From 8f6855eea61a67e95cc5651671c46bb026c6fcf3 Mon Sep 17 00:00:00 2001 From: Pierre-Yves Chibon Date: Tue, 28 Nov 2017 11:55:30 +0100 Subject: [PATCH 01/27] Fedora-Badges renamed to fedora-badges Signed-off-by: Pierre-Yves Chibon --- playbooks/manual/push-badges.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/playbooks/manual/push-badges.yml b/playbooks/manual/push-badges.yml index 09f9137235..a7f0474d8a 100644 --- a/playbooks/manual/push-badges.yml +++ b/playbooks/manual/push-badges.yml @@ -2,7 +2,7 @@ # # Badge artists and badge developers should be pushing stuff to this repo: # -# https://pagure.io/Fedora-Badges.git +# https://pagure.io/fedora-badges.git # # This playbook will take any new content from there and push it out onto our # servers. @@ -19,7 +19,7 @@ vars: tempdir: /var/tmp/badges-tempdir - upstream: "https://pagure.io/Fedora-Badges.git" + upstream: "https://pagure.io/fedora-badges.git" workingdir: /srv/web/infra/badges/ tasks: From 99e5baf76ed771b0413a6ff1e07231d89dad4ec6 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Tue, 28 Nov 2017 15:39:37 +0000 Subject: [PATCH 02/27] Send HTTP/421 on kojipkgs on non-phx2 Signed-off-by: Patrick Uiterwijk --- .../templates/reversepassproxy.kojipkgs.conf | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 roles/httpd/reverseproxy/templates/reversepassproxy.kojipkgs.conf diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.kojipkgs.conf b/roles/httpd/reverseproxy/templates/reversepassproxy.kojipkgs.conf new file mode 100644 index 0000000000..e7d258a722 --- /dev/null +++ b/roles/httpd/reverseproxy/templates/reversepassproxy.kojipkgs.conf @@ -0,0 +1,36 @@ +{% if rewrite %} +RewriteEngine On +RewriteRule ^{{remotepath}}$ %{REQUEST_URI}/ [R=301] + +{% endif %} +{% if header_scheme %} +RequestHeader set X-Forwarded-Scheme https early +RequestHeader set X-Scheme https early +RequestHeader set X-Forwarded-Proto https early + +{% endif %} +{% if header_expect %} +RequestHeader unset Expect early + +{% endif %} +{% if keephost %} +ProxyPreserveHost On +{% endif %} + +{% if 'phx2' in inventory_hostname %} + +{% if balancer_name is defined %} + + {% for member in balancer_members %} + BalancerMember "{{ member }}/{{remotepath}}" + {% endfor %} + +ProxyPass {{ localpath }} "balancer://{{balancer_name}}" +{% else %} +ProxyPass {{ localpath }} {{ proxyurl }}{{remotepath}} +{% endif %} +ProxyPassReverse {{ localpath }} {{ proxyurl }}{{remotepath}} + +{% else %} +Redirect 421 / +{% endif %} From 4cc1a5deb5249fd6a4c66dca9769fde3313b27ab Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Tue, 28 Nov 2017 18:47:35 +0000 Subject: [PATCH 03/27] add policy to allow mbs to untag module builds in the secure-boot channel --- roles/koji_hub/templates/hub.conf.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/koji_hub/templates/hub.conf.j2 b/roles/koji_hub/templates/hub.conf.j2 index 29da36f6b1..a58c6d4b61 100644 --- a/roles/koji_hub/templates/hub.conf.j2 +++ b/roles/koji_hub/templates/hub.conf.j2 @@ -111,6 +111,7 @@ Plugins = fedmsg-koji-plugin runroot_hub hub_containerbuild tag = user mbs/mbs.fedoraproject.org && tag module-* && package kernel shim grub2 fedora-release fedora-repos pesign :: allow + user mbs/mbs.fedoraproject.org && fromtag module-* && package kernel shim grub2 fedora-release fedora-repos pesign :: allow user bodhi && tag *-override && package kernel shim grub2 fedora-release fedora-repos pesign :: allow has_perm autosign && fromtag *-pending && package kernel shim grub2 fedora-release fedora-repos pesign :: allow has_perm secure-boot && package kernel shim grub2 fedora-release fedora-repos pesign :: allow From 09746514b88bbed7f98a8b88b497052e10ee7f75 Mon Sep 17 00:00:00 2001 From: Stephen Smoogen Date: Tue, 28 Nov 2017 20:41:28 +0000 Subject: [PATCH 04/27] put in bastion13 and start building --- inventory/inventory | 1 + playbooks/groups/bastion.yml | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/inventory/inventory b/inventory/inventory index 8409ef6580..aa39cd537b 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -109,6 +109,7 @@ basset01.stg.phx2.fedoraproject.org bastion01.phx2.fedoraproject.org bastion02.phx2.fedoraproject.org bastion-comm01.qa.fedoraproject.org +bastion13.rdu2.fedoraproject.org [blockerbugs] blockerbugs01.phx2.fedoraproject.org diff --git a/playbooks/groups/bastion.yml b/playbooks/groups/bastion.yml index 41a4054c35..7ef1f059d9 100644 --- a/playbooks/groups/bastion.yml +++ b/playbooks/groups/bastion.yml @@ -18,8 +18,8 @@ - fas_client - sudo - collectd/base - - { role: openvpn/server, when: not inventory_hostname.startswith('bastion-comm01') } - - { role: packager_alias, when: not