Merge branch 'master' of /git/ansible

inventory/group_vars/all

@@ -266,4 +266,6 @@ nagios_Check_Services:
   dhcpd: false
   httpd: false
 
-
+# Set variable if we want to use our global iptables defaults
+# Some things need to set their own.
+baseiptables: True

inventory/group_vars/openstack-compute

@@ -3,3 +3,4 @@ host_group: openstack-compute
 nrpe_procs_warn: 1100
 nrpe_procs_crit: 1200
 ansible_ifcfg_blacklist: true 
+baseiptables: False

inventory/group_vars/os

@@ -1,2 +1,3 @@
 ---
 host_group: os
+baseiptables: False

inventory/group_vars/os-stg

@@ -0,0 +1,3 @@
+---
+host_group: os
+baseiptables: False

inventory/group_vars/osbs

@@ -19,3 +19,5 @@ osbs_koji_username: "kojibuilder"
 koji_url: "koji.fedoraproject.org"
 
 osbs_client_conf_path: /etc/osbs.conf
+
+baseiptables: False

inventory/group_vars/osbs-stg

@@ -0,0 +1,2 @@
+---
+baseiptables: False

inventory/host_vars/fed-cloud09.cloud.fedoraproject.org

@@ -8,3 +8,5 @@ ansible_ifcfg_blacklist: true
 nagios_Check_Services:
   nrpe: true
   sshd: true
+
+baseiptables: False

inventory/inventory

@@ -1330,6 +1330,16 @@ osbs-master01.stg.phx2.fedoraproject.org
 osbs-node01.stg.phx2.fedoraproject.org
 osbs-node02.stg.phx2.fedoraproject.org
 
+[osbs:children]
+osbs-control
+osbs-nodes
+osbs-masters
+
+[osbs-stg:children]
+osbs-control-stg
+osbs-nodes-stg
+osbs-masters-stg
+
 [os-control-stg]
 os-control01.stg.phx2.fedoraproject.org
 
@@ -1342,7 +1352,7 @@ os-master03.stg.phx2.fedoraproject.org
 os-node01.stg.phx2.fedoraproject.org
 os-node02.stg.phx2.fedoraproject.org
 
-[os:children]
+[os-stg:children]
 os-nodes-stg
 os-masters-stg
 os-control-stg

master.yml

@@ -33,6 +33,7 @@
 - include: /srv/web/infra/ansible/playbooks/groups/buildvm.yml
 - include: /srv/web/infra/ansible/playbooks/groups/bugyou.yml
 - include: /srv/web/infra/ansible/playbooks/groups/busgateway.yml
+- include: /srv/web/infra/ansible/playbooks/groups/ci.yml
 - include: /srv/web/infra/ansible/playbooks/groups/copr-backend.yml
 - include: /srv/web/infra/ansible/playbooks/groups/copr-dist-git.yml
 - include: /srv/web/infra/ansible/playbooks/groups/copr-frontend.yml
@@ -107,10 +108,8 @@
 - include: /srv/web/infra/ansible/playbooks/groups/summershum.yml
 - include: /srv/web/infra/ansible/playbooks/groups/sundries.yml
 - include: /srv/web/infra/ansible/playbooks/groups/tagger.yml
+- include: /srv/web/infra/ansible/playbooks/groups/taskotron.yml
 - include: /srv/web/infra/ansible/playbooks/groups/taskotron-client-hosts.yml
-- include: /srv/web/infra/ansible/playbooks/groups/taskotron-prod.yml
-- include: /srv/web/infra/ansible/playbooks/groups/taskotron-dev.yml
-- include: /srv/web/infra/ansible/playbooks/groups/taskotron-stg.yml
 - include: /srv/web/infra/ansible/playbooks/groups/torrent.yml
 - include: /srv/web/infra/ansible/playbooks/groups/twisted-buildbots.yml
 - include: /srv/web/infra/ansible/playbooks/groups/unbound.yml
@@ -145,10 +144,11 @@
 - include: /srv/web/infra/ansible/playbooks/hosts/insim.fedorainfracloud.org.yml
 - include: /srv/web/infra/ansible/playbooks/hosts/lists-dev.fedorainfracloud.org.yml
 - include: /srv/web/infra/ansible/playbooks/hosts/kolinahr.fedorainfracloud.org.yml
-- include: /srv/web/infra/ansible/playbooks/hosts/magazine.fedorainfracloud.org.yml
+- include: /srv/web/infra/ansible/playbooks/hosts/magazine2.fedorainfracloud.org.yml
 - include: /srv/web/infra/ansible/playbooks/hosts/modernpaste.fedorainfracloud.org.yml
+- include: /srv/web/infra/ansible/playbooks/hosts/modularity.fedorainfracloud.org.yml
 - include: /srv/web/infra/ansible/playbooks/hosts/piwik.fedorainfracloud.org.yml
-#- include: /srv/web/infra/ansible/playbooks/hosts/regcfp.fedorainfracloud.org.yml
+#- include: /srv/web/infra/ansible/playbooks/hosts/regcfp2.fedorainfracloud.org.yml
 - include: /srv/web/infra/ansible/playbooks/hosts/respins.fedorainfracloud.org.yml
 - include: /srv/web/infra/ansible/playbooks/hosts/shogun-ca.cloud.fedoraproject.org.yml
 - include: /srv/web/infra/ansible/playbooks/hosts/shumgrepper-dev.fedorainfracloud.org.yml

