From cb0ef0b2fd33c4ed758cee0c093b50d1cbc22eff Mon Sep 17 00:00:00 2001 From: Tim Flink Date: Thu, 15 Dec 2016 18:02:23 +0000 Subject: adding new qa-prod01.qa host to replace qadevel.qa --- inventory/group_vars/qa-prod | 100 ++++++++++++++ inventory/host_vars/qa-prod01.qa.fedoraproject.org | 26 ++++ inventory/inventory | 3 + playbooks/groups/qa-stg.yml | 112 --------------- playbooks/groups/qa.yml | 112 +++++++++++++++ roles/base/files/ssh/sshd_config.qa-prod | 151 +++++++++++++++++++++ roles/base/files/ssh/sshd_config.qadevel | 151 --------------------- roles/mariadb_server/files/my.cnf.phabricator | 2 +- .../files/my.cnf.qa-stg01.qa.fedoraproject.org | 6 + 9 files changed, 399 insertions(+), 264 deletions(-) create mode 100644 inventory/group_vars/qa-prod create mode 100644 inventory/host_vars/qa-prod01.qa.fedoraproject.org delete mode 100644 playbooks/groups/qa-stg.yml create mode 100644 playbooks/groups/qa.yml create mode 100644 roles/base/files/ssh/sshd_config.qa-prod delete mode 100644 roles/base/files/ssh/sshd_config.qadevel diff --git a/inventory/group_vars/qa-prod b/inventory/group_vars/qa-prod new file mode 100644 index 000000000..34844eede --- /dev/null +++ b/inventory/group_vars/qa-prod @@ -0,0 +1,100 @@ +--- +# Define resources for this group of hosts here. +lvm_size: 40000 +mem_size: 8196 +num_cpus: 2 + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +fas_client_groups: sysadmin-qa,sysadmin-main,fi-apprentice,sysadmin-noc,sysadmin-veteran + + +freezes: true +sslonly: false + +sshd_config: ssh/sshd_config.qa-prod +sshd_port: 222 +external_hostname: qa.stg.fedoraproject.org + +# not needed with new setup +#sslcertfile: qa-stg.qa.fedoraproject.org.cert +#sslkeyfile: qa-stg.qa.fedoraproject.org.key +sslcertfile: '' +sslkeyfile: '' +sslintermediatecertfile: '' + + +################################################################################ +# Buildbot Settings +################################################################################ +# +buildmaster_db_host: localhost +buildmaster_template: ci.master.cfg.j2 +buildmaster_endpoint: buildmaster +buildslave_ssh_pubkey: '' +buildslave_port: 9989 +buildmaster_dir: /home/buildmaster/master +buildslave_dir: /home/buildslave/slave +buildslave_poll_interval: 1800 +buildmaster_home: /home/buildmaster +buildmaster_user: buildmaster +external_hostname: qa.fedoraproject.org + +# build details +repo_base: 'https://git.qa-prod01.qa.fedoraproject.org/diffusion' +docs_build_dir: /var/www/docs/ + +# for now, we're just doing a local slave so we need the slave vars in here +slave_home: /home/buildslave/ +slave_dir: /home/buildslave/slave +slave_user: buildslave +buildslave_name: 'qa-prod01-1' +buildslave_password: '{{ qa_prod_buildslave_password }}' + + +################################################################################ +# MariaDB Settings +################################################################################ + +mariadb_host: localhost +mariadb_config: my.cnf.phabricator +mariadb_user: '{{ qa_prod_mariadb_user }}' +mariadb_password: '{{ qa_prod_mariadb_password }}' + +################################################################################ +# Phabricator Settings +################################################################################ +phabricator_db_prefix: 'phabricator' +enable_phabricator_git: False +phabricator_vcs_user: git +phabricator_vcs_user_password: '{{ qa_prod_vcs_user_password }}' +phabricator_daemon_user: phabdaemon +phabroot: /usr/share/ +phabricator_filedir: /var/lib/phabricator/files +phabricator_repodir: /var/lib/phabricator/repos +phabricator_config_filename: qaconfig +phabricator_header_color: 'blue' +phabricator_mail_enabled: True +phabricator_mail_domain: fedoraproject.org +phabricator_mysqldump_filename: 'qa-prod_phabricator.sql' +ircnick: fedoraqabot + + +################################################################################ +# Backup Settings +################################################################################ + +backup_dir: /srv/backup +backup_username: root +backup_ssh_pubkey: ssh-dss AAAAB3NzaC1kc3MAAACBAJr3xqn/hHIXeth+NuXPu9P91FG9jozF3Q1JaGmg6szo770rrmhiSsxso/Ibm2mObqQLCyfm/qSOQRynv6tL3tQVHA6EEx0PNacnBcOV7UowR5kd4AYv82K1vQhof3YTxOMmNIOrdy6deDqIf4sLz1TDHvEDwjrxtFf8ugyZWNbTAAAAFQCS5puRZF4gpNbaWxe6gLzm3rBeewAAAIBcEd6pRatE2Qc/dW0YwwudTEaOCUnHmtYs2PHKbOPds0+Woe1aWH38NiE+CmklcUpyRsGEf3O0l5vm3VrVlnfuHpgt/a/pbzxm0U6DGm2AebtqEmaCX3CIuYzKhG5wmXqJ/z+Hc5MDj2mn2TchHqsk1O8VZM+1Ml6zX3Hl4vvBsQAAAIALDt5NFv6GLuid8eik/nn8NORd9FJPDBJxgVqHNIm08RMC6aI++fqwkBhVPFKBra5utrMKQmnKs/sOWycLYTqqcSMPdWSkdWYjBCSJ/QNpyN4laCmPWLgb3I+2zORgR0EjeV2e/46geS0MWLmeEsFwztpSj4Tv4e18L8Dsp2uB2Q== root@backup03-rdiff-backup +host_backup_targets: ['/var/lib/phabricator/files', '/var/lib/phabricator/repos', '/srv/backup'] + + +################################################################################ +# Static Site Settings +################################################################################ + +static_sites: + - name: "{{ inventory_hostname }}" + document_root: /srv/content diff --git a/inventory/host_vars/qa-prod01.qa.fedoraproject.org b/inventory/host_vars/qa-prod01.qa.fedoraproject.org new file mode 100644 index 000000000..e322cfab5 --- /dev/null +++ b/inventory/host_vars/qa-prod01.qa.fedoraproject.org @@ -0,0 +1,26 @@ +--- +nm: 255.255.255.0 +gw: 10.5.124.254 +dns: 10.5.126.21 + +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-24 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/24/Server/x86_64/os/ +volgroup: /dev/VirtGuests + +eth0_ip: 10.5.124.231 +eth0_nm: 255.255.255.128 +vmhost: virthost-comm03.qa.fedoraproject.org +datacenter: phx2 +fas_client_groups: sysadmin-qa,sysadmin-main + +mariadb_root_password: "{{ qadevel_mariadb_root_password }}" + +public_hostname: qa.fedoraproject.org +short_hostname: qa-prod01.qa +buildmaster: 127.0.0.1 + +buildslaves: + - qa-prod01-1 + +slaves: + - { user: "{{ short_hostname }}-1", home: "/home/{{ short_hostname }}-1", dir: "/home/{{ short_hostname }}-1/slave" } diff --git a/inventory/inventory b/inventory/inventory index b6dccc82d..c86f64e1e 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -18,6 +18,9 @@ qa04.qa.fedoraproject.org [qadevel] qadevel.qa.fedoraproject.org:222 +[qa] +qa-prod01.qa.fedoraproject.org:222 + [qa-stg] qa-stg01.qa.fedoraproject.org:222 diff --git a/playbooks/groups/qa-stg.yml b/playbooks/groups/qa-stg.yml deleted file mode 100644 index a59309772..000000000 --- a/playbooks/groups/qa-stg.yml +++ /dev/null @@ -1,112 +0,0 @@ ---- -# create a new taskotron CI stg server -# NOTE: make sure there is room/space for this server on the vmhost -# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars - -- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=qa-stg" - -- name: make the box be real - hosts: qa-stg - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - { role: base, tags: ['base'] } - - { role: rkhunter, tags: ['rkhunter'] } - - { role: nagios/client, tags: ['nagios/client'] } - - hosts - - { role: fas_client, tags: ['fas_client'] } - - { role: collectd/base, tags: ['collectd_base'] } - - { role: sudo, tags: ['sudo'] } - - apache - - pre_tasks: - - include: "{{ tasks }}/yumrepos.yml" - - tasks: - # this is how you include other task lists - - include: "{{ tasks }}/2fa_client.yml" - - include: "{{ tasks }}/motd.yml" - - handlers: - - include: "{{ handlers }}/restart_services.yml" - -- name: configure phabricator - hosts: qa-stg - user: root - - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - { role: mariadb_server, tags: ['mariadb'] } - - { role: phabricator, tags: ['phabricator'] } - - handlers: - - include: "{{ handlers }}/restart_services.yml" - - -- name: configure qa stg buildbot CI - hosts: qa-stg - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - { role: taskotron/buildmaster, tags: ['buildmaster'] } - - { role: taskotron/buildmaster-configure, tags: ['buildmasterconfig'] } - - { role: taskotron/buildslave, tags: ['buildslave'] } - - { role: taskotron/buildslave-configure, tags: ['buildslaveconfig'] } - - handlers: - - include: "{{ handlers }}/restart_services.yml" - -- name: configure static sites for qa-stg - hosts: qa-stg - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - name: ensure ServerName is set in httpd.conf - replace: dest=/etc/httpd/conf/httpd.conf regexp='^#ServerName .*$' replace='ServerName {{ external_hostname }}:443' - notify: - - reload httpd - tags: - - qastaticsites - - - name: create dirs for static sites - file: path={{ item.document_root }} state=directory owner=apache group=apache mode=1755 setype=httpd_sys_content_t - with_items: "{{ static_sites }}" - tags: - - qastaticsites - - - name: generate virtualhosts for static sites - template: src={{ files }}/httpd/qadevel-virtualhost.conf.j2 dest=/etc/httpd/conf.d/{{ item.name }}.conf owner=root group=root mode=0644 - with_items: "{{ static_sites }}" - notify: - - reload httpd - tags: - - qastaticsites - - handlers: - - include: "{{ handlers }}/restart_services.yml" - - diff --git a/playbooks/groups/qa.yml b/playbooks/groups/qa.yml new file mode 100644 index 000000000..28f3b6d28 --- /dev/null +++ b/playbooks/groups/qa.yml @@ -0,0 +1,112 @@ +--- +# create a new taskotron CI stg server +# NOTE: make sure there is room/space for this server on the vmhost +# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars + +- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=qa-stg" + +- name: make the box be real + hosts: qa:qa-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: base, tags: ['base'] } + - { role: rkhunter, tags: ['rkhunter'] } + - { role: nagios/client, tags: ['nagios/client'] } + - hosts + - { role: fas_client, tags: ['fas_client'] } + - { role: collectd/base, tags: ['collectd_base'] } + - { role: sudo, tags: ['sudo'] } + - apache + + pre_tasks: + - include: "{{ tasks }}/yumrepos.yml" + + tasks: + # this is how you include other task lists + - include: "{{ tasks }}/2fa_client.yml" + - include: "{{ tasks }}/motd.yml" + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: configure phabricator + hosts: qa:qa-stg + user: root + + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: mariadb_server, tags: ['mariadb'] } + - { role: phabricator, tags: ['phabricator'] } + + handlers: + - include: "{{ handlers }}/restart_services.yml" + + +- name: configure qa stg buildbot CI + hosts: qa-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + roles: + - { role: taskotron/buildmaster, tags: ['buildmaster'] } + - { role: taskotron/buildmaster-configure, tags: ['buildmasterconfig'] } + - { role: taskotron/buildslave, tags: ['buildslave'] } + - { role: taskotron/buildslave-configure, tags: ['buildslaveconfig'] } + + handlers: + - include: "{{ handlers }}/restart_services.yml" + +- name: configure static sites for qa-stg + hosts: qa-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: ensure ServerName is set in httpd.conf + replace: dest=/etc/httpd/conf/httpd.conf regexp='^#ServerName .