Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Merge branch 'master' of /git/ansible

Browse source
This commit is contained in:
Stephen Smoogen 2015-02-24 20:27:43 +00:00
commit 49ff8d8912
24 changed files with 654 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

15
inventory/group_vars/ipsilon-stg Normal file
View file

@ -0,0 +1,15 @@
---
# Define resources for this group of hosts here.
lvm_size: 20000
mem_size: 1024
num_cpus: 2
# for systems that do not match the above - specify the same parameter in
# the host_vars/$hostname file
tcp_ports: [ 80, 443 ]
# Neeed for rsync from log01 for logs.
custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
fas_client_groups: sysadmin-main,sysadmin-accounts

12
inventory/host_vars/ipsilon01.stg.phx2.fedoraproject.org Normal file
View file

@ -0,0 +1,12 @@
---
nm: 255.255.255.0
gw: 10.5.126.254
dns: 10.5.126.21
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
volgroup: /dev/vg_guests
eth0_ip: 10.5.126.35
vmhost: virthost11.phx2.fedoraproject.org
datacenter: phx2

6
inventory/inventory
View file

@ -293,6 +293,9 @@ log01.phx2.fedoraproject.org
noc01.phx2.fedoraproject.org
noc02.fedoraproject.org
[ipsilon-stg]
ipsilon01.stg.phx2.fedoraproject.org
[dhcp]
dhcp01.phx2.fedoraproject.org
@ -466,6 +469,7 @@ hotness01.stg.phx2.fedoraproject.org
kerneltest01.stg.phx2.fedoraproject.org
koji01.stg.phx2.fedoraproject.org
mailman01.stg.phx2.fedoraproject.org
ipsilon01.stg.phx2.fedoraproject.org
notifs-backend01.stg.phx2.fedoraproject.org
notifs-web01.stg.phx2.fedoraproject.org
notifs-web02.stg.phx2.fedoraproject.org
@ -501,6 +505,8 @@ log01.phx2.fedoraproject.org
kojipkgs01.phx2.fedoraproject.org
ns03.phx2.fedoraproject.org
ns04.phx2.fedoraproject.org
db-qa01.qa.fedoraproject.org
proxy10.phx2.fedoraproject.org
[summershum]
summershum01.phx2.fedoraproject.org

68
playbooks/groups/ipsilon.yml Normal file
View file

@ -0,0 +1,68 @@
# create a new FedOAuth server
# NOTE: should be used with --limit most of the time
# NOTE: make sure there is room/space for this server on the vmhost
# NOTE: most of these vars_path come from group_vars/ipsilon* or from hostvars
- name: make ipsilon
hosts: ipsilon-stg
user: root
gather_facts: False
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
tasks:
- include: "{{ tasks }}/virt_instance_create.yml"
handlers:
- include: "{{ handlers }}/restart_services.yml"
- name: make the box be real
hosts: ipsilon-stg
user: root
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- base
- rkhunter
- denyhosts
- nagios_client
- hosts
- fas_client
- rsyncd
- sudo
- { role: openvpn/client,
when: env != "staging" }
tasks:
- include: "{{ tasks }}/yumrepos.yml"
- include: "{{ tasks }}/2fa_client.yml"
- include: "{{ tasks }}/motd.yml"
- include: "{{ tasks }}/apache.yml"
- include: "{{ tasks }}/mod_wsgi.yml"
handlers:
- include: "{{ handlers }}/restart_services.yml"
- name: deploy ipsilon itself
hosts: ipsilon-stg
user: root
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- "{{ vars_path }}/{{ ansible_distribution }}.yml"
roles:
- ipsilon
handlers:
- include: "{{ handlers }}/restart_services.yml"

4
roles/anitya/backend/files/backup-database
View file

@ -3,4 +3,8 @@
DB=$1
# Make our latest backup
/usr/bin/pg_dump -C $DB | /usr/bin/xz > /backups/$DB-$(date +%F).dump.xz
# Also, delete the backup from a few days ago.
rm -f /backups/$DB-$(date --date="3 days ago" +%F).dump.xz