inventory_hostname.startswith('bastion-comm01') } + - { role: openvpn/server, when: not inventory_hostname.startswith('bastion-comm01') or inventory_hostname.startswith('bastion13') } + - { role: packager_alias, when: not inventory_hostname.startswith('bastion-comm01') or inventory_hostname.startswith('bastion13') } - opendkim tasks: From 47ba642bc8033b3740190d02494b5a599504a38c Mon Sep 17 00:00:00 2001 From: Stephen Smoogen Date: Tue, 28 Nov 2017 20:42:53 +0000 Subject: [PATCH 05/27] and make the name right --- ...stion13.fedoraproject.org => bastion13.rdu2.fedoraproject.org} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename inventory/host_vars/{bastion13.fedoraproject.org => bastion13.rdu2.fedoraproject.org} (100%) diff --git a/inventory/host_vars/bastion13.fedoraproject.org b/inventory/host_vars/bastion13.rdu2.fedoraproject.org similarity index 100% rename from inventory/host_vars/bastion13.fedoraproject.org rename to inventory/host_vars/bastion13.rdu2.fedoraproject.org From 76da2fe5ed1c86750f524fbc928223a5e344dcb7 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Tue, 28 Nov 2017 22:24:30 +0000 Subject: [PATCH 06/27] This is on SSL, and let's also use fs.o Signed-off-by: Patrick Uiterwijk --- roles/nagios_server/templates/nagios/services/websites.cfg.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nagios_server/templates/nagios/services/websites.cfg.j2 b/roles/nagios_server/templates/nagios/services/websites.cfg.j2 index dc329742da..4e657b486b 100644 --- a/roles/nagios_server/templates/nagios/services/websites.cfg.j2 +++ b/roles/nagios_server/templates/nagios/services/websites.cfg.j2 @@ -121,7 +121,7 @@ define service { define service { host_name status service_description http-status.fedoraproject.org - check_command check_website!d6tcqd4og8l21.cloudfront.net!/index.html!All systems go + check_command check_website_ssl!www.fedorastatus.org!/index.html!All systems go use websitetemplate } From dd0744fc2cda02813424ef3ad331d29ba71bf23a Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Tue, 28 Nov 2017 23:28:15 +0000 Subject: [PATCH 07/27] change db-koji02.stg to be a normal postgresql server running f27 --- .../host_vars/db-koji02.stg.phx2.fedoraproject.org | 12 ++++++------ playbooks/groups/postgresql-server-bdr.yml | 4 ++-- playbooks/groups/postgresql-server.yml | 4 ++-- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/inventory/host_vars/db-koji02.stg.phx2.fedoraproject.org b/inventory/host_vars/db-koji02.stg.phx2.fedoraproject.org index 9a5cd35549..6d7d56d14a 100644 --- a/inventory/host_vars/db-koji02.stg.phx2.fedoraproject.org +++ b/inventory/host_vars/db-koji02.stg.phx2.fedoraproject.org @@ -7,8 +7,8 @@ eth0_ip: 10.5.128.99 vmhost: virthost11.phx2.fedoraproject.org datacenter: phx2 -ks_url: http://infrastructure.phx2.fedoraproject.org/repo/rhel/ks/kvm-rhel-7 -ks_repo: http://infrastructure.phx2.fedoraproject.org/repo/rhel/RHEL7-x86_64/ +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-27 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/27/Server/x86_64/os/ # This is a generic list, monitored by collectd databases: @@ -44,8 +44,8 @@ shared_buffers: "8GB" effective_cache_size: "24GB" # Keepalived variables -keepalived_interface: eth0 -keepalived_priority: 50 -keepalived_ipaddress: 10.5.128.97/24 -keepalived_routerid: 18 +#keepalived_interface: eth0 +#keepalived_priority: 50 +#keepalived_ipaddress: 10.5.128.97/24 +#keepalived_routerid: 18 diff --git a/playbooks/groups/postgresql-server-bdr.yml b/playbooks/groups/postgresql-server-bdr.yml index ec3fe497c7..61cb8d0ea8 100644 --- a/playbooks/groups/postgresql-server-bdr.yml +++ b/playbooks/groups/postgresql-server-bdr.yml @@ -2,12 +2,12 @@ # NOTE: should be used with --limit most of the time # NOTE: most of these vars_path come from group_vars/backup_server or from hostvars -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=db-koji01.stg.phx2.fedoraproject.org:db-koji02.stg.phx2.fedoraproject.org:pgbdr01.stg.phx2.fedoraproject.org:pgbdr02.stg.phx2.fedoraproject.org" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=db-koji01.stg.phx2.fedoraproject.org:pgbdr01.stg.phx2.fedoraproject.org:pgbdr02.stg.phx2.fedoraproject.org" # Once the instance exists, configure it. - name: configure postgresql server system - hosts: db-koji01.stg.phx2.fedoraproject.org:db-koji02.stg.phx2.fedoraproject.org:pgbdr01.stg.phx2.fedoraproject.org:pgbdr02.stg.phx2.fedoraproject.org + hosts: db-koji01.stg.phx2.fedoraproject.org:pgbdr01.stg.phx2.fedoraproject.org:pgbdr02.stg.phx2.fedoraproject.org user: root gather_facts: True diff --git a/playbooks/groups/postgresql-server.yml b/playbooks/groups/postgresql-server.yml index 