fedorainfracloud.org,instance-179.cloud.fedoraproject.org,copr-dist-git-dev,172.25.32.36 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOPvCvfz50iy2T9tgwPDWVBTOXg39Kcf2PTzqV4fGJ1F1cgqqvzM6Peg9ckakP7lCHoYCGwY5hqZW4MVyyJq+VoNsqJ+52u4t+nW1GVZO6tDChI+mvAr21xkz/crhdEe0bRQJ4X3bo2mKo14USE76v0xqGJmymR/emrKbn1QzXi8gTUmh/TYUm62CZCvYFL4BAeWvRgtx9ZQUAn2H1hfj8BH7m6dwH1KMFvXjp1cDkZqJ/dLo9M5t0EDZehbqSIwFpLAk5PTEND/YFNHH66mExs+anaXTuxvlv4wz0hjU94oZ6AtVnT1l7pTgIWYTSPM7UILwg79kFutG6dfcDknzj copr-dist-git-dev.fedorainfracloud.org -copr-dist-git.fedorainfracloud.org,instance-163.cloud.fedoraproject.org,copr-dist-git,172.25.32.110 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOPvCvfz50iy2T9tgwPDWVBTOXg39Kcf2PTzqV4fGJ1F1cgqqvzM6Peg9ckakP7lCHoYCGwY5hqZW4MVyyJq+VoNsqJ+52u4t+nW1GVZO6tDChI+mvAr21xkz/crhdEe0bRQJ4X3bo2mKo14USE76v0xqGJmymR/emrKbn1QzXi8gTUmh/TYUm62CZCvYFL4BAeWvRgtx9ZQUAn2H1hfj8BH7m6dwH1KMFvXjp1cDkZqJ/dLo9M5t0EDZehbqSIwFpLAk5PTEND/YFNHH66mExs+anaXTuxvlv4wz0hjU94oZ6AtVnT1l7pTgIWYTSPM7UILwg79kFutG6dfcDknzj copr-dist-git.fedorainfracloud.org +copr-dist-git.fedorainfracloud.org,copr-dist-git.cloud.fedoraproject.org,copr-dist-git,172.25.32.110 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOPvCvfz50iy2T9tgwPDWVBTOXg39Kcf2PTzqV4fGJ1F1cgqqvzM6Peg9ckakP7lCHoYCGwY5hqZW4MVyyJq+VoNsqJ+52u4t+nW1GVZO6tDChI+mvAr21xkz/crhdEe0bRQJ4X3bo2mKo14USE76v0xqGJmymR/emrKbn1QzXi8gTUmh/TYUm62CZCvYFL4BAeWvRgtx9ZQUAn2H1hfj8BH7m6dwH1KMFvXjp1cDkZqJ/dLo9M5t0EDZehbqSIwFpLAk5PTEND/YFNHH66mExs+anaXTuxvlv4wz0hjU94oZ6AtVnT1l7pTgIWYTSPM7UILwg79kFutG6dfcDknzj copr-dist-git.fedorainfracloud.org copr-fe-dev.cloud.fedoraproject.org,instance-55.cloud.fedoraproject.org,copr-fe-dev,172.25.32.83 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/txKLMG1d7pvshqW0jyYWu7zW30ksQ+eAzRrB3k/1enKPu7SSN1NYT47Zm634I6c9AGEOprepNSEfI501OTe1nsFMhR6wuGH3zSIqPmQI97vk2ZIVf1mzMkVoL/ppiO9UNIY+Q+KB4qfqHYoyrR9bSxryiyWc3mIbRmvV83eCrfN4L0TbT7vLwWZY4d0s94pTompkACeCSb1PVg7kW5uegUt68lUIh1gUR30aO6FAuS7Rfe+qkUccC4GPYrLkIwcbfR56r2KNdkI5RihRoo39kDMWm/0YdhQIYYifCGFkJ0NQDoPLOsUrnFmE2kVgqYJ6bwiWN1LQzPk5buhBgBVZ copr-fe-dev.cloud.fedoraproject.org copr-fe.cloud.fedoraproject.org,copr-fe,172.25.32.111 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBpdwQU257xzWrTC9fA++pLmSXtxrp3yWV8QjgTqn5O8DJsbpaSSxqTuVL/0AaNpfLCkbRZ4+btImDGfHesoo53HHxh2YAGVfXKmQXYFL7KBLresfDGms/5C8une3z0qCNk5oTxAk7lw+7C6AxtZfp+K59BsN3wHMIw945X+mlyjS2FMHrwFDt6mop9UfiW+GAaczfyzVRib6nsnj/01XwR/Amo1HlK6dBPe/ufpuotIDnoIYKt1Qi8DxKUz5wd8umac7c7C5pZXMHwGp4UxRKBRU5NnRzlbiQvT91Q21U+kC3HuOL3vXfWcojJEyGHKeh5PLd70pcE1pf+jgvNpF1 copr-fe.cloud.fedoraproject.org copr-keygen-dev.cloud.fedoraproject.org,copr-keygen-dev,172.25.32.101 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCV57eVkN66HBK1Q84ZTSz26gGMhCrPvVxUZ2EJRc7ySCDVNgomxsNLSQxOgjY7HvqAGE38e9AgQDCtUB1rWTd/jHsQ5NtFURTGO/tKxQ5jSGkuy4AeP8Cqjn4cVyYa+MaQcNDmsvhcMrK3CEqNSSUVo0sJXUCmoF7KpT+afh4Tx+8fBtaVP+Vm2ZQ6RleGTq70qBQPIU6a+wUT6UlK/iXcil5RL69mFSQR97mALU73Lb34Hog0VF78A7kaOnfTRBasdB4/e/IS14HuOQYYBdawUkuhlt/kSHa/nV9S7+WV5ktjeK9isOCGPpqfkecb3OynpMTsInpqci9mXfySCITb copr-keygen-dev.cloud.fedoraproject.org @@ -230,6 +231,7 @@ db03.stg.phx2.fedoraproject.org,db05,db03.stg,10.5.126.113 ssh-rsa AAAAB3NzaC1yc dedicatedsolutions01.fedoraproject.org,dedicatedsolutions01,67.219.144.66,2604:1580:fe00:0:dad3:85ff:feb8:d900,192.168.1.139 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRSrVyqS8yOjKXIMLzM1XtWdgLdNmNhVhmAPnxkQflFGqMjX41D17O0XdvrDn8Ot6aH86YBHmUmTWjstnNQzCMgiKNfvmzj1J0F0ce/+9lqm9XUEgUgYWGYVgjzb4v0TSoCK9M+GaHvhalIHOqMRQrMHUFgzZ3kcddCn7AtwpO+vz+L30l/Zvtl59CXu78JMmoK818bWMIKhr49xj3j6JKPXPwQpcRkUpDj65N30z363Xw+2kcfsMpRDPPJGCWPen50Dq7JCdbuGj44XNwQTTObv7bE7jr50k2xu49w9V0T8wCjAHzBB6KwR6YLnXU5M1pBrfwpidqUkvQy09ooHKt dedicatedsolutions01.fedoraproject.org developer.fedorainfracloud.org,developer,172.25.32.56 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSY2lm57B32qfEi6eq+DEsY27CcRj/Da+sbnlAO9zSGDUfrkLrvnpIHDIUU0tnmdDnErDC3jQllzBc4QVQFWVaEykMfnvbGooUc1Jlf4KjjF30L89AC3L84uRdghSVoW8CBQML4QJ2uYDP1Sp7hEaAuanNqnZdn6Nrt6Bi30zhl5NnL9ZLYfgWK+FrPE1ufYNO5PO5rHSOMLrU2oFADz5wekSWTCB0vLsjIbjaBxY/Y/Bj8AGU03ojFINmO9w7HtGFMWkfyzbA+4e7tkYjkjRNyUO5qzHVHwFHrtDf+p/1zlmauKVUIe4insDdJnoOEHP4vGLDXi5gfw+RHC6kHAND developer.fedorainfracloud.org dhcp01.phx2.fedoraproject.org,dhcp01,10.5.125.43 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFHs0iXw0sYRpBLbDnl4uQtFARF32BlmqvL7Un0zagEz3ArdL89ilY/CH+M+xthLIdhtxbSmV/uzrV2Tbr+Tomm1MpzFHlsYnwHcCnop5QW00Ksps1bTcQB4sw/gGpHabLtOMr7qjdROYnIZPiM3JhK+VevqaPazpk3YjA7J0FJn9ZC/FoLgkwInsYOzOzhS0WUcdJtsqc0RYh584gbCrucAw3fHyO9zVA9+yRv8K5m5hKJdnGHuo1V3fW79fYTRJjsSwXJ1uKkNY/QO+dmAiDFClIifyefNc9e8EHgl/phSRwtuZOZ8LvgzATp72qGveBogateTpVeejzbqxYzsIp dhcp01.phx2.fedoraproject.org +docker-registry01.stg.phx2.fedoraproject.org,docker-registry01.stg,10.5.126.217 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMiBny4MsVm2r0chzDyjmuqmWbH/XNH0CkywFAmdJH0KEgMuysUl4RstDpi7s1Y+BhgxaKCNA9D0+exCSul9b78qWOBOs8MyhlXJ6n+Zzas9WGiyja9bPGVFub5lcxCsKXH5H8UDkGa2D+EukIdgtZnbwBfFYP3YiS5WYjdQ6kI5lKDWEVILUJJpIHmaF2C9Feufn99mSRR78FcJe3M4EAWdx6oiI+ZhHzwG01Bba6QEwb3aUbdwQ/yzTtlkoS25Z96nalB868j58E+hSqu1LlwOLKC7EBA7AqkhEhezjOJ1wcdSiXmbq1JsgwYE9Qi3lpDl6GOzfsLj97qjKdV40h docker-registry01.stg.phx2.fedoraproject.org docs-backend01.phx2.fedoraproject.org,docs-backend01,10.5.126.45,192.168.1.97 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtpxweUyk83Vz0sxWZlkcD0s+6YmPUTibp6ZlA54t32dyjdS+ovZeruf4A1E1k29mCDhIgBASqe2J1WFcSDzONYDbBOMvtxAmbOvVFJ6VIgoDHpObTvrLDIry8xq2hCSMsfQFC/unjhos1Ml2cgAEnI4Zs74q0QGRKhbtvOU6rgfCGJ1y2R3E/vLrHi7hOG+J7egsy2Rr6kCtFh914G8O7BYfrqLODTC8kukNoU0gIJFf/AMpa5V9awLSr/hLzTuqvh59aA050loUn5zxOeG3/SEBjIpwnP4OIe6gDHc7QBTETL/hHT7biw5gATQDdxbgJ+PNJx5PnaT9XG+lewmA3Q== docs-backend01.phx2.fedoraproject.org docs-dev-builder01.fedorainfracloud.org,docs-dev-builder01,172.25.32.65 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJN8Y/dG/VXhT6Bcilcog0+YKO8szl167x8/GvgJxPE8D8NIy8L0U78ltYnIyzWwqKZuWQ6VG4WgV8P2+gInFa+dpI/Z8W5yAQ96dWWKL+/RD/nTiURYtKc5VTyJuWWS9iKJ3jLsxnCJp5c/wee82GhD7i3wMEnmv00Q+U/qS5EPm/7nQMaJktze5SLI8Oaea3t99n4669kU9sJCS1RDjIVE9IOCeIkMjVxIpv5ncmvQR8lj+G1ij3at31jCy3hNUhkx9ZwGul6gT5ca7sz0DmfLg6FSKqLcuI/hJuw9GIo886ulZjfHBEXHid3y9l/1q6g1TuZbndC0Wt8AWvAqBN docs-dev-builder01.fedorainfracloud.org docs-dev-frontend.fedorainfracloud.org,docs-dev-frontend,172.25.32.64 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKZo1zwGAAI4ABC2rbzFfoXvAuoDs6ZWmMu+VP9akQu6alwXypnVZ/bWgolZuh4em4H/mUHj+ON+6UB5VfEuH4S/Q1VKZf0THdQHaMUXZmT3FHzSj98I8TwyWQxMpAYLvp6rFjOHQb6wFrVBrUxPsq5qKqspFGQ2119LhvL2pFdMhPy/b5wOtgc3ho5UjVmQNKEC4f6q5gwW/smEyrWPJzR7YeBbhaMWkHSwkKVZ9Q7aRvSZgJAZ4PCg1vrppvbTtcALElAu/mP+CnheVLT3ZmmFs8xzwemF5SxG8u2F/X+qGox/+/N7TJMOSJJqoE6UTxi7EOqfXXy63+L436fVxH docs-dev-frontend.fedorainfracloud.org @@ -357,9 +359,11 @@ nuancier01.phx2.fedoraproject.org,nuancier01,10.5.126.231,192.168.1.112 ssh-rsa nuancier01.stg.phx2.fedoraproject.org,nuancier01.stg,10.5.126.202 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqUVDWaOICWO6tKNKi1zU8+u9PJbOYLAXvDSjE4SOxrXiM9UQYRqoJLnUNwierYi1z/diQi4TRliW51DD82ZIFgVJ4njffPdiF0d6T2JxMGG5iOgWdWC2GwGYtaCtkY15f0/HhfBj750xsWL0Tw3KDABOpzzzdb9CGAhPWPZQiWcF9z5q2xmRuvpoCZM/Hp6F64hgsHl44eNB0dhdNlVqgQY6AUhCOtUznF7AVwPjopfOz7Nv8NEMmr5YOyFh8CnuS/d3PifVGBjqzXcfwrStjyQJQJ+6LibjMnxQXexVeASeU0oVhv1WW8Gs0PqvrwRpCODHQ4o7VNy1U3oqpRKM1 nuancier01.stg.phx2.fedoraproject.org nuancier02.phx2.fedoraproject.org,nuancier02,10.5.126.232,192.168.1.113 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDErjhXabC+MDKnyAvdu6DX7eOjGuHN6S+yJmLsCNLTx/yODy7VLW/q9i7pogmezvnfHcX6ST/O7slkJUW8TVk8w3d+plCPyNO9/LzYxy6FL61S1VVS3co6p90WXaM68YlJ+aoIWXI8PH2myfdpwnYNytEBtaLZ+fS/C7CEJ7PA0jMCWw1ek/57OirW8BGmUYnhF1mxvIM3O5gQQeBwpY4j131+vMiSCvBqHBT5dMlb6GPF+2/eR2BZJrh16udY4xlna/hkMpUSw05g+8y5VXmJSzo0JjRsA8Mejooymh4vmo3UtyFr/sBv9q2Jd4yvlzV3dGYXb2QiVGrV4HxikihZ nuancier02.phx2.fedoraproject.org nuancier02.stg.phx2.fedoraproject.org,nuancier02.stg,10.5.126.203 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqzqwh8lCQo15Fmb+laTPVpNv+1EzOndnEg9c9kH88NZlKdP1E7HL2Y5qu2rOibQQjXFpVznafoOvla0zZjfd1Gr4I/5lsYva77nDbCd8FSWp0NDjLqDjbS6JUT2BD1RAZtkrXV6ZwU1S9BeYpxh5GZGpggRFlLxpQowS0ofjc8mG6C4GkmzSAIsUSJ5/p2ATQeoRu2NPnRknhtd4kQ8Y02KLC6aogDPp4LBQlb7fsmmVtnqDS3xfwUt1XKhSPW0BJJ2TfTt3OYFQyueiBHV44VFcJ2bGfW/+eyVmth912LyE/nm1XseMMPeP2LjiXXk4HCfgRKXFSu7Z/pogZZA7t nuancier02.stg.phx2.fedoraproject.org -openqa-stg01.qa.fedoraproject.org,openqa-stg01,10.5.131.72 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4G6b9lNlmWBwmY8OvotgoXSF61g/viUkBDmjN0Km4hOruKdm/MTcRKIEQMwL2fk0S0TiOkG+WJPL6iJltSzrDlfGbT9TBu2Wc36lYWfP993ucPQSaI7xg3bGfLXbWlXKkEwO0KVmoYjFjRMz5eSCec9AMYBifGAO/3OFdZjDPRXiCMIsyeHabaXTkCn61Ce9y7Pv+ueBFRjLE5n23o/gny9yeKL2BlfV5ABMdkHLlSgWzTNhz+6BDpoHhmfmne250/rpqknwavZbfSXmzMucEth3QpU5bbFyKQcnxdV3tXEV3oGDvPxISE7gfFN1W+vlkxOW1585sSayGg4NbAUQ7 openqa-stg01.qa.fedoraproject.org -openqa01.qa.fedoraproject.org,openqa01,10.5.131.71,192.168.1.154 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfcGF4ophSOLpo0hTuiS4IrlMON3Cz2qFOCiAW9oySeeMBrzgld6k8lfCuPyNKY4KOqcfET6zQ+xlcpbaCFW9dg2rS/W+uRAvk3jtCJGU+o3RrFYp+UKicnY7wpy8sj5bL3h8xPRrkFQQ5HT/IUhRLLc3KI7aZBkbqBqQ6DB4Cu0EKK3zKH1OYog4xYx06ISmAxv/VkrIe0CyACrO+dkhtMskBtu+pNZtIB0h3G1sim6x2/MxdsSZcOnxUG8STrlDCmditMp3RBavihc/MuxVgiPJzWM7Q51rmVbqfA7kijuWNmSSROa4cq4lWKpo/zgAB3/TsI/39A01hyEdG+ia/ openqa01.qa.fedoraproject.org +openqa-stg01.qa.fedoraproject.org,openqa-stg01,10.5.131.72 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDk1BWv6eiTl23i8RKXcsP4KfAX8hyiKwRqnD39sDuUcFRHq797ReLSyoLZxhhIYHJ8Jf0al2m2vXNfuGd8dO7HUoofkXdbGHiwLlXJEoTxFY55AkLmO9wm8r9HaQmB7hChno5NzZEWKLPOXAZlCFC53HNVZ0aJLPwisJtoZCrmMNhmoy+I4jzQjQxftkP7XXR7hxzeVDboPc4rqPDOZiB3XHnvMzcxTjiIdwXS8xu1OBCEnvmlBk9EvQUn+DBHCkcolUqkgDxwup0PdLjQksBobbNxYWL1n1wW2FoTpLbwzxWItPojeb9b6/ZBe0DL22atO2k0u35l7O45w9Jlhk57 openqa-stg01.qa.fedoraproject.org +openqa01.qa.fedoraproject.org,openqa01,10.5.131.71,192.168.1.154 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCt6Pa+2/tWOSpt1BMKvQm/VKvNoz8emlfcAAP57tkNIeW6tQgNFsZ8RCqhXlKfj7j2FoJ7oTpGZyXsOtDmVUpt4EAZAb8YYMaDpOZ610uOMMZdk5xI7It7ycmXkSQQ0ZFzpNlf6pwZaF1aNmOAb6oHAM0GK5sdpyjio6Y4t5fah3VkEmz32soaRY1tZv6cEZ0YYGLwoLBDGuE6CH9+WuepanVN9RRWGAk0hmVHgGAH/X+PEwmr5ZFR7oIRvsfz+M3ywTJHFiyi/siooM1mYB+1fQu79l/YFb4x/5qDKfEmn/Vt2q9hT20Co5U/Ltw5WAsrPvTtLj7ktAQHHqHQb9qX openqa01.qa.fedoraproject.org osbs-dev.fedorainfracloud.org,osbs-dev,172.25.32.95 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCgJ5gPtntuWVF4Be3NsM1D6nbFyVERgY9DAjGfYlzHfxy32WZ9qyGmp6DPpkUzyaEM6tANfpNeRtBZgSUS4kYe9/vLG01PceLTapBtW8ekZa+KD14tk/QOuIgKMUP6xKPfQ/uLjcoedixey9Tgc6hyoeCVaZButupNBvbEveyfH6gXXsWsRkokdZO/+smhWlUQVOZEDlj/39AiMSu0FiPKD5Jn3sr4m/I0sXdMDnjT12tg8GkDcP6rY4+bTHXIfumV49NTiujoxC8ETzTzjMZ7IslDbH45LtICmPaYAUZ3gw4xJI4Sm7hrA1/Bv7jy7xI3398lkBIgN3sBo9pF41F5 osbs-dev.fedorainfracloud.org +osbs-master01.phx2.fedoraproject.org,osbs-master01,10.5.125.55 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA5R9lrzP2BZzat8j4esM7sRARJjcvHtTHJX9mNaAgS5A8w1h6YhQBeJ0twRk8wzuln+X6/Ru1+/rTRHPbkqSCLOKb6kI8uMZfIBBAP9EDzoaat+XooF4g4+QRlma3FTA7S4RAqzvl6Gz892EOIrEFtz6hp9Ozi7IPZngPDAaTeBQquv5TL0qfc3Ggn5mkTqkOR3NkUR96dnd0aDSgAtaK1MAS8KTEhXzIuKx9jHw2cHk1xSOHc/P3LvkNLPJ3vj5kzpVq6hdeLPVlxNLM/2KU76BiYpB3lb7zO/fVwWlCT14A00PvAs/FaaNueRtjnEF3vKJTTn3JUVwh/XwDUUEl osbs-master01.phx2.fedoraproject.org +osbs-master01.stg.phx2.fedoraproject.org,osbs-master01.stg,10.5.126.216 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBnaRdOa1J4b9Z7eKfkSnZ4O7YZCljHLwq43cOnNtdT9ALRVaqFTYSS9fgUJ1vAukVHJpprWErJwMQAQEgR/bUreBSSyy6A0Xu+lb+AukjUeYpWiOny3T2+QAuFO2XBPQcEAwFlicT+9FWYVUSZel20D99gvfDvBNdfy8qvbAx40QI17GKjtquqSmwAdOiXmqlwJ7Ohkf9+YJzFDLocgNjLPKftAnn7boTsr6yV/bvESrszi36RCAsoLv35XB7+siM7vY/9yOWEXs6Yx7hZ33WeAQAvoeoXVQL2DRFXT6PzSBZbcg0U1zSTDIh1oThySlAJx7/Frd4Ip/Xh+Lyj2Bh osbs-master01.stg.phx2.fedoraproject.org osuosl01.fedoraproject.org,osuosl01,140.211.169.194,192.168.1.62 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPnKkpJSGBAtm5lZZCghN5zeENuGfJ4BjGybI47bAg/cxEf1Z4iV6SIUMELKd5LwZnCQx8sLo39bm5EnxsR/bQ+58cTVDp2igmiLEc6ucH5LiyGUjpEdIIYVBOZS4HTyT5XEK/z5L4o9ao4aCWHzI4BqesRhcllf6WCX9sTDg31KHY0brpeVTg2v8t9w2iyChDwpOwtZI7RLINBZOg0HT/zWXaU0wGfrLFIT0gvyBILfEQ4xvCANGHCzWKpTkHI1ezgacl5CDcetKURZUeKij6hFbZJvdW8R73sv82Qit22hlHpIOvzi4W+iFUcZ+nRRVHlCwf7Xr3Yd8mQV4TvQVp osuosl01.fedoraproject.org osuosl02.fedoraproject.org,osuosl02,140.211.169.195,192.168.1.67 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCkmzEytIMTpRqsj5I+adtN3RCKEP7YTxKEauaHa9dmy0UD4265YaCooyMtIpKazYt+zlZDtisjSB/rWGlYYClDVrlu+sBL7sdeoIZf1IyXmmoxvFpMos5L9JqpZslR0TUQixNXLLWto5bn54uXXmJSqhGR9xHmGspghmMdVI/LOwkmQpnqK4z0pG5S3qugLWizMpF7po3Bdo2Cwpb+lTv8H4cqfDZpavQbBTDTWtwEf/ikRVm788WkX64bg8U5q1fWoIjYXkMJ/AjJrFsnjVGQfi1xLwPI+B5lNr0azac+h3GQLNm3SIItVmeCHL4dCEnXHlCXBedp/VlahANTGs+H osuosl02.fedoraproject.org osuosl03.fedoraproject.org,osuosl03,140.211.169.200,192.168.1.27 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6YpP8Zbj1sFIPkt9ZK4oejIWeX0xLuoc8aPQbgaAjiNsjYiZZCPbz8m8BuBx5Q/GjAGmNu/j4Qh07NY9qYA8kwGOaI3bAqahrVHqbSFOXhpOJSevqE22p6CtEhaXw+KSxTLleFkOBOho//1dglNYAoARb/D0wI/Y7rZgW5n2gt41udmHGBxY7Q3WLv9QQlkzKGplNDLKpvFl+Vo90P9U1AUKBLwZQAC8OT4lohqC3ZuEHgZcmpm+crQ4+qV2xZp2RcJkGhsg9M9Xx4fIzjzYwxZY+Y0Tf7jx5XQsSMK1vX62vxZsnajRqsg5r/1txDAAcjeatOaVttBW0layNuliD osuosl03.fedoraproject.org @@ -376,7 +380,8 @@ pdc-backend01.stg.phx2.fedoraproject.org,pdc-backend01.stg,10.5.126.135 ssh-rsa pdc-web01.phx2.fedoraproject.org,pdc-web01,10.5.126.131,192.168.1.5 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2FK7noIl8ysgKA0U6f5/8KCxcBDVW0d6zYaBGWL/Yt/8wRVfufM71Ogxw6fQtOXIdqWglpT3b+gA5bzVZsAShQFtE0EPZzIv/vQWOD7MVC4jBjDiFXF1DysxUHKcsA32egP1/eiWGWvIorCREQISYNBIkRwofIpB0502SYVcHde1X2iR3INSUPXUjs7btglQhfNvpcOQSBdjPSzOYuily1Dmx8ov5nX9siO7IP/c6MO/ZDZQeZ4WhsApECood48HRv1n+tSTHqi7B4jQ4QzCYM+4ioi/Wgyh2U3QBPt6EcKfhk+QCiqPmt5zJNstebm0YKO43/zuN7wS3hMt138Ad pdc-web01.phx2.fedoraproject.org pdc-web01.stg.phx2.fedoraproject.org,pdc-web01.stg,10.5.126.133 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBuWSTrq9Zxe9zhyLn0g0HldzVQVWJ4ZOPsvcO9ve2zoF0x3tdfiR8A5SfM63qQG773LRBAn8DEiIf9IjA3jXJOy2z4xZZSDjJIc81SszTJbXc+pIE8vqMC7OW8jz9jbT8CdDEbXcuYuhTzsv92J61lScAHag38BoFsH9a+s8P9m2zHelIhWP8EUrMJDtzjcIRKeI5wO0hMmcfm8XgUdtr2awIJ2PtETbYmDoRqKQ4Q49wH+GCP8JXxnBW4dY/LhczBCZ8u0GP0Gf6iUUBOqJUpzwX1+NDI6P5MZVY+W4ysk5MpShHo2tBvwlLOzi5ALCvVL5pP6glw0LLktnp+MDR pdc-web01.stg.phx2.fedoraproject.org pdc-web02.phx2.fedoraproject.org,pdc-web02,10.5.126.132,192.168.1.6 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuMMEwBbvcEXxFtbNGQ5UcHDrbMiX575H1sP5t5R9gxe34UeysUxKzMBvunP+PMjF6LQciTXWzlE93ThoVvgv6n/FAlkCUHW1AJ317cxoZE81lHHUBGHMdF9vwIRV1BtidPeRYoACwC8HDfDN0O6BTMx6ie8/RuR9yOElmE5WV8Ed37hfuzCHVrWEQfpKb681ztHS6xmQeu2mZJUui0hgFHAyla2MFsAj+gKvyOwoP/Tc9o37suxO05flHR4fkLLsRvXW7FdMkTAx1NaJI70IHt6soiRrfpcds2Hmb7dsgPaOxl7j5w5hD/QVkinvdMcvOiRE16xbDsAWM3kU7xlER pdc-web02.phx2.fedoraproject.org -people02.fedoraproject.org,people02,152.19.134.199,2610:28:3090:3001:5054:ff:fea7:9474,192.168.100.2 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5AIn4kUGBxnn0GifB2U4TkMzf3yanRL01D6vQroID46SgqoFLX+kM7MP4nSMoTfOh6ThsgdvRzPEpdGyr7BefiPd/EmpJ762S95QtffGp8ialTD86Wz1t2L49Qb8BpEvprOwUgBeujkR4oh6LM6esbXnnbCXv1hTvDcGgUfHjcOfKC85964hy1xPvWPnVVKxDHEYOtHNUKd7oMCazM7iA1yK3MRzHKmnbqovyGafXeyjr/OAajawc31OOmcJFpJGulhybcvaH+/KyyWUKP/tlKrUsPw9xlIJNUSJdYIXgJCmXwuGi0FSHn8dqAqjxLAULFmRXznmAmMsjo8CnjU/YQ== people02.fedoraproject.org +people02.fedoraproject.org,vm20.fedora.ibiblio.org,people02,152.19.134.199,2610:28:3090:3001:5054:ff:fea7:9474,192.168.100.2 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5AIn4kUGBxnn0GifB2U4TkMzf3yanRL01D6vQroID46SgqoFLX+kM7MP4nSMoTfOh6ThsgdvRzPEpdGyr7BefiPd/EmpJ762S95QtffGp8ialTD86Wz1t2L49Qb8BpEvprOwUgBeujkR4oh6LM6esbXnnbCXv1hTvDcGgUfHjcOfKC85964hy1xPvWPnVVKxDHEYOtHNUKd7oMCazM7iA1yK3MRzHKmnbqovyGafXeyjr/OAajawc31OOmcJFpJGulhybcvaH+/KyyWUKP/tlKrUsPw9xlIJNUSJdYIXgJCmXwuGi0FSHn8dqAqjxLAULFmRXznmAmMsjo8CnjU/YQ== people02.fedoraproject.org +piwik.fedorainfracloud.org,instance-238.cloud.fedoraproject.org,piwik,172.25.32.114 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5ggyWyPUAZHgDJjNARSYX7l9uiSrLBL3Ju187qt1rFIpqnnNFXkJ0vyMuD9Wjyc4zymthZGwPc7pEm0gC0fvpytUhuNxhwLvnQx/HMABiqTBqc67WZqpDGmayFwjkqabz6Zj4o35RrjBLIRyjEJoOMV/9Cbf2dBDOFDpTHVQiWlEzbd++fl1hE6iraaj0vzjLdQS7PN59LlfZPuUWt+bJXXdskyMayd74zGcAOFyWI41bpKG3p1yitquhm8RCASqaBYbE6Xy13iBHB7LVoVP5K0vtPdufWSYzIkCZR/IvuYthSM07VmZmB6d+jL6VCE5TtuzE/h4D9ZUZk+rF/oX3 piwik.fedorainfracloud.org pkgdb01.phx2.fedoraproject.org,pkgdb01,10.5.126.15,192.168.1.122 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZuIKys9iGytHcX3nEaaLrGiD/YqlcQ9H2Fsr0K9QqWyaifvdkyjT5V8dzp5l7dDILJgNu5FqO5UoTqTRUNs/fR/57X2Nby4lECC1PDMa4SKIUgJUL1PB6PMFMw7aumY+gH0ljpftVppCMplLQxM2GmTb7jGpXBsZaYX/zZ12sJu4Dk6I8W+XSK+HVT7ph1b6+6d1kBFpvJ7gjd8Lkihe/h9pIKRbtVCvJlgv9jxwmjR1NynTjLRDwNsHtaqlUz9SZk2H4l40+A4aFNFt64G/lFeywGYiweaGpT3p1W4iUC5i8EGiwxim1Yj4jtBGg2Tg3eDaqsJHLlEGtIYBSBZlB pkgdb01.phx2.fedoraproject.org pkgdb01.stg.phx2.fedoraproject.org,pkgdb01.stg,10.5.126.20 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9MxQqOJnHMSDg09xuCEpEKVTNUaj8vDrJPD7k9HpRDZCx/FDFzXafzx6nMU0jVxr2CZoevEmWmHbggs537ALOz726SKCQInAN3DlfZfTn3n3JHWo8ObQBPHpaxqj2wiw3iugT6AbvnXh4qgQRfGHvKC+l0FEdBAN9fMK4BfSDPyExBkX12/+wjw5D+ETgsXO4kd4EN1gWdYLK4O19c7PTcIZWu7+gZW+YENvCTVDXGndfGApSGYBKxNuUG7P4iTAoQTFzU1zOMrjQ/Se2dpoQbuhOf0vB2rJCxhL6hGqn1PKNXC3RyD1eSuOd8QHJQhQiRme7OvZAzYVA5C7YXzsT pkgdb01.stg.phx2.fedoraproject.org pkgdb02.phx2.fedoraproject.org,pkgdb02,10.5.126.16,192.168.1.123 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1hxwdYEC3RG4n7/qE+ZuoEpcJGmBv1aLiC5ecSIvYfM6iRgDqGbHR9naYqMCeqePF+3LjZga4LBhyDwv/F/XnlDbDMJtPRdjcBPbMa3YeblW9jcPq8ENnkAW2a6Wc84bikyr+QTNzk63Vfj8weXCQXHQnd9kER3bzgkwhJxdBgj4S9lWgHmkEWXfIdwg1O5IP1e/Ai6H688ijhQkpfrNpzLmxI/ZEvBmUT3zwYl9HrsZat6MYf0aXRxzsR4IH0xLKwb7Mi+WObXjQjmPl1gSpybl4lJFw2vG/XfjgG7vVJda74C5hxXqDmK2VKKIfVnszf4iHnbhrcLmuLsYW3nY5 pkgdb02.phx2.fedoraproject.org diff --git a/roles/bodhi2/backend/files/dist-5E-epel-testing.mash b/roles/bodhi2/backend/files/dist-5E-epel-testing.mash index 3de53f6da..3c2f5d9b1 100644 --- a/roles/bodhi2/backend/files/dist-5E-epel-testing.mash +++ b/roles/bodhi2/backend/files/dist-5E-epel-testing.mash @@ -14,4 +14,4 @@ repoviewurl = http://download.fedoraproject.org/pub/epel/testing/5/%(arch)s/ repoviewtitle = "Fedora EPEL 5 Testing - %(arch)s" arches = i386 x86_64 ppc hash = sha -compress_type = bz2 +compress_type = gz diff --git a/roles/bodhi2/backend/files/dist-5E-epel.mash b/roles/bodhi2/backend/files/dist-5E-epel.mash index 46efeb563..055703cf1 100644 --- a/roles/bodhi2/backend/files/dist-5E-epel.mash +++ b/roles/bodhi2/backend/files/dist-5E-epel.mash @@ -14,4 +14,4 @@ repoviewurl = http://download.fedoraproject.org/pub/epel/5/%(arch)s/ repoviewtitle = "Fedora EPEL 5 - %(arch)s" arches = i386 x86_64 ppc hash = sha -compress_type = bz2 +compress_type = gz diff --git a/roles/bodhi2/backend/files/fedmsg-hub.conf b/roles/bodhi2/backend/files/fedmsg-hub.conf index 21f7de9f0..9e276c48c 100644 --- a/roles/bodhi2/backend/files/fedmsg-hub.conf +++ b/roles/bodhi2/backend/files/fedmsg-hub.conf @@ -1,3 +1,3 @@ [Service] -User=masher -Group=masher +User=apache +Group=apache diff --git a/roles/bodhi2/backend/tasks/main.yml b/roles/bodhi2/backend/tasks/main.yml index f9e63ba94..5b2c39b91 100644 --- a/roles/bodhi2/backend/tasks/main.yml +++ b/roles/bodhi2/backend/tasks/main.yml @@ -44,8 +44,13 @@ tags: - bodhi -- name: add nrpe to the masher group so it can talk to the monitoring socket - user: name=nrpe groups=masher append=yes +- name: add apache user to the masher group so it can talk to the monitoring socket + user: name=apache groups=mock,ftpsync,masher append=yes + tags: + - bodhi + +- name: add nrpe to the apache group so it can talk to the monitoring socket + user: name=nrpe groups=apache append=yes tags: - fedmsgmonitor - nagios/client @@ -65,15 +70,15 @@ - name: change owner and group attributes of bodhi.pem file file: > path="/etc/pki/bodhi/bodhi.pem" - owner=masher - group=masher + owner=apache + group=apache when: inventory_hostname.startswith('bodhi-backend') tags: - bodhi - config - name: change owner and group attributes of /var/log/bodhi directory - file: path=/var/log/bodhi owner=masher group=masher + file: path=/var/log/bodhi owner=apache group=apache when: inventory_hostname.startswith('bodhi-backend') tags: - bodhi @@ -83,8 +88,8 @@ template: > src=mash.conf dest=/etc/bodhi/mash.conf - owner=masher - group=masher + owner=apache + group=apache mode=0640 tags: - config @@ -94,7 +99,7 @@ copy: > src="{{ item }}" dest="/etc/bodhi/{{ item }}" - owner=masher + owner=apache mode=0640 with_items: - f21-updates.mash @@ -256,7 +261,7 @@ # bodhi jobs, previously run by the TurboGears scheduler. - name: bodhi-approve-testing cron job. - cron: name="bodhi-approve-testing" hour="*/6" minute=0 user="masher" + cron: name="bodhi-approve-testing" hour="*/6" minute=0 user="apache" job="/usr/bin/bodhi-approve-testing /etc/bodhi/production.ini" cron_file=bodhi-approve-testing-job when: inventory_hostname.startswith('bodhi-backend02') and env == "production" @@ -266,7 +271,7 @@ - cron - name: bodhi-expire-overrides cron job. - cron: name="bodhi-expire-overrides" hour="*" minute=0 user="masher" + cron: name="bodhi-expire-overrides" hour="*" minute=0 user="apache" job="/usr/bin/bodhi-expire-overrides /etc/bodhi/production.ini" cron_file=bodhi-expire-overrides-job when: inventory_hostname.startswith('bodhi-backend02') and env == "production" @@ -275,11 +280,11 @@ - bodhi - cron -- name: have the masher own the bodhi config +- name: have the apache own the bodhi config file: > path="/etc/bodhi/production.ini" - owner=masher - group=masher + owner=apache + group=apache when: inventory_hostname.startswith('bodhi') tags: - config @@ -297,7 +302,7 @@ - config - bodhi -- name: install a femdsg-hub.service drop-in to run it as the masher +- name: install a femdsg-hub.service drop-in to run it as the apache copy: > src="fedmsg-hub.conf" dest="/usr/lib/systemd/system/fedmsg-hub.service.d/fedmsg-hub.conf" @@ -311,21 +316,32 @@ - bodhi - config -- name: have the masher own /var/cache/mash +- name: have the apache own /var/cache/mash file: > path="/var/cache/mash" - owner=masher - group=masher + owner=apache + group=apache when: inventory_hostname.startswith('bodhi-backend') tags: - config - bodhi -- name: have the masher own /var/cache/bodhi because of course.. +- name: have the apache own /var/cache/bodhi because of course.. file: > path="/var/cache/bodhi" - owner=masher - group=masher + owner=apache + group=apache + when: inventory_hostname.startswith('bodhi-backend') + tags: + - config + - bodhi + +- name: have the apache own /var/cache/fedmsg because of course.. + file: > + path="/var/cache/fedmsg" + owner=apache + group=apache + state=directory when: inventory_hostname.startswith('bodhi-backend') tags: - config @@ -335,9 +351,10 @@ file: > dest=/var/run/fedmsg mode=2775 - owner=masher + owner=apache group=nrpe state=directory + recurse=yes ignore_errors: true notify: - restart fedmsg-hub @@ -349,7 +366,7 @@ file: > dest=/var/run/fedmsg/monitoring-fedmsg-hub.socket mode=0775 - owner=masher + owner=apache group=nrpe state=file ignore_errors: true @@ -361,7 +378,7 @@ template: > src=atomic-config.py.j2 dest=/usr/lib/python2.7/site-packages/fedmsg_atomic_composer/config.py - owner=masher + owner=apache mode=0644 tags: - config @@ -372,3 +389,13 @@ service: name=httpd enabled=no state=stopped tags: - bodhi + +#- name: have apache own /mnt/koji/mash/updates +# file: path=/mnt/koji/mash/updates state=directory recurse=yes owner=apache group=apache +# tags: +# - bodhi +# +#- name: have apache own /mnt/koji/mash/atomic +# file: path=/mnt/koji/mash/atomic state=directory recurse=yes owner=apache group=apache +# tags: +# - bodhi diff --git a/roles/bodhi2/base/templates/production.ini.j2 b/roles/bodhi2/base/templates/production.ini.j2 index 866857bd6..07bdbf890 100644 --- a/roles/bodhi2/base/templates/production.ini.j2 +++ b/roles/bodhi2/base/templates/production.ini.j2 @@ -10,16 +10,16 @@ filter-with = proxy-prefix # Release status # pre-beta enforces the 'Pre Beta' policy defined here: # https://fedoraproject.org/wiki/Updates_Policy -#f23.status = pre_beta -# -#f23.post_beta.mandatory_days_in_testing = 7 -#f23.post_beta.critpath.num_admin_approvals = 0 -#f23.post_beta.critpath.min_karma = 2 -#f23.post_beta.critpath.stable_after_days_without_negative_karma = 14 -# -#f23.pre_beta.mandatory_days_in_testing = 3 -#f23.pre_beta.critpath.num_admin_approvals = 0 -#f23.pre_beta.critpath.min_karma = 1 +f24.status = pre_beta + +f24.post_beta.mandatory_days_in_testing = 7 +f24.post_beta.critpath.num_admin_approvals = 0 +f24.post_beta.critpath.min_karma = 2 +f24.post_beta.critpath.stable_after_days_without_negative_karma = 14 + +f24.pre_beta.mandatory_days_in_testing = 3 +f24.pre_beta.critpath.num_admin_approvals = 0 +f24.pre_beta.critpath.min_karma = 1 ## ## Atomic OSTree support @@ -455,7 +455,7 @@ port = 6543 [pshell] m = bodhi.models -db = bodhi.models.DBSession +#db = bodhi.models.DBSession t = transaction # Begin logging configuration diff --git a/roles/clamav/templates/clamscan.sh.j2 b/roles/clamav/templates/clamscan.sh.j2 index 8b5d957f9..afe94cb27 100644 --- a/roles/clamav/templates/clamscan.sh.j2 +++ b/roles/clamav/templates/clamscan.sh.j2 @@ -6,10 +6,18 @@ LOGFILE="/var/log/clamscan.log" MAILTO="{{ clamscan_mailto }}" DAYS=7 -FILELIST="/tmp/clamscan_filelist.