10
roles/anitya/backend/tasks/main.yml
View file

@ -45,6 +45,16 @@
tags:
- anitya_backend
- name: Set up some cronjobs to backup databases as configured
template: >
src=cron-backup-database
dest=/etc/cron.d/cron-backup-database-{{ item }}
with_items:
- anitya
tags:
- cron
- postgresql
- name: Add our postgres config file.
copy: >
src={{ item }}

153
roles/fas_server/files/export-bugzilla Normal file
View file

@ -0,0 +1,153 @@
#!/usr/bin/python -t
__requires__ = 'TurboGears'
import pkg_resources
pkg_resources.require('CherryPy >= 2.0, < 3.0alpha')
import logging
logging.basicConfig()
import os
import sys
import getopt
import xmlrpclib
import smtplib
from email.Message import Message
import warnings
# Ignore DeprecationWarnings. This allows us to stop getting email
# from the cron job. We'll see the same warnings from the server starting up
warnings.simplefilter('ignore', DeprecationWarning)
import turbogears
import bugzilla
from turbogears import config
cfgfile = '/etc/export-bugzilla.cfg'
if os.access('./export-bugzilla.cfg', os.R_OK):
cfgfile = './export-bugzilla.cfg'
turbogears.update_config(configfile=cfgfile)
from turbogears.database import session
from fas.model import BugzillaQueue
BZSERVER = config.get('bugzilla.url', 'https://bugdev.devel.redhat.com/bugzilla-cvs/xmlrpc.cgi')
BZUSER = config.get('bugzilla.username')
BZPASS = config.get('bugzilla.password')
MAILSERVER = config.get('mail.server', 'localhost')
ADMINEMAIL = config.get('mail.admin_email', 'admin@fedoraproject.org')
NOTIFYEMAIL = config.get('mail.notify_email', ['admin@fedoraproject.org'])
if __name__ == '__main__':
opts, args = getopt.getopt(sys.argv[1:], '', ('usage', 'help'))
if len(args) != 2 or ('--usage','') in opts or ('--help','') in opts:
print """
Usage: export-bugzilla.py GROUP BUGZILLA_GROUP
"""
sys.exit(1)
ourGroup = args[0]
bzGroup = args[1]
server = bugzilla.Bugzilla(url=BZSERVER, user=BZUSER, password=BZPASS,
cookiefile=None, tokenfile=None)
bugzilla_queue = BugzillaQueue.query.join('group').filter_by(
name=ourGroup)
no_bz_account = []
for entry in bugzilla_queue:
# Make sure we have a record for this user in bugzilla
if entry.action == 'r':
# Remove the user's bugzilla group
try:
server.updateperms(entry.email, 'rem', bzGroup)
except xmlrpclib.Fault, e:
if e.faultCode == 51:
# It's okay, not having this user is equivalent to setting
# them to not have this group.
pass
else:
raise
elif entry.action == 'a':
# Make sure the user exists
try:
server.getuser(entry.email)
except xmlrpclib.Fault, e:
if e.faultCode == 51:
# This user doesn't have a bugzilla account yet
# add them to a list and we'll let them know.
no_bz_account.append(entry)
continue
else:
print 'Error:', e, entry.email, entry.person.human_name
raise
server.updateperms(entry.email, 'add', bzGroup)
else:
print 'Unrecognized action code: %s %s %s %s %s' % (entry.action,
entry.email, entry.person.human_name, entry.person.username, entry.group.name)
continue
# Remove them from the queue
session.delete(entry)
session.flush()
# Mail the people without bugzilla accounts
if '$USER' in NOTIFYEMAIL:
for person in no_bz_account:
smtplib.SMTP(MAILSERVER)
msg = Message()
message = '''Hello %(name)s,
As a Fedora packager, we grant you permissions to make changes to bugs in
bugzilla to all Fedora bugs. This lets you work together with other Fedora
developers in an easier fashion. However, to enable this functionality, we
need to have your bugzilla email address stored in the Fedora Account System.
At the moment you have:
%(email)s
which bugzilla is telling us is not an account in bugzilla. If you could
please set up an account in bugzilla with this address or change your email
address on your Fedora Account to match an existing bugzilla account this would
let us go forward.
Note: this message is being generated by an automated script. You'll continue
getting this message until the problem is resolved. Sorry for the
inconvenience.
Thank you,
The Fedora Account System
%(admin_email)s
''' % {'name': person.person.human_name, 'email': person.email,
'admin_email': ADMINEMAIL}
msg.add_header('To', person.email)
msg.add_header('From', ADMINEMAIL)
msg.add_header('Subject', 'Fedora Account System and Bugzilla Mismatch')
msg.set_payload(message)
smtp = smtplib.SMTP(MAILSERVER)
smtp.sendmail(ADMINEMAIL, [person.email], msg.as_string())
smtp.quit()
recipients = [e for e in NOTIFYEMAIL if e != '$USER']
if recipients and no_bz_account:
smtplib.SMTP(MAILSERVER)
msg = Message()
people = []
for person in no_bz_account:
if person.person.status == 'Active':
people.append(' %(user)s -- %(name)s -- %(email)s' %
{'name': person.person.human_name, 'email': person.email,
'user': person.person.username})
if people:
people = '\n'.join(people)
message = '''
The following people are in the packager group but do not have email addresses
that are valid in bugzilla:
%s
''' % people
msg.add_header('From', ADMINEMAIL)
msg.add_header('To', ', '.join(recipients))
msg.add_header('Subject', 'Fedora Account System and Bugzilla Mismatch')
msg.set_payload(message)
smtp = smtplib.SMTP(MAILSERVER)
smtp.sendmail(ADMINEMAIL, recipients, msg.as_string())
smtp.quit()