playbooks/groups/taskotron-dev.yml

@@ -1,59 +0,0 @@
----
-# create a new taskotron dev server
-# NOTE: make sure there is room/space for this server on the vmhost
-# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars
-
-- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=taskotron-dev"
-
-- name: make the box be real
-  hosts: taskotron-dev
-  user: root
-  gather_facts: True
-
-  vars_files:
-   - /srv/web/infra/ansible/vars/global.yml
-   - "/srv/private/ansible/vars.yml"
-   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
-
-  roles:
-   - { role: base, tags: ['base'] }
-   - { role: rkhunter, tags: ['rkhunter'] }
-   - { role: nagios_client, tags: ['nagios_client'] }
-   - { role: hosts, tags: ['hosts']}
-   - { role: fas_client, tags: ['fas_client'] }
-   - { role: collectd/base, tags: ['collectd_base'] }
-   - { role: dnf-automatic, tags: ['dnfautomatic'] }
-   - { role: sudo, tags: ['sudo'] }
-   - apache
-
-  tasks:
-  # this is how you include other task lists
-  - include: "{{ tasks_path }}/yumrepos.yml"
-  - include: "{{ tasks_path }}/2fa_client.yml"
-  - include: "{{ tasks_path }}/motd.yml"
-
-  handlers:
-   - include: "{{ handlers_path }}/restart_services.yml"
-
-- name: configure taskotron master
-  hosts: taskotron-dev
-  user: root
-  gather_facts: True
-
-  vars_files:
-   - /srv/web/infra/ansible/vars/global.yml
-   - "/srv/private/ansible/vars.yml"
-   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
-
-  roles:
-   - { role: taskotron/grokmirror, tags: ['grokmirror'] }
-#   - { role: taskotron/cgit, tags: ['cgit'] }
-   - { role: taskotron/buildmaster, tags: ['buildmaster'] }
-   - { role: taskotron/buildmaster-configure, tags: ['buildmasterconfig'] }
-   - { role: taskotron/taskotron-trigger, tags: ['trigger'] }
-   - { role: taskotron/taskotron-frontend, tags: ['frontend'] }
-   - { role: taskotron/taskotron-proxy, tags: ['taskotronproxy'] }
-   - { role: taskotron/ssl-taskotron, tags: ['ssltaskotron'] }
-
-  handlers:
-   - include: "{{ handlers_path }}/restart_services.yml"