$$" +TMPCLAMDIR=$(mktemp -d clamav_ansible.XXXXXX) +FILELIST="$TMPCLAMDIR/clamscan_filelist.$$" + +clean_tmp_files() { + rm -f $FILELIST + rmdir $TMPCLAMDIR +} +trap clean_tmp_files EXIT rm -f $LOGFILE + # Build file list to scan {% for path in clamscan_paths %} find {{ path }} -ctime -${DAYS} -type f >> $FILELIST @@ -33,4 +41,3 @@ then mail -s "Virus scanning error on $(hostname)" $MAILTO -- < $LOGFILE fi -rm -f $FILELIST diff --git a/roles/copr/backend/files/provision/builderpb_nova.yml b/roles/copr/backend/files/provision/builderpb_nova.yml index 1109be0e7..f02f0014d 100644 --- a/roles/copr/backend/files/provision/builderpb_nova.yml +++ b/roles/copr/backend/files/provision/builderpb_nova.yml @@ -45,3 +45,12 @@ - name: disable offloading command: ethtool -K eth0 tso off gro off gso off + + - name: install multilib deps for nosync.i686 + yum: state=present pkg={{ item }} + with_items: + - glibc.i686 + - nss-softokn-freebl.i686 + # DNF module will not resolve the deps, we must install deps manualy! + - name: install i686 version of nosync for multilib building + dnf: name=https://kojipkgs.fedoraproject.org//packages/nosync/1.0/3.fc23/i686/nosync-1.0-3.fc23.i686.rpm state=present diff --git a/roles/copr/backend/files/provision/files/mock/site-defaults.cfg b/roles/copr/backend/files/provision/files/mock/site-defaults.cfg index 067b53782..030b64660 100644 --- a/roles/copr/backend/files/provision/files/mock/site-defaults.cfg +++ b/roles/copr/backend/files/provision/files/mock/site-defaults.cfg @@ -8,8 +8,6 @@ config_opts['plugin_conf']['yum_cache_enable'] = False config_opts['plugin_conf']['root_cache_enable'] = True # when used build ignores additional buildroot packages, reason unknown # config_opts['plugin_conf']['root_cache_opts']['age_check'] = False -config_opts['plugin_conf']['root_cache_opts']['exclude_dirs'] = ["./proc", "./sys", "./dev", - "./tmp/ccache", "./var/cache/yum" ] config_opts['plugin_conf']['bind_mount_enable'] = False config_opts['plugin_conf']['compress_logs_enable'] = True @@ -29,3 +27,5 @@ config_opts['cleanup_on_failure'] = 0 {% if ansible_distribution == 'Fedora' and ansible_distribution_major_version|int > 21 %} config_opts['yum_command'] = '/usr/bin/yum-deprecated' {% endif %} + +config_opts['nosync'] = True diff --git a/roles/copr/backend/files/provision/provision_builder_tasks.yml b/roles/copr/backend/files/provision/provision_builder_tasks.yml index 6fd11d02d..3ef42ccb5 100644 --- a/roles/copr/backend/files/provision/provision_builder_tasks.yml +++ b/roles/copr/backend/files/provision/provision_builder_tasks.yml @@ -23,6 +23,7 @@ - scl-utils-build - ethtool # - fedpkg-copr + - nosync - name: set bigger timeout for dnf ini_file: dest=/etc/dnf/dnf.conf section=main option=timeout value=1000 diff --git a/roles/copr/backend/handlers/main.yml b/roles/copr/backend/handlers/main.yml index 2994015d1..afbcf7c03 100644 --- a/roles/copr/backend/handlers/main.yml +++ b/roles/copr/backend/handlers/main.yml @@ -9,3 +9,6 @@ - name: systemctl daemon-reload command: /usr/bin/systemctl daemon-reload + +- name: restart lighttpd + action: service name=lighttpd state=restarted diff --git a/roles/copr/backend/templates/copr-be.conf.j2 b/roles/copr/backend/templates/copr-be.conf.j2 index b54320d41..c3e957339 100644 --- a/roles/copr/backend/templates/copr-be.conf.j2 +++ b/roles/copr/backend/templates/copr-be.conf.j2 @@ -87,7 +87,7 @@ dist_git_url=http://{{ dist_git_base_url }}/git [builder] # default is 1800 -timeout=33600 +timeout=86400 # utilized by /usr/bin/check_consecutive_build_fails.py consecutive_failure_threshold=30 diff --git a/roles/copr/base/files/forward_dev b/roles/copr/base/files/forward_dev index f3013bac7..e25b03e22 100644 --- a/roles/copr/base/files/forward_dev +++ b/roles/copr/base/files/forward_dev @@ -1,3 +1,2 @@ msuchy+coprmachine@redhat.com asamalik@redhat.com -vgologuz@redhat.com diff --git a/roles/copr/dist_git/files/httpd/copr-dist-git.conf b/roles/copr/dist_git/files/httpd/copr-dist-git.conf new file mode 100644 index 000000000..18567dfea --- /dev/null +++ b/roles/copr/dist_git/files/httpd/copr-dist-git.conf @@ -0,0 +1,6 @@ +Alias /per-task-logs /var/lib/copr-dist-git/per-task-logs +<Directory /var/lib/copr-dist-git/per-task-logs> + Options Indexes FollowSymLinks + AllowOverride None + Require all granted +</Directory> diff --git a/roles/copr/dist_git/files/httpd/git-smart-http.conf b/roles/copr/dist_git/files/httpd/dist-git/git-smart-http.conf index af4427b82..af4427b82 100644 --- a/roles/copr/dist_git/files/httpd/git-smart-http.conf +++ b/roles/copr/dist_git/files/httpd/dist-git/git-smart-http.conf diff --git a/roles/copr/dist_git/files/httpd/lookaside-copr.conf b/roles/copr/dist_git/files/httpd/dist-git/lookaside-copr.conf index cf5334d1b..cf5334d1b 100644 --- a/roles/copr/dist_git/files/httpd/lookaside-copr.conf +++ b/roles/copr/dist_git/files/httpd/dist-git/lookaside-copr.conf diff --git a/roles/copr/dist_git/files/httpd/lookaside.conf b/roles/copr/dist_git/files/httpd/dist-git/lookaside.conf index d967d1b0f..d967d1b0f 100644 --- a/roles/copr/dist_git/files/httpd/lookaside.conf +++ b/roles/copr/dist_git/files/httpd/dist-git/lookaside.conf diff --git a/roles/copr/dist_git/tasks/main.yml b/roles/copr/dist_git/tasks/main.yml index f731ec60e..7e11e6b01 100644 --- a/roles/copr/dist_git/tasks/main.yml +++ b/roles/copr/dist_git/tasks/main.yml @@ -65,7 +65,7 @@ - command: 'git config --global user.name "Copr dist git"' - name: install httpd config to serve lookaside and smart-git - copy: src="httpd/{{ item }}" dest="/etc/httpd/conf.d/dist-git/{{ item }}" + copy: src="httpd/dist-git/{{ item }}" dest="/etc/httpd/conf.d/dist-git/{{ item }}" with_items: - lookaside.conf - lookaside-copr.conf @@ -75,6 +75,17 @@ notify: - reload httpd + +- name: install copr-dist-git httpd config + copy: src="httpd/{{ item }}" dest="/etc/httpd/conf.d/{{ item }}" + with_items: + - copr-dist-git.conf + tags: + - config + notify: + - reload httpd + + - copy: src="dist-git.conf" dest="/etc/dist-git/dist-git.conf" mode=0644 tags: - config @@ -94,3 +105,5 @@ - "dist-git.socket" - "copr-dist-git" +- name: restart copr-dist-git + service: name=copr-dist-git state=restarted diff --git a/roles/copr/dist_git/templates/copr-dist-git.conf.j2 b/roles/copr/dist_git/templates/copr-dist-git.conf.j2 index a6b806aad..b39df71de 100644 --- a/roles/copr/dist_git/templates/copr-dist-git.conf.j2 +++ b/roles/copr/dist_git/templates/copr-dist-git.conf.j2 @@ -6,3 +6,6 @@ frontend_base_url={{frontend_base_url}} # must have same value as BACKEND_PASSWORD from have frontend in /etc/copr/copr.conf # default is PASSWORDHERE but you really should change it. really. frontend_auth={{ copr_backend_password }} + +# where import logs should be stored +per_task_log_dir=/var/lib/copr-dist-git/per-task-logs/ diff --git a/roles/copr/frontend/templates/copr.conf b/roles/copr/frontend/templates/copr.conf index a5f198d42..14b55f5ce 100644 --- a/roles/copr/frontend/templates/copr.conf +++ b/roles/copr/frontend/templates/copr.conf @@ -63,6 +63,7 @@ ENFORCE_PROTOCOL_FOR_FRONTEND_URL = "https" {% endif %} DIST_GIT_URL="http://{{ dist_git_base_url }}/cgit" +COPR_DIST_GIT_LOGS_URL = "http://{{ dist_git_base_url }}/per-task-logs" # no need to filter cla_* groups, they are already filtered by fedora openid BLACKLISTED_GROUPS = ['fedorabugs', 'packager', 'provenpackager'] diff --git a/roles/copr/keygen/tasks/main.yml b/roles/copr/keygen/tasks/main.yml index cfb2613e8..2c59d365f 100644 --- a/roles/copr/keygen/tasks/main.yml +++ b/roles/copr/keygen/tasks/main.yml @@ -14,6 +14,12 @@ notify: - restart haveged +- name: install yum + dnf: name=yum state=latest + +- name: upgrade all packages + command: yum-deprecated upgrade -y + - name: change owner of data to copr-signer shell: "chown -R copr-signer:copr-signer /var/lib/copr-keygen" @@ -24,13 +30,15 @@ # with_items: # - gnupg2 -- name: make sure there is gnupg2 2.0.x as temporary workaround till we add support of v4 to obs-sign - dnf: name=https://infrastructure.fedoraproject.org/repo/23/x86_64/gnupg2-2.0.29-1.fc22.x86_64.rpm state=present +#- name: make sure there is gnupg2 2.0.x as temporary workaround till we add support of v4 to obs-sign +# dnf: name=https://infrastructure.fedoraproject.org/repo/23/x86_64/gnupg2-2.0.29-1.fc22.x86_64.rpm state=present +# when: not devel -- name: exclude gnupg2 from upgrade - ini_file: dest=/etc/dnf/dnf.conf section=main option=exclude value=gnupg2 - tags: - - config +#- name: exclude gnupg2 from upgrade +# ini_file: dest=/etc/dnf/dnf.conf section=main option=exclude value=gnupg2 +# when: not devel +# tags: +# - config - name: put keygen vhost for httpd copy: src="httpd/copr-keygen.conf" dest="/etc/httpd/conf.d/copr-keygen.conf" diff --git a/roles/dhcp_server/files/dhcpd.conf.noc01.phx2.fedoraproject.org b/roles/dhcp_server/files/dhcpd.conf.noc01.phx2.fedoraproject.org index bb80f4349..a368dcb2b 100644 --- a/roles/dhcp_server/files/dhcpd.conf.noc01.phx2.fedoraproject.org +++ b/roles/dhcp_server/files/dhcpd.conf.noc01.phx2.fedoraproject.org @@ -1563,7 +1563,6 @@ shared-network qa { # 5C:F3:FC:85:64:36 - ppc-builder2.qa.fedoraproject.org - 10.5.124.214 # 5C:F3:FC:85:64:37 - ppc-builder3.qa.fedoraproject.org - 10.5.124.215 # 5C:F3:FC:85:64:38 - ppc-builder4.qa.fedoraproject.org - 10.5.124.216 -# 5C:F3:FC:85:64:35 - ppc-composer.qa.fedoraproject.org - 10.5.124.217 host ppc-comm01-mgmt { hardware ethernet 5c:f3:fc:2e:93:72; diff --git a/roles/distgit/files/cgi-nfs.pp b/roles/distgit/files/cgi-nfs.pp Binary files differindex a0df2cccc..116536a06 100644 --- a/roles/distgit/files/cgi-nfs.pp +++ b/roles/distgit/files/cgi-nfs.pp diff --git a/roles/distgit/files/cgi-nfs.te b/roles/distgit/files/cgi-nfs.te index 5ba0dfe4f..3274b1fcb 100644 --- a/roles/distgit/files/cgi-nfs.te +++ b/roles/distgit/files/cgi-nfs.te @@ -1,20 +1,20 @@ -policy_module(nfscgi, 1.0.0) +policy_module(nfscgi, 1.0.1) require { type httpd_git_script_t; type git_script_t; type git_system_t; type httpd_git_content_t; + type git_user_content_t; type nfs_t; class dir { create write search add_name remove_name getattr open }; class file { create write rename setattr read open }; } - allow git_system_t httpd_git_content_t:dir { getattr read open }; allow git_system_t httpd_git_content_t:file { read open getattr }; - - +allow git_system_t httpd_git_content_t:lnk_file { read open getattr }; +allow git_system_t git_user_content_t:lnk_file { read open getattr }; allow httpd_git_script_t nfs_t:dir { write }; allow git_system_t httpd_git_content_t:dir { search }; diff --git a/roles/distgit/tasks/main.yml b/roles/distgit/tasks/main.yml index 8e20a1831..390db7d81 100644 --- a/roles/distgit/tasks/main.yml +++ b/roles/distgit/tasks/main.yml @@ -378,19 +378,24 @@ # Three tasks for handling our selinux policy for upload.cgi - name: ensure a directory exists for our SELinux policy file: dest=/usr/local/share/selinux/ state=directory + tags: selinux - name: copy over our custom selinux policy copy: src=upload_cgi.pp dest=/usr/local/share/selinux/upload_cgi.pp register: selinux_module + tags: selinux - name: install our custom selinux policy command: semodule -i /usr/local/share/selinux/upload_cgi.pp when: selinux_module|changed + tags: selinux - name: copy over our custom nfs selinux policy copy: src=cgi-nfs.pp dest=/usr/local/share/selinux/cgi-nfs.pp register: nfs_selinux_module + tags: selinux - name: install our custom nfs selinux policy command: semodule -i /usr/local/share/selinux/cgi-nfs.pp when: nfs_selinux_module|changed + tags: selinux diff --git a/roles/dopr/files/cdic_update_db.sh b/roles/dopr/files/cdic_update_db.sh deleted file mode 100644 index eb5374116..000000000 --- a/roles/dopr/files/cdic_update_db.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/usr/bin/bash - - -echo "befor" - -cd .. -if [ -e /home/cdic/init_done ]; then - echo "db schema upgrade " - PYTHONPATH=cdic:$PYTHONPATH alembic upgrade head -else - echo "initiating db" - PYTHONPATH=.:$PYTHONPATH /usr/bin/python3 cdic/manage.py create_db -f alembic.ini - touch /home/cdic/init_done -fi -echo "after" -cd - diff --git a/roles/dopr/files/nginx.conf b/roles/dopr/files/nginx.conf deleted file mode 100644 index 2b78a7fb8..000000000 --- a/roles/dopr/files/nginx.conf +++ /dev/null @@ -1,32 +0,0 @@ -user nginx; -worker_processes 8; - -error_log /var/log/nginx/error.log; -#error_log /var/log/nginx/error.log notice; -#error_log /var/log/nginx/error.log info; - -pid /run/nginx.pid; - -events { - worker_connections 1024; -} - -http { - include /etc/nginx/mime.types; - default_type text/plain; - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - - keepalive_timeout 65; - gzip on; - - - include /etc/nginx/conf.d/*.conf; -} diff --git a/roles/dopr/files/nginx/cdic.conf b/roles/dopr/files/nginx/cdic.conf deleted file mode 100644 index f8c45770f..000000000 --- a/roles/dopr/files/nginx/cdic.conf +++ /dev/null @@ -1,17 +0,0 @@ -server { - listen 80 default_server; - listen [::]:80 default_server ipv6only=on; - - location / { - # checks for static file, if not found proxy to app - try_files $uri @proxy_to_app; - } - - location @proxy_to_app { - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $http_host; - proxy_redirect off; - - proxy_pass http://127.0.0.1:8000; - } -} diff --git a/roles/dopr/files/pg_hba.conf b/roles/dopr/files/pg_hba.conf deleted file mode 100644 index 171e63859..000000000 --- a/roles/dopr/files/pg_hba.conf +++ /dev/null @@ -1,13 +0,0 @@ -local cdicdb cdic md5 -host cdicdb cdic 127.0.0.1/8 md5 -host cdicdb cdic ::1/128 md5 -local cdicdb postgres ident - -# TYPE DATABASE USER ADDRESS METHOD - -# "local" is for Unix domain socket connections only -local all all peer -# IPv4 local connections: -host all all 127.0.0.1/32 ident -# IPv6 local connections: -host all all ::1/128 ident diff --git a/roles/dopr/files/ssh_config b/roles/dopr/files/ssh_config deleted file mode 100644 index 41dff51a6..000000000 --- a/roles/dopr/files/ssh_config +++ /dev/null @@ -1,3 +0,0 @@ -Host * - StrictHostKeyChecking no - UserKnownHostsFile /dev/null diff --git a/roles/dopr/files/systemd/cdic_async.service b/roles/dopr/files/systemd/cdic_async.service deleted file mode 100644 index a704c587d..000000000 --- a/roles/dopr/files/systemd/cdic_async.service +++ /dev/null @@ -1,21 +0,0 @@ -[Unit] -Description=cdic async executor daemon -# Requires=postgresql.service # uncomment after added -# After= -# Requires=cdic_gunicorn.socket -After=network.target - -[Service] -PIDFile=/var/run/cdic/pid_async -User=cdic -Group=cdic -WorkingDirectory=/home/cdic/server/cdic/src/cdic -Environment="PYTHONPATH=..:$PYTHONPATH" -# ExecReload=/bin/kill -s HUP $MAINPID -ExecStop=/bin/kill -s TERM $MAINPID -ExecStartPre=/usr/local/bin/cdic_update_db.sh -ExecStart=/usr/bin/python3 manage.py run_async_tasks -PrivateTmp=true - -[Install] -WantedBy=multi-user.target diff --git a/roles/dopr/files/systemd/cdic_gunicorn.service b/roles/dopr/files/systemd/cdic_gunicorn.service deleted file mode 100644 index 290a7c27c..000000000 --- a/roles/dopr/files/systemd/cdic_gunicorn.service +++ /dev/null @@ -1,21 +0,0 @@ -[Unit] -Description=gunicorn daemon -# Requires=postgresql.service # uncomment after added -# After= -Requires=cdic_async.service -After=cdic_async.service -After=network.target - -[Service] -PIDFile=/var/run/cdic/pid -User=cdic -Group=cdic -WorkingDirectory=/home/cdic/server/cdic/src/cdic -ExecReload=/bin/kill -s HUP $MAINPID -ExecStop=/bin/kill -s TERM $MAINPID -# ExecStartPre=/opt/cdic/_docker/first_run.sh -ExecStart=/usr/bin/python3-gunicorn --pid /run/cdic/pid app:app -b 0.0.0.0:8000 -PrivateTmp=true - -[Install] -WantedBy=multi-user.target diff --git a/roles/dopr/files/tmpfiles.d/cdic_gunicorn.conf b/roles/dopr/files/tmpfiles.d/cdic_gunicorn.conf deleted file mode 100644 index c771fbc15..000000000 --- a/roles/dopr/files/tmpfiles.d/cdic_gunicorn.conf +++ /dev/null @@ -1 +0,0 @@ -d /var/run/cdic 0755 cdic cdic - diff --git a/roles/dopr/handlers/main.yml b/roles/dopr/handlers/main.yml deleted file mode 100644 index 3ec4030b9..000000000 --- a/roles/dopr/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- include: "{{ handlers }}/restart_services.yml" - -- name: restart postgresql - service: name=postgresql state=restarted diff --git a/roles/dopr/tasks/main.yml b/roles/dopr/tasks/main.yml deleted file mode 100644 index 274d41534..000000000 --- a/roles/dopr/tasks/main.yml +++ /dev/null @@ -1,100 +0,0 @@ -# NB: dopr was initially called cdic - -- name: install basic packages - dnf: state=present pkg={{ item }} - with_items: - - "tmux" - - "bash-completion" - - "dnf-plugins-core" - - "yum-utils" - - "libxslt-devel" - tags: - - packages - -- name: enable our copr - command: "dnf copr enable -y msuchy/copr" - args: - creates: "/etc/yum.repos.d/_copr_msuchy-copr.repo" - -- name: create cdic user - user: name="cdic" - -- name: install dopr specific packages - dnf: state=present pkg={{ item }} - with_items: - - python3 - - python3-pip - - python3-gunicorn - - git - - redis - - vim - - wget - - dnf-plugins-core - - python3-copr - - python3-psycopg2 - - python-psycopg2 # for psql utils - - phantomjs - - nginx - -- name: git clone casperjs - git: repo=git://github.com/n1k0/casperjs.git - dest=/opt/casperjs/ - accept_hostkey=True - -- name: install casperjs - file: src=/opt/casperjs/bin/casperjs - dest=/usr/bin/casperjs state=link mode=0755 - -- name: git clone cdic into the cdic home - git: repo=git://github.com/evilkost/cdic.git - dest=/home/cdic/server/cdic/ - accept_hostkey=True - -- name: install python requirements - pip: requirements=/home/cdic/server/cdic/requirements.txt executable=/usr/bin/pip3 - -- name: install systemd units - copy: src="systemd/{{ item }}" dest="/etc/systemd/system/" - with_items: - - "cdic_async.service" - - "cdic_gunicorn.service" - -- command: "systemctl daemon-reload" - -- name: install systemd tmpfiles - copy: src="tmpfiles.d/cdic_gunicorn.conf" dest="/etc/tmpfiles.d/" - -# name: create working dirs -- file: path=/var/log/cdic state=directory mode=0755 owner=cdic group=cdic -- file: path=/var/lib/cdic state=directory mode=0755 owner=cdic group=cdic -- file: path=/var/lib/cdic/openid state=directory mode=0755 owner=cdic group=cdic -- file: path=/var/lib/cdic/wp state=directory mode=0755 owner=cdic group=cdic -- file: path=/var/run/cdic state=directory mode=0755 owner=cdic group=cdic -- file: path=/home/cdic/.config state=directory mode=0755 owner=cdic group=cdic - -- name: copy cdic config - template: src="cdic.py" dest="/home/cdic/.config/cdic.py" - -- copy: src="cdic_update_db.sh" dest="/usr/local/bin/" mode=0755 - -- file: path=/home/cdic/.ssh state=directory mode=0700 owner=cdic group=cdic -- name: copy ssh key for github - copy: src="{{private}}/files/dopr/github-testing" dest="/home/cdic/.ssh/id_rsa" - -- copy: src="ssh_config" dest="/home/cdic/.ssh/config" owner=cdic group=cdic mode=0600 - -- include: "psql_setup.yml" - -- name: Allow nginx to connect to upstream - seboolean: name=httpd_can_network_connect state=yes persistent=yes - -# copy nginx config -- copy: src="nginx.conf" dest="/etc/nginx/nginx.conf" -- copy: src="nginx/cdic.conf" dest="/etc/nginx/conf.d/" - -- name: enables services - service: state=running enabled=yes name={{ item }} - with_items: - - redis - - cdic_async - - cdic_gunicorn diff --git a/roles/dopr/tasks/psql_setup.yml b/roles/dopr/tasks/psql_setup.yml deleted file mode 100644 index 05d9b3b11..000000000 --- a/roles/dopr/tasks/psql_setup.yml +++ /dev/null @@ -1,46 +0,0 @@ -- name: install postresql - yum: state=present pkg={{ item }} - with_items: - - "postgresql-server" - - "postgresql-contrib" - -- name: mount up disk of postgres - mount: name=/srv/ src='LABEL=cdic-db' fstype=ext4 state=mounted - -- name: mount up bind mount for postgres - mount: src=/srv/pgsqldb name=/var/lib/pgsql fstype=auto opts=bind state=mounted - -- command: "ls -dZ /var/lib/pgsql" - register: pgsql_ls - -- name: update selinux context for postgress db dir if it's wrong - command: "restorecon -vvRF /var/lib/pgsql" - when: pgsql_ls.stdout is defined and 'postgresql_db_t' not in pgsql_ls.stdout - -- name: See if postgreSQL is installed - stat: path=/var/lib/pgsql/initdb.log - register: pgsql_installed - -- name: init postgresql - shell: "postgresql-setup initdb" - when: not pgsql_installed.stat.exists - -- name: copy pg_hba.conf - copy: src="pg_hba.conf" dest=/var/lib/pgsql/data/pg_hba.conf owner=postgres group=postgres mode=0600 - notify: - - restart postgresql - tags: - - config - -- name: enable Pg service - service: state=running enabled=yes name=postgresql - -- name: Create db - postgresql_db: name="cdicdb" encoding='UTF-8' - become: yes - become_user: postgres - -- name: Create db user - postgresql_user: db="cdicdb" name="cdic" password="{{ dopr_db_passwd }}" role_attr_flags=SUPERUSER,NOCREATEDB,NOCREATEROLE - become: yes - become_user: postgres diff --git a/roles/dopr/templates/cdic.py b/roles/dopr/templates/cdic.py deleted file mode 100644 index 461b26664..000000000 --- a/roles/dopr/templates/cdic.py +++ /dev/null @@ -1,20 +0,0 @@ - -# coding: utf-8 - -DOCKERHUB_URL = 'https://hub.docker.com' -DOCKERREGISTRY_URL = 'https://registry.hub.docker.com' -DOCKERHUB_USERNAME = '{{ dopr_testing_dockerhub_username }}' -DOCKERHUB_PASSWORD = '{{ dopr_testing_dockerhub_password }}' -HUB_PROJECT_URL_TEMPLATE = 'http://registry.hub.docker.com/u/cdictest/{repo_name}' - -GITHUB_TOKEN = '{{ dopr_testing_github_token }}' -GITHUB_USER = '{{ dopr_testing_github_username }}' -GITHUB_PASSWORD = '{{ dopr_testing_github_password }}' -GITHUB_API_ROOT = 'https://api.github.com' - -SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2://cdic:{{ dopr_db_passwd }}@localhost/cdicdb' -DATABASE_CONNECT_OPTIONS = {} - -VAR_ROOT = '/var/lib/cdic' -OPENID_STORE = '/var/lib/cdic/openid' -CDIC_WORKPLACE = '/var/lib/cdic/wp' diff --git a/roles/epylog/files/merged/weed_local.cf b/roles/epylog/files/merged/weed_local.cf index 60613c8f9..db8ed0706 100644 --- a/roles/epylog/files/merged/weed_local.cf +++ b/roles/epylog/files/merged/weed_local.cf @@ -231,6 +231,7 @@ rsyncd.