From 864b4beeda6dde16f38e3f1a7f3441580a254b2d Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Sat, 19 Mar 2016 16:32:56 +0000 Subject: [PATCH 01/20] Composers didn't have sudo role, so they had the old sudo and are unable to sync at the end of compose. --- playbooks/groups/composers.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/playbooks/groups/composers.yml b/playbooks/groups/composers.yml index 0eb8a0a986..5978d22079 100644 --- a/playbooks/groups/composers.yml +++ b/playbooks/groups/composers.yml @@ -37,6 +37,7 @@ when: datacenter == 'staging' - releng - fedmsg/base + - sudo tasks: - include: "{{ tasks }}/yumrepos.yml" From f1f716b4cf83a27bdc7688c481aee948bec9edc1 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Sat, 19 Mar 2016 16:36:43 +0000 Subject: [PATCH 02/20] Need this to make sure we install 00releng-sudoers on compose machines. --- inventory/group_vars/composers | 2 ++ 1 file changed, 2 insertions(+) diff --git a/inventory/group_vars/composers b/inventory/group_vars/composers index 61959c029a..7976593dbc 100644 --- a/inventory/group_vars/composers +++ b/inventory/group_vars/composers @@ -15,6 +15,8 @@ virt_install_command: "{{ virt_install_command_two_nic }}" nrpe_procs_warn: 900 nrpe_procs_crit: 1000 +sudoers: "{{ private }}/files/sudo/00releng-sudoers" + host_group: releng # These are consumed by a task in roles/fedmsg/base/main.yml From cb7bfcb614d8888bfa7744826575950e5a46dbf3 Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Sat, 19 Mar 2016 16:08:15 -0700 Subject: [PATCH 03/20] openqa: allow specifying asset size limit this is a database value and there's no openQA API function to set it, so we have to do it directly in the database...this *should* work. I think. I should add equivalent functionality for sqlite use as well, really... --- inventory/group_vars/openqa-stg | 1 + roles/openqa/server/tasks/main.yml | 12 ++++++++++++ 2 files changed, 13 insertions(+) diff --git a/inventory/group_vars/openqa-stg b/inventory/group_vars/openqa-stg index 4e498de56e..b595b6fb18 100644 --- a/inventory/group_vars/openqa-stg +++ b/inventory/group_vars/openqa-stg @@ -24,6 +24,7 @@ openqa_dbname: openqa-stg openqa_dbhost: db-qa01.qa.fedoraproject.org openqa_dbuser: openqastg openqa_dbpassword: "{{ stg_openqa_dbpassword }}" +openqa_assetsize: 300 openqa_workers: 3 diff --git a/roles/openqa/server/tasks/main.yml b/roles/openqa/server/tasks/main.yml index 1725e26586..503e925481 100644 --- a/roles/openqa/server/tasks/main.yml +++ b/roles/openqa/server/tasks/main.yml @@ -26,6 +26,9 @@ ## string - The database username # - openqa_dbpassword ## string - The database password +# - openqa_assetsize +## int - the asset size limit to set in GB (upstream default is 100GB) +## higher is recommended for normal Fedora testing, 300GB is good # # If openqa_dbhost is set, the others must be too, and the server will be # configured to use a pgsql database accordingly. If openqa_dbhost is not @@ -224,3 +227,12 @@ register: testsdiff changed_when: "testsdiff.rc > 0" failed_when: "1 != 1" + +- name: Set asset size limit (if specified) (pgsql) + delegate_to: "{{ openqa_dbhost }}" + become_user: postgres + become: true + command: "psql -d {{ openqa_dbname }} -c \"UPDATE job_groups SET size_limit_gb = {{ openqa_assetsize }} WHERE size_limit_gb != {{ openqa_assetsize }};\" + when: "openqa_dbhost is defined and openqa_assetsize is defined" + register: pgsqlsize + changed_when: "pgsqlsize.stdout.find('UPDATE 1') != -1" From 2bbac6146459c9c9b76be873afcfe66a9e8ef7fa Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Sat, 19 Mar 2016 16:10:14 -0700 Subject: [PATCH 04/20] whoops, add a missing quote --- roles/openqa/server/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openqa/server/tasks/main.yml b/roles/openqa/server/tasks/main.yml