*$' replace='ServerName {{ external_hostname }}:443' + notify: + - reload httpd + tags: + - qastaticsites + + - name: create dirs for static sites + file: path={{ item.document_root }} state=directory owner=apache group=apache mode=1755 setype=httpd_sys_content_t + with_items: "{{ static_sites }}" + tags: + - qastaticsites + + - name: generate virtualhosts for static sites + template: src={{ files }}/httpd/qadevel-virtualhost.conf.j2 dest=/etc/httpd/conf.d/{{ item.name }}.conf owner=root group=root mode=0644 + with_items: "{{ static_sites }}" + notify: + - reload httpd + tags: + - qastaticsites + + handlers: + - include: "{{ handlers }}/restart_services.yml" + + diff --git a/roles/base/files/ssh/sshd_config.qa-prod b/roles/base/files/ssh/sshd_config.qa-prod new file mode 100644 index 000000000..1607a0b83 --- /dev/null +++ b/roles/base/files/ssh/sshd_config.qa-prod @@ -0,0 +1,151 @@ +# $OpenBSD: sshd_config,v 1.89 2013/02/06 00:20:42 dtucker Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/bin:/usr/bin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +# If you want to change the port on a SELinux system, you have to tell +# SELinux about this change. +# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER +# +Port 222 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +# The default requires explicit activation of protocol 1 +Protocol 2 + +# HostKey for protocol version 1 +#HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 1h +#ServerKeyBits 1024 + +# Logging +# obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +SyslogFacility AUTHPRIV +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin without-password +StrictModes yes +PasswordAuthentication no + +#MaxAuthTries 6 +#MaxSessions 10 + +#RSAAuthentication yes +#PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes +ChallengeResponseAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no +#KerberosUseKuserok yes + +# GSSAPI options +#GSSAPIAuthentication no +GSSAPIAuthentication yes +#GSSAPICleanupCredentials yes +GSSAPICleanupCredentials yes +#GSSAPIStrictAcceptorCheck yes +#GSSAPIKeyExchange no + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +# WARNING: 'UsePAM no' is not supported in Fedora and may cause several +# problems. +#UsePAM no +UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +UsePrivilegeSeparation sandbox # Default for new installations. +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#ShowPatchLevel no +#UseDNS yes +#PidFile /var/run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# Accept locale-related environment variables +AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES +AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE +AcceptEnv XMODIFIERS + +# override default of no subsystems +Subsystem sftp /usr/libexec/openssh/sftp-server + +# Uncomment this if you want to use .local domain +#Host *.local +# CheckHostIP no + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# ForceCommand cvs server diff --git a/roles/base/files/ssh/sshd_config.qadevel b/roles/base/files/ssh/sshd_config.qadevel deleted file mode 100644 index 1607a0b83..000000000 --- a/roles/base/files/ssh/sshd_config.qadevel +++ /dev/null @@ -1,151 +0,0 @@ -# $OpenBSD: sshd_config,v 1.89 2013/02/06 00:20:42 dtucker Exp $ - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/local/bin:/usr/bin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options override the -# default value. - -# If you want to change the port on a SELinux system, you have to tell -# SELinux about this change. -# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER -# -Port 222 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -# The default requires explicit activation of protocol 1 -Protocol 2 - -# HostKey for protocol version 1 -#HostKey /etc/ssh/ssh_host_key -# HostKeys for protocol version 2 -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_dsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key - -# Lifetime and size of ephemeral version 1 server key -#KeyRegenerationInterval 1h -#ServerKeyBits 1024 - -# Logging -# obsoletes QuietMode and FascistLogging -#SyslogFacility AUTH -SyslogFacility AUTHPRIV -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m -PermitRootLogin without-password -StrictModes yes -PasswordAuthentication no - -#MaxAuthTries 6 -#MaxSessions 10 - -#RSAAuthentication yes -#PubkeyAuthentication yes - -# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 -# but this is overridden so installations will only check .ssh/authorized_keys -AuthorizedKeysFile .ssh/authorized_keys - -#AuthorizedPrincipalsFile none - -#AuthorizedKeysCommand none -#AuthorizedKeysCommandUser nobody - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#RhostsRSAAuthentication no -# similar for protocol version 2 -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# RhostsRSAAuthentication and HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# Change to no to disable s/key passwords -#ChallengeResponseAuthentication yes -ChallengeResponseAuthentication no - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no -#KerberosUseKuserok yes - -# GSSAPI options -#GSSAPIAuthentication no -GSSAPIAuthentication yes -#GSSAPICleanupCredentials yes -GSSAPICleanupCredentials yes -#GSSAPIStrictAcceptorCheck yes -#GSSAPIKeyExchange no - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via ChallengeResponseAuthentication may bypass -# the setting of "PermitRootLogin without-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. -# WARNING: 'UsePAM no' is not supported in Fedora and may cause several -# problems. -#UsePAM no -UsePAM yes - -#AllowAgentForwarding yes -#AllowTcpForwarding yes -#GatewayPorts no -#X11Forwarding no -X11Forwarding yes -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PrintMotd yes -#PrintLastLog yes -#TCPKeepAlive yes -#UseLogin no -UsePrivilegeSeparation sandbox # Default for new installations. -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#ShowPatchLevel no -#UseDNS yes -#PidFile /var/run/sshd.pid -#MaxStartups 10:30:100 -#PermitTunnel no -#ChrootDirectory none -#VersionAddendum none - -# no default banner path -#Banner none - -# Accept locale-related environment variables -AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES -AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT -AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE -AcceptEnv XMODIFIERS - -# override default of no subsystems -Subsystem sftp /usr/libexec/openssh/sftp-server - -# Uncomment this if you want to use .local domain -#Host *.local -# CheckHostIP no - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# ForceCommand cvs server diff --git a/roles/mariadb_server/files/my.cnf.phabricator b/roles/mariadb_server/files/my.cnf.phabricator index 075d8ec7a..eb6229fbc 100644 --- a/roles/mariadb_server/files/my.cnf.phabricator +++ b/roles/mariadb_server/files/my.cnf.phabricator @@ -128,7 +128,7 @@ innodb_log_group_home_dir = /var/lib/mysql innodb_buffer_pool_size = 1600M innodb_additional_mem_pool_size = 200M # Set .._log_file_size to 25 % of buffer pool size -innodb_log_file_size = 400M +innodb_log_file_size = 512M innodb_log_buffer_size = 800M innodb_flush_log_at_trx_commit = 1 innodb_lock_wait_timeout = 50 diff --git a/roles/mariadb_server/files/my.cnf.qa-stg01.qa.fedoraproject.org b/roles/mariadb_server/files/my.cnf.qa-stg01.qa.fedoraproject.org index 3a677d07b..0334f94ff 100644 --- a/roles/mariadb_server/files/my.cnf.qa-stg01.qa.fedoraproject.org +++ b/roles/mariadb_server/files/my.cnf.qa-stg01.qa.fedoraproject.org @@ -139,6 +139,12 @@ innodb_log_buffer_size = 768M innodb_flush_log_at_trx_commit = 1 innodb_lock_wait_timeout = 50 +# added as per reccommended by phab setup +ft_stopword_file=/usr/share/phabricator/resources/sql/stopwords.txt +ft_min_word_len=3 +ft_boolean_syntax=' |-><()~*:""&^' + + [mysqldump] quick max_allowed_packet = 16M -- cgit