2557fe7c58..78352cc77b 100644 --- a/playbooks/groups/postgresql-server.yml +++ b/playbooks/groups/postgresql-server.yml @@ -2,12 +2,12 @@ # NOTE: should be used with --limit most of the time # NOTE: most of these vars_path come from group_vars/backup_server or from hostvars -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=db-datanommer01.phx2.fedoraproject.org:db-datanommer02.phx2.fedoraproject.org:db-qa01.qa.fedoraproject.org:db-koji01.phx2.fedoraproject.org:db-fas01.stg.phx2.fedoraproject.org:db-fas01.phx2.fedoraproject.org:db01.phx2.fedoraproject.org:db01.stg.phx2.fedoraproject.org:db-s390-koji01.s390.fedoraproject.org:db-arm-koji01.qa.fedoraproject.org:db-ppc-koji01.ppc.fedoraproject.org:db-qa-stg01.qa.fedoraproject.org:db-qa02.qa.fedoraproject.org" +- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=db-datanommer01.phx2.fedoraproject.org:db-datanommer02.phx2.fedoraproject.org:db-qa01.qa.fedoraproject.org:db-koji01.phx2.fedoraproject.org:db-fas01.stg.phx2.fedoraproject.org:db-fas01.phx2.fedoraproject.org:db01.phx2.fedoraproject.org:db01.stg.phx2.fedoraproject.org:db-s390-koji01.s390.fedoraproject.org:db-arm-koji01.qa.fedoraproject.org:db-ppc-koji01.ppc.fedoraproject.org:db-qa-stg01.qa.fedoraproject.org:db-qa02.qa.fedoraproject.org:db-koji02.stg.phx2.fedoraproject.org" # Once the instance exists, configure it. - name: configure postgresql server system - hosts: db-datanommer01.phx2.fedoraproject.org:db-datanommer02.phx2.fedoraproject.org:db-qa01.qa.fedoraproject.org:db-koji01.phx2.fedoraproject.org:db-fas01.stg.phx2.fedoraproject.org:db-fas01.phx2.fedoraproject.org:db01.phx2.fedoraproject.org:db01.stg.phx2.fedoraproject.org:db-s390-koji01.s390.fedoraproject.org:db-arm-koji01.qa.fedoraproject.org:db-ppc-koji01.ppc.fedoraproject.org:db-qa-stg01.qa.fedoraproject.org:db-qa02.qa.fedoraproject.org + hosts: db-datanommer01.phx2.fedoraproject.org:db-datanommer02.phx2.fedoraproject.org:db-qa01.qa.fedoraproject.org:db-koji01.phx2.fedoraproject.org:db-fas01.stg.phx2.fedoraproject.org:db-fas01.phx2.fedoraproject.org:db01.phx2.fedoraproject.org:db01.stg.phx2.fedoraproject.org:db-s390-koji01.s390.fedoraproject.org:db-arm-koji01.qa.fedoraproject.org:db-ppc-koji01.ppc.fedoraproject.org:db-qa-stg01.qa.fedoraproject.org:db-qa02.qa.fedoraproject.org:db-koji02.stg.phx2.fedoraproject.org user: root gather_facts: True From c924b3d04eb8fcd236b1087b741aee10b9d0f9ee Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Tue, 28 Nov 2017 23:31:49 +0000 Subject: [PATCH 08/27] update inventory too --- inventory/inventory | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory/inventory b/inventory/inventory index aa39cd537b..19cf39a589 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -322,6 +322,7 @@ db-qa-stg01.qa.fedoraproject.org db-fas01.stg.phx2.fedoraproject.org db01.stg.phx2.fedoraproject.org db03.stg.phx2.fedoraproject.org +db-koji02.stg.phx2.fedoraproject.org # postgresql bidirectional replication servers [pgbdr] @@ -329,7 +330,6 @@ db03.stg.phx2.fedoraproject.org # postgresql bidirectional replication servers (stg) [pgbdr-stg] db-koji01.stg.phx2.fedoraproject.org -db-koji02.stg.phx2.fedoraproject.org pgbdr01.stg.phx2.fedoraproject.org pgbdr02.stg.phx2.fedoraproject.org From a8c0d9b32d264a3b84b146ed54060510714d81af Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Tue, 28 Nov 2017 23:43:07 +0000 Subject: [PATCH 09/27] add sysadmin-releng to db-koji02.stg --- inventory/host_vars/db-koji02.stg.phx2.fedoraproject.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory/host_vars/db-koji02.stg.phx2.fedoraproject.org b/inventory/host_vars/db-koji02.stg.phx2.fedoraproject.org index 6d7d56d14a..c4f14f3aa6 100644 --- a/inventory/host_vars/db-koji02.stg.phx2.fedoraproject.org +++ b/inventory/host_vars/db-koji02.stg.phx2.fedoraproject.org @@ -19,7 +19,7 @@ lvm_size: 500000 mem_size: 16384 max_mem_size: "{{ mem_size }}" num_cpus: 8 -fas_client_groups: sysadmin-dba,sysadmin-noc,sysadmin-veteran +fas_client_groups: sysadmin-dba,sysadmin-noc,sysadmin-veteran,sysadmin-releng # kernel SHMMAX value kernel_shmmax: 68719476736 From 37903142548ca5e04cdbb5d35d9cc19c1fda692b Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Tue, 28 Nov 2017 23:55:26 +0000 Subject: [PATCH 10/27] COPR has had a lot of time to transfer to TLS. Now require it Signed-off-by: Patrick Uiterwijk --- playbooks/include/proxies-websites.