index 503e925481..e2bae51204 100644 --- a/roles/openqa/server/tasks/main.yml +++ b/roles/openqa/server/tasks/main.yml @@ -232,7 +232,7 @@ delegate_to: "{{ openqa_dbhost }}" become_user: postgres become: true - command: "psql -d {{ openqa_dbname }} -c \"UPDATE job_groups SET size_limit_gb = {{ openqa_assetsize }} WHERE size_limit_gb != {{ openqa_assetsize }};\" + command: "psql -d {{ openqa_dbname }} -c \"UPDATE job_groups SET size_limit_gb = {{ openqa_assetsize }} WHERE size_limit_gb != {{ openqa_assetsize }};\"" when: "openqa_dbhost is defined and openqa_assetsize is defined" register: pgsqlsize changed_when: "pgsqlsize.stdout.find('UPDATE 1') != -1" From 461aac031c392236084955c2cd670e13f10ab4d5 Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Sat, 19 Mar 2016 16:14:03 -0700 Subject: [PATCH 05/20] openqa_server: tweak the asset size changed_when a bit just in case we wind up with multiple job groups, this should be more correct. --- roles/openqa/server/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openqa/server/tasks/main.yml b/roles/openqa/server/tasks/main.yml index e2bae51204..635ccdd882 100644 --- a/roles/openqa/server/tasks/main.yml +++ b/roles/openqa/server/tasks/main.yml @@ -235,4 +235,4 @@ command: "psql -d {{ openqa_dbname }} -c \"UPDATE job_groups SET size_limit_gb = {{ openqa_assetsize }} WHERE size_limit_gb != {{ openqa_assetsize }};\"" when: "openqa_dbhost is defined and openqa_assetsize is defined" register: pgsqlsize - changed_when: "pgsqlsize.stdout.find('UPDATE 1') != -1" + changed_when: "pgsqlsize.stdout.find('UPDATE 0') == -1" From 37d3559893db2f391b43355cdd184280d1bded13 Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Sat, 19 Mar 2016 16:18:21 -0700 Subject: [PATCH 06/20] openqa: set asset size for prod too, since it seems to work --- inventory/group_vars/openqa | 1 + 1 file changed, 1 insertion(+) diff --git a/inventory/group_vars/openqa b/inventory/group_vars/openqa index a7ca00aba3..1c88254073 100644 --- a/inventory/group_vars/openqa +++ b/inventory/group_vars/openqa @@ -13,6 +13,7 @@ openqa_dbname: openqa openqa_dbhost: db-qa01.qa.fedoraproject.org openqa_dbuser: openqa openqa_dbpassword: "{{ prod_openqa_dbpassword }}" +openqa_assetsize: 300 openqa_key: "{{ prod_openqa_apikey }}" openqa_secret: "{{ prod_openqa_apisecret }}" From f4133798f65d61430bc4ae8a83000302411d5331 Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Sat, 19 Mar 2016 16:28:09 -0700 Subject: [PATCH 07/20] openqa/server: make geekotest static UID/GID optional I'm still kinda trying to make the openqa roles usable outside of infra, so now I have a minute, let's do this: it makes the static UID/GID for geekotest optional and configurable, instead of hard coding it. For infra we set the value to 601, as we are already using, in the openqa and openqa-stg group config. --- inventory/group_vars/openqa | 2 ++ inventory/group_vars/openqa-stg | 2 ++ roles/openqa/server/tasks/main.yml | 17 +++++++++-------- 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/inventory/group_vars/openqa b/inventory/group_vars/openqa index 1c88254073..ef318e46ea 100644 --- a/inventory/group_vars/openqa +++ b/inventory/group_vars/openqa @@ -3,6 +3,8 @@ virt_install_command: "{{ virt_install_command_one_nic }} --cpu=host-passthrough external_hostname: openqa.fedoraproject.org +openqa_static_uid = 601 + openqa_hostname: localhost openqa_email: adamwill@fedoraproject.org openqa_nickname: adamwill diff --git a/inventory/group_vars/openqa-stg b/inventory/group_vars/openqa-stg index b595b6fb18..b15e30e9e5 100644 --- a/inventory/group_vars/openqa-stg +++ b/inventory/group_vars/openqa-stg @@ -14,6 +14,8 @@ virt_install_command: "{{ virt_install_command_one_nic }} --cpu=host-passthrough external_hostname: openqa.stg.fedoraproject.org +openqa_static_uid = 