*: name lookup failed for.* rsyncd.*: rsync: connection unexpectedly closed.* rsyncd.*: rsync error: error in rsync protocol data stream.* rsyncd.*: sent.* +rsyncd.*: rsync: change_dir.*failed.* #rsync.*: rsync on.* rsyslogd-2163:epoll_ctl failed #goofy-ass rsyslogd error :( @@ -292,6 +293,9 @@ sshd.*: Disconnecting: Too many authentication failures.* sshd.*: Disconnected from.* sshd.*: Read error from remote host.* sshd.*: error: maximum authentication attempts exceeded for.* +sshd.*: Close session.*user root from 10.5.126.23 port.*id 0 +sshd.*: error: key_read: uudecode.*failed +sshd.*: Connection reset by.* stunnel:.*connected remote.* stunnel:.*SSL_read.* stunnel:.*Connection reset.* @@ -299,6 +303,7 @@ stunnel:.*connect_blocking.* stunnel:.*Connection closed.* stunnel:.*Service \[websockets\] accepted connection from.* stunnel:.*Service \[eventsource\] accepted connection from.* +stunnel: .*SSL_accept\: Peer suddenly disconnected su: pam_unix\(su-l:session\): session .* for user dbbackup.* su: pam_unix\(su-l:session\): session .* for user postgres.* runuser: pam_unix\(runuser-l:session\).* session opened for user postgres by.* diff --git a/roles/fas_server/templates/fas.cfg.j2 b/roles/fas_server/templates/fas.cfg.j2 index a5232f7d2..9461ed0da 100644 --- a/roles/fas_server/templates/fas.cfg.j2 +++ b/roles/fas_server/templates/fas.cfg.j2 @@ -62,7 +62,7 @@ tgcaptcha2.jpeg_generator = 'vanasco_dowty' ### # Usernames that are unavailable for fas allocation -username_blacklist = "abuse,accounts,adm,admin,amanda,apache,askfedora,asterisk,bin,board,bodhi2,canna,census,chair,chairman,cvsdirsec,cvsdocs,cvseclipse,cvsextras,cvsfont,daemon,dbus,decode,desktop,dgilmore,directors,dovecot,dumper,fama,famsco,fas,fax,fedora,fedorarewards,fesco,freemedia,ftbfs,ftp,ftpadm,ftpadmin,ftpsync,games,gdm,gnomebackup,gopher,gregdek,halt,hostmaster,hotness,ident,info,ingres,jaboutboul,jan,keys,kojiadmin,ldap,legal,logo,lp,mail,mailnull,manager,marketing,masher,masta,mirrormanager,mysql,nagios,named,netdump,news,newsadm,newsadmin,nfsnobody,nobody,noc,notifications,nrpe,nscd,ntp,nut,openvideo,operator,packager,patrick,pcap,pkgdb,pkgsigner,postfix,postgres,postmaster,press,privoxy,pvm,quagga,radiusd,radvd,relnotes,relrod,rel-eng,root,rpc,rpcuser,rpm,rsc,s3-mirror,sales,scholarship,secalert,secondary-signer,security,server-wg,shutdown,smmsp,spevack,squid,sshd,support,sync,system,tickets,toor,updates,usenet,uucp,vcsa,vendors,vendor-support,voting,webalizer,webmaster,wikiadmin,wnn,www,xfs,zabbix" +username_blacklist = "abuse,accounts,adm,admin,amanda,apache,askfedora,asterisk,bin,board,bodhi2,canna,census,chair,chairman,containerbuild,cvsdirsec,cvsdocs,cvseclipse,cvsextras,cvsfont,daemon,dbus,decode,desktop,dgilmore,directors,dovecot,dumper,fama,famsco,fas,fax,fedora,fedorarewards,fesco,freemedia,ftbfs,ftp,ftpadm,ftpadmin,ftpsync,games,gdm,gnomebackup,gopher,gregdek,halt,hostmaster,hotness,ident,info,ingres,jaboutboul,jan,keys,kojiadmin,ldap,legal,logo,lp,mail,mailnull,manager,marketing,masher,masta,mirrormanager,mysql,nagios,named,netdump,news,newsadm,newsadmin,nfsnobody,nobody,noc,notifications,nrpe,nscd,ntp,nut,openvideo,operator,packager,patrick,pcap,pkgdb,pkgsigner,postfix,postgres,postmaster,press,privoxy,pvm,quagga,radiusd,radvd,relnotes,relrod,rel-eng,root,rpc,rpcuser,rpm,rsc,s3-mirror,sales,scholarship,secalert,secondary-signer,security,server-wg,shutdown,smmsp,spevack,squid,sshd,support,sync,system,tickets,toor,updates,usenet,uucp,vcsa,vendors,vendor-support,voting,webalizer,webmaster,wikiadmin,wnn,www,xfs,zabbix" # admingroup has powers to change anything in the fas UI admingroup = 'accounts' @@ -73,7 +73,7 @@ systemgroup = 'fas-system' # Valid action : # modo.allow.update_status, allow approved member to do related action. modo.group = 'accounts-moderators' -modo.allow.update_status = False +modo.allow.update_status = True # thirdpartygroup is for thirdparties that also need group management # via fas, but maintain their own actual account systems @@ -111,6 +111,22 @@ cla_deprecated_groups = ['cla_fedora'] # Format: 'group1:a,b,c|group2:d,e,f' auto_approve_groups = 'packager:fedorabugs|qa:fedorabugs|security-team:fedorabugs|qa-beaker-user:qa-automation-shell|docs:fedorabugs|cla_fpca:cla_done|cla_redhat:cla_done|cla_dell:cla_done|cla_ibm:cla_done|cla_intel:cla_done' +# Anti-spam approval check script, which injects in both registration and CLA steps +# In Fedora, this is provided by the Basset service +{% if env == "staging" %} +antispam.api.url = 'http://basset01.stg.phx2.fedoraproject.org/basset' +antispam.api.username = '{{ basset_stg_frontend_user }}' +antispam.api.password = '{{ basset_stg_frontend_pass }}' +antispam.registration.autoaccept = False +antispam.cla.autoaccept = False +{% else %} +antispam.api.url = 'http://basset01.phx2.fedoraproject.org/basset' +antispam.api.username = '{{ basset_prod_frontend_user }}' +antispam.api.password = '{{ basset_prod_frontend_pass }}' +antispam.registration.autoaccept = False +antispam.cla.autoaccept = False +{% endif %} + # Some server parameters that you may want to tweak server.socket_port=8088 server.thread_pool=50 diff --git a/roles/fedmsg/base/templates/endpoints-bugzilla2fedmsg.py.j2 b/roles/fedmsg/base/templates/endpoints-bugzilla2fedmsg.py.j2 index cff567a8d..e91a55f5f 100644 --- a/roles/fedmsg/base/templates/endpoints-bugzilla2fedmsg.py.j2 +++ b/roles/fedmsg/base/templates/endpoints-bugzilla2fedmsg.py.j2 @@ -6,9 +6,11 @@ suffix = 'phx2.fedoraproject.org' config = dict( endpoints={ - "bugzilla.bugzilla2fedmsg01": [ + "bugzilla2fedmsg.bugzilla2fedmsg01": [ "tcp://bugzilla2fedmsg01.%s:3000" % suffix, "tcp://bugzilla2fedmsg01.%s:3001" % suffix, + "tcp://bugzilla2fedmsg01.%s:3002" % suffix, + "tcp://bugzilla2fedmsg01.%s:3003" % suffix, ], }, ) diff --git a/roles/fedmsg/gateway/files/fedmsg-gateway.service b/roles/fedmsg/gateway/files/fedmsg-gateway.service deleted file mode 100644 index a72436c2a..000000000 --- a/roles/fedmsg/gateway/files/fedmsg-gateway.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=Outbound fedmsg gateway -After=network.target -Documentation=http://fedmsg.readthedocs.org/en/latest/commands/ - -[Service] -ExecStart=/usr/bin/fedmsg-gateway -Type=simple -User=fedmsg -Group=fedmsg -LimitNOFILE=160000 -Restart=on-failure - -[Install] -WantedBy=multi-user.target diff --git a/roles/fedmsg/gateway/files/fs-limits.conf b/roles/fedmsg/gateway/files/fs-limits.conf new file mode 100644 index 000000000..c31a46611 --- /dev/null +++ b/roles/fedmsg/gateway/files/fs-limits.conf @@ -0,0 +1,2 @@ +[Service] +LimitNOFILE=160000 diff --git a/roles/fedmsg/gateway/tasks/main.yml b/roles/fedmsg/gateway/tasks/main.yml index 86bece4d6..cdbb31b9f 100644 --- a/roles/fedmsg/gateway/tasks/main.yml +++ b/roles/fedmsg/gateway/tasks/main.yml @@ -15,14 +15,6 @@ tags: - fedmsgmonitor -- name: enable on boot and start fedmsg-gateway - service: name=fedmsg-gateway state=started enabled=true - tags: - - services - - fedmsg/gateway - notify: - - restart fedmsg-gateway - - name: setup fedmsg-gateway config file copy: src=gateway.py dest=/etc/fedmsg.d/gateway.py tags: @@ -31,12 +23,25 @@ notify: - restart fedmsg-gateway -- name: bump fs limits by installing our own systemd service file +- name: create systemd drop-in directory + file: > + dest=/etc/systemd/system/fedmsg-gateway.service.d + state=directory + tags: + - fedmsg/gateway + +- name: bump fs limits by installing a drop-in systemd config copy: > - src=fedmsg-gateway.service - dest=/usr/lib/systemd/system/fedmsg-gateway.service + src=fs-limits.conf + dest=/etc/systemd/system/fedmsg-gateway.service.d/fs-limits.conf tags: - config - fedmsg/gateway notify: - restart fedmsg-gateway + +- name: enable on boot and start fedmsg-gateway + service: name=fedmsg-gateway state=started enabled=true + tags: + - services + - fedmsg/gateway diff --git a/roles/fedmsg/irc/templates/ircbot.py b/roles/fedmsg/irc/templates/ircbot.py index 118a69020..56f976276 100644 --- a/roles/fedmsg/irc/templates/ircbot.py +++ b/roles/fedmsg/irc/templates/ircbot.py @@ -317,6 +317,28 @@ config = dict( body=['^((?!fedora-websites).)*$'], ), ), + + # And #fedora-mktg + dict( + network='chat.freenode.net', + port=6667, + make_pretty=True, + make_terse=True, + + {% if env == 'staging' %} + nickname='mktg-bot-stg', + {% else %} + nickname='mktg-bot', + {% endif %} + channel='#fedora-mktg', + # If the word fedora-mktg appears in any pagure message, forward it. + filters=dict( + topic=[ + '^((?!(pagure)).)*$', + ], + body=['^((?!fedora-mktg).)*$'], + ), + ), ], ### Possible colors are ### diff --git a/roles/git/server/tasks/main.yml b/roles/git/server/tasks/main.yml index f95ba428b..ef9fe4f3e 100644 --- a/roles/git/server/tasks/main.yml +++ b/roles/git/server/tasks/main.yml @@ -3,11 +3,13 @@ - name: install the git-daemon package yum: pkg=git-daemon state=present + tags: git/server # If NOT using xinetd - name: delete stock git daemon config file: path="/usr/lib/systemd/system/git.service" state=absent when: ansible_distribution_major_version|int == 7 + tags: git/server - name: configure git daemon template: > @@ -15,11 +17,13 @@ dest="/usr/lib/systemd/system/git@.service" mode=0644 when: ansible_distribution_major_version|int == 7 + tags: git/server # If using xinetd - name: install xinetd yum: pkg=xinetd state=present when: ansible_distribution_major_version|int == 6 + tags: git/server - name: install the xinetd config file template: > @@ -27,5 +31,6 @@ dest="/etc/xinetd.d/git" mode=0644 when: ansible_distribution_major_version|int == 6 + tags: git/server notify: - restart xinetd diff --git a/roles/gnome_backups/tasks/main.yml b/roles/gnome_backups/tasks/main.yml new file mode 100644 index 000000000..2b203775e --- /dev/null +++ b/roles/gnome_backups/tasks/main.yml @@ -0,0 +1,56 @@ +- name: Make sure rdiff-backup is installed + yum: name=rdiff-backup state=latest + +- name: Create GNOME backup user + user: name=gnomebackup state=present home=/gnome_backups/ createhome=yes shell=/sbin/nologin + +- name: Add a Directory for the Excludes list for each of the backed up GNOME machines + file: dest=/gnome_backups/excludes owner=gnomebackup group=gnomebackup state=directory + +- name: Install the GNOME SSH configuration file + copy: src="{{ files }}/gnome/ssh_config" dest=/usr/local/etc/gnome_ssh_config mode=0600 owner=gnomebackup + +- name: Install GNOME backup key + copy: src="{{ private }}/files/gnome/backup_id.rsa" dest=/usr/local/etc/gnome_backup_id.rsa mode=0600 owner=gnomebackup + +- name: Install GNOME backup script + copy: src="{{ files }}/gnome/backup.sh" dest=/usr/local/bin/gnome_backup mode=0700 owner=gnomebackup + +- name: Schedule the GNOME backup script + cron: name="Backup" hour=5 minute=0 job="(cd /gnome_backups; /usr/local/bin/lock-wrapper gnomebackup /usr/local/bin/gnome_backup)" user=gnomebackup + +- name: Make sure the MAILTO environment variable gets populated + cronvar: name="MAILTO" value="backups@gnome.org" user=gnomebackup + +- name: Add a Directory for each of the GNOME machines + file: dest=/gnome_backups/{{ item }} owner=gnomebackup group=gnomebackup state=directory + with_items: + - signal.gnome.org + - webapps2.gnome.org + - clutter.gnome.org + - blogs.gnome.org + - view.gnome.org + - puppet.gnome.org + - extensions.gnome.org + - chooser.gnome.org + - git.gnome.org + - webapps.gnome.org + - socket.gnome.org + - bugzilla-web.gnome.org + - progress.gnome.org + - clipboard.gnome.org + - drawable.gnome.org + - vbox.gnome.org + - cloud-ssh.gnome.org + - bastion.gnome.org + - spinner.gnome.org + - master.gnome.org + - live.gnome.org + - combobox.gnome.org + - restaurant.gnome.org + - expander.gnome.org + - accelerator.gnome.org + - range.gnome.org + - pentagon.gimp.org + - account.gnome.org + - bugzilla-new.gnome.org diff --git a/roles/haproxy/handlers/main.yml b/roles/haproxy/handlers/main.yml new file mode 100644 index 000000000..2de15f457 --- /dev/null +++ b/roles/haproxy/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart haproxy + service: name=haproxy state=restarted diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml index 83670d0bd..dd4259593 100644 --- a/roles/haproxy/tasks/main.yml +++ b/roles/haproxy/tasks/main.yml @@ -9,7 +9,7 @@ - packages - haproxy -- name: install haproxy/cfg in prod +- name: install haproxy/cfg template: src={{ item.file }} dest={{ item.dest }} owner=root group=root mode=0600 @@ -17,19 +17,6 @@ - { file: haproxy.cfg, dest: /etc/haproxy/haproxy.cfg } notify: - restart haproxy - when: env != 'staging' - tags: - - haproxy - -- name: install haproxy.cfg in stg - template: src={{ item.file }} - dest={{ item.dest }} - owner=root group=root mode=0600 - with_items: - - { file: haproxy.cfg.stg, dest: /etc/haproxy/haproxy.cfg } - when: env == 'staging' - notify: - - restart haproxy tags: - haproxy @@ -89,15 +76,7 @@ - selinux -- name: check haproxy cfg to make sure it is valid (prod) - command: haproxy -c -f /etc/haproxy/haproxy.cfg - always_run: true - register: haproxyconfigcheck - changed_when: haproxyconfigcheck.rc != 0 - tags: - - haproxy - -- name: check haproxy cfg to make sure it is valid (prod) +- name: check haproxy cfg to make sure it is valid command: haproxy -c -f /etc/haproxy/haproxy.cfg always_run: true register: haproxyconfigcheck diff --git a/roles/haproxy/templates/haproxy.cfg b/roles/haproxy/templates/haproxy.cfg index 747895bad..c79626678 100644 --- a/roles/haproxy/templates/haproxy.cfg +++ b/roles/haproxy/templates/haproxy.cfg @@ -36,25 +36,31 @@ listen stats 0.0.0.0:8080 listen fp-wiki 0.0.0.0:10001 balance hdr(appserver) server wiki01 wiki01:80 check inter 15s rise 2 fall 5 +{% if env == "production" %} server wiki02 wiki02:80 check inter 15s rise 2 fall 5 +{% endif %} option httpchk GET /wiki/Main_Page listen mirror-lists 0.0.0.0:10002 balance hdr(appserver) timeout connect 30s + server mirrorlist-phx2 mirrorlist-phx2:80 check inter 5s rise 2 fall 3 +{% if env == "production" %} server mirrorlist-dedicatedsolutions mirrorlist-dedicatedsolutions:80 check inter 5s rise 2 fall 3 server mirrorlist-host1plus mirrorlist-host1plus:80 check inter 5s rise 2 fall 3 server mirrorlist-ibiblio mirrorlist-ibiblio:80 check inter 5s rise 2 fall 3 server mirrorlist-ibiblio02 mirrorlist-ibiblio02:80 check inter 5s rise 2 fall 3 server mirrorlist-osuosl mirrorlist-osuosl:80 check inter 5s rise 2 fall 3 - server mirrorlist-phx2 mirrorlist-phx2:80 check inter 5s rise 2 fall 3 +{% endif %} option httpchk GET /mirrorlist option allbackups listen pkgdb 0.0.0.0:10003 balance hdr(appserver) server pkgdb01 pkgdb01:80 check inter 10s rise 2 fall 3 +{% if env == "production" %} server pkgdb02 pkgdb02:80 check inter 10s rise 2 fall 3 +{% endif %} option httpchk GET /pkgdb/collections/ listen fas 0.0.0.0:10004 @@ -63,82 +69,112 @@ listen fas 0.0.0.0:10004 # depend on fas (like pkgdb, bodhi, etc) balance hdr(appserver) server fas01 fas01:80 check inter 5s rise 1 fall 2 +{% if env == "production" %} server fas02 fas02:80 check inter 5s rise 1 fall 2 server fas03 fas03:80 check inter 5s rise 1 fall 2 +{% endif %} option httpchk GET /accounts/ listen voting 0.0.0.0:10007 balance hdr(appserver) server elections01 elections01:80 check inter 10s rise 2 fall 4 +{% if env == "production" %} server elections02 elections02:80 check inter 10s rise 2 fall 4 +{% endif %} option httpchk GET /voting/ listen mirrormanager 0.0.0.0:10008 balance hdr(appserver) server mm-frontend01 mm-frontend01:80 check inter 60s rise 2 fall 3 +{% if env == "production" %} server mm-frontend02 mm-frontend02:80 check inter 60s rise 2 fall 3 +{% endif %} option httpchk GET /mirrormanager/static/mirrormanager2.css listen darkserver 0.0.0.0:10009 balance hdr(appserver) - #server darkserver01 darkserver01:80 check inter 20s rise 2 fall 3 +{% if env == "production" %} server darkserver02 darkserver02:80 check inter 20s rise 2 fall 3 +{% else %} + server darkserver-web01 darkserver-web01:80 check inter 20s rise 2 fall 3 + server darkserver-web02 darkserver-web02:80 check inter 20s rise 2 fall 3 +{% endif %} option httpchk GET /darkserver/ listen bodhi2 0.0.0.0:10010 balance hdr(appserver) +{% if env == "production" %} server bodhi03 bodhi03:80 check inter 20s rise 2 fall 3 server bodhi04 bodhi04:80 check inter 20s rise 2 fall 3 +{% else %} + server bodhi02 bodhi02:80 check inter 20s rise 2 fall 3 +{% endif %} option httpchk GET / listen freemedia 0.0.0.0:10011 balance hdr(appserver) server sundries01 sundries01:80 check inter 60s rise 2 fall 3 +{% if env == "production" %} server sundries02 sundries01:80 check inter 60s rise 2 fall 3 +{% endif %} option httpchk GET /freemedia/FreeMedia-form.html listen packages 0.0.0.0:10016 balance hdr(appserver) server packages03 packages03:80 check inter 5s rise 2 fall 3 +{% if env == "production" %} server packages04 packages04:80 check inter 5s rise 2 fall 3 +{% endif %} option httpchk GET /packages/_heartbeat listen tagger 0.0.0.0:10017 balance hdr(appserver) server tagger01 tagger01:80 check inter 60s rise 2 fall 3 +{% if env == "production" %} server tagger02 tagger02:80 check inter 60s rise 2 fall 3 +{% endif %} option httpchk GET /tagger/_heartbeat listen totpcgiprovision 0.0.0.0:10019 balance hdr(appserver) http-check expect status 401 server fas01 fas01:8444 check inter 5s rise 1 fall 2 +{% if env == "production" %} server fas02 fas02:8444 check inter 5s rise 1 fall 2 server fas03 fas03:8444 check inter 5s rise 1 fall 2 +{% endif %} option httpchk GET /index.cgi listen ipsilon 0.0.0.0:10020 balance hdr(appserver) server ipsilon01 ipsilon01:80 check inter 10s rise 1 fall 2 +{% if env == "production" %} server ipsilon02 ipsilon02:80 check inter 10s rise 1 fall 2 +{% endif %} option httpchk GET / listen askbot 0.0.0.0:10021 balance hdr(appserver) server ask01 ask01:80 check inter 10s rise 1 fall 2 +{% if env == "production" %} server ask02 ask02:80 check inter 10s rise 1 fall 2 +{% endif %} option httpchk GET /questions/ listen blockerbugs 0.0.0.0:10022 balance hdr(appserver) server blockerbugs01 blockerbugs01:80 check inter 10s rise 1 fall 2 +{% if env == "production" %} server blockerbugs02 blockerbugs02:80 check inter 10s rise 1 fall 2 +{% endif %} option httpchk GET /blockerbugs listen fedocal 0.0.0.0:10023 balance hdr(appserver) server fedocal01 fedocal01:80 check inter 10s rise 1 fall 2 +{% if env == "production" %} server fedocal02 fedocal02:80 check inter 10s rise 1 fall 2 +{% endif %} option httpchk GET /calendar # IMPORTANT: 10023-10026 will NOT work because of selinux policies @@ -146,19 +182,25 @@ listen fedocal 0.0.0.0:10023 listen paste 0.0.0.0:10027 balance hdr(appserver) server paste01 paste01:80 check inter 10s rise 1 fall 2 +{% if env == "production" %} server paste02 paste02:80 check inter 10s rise 1 fall 2 +{% endif %} option httpchk GET / listen datagrepper 0.0.0.0:10028 balance hdr(appserver) server datagrepper01 datagrepper01:80 check inter 10s rise 1 fall 2 +{% if env == "production" %} server datagrepper02 datagrepper02:80 check inter 10s rise 1 fall 2 +{% endif %} option httpchk GET /datagrepper/reference/ listen geoip-city 0.0.0.0:10029 balance hdr(appserver) server sundries01 sundries01:80 check inter 30s rise 2 fall 3 +{% if env == "production" %} server sundries02 sundries02:80 check inter 30s rise 2 fall 3 +{% endif %} option httpchk GET /city?ip=18.0.0.1 # IMPORTANT: 10031 will NOT work because of selinux policies @@ -166,11 +208,24 @@ listen geoip-city 0.0.0.0:10029 listen badges 0.0.0.0:10032 balance hdr(appserver) server badges-web01 badges-web01:80 check inter 10s rise 1 fall 2 +{% if env == "production" %} server badges-web02 badges-web02:80 check inter 10s rise 1 fall 2 +{% endif %} option httpchk GET /heartbeat -# 10033 is list -# 10034 is gallery +{% if env == "staging" %} +listen lists 0.0.0.0:10033 + balance hdr(appserver) + server mailman01 mailman01:80 check inter 10s rise 1 fall 2 + option httpchk GET / +{% endif %} + +{% if env == "staging" %} +listen gallery + balance hdr(appserver) + server gallery01 gallery01:80 check inter 10s rise 1 fall 2 + option httpchk GET / +{% endif %} listen nuancier 0.0.0.0:10035 balance hdr(appserver) @@ -218,7 +273,11 @@ listen mdapi 0.0.0.0:10043 listen openqa 0.0.0.0:10044 balance hdr(appserver) +{% if env == "production" %} server openqa01 openqa01:80 check inter 10s rise 1 fall 2 +{% else %} + server openqa-stg01.qa.fedoraproject.org openqa-stg01.qa.fedoraproject.org:80 check inter 10s rise 1 fall 2 +{% endif %} option httpchk GET /api/v1/jobs/1 listen pdc 0.0.0.0:10045 @@ -236,6 +295,30 @@ listen zanata2fedmsg 0.0.0.0:10046 balance hdr(appserver) server zanata2fedmsg01 zanata2fedmsg01:80 check inter 10s rise 1 fall 2 +{% if env == "staging" %} +listen osbs 0.0.0.0:10047 + balance hdr(appserver) + server osbs-master01 osbs-master01:443 check inter 10s rise 1 fall 2 check ssl verify none +{% endif %} + +{% if env == "staging" %} +listen docker-registry 0.0.0.0:10048 + balance hdr(appserver) + server docker-registry01 docker-registry01:443 check inter 10s rise 1 fall 2 check ssl verify none +{% endif %} + +{% if env == "staging" %} +listen retrace 0.0.0.0:10049 + balance hdr(appserver) + server retrace01 retrace01:80 check inter 10s rise 1 fall 2 +{% endif %} + +{% if env == "staging" %} +listen faf 0.0.0.0:10050 + balance hdr(appserver) + server faf01 faf01:80 check inter 10s rise 1 fall 2 +{% endif %} + # Apache doesn't handle the initial connection here like the other proxy # entries. This proxy also doesn't use the http mode like the others. # stunnel should be sitting on port 9939 (public) and redirecting diff --git a/roles/haproxy/templates/haproxy.cfg.stg b/roles/haproxy/templates/haproxy.cfg.stg deleted file mode 100644 index e09b4ab63..000000000 --- a/roles/haproxy/templates/haproxy.cfg.stg +++ /dev/null @@ -1,268 +0,0 @@ -# this config needs haproxy-1.1.28 or haproxy-1.2.1 - -global - log 127.0.0.1 local0 warning - # Set this to 4096 + 16384 - # 16384 for the fedmsg gateway and 4096 for everybody else. - maxconn 20480 - chroot /var/lib/haproxy - user haproxy - group haproxy - daemon - stats socket /var/run/haproxy-stat user haproxy group nrpe mode 0664 - #debug - #quiet - -defaults - log global - mode http - option httplog - option dontlognull - option httpclose - option redispatch - retries 3 - maxconn 5000 - timeout connect 5s - timeout client 500s - timeout server 500s - errorfile 503 /etc/haproxy/503.http - -listen stats 0.0.0.0:8080 - mode http - balance hdr(appserver) - stats enable - stats uri / - -listen