Merge branch 'master' of /git/ansible
This commit is contained in:
Jan Kaluža
commit
6bb4ec0acf
26 changed files with 160 additions and 89 deletions
|
|
@ -1,14 +1,3 @@
|
|||
[rhel7-openshift-3.4]
|
||||
name = rhel7 openshift 3.4 $basearch
|
||||
baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-openshift-3.4-rpms/
|
||||
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
|
||||
|
||||
[rhel7-openshift-3.5]
|
||||
name = rhel7 openshift 3.5 $basearch
|
||||
baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-openshift-3.5-rpms/
|
||||
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
|
||||
|
||||
{% if env == 'staging' %}
|
||||
[rhel7-openshift-3.6]
|
||||
name = rhel7 openshift 3.6 $basearch
|
||||
baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-openshift-3.6-rpms/
|
||||
|
|
@ -19,4 +8,3 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
|
|||
name = rhel7 fast datapath $basearch
|
||||
baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-fast-datapath/
|
||||
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
|
||||
{% endif %}
|
||||
|
|
|
|||
|
|
@ -2,3 +2,4 @@
|
|||
host_group: os
|
||||
baseiptables: False
|
||||
no_http2: True
|
||||
nm_controlled_resolv: True
|
||||
|
|
|
|||
|
|
@ -2,3 +2,4 @@
|
|||
host_group: os
|
||||
baseiptables: False
|
||||
no_http2: True
|
||||
nm_controlled_resolv: True
|
||||
|
|
|
|||
|
|
@ -7,8 +7,8 @@ eth0_ip: 10.5.128.99
|
|||
vmhost: virthost11.phx2.fedoraproject.org
|
||||
datacenter: phx2
|
||||
|
||||
ks_url: http://infrastructure.phx2.fedoraproject.org/repo/rhel/ks/kvm-rhel-7
|
||||
ks_repo: http://infrastructure.phx2.fedoraproject.org/repo/rhel/RHEL7-x86_64/
|
||||
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-27
|
||||
ks_repo: http://10.5.126.23/pub/fedora/linux/releases/27/Server/x86_64/os/
|
||||
|
||||
# This is a generic list, monitored by collectd
|
||||
databases:
|
||||
|
|
@ -19,7 +19,7 @@ lvm_size: 500000
|
|||
mem_size: 16384
|
||||
max_mem_size: "{{ mem_size }}"
|
||||
num_cpus: 8
|
||||
fas_client_groups: sysadmin-dba,sysadmin-noc,sysadmin-veteran
|
||||
fas_client_groups: sysadmin-dba,sysadmin-noc,sysadmin-veteran,sysadmin-releng
|
||||
|
||||
# kernel SHMMAX value
|
||||
kernel_shmmax: 68719476736
|
||||
|
|
@ -44,8 +44,8 @@ shared_buffers: "8GB"
|
|||
effective_cache_size: "24GB"
|
||||
|
||||
# Keepalived variables
|
||||
keepalived_interface: eth0
|
||||
keepalived_priority: 50
|
||||
keepalived_ipaddress: 10.5.128.97/24
|
||||
keepalived_routerid: 18
|
||||
#keepalived_interface: eth0
|
||||
#keepalived_priority: 50
|
||||
#keepalived_ipaddress: 10.5.128.97/24
|
||||
#keepalived_routerid: 18
|
||||
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ dns: 10.5.126.21
|
|||
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7-osbs
|
||||
ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
|
||||
volgroup: /dev/vg_guests
|
||||
eth0_ip: 10.5.126.247
|
||||
eth0_ip: 10.5.126.246
|
||||
vmhost: virthost19.phx2.fedoraproject.org
|
||||
datacenter: phx2
|
||||
host_group: os
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ dns: 10.5.126.21
|
|||
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7-osbs
|
||||
ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
|
||||
volgroup: /dev/vg_virthost15
|
||||
eth0_ip: 10.5.126.164
|
||||
eth0_ip: 10.5.126.247
|
||||
vmhost: virthost15.phx2.fedoraproject.org
|
||||
datacenter: phx2
|
||||
host_group: os
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ dns: 10.5.126.21
|
|||
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7-osbs
|
||||
ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
|
||||
volgroup: /dev/vg_guests
|
||||