601 + openqa_hostname: localhost openqa_email: adamwill@fedoraproject.org openqa_nickname: adamwill diff --git a/roles/openqa/server/tasks/main.yml b/roles/openqa/server/tasks/main.yml index 635ccdd882..f2865b03e7 100644 --- a/roles/openqa/server/tasks/main.yml +++ b/roles/openqa/server/tasks/main.yml @@ -18,6 +18,9 @@ ## default - ansible_nodename # Optional vars +# - openqa_static_uid +## int - a static ID for the geekotest user and group if desired +## this is useful for NFS mounting openQA data files # - openqa_dbname ## string - The name of the database to use # - openqa_dbhost @@ -35,23 +38,21 @@ # set, the server will use a local SQLite database and the other values # are ignored. -# As we want to store some geekotest-owned files in shared storage, we -# need to ensure geekotest always has the same uid/gid if we re-deploy -# the servers. So we create the account here with uid/gid 601. +- name: Create geekotest group with static GID + group: "name=geekotest gid={{ openqa_static_uid }} system=yes" + when: "openqa_static_uid is defined" -- name: Create geekotest group with static GID 601 - group: name=geekotest gid=601 system=yes - -- name: Create geekotest user with static UID 601 +- name: Create geekotest user with static UID user: name: geekotest comment: "openQA user" - uid: 601 + uid: "{{ openqa_static_uid }}" group: geekotest home: "/var/lib/openqa" createhome: no system: yes shell: /sbin/nologin + when: "openqa_static_uid is defined" # note: we need updates-testing until fedfind 2.x and openQA 4.3-21 go stable - name: Install required packages (testing) From 69f592abbfa8d1945f9ca66add608baac8e7b5a0 Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Sat, 19 Mar 2016 16:32:15 -0700 Subject: [PATCH 08/20] using the right goddamn syntax usually helps, adam --- inventory/group_vars/openqa | 2 +- inventory/group_vars/openqa-stg | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/inventory/group_vars/openqa b/inventory/group_vars/openqa index ef318e46ea..a44b4c5e9d 100644 --- a/inventory/group_vars/openqa +++ b/inventory/group_vars/openqa @@ -3,7 +3,7 @@ virt_install_command: "{{ virt_install_command_one_nic }} --cpu=host-passthrough external_hostname: openqa.fedoraproject.org -openqa_static_uid = 601 +openqa_static_uid: 601 openqa_hostname: localhost openqa_email: adamwill@fedoraproject.org diff --git a/inventory/group_vars/openqa-stg b/inventory/group_vars/openqa-stg index b15e30e9e5..69671e76f2 100644 --- a/inventory/group_vars/openqa-stg +++ b/inventory/group_vars/openqa-stg @@ -14,7 +14,7 @@ virt_install_command: "{{ virt_install_command_one_nic }} --cpu=host-passthrough external_hostname: openqa.stg.fedoraproject.org -openqa_static_uid = 601 +openqa_static_uid: 601 openqa_hostname: localhost openqa_email: adamwill@fedoraproject.org From 00fd69148c54c3d12c05c87aa29249db1f6ace0b Mon Sep 17 00:00:00 2001 From: Pierre-Yves Chibon Date: Mon, 21 Mar 2016 14:56:52 +0100 Subject: [PATCH 09/20] Update the apps.yaml file to point to the nuancier SOP --- roles/apps-fp-o/files/apps.yaml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/roles/apps-fp-o/files/apps.yaml b/roles/apps-fp-o/files/apps.yaml index c1823de762..6b5d599e2e 100644 --- a/roles/apps-fp-o/files/apps.yaml +++ b/roles/apps-fp-o/files/apps.yaml @@ -328,10 +328,8 @@ children: source_url: https://github.com/fedora-infra/nuancier bugs_url: https://github.com/fedora-infra/nuancier/issues docs_url: http://nuancier.readthedocs.org/en/latest/ - # TODO - write a SOP for nuancier - # https://fedorahosted.org/fedora-infrastructure/ticket/5155 - #sops: - # - url goes here + sops: + - https://infrastructure.fedoraproject.org/infra/docs/nuancier.rst description: > Nuancier is a simple voting application for the supplementary wallpapers included in Fedora. From