fp-wiki 0.0.0.0:10001 - balance hdr(appserver) - server wiki01 wiki01:80 check inter 15s rise 2 fall 5 - option httpchk GET /wiki/Main_Page - -listen mirror-lists 0.0.0.0:10002 - balance hdr(appserver) - timeout connect 30s - server mirrorlist-phx2 mirrorlist-phx2:80 check inter 10s rise 2 fall 3 - option httpchk GET /mirrorlist - -listen pkgdb 0.0.0.0:10003 - balance hdr(appserver) - server pkgdb01 pkgdb01:80 check inter 10s rise 2 fall 3 - option httpchk GET /pkgdb/collections/ - -listen fas 0.0.0.0:10004 - # These values are set extremely low so any issues are recovered from very - # quickly. Setting these higher will cause odd behavior in apps that - # depend on fas (like pkgdb, bodhi, etc) - balance hdr(appserver) - server fas01 fas01:80 check inter 5s rise 1 fall 2 - option httpchk GET /accounts/ - -listen voting 0.0.0.0:10007 - balance hdr(appserver) - server elections01 elections01:80 check inter 10s rise 2 fall 4 - option httpchk GET /voting/ - -listen mirrormanager 0.0.0.0:10008 - balance hdr(appserver) - server mm-frontend01 mm-frontend01:80 check inter 60s rise 2 fall 3 - option httpchk GET /mirrormanager/static/mirrormanager2.css - -listen darkserver 0.0.0.0:10009 - balance hdr(appserver) - server darkserver-web01 darkserver-web01:80 check inter 20s rise 2 fall 3 - server darkserver-web02 darkserver-web02:80 check inter 20s rise 2 fall 3 - option httpchk GET /darkserver/ - -listen bodhi2 0.0.0.0:10010 - balance hdr(appserver) - server bodhi02 bodhi02:80 check inter 20s rise 2 fall 3 - option httpchk GET / - -listen freemedia 0.0.0.0:10011 - balance hdr(appserver) - server sundries01 sundries01:80 check inter 60s rise 2 fall 3 - option httpchk GET /freemedia/FreeMedia-form.html - -listen packages 0.0.0.0:10016 - balance hdr(appserver) - server packages03 packages03:80 check inter 5s rise 2 fall 3 - option httpchk GET /packages/_heartbeat - -listen tagger 0.0.0.0:10017 - balance hdr(appserver) - server tagger01 tagger01:80 check inter 60s rise 2 fall 3 - option httpchk GET /tagger/_heartbeat - -listen totpcgiprovision 0.0.0.0:10019 - balance hdr(appserver) - http-check expect status 401 - server fas01 fas01:8444 check inter 5s rise 1 fall 2 - option httpchk GET /index.cgi - -listen ipsilon 0.0.0.0:10020 - balance hdr(appserver) - server ipsilon01 ipsilon01:80 check inter 10s rise 1 fall 2 - option httpchk GET /ui/fedora/repeater.png - -listen askbot 0.0.0.0:10021 - balance hdr(appserver) - server ask01 ask01:80 check inter 10s rise 1 fall 2 - option httpchk GET /questions/ - -listen blockerbugs 0.0.0.0:10022 - balance hdr(appserver) - server blockerbugs01 blockerbugs01:80 check inter 10s rise 1 fall 2 - option httpchk GET /blockerbugs - -listen fedocal 0.0.0.0:10023 - balance hdr(appserver) - server fedocal01 fedocal01:80 check inter 10s rise 1 fall 2 - option httpchk GET /calendar - -listen geoip-city 0.0.0.0:10029 - balance hdr(appserver) - server sundries01 sundries01:80 check inter 30s rise 2 fall 3 - option httpchk GET /city?ip=18.0.0.1 - -# IMPORTANT: 10023-10026 will NOT work because of selinux policies - -listen paste 0.0.0.0:10027 - balance hdr(appserver) - server paste01 paste01:80 check inter 10s rise 1 fall 2 - option httpchk GET / - -listen datagrepper 0.0.0.0:10028 - balance hdr(appserver) - server datagrepper01 datagrepper01:80 check inter 10s rise 1 fall 2 - option httpchk GET /datagrepper - -# IMPORTANT: 10031 will NOT work because of selinux policies - -listen badges 0.0.0.0:10032 - balance hdr(appserver) - server badges-web01 badges-web01:80 check inter 10s rise 1 fall 2 - option httpchk GET /heartbeat - -listen lists 0.0.0.0:10033 - balance hdr(appserver) - server mailman01 mailman01:80 check inter 10s rise 1 fall 2 - option httpchk GET / - -listen gallery 0.0.0.0:10034 - balance hdr(appserver) - server gallery01 gallery01:80 check inter 10s rise 1 fall 2 - option httpchk GET / - -listen nuancier 0.0.0.0:10035 - balance hdr(appserver) - server nuancier01 nuancier01:80 check inter 10s rise 1 fall 2 - server nuancier02 nuancier02:80 check inter 10s rise 1 fall 2 - option httpchk GET /nuancier/ - -listen notifs-web 0.0.0.0:10036 - balance hdr(appserver) - server notifs-web01 notifs-web01:80 check inter 10s rise 1 fall 2 - server notifs-web02 notifs-web02:80 check inter 10s rise 1 fall 2 - option httpchk GET /notifications/_heartbeat - -listen github2fedmsg 0.0.0.0:10037 - balance hdr(appserver) - server github2fedmsg01 github2fedmsg01:80 check inter 10s rise 1 fall 2 - option httpchk GET /github2fedmsg/ - -listen kerneltest 0.0.0.0:10038 - balance hdr(appserver) - server kerneltest01 kerneltest01:80 check inter 10s rise 1 fall 2 - option httpchk GET /kerneltest - -listen koschei 0.0.0.0:10040 - balance hdr(appserver) - server koschei01 koschei01:80 check inter 10s rise 1 fall 2 - option httpchk GET /koschei/ - -listen autocloud 0.0.0.0:10041 - balance hdr(appserver) - server autocloud-web01 autocloud-web01:80 check inter 10s rise 1 fall 2 - server autocloud-web02 autocloud-web02:80 check inter 10s rise 1 fall 2 - option httpchk GET /autocloud/ - -listen statscache 0.0.0.0:10042 - balance hdr(appserver) - server statscache-web01 statscache-web01:80 check inter 10s rise 1 fall 2 - server statscache-web02 statscache-web02:80 check inter 10s rise 1 fall 2 - option httpchk GET /statscache/ - -listen mdapi 0.0.0.0:10043 - balance hdr(appserver) - server mdapi01 mdapi01:80 check inter 10s rise 1 fall 2 - option httpchk GET /mdapi - -listen openqa 0.0.0.0:10044 - balance hdr(appserver) - server openqa-stg01.qa.fedoraproject.org openqa-stg01.qa.fedoraproject.org:80 check inter 10s rise 1 fall 2 - -listen pdc 0.0.0.0:10045 - balance hdr(appserver) - server pdc-web01 pdc-web01:80 check inter 10s rise 1 fall 2 - option httpchk GET /rest_api/v1/ - timeout server 3600000 - timeout connect 3600000 - -listen zanata2fedmsg 0.0.0.0:10046 - balance hdr(appserver) - server zanata2fedmsg01 zanata2fedmsg01:80 check inter 10s rise 1 fall 2 - -# Apache doesn't handle the initial connection here like the other proxy -# entries. This proxy also doesn't use the http mode like the others. -# stunnel should be sitting on port 9939 (public) and redirecting -# connections from there to here, port 9938. This then proxies to the -# fedmsg-hub's websocket server on busgateway01, port 9919. -listen fedmsg-websockets 0.0.0.0:9938 - mode tcp - option tcplog - balance roundrobin - maxconn 16384 - timeout queue 5000 - timeout server 86400000 - timeout connect 86400000 - server busgateway01 busgateway01:9919 weight 1 maxconn 16384 - -# This, unlike the websockets entry just above, is listening directly to the -# outside world with no stunnel inbetween. -# Simply redirect tcp connections to a local fedmsg-gateway slave. It should be -# forwarding messages from the master gateway on busgateway01. -listen fedmsg-raw-zmq-outbound 0.0.0.0:9940 - mode tcp - option tcplog - balance roundrobin - maxconn 16384 - timeout queue 5000 - timeout server 86400000 - timeout connect 86400000 - server localhost localhost:9942 weight 1 maxconn 16384 - -# While the above fedmsg-raw-zmq-outbound forwards incoming connections to an -# instance of the "fedmsg-gateway" daemon (which pushes internal messages out), -# this entry forwards incoming connections to a secondary instance of the -# "fedmsg-relay" daemon (which pushes messages *onto* the internal bus). We -# have a primary instance of fedmsg-relay running on app01 for most internal -# use. Here we forward to a secondary one on busgateway01. -listen fedmsg-raw-zmq-inbound 0.0.0.0:9941 - mode tcp - option tcplog - balance roundrobin - maxconn 16384 - timeout queue 5000 - timeout server 86400000 - timeout connect 86400000 - server busgateway01 busgateway01:9941 weight 1 maxconn 16384 - -#listen membership-map 0.0.0.0:10001 -# balance hdr(appserver) -# server app1 app1:80 check inter 5s rise 2 fall 3 -# server app2 app2:80 check inter 5s rise 2 fall 3 -# server app3 app3:80 check inter 5s rise 2 fall 3 -# server app4 app4:80 check inter 5s rise 2 fall 3 -# server app05 app05:80 backup check inter 5s rise 2 fall 3 -# server bapp1 bapp1:80 backup check inter 5s rise 2 fall 3 -# option httpchk GET /membership-map diff --git a/roles/hosts/files/pdc-backend-hosts b/roles/hosts/files/pdc-backend-hosts new file mode 100644 index 000000000..cf1b39193 --- /dev/null +++ b/roles/hosts/files/pdc-backend-hosts @@ -0,0 +1,9 @@ +127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 +::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 + +# PDC backend pulls down composeinfo from kojipkgs (and it uses the url provided +# by the fedmsg message, which is the external name). +# REMOVE THIS when this ticket is done: +# https://fedorahosted.org/fedora-infrastructure/ticket/5168 +10.5.125.36 kojipkgs.fedoraproject.org +10.5.125.44 pkgs.fedoraproject.org pkgs diff --git a/roles/hotness/templates/hotness.py b/roles/hotness/templates/hotness.py index ac2a5d3b9..7a7f9151f 100644 --- a/roles/hotness/templates/hotness.py +++ b/roles/hotness/templates/hotness.py @@ -11,6 +11,8 @@ Please consult the package updates policy before you issue an update to a stable More information about the service that created this bug can be found at: %(explanation_url)s Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. + +Based on the information from anitya: https://release-monitoring.org/project/%(projectid)s/ """ config = { diff --git a/roles/infinote/handlers/main.yml b/roles/infinote/handlers/main.yml new file mode 100644 index 000000000..55133ecf2 --- /dev/null +++ b/roles/infinote/handlers/main.yml @@ -0,0 +1,2 @@ +- name: restart infinoted + service: name=infinoted state=restarted diff --git a/roles/keepalived/handlers/main.yml b/roles/keepalived/handlers/main.yml new file mode 100644 index 000000000..3840e6466 --- /dev/null +++ b/roles/keepalived/handlers/main.yml @@ -0,0 +1,2 @@ +- name: restart keepalived + service: name=keepalived state=restarted diff --git a/roles/koji_builder/handlers/main.yml b/roles/koji_builder/handlers/main.yml new file mode 100644 index 000000000..407cf29da --- /dev/null +++ b/roles/koji_builder/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart kojid + action: service name=kojid state=restarted diff --git a/roles/koji_hub/tasks/main.yml b/roles/koji_hub/tasks/main.yml index 1e58a87c8..6143a6512 100644 --- a/roles/koji_hub/tasks/main.yml +++ b/roles/koji_hub/tasks/main.yml @@ -222,7 +222,6 @@ - name: koji web common config files copy: src={{ item }} dest=/etc/httpd/conf.d/{{ item }} owner=root group=root with_items: - - kojihub.conf - mash.conf - rel-eng.conf - repo.conf @@ -232,7 +231,10 @@ notify: reload httpd - name: koji web hub specific config files - template: src=kojiweb.conf.j2 dest=/etc/httpd/conf.d/kojiweb.conf owner=root group=root + template: src={{ item }}.j2 dest=/etc/httpd/conf.d/{{ item }} owner=root group=root + with_items: + - kojiweb.conf + - kojihub.conf tags: - config - koji_hub diff --git a/roles/koji_hub/files/kojihub.conf b/roles/koji_hub/templates/kojihub.conf.j2 index 0bba67013..e384bb6af 100644 --- a/roles/koji_hub/files/kojihub.conf +++ b/roles/koji_hub/templates/kojihub.conf.j2 @@ -12,6 +12,17 @@ Alias /kojihub /usr/share/koji-hub/kojixmlrpc.py Require all granted </Directory> +{% if inventory_hostname == 'arm-koji01.qa.fedoraproject.org' %} +# Also serve /mnt/koji +Alias /kojifiles "/mnt/koji/" + +<Directory "/mnt/koji"> + Options Indexes FollowSymLinks + AllowOverride None + Order allow,deny + Allow from all +</Directory> +{% endif %} <Location /kojihub/ssllogin> SSLVerifyClient require diff --git a/roles/koji_hub/templates/kojiweb.conf.j2 b/roles/koji_hub/templates/kojiweb.conf.j2 index dc69b2783..d923102c4 100644 --- a/roles/koji_hub/templates/kojiweb.conf.j2 +++ b/roles/koji_hub/templates/kojiweb.conf.j2 @@ -91,7 +91,7 @@ Alias /packages "/mnt/koji/packages/" #RewriteRule ^/compose(.+) https://s390pkgs.fedoraproject.org/compose$1 [R=301,L] #RewriteRule ^/packages(.+) https://s390pkgs.fedoraproject.org/packages$1 [R=301,L] {% elif inventory_hostname == 'arm-koji01.qa.fedoraproject.org' %} -RewriteRule ^/compose(.+) https://arm.fedoraproject.org/compose$1 [R=301,L] -RewriteRule ^/packages(.+) https://arm.fedoraproject.org/packages$1 [R=301,L] +RewriteRule ^/compose(.+) http://arm.koji.fedoraproject.org/compose$1 [R=301,L] +RewriteRule ^/packages(.+) http://arm.koji.fedoraproject.org/packages$1 [R=301,L] {% endif %} {% endif %} diff --git a/roles/kojipkgs/handlers/main.yml b/roles/kojipkgs/handlers/main.yml new file mode 100644 index 000000000..54e5791b1 --- /dev/null +++ b/roles/kojipkgs/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart squid + service: name=squid state=restarted diff --git a/roles/koschei/tasks/main.yml b/roles/koschei/tasks/main.yml index 5ab80671c..67b3885bc 100644 --- a/roles/koschei/tasks/main.yml +++ b/roles/koschei/tasks/main.yml @@ -8,7 +8,7 @@ - yumrepos - name: install packages - yum: name={{ item }} state=installed + package: name={{ item }} state=installed with_items: - koschei - lbzip2 diff --git a/roles/mailman/files/urls.py b/roles/mailman/files/urls.py index 26e6a76b8..5552e0538 100644 --- a/roles/mailman/files/urls.py +++ b/roles/mailman/files/urls.py @@ -14,7 +14,9 @@ from django.core.urlresolvers import reverse_lazy from django.views.generic import RedirectView urlpatterns = patterns('', - url(r'^$', RedirectView.as_view(url=reverse_lazy('hyperkitty.views.index.index'))), + url(r'^$', RedirectView.as_view( + url=reverse_lazy('hyperkitty.views.index.index'), + permanent=True)), #url(r'^$', 'postorius.views.list_index'), url(r'^admin/', include('postorius.urls')), url(r'^archives/', include('hyperkitty.urls')), diff --git a/roles/mailman/templates/settings.py.j2 b/roles/mailman/templates/settings.py.j2 index e5e84b188..849ca75cd 100644 --- a/roles/mailman/templates/settings.py.j2 +++ b/roles/mailman/templates/settings.py.j2 @@ -12,14 +12,13 @@ SECRET_KEY = '{{ mailman_hyperkitty_cookie_key }}' # SECURITY WARNING: don't run with debug turned on in production! DEBUG = False -TEMPLATE_DEBUG = DEBUG - ADMINS = ( ('HyperKitty Admin', 'abompard@fedoraproject.org'), ) +SERVER_EMAIL = 'root@fedoraproject.org' # Hosts/domain names that are valid for this site; required if DEBUG is False -# See https://docs.djangoproject.com/en/1.5/ref/settings/#allowed-hosts +# See https://docs.djangoproject.com/en/1.8/ref/settings/#allowed-hosts ALLOWED_HOSTS = [ {% for host in mailman_domains %} "{{ host }}", @@ -47,16 +46,16 @@ MAILMAN_ARCHIVER_FROM = ('127.0.0.1', '::1') # Application definition INSTALLED_APPS = ( + # Uncomment the next line to enable the admin: + 'django.contrib.admin', + # Uncomment the next line to enable admin documentation: + # 'django.contrib.admindocs', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', #'django.contrib.sites', 'django.contrib.messages', 'django.contrib.staticfiles', - # Uncomment the next line to enable the admin: - 'django.contrib.admin', - # Uncomment the next line to enable admin documentation: - # 'django.contrib.admindocs', 'hyperkitty', 'social.apps.django_app.default', 'rest_framework', @@ -69,31 +68,59 @@ INSTALLED_APPS = ( 'django_extensions', 'postorius', ) -import django -if django.VERSION[:2] < (1, 7): - INSTALLED_APPS = INSTALLED_APPS + ("south",) MIDDLEWARE_CLASSES = ( - 'django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', + 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', + 'django.middleware.locale.LocaleMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', + 'django.contrib.auth.middleware.SessionAuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', - # Uncomment the next line for simple clickjacking protection: - # 'django.middleware.clickjacking.XFrameOptionsMiddleware', + 'django.middleware.clickjacking.XFrameOptionsMiddleware', + 'django.middleware.security.SecurityMiddleware', #'hyperkitty.middleware.SSLRedirect', 'hyperkitty.middleware.TimezoneMiddleware', + 'postorius.middleware.PostoriusMiddleware', ) ROOT_URLCONF = 'urls' -# CSS theme for postorius -MAILMAN_THEME = "default" + +TEMPLATES = [ + { + 'BACKEND': 'django.template.backends.django.DjangoTemplates', + 'DIRS': [ + '{{ mailman_webui_basedir }}/templates', + ], + 'APP_DIRS': True, + 'OPTIONS': { + 'context_processors': [ + 'django.template.context_processors.debug', + 'django.template.context_processors.i18n', + 'django.template.context_processors.media', + 'django.template.context_processors.static', + 'django.template.context_processors.tz', + 'django.template.context_processors.csrf', + 'django.template.context_processors.request', + 'django.contrib.auth.context_processors.auth', + 'django.contrib.messages.context_processors.messages', + 'social.apps.django_app.context_processors.backends', + 'social.apps.django_app.context_processors.login_redirect', + 'hyperkitty.context_processors.export_settings', + 'hyperkitty.context_processors.postorius_info', + 'postorius.context_processors.postorius', + ], + }, + }, +] + +WSGI_APPLICATION = 'wsgi.application' # Database -# https://docs.djangoproject.com/en/1.6/ref/settings/#databases +# https://docs.djangoproject.com/en/1.8/ref/settings/#databases DATABASES = { 'default': { @@ -108,14 +135,14 @@ DATABASES = { # We're behind a proxy, use the X-Forwarded-Host header -# See https://docs.djangoproject.com/en/1.5/ref/settings/#use-x-forwarded-host +# See https://docs.djangoproject.com/en/1.8/ref/settings/#use-x-forwarded-host USE_X_FORWARDED_HOST = True # In the Fedora infra, requests are systematically redirected to HTTPS, so put # something always true here: SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_SCHEME', 'https') # Internationalization -# https://docs.djangoproject.com/en/1.6/topics/i18n/ +# https://docs.djangoproject.com/en/1.8/topics/i18n/ LANGUAGE_CODE = 'en-us' @@ -129,16 +156,7 @@ USE_TZ = True # Static files (CSS, JavaScript, Images) -# https://docs.djangoproject.com/en/1.6/howto/static-files/ - -# Absolute filesystem path to the directory that will hold user-uploaded files. -# Example: "/var/www/example.com/media/" -MEDIA_ROOT = '' - -# URL that handles the media served from MEDIA_ROOT. Make sure to use a -# trailing slash. -# Examples: "http://example.com/media/", "http://media.example.com/" -MEDIA_URL = '' +# https://docs.djangoproject.com/en/1.8/howto/static-files/ # Absolute path to the directory static files should be collected to. # Don't put anything in this directory yourself; store your static files @@ -167,54 +185,40 @@ STATICFILES_FINDERS = ( 'compressor.finders.CompressorFinder', ) - -TEMPLATE_CONTEXT_PROCESSORS = ( - "django.contrib.auth.context_processors.auth", - "django.contrib.messages.context_processors.messages", - "django.core.context_processors.debug", - "django.core.context_processors.i18n", - "django.core.context_processors.media", - "django.core.context_processors.static", - "django.core.context_processors.csrf", - "django.core.context_processors.request", - "django.core.context_processors.tz", - "django.contrib.messages.context_processors.messages", - "social.apps.django_app.context_processors.backends", - "social.apps.django_app.context_processors.login_redirect", - "hyperkitty.context_processors.export_settings", - "hyperkitty.context_processors.postorius_info", - "postorius.context_processors.postorius", -) - -TEMPLATE_DIRS = ( - # Put strings here, like "/home/html/django_templates" or "C:/www/django/templates". - # Always use forward slashes, even on Windows. - # Don't forget to use absolute paths, not relative paths. - '{{ mailman_webui_basedir }}/templates', -) - # Django 1.6+ defaults to a JSON serializer, but it won't work with django-openid, see # https://bugs.launchpad.net/django-openid-auth/+bug/1252826 SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer' LOGIN_URL = 'hk_user_login' -LOGOUT_URL = 'hk_user_logout' LOGIN_REDIRECT_URL = 'hk_root' +LOGOUT_URL = 'hk_user_logout' -# Use the email as identifier, but truncate it because the User.username field -# is only 30 chars long. -BROWSERID_USERNAME_ALGO = lambda email: email[:30] +# Use the email username as identifier, but truncate it because +# the User.username field is only 30 chars long. +def username(email): + return email.rsplit('@', 1)[0][:30] +BROWSERID_USERNAME_ALGO = username BROWSERID_VERIFY_CLASS = "django_browserid.views.Verify" DEFAULT_FROM_EMAIL = "admin@fedoraproject.org" +# Compatibility with Bootstrap 3 +from django.contrib.messages import constants as messages +MESSAGE_TAGS = { + messages.ERROR: 'danger' + } + +# Django Crispy Forms +CRISPY_TEMPLATE_PACK = 'bootstrap3' +CRISPY_FAIL_SILENTLY = not DEBUG + + # # Social auth # - AUTHENTICATION_BACKENDS = ( #'social.backends.open_id.OpenIdAuth', # http://python-social-auth.readthedocs.org/en/latest/backends/google.html @@ -227,12 +231,6 @@ AUTHENTICATION_BACKENDS = ( 'django.contrib.auth.backends.ModelBackend', ) -# http://python-social-auth.readthedocs.org/en/latest/configuration/django.html#database -if django.VERSION[:2] < (1, 7): - SOUTH_MIGRATION_MODULES = { - 'default': 'social.apps.django_app.default.south_migrations' - } - # http://python-social-auth.readthedocs.org/en/latest/pipeline.html#authentication-pipeline SOCIAL_AUTH_PIPELINE = ( 'social.pipeline.social_auth.social_details', @@ -248,6 +246,7 @@ SOCIAL_AUTH_PIPELINE = ( 'social.pipeline.social_auth.associate_user', 'social.pipeline.social_auth.load_extra_data', 'social.pipeline.user.user_details', + 'hyperkitty.lib.mailman.add_user_to_mailman', ) @@ -282,16 +281,6 @@ COMPRESS_OFFLINE = True # needed for debug mode #INTERNAL_IPS = ('127.0.0.1',) -# Django Crispy Forms -CRISPY_TEMPLATE_PACK = 'bootstrap3' -CRISPY_FAIL_SILENTLY = not DEBUG - -# Compatibility with Bootstrap 3 -from django.contrib.messages import constants as messages -MESSAGE_TAGS = { - messages.ERROR: 'danger' - } - # # Full-text search engine @@ -324,7 +313,7 @@ LOGGING = { 'class': 'django.utils.log.AdminEmailHandler' }, 'file':{ - 'level': 'INFO', + 'level': 'DEBUG', #'class': 'logging.handlers.RotatingFileHandler', 'class': 'logging.handlers.WatchedFileHandler', 'filename': '/var/log/hyperkitty/hyperkitty.log', @@ -333,29 +322,14 @@ LOGGING = { }, 'loggers': { 'django.request': { - 'handlers': ['mail_admins'], - 'level': 'ERROR', - 'propagate': True, - }, - 'django.request': { - 'handlers': ['file'], - 'level': 'ERROR', - 'propagate': True, - }, - 'django': { - 'handlers': ['file'], - 'level': 'ERROR', - 'propagate': True, - }, - 'hyperkitty': { - 'handlers': ['file'], + 'handlers': ['mail_admins', 'file'], 'level': 'DEBUG', 'propagate': True, }, }, 'formatters': { 'verbose': { - 'format': '%(levelname)s %(asctime)s %(module)s %(process)d %(thread)d %(message)s' + 'format': '%(levelname)s %(asctime)s %(process)d %(name)s %(message)s' }, 'simple': { 'format': '%(levelname)s %(message)s' diff --git a/roles/mariadb_server/handlers/main.yml b/roles/mariadb_server/handlers/main.yml new file mode 100644 index 000000000..6f737d913 --- /dev/null +++ b/roles/mariadb_server/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart mariadb + service: name=mariadb state=restarted diff --git a/roles/mediawiki/tasks/main.yml b/roles/mediawiki/tasks/main.yml index 759a1e090..ee237598d 100644 --- a/roles/mediawiki/tasks/main.yml +++ b/roles/mediawiki/tasks/main.yml @@ -36,6 +36,7 @@ - mediawiki119-intersection - mediawiki119-RSS - mediawiki-FedoraBadges + - mediawiki119-basset - php-zmq - php-pecl-uuid tags: @@ -43,7 +44,9 @@ - mediawiki - name: adding FAS auth - template: src=Auth_FAS.php.j2 dest=/usr/share/mediawiki119/extensions/Auth_FAS.php owner=root group=root mode=775 + #template: src=Auth_FAS_CLAPLUSONE.php.j2 + template: src=Auth_FAS.php.j2 + dest=/usr/share/mediawiki119/extensions/Auth_FAS.php owner=root group=root mode=775 tags: - config - mediawiki diff --git a/roles/mediawiki/templates/Auth_FAS_CLAPLUSONE.php.j2 b/roles/mediawiki/templates/Auth_FAS_CLAPLUSONE.php.j2 new file mode 100644 index 000000000..281aaa64e --- /dev/null +++ b/roles/mediawiki/templates/Auth_FAS_CLAPLUSONE.php.j2 @@ -0,0 +1,135 @@ +<?php +require_once('AuthPlugin.php'); +class Auth_FAS extends AuthPlugin { + function authenticate($username, $password) { + if ( ucfirst(strtolower($username)) != ucfirst($username) ) { + return false; + } + + $username = strtolower( $username); + $ch = curl_init(); + +{% if env == 'staging' %} + curl_setopt($ch, CURLOPT_URL, 'https://admin.stg.fedoraproject.org/accounts/json/person_by_username?tg_format=json'); +{% else %} + curl_setopt($ch, CURLOPT_URL, 'https://admin.fedoraproject.org/accounts/json/person_by_username?tg_format=json'); +{% endif %} + curl_setopt($ch, CURLOPT_POST, 1); + curl_setopt($ch, CURLOPT_USERAGENT, "Auth_FAS 0.9"); + curl_setopt($ch, CURLOPT_POSTFIELDS, "username=".urlencode($username)."