playbooks/groups/taskotron-prod.yml

@@ -1,58 +0,0 @@
----
-# create a new taskotron production server
-# NOTE: make sure there is room/space for this server on the vmhost
-# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars
-
-- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=taskotron-prod"
-
-- name: make the box be real
-  hosts: taskotron-prod
-  user: root
-  gather_facts: True
-
-  vars_files:
-   - /srv/web/infra/ansible/vars/global.yml
-   - "/srv/private/ansible/vars.yml"
-   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
-
-  roles:
-   - { role: base, tags: ['base'] }
-   - { role: rkhunter, tags: ['rkhunter'] }
-   - { role: nagios_client, tags: ['nagios_client'] }
-   - { role: hosts, tags: ['hosts']}
-   - { role: fas_client, tags: ['fas_client'] }
-   - { role: collectd/base, tags: ['collectd_base'] }
-   - { role: sudo, tags: ['sudo'] }
-   - { role: openvpn/client,
-       when: env != "staging", tags: ['openvpn_client'] }
-   - apache
-
-  tasks:
-  # this is how you include other task lists
-  - include: "{{ tasks_path }}/yumrepos.yml"
-  - include: "{{ tasks_path }}/2fa_client.yml"
-  - include: "{{ tasks_path }}/motd.yml"
-
-  handlers:
-   - include: "{{ handlers_path }}/restart_services.yml"
-
-- name: configure taskotron master
-  hosts: taskotron-prod
-  user: root
-  gather_facts: True
-
-  vars_files:
-   - /srv/web/infra/ansible/vars/global.yml
-   - "/srv/private/ansible/vars.yml"
-   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
-
-  roles:
-   - { role: taskotron/grokmirror, tags: ['grokmirror'] }
-#   - { role: taskotron/cgit, tags: ['cgit'] }
-   - { role: taskotron/buildmaster, tags: ['buildmaster'] }
-   - { role: taskotron/buildmaster-configure, tags: ['buildmasterconfig'] }
-   - { role: taskotron/taskotron-trigger, tags: ['trigger'] }
-   - { role: taskotron/taskotron-frontend, tags: ['frontend'] }
-
-  handlers:
-   - include: "{{ handlers_path }}/restart_services.yml"

playbooks/groups/taskotron-stg.yml

@@ -1,56 +0,0 @@
----
-# create a new taskotron staging server
-# NOTE: make sure there is room/space for this server on the vmhost
-# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars
-
-- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=taskotron-stg"
-
-- name: make the box be real
-  hosts: taskotron-stg
-  user: root
-  gather_facts: True
-
-  vars_files:
-   - /srv/web/infra/ansible/vars/global.yml
-   - "/srv/private/ansible/vars.yml"
-   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
-
-  roles:
-   - { role: base, tags: ['base'] }
-   - { role: rkhunter, tags: ['rkhunter'] }
-   - { role: nagios_client, tags: ['nagios_client'] }
-   - { role: hosts, tags: ['hosts']}
-   - { role: fas_client, tags: ['fas_client'] }
-   - { role: collectd/base, tags: ['collectd_base'] }
-   - { role: sudo, tags: ['sudo'] }
-   - apache
-
-  tasks:
-  # this is how you include other task lists
-  - include: "{{ tasks_path }}/yumrepos.yml"
-  - include: "{{ tasks_path }}/2fa_client.yml"
-  - include: "{{ tasks_path }}/motd.yml"
-
-  handlers:
-   - include: "{{ handlers_path }}/restart_services.yml"
-
-- name: configure taskotron master
-  hosts: taskotron-stg
-  user: root
-  gather_facts: True
-
-  vars_files:
-   - /srv/web/infra/ansible/vars/global.yml
-   - "/srv/private/ansible/vars.yml"
-   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
-
-  roles:
-   - { role: taskotron/grokmirror, tags: ['grokmirror'] }
-#   - { role: taskotron/cgit, tags: ['cgit'] }
-   - { role: taskotron/buildmaster, tags: ['buildmaster'] }
-   - { role: taskotron/buildmaster-configure, tags: ['buildmasterconfig'] }
-   - { role: taskotron/taskotron-trigger, tags: ['trigger'] }
-   - { role: taskotron/taskotron-frontend, tags: ['frontend'] }
-
-  handlers:
-   - include: "{{ handlers_path }}/restart_services.yml"

playbooks/hosts/hubs-dev.fedorainfracloud.org.yml

@@ -38,8 +38,7 @@
   - git: repo=https://pagure.io/fedora-hubs.git
          dest=/srv/git/fedora-hubs
          version=develop
-    register: git_result
-    changed_when: "git_result.after|default('after') != git_result.before|default('before')"
+    ignore_errors: true
   - file: dest=/etc/fedmsg.d/ state=directory
   - name: copy around a number of files we want
     command: cp {{item.src}} {{item.dest}}

