From c92f1e007765ed864c330cc3c5efa56f7b24e042 Mon Sep 17 00:00:00 2001 From: Stephen Smoogen Date: Wed, 22 Feb 2017 20:47:31 +0000 Subject: [PATCH 01/14] oh what a world.. what a world. --- roles/nagios/server/files/nagios/services/file_age.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nagios/server/files/nagios/services/file_age.cfg b/roles/nagios/server/files/nagios/services/file_age.cfg index b7c65fc693..d258e3f10a 100644 --- a/roles/nagios/server/files/nagios/services/file_age.cfg +++ b/roles/nagios/server/files/nagios/services/file_age.cfg @@ -1,5 +1,5 @@ define service { - host_name mirrorlist-osuosl, mirrorlist-ibiblio, mirrorlist-ibiblio02, mirrorlist-phx2, mirrorlist-host1plus, mirrorlist-dedicatedsolutions + host_name mirrorlist-osuosl, mirrorlist-ibiblio02, mirrorlist-phx2, mirrorlist-host1plus, mirrorlist-dedicatedsolutions service_description Check MirrorList Cache check_command check_by_nrpe!check_mirrorlist_cache use defaulttemplate From 0f1dce0cfd46340be1d6df215d267b8b4da2ad3e Mon Sep 17 00:00:00 2001 From: Stephen Smoogen Date: Wed, 22 Feb 2017 21:28:48 +0000 Subject: [PATCH 02/14] clean up ibiblio04 guests to correct vg group --- .../host_vars/download-ib02.fedoraproject.org | 26 ------------------- inventory/host_vars/noc02.fedoraproject.org | 2 +- .../host_vars/unbound-ib01.fedoraproject.org | 2 +- 3 files changed, 2 insertions(+), 28 deletions(-) delete mode 100644 inventory/host_vars/download-ib02.fedoraproject.org diff --git a/inventory/host_vars/download-ib02.fedoraproject.org b/inventory/host_vars/download-ib02.fedoraproject.org deleted file mode 100644 index 069d24eefd..0000000000 --- a/inventory/host_vars/download-ib02.fedoraproject.org +++ /dev/null @@ -1,26 +0,0 @@ ---- -nm: 255.255.255.128 -gw: 152.19.134.129 -dns: 8.8.8.8 -ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-ext -ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ -volgroup: /dev/vg_ibiblio04 -eth0_ip: 152.19.134.195 -eth0_nm: 255.255.255.128 -has_ipv6: yes -eth0_ipv6: "2610:28:3090:3001:5054:ff:fed9:f194" -eth0_ipv6_gw: "2610:28:3090:3001::1" - -vmhost: ibiblio04.fedoraproject.org -datacenter: ibiblio -postfix_group: vpn -vpn: true - -tcp_ports: [80, 443, 873] -rsyncd_conf: "rsyncd.conf.download-{{ datacenter }}" -nrpe_procs_warn: 900 -nrpe_procs_crit: 1000 - -lvm_size: 20000 -mem_size: 8192 -num_cpus: 4 diff --git a/inventory/host_vars/noc02.fedoraproject.org b/inventory/host_vars/noc02.fedoraproject.org index 845c9c901d..f9dbbd95e3 100644 --- a/inventory/host_vars/noc02.fedoraproject.org +++ b/inventory/host_vars/noc02.fedoraproject.org @@ -4,7 +4,7 @@ gw: 152.19.134.129 dns: 152.2.21.1 ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7 ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ -volgroup: /dev/vg_ibiblio04 +volgroup: /dev/vg_guests eth0_ip: 152.19.134.192 eth0_nm: 255.255.255.128 has_ipv6: yes diff --git a/inventory/host_vars/unbound-ib01.fedoraproject.org b/inventory/host_vars/unbound-ib01.fedoraproject.org index e2a03a264b..4187987142 100644 --- a/inventory/host_vars/unbound-ib01.fedoraproject.org +++ b/inventory/host_vars/unbound-ib01.fedoraproject.org @@ -4,7 +4,7 @@ gw: 152.19.134.129 dns: 152.2.21.1 ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7 ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ -volgroup: /dev/vg_ibiblio04 +volgroup: /dev/vg_guests eth0_ip: 152.19.134.150 eth0_nm: 255.255.255.128 vmhost: ibiblio04.fedoraproject.org From e470c2e15934dea085a3be5e8d70cbbc80a46919 Mon Sep 17 00:00:00 2001 From: Stephen Smoogen Date: Wed, 22 Feb 