&user_name=".urlencode($username)."&password=".urlencode($password)."&login=Login"); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); + + # WARNING: Never leave this on in production, as it will cause + # plaintext passwords to show up in error logs. + curl_setopt($ch, CURLOPT_VERBOSE, 0); + + # The following two lines need to be enabled when using a test FAS + # with an invalid cert. Otherwise they should be commented (or + # set to True) for security. + #curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); + #curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); + $response = json_decode(curl_exec($ch), true); + curl_close ($ch); + + if (!isset($response["success"])) { + error_log("FAS auth failed for $username: incorrect username or password", 0); + return false; + } + + $groups = $response["person"]["approved_memberships"]; + + $has_cla = false; + $has_plus_one = false; + for ($i = 0, $cnt = count($groups); $i < $cnt; $i++) { + if ($groups[$i]["name"] == "cla_done" || $groups[$i]["name"] == "cla_fpca") { + $has_cla = true; + } else { + $has_plus_one = true; + } + } + if($has_cla && $has_plus_one) { + error_log("FAS auth succeeded for $username", 0); + return true; + } + error_log("FAS auth failed for $username: insufficient group membership", 0); + return false; + } + + function userExists( $username ) { + if ( ucfirst(strtolower($username)) != ucfirst($username) ) { + return false; + } + return true; + } + + function modifyUITemplate(&$template) { + $template->set('create', false); + $template->set('useemail', false); + $template->set('usedomain', false); + } + + function updateUser( &$user ){ + $user->mEmail = strtolower($user->getName())."@fedoraproject.org"; + return true; + } + + function autoCreate() { + return true; + } + + function setPassword($password) { + return false; + } + + function setDomain( $domain ) { + $this->domain = $domain; + } + + function validDomain( $domain ) { + return true; + } + + function updateExternalDB($user) { + return true; + } + + function canCreateAccounts() { + return false; + } + + function addUser($user, $password) { + return true; + } + + function strict() { + return true; + } + + function strictUserAuth( $username ) { + return true; + } + + function allowPasswordChange() { + return false; + } + + function initUser(&$user) { + $user->mEmail = strtolower($user->getName())."@fedoraproject.org"; + $user->mEmailAuthenticated = wfTimestampNow(); + $user->setToken(); + $user->saveSettings(); + return true; + } +} + +/** + * Some extension information init + */ +$wgExtensionCredits['other'][] = array( + 'name' => 'Auth_FAS', + 'version' => '0.9.1', + 'author' => 'Nigel Jones', + 'description' => 'Authorisation plugin allowing login with FAS2 accounts' +); + +?> diff --git a/roles/mediawiki/templates/LocalSettings.php.fp.j2 b/roles/mediawiki/templates/LocalSettings.php.fp.j2 index 91edefb31..336211536 100644 --- a/roles/mediawiki/templates/LocalSettings.php.fp.j2 +++ b/roles/mediawiki/templates/LocalSettings.php.fp.j2 @@ -33,6 +33,12 @@ $wgCaptchaClass = 'SimpleCaptcha'; #$wgCaptchaDirectoryLevels = 0; #$wgCaptchaSecret = "{{ mediawikiCaptchaKey }}"; +$wgCaptchaTriggers['edit'] = true; +$wgCaptchaTriggers['create'] = true; +$wgCaptchaTriggers['addurl'] = true; +$wgCaptchaTriggers['createaccount'] = true; +$wgCaptchaTriggers['badlogin'] = false; + $wgRawHtml = false; $wgProto = "https"; {% if env == "staging" %} @@ -76,6 +82,7 @@ $wgMimeDetectorCommand= "file -bi"; #$wgGroupPermissions['user' ]['delete'] = true; $wgGroupPermissions['*']['createaccount'] = false; +$wgGroupPermissions['user']['skipcaptcha'] = true; # HNP Can't manage the interwiki right... - Nigel $wgGroupPermissions['*']['interwiki'] = false; @@ -317,6 +324,18 @@ require_once "$IP/extensions/fedmsg-emit.php"; require_once "$IP/extensions/HTTP302Found/HTTP302Found.php"; require_once "$IP/extensions/intersection/DynamicPageList.php"; require_once "$IP/extensions/RSS/RSS.php"; +require_once "$IP/extensions/BassetSubmitter.php"; + +{% if env == "staging" %} +$basset_url = 'http://basset01.stg.phx2.fedoraproject.org/basset'; +$basset_username = '{{ basset_stg_frontend_user }}'; +$basset_password = '{{ basset_stg_frontend_pass }}'; +{% else %} +$basset_url = 'http://basset01.phx2.fedoraproject.org/basset'; +$basset_username = '{{ basset_prod_frontend_user }}'; +$basset_password = '{{ basset_prod_frontend_pass }}'; +{% endif %} + $wgShowExceptionDetails = true; diff --git a/roles/mirrormanager/mirrorlist2/files/logrotate-mirrormanager b/roles/mirrormanager/mirrorlist2/files/logrotate-mirrormanager new file mode 100644 index 000000000..174d87588 --- /dev/null +++ b/roles/mirrormanager/mirrorlist2/files/logrotate-mirrormanager @@ -0,0 +1,10 @@ +/var/log/mirrormanager/*.log +{ + compress + compresscmd /usr/bin/xz + uncompresscmd /usr/bin/xz + compressext .xz + daily + rotate 30 + missingok +} diff --git a/roles/mirrormanager/mirrorlist2/tasks/main.yml b/roles/mirrormanager/mirrorlist2/tasks/main.yml index b037d24bb..cca2b3fd1 100644 --- a/roles/mirrormanager/mirrorlist2/tasks/main.yml +++ b/roles/mirrormanager/mirrorlist2/tasks/main.yml @@ -93,6 +93,11 @@ tags: - mirrorlist2 +- name: setup logrotate log for mirrormanager log files + copy: src=logrotate-mirrormanager dest=/etc/logrotate.d/mirrormanager + tags: + - mirrorlist2 + # Copy the mirrorlist log file every hour to be ready to be processed - name: mirrorlist copy cron cron: name="copy-mirrorlist" minute="50" hour="*/2" user="mirrormanager" @@ -112,7 +117,7 @@ # Cleanup old mirrorlist logfile - name: mirrorlist clean cron cron: name="clean-mirrorlist" minute="13" hour="13" user="mirrormanager" - job="/usr/sbin/tmpwatch --mtime 14d /var/log/mirrormanager" + job="/usr/sbin/tmpwatch --mtime 7d /var/log/mirrormanager" cron_file=clean-mirrorlist tags: - mirrorlist2 diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml new file mode 100644 index 000000000..e85d1cbc6 --- /dev/null +++ b/roles/mongodb/tasks/main.yml @@ -0,0 +1,11 @@ +- name: install needed packages + yum: pkg={{ item }} state=present + with_items: + - mongodb-server + tags: mongodb + +# mongod is the single daemon. mongos is a sharded cluster router, +# but just plain mongod is good enough for now +- name: start mongodb + service: name=mongod state=started enabled=yes + tags: mongodb diff --git a/roles/nagios/client/files/scripts/check_rabbitmq_size b/roles/nagios/client/files/scripts/check_rabbitmq_size new file mode 100644 index 000000000..727b6c34b --- /dev/null +++ b/roles/nagios/client/files/scripts/check_rabbitmq_size @@ -0,0 +1,26 @@ +#!/bin/python +import sys +import requests + +url = 'http://localhost:15672/api/queues/%%2f/%s' % (sys.argv[1]) + +r = requests.get(url, auth=('guest', 'guest')).json() +consumers = r['consumers'] +messages = r['messages'] + +msg = 'Messages in queue: %i (%i consumers)' % (messages, consumers) + +if consumers < 1: + print 'CRITICAL: %s' % msg + sys.exit(2) + +if messages > 20: + print 'CRITICAL: %s' % msg + sys.exit(2) + +if messages > 10: + print 'WARNING: %s' % msg + sys.exit(1) + +print 'OK: %s' % msg +sys.exit(0) diff --git a/roles/nagios/client/tasks/main.yml b/roles/nagios/client/tasks/main.yml index 325a1e2c4..1e3d28b2f 100644 --- a/roles/nagios/client/tasks/main.yml +++ b/roles/nagios/client/tasks/main.yml @@ -50,6 +50,7 @@ - check_fedmsg_producer_last_ran.py - check_fedmsg_producers_consumers.py - check_supybot_plugin + - check_rabbitmq_size - check_datanommer_timesince.py - check_memcache_connect - check_readonly_fs @@ -118,6 +119,7 @@ - check_datanommer_history.cfg - check_memcache.cfg - check_lock_file_age.cfg + - check_basset.cfg - check_koschei_polling_proc.cfg - check_koschei_resolver_proc.cfg - check_koschei_scheduler_proc.cfg diff --git a/roles/nagios/client/templates/check_basset.cfg.j2 b/roles/nagios/client/templates/check_basset.cfg.j2 new file mode 100644 index 000000000..6b179ff4b --- /dev/null +++ b/roles/nagios/client/templates/check_basset.cfg.j2 @@ -0,0 +1,4 @@ +command[check_mongo_proc]={{ libdir }}/nagios/plugins/check_procs -s RSD -u mongodb -C mongod -c 1:1 +command[check_rabbitmq_proc]={{ libdir }}/nagios/plugins/check_procs -s RSD -u rabbitmq -C beam.smp -c 1:1 +command[check_worker_proc]={{ libdir }}/nagios/plugins/check_procs -s RSD -u basset-worker -C basset-worker -c 1:1 +command[check_basset_queue]={{ libdir }}/nagios/plugins/check_rabbitmq_size check_submission diff --git a/roles/nagios/client/templates/check_fedmsg_consumers.cfg.j2 b/roles/nagios/client/templates/check_fedmsg_consumers.cfg.j2 index e67581d8c..775ce1453 100644 --- a/roles/nagios/client/templates/check_fedmsg_consumers.cfg.j2 +++ b/roles/nagios/client/templates/check_fedmsg_consumers.cfg.j2 @@ -48,14 +48,14 @@ command[check_fedmsg_cbacklog_value]={{libdir}}/nagios/plugins/check_fedmsg_cons command[check_fedmsg_cbacklog_pkgs]={{libdir}}/nagios/plugins/check_fedmsg_consumer_backlog.py fedmsg-hub GenACLsConsumer 10 50 command[check_fedmsg_cbacklog_summershum]={{libdir}}/nagios/plugins/check_fedmsg_consumer_backlog.py fedmsg-hub SummerShumConsumer 100 500 command[check_fedmsg_cbacklog_badges_backend]={{libdir}}/nagios/plugins/check_fedmsg_consumer_backlog.py fedmsg-hub FedoraBadgesConsumer 5000 10000 -command[check_fedmsg_cbacklog_notifs_backend]={{libdir}}/nagios/plugins/check_fedmsg_consumer_backlog.py fedmsg-hub FMNConsumer 2000 5000 +command[check_fedmsg_cbacklog_notifs_backend]={{libdir}}/nagios/plugins/check_fedmsg_consumer_backlog.py fedmsg-hub FMNConsumer 15000 20000 command[check_fedmsg_cbacklog_bugzilla2fedmsg]={{libdir}}/nagios/plugins/check_fedmsg_consumer_backlog.py moksha-hub BugzillaConsumer 10 100 command[check_fedmsg_cbacklog_fedimg_backend]={{libdir}}/nagios/plugins/check_fedmsg_consumer_backlog.py fedmsg-hub KojiConsumer 2000 5000 command[check_fedmsg_cbacklog_hotness_backend]={{libdir}}/nagios/plugins/check_fedmsg_consumer_backlog.py fedmsg-hub BugzillaTicketFiler 100 500 command[check_fedmsg_cbacklog_bodhi_backend01_hub]={{libdir}}/nagios/plugins/check_fedmsg_consumer_backlog.py fedmsg-hub Masher 500 1000 command[check_fedmsg_cbacklog_bodhi_backend02_hub]={{libdir}}/nagios/plugins/check_fedmsg_consumer_backlog.py fedmsg-hub UpdatesHandler 500 1000 command[check_fedmsg_cbacklog_autocloud_backend]={{libdir}}/nagios/plugins/check_fedmsg_consumer_backlog.py fedmsg-hub AutoCloudConsumer 100 500 -command[check_fedmsg_cbacklog_packages_backend]={{libdir}}/nagios/plugins/check_fedmsg_consumer_backlog.py fedmsg-hub CacheInvalidator 5000 10000 +command[check_fedmsg_cbacklog_packages_backend]={{libdir}}/nagios/plugins/check_fedmsg_consumer_backlog.py fedmsg-hub CacheInvalidator 20000 30000 command[check_fedmsg_cbacklog_bugyou_backend]={{libdir}}/nagios/plugins/check_fedmsg_consumer_backlog.py fedmsg-hub BugyouConsumer 5000 10000 command[check_fedmsg_cbacklog_pdc_backend]={{libdir}}/nagios/plugins/check_fedmsg_consumer_backlog.py fedmsg-hub PDCUpdater 2000 10000 diff --git a/roles/nagios/client/templates/check_fedmsg_masher_proc.cfg.j2 b/roles/nagios/client/templates/check_fedmsg_masher_proc.cfg.j2 index b6ec46a6a..b6ad466b5 100644 --- a/roles/nagios/client/templates/check_fedmsg_masher_proc.cfg.j2 +++ b/roles/nagios/client/templates/check_fedmsg_masher_proc.cfg.j2 @@ -1 +1 @@ -command[check_fedmsg_masher_proc]={{ libdir }}/nagios/plugins/check_procs -c 1:1 -C 'fedmsg-hub' -u masher +command[check_fedmsg_masher_proc]={{ libdir }}/nagios/plugins/check_procs -c 1:1 -C 'fedmsg-hub' -u apache diff --git a/roles/nagios/server-experimental/files/nagios/hostgroups/nomail.cfg b/roles/nagios/server-experimental/files/nagios/hostgroups/nomail.cfg index d3cebc64e..f48e9bb15 100644 --- a/roles/nagios/server-experimental/files/nagios/hostgroups/nomail.cfg +++ b/roles/nagios/server-experimental/files/nagios/hostgroups/nomail.cfg @@ -1,5 +1,5 @@ define hostgroup { hostgroup_name nomail alias No Mail - members *, !bastion01, !bastion02, !bastion-vpn, !backup01, !fas01.stg, !koji01.stg, !pkgs01.stg, !proxy01.stg, !bodhi-backend01.stg, !value01.stg, !smtp-mm-tummy01, !smtp-mm-ib01, !smtp-mm-osuosl01, !hosted03, !proxy01, !proxy01, !proxy02, !proxy02, !proxy03, !proxy04, !proxy05, !proxy06, !proxy07, !proxy07, !proxy08, !proxy08, !proxy09, !proxy10, !proxy11, !proxy12, !bc02.mgmt.fedoraproject.org, !fwsm01-gw, !backup01.mgmt.fedoraproject.org,!bc02.mgmt.fedoraproject.org,!bvirthost07.mgmt.fedoraproject.org,!download01.mgmt.fedoraproject.org,!download02.mgmt.fedoraproject.org,!download03.mgmt.fedoraproject.org,!download04.mgmt.fedoraproject.org,!download05.mgmt.fedoraproject.org,!qa01.mgmt.fedoraproject.org,!qa02.mgmt.fedoraproject.org,!qa03.mgmt.fedoraproject.org,!qa04.mgmt.fedoraproject.org,!qa05.mgmt.fedoraproject.org,!qa06.mgmt.fedoraproject.org,!qa07.mgmt.fedoraproject.org,!qa08.mgmt.fedoraproject.org,!qa09.mgmt.fedoraproject.org,!qa10.mgmt.fedoraproject.org,!qa11.mgmt.fedoraproject.org,!qa12.mgmt.fedoraproject.org,!qa13.mgmt.fedoraproject.org,!qa14.mgmt.fedoraproject.org,!virthost01.mgmt.fedoraproject.org,!virthost02.mgmt.fedoraproject.org,!virthost11.mgmt.fedoraproject.org,!virthost03.mgmt.fedoraproject.org,!atomic01.mgmt.fedoraproject.org,!virthost12.mgmt.fedoraproject.org,!virthost14.mgmt.fedoraproject.org,!virthost15.mgmt.fedoraproject.org,!virthost16.mgmt.fedoraproject.org,!virthost17.mgmt.fedoraproject.org,!virthost18.mgmt.fedoraproject.org,!virthost19.mgmt.fedoraproject.org,!virthost20.mgmt.fedoraproject.org,!virthost21.mgmt.fedoraproject.org,!virthost22.mgmt.fedoraproject.org,!ibiblio-gw,!packages03,!packages04,!status-fedora2, !virthost-comm02.mgmt.fedoraproject.org, !virthost-comm03.mgmt.fedoraproject.org, !virthost-comm04.mgmt.fedoraproject.org, !ppc-hub,!ppc-composer,!retrace01.qa,!sign-vault03,!sign-vault03.mgmt.fedoraproject.org,!sign-vault04,!sign-vault04.mgmt.fedoraproject.org, !arm01-builder00, !arm01-retrace01, !arm01-builder02, !arm01-builder03, !arm01-builder04, !arm01-builder05, !arm01-builder06, !arm01-builder07, !arm01-builder08, !arm01-builder09, !arm01-builder10, !arm01-builder11, !arm01-builder12, !arm01-builder13, !arm01-builder14, !arm01-builder15, !arm01-builder16, !arm01-builder17, !arm01-builder18, !arm01-builder19, !arm01-builder20, !arm01-builder21, !arm01-builder22, !arm01-builder23, !arm02-builder00, !arm02-builder01, !arm02-builder02, !arm02-builder03, !arm02-builder04, !arm02-builder05, !arm02-builder06, !arm02-builder07, !arm02-builder08, !arm02-builder09, !arm02-builder10, !arm02-builder11, !arm02-builder12, !arm02-builder13, !arm02-builder14, !arm02-builder15, !arm02-builder16, !arm02-builder17, !arm02-builder18, !arm02-builder19, !arm02-builder20, !arm02-builder21, !arm02-builder22, !arm02-builder23, !arm04-builder00, !arm04-builder01, !arm04-builder02, !arm04-builder03, !arm04-builder04, !arm04-builder05, !arm04-builder06, !arm04-builder07, !arm04-builder08, !arm04-builder09, !arm04-builder10, !arm04-builder11, !arm04-builder12, !arm04-builder13, !arm04-builder14, !arm04-builder15, !arm04-builder16, !arm04-builder17, !arm04-builder18, !arm04-builder19, !arm04-builder20, !arm04-builder21, !arm04-builder22, !arm04-builder23, !buildvm-01, !buildvm-02, !buildvm-03, !buildvm-04, !buildvm-05, !buildvm-06, !buildvm-07, !buildvm-08, !buildvm-09, !buildvm-10, !buildvm-11, !buildvm-12, !buildvm-13, !buildvm-14, !buildvm-15, !buildvm-16, !buildvm-17, !buildvm-18, !buildvm-19, !buildvm-20, !buildvm-21, !buildvm-22, !buildvm-23, !buildvm-24, !buildvm-25, !buildvm-26, !buildvm-27, !buildvmhost-10, !buildvmhost-11, !buildvmhost-12, !cloud-gw, !fed-cloud03.mgmt.fedoraproject.org, !fed-cloud04.mgmt.fedoraproject.org, !fed-cloud05.mgmt.fedoraproject.org, !fed-cloud06.mgmt.fedoraproject.org, !fed-cloud07.mgmt.fedoraproject.org, !fed-cloud08.mgmt.fedoraproject.org, !fed-cloud09.mgmt.fedoraproject.org, !fed-cloud10.mgmt.fedoraproject.org, !fed-cloud11.mgmt.fedoraproject.org, !fed-cloud12.mgmt.fedoraproject.org, !fed-cloud13.mgmt.fedoraproject.org, !fed-cloud14.mgmt.fedoraproject.org, !fed-cloud15.mgmt.fedoraproject.org + members *, !bastion01, !bastion02, !bastion-vpn, !backup01, !fas01.stg, !koji01.stg, !pkgs01.stg, !proxy01.stg, !bodhi-backend01.stg, !value01.stg, !smtp-mm-tummy01, !smtp-mm-ib01, !smtp-mm-osuosl01, !hosted03, !proxy01, !proxy01, !proxy02, !proxy02, !proxy03, !proxy04, !proxy05, !proxy06, !proxy07, !proxy07, !proxy08, !proxy08, !proxy09, !proxy10, !proxy11, !proxy12, !bc02.mgmt.fedoraproject.org, !fwsm01-gw, !backup01.mgmt.fedoraproject.org,!bc02.mgmt.fedoraproject.org,!bvirthost07.mgmt.fedoraproject.org,!download01.mgmt.fedoraproject.org,!download02.mgmt.fedoraproject.org,!download03.mgmt.fedoraproject.org,!download04.mgmt.fedoraproject.org,!download05.mgmt.fedoraproject.org,!qa01.mgmt.fedoraproject.org,!qa02.mgmt.fedoraproject.org,!qa03.mgmt.fedoraproject.org,!qa04.mgmt.fedoraproject.org,!qa05.mgmt.fedoraproject.org,!qa06.mgmt.fedoraproject.org,!qa07.mgmt.fedoraproject.org,!qa08.mgmt.fedoraproject.org,!qa09.mgmt.fedoraproject.org,!qa10.mgmt.fedoraproject.org,!qa11.mgmt.fedoraproject.org,!qa12.mgmt.fedoraproject.org,!qa13.mgmt.fedoraproject.org,!qa14.mgmt.fedoraproject.org,!virthost01.mgmt.fedoraproject.org,!virthost02.mgmt.fedoraproject.org,!virthost11.mgmt.fedoraproject.org,!virthost03.mgmt.fedoraproject.org,!atomic01.mgmt.fedoraproject.org,!virthost12.mgmt.fedoraproject.org,!virthost14.mgmt.fedoraproject.org,!virthost15.mgmt.fedoraproject.org,!virthost16.mgmt.fedoraproject.org,!virthost17.mgmt.fedoraproject.org,!virthost18.mgmt.fedoraproject.org,!virthost19.mgmt.fedoraproject.org,!virthost20.mgmt.fedoraproject.org,!virthost21.mgmt.fedoraproject.org,!virthost22.mgmt.fedoraproject.org,!ibiblio-gw,!packages03,!packages04,!status-fedora2, !virthost-comm02.mgmt.fedoraproject.org, !virthost-comm03.mgmt.fedoraproject.org, !virthost-comm04.mgmt.fedoraproject.org, !ppc-hub,!retrace01.qa,!sign-vault03,!sign-vault03.mgmt.fedoraproject.org,!sign-vault04,!sign-vault04.mgmt.fedoraproject.org, !arm01-builder00, !arm01-retrace01, !arm01-builder02, !arm01-builder03, !arm01-builder04, !arm01-builder05, !arm01-builder06, !arm01-builder07, !arm01-builder08, !arm01-builder09, !arm01-builder10, !arm01-builder11, !arm01-builder12, !arm01-builder13, !arm01-builder14, !arm01-builder15, !arm01-builder16, !arm01-builder17, !arm01-builder18, !arm01-builder19, !arm01-builder20, !arm01-builder21, !arm01-builder22, !arm01-builder23, !arm02-builder00, !arm02-builder01, !arm02-builder02, !arm02-builder03, !arm02-builder04, !arm02-builder05, !arm02-builder06, !arm02-builder07, !arm02-builder08, !arm02-builder09, !arm02-builder10, !arm02-builder11, !arm02-builder12, !arm02-builder13, !arm02-builder14, !arm02-builder15, !arm02-builder16, !arm02-builder17, !arm02-builder18, !arm02-builder19, !arm02-builder20, !arm02-builder21, !arm02-builder22, !arm02-builder23, !arm04-builder00, !arm04-builder01, !arm04-builder02, !arm04-builder03, !arm04-builder04, !arm04-builder05, !arm04-builder06, !arm04-builder07, !arm04-builder08, !arm04-builder09, !arm04-builder10, !arm04-builder11, !arm04-builder12, !arm04-builder13, !arm04-builder14, !arm04-builder15, !arm04-builder16, !arm04-builder17, !arm04-builder18, !arm04-builder19, !arm04-builder20, !arm04-builder21, !arm04-builder22, !arm04-builder23, !buildvm-01, !buildvm-02, !buildvm-03, !buildvm-04, !buildvm-05, !buildvm-06, !buildvm-07, !buildvm-08, !buildvm-09, !buildvm-10, !buildvm-11, !buildvm-12, !buildvm-13, !buildvm-14, !buildvm-15, !buildvm-16, !buildvm-17, !buildvm-18, !buildvm-19, !buildvm-20, !buildvm-21, !buildvm-22, !buildvm-23, !buildvm-24, !buildvm-25, !buildvm-26, !buildvm-27, !buildvmhost-10, !buildvmhost-11, !buildvmhost-12, !cloud-gw, !fed-cloud03.mgmt.fedoraproject.org, !fed-cloud04.mgmt.fedoraproject.org, !fed-cloud05.mgmt.fedoraproject.org, !fed-cloud06.mgmt.fedoraproject.org, !fed-cloud07.mgmt.fedoraproject.org, !fed-cloud08.mgmt.fedoraproject.org, !fed-cloud09.mgmt.fedoraproject.org, !fed-cloud10.mgmt.fedoraproject.org, !fed-cloud11.mgmt.fedoraproject.org, !fed-cloud12.mgmt.fedoraproject.org, !fed-cloud13.mgmt.fedoraproject.org, !fed-cloud14.mgmt.fedoraproject.org, !fed-cloud15.mgmt.fedoraproject.org } diff --git a/roles/nagios/server-experimental/files/nagios/hostgroups/ppc-secondary.cfg b/roles/nagios/server-experimental/files/nagios/hostgroups/ppc-secondary.cfg index 7eadaf601..df135cd04 100644 --- a/roles/nagios/server-experimental/files/nagios/hostgroups/ppc-secondary.cfg +++ b/roles/nagios/server-experimental/files/nagios/hostgroups/ppc-secondary.cfg @@ -1,5 +1,5 @@ define hostgroup { hostgroup_name ppc-secondary alias PPC secondary Hosts - members ppc-hub, ppc-composer + members ppc-hub } diff --git a/roles/nagios/server-experimental/files/nagios/hostgroups/servers.cfg b/roles/nagios/server-experimental/files/nagios/hostgroups/servers.cfg index 039930d7f..23bfdeea9 100644 --- a/roles/nagios/server-experimental/files/nagios/hostgroups/servers.cfg +++ b/roles/nagios/server-experimental/files/nagios/hostgroups/servers.cfg @@ -5,6 +5,6 @@ define hostgroup { hostgroup_name servers alias All Servers - members *, !proxy01, !proxy01, !proxy02, !proxy02, !proxy03, !proxy04, !proxy05, !proxy06, !proxy07, !proxy07, !proxy08, !proxy08, !proxy12, !proxy12, !proxy10, !proxy11, !proxy12, !fwsm01-gw, !backup01.mgmt.fedoraproject.org,!bc02.mgmt.fedoraproject.org,!download01.mgmt.fedoraproject.org,!download02.mgmt.fedoraproject.org,!download03.mgmt.fedoraproject.org,!download04.mgmt.fedoraproject.org,!download05.mgmt.fedoraproject.org,!qa01.mgmt.fedoraproject.org,!qa02.mgmt.fedoraproject.org,!qa03.mgmt.fedoraproject.org,!qa04.mgmt.fedoraproject.org,!qa05.mgmt.fedoraproject.org,!qa06.mgmt.fedoraproject.org,!qa07.mgmt.fedoraproject.org,!qa08.mgmt.fedoraproject.org,!qa09.mgmt.fedoraproject.org,!qa10.mgmt.fedoraproject.org,!qa11.mgmt.fedoraproject.org,!qa12.mgmt.fedoraproject.org,!qa13.mgmt.fedoraproject.org,!qa14.mgmt.fedoraproject.org,!bvirthost07.mgmt.fedoraproject.org,!virthost01.mgmt.fedoraproject.org,!virthost02.mgmt.fedoraproject.org,!virthost11.mgmt.fedoraproject.org,!virthost03.mgmt.fedoraproject.org,!atomic01.mgmt.fedoraproject.org, !virthost12.mgmt.fedoraproject.org, !virthost14.mgmt.fedoraproject.org,!virthost15.mgmt.fedoraproject.org,!virthost16.mgmt.fedoraproject.org,!virthost17.mgmt.fedoraproject.org,!virthost18.mgmt.fedoraproject.org, !virthost19.mgmt.fedoraproject.org, !virthost20.mgmt.fedoraproject.org, !virthost21.mgmt.fedoraproject.org, !virthost22.mgmt.fedoraproject.org, !ibiblio-gw, !status-fedora2, !virthost-comm02.mgmt.fedoraproject.org, !virthost-comm03.mgmt.fedoraproject.org, !virthost-comm04.mgmt.fedoraproject.org, !ppc-hub,!ppc-composer,!retrace01.qa,!sign-vault03,!sign-vault03.mgmt.fedoraproject.org,!sign-vault04,!sign-vault04.mgmt.fedoraproject.org, !arm01-builder00, !arm01-retrace01, !arm01-builder02, !arm01-builder03, !arm01-builder04, !arm01-builder05, !arm01-builder06, !arm01-builder07, !arm01-builder08, !arm01-builder09, !arm01-builder10, !arm01-builder11, !arm01-builder12, !arm01-builder13, !arm01-builder14, !arm01-builder15, !arm01-builder16, !arm01-builder17, !arm01-builder18, !arm01-builder19, !arm01-builder20, !arm01-builder21, !arm01-builder22, !arm01-builder23, !arm02-builder00, !arm02-builder01, !arm02-builder02, !arm02-builder03, !arm02-builder04, !arm02-builder05, !arm02-builder06, !arm02-builder07, !arm02-builder08, !arm02-builder09, !arm02-builder10, !arm02-builder11, !arm02-builder12, !arm02-builder13, !arm02-builder14, !arm02-builder15, !arm02-builder16, !arm02-builder17, !arm02-builder18, !arm02-builder19, !arm02-builder20, !arm02-builder21, !arm02-builder22, !arm02-builder23, !arm04-builder00, !arm04-builder01, !arm04-builder02, !arm04-builder03, !arm04-builder04, !arm04-builder05, !arm04-builder06, !arm04-builder07, !arm04-builder08, !arm04-builder09, !arm04-builder10, !arm04-builder11, !arm04-builder12, !arm04-builder13, !arm04-builder14, !arm04-builder15, !arm04-builder16, !arm04-builder17, !arm04-builder18, !arm04-builder19, !arm04-builder20, !arm04-builder21, !arm04-builder22, !arm04-builder23, !buildvm-01, !buildvm-02, !buildvm-03, !buildvm-04, !buildvm-05, !buildvm-06, !buildvm-07, !buildvm-08, !buildvm-09, !buildvm-10, !buildvm-11, !buildvm-12, !buildvm-13, !buildvm-14, !buildvm-15, !buildvm-16, !buildvm-17, !buildvm-18, !buildvm-19, !buildvm-20, !buildvm-21, !buildvm-22, !buildvm-23, !buildvm-24, !buildvm-25, !buildvm-26, !buildvm-27, !buildvmhost-10, !buildvmhost-11, !buildvmhost-12, !cloud-gw, !fed-cloud03.mgmt.fedoraproject.org, !fed-cloud04.mgmt.fedoraproject.org, !fed-cloud05.mgmt.fedoraproject.org, !fed-cloud06.mgmt.fedoraproject.org, !fed-cloud07.mgmt.fedoraproject.org, !fed-cloud08.mgmt.fedoraproject.org, !fed-cloud09.mgmt.fedoraproject.org, !fed-cloud10.mgmt.fedoraproject.org, !fed-cloud11.mgmt.fedoraproject.org, !fed-cloud12.mgmt.fedoraproject.org, !fed-cloud13.mgmt.fedoraproject.org, !fed-cloud14.mgmt.fedoraproject.org, !fed-cloud15.mgmt.fedoraproject.org + members *, !proxy01, !proxy01, !proxy02, !proxy02, !proxy03, !proxy04, !proxy05, !proxy06, !proxy07, !proxy07, !proxy08, !proxy08, !proxy12, !proxy12, !proxy10, !proxy11, !proxy12, !fwsm01-gw, !backup01.mgmt.fedoraproject.org,!bc02.mgmt.fedoraproject.org,!download01.mgmt.fedoraproject.org,!download02.mgmt.fedoraproject.org,!download03.mgmt.fedoraproject.org,!download04.mgmt.fedoraproject.org,!download05.mgmt.fedoraproject.org,!qa01.mgmt.fedoraproject.org,!qa02.mgmt.fedoraproject.org,!qa03.mgmt.fedoraproject.org,!qa04.mgmt.fedoraproject.org,!qa05.mgmt.fedoraproject.org,!qa06.mgmt.fedoraproject.org,!qa07.mgmt.fedoraproject.org,!qa08.mgmt.fedoraproject.org,!qa09.mgmt.fedoraproject.org,!qa10.mgmt.fedoraproject.org,!qa11.mgmt.fedoraproject.org,!qa12.mgmt.fedoraproject.org,!qa13.mgmt.fedoraproject.org,!qa14.mgmt.fedoraproject.org,!bvirthost07.mgmt.fedoraproject.org,!virthost01.mgmt.fedoraproject.org,!virthost02.mgmt.fedoraproject.org,!virthost11.mgmt.fedoraproject.org,!virthost03.mgmt.fedoraproject.org,!atomic01.mgmt.fedoraproject.org, !virthost12.mgmt.fedoraproject.org, !virthost14.mgmt.fedoraproject.org,!virthost15.mgmt.fedoraproject.org,!virthost16.mgmt.fedoraproject.org,!virthost17.mgmt.fedoraproject.org,!virthost18.mgmt.fedoraproject.org, !virthost19.mgmt.fedoraproject.org, !virthost20.mgmt.fedoraproject.org, !virthost21.mgmt.fedoraproject.org, !virthost22.mgmt.fedoraproject.org, !ibiblio-gw, !status-fedora2, !virthost-comm02.mgmt.fedoraproject.org, !virthost-comm03.mgmt.fedoraproject.org, !virthost-comm04.mgmt.fedoraproject.org, !ppc-hub,!retrace01.qa,!sign-vault03,!sign-vault03.mgmt.fedoraproject.org,!sign-vault04,!sign-vault04.mgmt.fedoraproject.org, !arm01-builder00, !arm01-retrace01, !arm01-builder02, !arm01-builder03, !arm01-builder04, !arm01-builder05, !arm01-builder06, !arm01-builder07, !arm01-builder08, !arm01-builder09, !arm01-builder10, !arm01-builder11, !arm01-builder12, !arm01-builder13, !arm01-builder14, !arm01-builder15, !arm01-builder16, !arm01-builder17, !arm01-builder18, !arm01-builder19, !arm01-builder20, !arm01-builder21, !arm01-builder22, !arm01-builder23, !arm02-builder00, !arm02-builder01, !arm02-builder02, !arm02-builder03, !arm02-builder04, !arm02-builder05, !arm02-builder06, !arm02-builder07, !arm02-builder08, !arm02-builder09, !arm02-builder10, !arm02-builder11, !arm02-builder12, !arm02-builder13, !arm02-builder14, !arm02-builder15, !arm02-builder16, !arm02-builder17, !arm02-builder18, !arm02-builder19, !arm02-builder20, !arm02-builder21, !arm02-builder22, !arm02-builder23, !arm04-builder00, !arm04-builder01, !arm04-builder02, !arm04-builder03, !arm04-builder04, !arm04-builder05, !arm04-builder06, !arm04-builder07, !arm04-builder08, !arm04-builder09, !arm04-builder10, !arm04-builder11, !arm04-builder12, !arm04-builder13, !arm04-builder14, !arm04-builder15, !arm04-builder16, !arm04-builder17, !arm04-builder18, !arm04-builder19, !arm04-builder20, !arm04-builder21, !arm04-builder22, !arm04-builder23, !buildvm-01, !buildvm-02, !buildvm-03, !buildvm-04, !buildvm-05, !buildvm-06, !buildvm-07, !buildvm-08, !buildvm-09, !buildvm-10, !buildvm-11, !buildvm-12, !buildvm-13, !buildvm-14, !buildvm-15, !buildvm-16, !buildvm-17, !buildvm-18, !buildvm-19, !buildvm-20, !buildvm-21, !buildvm-22, !buildvm-23, !buildvm-24, !buildvm-25, !buildvm-26, !buildvm-27, !buildvmhost-10, !buildvmhost-11, !buildvmhost-12, !cloud-gw, !fed-cloud03.mgmt.fedoraproject.org, !fed-cloud04.mgmt.fedoraproject.org, !fed-cloud05.mgmt.fedoraproject.org, !fed-cloud06.mgmt.fedoraproject.org, !fed-cloud07.mgmt.fedoraproject.org, !fed-cloud08.mgmt.fedoraproject.org, !fed-cloud09.mgmt.fedoraproject.org, !fed-cloud10.mgmt.fedoraproject.org, !fed-cloud11.mgmt.fedoraproject.org, !fed-cloud12.mgmt.fedoraproject.org, !fed-cloud13.mgmt.fedoraproject.org, !fed-cloud14.mgmt.fedoraproject.org, !fed-cloud15.mgmt.fedoraproject.org } diff --git a/roles/nagios/server-experimental/files/nagios/hosts/ppc-composer.cfg b/roles/nagios/server-experimental/files/nagios/hosts/ppc-composer.cfg deleted file mode 100644 index da50bd1a9..000000000 --- a/roles/nagios/server-experimental/files/nagios/hosts/ppc-composer.cfg +++ /dev/null @@ -1,6 +0,0 @@ -define host { - host_name ppc-composer - alias ppc-composer.qa.fedoraproject.org - use ppc-secondarytemplate - address ppc-composer.qa.fedoraproject.org -} diff --git a/roles/nagios/server-experimental/files/nagios/services/disk.cfg b/roles/nagios/server-experimental/files/nagios/services/disk.cfg index 374886b04..807ebe35f 100644 --- a/roles/nagios/server-experimental/files/nagios/services/disk.cfg +++ b/roles/nagios/server-experimental/files/nagios/services/disk.cfg @@ -85,27 +85,6 @@ define service { } define service { - host_name ppc-composer - service_description Disk space /mnt/koji - check_command check_by_nrpe!check_disk_/mnt/koji - use ppc-secondarytemplate -} - -define service { - host_name ppc-composer - service_description Disk space /mnt/data - check_command check_by_nrpe!check_disk_/mnt/data - use ppc-secondarytemplate -} - -define service { - host_name ppc-composer - service_description Disk space / - check_command check_by_nrpe!check_disk_/ - use ppc-secondarytemplate -} - -define service { host_name ppc-hub service_description Disk space / check_command check_by_nrpe!check_disk_/ diff --git a/roles/nagios/server/files/nagios/hostgroups/nomail.cfg b/roles/nagios/server/files/nagios/hostgroups/nomail.cfg index d3cebc64e..f48e9bb15 100644 --- a/roles/nagios/server/files/nagios/hostgroups/nomail.cfg +++ b/roles/nagios/server/files/nagios/hostgroups/nomail.cfg @@ -1,5 +1,5 @@ define hostgroup { hostgroup_name nomail alias No Mail - members *, !bastion01, !bastion02, !bastion-vpn, !backup01, !fas01.stg, !koji01.stg, !pkgs01.stg, !proxy01.stg, !bodhi-backend01.stg, !value01.stg, !smtp-mm-tummy01, !smtp-mm-ib01, !smtp-mm-osuosl01, !hosted03, !proxy01, !proxy01, !proxy02, !proxy02, !proxy03, !proxy04, !proxy05, !proxy06, !proxy07, !proxy07, !proxy08, !proxy08, !proxy09, !proxy10, !proxy11, !proxy12, !bc02.mgmt.fedoraproject.org, !fwsm01-gw, !backup01.mgmt.fedoraproject.org,!bc02.mgmt.fedoraproject.org,!bvirthost07.mgmt.fedoraproject.org,!download01.mgmt.fedoraproject.org,!download02.mgmt.fedoraproject.org,!download03.mgmt.fedoraproject.org,!download04.mgmt.fedoraproject.org,!download05.mgmt.fedoraproject.org,!qa01.mgmt.fedoraproject.org,!qa02.mgmt.fedoraproject.org,!qa03.mgmt.fedoraproject.org,!qa04.mgmt.fedoraproject.org,!qa05.mgmt.fedoraproject.org,!qa06.mgmt.fedoraproject.org,!qa07.mgmt.fedoraproject.org,!qa08.mgmt.fedoraproject.org,!qa09.mgmt.fedoraproject.org,!qa10.mgmt.fedoraproject.org,!qa11.mgmt.fedoraproject.org,!qa12.mgmt.fedoraproject.org,!qa13.mgmt.fedoraproject.org,!qa14.mgmt.fedoraproject.org,!virthost01.mgmt.fedoraproject.org,!virthost02.mgmt.fedoraproject.org,!virthost11.mgmt.fedoraproject.org,!virthost03.mgmt.fedoraproject.org,!atomic01.mgmt.fedoraproject.org,!virthost12.mgmt.fedoraproject.org,!virthost14.mgmt.fedoraproject.org,!virthost15.mgmt.fedoraproject.org,!virthost16.mgmt.fedoraproject.org,!virthost17.mgmt.fedoraproject.org,!virthost18.mgmt.fedoraproject.org,!virthost19.mgmt.fedoraproject.org,!virthost20.mgmt.fedoraproject.org,!virthost21.mgmt.fedoraproject.org,!virthost22.mgmt.fedoraproject.org,!ibiblio-gw,!packages03,!packages04,!status-fedora2, !virthost-comm02.mgmt.fedoraproject.org, !virthost-comm03.mgmt.fedoraproject.org, !virthost-comm04.mgmt.fedoraproject.org, !ppc-hub,!ppc-composer,!retrace01.qa,!sign-vault03,!sign-vault03.mgmt.fedoraproject.org,!sign-vault04,!sign-vault04.mgmt.fedoraproject.org, !arm01-builder00, !arm01-retrace01, !arm01-builder02, !arm01-builder03, !arm01-builder04, !arm01-builder05, !arm01-builder06, !arm01-builder07, !arm01-builder08, !arm01-builder09, !arm01-builder10, !arm01-builder11, !arm01-builder12, !arm01-builder13, !arm01-builder14, !arm01-builder15, !arm01-builder16, !arm01-builder17, !arm01-builder18, !arm01-builder19, !arm01-builder20, !arm01-builder21, !arm01-builder22, !arm01-builder23, !arm02-builder00, !arm02-builder01, !arm02-builder02, !arm02-builder03, !arm02-builder04, !arm02-builder05, !arm02-builder06, !arm02-builder07, !arm02-builder08, !arm02-builder09, !arm02-builder10, !arm02-builder11, !arm02-builder12, !arm02-builder13, !arm02-builder14, !arm02-builder15, !arm02-builder16, !arm02-builder17, !arm02-builder18, !arm02-builder19, !arm02-builder20, !arm02-builder21, !arm02-builder22, !arm02-builder23, !arm04-builder00, !arm04-builder01, !arm04-builder02, !arm04-builder03, !arm04-builder04, !arm04-builder05, !arm04-builder06, !arm04-builder07, !arm04-builder08, !arm04-builder09, !arm04-builder10, !arm04-builder11, !arm04-builder12, !arm04-builder13, !arm04-builder14, !arm04-builder15, !arm04-builder16, !arm04-builder17, !arm04-builder18, !arm04-builder19, !arm04-builder20, !arm04-builder21, !arm04-builder22, !arm04-builder23, !buildvm-01, !buildvm-02, !buildvm-03, !buildvm-04, !buildvm-05, !buildvm-06, !buildvm-07, !buildvm-08, !buildvm-09, !buildvm-10, !buildvm-11, !buildvm-12, !buildvm-13, !buildvm-14, !buildvm-15, !buildvm-16, !buildvm-17, !buildvm-18, !buildvm-19, !buildvm-20, !buildvm-21, !buildvm-22, !buildvm-23, !buildvm-24, !buildvm-25, !buildvm-26, !buildvm-27, !buildvmhost-10, !buildvmhost-11, !buildvmhost-12, !cloud-gw, !fed-cloud03.mgmt.fedoraproject.org, !fed-cloud04.mgmt.fedoraproject.org, !fed-cloud05.mgmt.fedoraproject.org, !fed-cloud06.mgmt.fedoraproject.org, !fed-cloud07.mgmt.fedoraproject.org, !fed-cloud08.mgmt.fedoraproject.org, !fed-cloud09.mgmt.fedoraproject.org, !fed-cloud10.mgmt.fedoraproject.org, !fed-cloud11.mgmt.fedoraproject.org, !fed-cloud12.mgmt.fedoraproject.org, !fed-cloud13.mgmt.fedoraproject.org, !fed-cloud14.mgmt.fedoraproject.org, !fed-cloud15.mgmt.fedoraproject.org + members *, !bastion01, !bastion02, !bastion-vpn, !backup01, !fas01.stg, !koji01.stg, !pkgs01.stg, !proxy01.stg, !bodhi-backend01.stg, !value01.stg, !smtp-mm-tummy01, !smtp-mm-ib01, !smtp-mm-osuosl01, !hosted03, !proxy01, !proxy01, !proxy02, !proxy02, !proxy03, !proxy04, !proxy05, !proxy06, !proxy07, !proxy07, !proxy08, !proxy08, !proxy09, !proxy10, !proxy11, !proxy12, !bc02.mgmt.fedoraproject.org, !fwsm01-gw, !backup01.mgmt.fedoraproject.org,!bc02.mgmt.fedoraproject.org,!bvirthost07.mgmt.fedoraproject.org,!download01.mgmt.fedoraproject.org,!download02.mgmt.fedoraproject.org,!download03.mgmt.fedoraproject.org,!download04.mgmt.fedoraproject.org,!download05.mgmt.fedoraproject.org,!qa01.mgmt.fedoraproject.org,!qa02.mgmt.fedoraproject.org,!qa03.mgmt.fedoraproject.org,!qa04.mgmt.fedoraproject.org,!qa05.mgmt.fedoraproject.org,!qa06.mgmt.fedoraproject.org,!qa07.mgmt.fedoraproject.org,!qa08.mgmt.fedoraproject.org,!qa09.mgmt.fedoraproject.org,!qa10.mgmt.fedoraproject.org,!qa11.mgmt.fedoraproject.org,!qa12.mgmt.fedoraproject.org,!qa13.mgmt.fedoraproject.org,!qa14.mgmt.fedoraproject.org,!virthost01.mgmt.fedoraproject.org,!virthost02.mgmt.fedoraproject.org,!virthost11.mgmt.fedoraproject.org,!virthost03.mgmt.fedoraproject.org,!atomic01.mgmt.fedoraproject.org,!virthost12.mgmt.fedoraproject.org,!virthost14.mgmt.fedoraproject.org,!virthost15.mgmt.fedoraproject.org,!virthost16.mgmt.fedoraproject.org,!virthost17.mgmt.fedoraproject.org,!virthost18.mgmt.fedoraproject.org,!virthost19.mgmt.fedoraproject.org,!virthost20.mgmt.fedoraproject.org,!virthost21.mgmt.fedoraproject.org,!virthost22.mgmt.fedoraproject.org,!ibiblio-gw,!packages03,!packages04,!status-fedora2, !virthost-comm02.mgmt.fedoraproject.org, !virthost-comm03.mgmt.fedoraproject.org, !virthost-comm04.mgmt.fedoraproject.org, !ppc-hub,!retrace01.qa,!sign-vault03,!sign-vault03.mgmt.fedoraproject.org,!sign-vault04,!sign-vault04.mgmt.fedoraproject.org, !arm01-builder00, !arm01-retrace01, !arm01-builder02, !arm01-builder03, !arm01-builder04, !arm01-builder05, !arm01-builder06, !arm01-builder07, !arm01-builder08, !arm01-builder09, !arm01-builder10, !arm01-builder11, !arm01-builder12, !arm01-builder13, !arm01-builder14, !arm01-builder15, !arm01-builder16, !arm01-builder17, !arm01-builder18, !arm01-builder19, !arm01-builder20, !arm01-builder21, !arm01-builder22, !arm01-builder23, !arm02-builder00, !arm02-builder01, !arm02-builder02, !arm02-builder03, !arm02-builder04, !arm02-builder05, !arm02-builder06, !arm02-builder07, !arm02-builder08, !arm02-builder09, !arm02-builder10, !arm02-builder11, !arm02-builder12, !arm02-builder13, !arm02-builder14, !arm02-builder15, !arm02-builder16, !arm02-builder17, !arm02-builder18, !arm02-builder19, !arm02-builder20, !arm02-builder21, !arm02-builder22, !arm02-builder23, !arm04-builder00, !arm04-builder01, !arm04-builder02, !arm04-builder03, !arm04-builder04, !arm04-builder05, !arm04-builder06, !arm04-builder07, !arm04-builder08, !arm04-builder09, !arm04-builder10, !arm04-builder11, !arm04-builder12, !arm04-builder13, !arm04-builder14, !arm04-builder15, !arm04-builder16, !arm04-builder17, !arm04-builder18, !arm04-builder19, !arm04-builder20, !arm04-builder21, !arm04-builder22, !arm04-builder23, !buildvm-01, !buildvm-02, !buildvm-03, !buildvm-04, !buildvm-05, !buildvm-06, !buildvm-07, !buildvm-08, !buildvm-09, !buildvm-10, !buildvm-11, !buildvm-12, !buildvm-13, !buildvm-14, !buildvm-15, !buildvm-16, !buildvm-17, !buildvm-18, !buildvm-19, !buildvm-20, !buildvm-21, !buildvm-22, !buildvm-23, !buildvm-24, !buildvm-25, !buildvm-26, !buildvm-27, !buildvmhost-10, !buildvmhost-11, !buildvmhost-12, !cloud-gw, !fed-cloud03.mgmt.fedoraproject.org, !fed-cloud04.mgmt.fedoraproject.org, !fed-cloud05.mgmt.fedoraproject.org, !fed-cloud06.mgmt.fedoraproject.org, !fed-cloud07.mgmt.fedoraproject.org, !fed-cloud08.mgmt.fedoraproject.org, !fed-cloud09.mgmt.fedoraproject.org, !fed-cloud10.mgmt.fedoraproject.org, !fed-cloud11.mgmt.fedoraproject.org, !fed-cloud12.mgmt.fedoraproject.org, !fed-cloud13.mgmt.fedoraproject.org, !fed-cloud14.mgmt.fedoraproject.org, !fed-cloud15.mgmt.fedoraproject.org } diff --git a/roles/nagios/server/files/nagios/hostgroups/ppc-secondary.cfg b/roles/nagios/server/files/nagios/hostgroups/ppc-secondary.cfg index 7eadaf601..df135cd04 100644 --- a/roles/nagios/server/files/nagios/hostgroups/ppc-secondary.cfg +++ b/roles/nagios/server/files/nagios/hostgroups/ppc-secondary.cfg @@ -1,5 +1,5 @@ define hostgroup { hostgroup_name ppc-secondary alias PPC secondary Hosts - members ppc-hub, ppc-composer + members ppc-hub } diff --git a/roles/nagios/server/files/nagios/hostgroups/servers.cfg b/roles/nagios/server/files/nagios/hostgroups/servers.cfg index 039930d7f..23bfdeea9 100644 --- a/roles/nagios/server/files/nagios/hostgroups/servers.cfg +++ b/roles/nagios/server/files/nagios/hostgroups/servers.cfg @@ -5,6 +5,6 @@ define hostgroup { hostgroup_name servers alias All Servers - members *, !proxy01, !proxy01, !proxy02, !proxy02, !proxy03, !proxy04, !proxy05, !proxy06, !proxy07, !proxy07, !proxy08, !proxy08, !proxy12, !proxy12, !proxy10, !proxy11, !proxy12, !fwsm01-gw, !backup01.mgmt.fedoraproject.org,!bc02.mgmt.fedoraproject.org,!download01.mgmt.fedoraproject.org,!download02.mgmt.fedoraproject.org,!download03.mgmt.fedoraproject.org,!download04.mgmt.fedoraproject.org,!download05.mgmt.fedoraproject.org,!qa01.mgmt.fedoraproject.org,!qa02.mgmt.fedoraproject.org,!qa03.mgmt.fedoraproject.org,!qa04.mgmt.fedoraproject.org,!qa05.mgmt.fedoraproject.org,!qa06.mgmt.fedoraproject.org,!qa07.mgmt.fedoraproject.org,!qa08.mgmt.fedoraproject.org,!qa09.mgmt.fedoraproject.org,!qa10.mgmt.fedoraproject.org,!qa11.mgmt.fedoraproject.org,!qa12.mgmt.fedoraproject.org,!qa13.mgmt.fedoraproject.org,!qa14.mgmt.fedoraproject.org,!bvirthost07.mgmt.fedoraproject.org,!virthost01.mgmt.fedoraproject.org,!virthost02.mgmt.fedoraproject.org,!virthost11.mgmt.fedoraproject.org,!virthost03.mgmt.fedoraproject.org,!atomic01.mgmt.fedoraproject.org, !virthost12.mgmt.fedoraproject.org, !virthost14.mgmt.fedoraproject.org,!virthost15.mgmt.fedoraproject.org,!virthost16.mgmt.fedoraproject.org,!virthost17.mgmt.fedoraproject.org,!virthost18.mgmt.fedoraproject.org, !virthost19.mgmt.fedoraproject.org, !virthost20.mgmt.fedoraproject.org, !virthost21.mgmt.fedoraproject.org, !virthost22.mgmt.fedoraproject.org, !ibiblio-gw, !status-fedora2, !virthost-comm02.mgmt.fedoraproject.org, !virthost-comm03.mgmt.fedoraproject.org, !virthost-comm04.mgmt.fedoraproject.org, !ppc-hub,!ppc-composer,!retrace01.qa,!sign-vault03,!sign-vault03.mgmt.fedoraproject.org,!sign-vault04,!sign-vault04.mgmt.fedoraproject.org, !arm01-builder00, !arm01-retrace01, !arm01-builder02, !arm01-builder03, !arm01-builder04, !arm01-builder05, !arm01-builder06, !arm01-builder07, !arm01-builder08, !arm01-builder09, !arm01-builder10, !arm01-builder11, !arm01-builder12, !arm01-builder13, !arm01-builder14, !arm01-builder15, !arm01-builder16, !arm01-builder17, !arm01-builder18, !arm01-builder19, !arm01-builder20, !arm01-builder21, !arm01-builder22, !arm01-builder23, !arm02-builder00, !arm02-builder01, !arm02-builder02, !arm02-builder03, !arm02-builder04, !arm02-builder05, !arm02-builder06, !arm02-builder07, !arm02-builder08, !arm02-builder09, !arm02-builder10, !arm02-builder11, !arm02-builder12, !arm02-builder13, !arm02-builder14, !arm02-builder15, !arm02-builder16, !arm02-builder17, !arm02-builder18, !arm02-builder19, !arm02-builder20, !arm02-builder21, !arm02-builder22, !arm02-builder23, !arm04-builder00, !arm04-builder01, !arm04-builder02, !arm04-builder03, !arm04-builder04, !arm04-builder05, !arm04-builder06, !arm04-builder07, !arm04-builder08, !arm04-builder09, !arm04-builder10, !arm04-builder11, !arm04-builder12, !arm04-builder13, !arm04-builder14, !arm04-builder15, !arm04-builder16, !arm04-builder17, !arm04-builder18, !arm04-builder19, !arm04-builder20, !arm04-builder21, !arm04-builder22, !arm04-builder23, !buildvm-01, !buildvm-02, !buildvm-03, !buildvm-04, !buildvm-05, !buildvm-06, !buildvm-07, !buildvm-08, !buildvm-09, !buildvm-10, !buildvm-11, !buildvm-12, !buildvm-13, !buildvm-14, !buildvm-15, !buildvm-16, !buildvm-17, !buildvm-18, !buildvm-19, !buildvm-20, !buildvm-21, !buildvm-22, !buildvm-23, !buildvm-24, !buildvm-25, !buildvm-26, !buildvm-27, !buildvmhost-10, !buildvmhost-11, !buildvmhost-12, !cloud-gw, !fed-cloud03.mgmt.fedoraproject.org, !fed-cloud04.mgmt.fedoraproject.org, !fed-cloud05.mgmt.fedoraproject.org, !fed-cloud06.mgmt.fedoraproject.org, !fed-cloud07.mgmt.fedoraproject.org, !fed-cloud08.mgmt.fedoraproject.org, !fed-cloud09.mgmt.fedoraproject.org, !fed-cloud10.mgmt.fedoraproject.org, !fed-cloud11.mgmt.fedoraproject.org, !fed-cloud12.mgmt.fedoraproject.org, !fed-cloud13.mgmt.fedoraproject.org, !fed-cloud14.mgmt.fedoraproject.org, !fed-cloud15.mgmt.fedoraproject.org + members *, !proxy01, !proxy01, !proxy02, !proxy02, !proxy03, !proxy04, !proxy05, !proxy06, !proxy07, !proxy07, !proxy08, !proxy08, !proxy12, !proxy12, !proxy10, !proxy11, !proxy12, !fwsm01-gw, !backup01.mgmt.fedoraproject.org,!bc02.mgmt.fedoraproject.org,!download01.mgmt.fedoraproject.org,!download02.mgmt.fedoraproject.org,!download03.mgmt.fedoraproject.org,!download04.mgmt.fedoraproject.org,!download05.mgmt.fedoraproject.org,!qa01.mgmt.fedoraproject.org,!qa02.mgmt.fedoraproject.org,!qa03.mgmt.fedoraproject.org,!qa04.mgmt.fedoraproject.org,!qa05.mgmt.fedoraproject.org,!qa06.mgmt.fedoraproject.org,!qa07.mgmt.fedoraproject.org,!qa08.mgmt.fedoraproject.org,!qa09.mgmt.fedoraproject.org,!qa10.mgmt.fedoraproject.org,!qa11.mgmt.fedoraproject.org,!qa12.mgmt.fedoraproject.org,!qa13.mgmt.fedoraproject.org,!qa14.mgmt.fedoraproject.org,!bvirthost07.mgmt.fedoraproject.org,!virthost01.mgmt.fedoraproject.org,!virthost02.mgmt.fedoraproject.org,!virthost11.mgmt.fedoraproject.org,!virthost03.mgmt.fedoraproject.org,!atomic01.mgmt.fedoraproject.org, !virthost12.mgmt.fedoraproject.org, !virthost14.mgmt.fedoraproject.org,!virthost15.mgmt.fedoraproject.org,!virthost16.mgmt.fedoraproject.org,!virthost17.mgmt.fedoraproject.org,!virthost18.mgmt.fedoraproject.org, !virthost19.mgmt.fedoraproject.org, !virthost20.mgmt.fedoraproject.org, !virthost21.mgmt.fedoraproject.org, !virthost22.mgmt.fedoraproject.org, !ibiblio-gw, !status-fedora2, !virthost-comm02.mgmt.fedoraproject.org, !virthost-comm03.mgmt.fedoraproject.org, !virthost-comm04.mgmt.fedoraproject.org, !ppc-hub,!retrace01.qa,!sign-vault03,!sign-vault03.mgmt.fedoraproject.org,!sign-vault04,!sign-vault04.mgmt.fedoraproject.org, !arm01-builder00, !arm01-retrace01, !arm01-builder02, !arm01-builder03, !arm01-builder04, !arm01-builder05, !arm01-builder06, !arm01-builder07, !arm01-builder08, !arm01-builder09, !arm01-builder10, !arm01-builder11, !arm01-builder12, !arm01-builder13, !arm01-builder14, !arm01-builder15, !arm01-builder16, !arm01-builder17, !arm01-builder18, !arm01-builder19, !arm01-builder20, !arm01-builder21, !arm01-builder22, !arm01-builder23, !arm02-builder00, !arm02-builder01, !arm02-builder02, !arm02-builder03, !arm02-builder04, !arm02-builder05, !arm02-builder06, !arm02-builder07, !arm02-builder08, !arm02-builder09, !arm02-builder10, !arm02-builder11, !arm02-builder12, !arm02-builder13, !arm02-builder14, !arm02-builder15, !arm02-builder16, !arm02-builder17, !arm02-builder18, !arm02-builder19, !arm02-builder20, !arm02-builder21, !arm02-builder22, !arm02-builder23, !arm04-builder00, !arm04-builder01, !arm04-builder02, !arm04-builder03, !arm04-builder04, !arm04-builder05, !arm04-builder06, !arm04-builder07, !arm04-builder08, !arm04-builder09, !arm04-builder10, !arm04-builder11, !arm04-builder12, !arm04-builder13, !arm04-builder14, !arm04-builder15, !arm04-builder16, !arm04-builder17, !arm04-builder18, !arm04-builder19, !arm04-builder20, !arm04-builder21, !arm04-builder22, !arm04-builder23, !buildvm-01, !buildvm-02, !buildvm-03, !buildvm-04, !buildvm-05, !buildvm-06, !buildvm-07, !buildvm-08, !buildvm-09, !buildvm-10, !buildvm-11, !buildvm-12, !buildvm-13, !buildvm-14, !buildvm-15, !buildvm-16, !buildvm-17, !buildvm-18, !buildvm-19, !buildvm-20, !buildvm-21, !buildvm-22, !buildvm-23, !buildvm-24, !buildvm-25, !buildvm-26, !buildvm-27, !buildvmhost-10, !buildvmhost-11, !buildvmhost-12, !cloud-gw, !fed-cloud03.mgmt.fedoraproject.org, !fed-cloud04.mgmt.fedoraproject.org, !fed-cloud05.mgmt.fedoraproject.org, !fed-cloud06.mgmt.fedoraproject.org, !fed-cloud07.mgmt.fedoraproject.org, !fed-cloud08.mgmt.fedoraproject.org, !fed-cloud09.mgmt.fedoraproject.org, !fed-cloud10.mgmt.fedoraproject.org, !fed-cloud11.mgmt.fedoraproject.org, !fed-cloud12.mgmt.fedoraproject.org, !fed-cloud13.mgmt.fedoraproject.org, !fed-cloud14.mgmt.fedoraproject.org, !fed-cloud15.mgmt.fedoraproject.org } diff --git a/roles/nagios/server/files/nagios/hosts/basset01.cfg b/roles/nagios/server/files/nagios/hosts/basset01.cfg new file mode 100644 index 000000000..e9a6d1069 --- /dev/null +++ b/roles/nagios/server/files/nagios/hosts/basset01.cfg @@ -0,0 +1,7 @@ +define host { + host_name basset01 + alias basset01.phx2.fedoraproject.org + use defaulttemplate + address basset01.phx2.fedoraproject.org + parents virthost19 +} diff --git a/roles/nagios/server/files/nagios/hosts/ppc-composer.cfg b/roles/nagios/server/files/nagios/hosts/ppc-composer.cfg deleted file mode 100644 index da50bd1a9..000000000 --- a/roles/nagios/server/files/nagios/hosts/ppc-composer.cfg +++ /dev/null @@ -1,6 +0,0 @@ -define host { - host_name ppc-composer - alias ppc-composer.qa.fedoraproject.org - use ppc-secondarytemplate - address ppc-composer.qa.fedoraproject.org -} diff --git a/roles/nagios/server/files/nagios/services/basset.cfg b/roles/nagios/server/files/nagios/services/basset.cfg new file mode 100644 index 000000000..4ea295aaa --- /dev/null +++ b/roles/nagios/server/files/nagios/services/basset.cfg @@ -0,0 +1,27 @@ +define service { + host_name basset01 + service_description mongo process + check_command check_by_nrpe!check_mongo_proc + use defaulttemplate +} + +define service { + host_name basset01 + service_description rabbitmq process + check_command check_by_nrpe!check_rabbitmq_proc + use defaulttemplate +} + +define service { + host_name basset01 + service_description basset worker processes + check_command check_by_nrpe!check_worker_proc + use defaulttemplate +} + +define service { + host_name basset01 + service_description basset processing queue + check_command check_by_nrpe!check_basset_queue + use defaulttemplate +} diff --git a/roles/nagios/server/files/nagios/services/disk.cfg b/roles/nagios/server/files/nagios/services/disk.cfg index 374886b04..807ebe35f 100644 --- a/roles/nagios/server/files/nagios/services/disk.cfg +++ b/roles/nagios/server/files/nagios/services/disk.cfg @@ -85,27 +85,6 @@ define service { } define service { - host_name ppc-composer - service_description Disk space /mnt/koji - check_command check_by_nrpe!check_disk_/mnt/koji - use ppc-secondarytemplate -} - -define service { - host_name ppc-composer - service_description Disk space /mnt/data - check_command check_by_nrpe!check_disk_/mnt/data - use ppc-secondarytemplate -} - -define service { - host_name ppc-composer - service_description Disk space / - check_command check_by_nrpe!check_disk_/ - use ppc-secondarytemplate -} - -define service { host_name ppc-hub service_description Disk space / check_command check_by_nrpe!check_disk_/ diff --git a/roles/nagios/server/files/nrpe.cfg b/roles/nagios/server/files/nrpe.cfg index 04dd74697..752bca569 100644 --- a/roles/nagios/server/files/nrpe.cfg +++ b/roles/nagios/server/files/nrpe.cfg @@ -234,7 +234,7 @@ command[check_fedmsg_hub_proc]=/usr/lib64/nagios/plugins/check_procs -c 1:1 -C ' command[check_fedmsg_gateway_proc]=/usr/lib64/nagios/plugins/check_procs -c 1:1 -C 'fedmsg-gateway' -u fedmsg command[check_fedmsg_irc_proc]=/usr/lib64/nagios/plugins/check_procs -c 1:1 -C 'fedmsg-irc' -u fedmsg command[check_fedmsg_tweet_proc]=/usr/lib64/nagios/plugins/check_procs -c 1:1 -C 'fedmsg-tweet' -u fedmsg -command[check_fedmsg_masher_proc]=/usr/lib64/nagios/plugins/check_procs -c 1:1 -C 'fedmsg-hub' -u masher +command[check_fedmsg_masher_proc]=/usr/lib64/nagios/plugins/check_procs -c 1:1 -C 'fedmsg-hub' -u apache command[check_supybot_fedmsg_plugin]=/usr/lib64/nagios/plugins/check_supybot_plugin -t fedmsg command[check_haproxy_conns]=/usr/lib64/nagios/plugins/check_haproxy_conns.py command[check_redis_proc]=/usr/lib64/nagios/plugins/check_procs -c 1:1 -C 'redis-server' -u redis diff --git a/roles/openqa/dispatcher/files/openqa_consumer.py b/roles/openqa/dispatcher/files/openqa_consumer.py deleted file mode 100644 index 80bb6160c..000000000 --- a/roles/openqa/dispatcher/files/openqa_consumer.py +++ /dev/null @@ -1,3 +0,0 @@ -config = { - 'fedora_openqa_schedule.consumer.enabled': True, -} diff --git a/roles/openqa/dispatcher/tasks/main.yml b/roles/openqa/dispatcher/tasks/main.yml index ac569b599..cc5188fe1 100644 --- a/roles/openqa/dispatcher/tasks/main.yml +++ b/roles/openqa/dispatcher/tasks/main.yml @@ -12,9 +12,18 @@ ## string - FAS username for reporting results to wiki # - wikitcms_password ## string - password for relval_user +# - deployment_type +## string - Fedora Infrastructure thing; for this role, decides +## whether and where to submit wiki results # -# When both of the above are set, a wikitcms 'credentials' file will -# be created and result submission to the wiki will be enabled. +# When all of the above are set, a wikitcms 'credentials' file will +# be created and result submission to the wiki will be enabled. If +# deployment_type is set to 'prod', results will be submitted to the +# production wiki in response to openQA production 'job complete' +# fedmsgs; if set to 'stg', results will be submitted to the staging +# wiki in response to openQA staging 'job complete' fedmsgs. You +# probably should NOT set these unless you're maintaining the Fedora +# infrastructure deployments. # # NOTE: There are still currently a couple of assumptions that the # openQA server boxes will always act as their own dispatchers, but @@ -22,22 +31,23 @@ # as we now use the openQA asset downloading capability so that the # scheduler is no longer responsible for downloading assets. -# note: we need updates-testing until fedfind/wikitcms 2.x go stable -- name: Install required packages (testing) - dnf: name={{ item }} state=present enablerepo="updates-testing" - with_items: - - fedfind - - python2-wikitcms - tags: - - packages +# just keeping this around for convenience as we often need it +#- name: Install required packages (testing) +# dnf: name={{ item }} state=present enablerepo="updates-testing" +# with_items: + +# tags: +# - packages - name: Install required packages dnf: name={{ item }} state=present with_items: + - fedfind - python2-fedmsg-consumers - python-requests - python-setuptools - python-six + - python2-wikitcms tags: - packages @@ -106,7 +116,7 @@ - config - name: Enable fedmsg consumer - copy: src=openqa_consumer.py dest=/etc/fedmsg.d/openqa_consumer.py owner=root group=root mode=0644 + template: src=openqa_consumer.py.j2 dest=/etc/fedmsg.d/openqa_consumer.py owner=root group=root mode=0644 notify: - restart fedmsg-hub tags: diff --git a/roles/openqa/dispatcher/templates/openqa_consumer.py.j2 b/roles/openqa/dispatcher/templates/openqa_consumer.py.j2 new file mode 100644 index 000000000..e84c627a4 --- /dev/null +++ b/roles/openqa/dispatcher/templates/openqa_consumer.py.j2 @@ -0,0 +1,12 @@ +config = { +{% if openqa_consumer %} + 'fedora_openqa_schedule.consumer.enabled': True, +{% endif %} +{% if wikitcms_user is defined and wikitcms_password is defined %} +{% if deployment_type is defined and deployment_type == 'prod' %} + 'fedora_openqa_schedule.wiki.consumer.prod.enabled': True, +{% elif deployment_type is defined and deployment_type == 'stg' %} + 'fedora_openqa_schedule.wiki.consumer.stg.enabled': True, +{% endif %} +{% endif %} +} diff --git a/roles/openqa/server/tasks/main.yml b/roles/openqa/server/tasks/main.yml index df3b1a5da..720473630 100644 --- a/roles/openqa/server/tasks/main.yml +++ b/roles/openqa/server/tasks/main.yml @@ -18,6 +18,9 @@ ## default - ansible_nodename # Optional vars +# - openqa_static_uid +## int - a static ID for the geekotest user and group if desired +## this is useful for NFS mounting openQA data files # - openqa_dbname ## string - The name of the database to use # - openqa_dbhost @@ -26,40 +29,44 @@ ## string - The database username # - openqa_dbpassword ## string - The database password +# - openqa_assetsize +## int - the asset size limit to set in GB (upstream default is 100GB) +## higher is recommended for normal Fedora testing, 300GB is good +## FIXME: this only works for pgsql ATM +# - deployment_type +## string - Fedora Infrastructure thing; for this role, decides +## whether to monkeypatch the repo URLs in the templates +## to work inside Fedora infrastructure. Don't set it +## unless your deployment is running in Fedora infra. # # If openqa_dbhost is set, the others must be too, and the server will be # configured to use a pgsql database accordingly. If openqa_dbhost is not # set, the server will use a local SQLite database and the other values # are ignored. -# As we want to store some geekotest-owned files in shared storage, we -# need to ensure geekotest always has the same uid/gid if we re-deploy -# the servers. So we create the account here with uid/gid 601. +- name: Create geekotest group with static GID + group: "name=geekotest gid={{ openqa_static_uid }} system=yes" + when: "openqa_static_uid is defined" -- name: Create geekotest group with static GID 601 - group: name=geekotest gid=601 system=yes - -- name: Create geekotest user with static UID 601 +- name: Create geekotest user with static UID user: name: geekotest comment: "openQA user" - uid: 601 + uid: "{{ openqa_static_uid }}" group: geekotest home: "/var/lib/openqa" createhome: no system: yes shell: /sbin/nologin + when: "openqa_static_uid is defined" -# note: we need updates-testing until fedfind 2.x and openQA 4.3-21 go stable -- name: Install required packages (testing) - dnf: name={{ item }} state=present enablerepo="updates-testing" - with_items: - - python2-fedfind - - openqa - - openqa-httpd - - openqa-plugin-fedmsg - tags: - - packages +# just keeping this around for convenience as we often need it +#- name: Install required packages (testing) +# dnf: name={{ item }} state=present enablerepo="updates-testing" +# with_items: +# +# tags: +# - packages - name: Install required packages dnf: name={{ item }} state=present enablerepo=adamwill-openQA @@ -75,8 +82,13 @@ - expect - libguestfs-tools-c - libguestfs-xfs - - python2-pexpect - - python-libguestfs + - openqa + - openqa-httpd + - openqa-plugin-fedmsg + - python2-fedfind + - python3-fedfind + - python3-libguestfs + - python3-pexpect tags: - packages @@ -101,7 +113,7 @@ - /var/lib/openqa/share/factory/repo - name: Check if any hard disk images need (re)building - command: "python /root/openqa_fedora_tools/tools/createhdds.py check" + command: "/root/openqa_fedora_tools/tools/createhdds.py check" args: chdir: /var/lib/openqa/share/factory/hdd/ register: diskcheck @@ -110,7 +122,7 @@ always_run: true - name: Create hard disk images (this may take a long time!) - command: "python /root/openqa_fedora_tools/tools/createhdds.py all --clean" + command: "/root/openqa_fedora_tools/tools/createhdds.py all --clean" args: chdir: /var/lib/openqa/share/factory/hdd/ environment: @@ -200,7 +212,7 @@ - name: Patch repo URLs in templates shell: "cp /var/lib/openqa/share/tests/fedora/templates /tmp && sed -i -e 's,dl.fedoraproject,dl.phx2.fedoraproject,g' /tmp/templates" - when: "gittests|changed" + when: "gittests|changed and deployment_type is defined" changed_when: "1 != 1" - name: Dump existing config for checking changes @@ -223,3 +235,12 @@ register: testsdiff changed_when: "testsdiff.rc > 0" failed_when: "1 != 1" + +- name: Set asset size limit (if specified) (pgsql) + delegate_to: "{{ openqa_dbhost }}" + become_user: postgres + become: true + command: "psql -d {{ openqa_dbname }} -c \"UPDATE job_groups SET size_limit_gb = {{ openqa_assetsize }} WHERE size_limit_gb != {{ openqa_assetsize }};\"" + when: "openqa_dbhost is defined and openqa_assetsize is defined" + register: pgsqlsize + changed_when: "pgsqlsize.stdout.find('UPDATE 0') == -1" diff --git a/roles/openvpn/server/files/ccd/basset01.phx2.fedoraproject.org b/roles/openvpn/server/files/ccd/basset01.phx2.fedoraproject.org new file mode 100644 index 000000000..06c21b67c --- /dev/null +++ b/roles/openvpn/server/files/ccd/basset01.phx2.fedoraproject.org @@ -0,0 +1,2 @@ +# ifconfig-push actualIP PtPIP +ifconfig-push 192.168.1.46 192.168.0.46 diff --git a/roles/osbs-client/defaults/main.yml b/roles/osbs-client/defaults/main.yml index 17a6f4bcc..034abd4fe 100644 --- a/roles/osbs-client/defaults/main.yml +++ b/roles/osbs-client/defaults/main.yml @@ -32,3 +32,4 @@ default: distribution_scope: private registry_api_versions: v2 builder_openshift_url: https://172.17.0.1:8443/ + koji_certs_secret: false diff --git a/roles/osbs-client/templates/osbs.conf.j2 b/roles/osbs-client/templates/osbs.conf.j2 index b8df8ccb6..2a2d35e1c 100644 --- a/roles/osbs-client/templates/osbs.conf.j2 +++ b/roles/osbs-client/templates/osbs.conf.j2 @@ -10,6 +10,9 @@ username = {{ default.username }} {% if default.password %} password = {{ default.password }} {% endif %} +{% if default.koji_certs_secret %} +koji_certs_secret = {{ default.koji_certs_secret }} +{% endif %} openshift_url = {{ default.openshift_url }} koji_root = {{ default.koji_root }} koji_hub = {{ default.koji_hub }} diff --git a/roles/pdc/frontend/templates/settings_local.py b/roles/pdc/frontend/templates/settings_local.py index 2d021a520..256260c3d 100644 --- a/roles/pdc/frontend/templates/settings_local.py +++ b/roles/pdc/frontend/templates/settings_local.py @@ -10,6 +10,11 @@ # settings, please remember to update your settings_local.py # when the items you extended got updated in settings.py. +# Turn on the fedmsg publishing plugin. +MESSAGE_BUS = { + 'MLP': 'fedmsg', # MLP: Messaging Library Package +} + REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': ( 'pdc.apps.auth.authentication.TokenAuthenticationWithChangeSet', diff --git a/roles/planet/files/people_base_config b/roles/planet/files/people_base_config index b629ad3a9..52fbbd423 100644 --- a/roles/planet/files/people_base_config +++ b/roles/planet/files/people_base_config @@ -39,11 +39,6 @@ fasname = admin name = Fedora University Tour fasname = admin -[http://www.archive.org/services/collection-rss.php] -name = Fedora Videos -filters = regexp_sifter.py?require=[Ff]edora -fasname = admin - [http://www.projetofedora.org/rss.xml] name = Projeto Fedora Brasil face = http://fedoraplanet.org/images/heads/map_brazil_fedora_small.png diff --git a/roles/planet/files/selinux/planet.te b/roles/planet/files/selinux/planet.te index dad5fb7f1..14a1cc339 100644 --- a/roles/planet/files/selinux/planet.te +++ b/roles/planet/files/selinux/planet.te @@ -10,4 +10,5 @@ userdom_list_all_users_home_dirs(httpd_t); userdom_list_all_users_home_dirs(httpd_git_script_t); allow httpd_git_script_t user_home_t:dir read; +allow git_script_t user_home_t:dir search; allow httpd_t user_home_t:dir read; diff --git a/roles/postgresql_server/templates/postgresql.conf b/roles/postgresql_server/templates/postgresql.conf index 603f9ea61..9947805fb 100644 --- a/roles/postgresql_server/templates/postgresql.conf +++ b/roles/postgresql_server/templates/postgresql.conf @@ -121,8 +121,8 @@ shared_buffers = {{ shared_buffers }} # min 128kB or max_connections*16kB # 8 MB is probably on the high side. We can probably do with 4MB. But we # were seeing a problem and we have the RAM so we're going to try this. -work_mem = 2MB # min 64kB -maintenance_work_mem = 1024MB # min 1MB +work_mem = 4MB # min 64kB +maintenance_work_mem = 1024MB # min 1MB #max_stack_depth = 2MB # min 100kB # - Free Space Map - @@ -215,7 +215,7 @@ random_page_cost = 3.0 # same scale as above #cpu_tuple_cost = 0.01 # same scale as above #cpu_index_tuple_cost = 0.005 # same scale as above #cpu_operator_cost = 0.0025 # same scale as above -effective_cache_size = 5GB +effective_cache_size = {{ effective_cache_size }} # - Genetic Query Optimizer - diff --git a/roles/rabbitmq/tasks/main.yml b/roles/rabbitmq/tasks/main.yml new file mode 100644 index 000000000..5fbadf7e5 --- /dev/null +++ b/roles/rabbitmq/tasks/main.yml @@ -0,0 +1,9 @@ +- name: install needed packages + yum: pkg={{ item }} state=present + with_items: + - rabbitmq-server + tags: rabbitmq + +- name: start rabbitmq + service: name=rabbitmq-server state=started enabled=yes + tags: rabbitmq diff --git a/roles/releng/tasks/main.yml b/roles/releng/tasks/main.yml index cb99faf6a..08d0b1825 100644 --- a/roles/releng/tasks/main.yml +++ b/roles/releng/tasks/main.yml @@ -185,11 +185,6 @@ copy: src="twoweek-updates" dest=/etc/cron.d/twoweek-updates when: inventory_hostname.startswith('compose-x86-01') -- name: sudoers for ftpsync - copy: src="{{ private }}/files/sudo/ftpsync-sudo" dest=/etc/sudoers.d/ftpsync mode=0440 - tags: - - configs - - name: install compose /etc/httpd/conf.d/compose.conf file copy: > src="compose.conf" diff --git a/roles/rsyncd/files/rsyncd.conf.download-ibiblio b/roles/rsyncd/files/rsyncd.conf.download-ibiblio index 5854e0267..dceddef24 100644 --- a/roles/rsyncd/files/rsyncd.conf.download-ibiblio +++ b/roles/rsyncd/files/rsyncd.conf.download-ibiblio @@ -68,7 +68,7 @@ refuse options = checksum list = no uid = 263 gid = 263 - hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 152.19.134.145 152.19.134.195 mirrors.mit.edu solar-one.mit.edu 10.64.10.11 mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com mirror01.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 frisal.switch.ch + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 152.19.134.145 152.19.134.195 mirrors.mit.edu solar-one.mit.edu 10.64.10.11 mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com mirror01.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 frisal.switch.ch 208.96.144.70 [fedora-buffet0] comment = Fedora Buffet for Tier0|1 Mirrors @@ -76,7 +76,7 @@ refuse options = checksum list = no uid = 263 gid = 263 - hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 152.19.134.145 152.19.134.195 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com mirror01.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 frisal.switch.ch + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 152.19.134.145 152.19.134.195 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com mirror01.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 frisal.switch.ch 208.96.144.70 [fedora-epel0] comment = Fedora EPEL for Tier0|1 Mirrors @@ -84,7 +84,7 @@ refuse options = checksum list = no uid = 263 gid = 263 - hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com mirror01.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 frisal.switch.ch + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com mirror01.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 frisal.switch.ch 208.96.144.70 [fedora-alt0] comment = Fedora ALT for Tier0|1 Mirrors @@ -92,7 +92,7 @@ refuse options = checksum list = no uid = 100103 gid = 101737 - hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com mirror01.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 frisal.switch.ch + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com mirror01.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 frisal.switch.ch 208.96.144.70 # For distributing applications [log] diff --git a/roles/rsyncd/files/rsyncd.conf.download-phx2 b/roles/rsyncd/files/rsyncd.conf.download-phx2 index 1c257be21..859644996 100644 --- a/roles/rsyncd/files/rsyncd.conf.download-phx2 +++ b/roles/rsyncd/files/rsyncd.conf.download-phx2 @@ -72,7 +72,7 @@ refuse options = checksum list = no uid = nobody gid = 263 - hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 152.19.134.145 152.19.134.195 mirrors.mit.edu solar-one.mit.edu 10.64.10.11 mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com mirror01.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 frisal.switch.ch + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 152.19.134.145 152.19.134.195 mirrors.mit.edu solar-one.mit.edu 10.64.10.11 mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com mirror01.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 frisal.switch.ch 208.96.144.70 [fedora-buffet0] comment = Fedora Buffet for Tier0|1 Mirrors @@ -80,7 +80,7 @@ refuse options = checksum list = no uid = nobody gid = 263 - hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 152.19.134.145 152.19.134.195 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com mirror01.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 frisal.switch.ch + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 152.19.134.145 152.19.134.195 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com mirror01.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 frisal.switch.ch 208.96.144.70 [fedora-epel0] comment = Fedora EPEL for Tier0|1 Mirrors @@ -88,7 +88,7 @@ refuse options = checksum list = no uid = nobody gid = 263 - hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com mirror01.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 frisal.switch.ch 152.19.134.145 + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com mirror01.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 frisal.switch.ch 152.19.134.145 208.96.144.70 [fedora-alt0] comment = Fedora ALT for Tier0|1 Mirrors @@ -96,7 +96,7 @@ refuse options = checksum list = no uid = 100103 gid = 101737 - hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com mirror01.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 frisal.switch.ch 152.19.134.145 + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com mirror01.