13
roles/fas_server/tasks/main.yml
View file

@ -288,6 +288,19 @@
tags:
- config
- name: HOTFIX fix the export-bugzilla cron to not store bugzilla token
copy: >
src="export-bugzilla"
dest="/usr/sbin/export-bugzilla"
owner=root
group=root
mode=0755
tags:
- config
- hotfix
- name: run export-bugzilla program
cron: >
name="export-bugzilla"

22
roles/hosts/files/taskotron-stg01.qa.fedoraproject.org-hosts Normal file
View file

@ -0,0 +1,22 @@
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.5.125.63 koji.fedoraproject.org
10.5.125.36 kojipkgs.fedoraproject.org
10.5.126.23 infrastructure.fedoraproject.org
10.5.125.44 pkgs.fedoraproject.org pkgs
#
# This is proxy01.phx2.fedoraproject.org
#
10.5.126.51 mirrors.fedoraproject.org
10.5.126.51 admin.fedoraproject.org
# there are some firewall issues ATM that make this IP for hub not work
# changing to a public IP as a workaround until firewall rules are changed
# 10.5.126.51 hub.fedoraproject.org
152.19.134.142 hub.fedoraproject.org
# for VPN
10.5.126.12 gateway.phx2.fedoraproject.org gateway bastion01.phx2.fedoraproject.org bastion01
10.5.126.11 bastion02.phx2.fedoraproject.org bastion02
# these are needed for the beaker-project repos
74.207.232.43 beaker-project.org

7
roles/ipsilon/files/templates/index.html Normal file
View file

@ -0,0 +1,7 @@
{% extends "layout.html" %}
{% block toptext %}
This is the Federated Open Authentication provider homepage.
{% endblock %}
{% block main %}
You will be redirected to this application whenever another application requires you to authenticate.
{% endblock %}

15
roles/ipsilon/files/templates/internalerror.html Normal file
View file

@ -0,0 +1,15 @@
{% extends "layout.html" %}
{% block toptext %}
500 - Internal Server Error
{% endblock %}
{% block main %}
{% if message: %}
<p>{{ message }}</p>
{% else %}
<p>Ipsilon encountered an unexpected internal error while trying to
fulfill your request.</p>
{% endif %}
<p>Please retry again.</p>
<p>If the error persists, contact the server administrator to resolve
the problem.</p>
{% endblock %}

