diff --git a/files/debuginfod/sysconfig.debuginfod b/files/debuginfod/sysconfig.debuginfod new file mode 100644 index 0000000000..5e8d2f1e9d --- /dev/null +++ b/files/debuginfod/sysconfig.debuginfod @@ -0,0 +1,16 @@ +# +DEBUGINFOD_PORT="8002" +DEBUGINFOD_VERBOSE="-vv" + +DEBUGINFOD_PATHS="--fdcache-fds=512 -t3600 -R /mnt/fedora_koji_prod/koji/packages -X /data/ -I \.(module_f|fc)(32|33|34|35)[.+].*\.rpm" + +# prefer reliability/durability over performance +#DEBUGINFOD_PRAGMAS="-D 'pragma synchronous=full;'" + +# upstream debuginfods +#DEBUGINFOD_URLS="http://secondhost:8002 http://thirdhost:8002" +#DEBUGINFOD_TIMEOUT="5" +#DEBUGINFOD_CACHE_DIR="" + +# Don't use tmpfs /tmp on scarce-RAM machine. +TMPDIR=/var/tmp diff --git a/inventory/group_vars/all b/inventory/group_vars/all index b2abe1f99b..527db55b48 100644 --- a/inventory/group_vars/all +++ b/inventory/group_vars/all @@ -91,7 +91,7 @@ virt_install_command_one_nic: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x - 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0 + 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} @@ -101,7 +101,7 @@ virt_install_command_two_nic: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x - 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0 + 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname_short }}-nfs:eth1:none' @@ -113,7 +113,7 @@ virt_install_command_one_nic_unsafe: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x - 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0 + 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} @@ -123,7 +123,7 @@ virt_install_command_two_nic_unsafe: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x - 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0 + 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname_short }}-nfs:eth1:none ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' @@ -135,7 +135,7 @@ virt_install_command_ppc64le_one_nic_unsafe: virt-install -n {{ inventory_hostna --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x - 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0 + 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} @@ -145,7 +145,7 @@ virt_install_command_ppc64le_two_nic_unsafe: virt-install -n {{ inventory_hostna --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x - 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0 + 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname_short }}-nfs:eth1:none' @@ -157,7 +157,7 @@ virt_install_command_aarch64_one_nic: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x - 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} + 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} @@ -167,7 +167,7 @@ virt_install_command_aarch64_one_nic_unsafe: virt-install -n {{ inventory_hostna --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x - 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} + 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} @@ -177,7 +177,7 @@ virt_install_command_aarch64_2nd_nic: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x - 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} + 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ nfs_bridge }},model=virtio,mac={{ mac_address }} @@ -187,7 +187,7 @@ virt_install_command_aarch64_two_nic: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x - 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} + 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname_short }}-nfs:eth1:none' @@ -199,7 +199,7 @@ virt_install_command_armv7_one_nic: virt-install -n {{ inventory_hostname }} --a --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x - 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyAMA0 + 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyAMA0 hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }} @@ -209,7 +209,7 @@ virt_install_command_armv7_one_nic_unsafe: virt-install -n {{ inventory_hostname --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x - 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyAMA0 + 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyAMA0 hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }} @@ -219,7 +219,7 @@ virt_install_command_s390x_one_nic: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x - 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} + 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} @@ -229,7 +229,7 @@ virt_install_command_s390x_one_nic_unsafe: virt-install -n {{ inventory_hostname --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x - 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} + 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} @@ -239,7 +239,7 @@ virt_install_command_rhel6: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x - "ksdevice=eth0 ks={{ ks_url }} ip={{ eth0_ip }} netmask={{ nm }} + "inst.ksdevice=eth0 inst.ks={{ ks_url }} ip={{ eth0_ip }} netmask={{ nm }} gateway={{ gw }} dns={{ dns }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }}" --network=bridge=br0 --autostart --noautoconsole --watchdog default @@ -426,3 +426,6 @@ sshd_sftp: false # Autodetect python version # ansible_python_interpreter: auto + +# set no x-forward header by default +x_forward: false diff --git a/inventory/group_vars/buildvm_armv7_stg b/inventory/group_vars/buildvm_armv7_stg index 88e0c4ee94..c86a9dcc96 100644 --- a/inventory/group_vars/buildvm_armv7_stg +++ b/inventory/group_vars/buildvm_armv7_stg @@ -2,12 +2,12 @@ # common items for the buildvm-* koji builders volgroup: /dev/vg_guests lvm_size: 140000 -mem_size: 24576 +mem_size: 40960 max_mem_size: "{{ mem_size }}" num_cpus: 5 max_cpu: "{{ num_cpus }}" -ks_url: http://10.3.163.35/repo/rhel/ks/buildvm-fedora-33-armv7 -ks_repo: http://10.3.163.35/pub/fedora/linux/releases/33/Server/armhfp/os/ +ks_url: http://10.3.163.35/repo/rhel/ks/buildvm-fedora-34-armv7 +ks_repo: http://10.3.163.35/pub/fedora/linux/development/34/Server/armhfp/os/ nm: 255.255.255.0 gw: 10.3.167.254 dns: 10.3.163.33 diff --git a/inventory/group_vars/vmhost_copr b/inventory/group_vars/copr_hypervisor similarity index 76% rename from inventory/group_vars/vmhost_copr rename to inventory/group_vars/copr_hypervisor index 13742732f5..3b9f1b06d8 100644 --- a/inventory/group_vars/vmhost_copr +++ b/inventory/group_vars/copr_hypervisor @@ -1,6 +1,7 @@ --- virthost: true +vpn: true primary_auth_source: ipa ipa_host_group: vmhost-copr ipa_host_group_desc: VM hosts for COPR @@ -9,15 +10,10 @@ ipa_client_shell_groups: ipa_client_sudo_groups: - sysadmin-copr - nrpe_procs_warn: 1400 nrpe_procs_crit: 1500 -# These variables are pushed into /etc/system_identification by the base role. -# Groups and individual hosts should override them with specific info. -# See http://infrastructure.fedoraproject.org/csi/security-policy/ - -vpn: false +vpn: true postfix_group: copr postfix_maincf: "postfix/main.cf/main.cf.copr" diff --git a/inventory/group_vars/maintainer_test b/inventory/group_vars/maintainer_test index f264f5c325..a8c36c90c0 100644 --- a/inventory/group_vars/maintainer_test +++ b/inventory/group_vars/maintainer_test @@ -2,6 +2,15 @@ freezes: false sudoers: "{{ private }}/files/sudo/arm-packager-sudoers" sudoers_main: nopasswd -host_group: cloud datacenter: aws ansible_ifcfg_blocklist: true + +vpn: true +primary_auth_source: ipa +ipa_host_group: maintainer_test +ipa_host_group_desc: Test hosts for package maintainers +ipa_client_shell_groups: +- packager +ipa_client_sudo_nopasswd_groups: +- sysadmin-main +- packager diff --git a/inventory/group_vars/openqa b/inventory/group_vars/openqa index 6334538249..ae0e78f4fb 100644 --- a/inventory/group_vars/openqa +++ b/inventory/group_vars/openqa @@ -6,7 +6,6 @@ external_hostname: openqa.fedoraproject.org openqa_dbname: openqa openqa_dbuser: openqa openqa_dbpassword: "{{ prod_openqa_dbpassword }}" -openqa_assetsize: 500 openqa_key: "{{ prod_openqa_apikey }}" openqa_secret: "{{ prod_openqa_apisecret }}" diff --git a/inventory/group_vars/openqa_lab b/inventory/group_vars/openqa_lab index 3559ab3ed5..826ab24922 100644 --- a/inventory/group_vars/openqa_lab +++ b/inventory/group_vars/openqa_lab @@ -17,9 +17,7 @@ external_hostname: openqa.stg.fedoraproject.org openqa_dbname: openqa-stg openqa_dbuser: openqastg openqa_dbpassword: "{{ stg_openqa_dbpassword }}" -openqa_assetsize: 400 -openqa_assetsize_ppc: 150 -openqa_assetsize_aarch64: 150 +openqa_assetsize_ppc: 300 openqa_key: "{{ stg_openqa_apikey }}" openqa_secret: "{{ stg_openqa_apisecret }}" diff --git a/inventory/group_vars/openqa_servers_common b/inventory/group_vars/openqa_servers_common index 194cae6a7b..024ce80efc 100644 --- a/inventory/group_vars/openqa_servers_common +++ b/inventory/group_vars/openqa_servers_common @@ -9,7 +9,9 @@ openqa_nickname: adamwill openqa_fullname: Adam Williamson openqa_userid: http://adamwill.id.fedoraproject.org/ -openqa_assetsize_updates: 100 +openqa_assetsize: 600 +openqa_assetsize_aarch64: 300 +openqa_assetsize_updates: 200 # stg and prod use the same database server openqa_dbhost: db-openqa01.iad2.fedoraproject.org diff --git a/inventory/group_vars/os_masters_stg b/inventory/group_vars/os_masters_stg index 37ccee7102..830be75bd2 100644 --- a/inventory/group_vars/os_masters_stg +++ b/inventory/group_vars/os_masters_stg @@ -11,5 +11,5 @@ nagios_Check_Services: # Set some bodhi variables here. # Since they are used when running playbooks against the master nodes. # -bodhi_version: "5.6.1" +bodhi_version: "5.7.0" bodhi_openshift_pods: 1 diff --git a/inventory/host_vars/aarch64-test01.fedorainfracloud.org b/inventory/host_vars/aarch64-test01.fedorainfracloud.org index b61f03b019..25136dfcea 100644 --- a/inventory/host_vars/aarch64-test01.fedorainfracloud.org +++ b/inventory/host_vars/aarch64-test01.fedorainfracloud.org @@ -1,3 +1,2 @@ datacenter: aws inventory_hostname: "aarch64-test01.fedorainfracloud.org" - diff --git a/inventory/host_vars/buildvm-a32-01.