playbooks/hosts/magazine.fedorainfracloud.org.yml

@@ -1,55 +0,0 @@
-- name: check/create instance
-  hosts: magazine.fedorainfracloud.org
-  gather_facts: False
-
-  vars_files:
-   - /srv/web/infra/ansible/vars/global.yml
-   - /srv/private/ansible/vars.yml
-   - /srv/web/infra/ansible/vars/fedora-cloud.yml
-   - /srv/private/ansible/files/openstack/passwords.yml
-
-  tasks:
-  - include: "{{ tasks_path }}/persistent_cloud.yml"
-
-- name: setup all the things
-  hosts: magazine.fedorainfracloud.org
-  gather_facts: True
-  vars_files:
-   - /srv/web/infra/ansible/vars/global.yml
-   - /srv/private/ansible/vars.yml
-   - /srv/private/ansible/files/openstack/passwords.yml
-   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
-
-  pre_tasks:
-  - include: "{{ tasks_path }}/cloud_setup_basic.yml"
-  - name: set hostname (required by some services, at least postfix need it)
-    hostname: name="{{inventory_hostname}}"
-
-  tasks:
-  - name: add packages
-    yum: state=present name={{ item }}
-    with_items:
-    - httpd
-    - php
-    - php-mysql
-    - mariadb-server
-    - mariadb
-    - mod_ssl
-    - php-mcrypt
-    - php-mbstring
-    - wget
-    - unzip
-    - postfix
-
-  - name: enable httpd service
-    service: name=httpd enabled=yes state=started
-
-  - name: configure postfix for ipv4 only
-    raw: postconf -e inet_protocols=ipv4
-
-  - name: enable local postfix service
-    service: name=postfix enabled=yes state=started
-
-  roles:
-  - nagios_client
-  - mariadb_server

playbooks/manual/upgrade/fmn.yml

@@ -15,7 +15,10 @@
     command: yum clean all {%if testing%} --enablerepo=infrastructure-testing {%endif%}
     check_mode: no
   - name: yum update FMN packages from main repo
-    yum: name="python-fmn*" state=latest
+    yum: name={{ item }} state=latest
+    with_items:
+      - python-fmn
+      - python-fmn-web
     when: not testing
   - name: yum update FMN packages from testing repo
     yum: pkg={{ item }} state=latest enablerepo=infrastructure-testing
@@ -80,10 +83,10 @@
     - fmn-worker@4
 
   - name: Upgrade the database
-    command: /usr/bin/alembic -c /usr/share/fmn.lib/alembic.ini upgrade head
+    command: /usr/bin/alembic -c /usr/share/fmn/alembic.ini upgrade head
     when: env != "staging"
     args:
-      chdir: /usr/share/fmn.lib/
+      chdir: /usr/share/fmn/
 
   - name: Re-start the workers and the backend
     service: name={{ item }} state=started

roles/base/tasks/main.yml

@@ -233,7 +233,7 @@
    - iptables/iptables.{{ host_group }}
    - iptables/iptables.{{ env }}
    - iptables/iptables
-  when: not inventory_hostname.startswith(('fed-cloud','osbs'))
+  when: baseiptables == true
   notify:
   - restart iptables
   - reload libvirtd
@@ -248,6 +248,7 @@
   - iptables
   - service
   - base
+  when: baseiptables == true
 
 - name: ip6tables
   template: src={{ item }} dest=/etc/sysconfig/ip6tables mode=0600 backup=yes
@@ -257,7 +258,7 @@
    - iptables/ip6tables.{{ host_group }}
    - iptables/ip6tables.{{ env }}
    - iptables/ip6tables
-  when: not inventory_hostname.startswith('fed-cloud09')
+  when: baseiptables == true
   notify:
   - restart ip6tables
   - reload libvirtd
@@ -272,6 +273,7 @@
   - ip6tables
   - service
   - base
+  when: baseiptables == true
 