35
roles/ipsilon/files/templates/layout.html Normal file
View file

@ -0,0 +1,35 @@
<!doctype html>
<html>
<head>
<meta charset="UTF-8">
<title>{{ title }}</title>
<link rel="shortcut icon" type="image/vnd.microsoft.icon"
href="//fedoraproject.org/static/images/favicon.ico"/>
<link rel="stylesheet" href="{{ basepath }}/ui/fedora/fedora.css">
<meta name="generator" content="Ipsilon">
{%- if heads %}
{%- for group, value in heads.items() %}
{%- for head in value %}
{{ head }}
{%- endfor %}
{%- endfor %}
{%- endif %}
</head>
<body>
<div class="header_bg">
<div class="body header">
<img id="logo" alt="logo" src="{{ basepath }}/ui/fedora/fedora-authn-logo-white.png"/>
</div>
</div>
<div class="body main">
<p id="toptext">{% block toptext %}{% endblock %}</p>
<div class="middlebox">
{% block main %}{% endblock %}
</div>
</div>
</body>
</html>

13
roles/ipsilon/files/templates/logout.html Normal file
View file

@ -0,0 +1,13 @@
{% extends "master.html" %}
{% block toptext %}
Logged out
{% endblock %}
{% block main %}
{% if user.name %}
<p>Something prevented a successful logout</p>
<p>You are still logged in as {{ user.fullname }}</p>
{% else %}
<p>Successfully logged out.</p>
<p>Return to <a href="{{ basepath }}/">Home</a> page</p>
{% endif %}
{% endblock %}

13
roles/ipsilon/files/templates/notfound.html Normal file
View file

@ -0,0 +1,13 @@
{% extends "layout.html" %}
{% block toptext %}
404 - Not Found
{% endblock %}
{% block main %}
{% if message: %}
<p>{{ message }}</p>
{% else %}
<p>This page does not exist.</p>
{% endif %}
<p>If you think this is an error, contact the server administrator to resolve
the problem.</p>
{% endblock %}

36
roles/ipsilon/files/templates/openid/consent_form.html Normal file
View file

@ -0,0 +1,36 @@
{% extends "layout.html" %}
{% block toptext %}
{{trustroot}} is asking to authenticate via OpenID using FedOAuth
{% endblock %}
{% block main %}
Review the authorization details
<div>
<form method="post" action="{{action}}" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="ipsilon_transaction_id" id="ipsilon_transaction_id" value="{{ ipsilon_transaction_id }}" />
<p class="form_item">
<table class="details">
{% for entry in authz_details|dictsort %}
<tr>
<td>{{entry[0]}}</td>
<td>{{entry[1]}}</td>
</tr>
{% endfor %}
<tr>
<td>Remember approval for</td>
<td><select name="remember_for_days">
<option value="0">never</option>
<option value="3">3 days</option>
<option value="7">7 days</option>
</select>
</td>
</tr>
</table>
</p>
<p class="form_item">
<input type="submit" name="decided_deny" value="Reject">
<input type="submit" name="decided_allow" value="Allow">
</p>
</form>
</div>
{% endblock %}

7
roles/ipsilon/files/templates/openid/userpage.html Normal file
View file

@ -0,0 +1,7 @@
{% extends "layout.html" %}
{% block toptext %}
This is the OpenID page for {{username}}.
{% endblock %}
{% block main %}
This page is primarily used internally
{% endblock %}

16
roles/ipsilon/files/templates/openid/xrds.xml Normal file
View file

@ -0,0 +1,16 @@
<?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)">
<XRD>
<Service>
{%- for t in types %}
<Type>{{ t }}</Type>
{%- endfor %}
{%- if uri %}
<URI>{{ uri }}</URI>
{%- endif %}
{%- if localid %}
<LocalID>{{ localid }}</LocalID>
{%- endif %}
</Service>
</XRD>
</xrds:XRDS>