eth0_ip: 10.5.126.246
|
||||
eth0_ip: 10.5.126.248
|
||||
vmhost: virthost06.phx2.fedoraproject.org
|
||||
datacenter: phx2
|
||||
host_group: os-nodes
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ dns: 10.5.126.21
|
|||
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7-osbs
|
||||
ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
|
||||
volgroup: /dev/vg_guests
|
||||
eth0_ip: 10.5.126.248
|
||||
eth0_ip: 10.5.126.164
|
||||
vmhost: virthost19.phx2.fedoraproject.org
|
||||
datacenter: phx2
|
||||
host_group: os-nodes
|
||||
|
|
|
|||
|
|
@ -109,6 +109,7 @@ basset01.stg.phx2.fedoraproject.org
|
|||
bastion01.phx2.fedoraproject.org
|
||||
bastion02.phx2.fedoraproject.org
|
||||
bastion-comm01.qa.fedoraproject.org
|
||||
bastion13.fedoraproject.org
|
||||
|
||||
[blockerbugs]
|
||||
blockerbugs01.phx2.fedoraproject.org
|
||||
|
|
@ -321,6 +322,7 @@ db-qa-stg01.qa.fedoraproject.org
|
|||
db-fas01.stg.phx2.fedoraproject.org
|
||||
db01.stg.phx2.fedoraproject.org
|
||||
db03.stg.phx2.fedoraproject.org
|
||||
db-koji02.stg.phx2.fedoraproject.org
|
||||
|
||||
# postgresql bidirectional replication servers
|
||||
[pgbdr]
|
||||
|
|
@ -328,7 +330,6 @@ db03.stg.phx2.fedoraproject.org
|
|||
# postgresql bidirectional replication servers (stg)
|
||||
[pgbdr-stg]
|
||||
db-koji01.stg.phx2.fedoraproject.org
|
||||
db-koji02.stg.phx2.fedoraproject.org
|
||||
pgbdr01.stg.phx2.fedoraproject.org
|
||||
pgbdr02.stg.phx2.fedoraproject.org
|
||||
|
||||
|
|
|
|||
|
|
@ -18,8 +18,9 @@
|
|||
- fas_client
|
||||
- sudo
|
||||
- collectd/base
|
||||
- { role: openvpn/server, when: not inventory_hostname.startswith('bastion-comm01') }
|
||||
- { role: packager_alias, when: not inventory_hostname.startswith('bastion-comm01') }
|
||||
- { role: openvpn/server, when: not inventory_hostname.startswith('bastion-comm01') or inventory_hostname.startswith('bastion13') }
|
||||
- { role: openvpn/client, when: inventory_hostname.startswith('bastion13') }
|
||||
- { role: packager_alias, when: not inventory_hostname.startswith('bastion-comm01') or inventory_hostname.startswith('bastion13') }
|
||||
- opendkim
|
||||
|
||||
tasks:
|
||||
|
|
|
|||
|
|
@ -125,10 +125,10 @@
|
|||
- {
|
||||
role: ansible-ansible-openshift-ansible,
|
||||
cluster_inventory_filename: "cluster-inventory",
|
||||
openshift_release: "v3.5",
|
||||
openshift_release: "v3.6",
|
||||
openshift_ansible_path: "/root/openshift-ansible",
|
||||
openshift_ansible_playbook: "playbooks/byo/config.yml",
|
||||
openshift_ansible_version: "openshift-ansible-3.5.70-1",
|
||||
openshift_ansible_version: "openshift-ansible-3.6.173.0.81-1",
|
||||
openshift_ansible_ssh_user: root,
|
||||
openshift_ansible_install_examples: true,
|
||||
openshift_ansible_containerized_deploy: false,
|
||||
|
|
@ -162,6 +162,8 @@
|
|||
tasks:
|
||||
- name: enable nrpe for monitoring (noc01)
|
||||
iptables: action=insert chain=INPUT destination_port=5666 protocol=tcp source=10.5.126.41 state=present jump=ACCEPT
|
||||
tags:
|
||||
- iptables
|
||||
|
||||
- name: Post-Install master setup
|
||||
hosts: os-masters-stg:os-masters
|
||||
|
|
|
|||
|
|
@ -2,12 +2,12 @@
|
|||
# NOTE: should be used with --limit most of the time
|
||||
# NOTE: most of these vars_path come from group_vars/backup_server or from hostvars
|
||||
|
||||
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=db-koji01.stg.phx2.fedoraproject.org:db-koji02.stg.phx2.fedoraproject.org:pgbdr01.stg.phx2.fedoraproject.org:pgbdr02.stg.phx2.fedoraproject.org"
|
||||
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=db-koji01.stg.phx2.fedoraproject.org:pgbdr01.stg.phx2.fedoraproject.org:pgbdr02.stg.phx2.fedoraproject.org"