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml index 3f3935e9cf..bc270fef58 100644 --- a/playbooks/include/proxies-websites.yml +++ b/playbooks/include/proxies-websites.yml @@ -283,8 +283,7 @@ - role: httpd/website name: copr.fedoraproject.org ssl: true - # We need sslonly=false because copr-cli hardcoded http - sslonly: false + sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website From 956d274a7b6d61942b8664fa6caf9e427cd0ccf2 Mon Sep 17 00:00:00 2001 From: Stephen Smoogen Date: Wed, 29 Nov 2017 01:22:10 +0000 Subject: [PATCH 11/27] and we need to fix this to be a different host --- ...ion13.rdu2.fedoraproject.org => bastion13.fedoraproject.org} | 0 inventory/inventory | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename inventory/host_vars/{bastion13.rdu2.fedoraproject.org => bastion13.fedoraproject.org} (100%) diff --git a/inventory/host_vars/bastion13.rdu2.fedoraproject.org b/inventory/host_vars/bastion13.fedoraproject.org similarity index 100% rename from inventory/host_vars/bastion13.rdu2.fedoraproject.org rename to inventory/host_vars/bastion13.fedoraproject.org diff --git a/inventory/inventory b/inventory/inventory index 19cf39a589..7e18e73372 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -109,7 +109,7 @@ basset01.stg.phx2.fedoraproject.org bastion01.phx2.fedoraproject.org bastion02.phx2.fedoraproject.org bastion-comm01.qa.fedoraproject.org -bastion13.rdu2.fedoraproject.org +bastion13.fedoraproject.org [blockerbugs] blockerbugs01.phx2.fedoraproject.org From f81cb66458b776a8baad62bdbc88dca5467d651e Mon Sep 17 00:00:00 2001 From: Stephen Smoogen Date: Wed, 29 Nov 2017 02:10:26 +0000 Subject: [PATCH 12/27] put the openvpn client on bastion13 --- playbooks/groups/bastion.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/playbooks/groups/bastion.yml b/playbooks/groups/bastion.yml index 7ef1f059d9..368cbbd211 100644 --- a/playbooks/groups/bastion.yml +++ b/playbooks/groups/bastion.yml @@ -19,6 +19,7 @@ - sudo - collectd/base - { role: openvpn/server, when: not inventory_hostname.startswith('bastion-comm01') or inventory_hostname.startswith('bastion13') } + - { role: openvpn/client, when: inventory_hostname.startswith('bastion13') } - { role: packager_alias, when: not inventory_hostname.startswith('bastion-comm01') or inventory_hostname.startswith('bastion13') } - opendkim From 314339d79cb9aa86bf426572b5b42730fac60fb8 Mon Sep 17 00:00:00 2001 From: Ricky Elrod Date: Wed, 29 Nov 2017 02:37:02 +0000 Subject: [PATCH 13/27] see if this works - openshift 3.6 on prod Signed-off-by: Ricky Elrod --- playbooks/groups/os-cluster.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/playbooks/groups/os-cluster.yml b/playbooks/groups/os-cluster.yml index be9aba664e..425f427378 100644 --- a/playbooks/groups/os-cluster.yml +++ b/playbooks/groups/os-cluster.yml @@ -125,10 +125,10 @@ - { role: ansible-ansible-openshift-ansible, cluster_inventory_filename: "cluster-inventory", - openshift_release: "v3.5", + openshift_release: "v3.6", openshift_ansible_path: "/root/openshift-ansible", openshift_ansible_playbook: "playbooks/byo/config.yml", - openshift_ansible_version: "openshift-ansible-3.5.70-1", + openshift_ansible_version: "openshift-ansible-3.6.173.0.81-1", openshift_ansible_ssh_user: root, openshift_ansible_install_examples: true, openshift_ansible_containerized_deploy: false, From 381ae542bbbffa972d1de3a3e8ed97084e470fbc Mon Sep 17 00:00:00 2001 From: Ricky Elrod Date: Wed, 29 Nov 2017 04:39:29 +0000 Subject: [PATCH 14/27] Fix some os* ips Signed-off-by: Ricky Elrod --- inventory/host_vars/os-master02.phx2.fedoraproject.org | 2 +- inventory/host_vars/os-master03.phx2.fedoraproject.org | 2 +- inventory/host_vars/os-node01.phx2.fedoraproject.org | 2 +- inventory/host_vars/os-node02.phx2.fedoraproject.org | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/inventory/host_vars/os-master02.phx2.fedoraproject.org b/inventory/host_vars/os-master02.phx2.fedoraproject.org index ab1a1b0746..a2b9372e4b 100644 --- a/inventory/host_vars/os-master02.phx2.fedoraproject.org +++ b/inventory/host_vars/os-master02.phx2.fedoraproject.org @@ -5,7 +5,7 @@ dns: 10.5.126.21 ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7-osbs ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ volgroup: /dev/vg_guests -eth0_ip: 10.5.126.247 +eth0_ip: 10.5.126.246 vmhost: virthost19.phx2.fedoraproject.org datacenter: phx2 host_group: os diff --git a/inventory/host_vars/os-master03.phx2.fedoraproject.org b/inventory/host_vars/os-master03.phx2.fedoraproject.org index d7670e2917..1ed5d0156e 100644 --- a/inventory/host_vars/os-master03.phx2.fedoraproject.org +++ b/inventory/host_vars/os-master03.phx2.fedoraproject.org @@ -5,7 +5,7 @@ dns: 10.5.126.21 ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7-osbs ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ volgroup: /dev/vg_virthost15 -eth0_ip: 10.5.126.164 +eth0_ip: 10.5.126.247 vmhost: virthost15.phx2.fedoraproject.org datacenter: phx2 host_group: os diff --git a/inventory/host_vars/os-node01.phx2.fedoraproject.org b/inventory/host_vars/os-node01.phx2.fedoraproject.org index 77b7a58e25..c4b7faa5fe 100644 --- a/inventory/host_vars/os-node01.phx2.fedoraproject.org +++ b/inventory/host_vars/os-node01.phx2.fedoraproject.org @@ -5,7 +5,7 @@ dns: 10.5.126.21 ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7-osbs ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ volgroup: /dev/vg_guests -eth0_ip: 10.5.126.246 +eth0_ip: 10.5.126.248 vmhost: virthost06.phx2.fedoraproject.org datacenter: phx2 host_group: os-nodes diff --git a/inventory/host_vars/os-node02.phx2.fedoraproject.org b/inventory/host_vars/os-node02.phx2.fedoraproject.org index bcce8e0343..15c782a156 100644 --- a/inventory/host_vars/os-node02.phx2.fedoraproject.org +++ b/inventory/host_vars/os-node02.phx2.fedoraproject.org @@ -5,7 +5,7 @@ dns: 10.5.126.21 ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7-osbs ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ volgroup: /dev/vg_guests -eth0_ip: 10.5.126.248 +eth0_ip: 10.5.126.164 vmhost: virthost19.phx2.fedoraproject.org datacenter: phx2 host_group: os-nodes From 39dded872dce00396c9bb11c6830166a3b431089 Mon Sep 17 00:00:00 2001 From: Ricky Elrod Date: Wed, 29 Nov 2017 05:45:24 +0000 Subject: [PATCH 15/27] enable these repos in prod Signed-off-by: Ricky Elrod --- files/openshift/openshift.repo | 2 -- 1 file changed, 2 deletions(-) diff --git a/files/openshift/openshift.repo b/files/openshift/openshift.repo index 77aa0895d9..98e593266f 100644 --- a/files/openshift/openshift.repo +++ b/files/openshift/openshift.repo @@ -8,7 +8,6 @@ name = rhel7 openshift 3.5 $basearch baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-openshift-3.5-rpms/ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -{% if env == 'staging' %} [rhel7-openshift-3.6] name = rhel7 openshift 3.6 $basearch baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-openshift-3.6-rpms/ @@ -19,4 +18,3 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release name = rhel7 fast datapath $basearch baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-fast-datapath/ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release -{% endif %} From 7d27cdd2f9cd57116956d484f2fde53c81954cd1 Mon Sep 17 00:00:00 2001 From: Ricky Elrod Date: Wed, 29 Nov 2017 05:55:52 +0000 Subject: [PATCH 16/27] nuke the old ones Signed-off-by: Ricky Elrod --- files/openshift/openshift.repo | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/files/openshift/openshift.repo b/files/openshift/openshift.repo index 98e593266f..b299e4525b 100644 --- a/files/openshift/openshift.repo +++ b/files/openshift/openshift.repo @@ -1,13 +1,3 @@ -[rhel7-openshift-3.4] -name = rhel7 openshift 3.4 $basearch -baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-openshift-3.4-rpms/ -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release - -[rhel7-openshift-3.5] -name = rhel7 openshift 3.5 $basearch -baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-openshift-3.5-rpms/ -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release - [rhel7-openshift-3.6] name = rhel7 openshift 3.6 $basearch baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-openshift-3.6-rpms/ From a5d017c71fa732449ac885d8289559435c6cd256 Mon Sep 17 00:00:00 2001 From: Ricky Elrod Date: Wed, 29 Nov 2017 07:14:00 +0000 Subject: [PATCH 17/27] new os-master cert Signed-off-by: Ricky Elrod --- roles/haproxy/files/os-master.production.pem | 28 ++++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/roles/haproxy/files/os-master.production.pem b/roles/haproxy/files/os-master.production.pem index 12027535aa..561f71b208 100644 --- a/roles/haproxy/files/os-master.production.pem +++ b/roles/haproxy/files/os-master.production.pem @@ -1,18 +1,18 @@ -----BEGIN CERTIFICATE----- MIIC6jCCAdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu -c2hpZnQtc2lnbmVyQDE1MDM0MjY1MDcwHhcNMTcwODIyMTgyODI2WhcNMjIwODIx -MTgyODI3WjAmMSQwIgYDVQQDDBtvcGVuc2hpZnQtc2lnbmVyQDE1MDM0MjY1MDcw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8x8mVwkQA0pPPcMNUKwuz -nthngidbnIK1KPN9OLEkudgxASVMYmNNjAMc1vz5YxGgRURr6AL+tQPLnFfn5GWD -LbP3FkniCpkg5OAgZTTm9MWXQoO+HmFY7wGdBd9VQXOoVLovSL3IvrFqE9CReRLU -FPA8/z7sZ+4fDSB9+Clk7BoVLiJ7NeD8BzcKHqe7CFt9PYgH2WtK5nOlduVDRjwv -yOjACtzy1TXxAXec+1m0WkIfPdQ34enbd7U5b9T/jiuQVGp7RcrcQfHTqhyPeiXk -yz/QGqXB4h9M0SZJVdx47zXVW+t8kA5i8VajDqFdZe8iwR7IIEEG+6WMJk/2JkaP +c2hpZnQtc2lnbmVyQDE1MTE5MzYxMDUwHhcNMTcxMTI5MDYxNTA0WhcNMjIxMTI4 +MDYxNTA1WjAmMSQwIgYDVQQDDBtvcGVuc2hpZnQtc2lnbmVyQDE1MTE5MzYxMDUw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuURmWOArUMpoL5jg6YDrG +xB2QarYLedX7C/iAheCn/LlRZue/gzmWcv/QFXOlZNZl6xyhzCxj36J73f0wNGI3 +nbulv6bkHefPLWSh0OgC26S1GhkwDzbZhm/XBXeUqvCtczAFplGvXOAjk5+OKj7Z +busvm+QhFy4TAl31gwwVKGoRfA/VerKaM2MeWwqMb1vjd0jPUhIMZ0+lanwLqZ/u +yvJuVxdzjCXR+KytGKiSLYgU7kS25zqj/55yvUujiLNOI3jVDvm9FoynlGzvDoA8 +e4DvAsWosqdJhZAkXJuXUtSWBZDPQgGNAzxkdrXY1wRDxXchUPgaqzOvma7FhwzJ AgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MA0GCSqG -SIb3DQEBCwUAA4IBAQBIjnRqG7kc2x24F4fJoUKDOwmHXPpuwVNZwR/8PnBs1KWM -xmvst3ZJJ7+ZgVuLxauO9pAK9aqlWTC0LkJIskIT6Jj5vbENDSycuxty7eadYVDM -zvJdtR4vuxQ4qdMzM9xcAaY5hfyDzK3c8wzAPzq++blzcxJzVcszKp8+sVRy0o0g -/4MVFPN0ddKqDXrBV5gQt+c3FLg7a2RVUhED523V3dRlui4nxy9C1M8BqMs6RDu9 -b9AA8KQCVwHTb/FWgKkEyZDcDK+Ph5Qrn6v9eKCyKpYabqbqc1W0Ugi93+JYdn5z -vXDoM/KSvt0NR1JWEy3n3dATp4eHJAbGkCNNW5pW +SIb3DQEBCwUAA4IBAQCUzIEDQDNrbu0DfGXtGwPzrE1m146C4K6ft3vVyOW2TdXb +etak2gEsvTayNTyOBQGtgcvp+HhQhaJaHei5FzLqvmGXKpa8Q+od8NW7V5PZVZFN +RyTOmxAH4Y9+4SOqvclR4zT/Wy89tw5vr34rfN/sxcNW3iB/5/ZAGbaYwoSK96wZ +3zHgjLPBFTYMgeRjgw+RPr7TRP6w2Mko/wLPXw/Ki2lFNuCyBsBvY98j8viV4eBi +xXe6ZdUd4zAOtStHWT6gVQVj3aEBTsPlYxpWsmczLPijoKoa7KKYxwfJPfFpLwQX +ANtgvRRtXEysQ3fKEOyzkPCv2YQlmcNuErrMIvkA -----END CERTIFICATE----- From 100c857bf2103f9642fd61d45df376a4cc05f2cb Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Wed, 29 Nov 2017 11:45:59 +0000 Subject: [PATCH 18/27] Let networkManager handle DNS for openshift Signed-off-by: Patrick Uiterwijk --- inventory/group_vars/os | 1 + inventory/group_vars/os-stg | 1 + 2 files changed, 2 insertions(+) diff --git a/inventory/group_vars/os b/inventory/group_vars/os index c2897f8658..92656a93d5 100644 --- a/inventory/group_vars/os +++ b/inventory/group_vars/os @@ -2,3 +2,4 @@ host_group: os baseiptables: False no_http2: True +nm_controlled_resolv: True diff --git a/inventory/group_vars/os-stg b/inventory/group_vars/os-stg index c2897f8658..92656a93d5 100644 --- a/inventory/group_vars/os-stg +++ b/inventory/group_vars/os-stg @@ -2,3 +2,4 @@ host_group: os baseiptables: False no_http2: True +nm_controlled_resolv: True From 2880217bcb96db85660f95f73fb85cf07136b627 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Wed, 29 Nov 2017 12:03:17 +0000 Subject: [PATCH 19/27] We need to just fix re-entering a role rather than commenting it out Signed-off-by: Patrick Uiterwijk --- playbooks/openshift-apps/waiverdb.yml | 60 +++++++++++++-------------- 1 file changed, 29 insertions(+), 31 deletions(-) diff --git a/playbooks/openshift-apps/waiverdb.yml b/playbooks/openshift-apps/waiverdb.yml index cc9e033147..b18f39865c 100644 --- a/playbooks/openshift-apps/waiverdb.yml +++ b/playbooks/openshift-apps/waiverdb.yml @@ -19,37 +19,35 @@ - mjia - dcallagh - { role: openshift/object, app: waiverdb, template: secret.yml } - #- { role: openshift/secret-file - # , app: waiverdb - # , secret_name: waiverdb-stg-secret - # , key: client_secrets.json - # , template: client_secrets.json - # } - # These secret roles also break if the secret already exists. Can only be run once. - #- role: openshift/secret-file - # app: waiverdb - # secret_name: waiverdb-fedmsg-key - # key: fedmsg-waiverdb.key - # privatefile: fedmsg-certs/keys/waiverdb-waiverdb-web-waiverdb.app.os.stg.fedoraproject.org.key - # when: env == "staging" - #- role: openshift/secret-file - # app: waiverdb - # secret_name: waiverdb-fedmsg-crt - # key: fedmsg-waiverdb.crt - # privatefile: fedmsg-certs/keys/waiverdb-waiverdb-web-waiverdb.app.os.stg.fedoraproject.org.crt - # when: env == "staging" - #- role: openshift/secret-file - # app: waiverdb - # secret_name: waiverdb-fedmsg-key - # key: fedmsg-waiverdb.key - # privatefile: fedmsg-certs/keys/waiverdb-waiverdb-web-waiverdb.app.os.fedoraproject.org.key - # when: env != "staging" - #- role: openshift/secret-file - # app: waiverdb - # secret_name: waiverdb-fedmsg-crt - # key: fedmsg-waiverdb.crt - # privatefile: fedmsg-certs/keys/waiverdb-waiverdb-web-waiverdb.app.os.fedoraproject.org.crt - # when: env != "staging" + - role: openshift/secret-file + app: waiverdb + secret_name: waiverdb-stg-secret + key: client_secrets.json + template: client_secrets.json + - role: openshift/secret-file + app: waiverdb + secret_name: waiverdb-fedmsg-key + key: fedmsg-waiverdb.key + privatefile: fedmsg-certs/keys/waiverdb-waiverdb-web-waiverdb.app.os.stg.fedoraproject.org.key + when: env == "staging" + - role: openshift/secret-file + app: waiverdb + secret_name: waiverdb-fedmsg-crt + key: fedmsg-waiverdb.crt + privatefile: fedmsg-certs/keys/waiverdb-waiverdb-web-waiverdb.app.os.stg.fedoraproject.org.crt + when: env == "staging" + - role: openshift/secret-file + app: waiverdb + secret_name: waiverdb-fedmsg-key + key: fedmsg-waiverdb.key + privatefile: fedmsg-certs/keys/waiverdb-waiverdb-web-waiverdb.app.os.fedoraproject.org.key + when: env != "staging" + - role: openshift/secret-file + app: waiverdb + secret_name: waiverdb-fedmsg-crt + key: fedmsg-waiverdb.crt + privatefile: fedmsg-certs/keys/waiverdb-waiverdb-web-waiverdb.app.os.fedoraproject.org.crt + when: env != "staging" - { role: openshift/object, app: waiverdb, file: imagestream.yml } - { role: openshift/object, app: waiverdb, file: buildconfig.yml } - { role: openshift/object, app: waiverdb, template: configmap.yml } From 90878bb51d2951912a58ce043431e39a9225b5c0 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Wed, 29 Nov 2017 12:07:21 +0000 Subject: [PATCH 20/27] Make 5666 opening part of iptables Signed-off-by: Patrick Uiterwijk --- playbooks/groups/os-cluster.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/playbooks/groups/os-cluster.yml b/playbooks/groups/os-cluster.yml index 425f427378..819af87e37 100644 --- a/playbooks/groups/os-cluster.yml +++ b/playbooks/groups/os-cluster.yml @@ -162,6 +162,8 @@ tasks: - name: enable nrpe for monitoring (noc01) iptables: action=insert chain=INPUT destination_port=5666 protocol=tcp source=10.5.126.41 state=present jump=ACCEPT + tags: + - iptables - name: Post-Install master setup hosts: os-masters-stg:os-masters From e43b8f84b63ed6ab7057f5db31eace9cf8bfd64a Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Wed, 29 Nov 2017 15:46:05 +0000 Subject: [PATCH 21/27] Sync FAW trees Signed-off-by: Patrick Uiterwijk --- roles/bodhi2/backend/files/new-updates-sync | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/roles/bodhi2/backend/files/new-updates-sync b/roles/bodhi2/backend/files/new-updates-sync index 86864ce739..fe89b9b187 100755 --- a/roles/bodhi2/backend/files/new-updates-sync +++ b/roles/bodhi2/backend/files/new-updates-sync @@ -26,7 +26,9 @@ RELEASES = {'f27': {'topic': 'fedora', 'from': 'f27-updates', 'ostrees': [{'ref': 'fedora/27/%(arch)s/updates/atomic-host', 'dest': os.path.join(ATOMICDEST, '27'), - 'arches': ['x86_64', 'ppc64le', 'aarch64']}], + 'arches': ['x86_64', 'ppc64le', 'aarch64']}, + {'ref': 'fedora/27/x86_64/updates/workstation', + 'dest': os.path.join(ATOMICDEST, 'workstation')}], 'to': [{'arches': ['x86_64', 'armhfp', 'source'], 'dest': os.path.join(FEDORADEST, '27')}, {'arches': ['aarch64', 'i386', 'ppc64', 'ppc64le', 's390x'], @@ -36,7 +38,9 @@ RELEASES = {'f27': {'topic': 'fedora', 'from': 'f27-updates-testing', 'ostrees': [{'ref': 'fedora/27/%(arch)s/testing/atomic-host', 'dest': os.path.join(ATOMICDEST, '27'), - 'arches': ['x86_64', 'ppc64le', 'aarch64']}], + 'arches': ['x86_64', 'ppc64le', 'aarch64']}, + {'ref': 'fedora/27/x86_64/testing/workstation', + 'dest': os.path.join(ATOMICDEST, 'workstation')}], 'to': [{'arches': ['x86_64', 'armhfp', 'source'], 'dest': os.path.join(FEDORADEST, 'testing', '27')}, {'arches': ['aarch64', 'i386', 'ppc64', 'ppc64le', 's390x'], From 7bc194f17a2257553f9544ef5d627f356153ca13 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Wed, 29 Nov 2017 16:10:19 +0000 Subject: [PATCH 22/27] Work around link missing on f25 ostree Signed-off-by: Patrick Uiterwijk --- roles/bodhi2/backend/files/new-updates-sync | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/bodhi2/backend/files/new-updates-sync b/roles/bodhi2/backend/files/new-updates-sync index fe89b9b187..c8a64dce9c 100755 --- a/roles/bodhi2/backend/files/new-updates-sync +++ b/roles/bodhi2/backend/files/new-updates-sync @@ -28,6 +28,9 @@ RELEASES = {'f27': {'topic': 'fedora', 'dest': os.path.join(ATOMICDEST, '27'), 'arches': ['x86_64', 'ppc64le', 'aarch64']}, {'ref': 'fedora/27/x86_64/updates/workstation', + 'dest': os.path.join(ATOMICDEST, 'workstation')}, + # Hack around for the fact that ostree on f25 doesn't know links + {'ref': 'fedora/27/x86_64/workstation', 'dest': os.path.join(ATOMICDEST, 'workstation')}], 'to': [{'arches': ['x86_64', 'armhfp', 'source'], 'dest': os.path.join(FEDORADEST, '27')}, From f0571cdb2e2e8fe99ae6769098a6951fbc6584d5 Mon Sep 17 00:00:00 2001 From: Adam Miller Date: Wed, 29 Nov 2017 17:44:43 +0000 Subject: [PATCH 23/27] add keytab and ssh key for releng rebuilds on composer machines in stage Signed-off-by: Adam Miller --- playbooks/groups/releng-compose.