c5d30c4ee6b7f802b1edbaed43b211add8f42657 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Mon, 21 Mar 2016 14:29:54 +0000 Subject: [PATCH 10/20] Set git_basepath to not include rpms, so the namespacing version works. --- inventory/group_vars/pkgs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory/group_vars/pkgs b/inventory/group_vars/pkgs index 2ebef26685..fa294497a0 100644 --- a/inventory/group_vars/pkgs +++ b/inventory/group_vars/pkgs @@ -18,7 +18,7 @@ git_group: packager git_port: 9418 git_server: /usr/libexec/git-core/git-daemon git_server_args: --export-all --syslog --inetd --verbose -git_basepath: /srv/git/repositories/rpms +git_basepath: /srv/git/repositories git_daemon_user: nobody clamscan_mailto: admin@fedoraproject.org From c5143cfbaba699db1f8a98a439b1dccb7c496200 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Mon, 21 Mar 2016 15:29:50 +0000 Subject: [PATCH 11/20] Revert "Set git_basepath to not include rpms, so the namespacing version works." This reverts commit c5d30c4ee6b7f802b1edbaed43b211add8f42657. --- inventory/group_vars/pkgs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory/group_vars/pkgs b/inventory/group_vars/pkgs index fa294497a0..2ebef26685 100644 --- a/inventory/group_vars/pkgs +++ b/inventory/group_vars/pkgs @@ -18,7 +18,7 @@ git_group: packager git_port: 9418 git_server: /usr/libexec/git-core/git-daemon git_server_args: --export-all --syslog --inetd --verbose -git_basepath: /srv/git/repositories +git_basepath: /srv/git/repositories/rpms git_daemon_user: nobody clamscan_mailto: admin@fedoraproject.org From 3310672c58d02359c21704592e09bdaaf2ffb27a Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Mon, 21 Mar 2016 16:03:12 +0000 Subject: [PATCH 12/20] Tell selinux to allow git-daemon to follow symlinks, please. --- roles/distgit/files/cgi-nfs.pp | Bin 62147 -> 62431 bytes roles/distgit/files/cgi-nfs.te | 8 ++++---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/distgit/files/cgi-nfs.pp b/roles/distgit/files/cgi-nfs.pp index a0df2ccccc0240612f7b653a561787efe26b587d..116536a06b5e395f0286aea148ea5d5c2e44fd63 100644 GIT binary patch delta 209 zcmX^7l==R1W}*K7H9r{{7#Nrs7#Ktt7#ITXOcb(bGIW^yu|;@eTB;Q<8v_Fa2n#VV zFtASUvz8YwElw?pPtMOPNzE&XFJT4APwump-u&5Wmjff`a_$s1agC*QB(ncQ8= QyQ$#>HzVuj*WF*z0kxPf6#xJL diff --git a/roles/distgit/files/cgi-nfs.te b/roles/distgit/files/cgi-nfs.te index 5ba0dfe4f6..3274b1fcb3 100644 --- a/roles/distgit/files/cgi-nfs.te +++ b/roles/distgit/files/cgi-nfs.te @@ -1,20 +1,20 @@ -policy_module(nfscgi, 1.0.0) +policy_module(nfscgi, 1.0.1) require { type httpd_git_script_t; type git_script_t; type git_system_t; type httpd_git_content_t; + type git_user_content_t; type nfs_t; class dir { create write search add_name remove_name getattr open }; class file { create write rename setattr read open }; } - allow git_system_t httpd_git_content_t:dir { getattr read open }; allow git_system_t httpd_git_content_t:file { read open getattr }; - - +allow git_system_t httpd_git_content_t:lnk_file { read open getattr }; +allow git_system_t git_user_content_t:lnk_file { read open getattr }; allow httpd_git_script_t nfs_t:dir { write }; allow git_system_t httpd_git_content_t:dir { search }; From b0ffcf5a67aa00509f1a8eea1381143d8b93e135 Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Mon, 21 Mar 2016 16:04:42 +0000 Subject: [PATCH 13/20] selinux tags for this role. --- roles/distgit/tasks/main.