59
roles/ipsilon/files/templates/persona/provisioning.html Normal file
View file

@ -0,0 +1,59 @@
{% extends "layout.html" %}
{% block toptext %}
This page is used internally
{% endblock %}
{% block main %}
<script type="text/javascript" src="https://login.persona.org/provisioning_api.js"></script>
<script type="text/javascript">
var xmlhttp = new XMLHttpRequest()
var loggedin = {{ loggedin|lower }};
xmlhttp.onreadystatechange = function()
{
if(xmlhttp.readyState == 4)
{
if(xmlhttp.status == 200)
{
navigator.id.registerCertificate(xmlhttp.responseText);
}
else if((xmlhttp.status == 401) || (xmlhttp.status == 403))
{
navigator.id.raiseProvisioningFailure('Error in provisioning!');
}
else
{
alert("Response code: " + xmlhttp.status);
alert("Response text: " + xmlhttp.responseText);
}
}
}
function generateServerSide(email, publicKey, certDuration, callback)
{
xmlhttp.open("POST", "Sign/", true);
xmlhttp.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
xmlhttp.send("email=" + encodeURIComponent(email)
+ "&publicKey=" + encodeURIComponent(publicKey)
+ "&certDuration=" + encodeURIComponent(certDuration));
}
function startProvisioning()
{
navigator.id.beginProvisioning(function(email, certDuration)
{
if(loggedin)
{
navigator.id.genKeyPair(function(publicKey)
{
generateServerSide(email, publicKey, certDuration);
});
} else {
navigator.id.raiseProvisioningFailure('user is not authenticated');
}
});
}
startProvisioning();
</script>
{% endblock %}

19
roles/ipsilon/files/templates/persona/signin_result.html Normal file
View file

@ -0,0 +1,19 @@
{% extends "layout.html" %}
{% block toptext %}
This page is used internally
{% endblock %}
{% block main %}
<script type="text/javascript" src="https://login.persona.org/authentication_api.js"></script>
<script type="text/javascript">
var loggedin = {{ loggedin|lower }};
if(loggedin)
{
navigator.id.beginAuthentication(function(email) {
navigator.id.completeAuthentication();
});
} else {
navigator.id.raiseAuthenticationFailure('User cancelled signon');
}
</script>
{% endblock %}

12
roles/ipsilon/files/templates/unauthorized.html Normal file
View file

@ -0,0 +1,12 @@
{% extends "layout.html" %}
{% block toptext %}
401 - Unauthorized
{% endblock %}
{% block main %}
{% if message: %}
<p>{{ message }}</p>
{% else %}
<p>Authentication was not succesful</p>
{% endif %}
<p><a href="{{ basepath }}/login" title="Login">Try to login again</a></p>
{% endblock %}

56
roles/ipsilon/tasks/main.yml Normal file
View file

@ -0,0 +1,56 @@
---
# Configuration for the ipsilon webapp
- name: clean yum metadata
command: yum clean all
tags:
- packages
- name: install needed packages
yum: pkg={{ item }} state=present
with_items:
- ipsilon
- ipsilon-authfas
- ipsilon-openid
- ipsilon-persona
- python-psycopg2
- libsemanage-python
tags:
- packages
- name: copy ipsilon templates
copy: src=templates
dest=/usr/share/ipsilon/templates-fedora
owner=ipsilon group=ipsilon mode=0666
- name: copy ipsilon configuration
template: src={{ item }}.cfg
dest=/etc/ipsilon/{{ item }}.cfg
owner=ipsilon group=ipsilon mode=0600
with_items:
- ipsilon
- configuration
tags:
- config
notify:
- restart apache
- name: copy persona private key
copy: src={{ private }}/files/ipsilon/persona.key dest=/etc/ipsilon/persona.key
owner=ipsilon group=ipsilon mode=0600
when: env != "staging"
- name: copy persona STG private key
copy: src={{ private }}/files/ipsilon/persona.stg.key dest=/etc/ipsilon/persona.stg.key
owner=ipsilon group=ipsilon mode=0600
when: env == "staging"
- name: set sebooleans so ipsilon can talk to the db
action: seboolean name=httpd_can_network_connect_db
state=true
persistent=true
- name: apply selinux type to the wsgi file
file: >
dest=/usr/sbin/ipsilon
setype=httpd_sys_content_t