 - name: enable journald persistence
   file: path=/var/log/journal state=directory

roles/bodhi2/base/tasks/main.yml

@@ -33,6 +33,16 @@
   - config
   - bodhi
 
+- name: Configure alembic
+  template:
+    src: alembic.ini
+    dest: /etc/bodhi/alembic.ini
+    owner: bodhi
+    group: root
+  tags:
+  - config
+  - bodhi
+
 - name: setup basic /etc/bodhi/ contents (production)
   template: >
     src="production.ini.j2"

roles/bodhi2/base/templates/alembic.ini

@@ -0,0 +1,59 @@
+# A generic, single database configuration.
+
+[alembic]
+# path to migration scripts
+script_location = /usr/share/bodhi/alembic
+
+# template used to generate migration files
+# file_template = %%(rev)s_%%(slug)s
+
+# set to 'true' to run the environment during
+# the 'revision' command, regardless of autogenerate
+# revision_environment = false
+
+# Don't bother, this is obtained from the Bodhi config file
+sqlalchemy.url = sqlite://bodhi.db
+
+# Set to true to aquire the global DDL lock for BDR
+# See http://bdr-project.org/docs/stable/ddl-replication-advice.html
+{% if env == 'staging' %}
+bdr = true
+{% else %}
+bdr = false
+{% endif %}
+
+
+# Logging configuration
+[loggers]
+keys = root,sqlalchemy,alembic
+
+[handlers]
+keys = console
+
+[formatters]
+keys = generic
+
+[logger_root]
+level = WARN
+handlers = console
+qualname =
+
+[logger_sqlalchemy]
+level = WARN
+handlers =
+qualname = sqlalchemy.engine
+
+[logger_alembic]
+level = INFO
+handlers =
+qualname = alembic
+
+[handler_console]
+class = StreamHandler
+args = (sys.stderr,)
+level = NOTSET
+formatter = generic
+
+[formatter_generic]
+format = %(levelname)-5.5s [%(name)s] %(message)s
+datefmt = %H:%M:%S

roles/bodhi2/base/templates/staging.ini.j2

@@ -397,7 +397,7 @@ debugtoolbar.hosts = 127.0.0.1 ::1
 ##
 ## Database
 ##
-sqlalchemy.url = postgresql://bodhi2:{{ bodhi2PasswordSTG }}@db-bodhi/bodhi2
+sqlalchemy.url = postgresql://bodhi2:{{ bodhi2PasswordSTG }}@pgbdr.stg.phx2.fedoraproject.org/bodhi2
 
 ##
 ## Templates

roles/fas_server/templates/fas.cfg.j2

@@ -76,9 +76,9 @@ ipa_sync_certfile = '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt'
 