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/distgit/tasks/main.yml b/roles/distgit/tasks/main.yml index 8e20a18316..390db7d813 100644 --- a/roles/distgit/tasks/main.yml +++ b/roles/distgit/tasks/main.yml @@ -378,19 +378,24 @@ # Three tasks for handling our selinux policy for upload.cgi - name: ensure a directory exists for our SELinux policy file: dest=/usr/local/share/selinux/ state=directory + tags: selinux - name: copy over our custom selinux policy copy: src=upload_cgi.pp dest=/usr/local/share/selinux/upload_cgi.pp register: selinux_module + tags: selinux - name: install our custom selinux policy command: semodule -i /usr/local/share/selinux/upload_cgi.pp when: selinux_module|changed + tags: selinux - name: copy over our custom nfs selinux policy copy: src=cgi-nfs.pp dest=/usr/local/share/selinux/cgi-nfs.pp register: nfs_selinux_module + tags: selinux - name: install our custom nfs selinux policy command: semodule -i /usr/local/share/selinux/cgi-nfs.pp when: nfs_selinux_module|changed + tags: selinux From 605fc8078674235aa20af55c01a6b39be34b1d3a Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Mon, 21 Mar 2016 09:10:09 -0700 Subject: [PATCH 14/20] openqa_dispatcher: enable fedmsg-based result wiki reporting ...by extending the fedmsg consumer config file. Requires the latest openqa_fedora_tools to work. --- roles/openqa/dispatcher/files/openqa_consumer.py | 3 --- roles/openqa/dispatcher/tasks/main.yml | 2 +- .../openqa/dispatcher/templates/openqa_consumer.py.j2 | 10 ++++++++++ 3 files changed, 11 insertions(+), 4 deletions(-) delete mode 100644 roles/openqa/dispatcher/files/openqa_consumer.py create mode 100644 roles/openqa/dispatcher/templates/openqa_consumer.py.j2 diff --git a/roles/openqa/dispatcher/files/openqa_consumer.py b/roles/openqa/dispatcher/files/openqa_consumer.py deleted file mode 100644 index 80bb6160c7..0000000000 --- a/roles/openqa/dispatcher/files/openqa_consumer.py +++ /dev/null @@ -1,3 +0,0 @@ -config = { - 'fedora_openqa_schedule.consumer.enabled': True, -} diff --git a/roles/openqa/dispatcher/tasks/main.yml b/roles/openqa/dispatcher/tasks/main.yml index ac569b5992..c0642c1921 100644 --- a/roles/openqa/dispatcher/tasks/main.yml +++ b/roles/openqa/dispatcher/tasks/main.yml @@ -106,7 +106,7 @@ - config - name: Enable fedmsg consumer - copy: src=openqa_consumer.py dest=/etc/fedmsg.d/openqa_consumer.py owner=root group=root mode=0644 + template: src=openqa_consumer.py.j2 dest=/etc/fedmsg.d/openqa_consumer.py owner=root group=root mode=0644 notify: - restart fedmsg-hub tags: diff --git a/roles/openqa/dispatcher/templates/openqa_consumer.py.j2 b/roles/openqa/dispatcher/templates/openqa_consumer.py.j2 new file mode 100644 index 0000000000..ccb6eb19e7 --- /dev/null +++ b/roles/openqa/dispatcher/templates/openqa_consumer.py.j2 @@ -0,0 +1,10 @@ +config = { + 'fedora_openqa_schedule.consumer.enabled': True, +{% if wikitcms_user is defined and wikitcms_password is defined %} + {% if deployment_type == 'stg' %} + 'fedora_openqa_schedule.wiki.consumer.stg.enabled': True, + {% else %} + 'fedora_openqa_schedule.wiki.consumer.prod.enabled': True, + {% endif %} +{% endif %} +} From 9ffcd0a1efb2fc9984d2258800950f66ae4dcc40 Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Mon, 21 Mar 2016 16:14:40 +0000 Subject: [PATCH 15/20] Revert "Revert "Set git_basepath to not include rpms, so the namespacing version works."" This reverts commit c5143cfbaba699db1f8a98a439b1dccb7c496200. Revert war! --- inventory/group_vars/pkgs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory/group_vars/pkgs b/inventory/group_vars/pkgs index 2ebef26685..fa294497a0 100644 --- a/inventory/group_vars/pkgs +++ b/inventory/group_vars/pkgs @@ -18,7 +18,7 @@ git_group: packager git_port: 9418 git_server: /usr/libexec/git-core/git-daemon git_server_args: --export-all --syslog --inetd --verbose -git_basepath: /srv/git/repositories/rpms +git_basepath: /srv/git/repositories git_daemon_user: nobody clamscan_mailto: admin@fedoraproject.org From 549c7d655b9e823e636b0e0e543dcb0685aa6b5e Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Mon, 21 Mar 2016 16:16:24 +0000 Subject: [PATCH 16/20] Tags for this role. --- roles/git/server/tasks/main.