40
roles/ipsilon/templates/configuration.cfg Normal file
View file

@ -0,0 +1,40 @@
[login_config]
global enabled=fas
{% if env == 'staging' %}
fas FAS url=https://admin.stg.fedoraproject.org/accounts/
{% else %}
fas FAS url=https://admin.fedoraproject.org/accounts/
{% endif %}
fas FAS Proxy client user Agent=Fedora Ipsilon
fas FAS Insecure Auth=False
[provider_config]
global enabled=persona,openid
{% if env == 'staging' %}
persona allowed domains=stg.fedoraproject.org
persona issuer domain=id.stg.fedoraproject.org
persona idp key file=/etc/ipsilon/persona.stg.key
{% else %}
persona allowed domains=fedoraproject.org
persona issuer domain=id.fedoraproject.org
persona idp key file=/etc/ipsilon/persona.key
{% endif %}
{% if env == 'staging' %}
openid database url="postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}.stg/{{ ipsilon_db_name }}"
openid endpoint url=https://id.stg.fedoraproject.org/openid/
openid identity url template=http://localhost/openid/id/%(username)s/
openid trusted roots=
{% else %}
openid database url="postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_name }}"
openid endpoint url=https://id.fedoraproject.org/openid/
openid identity url template=http://%(username)s.id.fedoraproject.org/
openid trusted roots=http://jenkins.cloud.fedoraproject.org/securityRealm/finishLogin,https://ask.fedoraproject.org/,https://fedorahosted.org/,https://badges.fedoraproject.org,https://apps.fedoraproject.org/tagger/,https://apps.fedoraproject.org/nuancier/,https://apps.fedoraproject.org/datagrepper/,https://apps.fedoraproject.org/calendar/,http://apps.fedoraproject.org/notifications/,http://copr.fedoraproject.org/,http://copr-fe.cloud.fedoraproject.org/,https://admin.fedoraproject.org/pkgdb/,https://admin.fedoraproject.org/voting/,https://apps.fedoraproject.org/github2fedmsg,https://admin.fedoraproject.org,https://apps.fedoraproject.org/,https://release-monitoring.org/
{% endif %}
openid untrusted roots=
openid enabled extensions=Teams,Attribute Exchange,CLAs,Simple Registration

22
roles/ipsilon/templates/ipsilon.cfg Normal file
View file

@ -0,0 +1,22 @@
[global]
debug = False
tools.log_request_response.on = False
template_dir = "/srv/ipsilon/templates"
log.screen = False
base.mount = ""
base.dir = "/usr/share/ipsilon"
admin.config.db = "configfile:///etc/ipsilon/configuration.cfg"
user.prefs.db = "configfile:///etc/ipsilon/configuration.cfg"
{% if env == 'staging' %}
transactions.db = "postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}.stg/{{ ipsilon_db_name }}"
{% else %}
transactions.db = "postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_name }}"
{% endif %}
tools.sessions.on = True
tools.sessions.name = "fedora_ipsilon_session_id"
tools.sessions.storage_type = "Sql"
tools.sessions.timeout = 60
tools.sessions.httponly = True
tools.sessions.secure = True

1
scripts/public-db-copy
View file

@ -8,3 +8,4 @@ scp db-datanommer02:/backups/datanommer-$(date +%F).dump.xz /srv/web/infra/db-du
scp db-koji01:/backups/koji-$(date +%F).dump.xz /srv/web/infra/db-dumps/koji.dump.xz
scp db01:/backups/pkgdb2-$(date +%F).dump.xz /srv/web/infra/db-dumps/pkgdb2.dump.xz
scp db01:/backups/fedoratagger-$(date +%F).dump.xz /srv/web/infra/db-dumps/fedoratagger.dump.xz
scp anitya-backend01:/backups/anitya-$(date +%F).dump.xz /srv/web/infra/db-dumps/anitya.dump.xz