|
||||
|
||||
# Once the instance exists, configure it.
|
||||
|
||||
- name: configure postgresql server system
|
||||
hosts: db-koji01.stg.phx2.fedoraproject.org:db-koji02.stg.phx2.fedoraproject.org:pgbdr01.stg.phx2.fedoraproject.org:pgbdr02.stg.phx2.fedoraproject.org
|
||||
hosts: db-koji01.stg.phx2.fedoraproject.org:pgbdr01.stg.phx2.fedoraproject.org:pgbdr02.stg.phx2.fedoraproject.org
|
||||
user: root
|
||||
gather_facts: True
|
||||
|
||||
|
|
|
|||
|
|
@ -2,12 +2,12 @@
|
|||
# NOTE: should be used with --limit most of the time
|
||||
# NOTE: most of these vars_path come from group_vars/backup_server or from hostvars
|
||||
|
||||
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=db-datanommer01.phx2.fedoraproject.org:db-datanommer02.phx2.fedoraproject.org:db-qa01.qa.fedoraproject.org:db-koji01.phx2.fedoraproject.org:db-fas01.stg.phx2.fedoraproject.org:db-fas01.phx2.fedoraproject.org:db01.phx2.fedoraproject.org:db01.stg.phx2.fedoraproject.org:db-s390-koji01.s390.fedoraproject.org:db-arm-koji01.qa.fedoraproject.org:db-ppc-koji01.ppc.fedoraproject.org:db-qa-stg01.qa.fedoraproject.org:db-qa02.qa.fedoraproject.org"
|
||||
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=db-datanommer01.phx2.fedoraproject.org:db-datanommer02.phx2.fedoraproject.org:db-qa01.qa.fedoraproject.org:db-koji01.phx2.fedoraproject.org:db-fas01.stg.phx2.fedoraproject.org:db-fas01.phx2.fedoraproject.org:db01.phx2.fedoraproject.org:db01.stg.phx2.fedoraproject.org:db-s390-koji01.s390.fedoraproject.org:db-arm-koji01.qa.fedoraproject.org:db-ppc-koji01.ppc.fedoraproject.org:db-qa-stg01.qa.fedoraproject.org:db-qa02.qa.fedoraproject.org:db-koji02.stg.phx2.fedoraproject.org"