 # Usernames that are unavailable for fas allocation
 {% if env == "staging" %}
-username_blacklist = "abuse,accounts,adm,admin,amanda,apache,askfedora,asterisk,axk4545,bin,board,bodhi,bodhi2,canna,census,chair,chairman,containerbuild,cvsdirsec,cvsdocs,cvseclipse,cvsextras,cvsfont,daemon,dbus,decode,desktop,dgilmore,directors,dovecot,dumper,fama,famsco,fas,fas_sync,fax,fedora,fedorarewards,fesco,freemedia,ftbfs,ftp,ftpadm,ftpadmin,ftpsync,games,gdm,gnomebackup,gopher,gregdek,halt,hostmaster,hotness,ident,info,ingres,jaboutboul,jan,jwf,keys,kojiadmin,ldap,legal,logo,lp,m8y,mail,mailnull,manager,marketing,masher,masta,mirrormanager,mysql,nagios,named,netdump,news,newsadm,newsadmin,nfsnobody,nobody,noc,notifications,nrpe,nscd,ntp,nut,openvideo,operator,packager,patrick,pcap,pkgdb,pkgsigner,postfix,postgres,postmaster,press,privoxy,pvm,quagga,radiusd,radvd,relnotes,relrod,rel-eng,root,rpc,rpcuser,rpm,rsc,s3-mirror,sales,scholarship,secalert,secondary-signer,security,server-wg,shutdown,smmsp,spevack,squid,sshd,support,sync,system,tickets,toor,updates,usenet,uucp,vcsa,vendors,vendor-support,voting,webalizer,webmaster,wikiadmin,wnn,www,xfs,zabbix"
+username_blacklist = "abuse,accounts,adm,admin,amanda,apache,askfedora,asterisk,axk4545,bin,board,bodhi,bodhi2,canna,census,chair,chairman,containerbuild,cvsdirsec,cvsdocs,cvseclipse,cvsextras,cvsfont,daemon,dbus,decode,desktop,dgilmore,directors,dovecot,dumper,fama,famsco,fas,fas_sync,fax,fedora,fedorarewards,fesco,freemedia,freshmaker,ftbfs,ftp,ftpadm,ftpadmin,ftpsync,games,gdm,gnomebackup,gopher,gregdek,halt,hostmaster,hotness,ident,info,ingres,jaboutboul,jan,jwf,keys,kojiadmin,ldap,legal,logo,lp,m8y,mail,mailnull,manager,marketing,masher,masta,mirrormanager,mysql,nagios,named,netdump,news,newsadm,newsadmin,nfsnobody,nobody,noc,notifications,nrpe,nscd,ntp,nut,openvideo,operator,packager,patrick,pcap,pkgdb,pkgsigner,postfix,postgres,postmaster,press,privoxy,pvm,quagga,radiusd,radvd,relnotes,relrod,rel-eng,root,rpc,rpcuser,rpm,rsc,s3-mirror,sales,scholarship,secalert,secondary-signer,security,server-wg,shutdown,smmsp,spevack,squid,sshd,support,sync,system,tickets,toor,updates,usenet,uucp,vcsa,vendors,vendor-support,voting,webalizer,webmaster,wikiadmin,wnn,www,xfs,zabbix"
 {% else %}
-username_blacklist = "abuse,accounts,adm,admin,amanda,apache,askfedora,asterisk,axk4545,bin,board,bodhi,bodhi2,canna,census,chair,chairman,containerbuild,cvsdirsec,cvsdocs,cvseclipse,cvsextras,cvsfont,daemon,dbus,decode,desktop,dgilmore,directors,dovecot,dumper,fama,famsco,fas,fax,fedora,fedorarewards,fesco,freemedia,ftbfs,ftp,ftpadm,ftpadmin,ftpsync,games,gdm,gnomebackup,gopher,gregdek,halt,hostmaster,hotness,ident,info,ingres,jaboutboul,jan,jwf,keys,kojiadmin,ldap,legal,logo,lp,m8y,mail,mailnull,manager,marketing,masher,masta,mirrormanager,mysql,nagios,named,netdump,news,newsadm,newsadmin,nfsnobody,nobody,noc,notifications,nrpe,nscd,ntp,nut,openvideo,operator,packager,patrick,pcap,pkgdb,pkgsigner,postfix,postgres,postmaster,press,privoxy,pvm,quagga,radiusd,radvd,relnotes,relrod,rel-eng,root,rpc,rpcuser,rpm,rsc,s3-mirror,sales,scholarship,secalert,secondary-signer,security,server-wg,shutdown,smmsp,spevack,squid,sshd,support,sync,system,tickets,toor,updates,usenet,uucp,vcsa,vendors,vendor-support,voting,webalizer,webmaster,wikiadmin,wnn,www,xfs,zabbix"
+username_blacklist = "abuse,accounts,adm,admin,amanda,apache,askfedora,asterisk,axk4545,bin,board,bodhi,bodhi2,canna,census,chair,chairman,containerbuild,cvsdirsec,cvsdocs,cvseclipse,cvsextras,cvsfont,daemon,dbus,decode,desktop,dgilmore,directors,dovecot,dumper,fama,famsco,fas,fax,fedora,fedorarewards,fesco,freemedia,freshmaker,ftbfs,ftp,ftpadm,ftpadmin,ftpsync,games,gdm,gnomebackup,gopher,gregdek,halt,hostmaster,hotness,ident,info,ingres,jaboutboul,jan,jwf,keys,kojiadmin,ldap,legal,logo,lp,m8y,mail,mailnull,manager,marketing,masher,masta,mirrormanager,mysql,nagios,named,netdump,news,newsadm,newsadmin,nfsnobody,nobody,noc,notifications,nrpe,nscd,ntp,nut,openvideo,operator,packager,patrick,pcap,pkgdb,pkgsigner,postfix,postgres,postmaster,press,privoxy,pvm,quagga,radiusd,radvd,relnotes,relrod,rel-eng,root,rpc,rpcuser,rpm,rsc,s3-mirror,sales,scholarship,secalert,secondary-signer,security,server-wg,shutdown,smmsp,spevack,squid,sshd,support,sync,system,tickets,toor,updates,usenet,uucp,vcsa,vendors,vendor-support,voting,webalizer,webmaster,wikiadmin,wnn,www,xfs,zabbix"
 {% endif %}
 email_domain_blacklist = "{{ fas_blocked_emails }}"
 