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a32-01.stg.iad2.fedoraproject.org index 6b98c1a399..5619cec3a7 100644 --- a/inventory/host_vars/buildvm-a32-01.stg.iad2.fedoraproject.org +++ b/inventory/host_vars/buildvm-a32-01.stg.iad2.fedoraproject.org @@ -6,13 +6,14 @@ dns1: 10.3.163.33 dns2: 10.3.163.34 has_ipv4: yes +eth0_ip: 10.3.167.46 eth0_ipv4: 10.3.167.46 eth0_ipv4_nm: 24 eth0_ipv4_gw: 10.3.167.254 has_ipv6: no -mac0: 52:54:00:d7:04:aa +mac0: 52:54:00:d4:6a:ca network_connections: - name: eth0 diff --git a/inventory/host_vars/buildvm-ppc64le-13.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-13.iad2.fedoraproject.org index 553798b4a0..2699cf0021 100644 --- a/inventory/host_vars/buildvm-ppc64le-13.iad2.fedoraproject.org +++ b/inventory/host_vars/buildvm-ppc64le-13.iad2.fedoraproject.org @@ -5,13 +5,14 @@ dns1: 10.3.163.33 dns2: 10.3.163.34 has_ipv4: yes +eth0_ip: 10.3.171.53 eth0_ipv4: 10.3.171.53 eth0_ipv4_nm: 24 eth0_ipv4_gw: 10.3.171.254 has_ipv6: no -mac0: 52:54:00:f0:f0:eb +mac0: 52:54:00:36:bc:34 network_connections: - name: eth0 diff --git a/inventory/host_vars/buildvm-ppc64le-15.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-15.iad2.fedoraproject.org index 815adcf78b..84fd3cd550 100644 --- a/inventory/host_vars/buildvm-ppc64le-15.iad2.fedoraproject.org +++ b/inventory/host_vars/buildvm-ppc64le-15.iad2.fedoraproject.org @@ -5,13 +5,14 @@ dns1: 10.3.163.33 dns2: 10.3.163.34 has_ipv4: yes +eth0_ip: 10.3.171.55 eth0_ipv4: 10.3.171.55 eth0_ipv4_nm: 24 eth0_ipv4_gw: 10.3.171.254 has_ipv6: no -mac0: 52:54:00:1e:dc:92 +mac0: 52:54:00:68:64:dc network_connections: - name: eth0 diff --git a/inventory/host_vars/buildvm-ppc64le-16.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-16.iad2.fedoraproject.org index 8d16a70d13..a778a66c33 100644 --- a/inventory/host_vars/buildvm-ppc64le-16.iad2.fedoraproject.org +++ b/inventory/host_vars/buildvm-ppc64le-16.iad2.fedoraproject.org @@ -5,13 +5,14 @@ dns1: 10.3.163.33 dns2: 10.3.163.34 has_ipv4: yes +eth0_ip: 10.3.171.56 eth0_ipv4: 10.3.171.56 eth0_ipv4_nm: 24 eth0_ipv4_gw: 10.3.171.254 has_ipv6: no -mac0: 52:54:00:a0:6b:4f +mac0: 52:54:00:cb:57:ef network_connections: - name: eth0 diff --git a/inventory/host_vars/buildvm-ppc64le-20.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-20.iad2.fedoraproject.org index 658dbc6470..6539e5cc65 100644 --- a/inventory/host_vars/buildvm-ppc64le-20.iad2.fedoraproject.org +++ b/inventory/host_vars/buildvm-ppc64le-20.iad2.fedoraproject.org @@ -5,13 +5,14 @@ dns1: 10.3.163.33 dns2: 10.3.163.34 has_ipv4: yes +eth0_ip: 10.3.171.60 eth0_ipv4: 10.3.171.60 eth0_ipv4_nm: 24 eth0_ipv4_gw: 10.3.171.254 has_ipv6: no -mac0: 52:54:00:1e:bf:c1 +mac0: 52:54:00:e0:0f:d5 network_connections: - name: eth0 diff --git a/inventory/host_vars/el6-test.fedorainfracloud.org b/inventory/host_vars/el6-test.fedorainfracloud.org deleted file mode 100644 index 94698808d1..0000000000 --- a/inventory/host_vars/el6-test.fedorainfracloud.org +++ /dev/null @@ -1,19 +0,0 @@ ---- -tcp_ports: [22] - -datacenter: aws -nagios_Check_Services: - mail: false - nrpe: false - sshd: false - named: false - dhcpd: false - httpd: false - swap: false - ping: false - raid: false - -ansible_ssh_user: centos -ansible_become: true -ansible_become_user: root -ansible_become_method: sudo diff --git a/inventory/host_vars/ipa02.stg.iad2.fedoraproject.org b/inventory/host_vars/ipa02.stg.iad2.fedoraproject.org new file mode 100644 index 0000000000..c3fc212639 --- /dev/null +++ b/inventory/host_vars/ipa02.stg.iad2.fedoraproject.org @@ -0,0 +1,12 @@ +--- +nm: 255.255.255.0 +gw: 10.3.166.254 +dns: 10.3.163.33 +ks_url: http://10.3.163.35/repo/rhel/ks/kvm-rhel-8-iad2 +ks_repo: http://10.3.163.35/repo/rhel/RHEL8-x86_64/ +volgroup: /dev/vg_guests +eth0_ip: 10.3.166.63 +vmhost: vmhost-x86-02.stg.iad2.fedoraproject.org +datacenter: iad2 +## REMEMBER ONLY SET THIS TO TRUE WHEN WIPING SYSTEM TO MINIMUM +ipa_initial: false diff --git a/inventory/inventory b/inventory/inventory index e645a3f1fc..28aca94c6b 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -115,12 +115,6 @@ virthost-cc-rdu03.fedoraproject.org vmhost-x86-cc06.rdu-cc.fedoraproject.org vmhost-x86-cc05.rdu-cc.fedoraproject.org -[vmhost_copr] -vmhost-x86-copr01.rdu-cc.fedoraproject.org -vmhost-x86-copr02.rdu-cc.fedoraproject.org -vmhost-x86-copr03.rdu-cc.fedoraproject.org -vmhost-x86-copr04.rdu-cc.fedoraproject.org - [datagrepper] datagrepper01.iad2.fedoraproject.org datagrepper02.iad2.fedoraproject.org @@ -308,6 +302,7 @@ ipa03.iad2.fedoraproject.org [ipa_stg] ipa01.stg.iad2.fedoraproject.org +ipa02.stg.iad2.fedoraproject.org [ipsilon_stg] ipsilon01.stg.iad2.fedoraproject.org @@ -669,6 +664,7 @@ oci-registry01.stg.iad2.fedoraproject.org # fedimg01.stg.iad2.fedoraproject.org github2fedmsg01.stg.iad2.fedoraproject.org ipa01.stg.iad2.fedoraproject.org +ipa02.stg.iad2.fedoraproject.org ipsilon01.stg.iad2.fedoraproject.org koji01.stg.iad2.fedoraproject.org #mailman01.stg.iad2.fedoraproject.org @@ -998,6 +994,9 @@ copr_dev_aws [copr_hypervisor] vmhost-x86-copr01.rdu-cc.fedoraproject.org +vmhost-x86-copr02.rdu-cc.fedoraproject.org +vmhost-x86-copr03.rdu-cc.fedoraproject.org +vmhost-x86-copr04.rdu-cc.fedoraproject.org [copr_db_all:children] copr_db_stg diff --git a/playbooks/groups/bodhi-backend.yml b/playbooks/groups/bodhi-backend.yml index c9afc0a5b1..a904962032 100644 --- a/playbooks/groups/bodhi-backend.yml +++ b/playbooks/groups/bodhi-backend.yml @@ -68,6 +68,10 @@ mnt_dir: '/pub/' nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub/' + - role: nfs/client + mnt_dir: '/pub/archive' + nfs_src_dir: 'fedora_ftp_archive' + - role: keytab/service owner_user: apache owner_group: apache diff --git a/playbooks/groups/copr-hypervisor.yml b/playbooks/groups/copr-hypervisor.yml index 5f9413c180..d13708ec4a 100644 --- a/playbooks/groups/copr-hypervisor.yml +++ b/playbooks/groups/copr-hypervisor.yml @@ -14,13 +14,11 @@ tasks: - import_role: name=base - import_role: name=hosts - - import_role: name=fas_client - import_role: name=rkhunter - import_role: name=nagios_client - import_role: name=openvpn/client - - import_role: name=sudo + - import_role: name=ipa/client - - import_tasks: "{{ tasks_path }}/2fa_client.yml" - import_tasks: "{{ tasks_path }}/motd.yml" handlers: diff --git a/playbooks/groups/debuginfod.yml b/playbooks/groups/debuginfod.yml index cb847a86fd..b4bb16a3fa 100644 --- a/playbooks/groups/debuginfod.yml +++ b/playbooks/groups/debuginfod.yml @@ -28,6 +28,24 @@ tasks: - import_tasks: "{{ tasks_path }}/motd.yml" + + - name: install debuginfod + package: name=elfutils-debuginfod state=present + - name: install sqlite for diagnostics + package: name=sqlite state=present + + - name: install rsync for data backups + package: name=rsync state=present + + - name: install debuginfod configuration + copy: src="{{ files }}/debuginfod/sysconfig.debuginfod" dest=/etc/sysconfig/debuginfod owner=root group=root mode=644 + + - name: ensure debuginfod is enabled and started + service: + name: debuginfod + state: started + enabled: yes + handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/download.yml b/playbooks/groups/download.yml index 945f6dc9bc..a5238e8ec9 100644 --- a/playbooks/groups/download.yml +++ b/playbooks/groups/download.yml @@ -38,6 +38,7 @@ - download - rsyncd - { role: nfs/client, when: datacenter == "iad2" or datacenter == "rdu", mnt_dir: '/srv/pub', nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' } + - { role: nfs/client, when: datacenter == "iad2" or datacenter == "rdu", mnt_dir: '/srv/pub/archive', nfs_src_dir: 'fedora_ftp_archive' } - { role: nfs/client, when: datacenter == "iad2", mnt_dir: '/mnt/koji', nfs_src_dir: 'fedora_koji/koji/' } # needed for internal sync and odcs - { role: nfs/client, when: datacenter == "iad2", mnt_dir: '/srv/odcs', nfs_src_dir: 'fedora_odcs' } # needed for internal sync - sudo diff --git a/playbooks/groups/maintainer-test.yml b/playbooks/groups/maintainer-test.yml index 1314e97283..79fcc74fc5 100644 --- a/playbooks/groups/maintainer-test.yml +++ b/playbooks/groups/maintainer-test.yml @@ -1,58 +1,5 @@ -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=aarch64_test:armv7_test" - -- name: Do some basic cloud setup on them - hosts: maintainer_test:aarch64_test:armv7_test - gather_facts: True - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" - - name: set hostname (required by some services, at least postfix need it) - hostname: name="{{inventory_hostname}}" - -- name: setup second disk on aws maintainer-test instances - hosts: maintainer_test:\!ppc64le-test.fedorainfracloud.org - gather_facts: True - tags: - - maintainer-test - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - - name: make a partition on first disk - parted: device=/dev/nvme0n1 number=1 state=present - tags: - - maintainer-test - when: inventory_hostname.startswith(('f30-test')) - - - name: format the partition if it's not already - filesystem: dev=/dev/nvme0n1p1 fstype=ext4 - tags: - - maintainer-test - when: inventory_hostname.startswith(('f30-test')) - ignore_errors: true - - - name: mount cache filesystem on /var/cache/mock - mount: path=/var/cache/mock state=mounted src=/dev/nvme0n1p1 fstype=ext4 - tags: - - maintainer-test - when: inventory_hostname.startswith(('f30-test')) - - - name: bind mount cache filesystem on /var/lib/mock - mount: path=/var/lib/mock state=mounted src=/var/cache/mock fstype=none opts=bind - tags: - - maintainer-test - when: inventory_hostname.startswith(('f30-test')) - - name: Setup maintainer test hosts - hosts: maintainer_test:aarch64_test:armv7_test + hosts: maintainer_test gather_facts: True tags: - maintainer-test @@ -70,8 +17,8 @@ - base - rkhunter - hosts - - fas_client - - sudo + - openvpn/client + - ipa/client tasks: # this is how you include other task lists @@ -81,7 +28,7 @@ dnf: state=present pkg={{ item }} with_items: - fedora-packager - when: ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora' + when: ansible_distribution == 'Fedora' tags: - packages diff --git a/playbooks/groups/mirrormanager.yml b/playbooks/groups/mirrormanager.yml index 676a52aa83..dd215a98e4 100644 --- a/playbooks/groups/mirrormanager.yml +++ b/playbooks/groups/mirrormanager.yml @@ -20,6 +20,7 @@ - sudo - collectd/base - { role: nfs/client, when: inventory_hostname.startswith('mm-backend01'), mnt_dir: '/srv/pub', nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' } + - { role: nfs/client, when: inventory_hostname.startswith('mm-backend01'), mnt_dir: '/srv/pub/archive', nfs_src_dir: 'fedora_ftp_archive' } pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" diff --git a/playbooks/groups/releng-compose.yml b/playbooks/groups/releng-compose.yml index 5b6c4de611..9b7a070a0e 100644 --- a/playbooks/groups/releng-compose.yml +++ b/playbooks/groups/releng-compose.yml @@ -74,6 +74,11 @@ mnt_dir: '/pub' nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' when: "'releng_compose' in group_names" + + - role: nfs/client + mnt_dir: '/srv/fedora_ftp_archive' + nfs_src_dir: 'fedora_ftp_archive' + when: inventory_hostname.startswith('compose-rawhide') # # mount archive volumes on composer so we can run the archiving script there. # diff --git a/playbooks/groups/secondary.yml b/playbooks/groups/secondary.yml index 3814fdb095..82505432c4 100644 --- a/playbooks/groups/secondary.yml +++ b/playbooks/groups/secondary.yml @@ -22,7 +22,7 @@ - sudo - { role: nfs/client, mnt_dir: '/srv/pub/archive', - nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub/archive' } + nfs_src_dir: 'fedora_ftp_archive' } - { role: nfs/client, mnt_dir: '/srv/pub/alt', nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3", diff --git a/playbooks/groups/sundries.yml b/playbooks/groups/sundries.yml index fdaa65f44e..068d4b7999 100644 --- a/playbooks/groups/sundries.yml +++ b/playbooks/groups/sundries.yml @@ -39,6 +39,8 @@ when: master_sundries_node|bool - role: fedora-web/build when: master_sundries_node|bool + - role: fedora-web/translation + when: master_sundries_node|bool - role: fedora-budget/build when: master_sundries_node|bool - role: fedora-docs/build diff --git a/playbooks/groups/vmhost_copr.yml b/playbooks/groups/vmhost_copr.yml deleted file mode 100644 index cc2e781c2b..0000000000 --- a/playbooks/groups/vmhost_copr.yml +++ /dev/null @@ -1,37 +0,0 @@ -# create a new virthost server system -# This is a copy of the main one which is meant to be limited ONLY to vmhost_copr group for rbac -# NOTE: should be used with --limit most of the time -# NOTE: most of these vars_path come from group_vars/backup_server or from hostvars - -- import_playbook: "/srv/web/infra/ansible/playbooks/include/happy_birthday.yml myhosts=vmhost_copr:!buildvmhost-s390x-01.s390.fedoraproject.org" - -- name: make virthost server system - hosts: vmhost_copr - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - roles: - - base - - rkhunter - - nagios_client - - hosts - - { role: openvpn/client, when: vpn|bool } - - virthost - - ipa/client - - collectd/base - - sudo - - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/include/proxies-redirects.yml b/playbooks/include/proxies-redirects.yml index 17a5361496..49f2bb418a 100644 --- a/playbooks/include/proxies-redirects.yml +++ b/playbooks/include/proxies-redirects.yml @@ -111,6 +111,12 @@ regex: /voting target: https://elections.fedoraproject.org/ + - role: httpd/redirectmatch + shortname: calendar + website: apps.fedoraproject.org + regex: /calendar + target: https://calendar.fedoraproject.org/ + - role: httpd/redirectmatch shortname: mailman website: admin.fedoraproject.org diff --git a/playbooks/include/proxies-reverseproxy.yml b/playbooks/include/proxies-reverseproxy.yml index 74afa85e09..867bb724fa 100644 --- a/playbooks/include/proxies-reverseproxy.yml +++ b/playbooks/include/proxies-reverseproxy.yml @@ -754,5 +754,6 @@ remotepath: / localpath: / proxyurl: http://debuginfod01:8002 + proxyopts: "connectiontimeout=600 timeout=600 keepalive=on" tags: debuginfod diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml index a47c1c693a..69b84346d9 100644 --- a/playbooks/include/proxies-websites.yml +++ b/playbooks/include/proxies-websites.yml @@ -973,7 +973,9 @@ site_name: debuginfod.fedoraproject.org sslonly: true server_aliases: [debuginfod.stg.fedoraproject.org] + x_forward: true cert_name: "{{wildcard_cert_name}}" + gzip: true tags: debuginfod - role: httpd/website diff --git a/playbooks/manual/staging-sync/bodhi.yml b/playbooks/manual/staging-sync/bodhi.yml index c658939171..c3e44023f3 100644 --- a/playbooks/manual/staging-sync/bodhi.yml +++ b/playbooks/manual/staging-sync/bodhi.yml @@ -13,7 +13,7 @@ - service: name=httpd state=stopped - name: bring staging services down (OpenShift web services) - hosts: os-master01.stg.phx2.fedoraproject.org + hosts: os-master01.stg.iad2.fedoraproject.org user: root vars_files: - /srv/web/infra/ansible/vars/global.yml @@ -43,7 +43,7 @@ # Here's the meaty part in the middle - name: drop and re-create the staging db entirely - hosts: pgbdr01.stg.phx2.fedoraproject.org + hosts: pgbdr01.stg.iad2.fedoraproject.org user: root become: yes become_user: postgres @@ -68,7 +68,7 @@ - file: path=/var/tmp/bodhi2.dump state=absent - name: bring staging services up (OpenShift web services) - hosts: os-master01.stg.phx2.fedoraproject.org + hosts: os-master01.stg.iad2.fedoraproject.org user: root vars_files: - /srv/web/infra/ansible/vars/global.yml diff --git a/playbooks/manual/upgrade/bodhi.yml b/playbooks/manual/upgrade/bodhi.yml index 2527a16f33..06339d2717 100644 --- a/playbooks/manual/upgrade/bodhi.yml +++ b/playbooks/manual/upgrade/bodhi.yml @@ -76,7 +76,7 @@ tasks: - set_fact: # This will be a bool that indicates whether we need to run migrations or not. - migrations: "'(head)' not in hostvars['bodhi-backend01{{ env_suffix }}.phx2.fedoraproject.org']['current_migration_version'].stdout" + migrations: "'(head)' not in hostvars['bodhi-backend01{{ env_suffix }}.iad2.fedoraproject.org']['current_migration_version'].stdout" - name: Scale down to 0 pods command: oc -n bodhi scale dc/bodhi-web --replicas=0 when: migrations diff --git a/playbooks/openshift-apps/languages.yml b/playbooks/openshift-apps/languages.yml index 3e143ff25f..afd8fb49d2 100644 --- a/playbooks/openshift-apps/languages.yml +++ b/playbooks/openshift-apps/languages.yml @@ -71,28 +71,28 @@ post_tasks: - name: run initial f.10 import - command: "oc create job stats-10-{{ lookup('pipe','date +%s') }}-init --from=cronjob/stats-10" + command: "oc -n languages create job stats-10-{{ lookup('pipe','date +%s') }}-init --from=cronjob/stats-10" tags: - never - init - f10 - name: run initial f.20 import - command: "oc create job stats-20-{{ lookup('pipe','date +%s') }}-init --from=cronjob/stats-20" + command: "oc -n languages create job stats-20-{{ lookup('pipe','date +%s') }}-init --from=cronjob/stats-20" tags: - never - init - f20 - name: run initial f.30 import - command: "oc create job stats-30-{{ lookup('pipe','date +%s') }}-init --from=cronjob/stats-30" + command: "oc -n languages create job stats-30-{{ lookup('pipe','date +%s') }}-init --from=cronjob/stats-30" tags: - never - init - f30 - name: run initial f.latest import - command: "oc create job stats-latest-{{ lookup('pipe','date +%s') }}-init --from=cronjob/stats-latest" + command: "oc -n languages create job stats-latest-{{ lookup('pipe','date +%s') }}-init --from=cronjob/stats-latest" tags: - never - init diff --git a/playbooks/openshift-apps/solr.yml b/playbooks/openshift-apps/solr.yml index 3238d32c22..3def20137b 100644 --- a/playbooks/openshift-apps/solr.yml +++ b/playbooks/openshift-apps/solr.yml @@ -35,9 +35,21 @@ file: service.yml objectname: service.yml - - command: "oc adm pod-network join-projects --to=solr fedora-packages-static" - - role: openshift/object app: solr file: deploymentconfig.yml objectname: deploymentconfig.yml + +- name: Link solr and fedora-packages-static networks + hosts: os_masters_stg[0] + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + tasks: + - name: Run oc adm command to link solr to other projects + command: "oc adm pod-network join-projects --to=solr fedora-packages-static" diff --git a/roles/badges/frontend/templates/tahrir.ini b/roles/badges/frontend/templates/tahrir.ini index 6dba25849d..7ef6f45382 100644 --- a/roles/badges/frontend/templates/tahrir.ini +++ b/roles/badges/frontend/templates/tahrir.ini @@ -31,7 +31,7 @@ sqlalchemy.url = postgresql://{{tahrirDBUser}}:{{tahrirDBPassword}}@db-tahrir/ta mako.directories=tahrir:templates -tahrir.admin = ralph@fedoraproject.org, puiterwijk@fedoraproject.org, nb@fedoraproject.org, cydrobolt@fedoraproject.org, aikidouke@fedoraproject.org, sayanchowdhury@fedoraproject.org, kevin@fedoraproject.org, jflory7@fedoraproject.org, codeblock@fedoraproject.org, mleonova@fedoraproject.org, churchyard@fedoraproject.org, bex@fedoraproject.org, asamalik@fedoraproject.org, cverna@fedoraproject.org, misc@fedoraproject.org, nasirhm@fedoraproject.org, computerkid@fedoraproject.org +tahrir.admin = nb@fedoraproject.org, sayanchowdhury@fedoraproject.org, kevin@fedoraproject.org, jflory7@fedoraproject.org, codeblock@fedoraproject.org, churchyard@fedoraproject.org, misc@fedoraproject.org, computerkid@fedoraproject.org tahrir.pngs.uri = /usr/share/badges/pngs diff --git a/roles/base/templates/ifcfg.j2 b/roles/base/templates/ifcfg.j2 index 807b0325fc..c6c578f3b2 100644 --- a/roles/base/templates/ifcfg.j2 +++ b/roles/base/templates/ifcfg.j2 @@ -10,8 +10,10 @@ OPTIONS="layer2=1 portno=0" DEFROUTE=yes GATEWAY="{{ gw }}" {% endif %} -{% if hostvars[inventory_hostname].datacenter == 'iad2' %} +{% if hostvars[inventory_hostname].datacenter == 'iad2' and env == 'production' %} DOMAIN="iad2.fedoraproject.org vpn.fedoraproject.org fedoraproject.org" +{% elif hostvars[inventory_hostname].datacenter == 'iad2' and env == 'staging' %} +DOMAIN="stg.iad2.fedoraproject.org iad2.fedoraproject.org vpn.fedoraproject.org fedoraproject.org" {% else %} DOMAIN="vpn.fedoraproject.org fedoraproject.org" {% endif %} diff --git a/roles/batcave/files/retrieve-security-question.py b/roles/batcave/files/retrieve-security-question.py deleted file mode 100755 index 22ceaaad57..0000000000 --- a/roles/batcave/files/retrieve-security-question.py +++ /dev/null @@ -1,107 +0,0 @@ -#!