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/playbooks/groups/releng-compose.yml b/playbooks/groups/releng-compose.yml index 68fc37bb6d..ef47bbca4a 100644 --- a/playbooks/groups/releng-compose.yml +++ b/playbooks/groups/releng-compose.yml @@ -89,5 +89,18 @@ - python2-dockerfile-parse when: env == "staging" and ansible_architecture != "ppc64" + - name: set releng user keytab + copy: + src: "{{private}}/files/keytabs/{{env}}/releng" + dest: /etc/krb5.releng.keytab + when: env == "staging" + + - name: copy releng ssh key for rebuild fedpkg/distgit pushes + copy: + src: "{{private}}/files/releng/sshkeys/container-rebuild-staging" + dest: /etc/pki/releng + when: env == "staging" + + handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" From 20178f7b42fbce5fcfa694272faa52508dbfd4e0 Mon Sep 17 00:00:00 2001 From: Adam Miller Date: Wed, 29 Nov 2017 21:49:46 +0000 Subject: [PATCH 24/27] change push-docker role to set releng-team group perms on certs Signed-off-by: Adam Miller --- roles/push-docker/tasks/main.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/push-docker/tasks/main.yml b/roles/push-docker/tasks/main.yml index 0fec869d83..56325014eb 100644 --- a/roles/push-docker/tasks/main.yml +++ b/roles/push-docker/tasks/main.yml @@ -14,14 +14,16 @@ src: "{{private}}/files/koji/{{docker_cert_name}}.cert.pem" dest: "{{docker_cert_dir}}/client.cert" owner: root - mode: 0600 + group: "releng-team" + mode: 0640 - name: install docker client key for registry copy: src: "{{private}}/files/koji/{{docker_cert_name}}.key.pem" dest: "{{docker_cert_dir}}/client.key" owner: root - mode: 0600 + group: "releng-team" + mode: 0640 - name: start and enable docker service: name=docker state=started enabled=yes From 7d265c9bf98353e568c57bb327c59e182785b33b Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 29 Nov 2017 21:52:43 +0000 Subject: [PATCH 25/27] switch openqa machines to alert on disk only when 90% or higher instead of 85% --- roles/nagios_client/templates/check_disk.cfg.j2 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/nagios_client/templates/check_disk.cfg.j2 b/roles/nagios_client/templates/check_disk.cfg.j2 index de21bea478..79f7c8906e 100644 --- a/roles/nagios_client/templates/check_disk.cfg.j2 +++ b/roles/nagios_client/templates/check_disk.cfg.j2 @@ -1,4 +1,8 @@ +{% if inventory_hostname.startswith('openqa') %} +command[check_disk_/]=/usr/lib64/nagios/plugins/check_disk -w 10% -c 5% -p / +{% else %} command[check_disk_/]=/usr/lib64/nagios/plugins/check_disk -w 15% -c 10% -p / +{% endif %} command[check_disk_/boot]=/usr/lib64/nagios/plugins/check_disk -w 20% -c 10% -p /boot command[check_disk_/git]=/usr/lib64/nagios/plugins/check_disk -w 20% -c 10% -p /git command[check_disk_/mnt/koji]=/usr/lib64/nagios/plugins/check_disk -w 10% -c 5% -p /mnt/koji From 10d7262ef0f3b6eb7611fae40b2af396d83a3023 Mon Sep 17 00:00:00 2001 From: Adam Miller Date: Wed, 29 Nov 2017 22:16:51 +0000 Subject: [PATCH 26/27] change manage-container-images role to set releng-team group perms on certs Signed-off-by: Adam Miller --- roles/manage-container-images/tasks/main.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/manage-container-images/tasks/main.yml b/roles/manage-container-images/tasks/main.yml index bd7e9e75f6..64c88cb071 100644 --- a/roles/manage-container-images/tasks/main.yml +++ b/roles/manage-container-images/tasks/main.yml @@ -18,11 +18,12 @@ src: "{{cert_src}}" dest: "{{cert_dest_dir}}/client.cert" owner: root - mode: 0600 + group: "releng-team" + mode: 0640 - name: install docker client key for registry copy: src: "{{key_src}}" dest: "{{cert_dest_dir}}/client.key" - owner: root - mode: 0600 + group: "releng-team" + mode: 0640 From 1d7755a63fd4d86dabe814069fe5d2bda85330a9 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Thu, 30 Nov 2017 00:08:49 +0000 Subject: [PATCH 27/27] Move packages extra resources to apache Signed-off-by: Patrick Uiterwijk --- roles/packages3/web/files/packages-httpd.conf | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/roles/packages3/web/files/packages-httpd.conf b/roles/packages3/web/files/packages-httpd.conf index c298d7bc77..ab381256aa 100644 --- a/roles/packages3/web/files/packages-httpd.conf +++ b/roles/packages3/web/files/packages-httpd.conf @@ -27,6 +27,22 @@ Alias /packages/images/icons /var/cache/fedoracommunity/packages/icons Alias /packages/images /usr/share/fedoracommunity/public/images Alias /packages/_res /usr/share/fedoracommunity/public/toscawidgets/resources/ +Alias /packages/tw2/resources/tw2.jqplugins.ui/static /usr/lib/python2.7/site-packages/tw2/jqplugins/ui/static +Alias /packages/tw2/resources/tw2.jquery/static /usr/lib/python2.7/site-packages/tw2/jquery/static +Alias /packages/tw2/resources/fedoracommunity.connectors.widgets.widgets/static /usr/lib/python2.7/site-packages/fedoracommunity/connectors/widgets/static + + + Require all granted + + + + Require all granted + + + + Require all granted + + # Temporarily disabled until we can figure out how to get the moksha # javascript resources pulled in with `python setup.py archive_tw_resources` #Alias /community/toscawidgets /usr/share/fedoracommunity/public/toscawidgets