roles/jenkins/master/files/jenkins.logrotate

@@ -0,0 +1,9 @@
+/var/log/jenkins/jenkins.log {
+    rotate 5
+    weekly
+    compress
+    delaycompress
+    missingok
+    notifempty
+    copytruncate
+}

roles/jenkins/master/tasks/main.yml

@@ -56,6 +56,15 @@
    - jenkins/master
    - config
 
+- name: install jenkins logrotate file
+  copy: >
+    src="jenkins.logrotate"
+    dest="/etc/logrotate.d/jenkins"
+  tags:
+  - jenkins
+  - jenkins/master
+  - config
+
 - name: install jenkins launcher config file
   copy: >
     src="jenkins.conf"

roles/notifs/backend/tasks/main.yml

@@ -4,7 +4,7 @@
 - name: install needed packages
   yum: pkg={{ item }} state=present
   with_items:
-  - python-fmn-consumer
+  - python-fmn
   - python-psycopg2
   - libsemanage-python
   # Needed to produce nice long emails about koji builds
@@ -16,7 +16,6 @@
 - name: install backend and sse packages
   yum: pkg={{ item }} state=present
   with_items:
-  - python-fmn
   - python-fmn-sse
   when: env == "staging"
   tags:
@@ -48,22 +47,10 @@
   - notifs
   - notifs/backend
 
-- name: copy the alembic configuration for DBAs
-  template: >
-    src=alembic.ini dest=/usr/share/fmn.lib/alembic.ini
-    owner=root group=sysadmin-dba mode=0660
-  when: env != "staging"
-  notify:
-  - restart fedmsg-hub
-  tags:
-  - notifs
-  - notifs/backend
-
 - name: copy the alembic configuration for DBAs
   template: >
     src=alembic.ini dest=/usr/share/fmn/alembic.ini
     owner=root group=sysadmin-dba mode=0660
-  when: env == "staging"
   notify:
   - restart fedmsg-hub
   tags:

roles/notifs/backend/templates/alembic.ini

@@ -2,11 +2,7 @@
 
 [alembic]
 # path to migration scripts
-{% if env == 'staging' %}
 script_location = /usr/share/fmn/alembic/
-{% else %}
-script_location = /usr/share/fmn.lib/alembic/
-{% endif %}
 
 # template used to generate migration files
 # file_template = %%(rev)s_%%(slug)s

roles/openvpn/server/tasks/main.yml

@@ -9,9 +9,9 @@
   - packages
   - openvpn
 
-- name: Create the /etc/openvpn/ccd/ directory
+- name: Create the /etc/openvpn/server/ccd/ directory
   file: >
-    dest=/etc/openvpn/ccd/
+    dest=/etc/openvpn/server/ccd/
     mode=0755
     owner=root
     group=root
@@ -44,7 +44,7 @@
   - openvpn
 
 - name: Install the ccd files
-  copy: src=ccd/ dest=/etc/openvpn/ccd/
+  copy: src=ccd/ dest=/etc/openvpn/server/ccd/
   tags:
   - openvpn
 

roles/releng/files/branched

@@ -1,3 +1,4 @@
 # branched compose
 MAILTO=releng-cron@lists.fedoraproject.org
 15 7 * * * root TMPDIR=`mktemp -d /tmp/branched.XXXXXX` && cd $TMPDIR && git clone https://pagure.io/pungi-fedora.git && cd pungi-fedora && git checkout f26 && LANG=en_US.UTF-8 ./nightly.sh && sudo -u ftpsync /usr/local/bin/update-fullfiletimelist -l /pub/fedora-secondary/update-fullfiletimelist.lock -t /pub fedora fedora-secondary
+15 18 * * * root TMPDIR=`mktemp -d /tmp/branched-modular.XXXXXX` && cd $TMPDIR && git clone https://pagure.io/pungi-fedora.git && cd pungi-fedora && git checkout f26 && LANG=en_US.UTF-8 ./nightly-modular.sh