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 frisal.switch.ch 152.19.134.145 208.96.144.70 [fedora-archive0] comment = Fedora ALT for Tier0|1 Mirrors @@ -104,7 +104,7 @@ refuse options = checksum list = no uid = 100103 gid = 101737 - hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com mirror01.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 frisal.switch.ch 152.19.134.145 + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com mirror01.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 frisal.switch.ch 152.19.134.145 208.96.144.70 # For distributing applications [log] diff --git a/roles/rsyncd/files/rsyncd.conf.download-rdu b/roles/rsyncd/files/rsyncd.conf.download-rdu index ae7fb804c..ac67f65ce 100644 --- a/roles/rsyncd/files/rsyncd.conf.download-rdu +++ b/roles/rsyncd/files/rsyncd.conf.download-rdu @@ -68,7 +68,7 @@ refuse options = checksum list = no uid = nobody gid = 263 - hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 152.19.134.145 152.19.134.195 mirrors.mit.edu solar-one.mit.edu 10.64.10.11 mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com mirror01.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 frisal.switch.ch + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 152.19.134.145 152.19.134.195 mirrors.mit.edu solar-one.mit.edu 10.64.10.11 mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com mirror01.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 frisal.switch.ch 208.96.144.70 [fedora-buffet0] comment = Fedora Buffet for Tier0|1 Mirrors @@ -76,7 +76,7 @@ refuse options = checksum list = no uid = nobody gid = 263 - hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 152.19.134.145 152.19.134.195 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com mirror01.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 frisal.switch.ch + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 152.19.134.145 152.19.134.195 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com mirror01.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 frisal.switch.ch 208.96.144.70 [fedora-epel0] comment = Fedora EPEL for Tier0|1 Mirrors @@ -84,7 +84,7 @@ refuse options = checksum list = no uid = nobody gid = 263 - hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com mirror01.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 frisal.switch.ch + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com mirror01.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 frisal.switch.ch 208.96.144.70 [fedora-alt0] comment = Fedora ALT for Tier0|1 Mirrors @@ -92,7 +92,7 @@ refuse options = checksum list = no uid = 100103 gid = 101737 - hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com mirror01.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 frisal.switch.ch + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com mirror01.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 frisal.switch.ch 208.96.144.70 # For distributing applications [log] diff --git a/roles/taskotron/buildmaster-configure/templates/ci.master.cfg.j2 b/roles/taskotron/buildmaster-configure/templates/ci.master.cfg.j2 index f1bc5efd2..f56682445 100644 --- a/roles/taskotron/buildmaster-configure/templates/ci.master.cfg.j2 +++ b/roles/taskotron/buildmaster-configure/templates/ci.master.cfg.j2 @@ -160,6 +160,7 @@ from buildbot.process.factory import BuildFactory from buildbot.steps.source.git import Git from buildbot.steps.shell import ShellCommand from buildbot.process.properties import Property, Interpolate +from buildbot.steps.transfer import DirectoryUpload @@ -172,7 +173,6 @@ def create_test_factory(repo_name, func=True): factory.addStep(ShellCommand(command=['virtualenv', '--system-site-packages', 'env'])) factory.addStep(ShellCommand(command=['bash', '-c', 'source env/bin/activate; pip install -r requirements.txt'])) factory.addStep(ShellCommand(command=['bash', '-c', 'source env/bin/activate; TEST="true" py.test %s testing/' % '-F' if func else ''], name=repo_name)) - return factory @@ -184,22 +184,22 @@ def create_test_factory(repo_name, func=True): # factory.addStep(Git(repourl=Interpolate('{{ repo_base }}/%s.git' % repo_name), # mode='full', env={'GIT_SSL_NO_VERIFY': 'yes'}, # method='clobber')) - factory.addStep(Git(repourl=Interpolate('https://bitbucket.org/fedoraqa/%s.git' % repo_name), + factory.addStep(Git(repourl=Interpolate('https://bitbucket.org/tflink/%s.git' % repo_name), mode='full',method='clobber')) factory.addStep(ShellCommand(command=['doit', 'envtype=ci', 'test'], descriptionDone = ['run tests'])) - factory.addStep(ShellCommand(command=['doit', Interpolate('basedir=/srv/static/%(prop:Project)s'), 'envtype=ci', 'chainbuild'], descriptionDone=['Chainbuild RPMs'])) - factory.addStep(ShellCommand(command=['doit', Interpolate('basedir=/srv/static/%(prop:Project)s'), 'envtype=ci', 'buildtype=release', 'releasedocs'], descriptionDone=['Build Documentation'])) - factory.addStep(ShellCommand(command=['doit', Interpolate('basedir=/srv/static/%(prop:Project)s'), 'envtype=ci', 'buildtype=release', 'updatelatest'], descriptionDone=['Update Release Symlinks'])) + factory.addStep(ShellCommand(command=['doit', Interpolate('basedir=/srv/builds/%(prop:Project)s'), 'envtype=ci', 'chainbuild'], descriptionDone=['Chainbuild RPMs'])) + factory.addStep(ShellCommand(command=['doit', Interpolate('basedir=/srv/docs/%(prop:Project)s'), 'envtype=ci', 'buildtype=release', 'releasedocs'], descriptionDone=['Build Documentation'])) + factory.addStep(ShellCommand(command=['doit', Interpolate('basedir=/srv/docs/%(prop:Project)s'), 'envtype=ci', 'buildtype=release', 'updatelatest'], descriptionDone=['Update Symlinks'])) return factory {% endif %} -trigger_factory = create_test_factory('taskotron-trigger') -libtaskotron_factory = create_test_factory('libtaskotron') -resultsdb_factory = create_test_factory('resultsdb') -resultsdb_api_factory = create_test_factory('resultsdb_api') -fake_fedorainfra_factory = create_test_factory('fake_fedorainfra') +#trigger_factory = create_test_factory('taskotron-trigger') +libtaskotron_factory = create_test_factory('libtaskotron-docs') +#resultsdb_factory = create_test_factory('resultsdb') +#resultsdb_api_factory = create_test_factory('resultsdb_api') +#fake_fedorainfra_factory = create_test_factory('fake_fedorainfra') from buildbot.config import BuilderConfig diff --git a/roles/taskotron/taskotron-trigger/templates/trigger.cfg.j2 b/roles/taskotron/taskotron-trigger/templates/trigger.cfg.j2 index fd0819e42..077aa5a29 100644 --- a/roles/taskotron/taskotron-trigger/templates/trigger.cfg.j2 +++ b/roles/taskotron/taskotron-trigger/templates/trigger.cfg.j2 @@ -3,6 +3,7 @@ url = http://127.0.0.1:8080/change_hook [trigger] koji_build_completed_tasks = rpmlint +docker_build_tasks = dockerautotest koji_tag_changed_tasks = upgradepath,depcheck compose_completed_tasks = valid_arches = x86_64 diff --git a/roles/tftp_server/files/default.noc01.phx2.fedoraproject.org b/roles/tftp_server/files/default.noc01.phx2.fedoraproject.org index 4bfa2a3ac..3c76c9a57 100644 --- a/roles/tftp_server/files/default.noc01.phx2.fedoraproject.org +++ b/roles/tftp_server/files/default.noc01.phx2.fedoraproject.org @@ -40,11 +40,6 @@ LABEL Fed23-x86_64-buildhw KERNEL images/Fedora/23/x86_64/vmlinuz APPEND ks initrd=images/Fedora/23/x86_64/initrd.img repo=http://10.5.126.23/pub/fedora/linux/releases/23/Server/x86_64/os/ ip=eth0:dhcp ks=http://10.5.126.23/repo/rhel/ks/buildhw-fedora-23 text net.ifnames=0 biosdevname=0 ksdevice=eth0 console=tty0 console=ttyS0 -LABEL EL7-ppc64-virthost - MENU LABEL EL7-ppc64-virthost - KERNEL images/RHEL/7/ppc64/vmlinuz - APPEND ks initrd=images/RHEL/7/ppc64/initrd.img method=http://10.5.126.23/repo/rhel/RHEL7-ppc64/ ip=dhcp ks=http://10.5.126.23/repo/rhel/ks/hardware-rhel-7-power8-BE-12disk.cfg text net.ifnames=0 biosdevname=0 - LABEL EL7-ppc64le-virthost MENU LABEL EL7-ppc64le-virthost KERNEL images/RHEL/7/ppc64le/vmlinuz diff --git a/handlers/semanage.yml b/roles/unbound/handlers/main.yml index bb9db3f6a..e437eebe2 100644 --- a/handlers/semanage.yml +++ b/roles/unbound/handlers/main.yml @@ -1,3 +1,6 @@ +- name: restart unbound + action: service name=unbound state=restarted + - name: semanage dns80 command: /usr/sbin/semanage port -m -t dns_port_t -p tcp 80 diff --git a/roles/varnish/handlers/main.yml b/roles/varnish/handlers/main.yml new file mode 100644 index 000000000..ce6018b90 --- /dev/null +++ b/roles/varnish/handlers/main.yml @@ -0,0 +1,2 @@ +- name: restart varnish + service: name=varnish state=restarted diff --git a/roles/varnish/tasks/main.yml b/roles/varnish/tasks/main.yml index ba93da557..cede84094 100644 --- a/roles/varnish/tasks/main.yml +++ b/roles/varnish/tasks/main.yml @@ -25,20 +25,9 @@ tags: - varnish -# Merge these two after freeze lifts - name: install /etc/varnish/default.vcl template: src=proxy.vcl.j2 dest=/etc/varnish/default.vcl owner=root group=root - when: env != 'staging' - notify: - - restart varnish - tags: - - varnish - -- name: install STAGING /etc/varnish/default.vcl - template: src=proxy.vcl.stg.j2 dest=/etc/varnish/default.vcl - owner=root group=root - when: env == 'staging' notify: - restart varnish tags: diff --git a/roles/varnish/templates/proxy.vcl.j2 b/roles/varnish/templates/proxy.vcl.j2 index e21d00cf1..f6b761133 100644 --- a/roles/varnish/templates/proxy.vcl.j2 +++ b/roles/varnish/templates/proxy.vcl.j2 @@ -223,17 +223,6 @@ sub vcl_recv { if (req.url ~ "^/freemedia/") { set req.backend_hint = freemedia; } - if (req.url ~ "^/packages/") { - set req.backend_hint = packages; - if (req.url ~ "^/packages/_res/") { - unset req.http.cookie; - set req.url = regsub(req.url, "\?.*", ""); - } - if (req.url ~ "^/packages/css/") { - unset req.http.cookie; - set req.url = regsub(req.url, "\?.*", ""); - } - } if (req.url ~ "^/tagger/") { set req.backend_hint = tagger; if (req.url ~ "^/tagger/ui/static/") { @@ -241,20 +230,6 @@ sub vcl_recv { set req.url = regsub(req.url, "\?.*", ""); } } - if (req.url ~ "^/calendar") { - set req.backend_hint = fedocal; - if (req.url ~ "^/calendar/static/") { - unset req.http.cookie; - set req.url = regsub(req.url, "\?.*", ""); - } - } - if (req.url ~ "^/kerneltest") { - set req.backend_hint = kerneltest; - if (req.url ~ "^/kerneltest/static/") { - unset req.http.cookie; - set req.url = regsub(req.url, "\?.*", ""); - } - } if (req.http.X-Forwarded-Server ~ "^paste.fedoraproject.org") { set req.backend_hint = paste; if (req.url ~ "^/skins/") { @@ -273,13 +248,6 @@ sub vcl_recv { set req.url = regsub(req.url, "\?.*", ""); } } - if (req.url ~ "^/koschei") { - set req.backend_hint = koschei; - if (req.url ~ "^/koschei/static/") { - unset req.http.cookie; - set req.url = regsub(req.url, "\?.*", ""); - } - } if (req.http.X-Forwarded-Server ~ "^qa.fedoraproject.org") { if (req.url ~ "^/blockerbugs") { set req.backend_hint = blockerbugs; @@ -289,20 +257,59 @@ sub vcl_recv { } } } - - if (req.http.X-Forwarded-Server ~ "^apps.fedoraproject.org") { - if (req.url ~ "^/nuancier") { - set req.backend_hint = nuancier; - if (req.url ~ "^/nuancier/static/") { - unset req.http.cookie; - set req.url = regsub(req.url, "\?.*", ""); - } - if (req.url ~ "^/nuancier/cache/") { - unset req.http.cookie; - set req.url = regsub(req.url, "\?.*", ""); - } - } - } + if (req.http.X-Forwarded-Server ~ "^apps.fedoraproject.org" || req.http.X-Forwarded-Server ~ "^apps.stg.fedoraproject.org") { + if (req.url ~ "^/koschei") { + set req.backend_hint = koschei; + if (req.url ~ "^/koschei/static/") { + unset req.http.cookie; + set req.url = regsub(req.url, "\?.*", ""); + } + } + if (req.url ~ "^/kerneltest") { + set req.backend_hint = kerneltest; + if (req.url ~ "^/kerneltest/static/") { + unset req.http.cookie; + set req.url = regsub(req.url, "\?.*", ""); + } + } + if (req.url ~ "^/calendar") { + set req.backend_hint = fedocal; + if (req.url ~ "^/calendar/static/") { + unset req.http.cookie; + set req.url = regsub(req.url, "\?.*", ""); + } + } + if (req.url ~ "^/nuancier") { + set req.backend_hint = nuancier; + if (req.url ~ "^/nuancier/static/") { + unset req.http.cookie; + set req.url = regsub(req.url, "\?.*", ""); + } + if (req.url ~ "^/nuancier/cache/") { + unset req.http.cookie; + set req.url = regsub(req.url, "\?.*", ""); + } + } + if (req.url ~ "^/packages/") { + set req.backend_hint = packages; + if (req.url ~ "^/packages/_res/") { + unset req.http.cookie; + set req.url = regsub(req.url, "\?.*", ""); + } + if (req.url ~ "^/packages/css/") { + unset req.http.cookie; + set req.url = regsub(req.url, "\?.*", ""); + } + if (req.url ~ "^/packages/images/") { + unset req.http.cookie; + set req.url = regsub(req.url, "\?.*", ""); + } + if (req.url ~ "^/packages/js/") { + unset req.http.cookie; + set req.url = regsub(req.url, "\?.*", ""); + } + } + } # Pass any requests with the "If-None-Match" header directly. if (req.http.If-None-Match) { diff --git a/roles/varnish/templates/proxy.vcl.stg.j2 b/roles/varnish/templates/proxy.vcl.stg.j2 deleted file mode 100644 index f6b761133..000000000 --- a/roles/varnish/templates/proxy.vcl.stg.j2 +++ /dev/null @@ -1,379 +0,0 @@ -vcl 4.0; - -import directors; - -backend wiki { - .host = "localhost"; - .port = "10001"; - .first_byte_timeout = 120s; -} - -backend mirrorlists { - .host = "localhost"; - .port = "10002"; -} - -backend pkgdb { - .host = "localhost"; - .port = "10003"; - .first_byte_timeout = 160s; -} - -backend fas01 { - .host = "fas01"; - .port = "http"; - .probe = { - .url = "/accounts/"; - .interval = 5s; - .timeout = 5s; - .window = 5; - .threshold = 5; - } -} - -backend fas02 { - .host = "fas02"; - .port = "http"; - .probe = { - .url = "/accounts/"; - .interval = 5s; - .timeout = 5s; - .window = 5; - .threshold = 5; - } -} - -backend fas03 { - .host = "fas03"; - .port = "http"; - .probe = { - .url = "/accounts/"; - .interval = 5s; - .timeout = 5s; - .window = 5; - .threshold = 5; - } -} - -sub vcl_init { - new fas = directors.round_robin(); - fas.add_backend(fas01); - fas.add_backend(fas02); - fas.add_backend(fas03); -} - -backend nuancier { - .host = "localhost"; - .port = "10035"; -} - -backend voting { - .host = "localhost"; - .port = "10007"; - .first_byte_timeout = 160s; -} - -backend mirrormanager { - .host = "localhost"; - .port = "10008"; -} - -backend bodhi { - .host = "localhost"; - .port = "10009"; -} - -backend freemedia { - .host = "localhost"; - .port = "10011"; -} - -backend packages { - .host = "localhost"; - .port = "10016"; -} - -backend tagger { - .host = "localhost"; - .port = "10017"; -} - -backend askbot { - .host = "localhost"; - .port = "10021"; -} - -backend blockerbugs { - .host = "localhost"; - .port = "10022"; -} - -backend fedocal { - .host = "localhost"; - .port = "10023"; -} - -backend kerneltest { - .host = "localhost"; - .port = "10038"; -} - -backend paste { - .host = "localhost"; - .port = "10027"; -} - -backend koschei { - .host = "localhost"; - .port = "10040"; -} - - -acl purge { - "192.168.1.129"; // wiki01.vpn - "192.168.1.130"; // wiki02.vpn - "10.5.126.60"; // wiki01.stg - "10.5.126.63"; // wiki01 - "10.5.126.73"; // wiki02 - "10.5.126.23"; // lockbox01 - "192.168.1.58"; //lockbox01.vpn -} - -sub vcl_synth { - set resp.http.Content-Type = "text/html; charset=utf-8"; - set resp.http.Retry-After = "5"; - synthetic( {"<!DOCTYPE html> -<html> - <head> - <title>"} + resp.status + " " + resp.reason + {"</title> - </head> - <body> - <h1>Error "} + resp.status + " " + resp.reason + {"</h1> - <p>"} + resp.reason + {"</p> - <h3>Guru Meditation:</h3> - <p>XID: "} + req.xid + {"</p> - <hr> - <p>Varnish cache server on {{ inventory_hostname }}</p> - </body> -</html> -"} ); - return (deliver); -} - -sub vcl_recv { - if (req.method == "PURGE") { - if (!client.ip ~ purge) { - return (synth(405, "Not allowed")); - } - return(purge); - } - - if (req.url ~ "^/wiki/") { - set req.backend_hint = wiki; - } - if (req.url ~ "^/w/") { - set req.backend_hint = wiki; - if (req.url ~ "^/w/skins/") { - unset req.http.cookie; - set req.url = regsub(req.url, "\?.*", ""); - } - } - if (req.url ~ "^/mirrorlist/") { - set req.backend_hint = mirrorlists; - } - if (req.url ~ "^/pkgdb") { - set req.backend_hint = pkgdb; - if (req.url ~ "^/pkgdb/static/") { - unset req.http.cookie; - set req.url = regsub(req.url, "\?.*", ""); - } - } - if (req.url ~ "^/accounts/") { - set req.backend_hint = fas.backend(); - if (req.url ~ "^/accounts/static/") { - unset req.http.cookie; - set req.url = regsub(req.url, "\?.*", ""); - } - } - if (req.url ~ "^/voting/") { - set req.backend_hint = voting; - if (req.url ~ "^/voting/static/") { - unset req.http.cookie; - set req.url = regsub(req.url, "\?.*", ""); - } - } - if (req.url ~ "^/mirrormanager") { - set req.backend_hint = mirrormanager; - if (req.url ~ "^/mirrormanager/static/") { - unset req.http.cookie; - set req.url = regsub(req.url, "\?.*", ""); - } - if (req.url ~ "^/mirrormanager/mirrors") { - unset req.http.cookie; - set req.url = regsub(req.url, "\?.*", ""); - } - } - if (req.url ~ "^/updates/") { - set req.backend_hint = bodhi; - if (req.url ~ "^/updates/static/") { - unset req.http.cookie; - set req.url = regsub(req.url, "\?.*", ""); - } - } - if (req.url ~ "^/freemedia/") { - set req.backend_hint = freemedia; - } - if (req.url ~ "^/tagger/") { - set req.backend_hint = tagger; - if (req.url ~ "^/tagger/ui/static/") { - unset req.http.cookie; - set req.url = regsub(req.url, "\?.*", ""); - } - } - if (req.http.X-Forwarded-Server ~ "^paste.fedoraproject.org") { - set req.backend_hint = paste; - if (req.url ~ "^/skins/") { - unset req.http.cookie; - set req.url = regsub(req.url, "\?.*", ""); - } - if (req.url ~ "^/addons/") { - unset req.http.cookie; - set req.url = regsub(req.url, "\?.*", ""); - } - } - if (req.http.X-Forwarded-Server ~ "^ask.fedoraproject.org") { - set req.backend_hint = askbot; - if (req.url ~ "^/m/") { - unset req.http.cookie; - set req.url = regsub(req.url, "\?.*", ""); - } - } - if (req.http.X-Forwarded-Server ~ "^qa.fedoraproject.org") { - if (req.url ~ "^/blockerbugs") { - set req.backend_hint = blockerbugs; - if (req.url ~ "^/blockerbugs/static/") { - unset req.http.cookie; - set req.url = regsub(req.url, "\?.*", ""); - } - } - } - if (req.http.X-Forwarded-Server ~ "^apps.fedoraproject.org" || req.http.X-Forwarded-Server ~ "^apps.stg.fedoraproject.org") { - if (req.url ~ "^/koschei") { - set req.backend_hint = koschei; - if (req.url ~ "^/koschei/static/") { - unset req.http.cookie; - set req.url = regsub(req.url, "\?.*", ""); - } - } - if (req.url ~ "^/kerneltest") { - set req.backend_hint = kerneltest; - if (req.url ~ "^/kerneltest/static/") { - unset req.http.cookie; - set req.url = regsub(req.url, "\?.*", ""); - } - } - if (req.url ~ "^/calendar") { - set req.backend_hint = fedocal; - if (req.url ~ "^/calendar/static/") { - unset req.http.cookie; - set req.url = regsub(req.url, "\?.*", ""); - } - } - if (req.url ~ "^/nuancier") { - set req.backend_hint = nuancier; - if (req.url ~ "^/nuancier/static/") { - unset req.http.cookie; - set req.url = regsub(req.url, "\?.*", ""); - } - if (req.url ~ "^/nuancier/cache/") { - unset req.http.cookie; - set req.url = regsub(req.url, "\?.*", ""); - } - } - if (req.url ~ "^/packages/") { - set req.backend_hint = packages; - if (req.url ~ "^/packages/_res/") { - unset req.http.cookie; - set req.url = regsub(req.url, "\?.*", ""); - } - if (req.url ~ "^/packages/css/") { - unset req.http.cookie; - set req.url = regsub(req.url, "\?.*", ""); - } - if (req.url ~ "^/packages/images/") { - unset req.http.cookie; - set req.url = regsub(req.url, "\?.*", ""); - } - if (req.url ~ "^/packages/js/") { - unset req.http.cookie; - set req.url = regsub(req.url, "\?.*", ""); - } - } - } - - # Pass any requests with the "If-None-Match" header directly. - if (req.http.If-None-Match) { - return (pass); - } - - # Force lookup if the request is a no-cache request from the client. -# if (req.http.Cache-Control ~ "no-cache") { -# purge_url(req.url); -# } -# if (req.http.Accept-Encoding) { -# if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") { -# # No point in compressing these -# remove req.http.Accept-Encoding; -# } elsif (req.http.Accept-Encoding ~ "gzip") { -# # This is currently a bug with ipv6, so we need to nuke it. -# remove req.http.Accept-Encoding; -# } elsif (req.http.Accept-Encoding ~ "deflate") { -# set req.http.Accept-Encoding = "deflate"; -# } else { -# # unknown algorithm -# remove req.http.Accept-Encoding; -# } -# } -} - -# When requesting application icons, don't allow cherrypy to set cookies -#sub vcl_backend_fetch { -# if (req.url ~ "^/pkgdb/appicon/show/") { -# unset beresp.http.set-cookie; -# } -#} - - -# Make sure mirrormanager/mirrors doesn't set any cookies -# (Setting cookies would make varnish store a HIT-FOR-PASS -# making it always fetch from backend) -sub vcl_backend_response { - if (bereq.url ~ "^/mirrormanager/mirrors") { - unset beresp.http.set-cookie; - set beresp.ttl = 6h; - } - if (bereq.url ~ "^/mirrormanager/static/") { - set beresp.ttl = 6h; - } -} - -sub vcl_pipe { - set req.http.connection = "close"; -} - -sub vcl_hit { - if (req.method == "PURGE") { - ban(req.url); - return (synth(200, "Purged")); - } - - if (!obj.ttl > 0s) { - return (pass); - } -} - -sub vcl_miss { - if (req.method == "PURGE") { - return (synth(200, "Not in cache")); - } -} diff --git a/scripts/vhost-info b/scripts/vhost-info index 471f160df..3a32d34b2 100755 --- a/scripts/vhost-info +++ b/scripts/vhost-info @@ -49,17 +49,12 @@ class OutputCallback(CallbackBase): self.cpu_used_in_vm[vhostname]=cpu_used parser = OptionParser(version = "1.0") -parser.add_option('--host', default=[], action='append', help="hosts to act on, defaults to virthosts") +parser.add_option('--host', default=[], action='append', help="hosts to act on, defaults to virtservers") parser.add_option('--hosts-from-file', default=None, dest="host_file", help="read list of hosts from this file") (opts, args) = parser.parse_args(sys.argv[1:]) if not opts.host: - hosts = ["virthosts"] -else: - hosts = ';'.join(opts.host) - -if not opts.host: - hosts = ["virthosts"] + hosts = ["virtservers"] else: hosts = ';'.join(opts.host) diff --git a/tasks/iptables.yml b/tasks/iptables.yml deleted file mode 100644 index cd0090965..000000000 --- a/tasks/iptables.yml +++ /dev/null @@ -1,36 +0,0 @@ -# IF YOU ARE USING $tasks/base.yml this is redundant -# this is split out only for some of the cloud boxes - -- name: install iptables if not installed - yum: name=iptables state=present - when: ansible_distribution == 'RedHat' - tags: - - iptables - - packages - -- name: install iptables-services if not installed - yum: name=iptables-services state=present - when: ansible_distribution == 'Fedora' - tags: - - iptables - - packages - -- name: iptables service enabled - service: name=iptables state=running enabled=true - tags: - - iptables - - service - -- name: iptables - template: src={{ item }} dest=/etc/sysconfig/iptables mode=600 backup=yes - with_first_found: - - "{{ iptables }}" - - "{{ files }}/iptables/iptables.{{ ansible_fqdn }}" - - "{{ files }}/iptables/iptables.{{ host_group }}" - - "{{ files }}/iptables/iptables.{{ env }}" - - "{{ files }}/iptables/iptables" - notify: - - restart iptables - tags: - - iptables - - config diff --git a/tasks/osbs_certs.yml b/tasks/osbs_certs.yml index 58bea7950..74005ee0f 100644 --- a/tasks/osbs_certs.yml +++ b/tasks/osbs_certs.yml @@ -8,4 +8,4 @@ mode: 0400 when: env == "staging" notify: - - update ca trust + - update ca-trust |