|
||||
|
||||
# Once the instance exists, configure it.
|
||||
|
||||
- name: configure postgresql server system
|
||||
hosts: db-datanommer01.phx2.fedoraproject.org:db-datanommer02.phx2.fedoraproject.org:db-qa01.qa.fedoraproject.org:db-koji01.phx2.fedoraproject.org:db-fas01.stg.phx2.fedoraproject.org:db-fas01.phx2.fedoraproject.org:db01.phx2.fedoraproject.org:db01.stg.phx2.fedoraproject.org:db-s390-koji01.s390.fedoraproject.org:db-arm-koji01.qa.fedoraproject.org:db-ppc-koji01.ppc.fedoraproject.org:db-qa-stg01.qa.fedoraproject.org:db-qa02.qa.fedoraproject.org
|
||||
hosts: db-datanommer01.phx2.fedoraproject.org:db-datanommer02.phx2.fedoraproject.org:db-qa01.qa.fedoraproject.org:db-koji01.phx2.fedoraproject.org:db-fas01.stg.phx2.fedoraproject.org:db-fas01.phx2.fedoraproject.org:db01.phx2.fedoraproject.org:db01.stg.phx2.fedoraproject.org:db-s390-koji01.s390.fedoraproject.org:db-arm-koji01.qa.fedoraproject.org:db-ppc-koji01.ppc.fedoraproject.org:db-qa-stg01.qa.fedoraproject.org:db-qa02.qa.fedoraproject.org:db-koji02.stg.phx2.fedoraproject.org
|
||||
user: root
|
||||
gather_facts: True
|
||||
|
||||
|
|
|
|||
|
|
@ -89,5 +89,18 @@
|
|||
- python2-dockerfile-parse
|
||||
when: env == "staging" and ansible_architecture != "ppc64"
|
||||
|
||||
- name: set releng user keytab
|
||||
copy:
|
||||
src: "{{private}}/files/keytabs/{{env}}/releng"
|
||||
dest: /etc/krb5.releng.keytab
|
||||
when: env == "staging"
|
||||
|
||||
- name: copy releng ssh key for rebuild fedpkg/distgit pushes
|
||||
copy:
|
||||
src: "{{private}}/files/releng/sshkeys/container-rebuild-staging"
|
||||
dest: /etc/pki/releng
|
||||
when: env == "staging"
|
||||
|
||||
|
||||
handlers:
|
||||
- import_tasks: "{{ handlers_path }}/restart_services.yml"
|
||||
|
|
|
|||
|
|
@ -283,8 +283,7 @@
|
|||
- role: httpd/website
|
||||
name: copr.fedoraproject.org
|
||||
ssl: true
|
||||
# We need sslonly=false because copr-cli hardcoded http
|
||||
sslonly: false
|
||||
sslonly: true
|
||||
cert_name: "{{wildcard_cert_name}}"
|
||||
|
||||
- role: httpd/website
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
#
|
||||
# Badge artists and badge developers should be pushing stuff to this repo:
|
||||
#
|
||||
# https://pagure.io/Fedora-Badges.git
|
||||
# https://pagure.io/fedora-badges.git
|
||||
#
|
||||
# This playbook will take any new content from there and push it out onto our
|
||||
# servers.
|
||||
|
|
@ -19,7 +19,7 @@
|
|||
|
||||
vars:
|
||||
tempdir: /var/tmp/badges-tempdir
|
||||
upstream: "https://pagure.io/Fedora-Badges.git"
|
||||
upstream: "https://pagure.io/fedora-badges.git"
|
||||
workingdir: /srv/web/infra/badges/
|
||||
|
||||
tasks:
|
||||
|
|
|
|||
|
|
@ -19,37 +19,35 @@
|
|||
- mjia
|
||||
- dcallagh
|
||||
- { role: openshift/object, app: waiverdb, template: secret.yml }
|
||||
#- { role: openshift/secret-file
|
||||
# , app: waiverdb
|
||||
# , secret_name: waiverdb-stg-secret
|
||||
# , key: client_secrets.json
|
||||
# , template: client_secrets.json
|
||||
# }
|
||||
# These secret roles also break if the secret already exists. Can only be run once.
|
||||
#- role: openshift/secret-file
|
||||
# app: waiverdb
|
||||
# secret_name: waiverdb-fedmsg-key
|
||||
# key: fedmsg-waiverdb.key
|
||||
# privatefile: fedmsg-certs/keys/waiverdb-waiverdb-web-waiverdb.app.os.stg.fedoraproject.org.key
|
||||
# when: env == "staging"
|
||||
#- role: openshift/secret-file
|
||||
# app: waiverdb
|
||||
# secret_name: waiverdb-fedmsg-crt
|
||||
# key: fedmsg-waiverdb.crt
|
||||
# privatefile: fedmsg-certs/keys/waiverdb-waiverdb-web-waiverdb.app.os.stg.fedoraproject.org.crt
|
||||
# when: env == "staging"
|
||||
#- role: openshift/secret-file
|
||||
# app: waiverdb
|
||||
# secret_name: waiverdb-fedmsg-key
|
||||
# key: fedmsg-waiverdb.key
|
||||
# privatefile: fedmsg-certs/keys/waiverdb-waiverdb-web-waiverdb.app.os.fedoraproject.org.key
|
||||
# when: env != "staging"
|
||||
#- role: openshift/secret-file
|
||||
# app: waiverdb
|
||||
# secret_name: waiverdb-fedmsg-crt
|
||||
# key: fedmsg-waiverdb.crt
|
||||
# privatefile: fedmsg-certs/keys/waiverdb-waiverdb-web-waiverdb.app.os.fedoraproject.org.crt
|
||||
# when: env != "staging"
|
||||
- role: openshift/secret-file
|
||||
app: waiverdb
|
||||
secret_name: waiverdb-stg-secret
|
||||
key: client_secrets.json
|
||||
template: client_secrets.json
|
||||
- role: openshift/secret-file
|
||||
app: waiverdb
|
||||
secret_name: waiverdb-fedmsg-key
|
||||
key: fedmsg-waiverdb.key
|
||||
privatefile: fedmsg-certs/keys/waiverdb-waiverdb-web-waiverdb.app.os.stg.fedoraproject.org.key
|
||||
when: env == "staging"
|
||||
- role: openshift/secret-file
|
||||
app: waiverdb
|
||||
secret_name: waiverdb-fedmsg-crt
|
||||
key: fedmsg-waiverdb.crt
|
||||
privatefile: fedmsg-certs/keys/waiverdb-waiverdb-web-waiverdb.app.os.stg.fedoraproject.org.crt
|
||||
when: env == "staging"
|
||||
- role: openshift/secret-file
|
||||
app: waiverdb
|
||||
secret_name: waiverdb-fedmsg-key
|
||||
key: fedmsg-waiverdb.key
|
||||
privatefile: fedmsg-certs/keys/waiverdb-waiverdb-web-waiverdb.app.os.fedoraproject.org.key
|
||||
when: env != "staging"
|
||||
- role: openshift/secret-file
|
||||
app: waiverdb
|
||||
secret_name: waiverdb-fedmsg-crt
|
||||
key: fedmsg-waiverdb.crt
|
||||
privatefile: fedmsg-certs/keys/waiverdb-waiverdb-web-waiverdb.app.os.fedoraproject.org.crt
|
||||
when: env != "staging"
|
||||
- { role: openshift/object, app: waiverdb, file: imagestream.yml }
|
||||
- { role: openshift/object, app: waiverdb, file: buildconfig.yml }
|
||||
- { role: openshift/object, app: waiverdb, template: configmap.yml }