2017 22:58:43 +0000 Subject: [PATCH 03/14] how did this ever work? --- inventory/host_vars/noc02.fedoraproject.org | 2 +- inventory/host_vars/unbound-ib01.fedoraproject.org | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/inventory/host_vars/noc02.fedoraproject.org b/inventory/host_vars/noc02.fedoraproject.org index f9dbbd95e3..04d336bacd 100644 --- a/inventory/host_vars/noc02.fedoraproject.org +++ b/inventory/host_vars/noc02.fedoraproject.org @@ -2,7 +2,7 @@ nm: 255.255.255.128 gw: 152.19.134.129 dns: 152.2.21.1 -ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7 +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-ext ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ volgroup: /dev/vg_guests eth0_ip: 152.19.134.192 diff --git a/inventory/host_vars/unbound-ib01.fedoraproject.org b/inventory/host_vars/unbound-ib01.fedoraproject.org index 4187987142..e4bee61dd7 100644 --- a/inventory/host_vars/unbound-ib01.fedoraproject.org +++ b/inventory/host_vars/unbound-ib01.fedoraproject.org @@ -2,7 +2,7 @@ nm: 255.255.255.128 gw: 152.19.134.129 dns: 152.2.21.1 -ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7 +ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-ext ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ volgroup: /dev/vg_guests eth0_ip: 152.19.134.150 From 7e5425c2c50298985ef6cad7278d1b2b1269f30c Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Thu, 23 Feb 2017 15:06:46 +0000 Subject: [PATCH 04/14] Give sysadmin-mbs access through bastion. --- inventory/group_vars/bastion | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory/group_vars/bastion b/inventory/group_vars/bastion index 3857bfaf05..371b16b727 100644 --- a/inventory/group_vars/bastion +++ b/inventory/group_vars/bastion @@ -23,7 +23,7 @@ custom_rules: [ # TODO - remove modularity-wg membership here once it is not longer needed: # https://fedorahosted.org/fedora-infrastructure/ticket/5363 -fas_client_groups: sysadmin-ask,sysadmin-web,sysadmin-main,sysadmin-cvs,sysadmin-build,sysadmin-noc,sysadmin-releng,sysadmin-dba,sysadmin-hosted,sysadmin-tools,sysadmin-spin,sysadmin-cloud,fi-apprentice,sysadmin-darkserver,sysadmin-badges,sysadmin-troubleshoot,sysadmin-qa,sysadmin-centos,sysadmin-ppc,sysadmin-koschei,sysadmin-secondary,sysadmin-fedimg,sysadmin-veteran,modularity-wg,pungi-devel +fas_client_groups: sysadmin-ask,sysadmin-web,sysadmin-main,sysadmin-cvs,sysadmin-build,sysadmin-noc,sysadmin-releng,sysadmin-dba,sysadmin-hosted,sysadmin-tools,sysadmin-spin,sysadmin-cloud,fi-apprentice,sysadmin-darkserver,sysadmin-badges,sysadmin-troubleshoot,sysadmin-qa,sysadmin-centos,sysadmin-ppc,sysadmin-koschei,sysadmin-secondary,sysadmin-fedimg,sysadmin-veteran,sysadmin-mbs,modularity-wg,pungi-devel # # This is a postfix gateway. This will pick up gateway postfix config in base From 70d198d45a1d7c7eb0e5838f06fcf3ddce590ffe Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Thu, 23 Feb 2017 15:09:49 +0000 Subject: [PATCH 05/14] Give sysadmin-mbs access to batcave01. --- inventory/group_vars/batcave | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory/group_vars/batcave b/inventory/group_vars/batcave index 831fc78b2a..6f6635c168 100644 --- a/inventory/group_vars/batcave +++ b/inventory/group_vars/batcave @@ -8,7 +8,7 @@ tcp_ports: [ 80, 443 ] # Neeed for rsync from log01 for logs. custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] -fas_client_groups: sysadmin-ask,sysadmin-build,sysadmin-cvs,sysadmin-main,sysadmin-web,sysadmin-noc,sysadmin-hosted,sysadmin-releng,sysadmin-qa,sysadmin-tools,sysadmin-cloud,sysadmin-bot,sysadmin-centos,sysadmin-koschei,sysadmin-datanommer,sysadmin-fedimg,fi-apprentice,sysadmin-regcfp,sysadmin-badges,sysadmin-veteran +fas_client_groups: sysadmin-ask,sysadmin-build,sysadmin-cvs,sysadmin-main,sysadmin-web,sysadmin-noc,sysadmin-hosted,sysadmin-releng,sysadmin-qa,sysadmin-tools,sysadmin-cloud,sysadmin-bot,sysadmin-centos,sysadmin-koschei,sysadmin-datanommer,sysadmin-fedimg,fi-apprentice,sysadmin-regcfp,sysadmin-badges,sysadmin-mbs,sysadmin-veteran ansible_base: /srv/web/infra freezes: false From dba02492dd8b62b55c469a467c7dd18d3cd97a5f Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Thu, 23 Feb 2017 15:16:34 +0000 Subject: [PATCH 06/14] Give sysadmin-mbs ssh access to mbs-frontend-stg. --- inventory/group_vars/mbs-frontend-stg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory/group_vars/mbs-frontend-stg b/inventory/group_vars/mbs-frontend-stg index 0b692933c7..883c69116c 100644 --- a/inventory/group_vars/mbs-frontend-stg +++ b/inventory/group_vars/mbs-frontend-stg @@ -19,7 +19,7 @@ tcp_ports: [ 80 ] # Neeed for rsync from log01 for logs. custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] -fas_client_groups: sysadmin-noc,sysadmin-releng +fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-mbs # These are consumed by a task in roles/fedmsg/base/main.yml fedmsg_certs: From 644f8de0f0e95618d147611b1059516a01e2fa35 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Kalu=C5=BEa?= Date: Thu, 23 Feb 2017 15:16:55 +0000 Subject: [PATCH 07/14] Give sysadmin-mbs access to mbs-backend --- inventory/group_vars/mbs-backend | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory/group_vars/mbs-backend b/inventory/group_vars/mbs-backend index ea4277ecdc..8fcb2d61b4 100644 --- a/inventory/group_vars/mbs-backend +++ b/inventory/group_vars/mbs-backend @@ -12,7 +12,7 @@ freezes: false tcp_ports: [ 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007 ] -fas_client_groups: sysadmin-noc,sysadmin-releng +fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-mbs # These people get told when something goes wrong. fedmsg_error_recipients: From 16ce748394e2565fa6ee92f8041cf31f0d8da972 Mon Sep 17 00:00:00 2001 From: Filip Valder Date: Thu, 23 Feb 2017 15:17:12 +0000 Subject: [PATCH 08/14] add sysadmin-mbs to fas_client_groups --- inventory/group_vars/mbs-backend-stg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory/group_vars/mbs-backend-stg b/inventory/group_vars/mbs-backend-stg index 6c5c3b397b..61a8439cb7 100644 --- a/inventory/group_vars/mbs-backend-stg +++ b/inventory/group_vars/mbs-backend-stg @@ -12,7 +12,7 @@ freezes: false tcp_ports: [ 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007 ] -fas_client_groups: sysadmin-noc,sysadmin-releng +fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-mbs # These people get told when something goes wrong. fedmsg_error_recipients: From 854eaecce1c8a58a6d00476e222d272716874e42 Mon Sep 17 00:00:00 2001 From: mprahl Date: Thu, 23 Feb 2017 15:17:07 +0000 Subject: [PATCH 09/14] Git sysadmin-mbs access to mbs-frontend --- inventory/group_vars/mbs-frontend | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory/group_vars/mbs-frontend b/inventory/group_vars/mbs-frontend index b84a047deb..4faa37c74a 100644 --- a/inventory/group_vars/mbs-frontend +++ b/inventory/group_vars/mbs-frontend @@ -19,7 +19,7 @@ tcp_ports: [ 80 ] # Neeed for rsync from log01 for logs. custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] -fas_client_groups: sysadmin-noc,sysadmin-releng +fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-mbs # These are consumed by a task in roles/fedmsg/base/main.yml fedmsg_certs: From 66fe261659f32b3a3c1936ada4d8ab2b1eba7e19 Mon Sep 17 00:00:00 2001 From: Tim Flink Date: Thu, 23 Feb 2017 15:41:36 +0000 Subject: [PATCH 10/14] adding imagefactory client to qa-stg --- inventory/group_vars/qa-stg | 8 ++++++++ playbooks/groups/qa.yml | 3 +++ 2 files changed, 11 insertions(+) diff --git a/inventory/group_vars/qa-stg b/inventory/group_vars/qa-stg index 8cc1ddeb7d..c630d93838 100644 --- a/inventory/group_vars/qa-stg +++ b/inventory/group_vars/qa-stg @@ -69,6 +69,9 @@ buildslave_password: '{{ qa_stg_buildslave_password }}' deployment_type: qa-stg tcp_ports: [ 80, 222, 443, "{{ buildslave_port }}", 3306 ] +# for downloading taskotron images +imagesdir: /var/lib/diskimages + # static sites static_sites: - name: "{{ inventory_hostname }}" @@ -79,6 +82,11 @@ static_sites: document_root: /srv/content/docs external_name: "docs.{{ external_hostname }}" + - name: "images.{{ inventory_hostname }}" + document_root: /srv/content/images + external_name: "images.{{ external_hostname }}" + + sslonly: false freezes: false diff --git a/playbooks/groups/qa.yml b/playbooks/groups/qa.yml index 345c2bab82..2cab02eb9b 100644 --- a/playbooks/groups/qa.yml +++ b/playbooks/groups/qa.yml @@ -108,6 +108,9 @@ tags: - qastaticsites + roles: + - { role: taskotron/imagefactory-client, tags: ['imagefactoryclient']} + handlers: - include: "{{ handlers }}/restart_services.yml" From c2158a2f65183aceecdb1b7e4a9e89a30c4531cc Mon Sep 17 00:00:00 2001 From: Tim Flink Date: Thu, 23 Feb 2017 15:46:44 +0000 Subject: [PATCH 11/14] forgot variable for imagefactoryclient --- inventory/group_vars/qa-stg | 1 + 1 file changed, 1 insertion(+) diff --git a/inventory/group_vars/qa-stg b/inventory/group_vars/qa-stg index c630d93838..61aeaa1100 100644 --- a/inventory/group_vars/qa-stg +++ b/inventory/group_vars/qa-stg @@ -71,6 +71,7 @@ tcp_ports: [ 80, 222, 443, "{{ buildslave_port }}", 3306 ] # for downloading taskotron images imagesdir: /var/lib/diskimages +slaves_group: apache # static sites static_sites: From cff1f923cf3408bf2a7751eb05ddd98712d33629 Mon Sep 17 00:00:00 2001 From: mprahl Date: Thu, 23 Feb 2017 15:55:47 +0000 Subject: [PATCH 12/14] Make httpd logs world readable on MBS --- roles/mbs/frontend/tasks/main.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/roles/mbs/frontend/tasks/main.yml b/roles/mbs/frontend/tasks/main.yml index 761318c437..4db785e0c7 100644 --- a/roles/mbs/frontend/tasks/main.yml +++ b/roles/mbs/frontend/tasks/main.yml @@ -47,3 +47,13 @@ - mbs - mbs/frontend - selinux + +- name: make httpd logs world readable + file: + name: /var/log/httpd + state: directory + mode: 0755 + tags: + - mbs + - mbs/frontend + From 90a56ab59d6fbc4a224fe76c9f60ebda0b03a088 Mon Sep 17 00:00:00 2001 From: clime Date: Thu, 23 Feb 2017 17:21:12 +0100 Subject: [PATCH 13/14] copr-dist-git: set groups for copr-service user at the point of its creation --- roles/copr/dist_git/tasks/main.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/roles/copr/dist_git/tasks/main.yml b/roles/copr/dist_git/tasks/main.yml index f5b4cefa08..f011ab0927 100644 --- a/roles/copr/dist_git/tasks/main.yml +++ b/roles/copr/dist_git/tasks/main.yml @@ -12,7 +12,7 @@ user: name="copr-dist-git" group=copr-dist-git groups=cvsadmin,packager uid=1001 - name: create user for copr-dist-git service - user: name="copr-service" group=copr-service groups=packager,docker generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa uid=1002 + user: name="copr-service" group=copr-service groups=packager,docker,apache,mock generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa uid=1002 - name: enable copr dist-git repo shell: "dnf -y copr enable clime/dist-git" @@ -35,8 +35,6 @@ - rdiff-backup - tmpwatch -- user: append=yes name="copr-service" groups=apache,mock - - name: install copr-dist-git dnf: state=latest name={{ item }} with_items: From 6c255a8285653989aa11a5734d1f544db0b50b11 Mon Sep 17 00:00:00 2001 From: Mikolaj Izdebski Date: Thu, 23 Feb 2017 16:32:27 +0000 Subject: [PATCH 14/14] Make it possible to run Koschei upgrade in staging --- playbooks/manual/upgrade/koschei.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/playbooks/manual/upgrade/koschei.yml b/playbooks/manual/upgrade/koschei.yml index 1104e1398c..6847978394 100644 --- a/playbooks/manual/upgrade/koschei.yml +++ b/playbooks/manual/upgrade/koschei.yml @@ -1,5 +1,5 @@ - name: verify koschei frontend - hosts: "{{ koschei_web_hosts | default('koschei-web') }}" + hosts: "{{ koschei_web_hosts | default('koschei-web:koschei-web-stg') }}" vars_files: - /srv/web/infra/ansible/vars/global.yml - /srv/private/ansible/vars.yml @@ -11,7 +11,7 @@ - koschei/frontend - name: verify koschei backend - hosts: "{{ koschei_backend_hosts | default('koschei-backend') }}" + hosts: "{{ koschei_backend_hosts | default('koschei-backend:koschei-backend-stg') }}" vars_files: - /srv/web/infra/ansible/vars/global.yml - /srv/private/ansible/vars.yml @@ -22,7 +22,7 @@ - koschei/backend - name: upgrade koschei backend - hosts: "{{ koschei_backend_hosts | default('koschei-backend') }}" + hosts: "{{ koschei_backend_hosts | default('koschei-backend:koschei-backend-stg') }}" vars_files: - /srv/web/infra/ansible/vars/global.yml - /srv/private/ansible/vars.yml @@ -60,7 +60,7 @@ - koschei-backend-fedora - name: upgrade koschei frontend - hosts: "{{ koschei_web_hosts | default('koschei-web') }}" + hosts: "{{ koschei_web_hosts | default('koschei-web:koschei-web-stg') }}" vars_files: - /srv/web/infra/ansible/vars/global.yml - /srv/private/ansible/vars.yml @@ -92,7 +92,7 @@ - koschei-frontend-fedora - name: run DB migration - hosts: "{{ koschei_backend_hosts | default('koschei-backend') }}" + hosts: "{{ koschei_backend_hosts | default('koschei-backend:koschei-backend-stg') }}" vars_files: - /srv/web/infra/ansible/vars/global.yml - /srv/private/ansible/vars.yml @@ -104,7 +104,7 @@ command: alembic -c /usr/share/koschei/alembic.ini upgrade head - name: restart koschei frontend - hosts: "{{ koschei_web_hosts | default('koschei-web') }}" + hosts: "{{ koschei_web_hosts | default('koschei-web:koschei-web-stg') }}" vars_files: - /srv/web/infra/ansible/vars/global.yml - /srv/private/ansible/vars.yml @@ -116,7 +116,7 @@ - koschei/frontend - name: restart koschei backend - hosts: "{{ koschei_backend_hosts | default('koschei-backend') }}" + hosts: "{{ koschei_backend_hosts | default('koschei-backend:koschei-backend-stg') }}" vars_files: - /srv/web/infra/ansible/vars/global.yml - /srv/private/ansible/vars.yml @@ -127,13 +127,13 @@ - koschei/backend - name: Check whether backend update happened - hosts: "{{ koschei_backend_hosts | default('koschei-backend') }}" + hosts: "{{ koschei_backend_hosts | default('koschei-backend:koschei-backend-stg') }}" tasks: - assert: that: backend_upgrade.changed - name: Check whether frontend update happened - hosts: "{{ koschei_web_hosts | default('koschei-web') }}" + hosts: "{{ koschei_web_hosts | default('koschei-web:koschei-web-stg') }}" tasks: - assert: that: frontend_upgrade.changed