diff --git a/inventory/group_vars/bastion b/inventory/group_vars/bastion index 3857bfaf05..371b16b727 100644 --- a/inventory/group_vars/bastion +++ b/inventory/group_vars/bastion @@ -23,7 +23,7 @@ custom_rules: [ # TODO - remove modularity-wg membership here once it is not longer needed: # https://fedorahosted.org/fedora-infrastructure/ticket/5363 -fas_client_groups: sysadmin-ask,sysadmin-web,sysadmin-main,sysadmin-cvs,sysadmin-build,sysadmin-noc,sysadmin-releng,sysadmin-dba,sysadmin-hosted,sysadmin-tools,sysadmin-spin,sysadmin-cloud,fi-apprentice,sysadmin-darkserver,sysadmin-badges,sysadmin-troubleshoot,sysadmin-qa,sysadmin-centos,sysadmin-ppc,sysadmin-koschei,sysadmin-secondary,sysadmin-fedimg,sysadmin-veteran,modularity-wg,pungi-devel +fas_client_groups: sysadmin-ask,sysadmin-web,sysadmin-main,sysadmin-cvs,sysadmin-build,sysadmin-noc,sysadmin-releng,sysadmin-dba,sysadmin-hosted,sysadmin-tools,sysadmin-spin,sysadmin-cloud,fi-apprentice,sysadmin-darkserver,sysadmin-badges,sysadmin-troubleshoot,sysadmin-qa,sysadmin-centos,sysadmin-ppc,sysadmin-koschei,sysadmin-secondary,sysadmin-fedimg,sysadmin-veteran,sysadmin-mbs,modularity-wg,pungi-devel # # This is a postfix gateway. This will pick up gateway postfix config in base diff --git a/inventory/group_vars/batcave b/inventory/group_vars/batcave index 831fc78b2a..6f6635c168 100644 --- a/inventory/group_vars/batcave +++ b/inventory/group_vars/batcave @@ -8,7 +8,7 @@ tcp_ports: [ 80, 443 ] # Neeed for rsync from log01 for logs. custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] -fas_client_groups: sysadmin-ask,sysadmin-build,sysadmin-cvs,sysadmin-main,sysadmin-web,sysadmin-noc,sysadmin-hosted,sysadmin-releng,sysadmin-qa,sysadmin-tools,sysadmin-cloud,sysadmin-bot,sysadmin-centos,sysadmin-koschei,sysadmin-datanommer,sysadmin-fedimg,fi-apprentice,sysadmin-regcfp,sysadmin-badges,sysadmin-veteran +fas_client_groups: sysadmin-ask,sysadmin-build,sysadmin-cvs,sysadmin-main,sysadmin-web,sysadmin-noc,sysadmin-hosted,sysadmin-releng,sysadmin-qa,sysadmin-tools,sysadmin-cloud,sysadmin-bot,sysadmin-centos,sysadmin-koschei,sysadmin-datanommer,sysadmin-fedimg,fi-apprentice,sysadmin-regcfp,sysadmin-badges,sysadmin-mbs,sysadmin-veteran ansible_base: /srv/web/infra freezes: false diff --git a/inventory/group_vars/mbs-backend b/inventory/group_vars/mbs-backend index ea4277ecdc..8fcb2d61b4 100644 --- a/inventory/group_vars/mbs-backend +++ b/inventory/group_vars/mbs-backend @@ -12,7 +12,7 @@ freezes: false tcp_ports: [ 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007 ] -fas_client_groups: sysadmin-noc,sysadmin-releng +fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-mbs # These people get told when something goes wrong. fedmsg_error_recipients: diff --git a/inventory/group_vars/mbs-backend-stg b/inventory/group_vars/mbs-backend-stg index 6c5c3b397b..61a8439cb7 100644 --- a/inventory/group_vars/mbs-backend-stg +++ b/inventory/group_vars/mbs-backend-stg @@ -12,7 +12,7 @@ freezes: false tcp_ports: [ 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007 ] -fas_client_groups: sysadmin-noc,sysadmin-releng +fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-mbs # These people get told when something goes wrong. fedmsg_error_recipients: diff --git a/inventory/group_vars/mbs-frontend b/inventory/group_vars/mbs-frontend index b84a047deb..4faa37c74a 100644 --- a/inventory/group_vars/mbs-frontend +++ b/inventory/group_vars/mbs-frontend @@ -19,7 +19,7 @@ tcp_ports: [ 80 ] # Neeed for rsync from log01 for logs. custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] -fas_client_groups: sysadmin-noc,sysadmin-releng +fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-mbs # These are consumed by a task in roles/fedmsg/base/main.yml fedmsg_certs: diff --git a/inventory/group_vars/mbs-frontend-stg b/inventory/group_vars/mbs-frontend-stg index 0b692933c7..883c69116c 100644 --- a/inventory/group_vars/mbs-frontend-stg +++ b/inventory/group_vars/mbs-frontend-stg @@ -19,7 +19,7 @@ tcp_ports: [ 80 ] # Neeed for rsync from log01 for logs. custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] -fas_client_groups: sysadmin-noc,sysadmin-releng +fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-mbs # These are consumed by a task in roles/fedmsg/base/main.yml fedmsg_certs: diff --git a/inventory/group_vars/qa-stg b/inventory/group_vars/qa-stg index 8cc1ddeb7d..61aeaa1100 100644 --- a/inventory/group_vars/qa-stg +++ b/inventory/group_vars/qa-stg @@ -69,6 +69,10 @@ buildslave_password: '{{ qa_stg_buildslave_password }}' deployment_type: qa-stg tcp_ports: [ 80, 222, 443, "{{ buildslave_port }}", 3306 ] +# for downloading taskotron images +imagesdir: /var/lib/diskimages +slaves_group: apache + # static sites static_sites: - name: "{{ inventory_hostname }}" @@ -79,6 +83,11 @@ static_sites: document_root: /srv/content/docs external_name: "docs.{{ external_hostname }}" + - name: "images.{{ inventory_hostname }}" + document_root: /srv/content/images + external_name: "images.{{ external_hostname }}" + + sslonly: false freezes: false diff --git a/inventory/host_vars/download-ib02.fedoraproject.org b/inventory/host_vars/download-ib02.fedoraproject.org deleted file mode 100644 index 069d24eefd..0000000000 --- a/inventory/host_vars/download-ib02.fedoraproject.org +++ /dev/null @@ -1,26 +0,0 @@ ---- -nm: 255.255.255.128 -gw: 152.19.134.129 -dns: 8.8.8.8 -ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-ext -ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ -volgroup: /dev/vg_ibiblio04 -eth0_ip: 152.19.134.195 -eth0_nm: 255.255.255.128 -has_ipv6: yes -eth0_ipv6: "2610:28:3090:3001:5054:ff:fed9:f194" -eth0_ipv6_gw: "2610:28:3090:3001::1" - -vmhost: ibiblio04.fedoraproject.org -datacenter: ibiblio -postfix_group: vpn -vpn: true - -tcp_ports: [80, 443, 873] -rsyncd_conf: "rsyncd.conf.download-{{ datacenter }}" -nrpe_procs_warn: 900 -nrpe_procs_crit: 1000 - -lvm_size: 20000 -mem_size: 8192 -num_cpus: 4 diff --git a/inventory/host_vars/noc02.fedoraproject.org b/inventory/host_vars/noc02.fedoraproject.org index 845c9c901d..04d336bacd 100644 --- a/inventory/host_vars/noc02.fedoraproject.org +++ b/inventory/host_vars/noc02.fedoraproject.org @@ -2,9 +2,9 @@ nm: 255.255.255.128 gw: 152.19.134.129 dns: 152.2.21.1 -ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7 +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-ext ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ -volgroup: /dev/vg_ibiblio04 +volgroup: /dev/vg_guests eth0_ip: 152.19.134.192 eth0_nm: 255.255.255.128 has_ipv6: yes diff --git a/inventory/host_vars/unbound-ib01.fedoraproject.org b/inventory/host_vars/unbound-ib01.fedoraproject.org index e2a03a264b..e4bee61dd7 100644 --- a/inventory/host_vars/unbound-ib01.fedoraproject.org +++ b/inventory/host_vars/unbound-ib01.fedoraproject.org @@ -2,9 +2,9 @@ nm: 255.255.255.128 gw: 152.19.134.129 dns: 152.2.21.1 -ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7 +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-ext ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ -volgroup: /dev/vg_ibiblio04 +volgroup: /dev/vg_guests eth0_ip: 152.19.134.150 eth0_nm: 255.255.255.128 vmhost: ibiblio04.fedoraproject.org diff --git a/playbooks/groups/qa.yml b/playbooks/groups/qa.yml index 345c2bab82..2cab02eb9b 100644 --- a/playbooks/groups/qa.yml +++ b/playbooks/groups/qa.yml @@ -108,6 +108,9 @@ tags: - qastaticsites + roles: + - { role: taskotron/imagefactory-client, tags: ['imagefactoryclient']} + handlers: - include: "{{ handlers }}/restart_services.yml" diff --git a/playbooks/manual/upgrade/koschei.yml b/playbooks/manual/upgrade/koschei.yml index 1104e1398c..6847978394 100644 --- a/playbooks/manual/upgrade/koschei.yml +++ b/playbooks/manual/upgrade/koschei.yml @@ -1,5 +1,5 @@ - name: verify koschei frontend - hosts: "{{ koschei_web_hosts | default('koschei-web') }}" + hosts: "{{ koschei_web_hosts | default('koschei-web:koschei-web-stg') }}" vars_files: - /srv/web/infra/ansible/vars/global.yml - /srv/private/ansible/vars.yml @@ -11,7 +11,7 @@ - koschei/frontend - name: verify koschei backend - hosts: "{{ koschei_backend_hosts | default('koschei-backend') }}" + hosts: "{{ koschei_backend_hosts | default('koschei-backend:koschei-backend-stg') }}" vars_files: - /srv/web/infra/ansible/vars/global.yml - /srv/private/ansible/vars.yml @@ -22,7 +22,7 @@ - koschei/backend - name: upgrade koschei backend - hosts: "{{ koschei_backend_hosts | default('koschei-backend') }}" + hosts: "{{ koschei_backend_hosts | default('koschei-backend:koschei-backend-stg') }}" vars_files: - /srv/web/infra/ansible/vars/global.yml - /srv/private/ansible/vars.yml @@ -60,7 +60,7 @@ - koschei-backend-fedora - name: upgrade koschei frontend - hosts: "{{ koschei_web_hosts | default('koschei-web') }}" + hosts: "{{ koschei_web_hosts | default('koschei-web:koschei-web-stg') }}" vars_files: - /srv/web/infra/ansible/vars/global.yml - /srv/private/ansible/vars.yml @@ -92,7 +92,7 @@ - koschei-frontend-fedora - name: run DB migration - hosts: "{{ koschei_backend_hosts | default('koschei-backend') }}" + hosts: "{{ koschei_backend_hosts | default('koschei-backend:koschei-backend-stg') }}" vars_files: - /srv/web/infra/ansible/vars/global.yml - /srv/private/ansible/vars.yml @@ -104,7 +104,7 @@ command: alembic -c /usr/share/koschei/alembic.ini upgrade head - name: restart koschei frontend - hosts: "{{ koschei_web_hosts | default('koschei-web') }}" + hosts: "{{ koschei_web_hosts | default('koschei-web:koschei-web-stg') }}" vars_files: - /srv/web/infra/ansible/vars/global.yml - /srv/private/ansible/vars.yml @@ -116,7 +116,7 @@ - koschei/frontend - name: restart koschei backend - hosts: "{{ koschei_backend_hosts | default('koschei-backend') }}" + hosts: "{{ koschei_backend_hosts | default('koschei-backend:koschei-backend-stg') }}" vars_files: - /srv/web/infra/ansible/vars/global.yml - /srv/private/ansible/vars.yml @@ -127,13 +127,13 @@ - koschei/backend - name: Check whether backend update happened - hosts: "{{ koschei_backend_hosts | default('koschei-backend') }}" + hosts: "{{ koschei_backend_hosts | default('koschei-backend:koschei-backend-stg') }}" tasks: - assert: that: backend_upgrade.changed - name: Check whether frontend update happened - hosts: "{{ koschei_web_hosts | default('koschei-web') }}" + hosts: "{{ koschei_web_hosts | default('koschei-web:koschei-web-stg') }}" tasks: - assert: that: frontend_upgrade.changed diff --git a/roles/copr/dist_git/tasks/main.yml b/roles/copr/dist_git/tasks/main.yml index f5b4cefa08..f011ab0927 100644 --- a/roles/copr/dist_git/tasks/main.yml +++ b/roles/copr/dist_git/tasks/main.yml @@ -12,7 +12,7 @@ user: name="copr-dist-git" group=copr-dist-git groups=cvsadmin,packager uid=1001 - name: create user for copr-dist-git service - user: name="copr-service" group=copr-service groups=packager,docker generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa uid=1002 + user: name="copr-service" group=copr-service groups=packager,docker,apache,mock generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa uid=1002 - name: enable copr dist-git repo shell: "dnf -y copr enable clime/dist-git" @@ -35,8 +35,6 @@ - rdiff-backup - tmpwatch -- user: append=yes name="copr-service" groups=apache,mock - - name: install copr-dist-git dnf: state=latest name={{ item }} with_items: diff --git a/roles/mbs/frontend/tasks/main.yml b/roles/mbs/frontend/tasks/main.yml index 761318c437..4db785e0c7 100644 --- a/roles/mbs/frontend/tasks/main.yml +++ b/roles/mbs/frontend/tasks/main.yml @@ -47,3 +47,13 @@ - mbs - mbs/frontend - selinux + +- name: make httpd logs world readable + file: + name: /var/log/httpd + state: directory + mode: 0755 + tags: + - mbs + - mbs/frontend + diff --git a/roles/nagios/server/files/nagios/services/file_age.cfg b/roles/nagios/server/files/nagios/services/file_age.cfg index b7c65fc693..d258e3f10a 100644 --- a/roles/nagios/server/files/nagios/services/file_age.cfg +++ b/roles/nagios/server/files/nagios/services/file_age.cfg @@ -1,5 +1,5 @@ define service { - host_name mirrorlist-osuosl, mirrorlist-ibiblio, mirrorlist-ibiblio02, mirrorlist-phx2, mirrorlist-host1plus, mirrorlist-dedicatedsolutions + host_name mirrorlist-osuosl, mirrorlist-ibiblio02, mirrorlist-phx2, mirrorlist-host1plus, mirrorlist-dedicatedsolutions service_description Check MirrorList Cache check_command check_by_nrpe!check_mirrorlist_cache use defaulttemplate