|
||||
|
|
|
|||
|
|
@ -26,7 +26,12 @@ RELEASES = {'f27': {'topic': 'fedora',
|
|||
'from': 'f27-updates',
|
||||
'ostrees': [{'ref': 'fedora/27/%(arch)s/updates/atomic-host',
|
||||
'dest': os.path.join(ATOMICDEST, '27'),
|
||||
'arches': ['x86_64', 'ppc64le', 'aarch64']}],
|
||||
'arches': ['x86_64', 'ppc64le', 'aarch64']},
|
||||
{'ref': 'fedora/27/x86_64/updates/workstation',
|
||||
'dest': os.path.join(ATOMICDEST, 'workstation')},
|
||||
# Hack around for the fact that ostree on f25 doesn't know links
|
||||
{'ref': 'fedora/27/x86_64/workstation',
|
||||
'dest': os.path.join(ATOMICDEST, 'workstation')}],
|
||||
'to': [{'arches': ['x86_64', 'armhfp', 'source'],
|
||||
'dest': os.path.join(FEDORADEST, '27')},
|
||||
{'arches': ['aarch64', 'i386', 'ppc64', 'ppc64le', 's390x'],
|
||||
|
|
@ -36,7 +41,9 @@ RELEASES = {'f27': {'topic': 'fedora',
|
|||
'from': 'f27-updates-testing',
|
||||
'ostrees': [{'ref': 'fedora/27/%(arch)s/testing/atomic-host',
|
||||
'dest': os.path.join(ATOMICDEST, '27'),
|
||||
'arches': ['x86_64', 'ppc64le', 'aarch64']}],
|
||||
'arches': ['x86_64', 'ppc64le', 'aarch64']},
|
||||
{'ref': 'fedora/27/x86_64/testing/workstation',
|
||||
'dest': os.path.join(ATOMICDEST, 'workstation')}],
|
||||
'to': [{'arches': ['x86_64', 'armhfp', 'source'],
|
||||
'dest': os.path.join(FEDORADEST, 'testing', '27')},
|
||||
{'arches': ['aarch64', 'i386', 'ppc64', 'ppc64le', 's390x'],
|
||||
|
|
|
|||
|
|
@ -1,18 +1,18 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIC6jCCAdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu
|
||||
c2hpZnQtc2lnbmVyQDE1MDM0MjY1MDcwHhcNMTcwODIyMTgyODI2WhcNMjIwODIx
|
||||
MTgyODI3WjAmMSQwIgYDVQQDDBtvcGVuc2hpZnQtc2lnbmVyQDE1MDM0MjY1MDcw
|
||||
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8x8mVwkQA0pPPcMNUKwuz
|
||||
nthngidbnIK1KPN9OLEkudgxASVMYmNNjAMc1vz5YxGgRURr6AL+tQPLnFfn5GWD
|
||||
LbP3FkniCpkg5OAgZTTm9MWXQoO+HmFY7wGdBd9VQXOoVLovSL3IvrFqE9CReRLU
|
||||
FPA8/z7sZ+4fDSB9+Clk7BoVLiJ7NeD8BzcKHqe7CFt9PYgH2WtK5nOlduVDRjwv
|
||||
yOjACtzy1TXxAXec+1m0WkIfPdQ34enbd7U5b9T/jiuQVGp7RcrcQfHTqhyPeiXk
|
||||
yz/QGqXB4h9M0SZJVdx47zXVW+t8kA5i8VajDqFdZe8iwR7IIEEG+6WMJk/2JkaP
|
||||
c2hpZnQtc2lnbmVyQDE1MTE5MzYxMDUwHhcNMTcxMTI5MDYxNTA0WhcNMjIxMTI4
|
||||
MDYxNTA1WjAmMSQwIgYDVQQDDBtvcGVuc2hpZnQtc2lnbmVyQDE1MTE5MzYxMDUw
|
||||
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuURmWOArUMpoL5jg6YDrG
|
||||
xB2QarYLedX7C/iAheCn/LlRZue/gzmWcv/QFXOlZNZl6xyhzCxj36J73f0wNGI3
|
||||
nbulv6bkHefPLWSh0OgC26S1GhkwDzbZhm/XBXeUqvCtczAFplGvXOAjk5+OKj7Z
|
||||
busvm+QhFy4TAl31gwwVKGoRfA/VerKaM2MeWwqMb1vjd0jPUhIMZ0+lanwLqZ/u
|
||||
yvJuVxdzjCXR+KytGKiSLYgU7kS25zqj/55yvUujiLNOI3jVDvm9FoynlGzvDoA8
|
||||
e4DvAsWosqdJhZAkXJuXUtSWBZDPQgGNAzxkdrXY1wRDxXchUPgaqzOvma7FhwzJ
|
||||
AgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
|
||||
SIb3DQEBCwUAA4IBAQBIjnRqG7kc2x24F4fJoUKDOwmHXPpuwVNZwR/8PnBs1KWM
|
||||
xmvst3ZJJ7+ZgVuLxauO9pAK9aqlWTC0LkJIskIT6Jj5vbENDSycuxty7eadYVDM