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/git/server/tasks/main.yml b/roles/git/server/tasks/main.yml index f95ba428b6..ef9fe4f3e6 100644 --- a/roles/git/server/tasks/main.yml +++ b/roles/git/server/tasks/main.yml @@ -3,11 +3,13 @@ - name: install the git-daemon package yum: pkg=git-daemon state=present + tags: git/server # If NOT using xinetd - name: delete stock git daemon config file: path="/usr/lib/systemd/system/git.service" state=absent when: ansible_distribution_major_version|int == 7 + tags: git/server - name: configure git daemon template: > @@ -15,11 +17,13 @@ dest="/usr/lib/systemd/system/git@.service" mode=0644 when: ansible_distribution_major_version|int == 7 + tags: git/server # If using xinetd - name: install xinetd yum: pkg=xinetd state=present when: ansible_distribution_major_version|int == 6 + tags: git/server - name: install the xinetd config file template: > @@ -27,5 +31,6 @@ dest="/etc/xinetd.d/git" mode=0644 when: ansible_distribution_major_version|int == 6 + tags: git/server notify: - restart xinetd From 1182e950b2ccc9aee4ff336b5c744da2a5b9997c Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Mon, 21 Mar 2016 09:31:52 -0700 Subject: [PATCH 17/20] hmm, jinja indents with nested ifs seem weird. try this? --- roles/openqa/dispatcher/templates/openqa_consumer.py.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/openqa/dispatcher/templates/openqa_consumer.py.j2 b/roles/openqa/dispatcher/templates/openqa_consumer.py.j2 index ccb6eb19e7..7e7d12c51d 100644 --- a/roles/openqa/dispatcher/templates/openqa_consumer.py.j2 +++ b/roles/openqa/dispatcher/templates/openqa_consumer.py.j2 @@ -1,10 +1,10 @@ config = { 'fedora_openqa_schedule.consumer.enabled': True, {% if wikitcms_user is defined and wikitcms_password is defined %} - {% if deployment_type == 'stg' %} +{% if deployment_type == 'stg' %} 'fedora_openqa_schedule.wiki.consumer.stg.enabled': True, - {% else %} +{% else %} 'fedora_openqa_schedule.wiki.consumer.prod.enabled': True, - {% endif %} +{% endif %} {% endif %} } From 6e4e616d412e41a074ccb978f105a472559d0484 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Mon, 21 Mar 2016 17:01:16 +0000 Subject: [PATCH 18/20] Remove archive.org from planet global config Signed-off-by: Patrick Uiterwijk --- roles/planet/files/people_base_config | 5 ----- 1 file changed, 5 deletions(-) diff --git a/roles/planet/files/people_base_config b/roles/planet/files/people_base_config index b629ad3a9d..52fbbd423d 100644 --- a/roles/planet/files/people_base_config +++ b/roles/planet/files/people_base_config @@ -39,11 +39,6 @@ fasname = admin name = Fedora University Tour fasname = admin -[http://www.archive.org/services/collection-rss.php] -name = Fedora Videos -filters = regexp_sifter.py?require=[Ff]edora -fasname = admin - [http://www.projetofedora.org/rss.xml] name = Projeto Fedora Brasil face = http://fedoraplanet.org/images/heads/map_brazil_fedora_small.png From cf503fe4d20a49bec48e6c12f9d22bf21772a30c Mon Sep 17 00:00:00 2001 From: Tim Flink Date: Mon, 21 Mar 2016 17:14:07 +0000 Subject: [PATCH 19/20] fixing some ansible warnings and removing ssl from qa static sites - using proxies now --- files/httpd/newvirtualhost.conf.j2 | 72 +----------------------------- playbooks/groups/qa-stg.yml | 4 +- 2 files changed, 3 insertions(+), 73 deletions(-) diff --git a/files/httpd/newvirtualhost.conf.j2 b/files/httpd/newvirtualhost.conf.j2 index 18c7a2e8ad..3bae09726b 100644 --- a/files/httpd/newvirtualhost.conf.j2 +++ b/files/httpd/newvirtualhost.conf.j2 @@ -1,75 +1,5 @@ - - # Change this to the domain which points to your host. - ServerName {{ item.name }} - - # Use separate log files for the SSL virtual host; note that LogLevel - # is not inherited from httpd.conf. - ErrorLog logs/{{ item.name }}_error_log - TransferLog logs/{{ item.name }}_access_log - LogLevel warn - - # SSL Engine Switch: - # Enable/Disable SSL for this virtual host. - SSLEngine on - - # SSL Protocol support: - # List the enable protocol levels with which clients will be able to - # connect. Disable SSLv2 access by default: - SSLProtocol all -SSLv2 - - # SSL Cipher Suite: - # List the ciphers that the client is permitted to negotiate. - # See the mod_ssl documentation for a complete list. - #SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW - SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 - - # Server Certificate: - # Point SSLCertificateFile at a PEM encoded certificate. If - # the certificate is encrypted, then you will be prompted for a - # pass phrase. Note that a kill -HUP will prompt again. A new - # certificate can be generated using the genkey(1) command. - SSLCertificateFile /etc/pki/tls/certs/{{ sslcertfile }} - - # Server Private Key: - # If the key is not combined with the certificate, use this - # directive to point at the key file. Keep in mind that if - # you've both a RSA and a DSA private key you can configure - # both in parallel (to also allow the use of DSA ciphers, etc.) - SSLCertificateKeyFile /etc/pki/tls/private/{{ sslkeyfile }} - - # Server Certificate Chain: - # Point SSLCertificateChainFile at a file containing the - # concatenation of PEM encoded CA certificates which form the - # certificate chain for the server certificate. Alternatively - # the referenced file can be the same as SSLCertificateFile - # when the CA certificates are directly appended to the server - # certificate for convinience. - #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt - {% if sslintermediatecertfile != '' %} - SSLCertificateChainFile /etc/pki/tls/certs/{{ sslintermediatecertfile }} - {% endif %} - - # Certificate Authority (CA): - # Set the CA certificate verification path where to find CA - # certificates for client authentication or alternatively one - # huge file containing all of them (file must be PEM encoded) - #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt - - DocumentRoot {{ item.document_root }} - - Options Indexes FollowSymLinks - - - - # Change this to the domain which points to your host. ServerName {{ item.name }} - {% if sslonly %} - RewriteEngine On - RewriteCond %{HTTPS} off - RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE] - {% else %} - Options Indexes FollowSymLinks - {% endif %} + Options Indexes FollowSymLinks diff --git a/playbooks/groups/qa-stg.yml b/playbooks/groups/qa-stg.yml index 48b5b97c70..e5412073eb 100644 --- a/playbooks/groups/qa-stg.yml +++ b/playbooks/groups/qa-stg.yml @@ -99,13 +99,13 @@ - name: create dirs for static sites file: path={{ item.document_root }} state=directory owner=apache group=apache mode=1755 - with_items: static_sites + with_items: "{{ static_sites }" tags: - qastaticsites - name: generate virtualhosts for static sites template: src={{ files }}/httpd/newvirtualhost.conf.j2 dest=/etc/httpd/conf.d/{{ item.name }}.conf owner=root group=root mode=0644 - with_items: static_sites + with_items: "{{ static_sites }}" notify: - reload httpd tags: From a4cd5dc17931cbdf76a39afaaf0e359ee1cc6961 Mon Sep 17 00:00:00 2001 From: Tim Flink Date: Mon, 21 Mar 2016 17:15:34 +0000 Subject: [PATCH 20/20] fixing syntax error --- playbooks/groups/qa-stg.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/groups/qa-stg.yml b/playbooks/groups/qa-stg.yml index e5412073eb..bfe9230bb7 100644 --- a/playbooks/groups/qa-stg.yml +++ b/playbooks/groups/qa-stg.yml @@ -99,7 +99,7 @@ - name: create dirs for static sites file: path={{ item.document_root }} state=directory owner=apache group=apache mode=1755 - with_items: "{{ static_sites }" + with_items: "{{ static_sites }}" tags: - qastaticsites