/usr/bin/python -tt -# -*- coding: utf-8 -*- -# Use this script to retrieve the security_question and security_answer from FAS (requires FAS >= 0.8.14) -# Author: Patrick Uiterwijk -# -# Copyright 2012-2021 Patrick Uiterwijk. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# -# 1. Redistributions of source code must retain the above copyright notice, -# this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright notice, -# this list of conditions and the following disclaimer in the documentation -# and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE FEDORA PROJECT ''AS IS'' AND ANY EXPRESS OR -# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO -# EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, -# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, -# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE -# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF -# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# -# The views and conclusions contained in the software and documentation are those -# of the authors and should not be interpreted as representing official policies, -# either expressed or implied, of the Fedora Project. - - -import os -import getpass -import sys -import gpg.core -from fedora.client import AccountSystem -from fedora.client import AuthError -from fedora.client import ServerError -import argparse -from io import BytesIO - - -parser = argparse.ArgumentParser() -parser.add_argument('admin_user', help='The user as which to log in to retrieve the question and answer') -parser.add_argument('target_user', help='The user of which to retrieve the security question and answer') -parser.add_argument('--verbose', action='store_true') -parser.add_argument('--no-answer', action='store_true', help='Only show the question, do not decrypt the answer') -parser.add_argument('--site', help='The FAS URL to get the information from') -parser.add_argument('--insecure', action='store_true', default=False, - help='Do not check the certificate for the server. *WARNING*: Only use this for testing') -parser.add_argument('--gpg_home', help='The directory where secring.gpg and pubring.gpg reside') -args = parser.parse_args() - -args.admin_pass = getpass.getpass() - -if args.site == None: - args.site = 'https://admin.fedoraproject.org/accounts/' - -if args.verbose: - print('Using site: %(site)s' % {'site': args.site}) - -if args.verbose: - if args.gpg_home == None: - print('Using default gpg_home') - else: - print('Using gpg_home: %(gpghome)s' % {'gpghome': args.gpg_home}) - -if args.gpg_home != None: - os.putenv('GNUPGHOME', args.gpg_home) - -fas = AccountSystem(args.site, username=args.admin_user, password=args.admin_pass, insecure=args.insecure) - -if args.verbose: - print('Getting user details...') -try: - details = fas.person_by_username(args.target_user) -except AuthError: - print('Failed to login to FAS. Please check admin_user and admin_pass!') - sys.exit(2) -except ServerError: - print('Failed to retrieve user details: the server reported an error!') - sys.exit(3) - -if not 'username' in list(details.keys()): - print('Error: user %(username)s is not known on this FAS site!' % {'username': args.target_user}) - sys.exit(4) - -if not 'security_question' in list(details.keys()): - print('Error: security_question was not retrieved by FAS! Are you sure you are using FAS >= 0.8.14, and that admin_user has the privileges to retrieve security_question?') - sys.exit(5) - -if details.security_question == None or details.security_answer == None: - print('Error: unable to retrieve security_question or security_answer. Are you sure you have privileges to return this information?') - sys.exit(6) - -if not args.no_answer: - if args.verbose: - print('Decrypting answer...') - cipher = BytesIO(details.security_answer.encode('utf-8')) - ctx = gpg.core.Context() - plain = ctx.decrypt(cipher)[0].decode('utf8') - details.security_answer = plain - -print('Security question: %(question)s' % {'question': details.security_question}) -if not args.no_answer: - print('Security answer: %(answer)s' % {'answer': details.security_answer}) diff --git a/roles/batcave/tasks/main.yml b/roles/batcave/tasks/main.yml index d466533057..8dae52bbbe 100644 --- a/roles/batcave/tasks/main.yml +++ b/roles/batcave/tasks/main.yml @@ -238,17 +238,6 @@ - config -# -# Script used to gather encrypted security questions from fas -# - -- name: setup /usr/local/bin/retrieve-security-question.py - copy: src=retrieve-security-question.py dest=/usr/local/bin/retrieve-security-question.py mode=0755 - tags: - - batcave - - config - - # The zodbot server must allow TCP on whatever port zodbot is listening on # for this to work (currently TCP port 5050). # Once that is done, you can symlink /usr/local/bin/zodbot-announce-commits.py diff --git a/roles/bodhi2/base/templates/production.ini.j2 b/roles/bodhi2/base/templates/production.ini.j2 index 5791879f31..47535f00d1 100644 --- a/roles/bodhi2/base/templates/production.ini.j2 +++ b/roles/bodhi2/base/templates/production.ini.j2 @@ -592,10 +592,7 @@ f{{ FedoraBranchedNumber }}.pre_beta.critpath.min_karma = 1 f{{ FedoraBranchedNumber }}.pre_beta.critpath.stable_after_days_without_negative_karma = 14 {% elif FedoraBranchedBodhi is defined and FedoraBranchedBodhi == 'postbeta' %} f{{ FedoraBranchedNumber }}.status = post_beta -#f{{ FedoraBranchedNumber }}.post_beta.mandatory_days_in_testing = 7 -#fesco has decided that since this cycle is so short, we will keep 3 days in testing until release. -#This should change to 7 after release. -f{{ FedoraBranchedNumber }}.post_beta.mandatory_days_in_testing = 3 +f{{ FedoraBranchedNumber }}.post_beta.mandatory_days_in_testing = 7 f{{ FedoraBranchedNumber }}.post_beta.critpath.min_karma = 2 f{{ FedoraBranchedNumber }}.post_beta.critpath.stable_after_days_without_negative_karma = 14 {% endif %} diff --git a/roles/copr/backend/templates/lighttpd/dir-generator.php.j2 b/roles/copr/backend/templates/lighttpd/dir-generator.php.j2 index 53f2964ddb..b149c7606c 100755 --- a/roles/copr/backend/templates/lighttpd/dir-generator.php.j2 +++ b/roles/copr/backend/templates/lighttpd/dir-generator.php.j2 @@ -244,7 +244,7 @@ if($path != "./") { // Print folder information foreach($folderlist as $folder) { print "" .htmlentities($folder['name']). "/"; - print "" . date('Y-M-d H:m:s', $folder['modtime']) . ""; + print "" . date('Y-M-d H:i:s', $folder['modtime']) . ""; print "" . (($calculate_folder_size)?format_bytes($folder['size'], 2):'--') . " "; print "" . $folder['file_type'] . ""; } @@ -255,7 +255,7 @@ foreach($folderlist as $folder) { // Print file information foreach($filelist as $file) { print "" .htmlentities($file['name']). ""; - print "" . date('Y-M-d H:m:s', $file['modtime']) . ""; + print "" . date('Y-M-d H:i:s', $file['modtime']) . ""; print "" . format_bytes($file['size'],2) . " "; print "" . $file['file_type'] . ""; } diff --git a/roles/copr/frontend-cloud/tasks/httpd.yml b/roles/copr/frontend-cloud/tasks/httpd.yml index e97fc0f407..c50198e33e 100644 --- a/roles/copr/frontend-cloud/tasks/httpd.yml +++ b/roles/copr/frontend-cloud/tasks/httpd.yml @@ -82,3 +82,11 @@ regexp: '^LoadModule substitute_module modules/mod_substitute.so' line: '#LoadModule substitute_module modules/mod_substitute.so' +- name: Keep httpd master running when child is OOM killed, rhbz#1947475 + ini_file: + path: /usr/lib/systemd/system/httpd.service + section: Service + option: OOMPolicy + value: continue + backup: yes + notify: restart apache diff --git a/roles/copr/frontend-cloud/templates/httpd/coprs.conf b/roles/copr/frontend-cloud/templates/httpd/coprs.conf index 7f437c44b7..9812588ba2 100644 --- a/roles/copr/frontend-cloud/templates/httpd/coprs.conf +++ b/roles/copr/frontend-cloud/templates/httpd/coprs.conf @@ -4,6 +4,7 @@ Alias "/db_dumps/" "/var/www/html/db_dumps/" WSGIDaemonProcess 127.0.0.1 user=copr-fe group=copr-fe processes=4 threads=5 display-name=other maximum-requests=8000 restart-interval=300 graceful-timeout=20 WSGIDaemonProcess api user=copr-fe group=copr-fe processes=2 threads=15 display-name=api maximum-requests=8000 graceful-timeout=20 +WSGIDaemonProcess api-memory-leak user=copr-fe group=copr-fe processes=2 threads=1 display-name=api-memory-leak maximum-requests=10 graceful-timeout=20 WSGIDaemonProcess backend user=copr-fe group=copr-fe processes=2 threads=15 display-name=backend maximum-requests=8000 graceful-timeout=20 WSGIDaemonProcess stats user=copr-fe group=copr-fe processes=2 threads=15 display-name=stats maximum-requests=8000 graceful-timeout=20 WSGIDaemonProcess tmp user=copr-fe group=copr-fe processes=2 threads=15 display-name=tmp maximum-requests=8000 graceful-timeout=20 @@ -71,6 +72,9 @@ WSGIApplicationGroup %{GLOBAL} WSGIProcessGroup upload + + WSGIProcessGroup api-memory-leak + WSGIProcessGroup upload diff --git a/roles/dns/files/named.conf b/roles/dns/files/named.conf index ffee5d389e..14af8f83b4 100644 --- a/roles/dns/files/named.conf +++ b/roles/dns/files/named.conf @@ -37,9 +37,11 @@ options { pid-file "/var/run/named/named.pid"; statistics-file "/var/log/named.stats"; provide-ixfr no; + tcp-clients 1000; version "cowbell++"; - listen-on port 53 { + + listen-on port 53 { any; }; listen-on-v6 port 53 { diff --git a/roles/fas_client/files/aliases.template b/roles/fas_client/files/aliases.template index 8789b30f3d..228319afc7 100644 --- a/roles/fas_client/files/aliases.template +++ b/roles/fas_client/files/aliases.template @@ -141,7 +141,7 @@ cvs-sysadmin: fedora-sysadmin-list@redhat.com # this email address no longer exists internally (2020-06?) and is # causing large amounts of bouncebacks and weighing email down from -# our servers in the RH scanners. +# our servers in the RH scanners. legal-cla-archive: /dev/null vendors: distribution-members @@ -255,6 +255,7 @@ rbergeron: rbergero jwf: jflory7 axk4545: abkahrs bexelbie: bex +bt0dotninja: bt0 # Mirror admin alias mirror-admin: mirror-admin@lists.fedoraproject.org diff --git a/roles/fasjson/files/aliases.static b/roles/fasjson/files/aliases.static index 6c763b9dfe..3e54475bf1 100644 --- a/roles/fasjson/files/aliases.static +++ b/roles/fasjson/files/aliases.static @@ -141,7 +141,7 @@ cvs-sysadmin: fedora-sysadmin-list@redhat.com # this email address no longer exists internally (2020-06?) and is # causing large amounts of bouncebacks and weighing email down from -# our servers in the RH scanners. +# our servers in the RH scanners. legal-cla-archive: /dev/null vendors: distribution-members @@ -255,6 +255,7 @@ rbergeron: rbergero jwf: jflory7 axk4545: abkahrs bexelbie: bex +bt0dotninja: bt0 # Mirror admin alias mirror-admin: mirror-admin@lists.fedoraproject.org diff --git a/roles/fasjson/templates/fasjson-aliases.j2 b/roles/fasjson/templates/fasjson-aliases.j2 index 1ee1356e24..d01f54da37 100644 --- a/roles/fasjson/templates/fasjson-aliases.j2 +++ b/roles/fasjson/templates/fasjson-aliases.j2 @@ -2,6 +2,7 @@ import os import sys import tempfile +import subprocess from fasjson_client import Client, errors @@ -17,7 +18,7 @@ def gen_all_aliases(): client = Client(url=fasjson_url) try: - users = client.list_users().result + users = client.list_group_members(groupname="fedora-contributor").result groups = client.list_groups().result temporary_file = tempfile.NamedTemporaryFile( "w+", delete=False, dir=os.getcwd() @@ -29,26 +30,24 @@ def gen_all_aliases(): temp.write(line) for user in users: username = user['username'] - email = user['emails'][0] + userinfo = client.get_user(username=username).result + email = userinfo['emails'][0] temp.write(f'{username}: {email} \n') for group in groups: groupname = group['groupname'] - # even though there are no admins of groups anymore - # we should probably leave this here and just - # link to the sponsors list - temp.write( - f'{groupname}-administrators: {groupname}-sponsors \n' - ) - sponsor_list = ','.join( sponsor['username'] for sponsor in client.list_group_sponsors( groupname=groupname).result ) - temp.write(f"{groupname}-sponsors: {sponsor_list} \n") + if sponsor_list: + temp.write( + f'{groupname}-administrators: {groupname}-sponsors \n' + ) + temp.write(f"{groupname}-sponsors: {sponsor_list} \n") member_list = ','.join( member['username'] @@ -56,7 +55,9 @@ def gen_all_aliases(): groupname=groupname).result ) - temp.write(f"{groupname}-members: {member_list} \n") + if member_list: + temp.write(f"{groupname}-members: {member_list} \n") + rename(temporary_file.name, aliases_file) except errors.APIError as e: print(f"Something went wrong querying the fasjson API. {e}", file=sys.stderr) @@ -114,16 +115,18 @@ def main(): # Use the system's keytab for authentication os.environ["KRB5_CLIENT_KTNAME"] = "/etc/krb5.keytab" - try: - if not args: - gen_all_aliases() - elif len(args) == 2 and args[0] == "update": - update_user(args[1]) - else: - print(f"Usage: {sys.argv[0]} [update ]", file=sys.stderr) - raise RuntimeError() - except Exception: - sys.exit(1) + if not args: + gen_all_aliases() + # call newaliases script so postfix gets updated + subprocess.check_call(['/usr/bin/newaliases']) + elif len(args) == 2 and args[0] == "update": + update_user(args[1]) + # call newaliases script so postfix gets updated + subprocess.check_call(['/usr/bin/newaliases']) + else: + print(f"Usage: {sys.argv[0]} [update ]", file=sys.stderr) + exit(1) + if __name__ == "__main__": main() diff --git a/roles/httpd/reverseproxy/tasks/main.yml b/roles/httpd/reverseproxy/tasks/main.yml index 23e37d9399..9ed5604877 100644 --- a/roles/httpd/reverseproxy/tasks/main.yml +++ b/roles/httpd/reverseproxy/tasks/main.yml @@ -5,6 +5,7 @@ # - proxyurl # - rewrite # - keephost +# - proxyopts - name: Set OpenShift information if not preconfigured set_fact: diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.conf b/roles/httpd/reverseproxy/templates/reversepassproxy.conf index 2c3a2dd956..28b72b0473 100644 --- a/roles/httpd/reverseproxy/templates/reversepassproxy.conf +++ b/roles/httpd/reverseproxy/templates/reversepassproxy.conf @@ -64,6 +64,6 @@ RewriteRule .* "balancer://{{ balancer_name }}-websocket%{REQUEST_URI}" [P] ProxyPass {{ localpath }} "balancer://{{balancer_name}}{{remotepath}}" ProxyPassReverse {{ localpath }} "balancer://{{balancer_name}}{{remotepath}}" {% else %} -ProxyPass {{ localpath }} {{ proxyurl }}{{remotepath}} +ProxyPass {{ localpath }} {{ proxyurl }}{{remotepath}} {{ proxyopts }} ProxyPassReverse {{ localpath }} {{ proxyurl }}{{remotepath}} {% endif %} diff --git a/roles/httpd/reverseproxy/vars/main.yml b/roles/httpd/reverseproxy/vars/main.yml index 7bf5f2354f..d88f2e67d1 100644 --- a/roles/httpd/reverseproxy/vars/main.yml +++ b/roles/httpd/reverseproxy/vars/main.yml @@ -7,3 +7,4 @@ header_scheme: false keephost: false targettype: plain http_not_https_yes_this_is_insecure_and_i_feel_bad: false +proxyopts: "" diff --git a/roles/httpd/website/templates/website.conf b/roles/httpd/website/templates/website.conf index d759139128..705fee06ee 100644 --- a/roles/httpd/website/templates/website.conf +++ b/roles/httpd/website/templates/website.conf @@ -6,7 +6,11 @@ ServerAdmin {{ server_admin }} TraceEnable Off +{% if x_forward %} +# RequestHeader unset X-Forwarded-For +{% else %} RequestHeader unset X-Forwarded-For +{% endif %} {% if gzip %} SetOutputFilter DEFLATE @@ -46,7 +50,11 @@ {% endif %} ServerAdmin {{ server_admin }} +{% if x_forward %} +# RequestHeader unset X-Forwarded-For +{% else %} RequestHeader unset X-Forwarded-For +{% endif %} {% if ansible_distribution == 'Fedora' and use_h2 %} Protocols h2 http/1.1 diff --git a/roles/ipa/client/files/fedora-nss-ignore.conf.staging b/roles/ipa/client/files/fedora-nss-ignore.conf.staging new file mode 100644 index 0000000000..d0d0023615 --- /dev/null +++ b/roles/ipa/client/files/fedora-nss-ignore.conf.staging @@ -0,0 +1,6 @@ +## This file contains users who are in ipa to stop people from +## creating restricted accounts but we want to make sure the id in +## /etc/passwd and /etc/group are used. +[nss] +filter_users = root,bin,daemon,adm,lp,sync,shutdown,halt,mail,operator,games,ftp,nobody,avahi-autoipd,dbus,polkitd,rpc,tss,ntp,rpcuser,nfsnobody,postfix,sshd,nagios,nrpe,openvpn,,chrony,sssd,named,mock +filter_groups = root,bin,daemon,sys,adm,tty,disk,lp,mem,kmem,wheel,cdrom,mail,man,dialout,floppy,games,tape,video,ftp,lock,audio,nobody,users,utmp,utempter,avahi-autoipd,ssh_keys,systemd-journal,dbus,rpc,tss,ntp,dip,rpcuser,nfsnobody,postdrop,postfix,sshd,screen,nagios,nrpe,openvpn,input,systemd-bus-proxy,systemd-network,cgred,chrony,printadmin,sssd,named,mock diff --git a/roles/ipa/client/tasks/main.yml b/roles/ipa/client/tasks/main.yml index 1aa1e7691a..b83257387d 100644 --- a/roles/ipa/client/tasks/main.yml +++ b/roles/ipa/client/tasks/main.yml @@ -79,3 +79,14 @@ notify: - restart sssd - clean sss caches + when: env == "production" + +- name: Ensure that nss knows to skip certain users + copy: src=fedora-nss-ignore.conf.staging dest=/etc/sssd/conf.d/fedora-nss-ignore.conf mode=600 owner=root group=root + tags: + - ipa/client + - config + notify: + - restart sssd + - clean sss caches + when: env == "staging" diff --git a/roles/ipa/client/tasks/prepare-ipa-info.yml b/roles/ipa/client/tasks/prepare-ipa-info.yml index 1a518df9a4..ead4fbeda1 100644 --- a/roles/ipa/client/tasks/prepare-ipa-info.yml +++ b/roles/ipa/client/tasks/prepare-ipa-info.yml @@ -40,6 +40,7 @@ # "host_group_1": { # "shell_groups": [...], # "sudo_groups": [...], +# "sudo_nopasswd_groups": [...], # "hosts": { # <-- This could be a list with Ansible >= 2.10 # "host_1": true, # ..., @@ -85,6 +86,8 @@ (ipa_hosts_combined_shell_groups_dict[item] | length > 0) | ternary(ipa_hosts_combined_shell_groups_dict[item], omit), 'sudo_groups': hostvars[item]['ipa_client_sudo_groups'] | default(omit), + 'sudo_nopasswd_groups': + hostvars[item]['ipa_client_sudo_nopasswd_groups'] | default(omit), 'hosts': {item: true}, } } @@ -99,6 +102,8 @@ hostvars[item]['ipa_server']: { 'groups': ipa_hosts_combined_shell_groups_dict[item] | union( hostvars[item]['ipa_client_sudo_groups'] | default([]) + ) | union( + hostvars[item]['ipa_client_sudo_nopasswd_groups'] | default([]) ), 'hosts': {item: True}, } diff --git a/roles/ipa/client/tasks/sudo.yml b/roles/ipa/client/tasks/sudo.yml index 33a7fda035..31c6d536ab 100644 --- a/roles/ipa/client/tasks/sudo.yml +++ b/roles/ipa/client/tasks/sudo.yml @@ -34,3 +34,20 @@ notify: clean sss caches loop: "{{ ipa_server_host_groups }}" when: ipa_server_host_groups is defined and ipa_server_host_groups_dict[item[0]][item[1]]['sudo_groups'] is defined + +- name: Give certain groups passwordless sudo access to anything per host group + delegate_to: "{{ item[0] }}" + ipasudorule: + name: "hostgroup/{{ item[1] }}/nopasswd" + description: "Grant passwordless sudo access to anything on host group {{ item[1] }}" + ipaadmin_password: "{{ ipa_server_admin_passwords[item[0]] }}" + state: present + group: "{{ ipa_server_host_groups_dict[item[0]][item[1]]['sudo_nopasswd_groups'] }}" + hostgroup: "{{ item[1] }}" + cmdcategory: "all" + runasusercategory: "all" + runasgroupcategory: "all" + options: "!authenticate" + notify: clean sss caches + loop: "{{ ipa_server_host_groups }}" + when: ipa_server_host_groups is defined and ipa_server_host_groups_dict[item[0]][item[1]]['sudo_nopasswd_groups'] is defined diff --git a/roles/ipa/server/tasks/main.yml b/roles/ipa/server/tasks/main.yml index 8f688332dd..ff4cce3816 100644 --- a/roles/ipa/server/tasks/main.yml +++ b/roles/ipa/server/tasks/main.yml @@ -629,3 +629,20 @@ copy: src: data-only-backup dest: "/etc/cron.d/data-only-backup" + +- name: Ensure python dep is present + pip: + name: python-freeipa + tags: + - ipa/server + - otp_script + +- name: Copy file for checking if sysadmins have otp set + template: + src: check_sysadmin_otp.py.j2 + dest: /root/check_sysadmin_otp.py + owner: root + group: root + tags: + - ipa/server + - otp_script diff --git a/roles/ipa/server/templates/check_sysadmin_otp.py.j2 b/roles/ipa/server/templates/check_sysadmin_otp.py.j2 new file mode 100644 index 0000000000..ed00002aa4 --- /dev/null +++ b/roles/ipa/server/templates/check_sysadmin_otp.py.j2 @@ -0,0 +1,80 @@ +import argparse +import json +from python_freeipa import ClientMeta + + + + +def login(args): + client = ClientMeta(host=args.server_address, verify_ssl=args.cert_path) + client.login(args.username, args.password) + + return client + +def get_sysadmins(client): + groups = client.group_find('sysadmin-') + + sysadmins = [] + + print('Gethering all members from sysadmin-* groups') + + for group in groups['result']: + try: + sysadmins = sysadmins + list(set(group['member_user']) - set(sysadmins)) + except KeyError: + print('No members of group: ' + group['cn'][0]) + + return sysadmins + +def checkotp_tokens(client): + + sysadmins = get_sysadmins(client) + print("There is " + str(len(sysadmins)) + " sysadmins in the system") + + tokenless = [] + + print('Checking which users have an otp token assigned') + + for sysadmin in sysadmins: + is_token = client.otptoken_find(o_ipatokenowner=sysadmin) + if len(is_token['result']) == 0: + tokenless.append(sysadmin) + + print("There are " + str(len(tokenless)) + " sysadmins without otptokens") + + return tokenless + +def get_email(client, users): + + print('Gathering emails of the users with no tokens') + + user_details = [] + for user in users: + email = client.user_show(user)['result']['mail'][0] + user_details.append({'user': user, 'email': email}) + + return user_details + +def parse_args(): + parser = argparse.ArgumentParser(description="Check for sysadmin users with no otp token set, admin credentials are required to run script") + parser.add_argument("-u", "--username", default="admin", help="ipa user to use") + parser.add_argument("-c", "--cert-path", default="/etc/ipa/ca.crt", help="location of ipa cert") + parser.add_argument("-s", "--server-address", default="ipa01{{ env_suffix }}.iad2.fedoraproject.org", help="server to run against") + parser.add_argument("-p", "--password", help="ipa user password", required=True) + + + args = parser.parse_args() + return args + +def do_it(client): + + tokenless_sysadmins = checkotp_tokens(client) + user_details = get_email(client, tokenless_sysadmins) + print("Details are in the file tokenless_users.json") + with open('tokenless_users.json', 'w') as outfile: + json.dump(user_details, outfile) + +if __name__ == "__main__": + args = parse_args() + client = login(args) + do_it(client) diff --git a/roles/koji_builder/tasks/main.yml b/roles/koji_builder/tasks/main.yml index 809c151144..0fa411b608 100644 --- a/roles/koji_builder/tasks/main.yml +++ b/roles/koji_builder/tasks/main.yml @@ -62,7 +62,7 @@ tags: - koji_builder -- name: add pkgs +- name: add pkgs (production) package: state: present name: @@ -93,9 +93,42 @@ - imagefactory-plugins-RHEVM - pykickstart - nosync + when: env == "production" tags: - koji_builder +- name: add pkgs (staging) + package: + state: present + name: + - koji-builder + - koji-builder-plugins + - python3-koji + - koji-containerbuild-builder + - strace + - mock + - kernel-firmware + - kernel-modules + - rsyslog + - audit + - pycdio + - python3-kickstart + - libvirt-client + - oz + - imagefactory + - imagefactory-plugins-TinMan + - imagefactory-plugins-Docker + - imagefactory-plugins-GCE + - imagefactory-plugins-vSphere + - imagefactory-plugins-ovfcommon + - imagefactory-plugins + - imagefactory-plugins-OVA + - imagefactory-plugins-RHEVM + - pykickstart + - nosync + when: env == "staging" + tags: + - koji_builder # # rpmautospec plugin # diff --git a/roles/openqa/server/templates/openqa.ini.j2 b/roles/openqa/server/templates/openqa.ini.j2 index aa87a2e9c7..d2b5faca24 100644 --- a/roles/openqa/server/templates/openqa.ini.j2 +++ b/roles/openqa/server/templates/openqa.ini.j2 @@ -1,4 +1,5 @@ [global] +audit_enabled = 0 branding = plain base_url = https://{{ external_hostname }} download_domains = fedoraproject.org @@ -13,12 +14,26 @@ topic_prefix = {{ openqa_amqp_publisher_prefix }} url = {{ openqa_amqp_publisher_url }} exchange = {{ openqa_amqp_publisher_exchange }} +[audit/storage_duration] +startup = 7 +jobgroup = 7 +jobtemplate = 7 +table = 7 +iso = 7 +user = 7 +asset = 7 +needle = 7 +other = 7 + [auth] method=OpenID [logging] level=info +[misc_limits] +asset_cleanup_max_free_percentage = 20 + [openid] provider = https://id.fedoraproject.org/ httpsonly = 1 diff --git a/roles/openshift-apps/fedocal/templates/buildconfig.yml b/roles/openshift-apps/fedocal/templates/buildconfig.yml index 91c32940a5..19f8e9e614 100644 --- a/roles/openshift-apps/fedocal/templates/buildconfig.yml +++ b/roles/openshift-apps/fedocal/templates/buildconfig.yml @@ -14,7 +14,7 @@ spec: git: uri: https://pagure.io/fedocal.git {% if env == 'staging' %} - ref: "debug" + ref: "staging" {% else %} ref: "production" {% endif %} diff --git a/roles/openshift-apps/noggin/templates/noggin.cfg.py b/roles/openshift-apps/noggin/templates/noggin.cfg.py index 70e8de5e30..ca02f9479d 100644 --- a/roles/openshift-apps/noggin/templates/noggin.cfg.py +++ b/roles/openshift-apps/noggin/templates/noggin.cfg.py @@ -25,7 +25,7 @@ SESSION_COOKIE_SECURE = True FREEIPA_ADMIN_USER = "noggin" # How many minutes before a password reset request expires -PASSWORD_RESET_EXPIRATION = 10 +PASSWORD_RESET_EXPIRATION = 30 # Email MAIL_FROM = "Fedora Account System " diff --git a/roles/openshift-apps/oraculum/templates/deploymentconfig.yml b/roles/openshift-apps/oraculum/templates/deploymentconfig.yml index 667804a2f7..a4b7f71a1a 100644 --- a/roles/openshift-apps/oraculum/templates/deploymentconfig.yml +++ b/roles/openshift-apps/oraculum/templates/deploymentconfig.yml @@ -77,18 +77,20 @@ spec: {% else %} value: "bastion.iad2.fedoraproject.org;;;watchdog@packager-dashboard.fedoraproject.org;" {% endif %} + - name: BZ_API_KEY + value: "{{ oraculum_bz_api_key }}" volumeMounts: - name: oraculum-secret-volume mountPath: /opt/app-root/secret/ readOnly: true readinessProbe: - timeoutSeconds: 1 + timeoutSeconds: 5 initialDelaySeconds: 5 httpGet: path: / port: 8080 livenessProbe: - timeoutSeconds: 1 + timeoutSeconds: 15 initialDelaySeconds: 30 httpGet: path: / @@ -176,6 +178,8 @@ spec: {% else %} value: "bastion.iad2.fedoraproject.org;;;watchdog@packager-dashboard.fedoraproject.org;" {% endif %} + - name: BZ_API_KEY + value: "{{ oraculum_bz_api_key }}" volumeMounts: - name: oraculum-secret-volume mountPath: /opt/app-root/secret/ @@ -259,6 +263,8 @@ spec: {% else %} value: "bastion.iad2.fedoraproject.org;;;watchdog@packager-dashboard.fedoraproject.org;" {% endif %} + - name: BZ_API_KEY + value: "{{ oraculum_bz_api_key }}" volumeMounts: - name: oraculum-secret-volume mountPath: /opt/app-root/secret/ @@ -344,6 +350,8 @@ spec: {% else %} value: "bastion.iad2.fedoraproject.org;;;watchdog@packager-dashboard.fedoraproject.org;" {% endif %} + - name: BZ_API_KEY + value: "{{ oraculum_bz_api_key }}" volumeMounts: - name: oraculum-secret-volume mountPath: /opt/app-root/secret/ diff --git a/roles/openshift-apps/testdays/templates/buildconfig.yml b/roles/openshift-apps/testdays/templates/buildconfig.yml index cf3e59d114..a0870f2ef9 100644 --- a/roles/openshift-apps/testdays/templates/buildconfig.yml +++ b/roles/openshift-apps/testdays/templates/buildconfig.yml @@ -44,11 +44,7 @@ spec: type: Git git: uri: https://pagure.io/taskotron/resultsdb.git -{% if env == 'staging' %} - ref: "openshift_WIP" -{% else %} - ref: "openshift_WIP" -{% endif %} + ref: "develop" strategy: type: Source sourceStrategy: diff --git a/roles/openshift-apps/toddlers/templates/fedora-messaging.toml b/roles/openshift-apps/toddlers/templates/fedora-messaging.toml index efa779cb69..a879c43a84 100644 --- a/roles/openshift-apps/toddlers/templates/fedora-messaging.toml +++ b/roles/openshift-apps/toddlers/templates/fedora-messaging.toml @@ -91,7 +91,7 @@ dist_git_token = "private random string to change" email_overrides_file = "/etc/fedora-messaging/email_overrides.toml" # List of accounts we do not want to report about -ignorable_accounts = ["packagerbot", "zuul"] +ignorable_accounts = ["packagerbot", "zuul", "cockpit"] # Temp folder to use for toddlers temp files temp_folder = "/var/tmp" diff --git a/roles/openvpn/base/tasks/main.yml b/roles/openvpn/base/tasks/main.yml index 11b5985f4f..749dcb8e58 100644 --- a/roles/openvpn/base/tasks/main.yml +++ b/roles/openvpn/base/tasks/main.yml @@ -9,30 +9,8 @@ tags: - openvpn - packages - when: ansible_distribution_major_version|int < 8 and ansible_distribution == 'RedHat' -- name: Install needed package (dnf) - package: - state: present - name: - - openvpn - tags: - - openvpn - - packages - when: ansible_distribution_major_version|int > 7 and ansible_cmdline.ostree is not defined - -- name: Install certificate and key (rhel6) - copy: src={{ private }}/files/vpn/pki/ca.crt - dest=/etc/openvpn/ca.crt - owner=root group=root mode=0600 - tags: - - install - - openvpn - #notify: - #- restart openvpn (RHEL6) - when: ansible_distribution_major_version|int == 6 and ansible_distribution == 'RedHat' - -- name: Install certificate and key (rhel7+) for client +- name: Install ca for client copy: src={{ private }}/files/vpn/pki/ca.crt dest=/etc/openvpn/client/ca.crt owner=root group=root mode=0600 @@ -41,20 +19,8 @@ - openvpn #notify: #- restart openvpn (RHEL7+) - when: ( ansible_distribution_major_version|int >= 7 and ansible_distribution == 'RedHat' ) and ansible_cmdline.ostree is not defined -- name: Install certificate and key (Fedora) for client - copy: src={{ private }}/files/vpn/pki/ca.crt - dest=/etc/openvpn/client/ca.crt - owner=root group=root mode=0600 - tags: - - install - - openvpn - #notify: - #- restart openvpn (Fedora) - when: ( ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora' ) and ansible_cmdline.ostree is not defined - -- name: Install certificate and key (fedora) for server +- name: Install ca for server copy: src={{ private }}/files/vpn/pki/ca.crt dest=/etc/openvpn/server/ca.crt owner=root group=root mode=0600 @@ -63,18 +29,6 @@ - openvpn #notify: #- restart openvpn (Fedora) - when: ( ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora' ) and ansible_cmdline.ostree is not defined - -- name: Install certificate and key (rhel7+) for server - copy: src={{ private }}/files/vpn/pki/ca.crt - dest=/etc/openvpn/server/ca.crt - owner=root group=root mode=0600 - tags: - - install - - openvpn - #notify: - #- restart openvpn (RHEL7+) - when: ( ansible_distribution_major_version|int >= 7 and ansible_distribution == 'RedHat' ) and ansible_cmdline.ostree is not defined - name: Install certificate and key (rhel7 or fedora) for server copy: src={{ private }}/files/vpn/pki/ca.crt diff --git a/roles/openvpn/client/tasks/main.yml b/roles/openvpn/client/tasks/main.yml index d382c50a86..404518d56b 100644 --- a/roles/openvpn/client/tasks/main.yml +++ b/roles/openvpn/client/tasks/main.yml @@ -9,29 +9,8 @@ tags: - packages - openvpn - when: ansible_distribution_major_version|int < 8 and ansible_distribution == 'RedHat' -- name: Install needed packages - package: - state: present - name: - - openvpn - tags: - - packages - - openvpn - when: ansible_distribution_major_version|int > 7 and ansible_distribution == 'RedHat' and ansible_cmdline.ostree is not defined - -- name: Install needed packages - package: - state: present - name: - - openvpn - tags: - - packages - - openvpn - when: ansible_distribution_major_version|int > 29 and ansible_distribution == 'Fedora' and ansible_cmdline.ostree is not defined - -- name: Install main config file (rhel7 and fedora) +- name: Install main config file template: src=client.conf dest=/etc/openvpn/client/openvpn.conf owner=root group=root mode=0644 @@ -41,7 +20,6 @@ # notify: # - restart openvpn (Fedora) # - restart openvpn (RHEL6+) - when: (ansible_distribution == 'RedHat' or ansible_distribution == 'Fedora') and ansible_cmdline.ostree is not defined - name: Install configuration files (rhel7 and fedora) copy: src={{ item.file }} @@ -60,46 +38,9 @@ # notify: # - restart openvpn (Fedora) # - restart openvpn (RHEL7) - when: (ansible_distribution_major_version|int >= 7 and ansible_distribution == 'RedHat') or (ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora') and ansible_cmdline.ostree is not defined - -- name: Install configuration files (rhel6) - copy: src={{ item.file }} - dest={{ item.dest }} - owner=root group=root mode={{ item.mode }} - with_items: - - { file: client.conf, - dest: /etc/openvpn/openvpn.conf, - mode: '0644' } - - { file: "{{ private }}/files/vpn/pki/issued/{{ inventory_hostname }}.crt", - dest: "/etc/openvpn/client.crt", - mode: '0600' } - - { file: "{{ private }}/files/vpn/pki/private/{{ inventory_hostname }}.key", - dest: "/etc/openvpn/client.key", - mode: '0600' } - tags: - - install - - openvpn -# notify: -# - restart openvpn (RHEL6) - when: (ansible_distribution_major_version|int == 6 and ansible_distribution == 'RedHat') and ansible_cmdline.ostree is not defined - -- name: enable openvpn service for rhel 6 - service: name=openvpn state=started enabled=true - when: ansible_distribution_major_version|int == 6 and ansible_distribution == 'RedHat' - tags: - - service - - openvpn - -- name: Make sure old openvpn is not running in rhel 7 - service: name=openvpn@openvpn state=stopped enabled=false - when: ansible_distribution_major_version|int == 7 and ansible_distribution == 'RedHat' - tags: - - service - - openvpn - name: Make sure openvpn is running in rhel 7+ service: name=openvpn-client@openvpn state=started enabled=true - when: ansible_distribution_major_version|int >= 7 and ansible_distribution == 'RedHat' tags: - service - openvpn diff --git a/roles/openvpn/server/files/ccd/aarch64-test01.fedorainfracloud.org b/roles/openvpn/server/files/ccd/aarch64-test01.fedorainfracloud.org new file mode 100644 index 0000000000..9e5ec009a4 --- /dev/null +++ b/roles/openvpn/server/files/ccd/aarch64-test01.fedorainfracloud.org @@ -0,0 +1,2 @@ +# ifconfig-push actualIP PtPIP +ifconfig-push 192.168.100.21 192.168.100.21 diff --git a/roles/openvpn/server/files/ccd/el7-test.fedorainfracloud.org b/roles/openvpn/server/files/ccd/el7-test.fedorainfracloud.org new file mode 100644 index 0000000000..7d9fe85722 --- /dev/null +++ b/roles/openvpn/server/files/ccd/el7-test.fedorainfracloud.org @@ -0,0 +1,2 @@ +# ifconfig-push actualIP PtPIP +ifconfig-push 192.168.100.18 192.168.100.18 diff --git a/roles/openvpn/server/files/ccd/el8-test.fedorainfracloud.org b/roles/openvpn/server/files/ccd/el8-test.fedorainfracloud.org new file mode 100644 index 0000000000..5ca0f994a6 --- /dev/null +++ b/roles/openvpn/server/files/ccd/el8-test.fedorainfracloud.org @@ -0,0 +1,2 @@ +# ifconfig-push actualIP PtPIP +ifconfig-push 192.168.100.19 192.168.100.19 diff --git a/roles/openvpn/server/files/ccd/f32-test.fedorainfracloud.org b/roles/openvpn/server/files/ccd/f32-test.fedorainfracloud.org new file mode 100644 index 0000000000..7cc82fd473 --- /dev/null +++ b/roles/openvpn/server/files/ccd/f32-test.fedorainfracloud.org @@ -0,0 +1,2 @@ +# ifconfig-push actualIP PtPIP +ifconfig-push 192.168.100.14 192.168.100.14 diff --git a/roles/openvpn/server/files/ccd/f33-test.fedorainfracloud.org b/roles/openvpn/server/files/ccd/f33-test.fedorainfracloud.org new file mode 100644 index 0000000000..9a6abce2ec --- /dev/null +++ b/roles/openvpn/server/files/ccd/f33-test.fedorainfracloud.org @@ -0,0 +1,2 @@ +# ifconfig-push actualIP PtPIP +ifconfig-push 192.168.100.15 192.168.100.15 diff --git a/roles/openvpn/server/files/ccd/f34-test.fedorainfracloud.org b/roles/openvpn/server/files/ccd/f34-test.fedorainfracloud.org new file mode 100644 index 0000000000..7c1846e40e --- /dev/null +++ b/roles/openvpn/server/files/ccd/f34-test.fedorainfracloud.org @@ -0,0 +1,2 @@ +# ifconfig-push actualIP PtPIP +ifconfig-push 192.168.100.16 192.168.100.16 diff --git a/roles/openvpn/server/files/ccd/ppc64le-test.fedorainfracloud.org b/roles/openvpn/server/files/ccd/ppc64le-test.fedorainfracloud.org new file mode 100644 index 0000000000..7b363216c4 --- /dev/null +++ b/roles/openvpn/server/files/ccd/ppc64le-test.fedorainfracloud.org @@ -0,0 +1,2 @@ +# ifconfig-push actualIP PtPIP +ifconfig-push 192.168.100.20 192.168.100.20 diff --git a/roles/openvpn/server/files/ccd/rawhide-test.fedorainfracloud.org b/roles/openvpn/server/files/ccd/rawhide-test.fedorainfracloud.org new file mode 100644 index 0000000000..494afd4149 --- /dev/null +++ b/roles/openvpn/server/files/ccd/rawhide-test.fedorainfracloud.org @@ -0,0 +1,2 @@ +# ifconfig-push actualIP PtPIP +ifconfig-push 192.168.100.17 192.168.100.17 diff --git a/roles/openvpn/server/files/ccd/vmhost-x86-copr01.rdu-cc.fedoraproject.org b/roles/openvpn/server/files/ccd/vmhost-x86-copr01.rdu-cc.fedoraproject.org new file mode 100644 index 0000000000..699cc301f2 --- /dev/null +++ b/roles/openvpn/server/files/ccd/vmhost-x86-copr01.rdu-cc.fedoraproject.org @@ -0,0 +1,2 @@ +# ifconfig-push actualIP PtPIP +ifconfig-push 192.168.100.22 192.168.100.22 diff --git a/roles/openvpn/server/files/ccd/vmhost-x86-copr02.rdu-cc.fedoraproject.org b/roles/openvpn/server/files/ccd/vmhost-x86-copr02.rdu-cc.fedoraproject.org new file mode 100644 index 0000000000..c87181776b --- /dev/null +++ b/roles/openvpn/server/files/ccd/vmhost-x86-copr02.rdu-cc.fedoraproject.org @@ -0,0 +1,2 @@ +# ifconfig-push actualIP PtPIP +ifconfig-push 192.168.100.23 192.168.100.23 diff --git a/roles/openvpn/server/files/ccd/vmhost-x86-copr03.rdu-cc.fedoraproject.org b/roles/openvpn/server/files/ccd/vmhost-x86-copr03.rdu-cc.fedoraproject.org new file mode 100644 index 0000000000..474130a007 --- /dev/null +++ b/roles/openvpn/server/files/ccd/vmhost-x86-copr03.rdu-cc.fedoraproject.org @@ -0,0 +1,2 @@ +# ifconfig-push actualIP PtPIP +ifconfig-push 192.168.100.24 192.168.100.24 diff --git a/roles/openvpn/server/files/ccd/vmhost-x86-copr04.rdu-cc.fedoraproject.org b/roles/openvpn/server/files/ccd/vmhost-x86-copr04.rdu-cc.fedoraproject.org new file mode 100644 index 0000000000..d6fef8d48f --- /dev/null +++ b/roles/openvpn/server/files/ccd/vmhost-x86-copr04.rdu-cc.fedoraproject.org @@ -0,0 +1,2 @@ +# ifconfig-push actualIP PtPIP +ifconfig-push 192.168.100.25 192.168.100.25 diff --git a/roles/people/files/make-people-page.py b/roles/people/files/make-people-page.py index a38ea04ea1..d5240d197c 100644 --- a/roles/people/files/make-people-page.py +++ b/roles/people/files/make-people-page.py @@ -178,8 +178,14 @@ for hdir in homedirs: continue user["name"] = pwentry.pw_gecos - user["has_public_html"] = (hdir / "public_html").is_dir() - user["has_public_git"] = (hdir / "public_git").is_dir() + try: + user["has_public_html"] = (hdir / "public_html").is_dir() + except PermissionError: + user["has_public_html"] = False + try: + user["has_public_git"] = (hdir / "public_git").is_dir() + except PermissionError: + user["has_public_git"] = False user["email_hash"] = hashlib.md5( f"{user['name'].lower()}@fedoraproject.org".encode("utf-8") ).hexdigest() @@ -201,11 +207,16 @@ out_file_grp = grp.getgrnam("web").gr_gid with open(out_file, "w", encoding="utf-8") as handle: handle.write(page_output) -# keep current owner uid -st = out_file.stat() -out_file_uid = st.st_uid +# The code below was present originally, however the cron job is ran under the +# `apache` user so it is not clear what this was meant to do. +# This is being kept here for convenience in case we need to re-activate this +# code, down the line this should just be removed. +# keep current owner uid +#st = out_file.stat() +#out_file_uid = st.st_uid +# # give write permissions to group -out_file.chmod(st.st_mode | stat.S_IWGRP) +#out_file.chmod(st.st_mode | stat.S_IWGRP) # chown out file to group -os.chown(out_file, out_file_uid, out_file_grp) +#os.chown(out_file, out_file_uid, out_file_grp) diff --git a/roles/web-data-analysis/files/mirrorlist.py b/roles/web-data-analysis/files/mirrorlist.py index 618c6f6b5a..dae6299412 100644 --- a/roles/web-data-analysis/files/mirrorlist.py +++ b/roles/web-data-analysis/files/mirrorlist.py @@ -214,6 +214,12 @@ repo_dict = { "31" : "f31", "32" : "f32", "33" : "f33", + "34" : "f34", + "35" : "f35", + "36" : "f36", + "37" : "f37", + "38" : "f38", + "39" : "f39", "6.89" : "f07", "6.90" : "f07", "6.91" : "f07", @@ -320,6 +326,12 @@ repo_dict = { 'f31' : 'f31', 'f32' : 'f32', 'f33' : 'f33', + 'f34' : 'f34', + 'f35' : 'f35', + 'f36' : 'f36', + 'f37' : 'f37', + 'f38' : 'f38', + 'f39' : 'f39', 'fmodular27' : 'modular_f27', 'fmodular28' : 'modular_f28', 'fmodular29' : 'modular_f29', @@ -334,6 +346,12 @@ repo_dict = { 'modularf31' : 'modular_f31', 'modularf32' : 'modular_f32', 'modularf33' : 'modular_f33', + 'modularf34' : 'modular_f34', + 'modularf35' : 'modular_f35', + 'modularf36' : 'modular_f36', + 'modularf37' : 'modular_f37', + 'modularf38' : 'modular_f38', + 'modularf39' : 'modular_f39', 'rhel4' : 'rhel4', 'rhel5' : 'rhel5', 'rhel6' : 'rhel6', diff --git a/roles/web-data-analysis/files/mirrors-data.awk b/roles/web-data-analysis/files/mirrors-data.awk index d70154fa87..3034e63db5 100644 --- a/roles/web-data-analysis/files/mirrors-data.awk +++ b/roles/web-data-analysis/files/mirrors-data.awk @@ -7,6 +7,7 @@ BEGIN{ epel6=0; epel7=0; epel8=0; + epel9=0; f03=0; f04=0; f05=0; @@ -38,6 +39,12 @@ BEGIN{ f31=0; f32=0; f33=0; + f34=0; + f35=0; + f36=0; + f37=0; + f38=0; + f39=0; rawhide=0; rawhide_modular=0; modular_f27=0; @@ -47,6 +54,12 @@ BEGIN{ modular_f31=0; modular_f32=0; modular_f33=0; + modular_f34=0; + modular_f35=0; + modular_f36=0; + modular_f37=0; + modular_f38=0; + modular_f39=0; modular=0; unknown_release = 0; # arch @@ -73,7 +86,7 @@ BEGIN{ unknown_arch = 0; centos = 0; rhel = 0; - print olddate ",02-epel4,03-epel5,04-epel6,05-epel7,06-f03,07-f04,08-f05,09-f06,10-f07,11-f08,12-f09,13-f10,14-f11,15-f12,16-f13,17-f14,18-f15,19-f16,20-f17,21-f18,22-f19,23-f20,24-f21,25-f22,26-f23,27-f24,28-f25,29-f26,30-f27,31-f28,32-f29,33-rawhide,34-unk_rel,35-epel,36-fedora,37-alpha,38-arm,39-arm64,40-ia64,41-mips,42-ppc,43-s390,44-sparc,45-tilegx,46-x86_32,47-x86_64,48-x86_32_e,49-x86_32_f,50-x86_64_e,51-x86_64_f,52-ppc_e,53-ppc_f,54-unk_arc,55-centos,56-rhel,57-ppc64,58-ppc64le,59-modular,60-modular_rawhide,61-modular_f27,62-modular_f28,63-modular_f29,64-modular_f30,65-f30,66-f31,67-f32,68-f33,69-modular_f31,70-modular_f32,71-modular_f33,72-epel8"; + print olddate ",02-epel4,03-epel5,04-epel6,05-epel7,06-f03,07-f04,08-f05,09-f06,10-f07,11-f08,12-f09,13-f10,14-f11,15-f12,16-f13,17-f14,18-f15,19-f16,20-f17,21-f18,22-f19,23-f20,24-f21,25-f22,26-f23,27-f24,28-f25,29-f26,30-f27,31-f28,32-f29,33-rawhide,34-unk_rel,35-epel,36-fedora,37-alpha,38-arm,39-arm64,40-ia64,41-mips,42-ppc,43-s390,44-sparc,45-tilegx,46-x86_32,47-x86_64,48-x86_32_e,49-x86_32_f,50-x86_64_e,51-x86_64_f,52-ppc_e,53-ppc_f,54-unk_arc,55-centos,56-rhel,57-ppc64,58-ppc64le,59-modular,60-modular_rawhide,61-modular_f27,62-modular_f28,63-modular_f29,64-modular_f30,65-f30,66-f31,67-f32,68-f33,69-modular_f31,70-modular_f32,71-modular_f33,72-epel8,73-epel9,74-f34,75-f35,76-f36,77-f37,78-f38,79-f39,80-modular_f34,81-modular_f35,82-modular_f36,83-modular_f37,84-modular_f38,85-modular_f39"; olddate="1970-01-02"; } @@ -84,6 +97,7 @@ BEGIN{ else if ($3 ~"epel6") { epel6=epel6+1; epel=epel+1} else if ($3 ~"epel7") { epel7=epel7+1; epel=epel+1} else if ($3 ~"epel8") { epel8=epel8+1; epel=epel+1} + else if ($3 ~"epel9") { epel9=epel9+1; epel=epel+1} else if ($3 ~"modular_f27") { modular_f27=modular_f27+1; modular=modular+1; } else if ($3 ~"modular_f28") { modular_f28=modular_f28+1; modular=modular+1; } else if ($3 ~"modular_f29") { modular_f29=modular_f29+1; modular=modular+1; } @@ -91,6 +105,12 @@ BEGIN{ else if ($3 ~"modular_f31") { modular_f31=modular_f31+1; modular=modular+1; } else if ($3 ~"modular_f32") { modular_f32=modular_f32+1; modular=modular+1; } else if ($3 ~"modular_f33") { modular_f33=modular_f33+1; modular=modular+1; } + else if ($3 ~"modular_f34") { modular_f34=modular_f34+1; modular=modular+1; } + else if ($3 ~"modular_f35") { modular_f35=modular_f35+1; modular=modular+1; } + else if ($3 ~"modular_f36") { modular_f36=modular_f36+1; modular=modular+1; } + else if ($3 ~"modular_f37") { modular_f37=modular_f37+1; modular=modular+1; } + else if ($3 ~"modular_f38") { modular_f38=modular_f38+1; modular=modular+1; } + else if ($3 ~"modular_f39") { modular_f39=modular_f39+1; modular=modular+1; } else if ($3 ~"f03") { f03=f03+1; fedora=fedora+1} else if ($3 ~"f04") { f04=f04+1; fedora=fedora+1} else if ($3 ~"f05") { f05=f05+1; fedora=fedora+1} @@ -122,6 +142,12 @@ BEGIN{ else if ($3 ~"f31") { f31=f31+1; fedora=fedora+1} else if ($3 ~"f32") { f32=f32+1; fedora=fedora+1} else if ($3 ~"f33") { f33=f33+1; fedora=fedora+1} + else if ($3 ~"f34") { f34=f34+1; fedora=fedora+1} + else if ($3 ~"f35") { f35=f35+1; fedora=fedora+1} + else if ($3 ~"f36") { f36=f36+1; fedora=fedora+1} + else if ($3 ~"f37") { f37=f37+1; fedora=fedora+1} + else if ($3 ~"f38") { f38=f38+1; fedora=fedora+1} + else if ($3 ~"f39") { f39=f39+1; fedora=fedora+1} else if ($3 ~"rawhide_modular") { rawhide_modular=rawhide_modular+1; rawhide=rawhide+1; modular=modular+1; fedora=fedora+1} else if ($3 ~"rawhide") { rawhide=rawhide+1; fedora=fedora+1} else if ($3 ~"modular") { modular=modular+1; fedora=fedora+1 } @@ -165,7 +191,7 @@ BEGIN{ else {unknown_arch = unknown_arch +1; }; } else { if ( olddate !~ "1970-01-01" ) { - print olddate "," epel4 "," epel5 "," epel6 "," epel7 "," f03 "," f04 "," f05 "," f06 "," f07 "," f08 "," f09 "," f10 "," f11 "," f12 "," f13 "," f14 "," f15 "," f16 "," f17 "," f18 "," f19 "," f20 "," f21 "," f22 "," f23 "," f24 "," f25 "," f26 "," f27 "," f28 "," f29 "," rawhide "," unknown_release "," epel "," fedora "," alpha "," arm "," arm64 "," ia64 "," mips "," ppc "," s390 "," sparc "," tilegx "," x86_32 "," x86_64 "," x86_32_e "," x86_32_f "," x86_64_e "," x86_64_f "," ppc_e "," ppc_f "," unknown_arch "," centos "," rhel "," ppc64 "," ppc64le "," modular "," rawhide_modular "," modular_f27 "," modular_f28 "," modular_f29 "," modular_f30 "," f30 "," f31 "," f32 "," f33 "," modular_f31 "," modular_f32 "," modular_f33 "," epel8 ; + print olddate "," epel4 "," epel5 "," epel6 "," epel7 "," f03 "," f04 "," f05 "," f06 "," f07 "," f08 "," f09 "," f10 "," f11 "," f12 "," f13 "," f14 "," f15 "," f16 "," f17 "," f18 "," f19 "," f20 "," f21 "," f22 "," f23 "," f24 "," f25 "," f26 "," f27 "," f28 "," f29 "," rawhide "," unknown_release "," epel "," fedora "," alpha "," arm "," arm64 "," ia64 "," mips "," ppc "," s390 "," sparc "," tilegx "," x86_32 "," x86_64 "," x86_32_e "," x86_32_f "," x86_64_e "," x86_64_f "," ppc_e "," ppc_f "," unknown_arch "," centos "," rhel "," ppc64 "," ppc64le "," modular "," rawhide_modular "," modular_f27 "," modular_f28 "," modular_f29 "," modular_f30 "," f30 "," f31 "," f32 "," f33 "," modular_f31 "," modular_f32 "," modular_f33 "," epel8 "," epel9 "," f34 "," f35 "," f36 "," f37 "," f38 "," f39 "," modular_f34 "," modular_f35 "," modular_f36 "," modular_f37 "," modular_f38 "," modular_f39 ; }; olddate=$1 epel=0; @@ -246,7 +272,7 @@ BEGIN{ } END { - print olddate "," epel4 "," epel5 "," epel6 "," epel7 "," f03 "," f04 "," f05 "," f06 "," f07 "," f08 "," f09 "," f10 "," f11 "," f12 "," f13 "," f14 "," f15 "," f16 "," f17 "," f18 "," f19 "," f20 "," f21 "," f22 "," f23 "," f24 "," f25 "," f26 "," f27 "," f28 "," f29 "," rawhide "," unknown_release "," epel "," fedora "," alpha "," arm "," arm64 "," ia64 "," mips "," ppc "," s390 "," sparc "," tilegx "," x86_32 "," x86_64 "," x86_32_e "," x86_32_f "," x86_64_e "," x86_64_f "," ppc_e "," ppc_f "," unknown_arch "," centos "," rhel "," ppc64 "," ppc64le "," modular "," rawhide_modular "," modular_f27 "," modular_f28 "," modular_f29 "," modular_f30 "," f30 "," f31 "," f32 "," f33 "," modular_f31 "," modular_f32 "," modular_f33 "," epel8 ; + print olddate "," epel4 "," epel5 "," epel6 "," epel7 "," f03 "," f04 "," f05 "," f06 "," f07 "," f08 "," f09 "," f10 "," f11 "," f12 "," f13 "," f14 "," f15 "," f16 "," f17 "," f18 "," f19 "," f20 "," f21 "," f22 "," f23 "," f24 "," f25 "," f26 "," f27 "," f28 "," f29 "," rawhide "," unknown_release "," epel "," fedora "," alpha "," arm "," arm64 "," ia64 "," mips "," ppc "," s390 "," sparc "," tilegx "," x86_32 "," x86_64 "," x86_32_e "," x86_32_f "," x86_64_e "," x86_64_f "," ppc_e "," ppc_f "," unknown_arch "," centos "," rhel "," ppc64 "," ppc64le "," modular "," rawhide_modular "," modular_f27 "," modular_f28 "," modular_f29 "," modular_f30 "," f30 "," f31 "," f32 "," f33 "," modular_f31 "," modular_f32 "," modular_f33 "," epel8 "," epel9 "," f34 "," f35 "," f36 "," f37 "," f38 "," f39 "," modular_f34 "," modular_f35 "," modular_f36 "," modular_f37 "," modular_f38 "," modular_f39 ; }