|
||||
zvJdtR4vuxQ4qdMzM9xcAaY5hfyDzK3c8wzAPzq++blzcxJzVcszKp8+sVRy0o0g
|
||||
/4MVFPN0ddKqDXrBV5gQt+c3FLg7a2RVUhED523V3dRlui4nxy9C1M8BqMs6RDu9
|
||||
b9AA8KQCVwHTb/FWgKkEyZDcDK+Ph5Qrn6v9eKCyKpYabqbqc1W0Ugi93+JYdn5z
|
||||
vXDoM/KSvt0NR1JWEy3n3dATp4eHJAbGkCNNW5pW
|
||||
SIb3DQEBCwUAA4IBAQCUzIEDQDNrbu0DfGXtGwPzrE1m146C4K6ft3vVyOW2TdXb
|
||||
etak2gEsvTayNTyOBQGtgcvp+HhQhaJaHei5FzLqvmGXKpa8Q+od8NW7V5PZVZFN
|
||||
RyTOmxAH4Y9+4SOqvclR4zT/Wy89tw5vr34rfN/sxcNW3iB/5/ZAGbaYwoSK96wZ
|
||||
3zHgjLPBFTYMgeRjgw+RPr7TRP6w2Mko/wLPXw/Ki2lFNuCyBsBvY98j8viV4eBi
|
||||
xXe6ZdUd4zAOtStHWT6gVQVj3aEBTsPlYxpWsmczLPijoKoa7KKYxwfJPfFpLwQX
|
||||
ANtgvRRtXEysQ3fKEOyzkPCv2YQlmcNuErrMIvkA
|
||||
-----END CERTIFICATE-----
|
||||
|
|
|
|||
|
|
@ -0,0 +1,36 @@
|
|||
{% if rewrite %}
|
||||
RewriteEngine On
|
||||
RewriteRule ^{{remotepath}}$ %{REQUEST_URI}/ [R=301]
|
||||
|
||||
{% endif %}
|
||||
{% if header_scheme %}
|
||||
RequestHeader set X-Forwarded-Scheme https early
|
||||
RequestHeader set X-Scheme https early
|
||||
RequestHeader set X-Forwarded-Proto https early
|
||||
|
||||
{% endif %}
|
||||
{% if header_expect %}
|
||||
RequestHeader unset Expect early
|
||||
|
||||
{% endif %}
|
||||
{% if keephost %}
|
||||
ProxyPreserveHost On
|
||||
{% endif %}
|
||||
|
||||
{% if 'phx2' in inventory_hostname %}
|
||||
|
||||
{% if balancer_name is defined %}
|
||||
<Proxy "balancer://{{balancer_name}}">
|
||||
{% for member in balancer_members %}
|
||||
BalancerMember "{{ member }}/{{remotepath}}"
|
||||
{% endfor %}
|
||||
</Proxy>
|
||||
ProxyPass {{ localpath }} "balancer://{{balancer_name}}"
|
||||
{% else %}
|
||||
ProxyPass {{ localpath }} {{ proxyurl }}{{remotepath}}
|
||||
{% endif %}
|
||||
ProxyPassReverse {{ localpath }} {{ proxyurl }}{{remotepath}}
|
||||
|
||||
{% else %}
|
||||
Redirect 421 /
|
||||
{% endif %}
|
||||
|
|
@ -111,6 +111,7 @@ Plugins = fedmsg-koji-plugin runroot_hub hub_containerbuild
|
|||
|
||||
tag =
|
||||
user mbs/mbs.fedoraproject.org && tag module-* && package kernel shim grub2 fedora-release fedora-repos pesign :: allow
|
||||
user mbs/mbs.fedoraproject.org && fromtag module-* && package kernel shim grub2 fedora-release fedora-repos pesign :: allow
|
||||
user bodhi && tag *-override && package kernel shim grub2 fedora-release fedora-repos pesign :: allow
|
||||
has_perm autosign && fromtag *-pending && package kernel shim grub2 fedora-release fedora-repos pesign :: allow
|
||||
has_perm secure-boot && package kernel shim grub2 fedora-release fedora-repos pesign :: allow
|
||||
|
|
|
|||
|
|
@ -18,11 +18,12 @@
|
|||
src: "{{cert_src}}"
|
||||
dest: "{{cert_dest_dir}}/client.cert"
|
||||
owner: root
|
||||
mode: 0600
|
||||
group: "releng-team"
|
||||
mode: 0640
|
||||
|
||||
- name: install docker client key for registry
|
||||
copy:
|
||||
src: "{{key_src}}"
|
||||
dest: "{{cert_dest_dir}}/client.key"
|
||||
owner: root
|
||||
mode: 0600
|
||||
group: "releng-team"
|
||||
mode: 0640
|
||||
|
|
|
|||
|
|
@ -1,4 +1,8 @@
|
|||
{% if inventory_hostname.startswith('openqa') %}
|
||||
command[check_disk_/]=/usr/lib64/nagios/plugins/check_disk -w 10% -c 5% -p /
|
||||
{% else %}
|
||||
command[check_disk_/]=/usr/lib64/nagios/plugins/check_disk -w 15% -c 10% -p /
|
||||
{% endif %}
|
||||
command[check_disk_/boot]=/usr/lib64/nagios/plugins/check_disk -w 20% -c 10% -p /boot
|
||||
command[check_disk_/git]=/usr/lib64/nagios/plugins/check_disk -w 20% -c 10% -p /git
|
||||
command[check_disk_/mnt/koji]=/usr/lib64/nagios/plugins/check_disk -w 10% -c 5% -p /mnt/koji
|
||||
|
|
|
|||
|
|
@ -121,7 +121,7 @@ define service {
|
|||
define service {
|
||||
host_name status
|
||||
service_description http-status.fedoraproject.org
|
||||
check_command check_website!d6tcqd4og8l21.cloudfront.net!/index.html!All systems go
|
||||
check_command check_website_ssl!www.fedorastatus.org!/index.html!All systems go
|
||||
use websitetemplate
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -27,6 +27,22 @@ Alias /packages/images/icons /var/cache/fedoracommunity/packages/icons
|
|||
Alias /packages/images /usr/share/fedoracommunity/public/images
|
||||
Alias /packages/_res /usr/share/fedoracommunity/public/toscawidgets/resources/
|
||||
|
||||
Alias /packages/tw2/resources/tw2.jqplugins.ui/static /usr/lib/python2.7/site-packages/tw2/jqplugins/ui/static
|
||||
Alias /packages/tw2/resources/tw2.jquery/static /usr/lib/python2.7/site-packages/tw2/jquery/static
|
||||
Alias /packages/tw2/resources/fedoracommunity.connectors.widgets.widgets/static /usr/lib/python2.7/site-packages/fedoracommunity/connectors/widgets/static
|
||||
|
||||
<Directory /usr/lib/python2.7/site-packages/tw2/jqplugins/ui/static>
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
<Directory /usr/lib/python2.7/site-packages/tw2/jquery/static>
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
<Directory /usr/lib/python2.7/site-packages/fedoracommunity/connectors/widgets/static>
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
# Temporarily disabled until we can figure out how to get the moksha
|
||||
# javascript resources pulled in with `python setup.py archive_tw_resources`
|
||||
#Alias /community/toscawidgets /usr/share/fedoracommunity/public/toscawidgets
|
||||
|
|
|
|||
|
|
@ -14,14 +14,16 @@
|
|||
src: "{{private}}/files/koji/{{docker_cert_name}}.cert.pem"
|
||||
dest: "{{docker_cert_dir}}/client.cert"
|
||||
owner: root
|
||||
mode: 0600
|
||||
group: "releng-team"
|
||||
mode: 0640
|
||||
|
||||
- name: install docker client key for registry
|
||||
copy:
|
||||
src: "{{private}}/files/koji/{{docker_cert_name}}.key.pem"
|
||||
dest: "{{docker_cert_dir}}/client.key"
|
||||
owner: root
|
||||
mode: 0600
|
||||
group: "releng-team"
|
||||
mode: 0640
|
||||
|
||||
- name: start and enable docker
|
||||
service: name=docker state=started enabled=yes
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue