From 60590b4f5744a6bde2355baa5de567838c7c4072 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Franti=C5=A1ek=20Zatloukal?= Date: Thu, 5 Apr 2018 13:21:35 +0200 Subject: [PATCH 01/22] Taskotron-stg: Make changes to support latest libtaskotron --- .../group_vars/taskotron-stg-client-hosts | 2 +- .../taskotron-client/files/yumrepoinfo.conf | 7 +- .../templates/taskotron.yaml.j2 | 9 +- .../templates/taskotron.yaml.j2.dev | 198 ------------------ 4 files changed, 13 insertions(+), 203 deletions(-) delete mode 100644 roles/taskotron/taskotron-client/templates/taskotron.yaml.j2.dev diff --git a/inventory/group_vars/taskotron-stg-client-hosts b/inventory/group_vars/taskotron-stg-client-hosts index 6b05f10289..10b985fc72 100644 --- a/inventory/group_vars/taskotron-stg-client-hosts +++ b/inventory/group_vars/taskotron-stg-client-hosts @@ -44,7 +44,7 @@ kojihub_url: https://koji.fedoraproject.org/kojihub kojipkg_url: https://kojipkgs.fedoraproject.org/packages taskotron_master: https://taskotron.stg.fedoraproject.org/taskmaster/ resultsdb_external_url: https://taskotron.stg.fedoraproject.org/resultsdb -artifacts_base_url: https://taskotron.stg.fedoraproject.org/artifacts +artifacts_base_url: https://taskotron.stg.fedoraproject.org/artifacts/all client_report_to_bodhi: 'False' diff --git a/roles/taskotron/taskotron-client/files/yumrepoinfo.conf b/roles/taskotron/taskotron-client/files/yumrepoinfo.conf index 04db67af0f..3dba1666d4 100644 --- a/roles/taskotron/taskotron-client/files/yumrepoinfo.conf +++ b/roles/taskotron/taskotron-client/files/yumrepoinfo.conf @@ -14,7 +14,7 @@ baseurl = http://download.fedoraproject.org/pub/fedora/linux baseurl_altarch = http://download.fedoraproject.org/pub/fedora-secondary goldurl = %(baseurl)s/releases/%(path)s/Everything/%(arch)s/os -updatesurl = %(baseurl)s/updates/%(path)s/%(arch)s +updatesurl = %(baseurl)s/updates/%(path)s/Everything/%(arch)s rawhideurl = %(baseurl)s/%(path)s/Everything/%(arch)s/os # list of primary and alternate architectures. That decides whether baseurl or baseurl_altarch @@ -65,11 +65,13 @@ release_status = stable url = %(updatesurl)s path = 27 parent = f27 +updatesurl = %(baseurl)s/updates/%(path)s/%(arch)s [f27-updates-testing] url = %(updatesurl)s path = testing/27 parent = f27-updates +updatesurl = %(baseurl)s/updates/%(path)s/%(arch)s # Fedora 26 [f26] @@ -81,9 +83,10 @@ release_status = stable url = %(updatesurl)s path = 26 parent = f26 +updatesurl = %(baseurl)s/updates/%(path)s/%(arch)s [f26-updates-testing] url = %(updatesurl)s path = testing/26 parent = f26-updates - +updatesurl = %(baseurl)s/updates/%(path)s/%(arch)s diff --git a/roles/taskotron/taskotron-client/templates/taskotron.yaml.j2 b/roles/taskotron/taskotron-client/templates/taskotron.yaml.j2 index a5c709f160..23c0cb4704 100644 --- a/roles/taskotron/taskotron-client/templates/taskotron.yaml.j2 +++ b/roles/taskotron/taskotron-client/templates/taskotron.yaml.j2 @@ -148,7 +148,12 @@ default_disposable_release: '27' #default_disposable_flavor: taskotron_cloud #default_disposable_arch: x86_64 -## Additional repos for minion to install packages from +## Number of retries when disposable client fails to boot within timeout +#spawn_vm_retries: 3 + +## Additional DNF repos to set up on the minion. +## You can use a special syntax 'copr:reponame' to enable Fedora COPR repo on +## minion by running 'dnf copr enable reponame' on it. minion_repos: - https://fedorapeople.org/groups/qa/taskotron-repos/taskotron-production-override/taskotron-production-override.repo - https://infrastructure.fedoraproject.org/cgit/ansible.git/plain/files/common/fedora-infra-tags.repo @@ -157,7 +162,7 @@ minion_repos: - https://infrastructure.fedoraproject.org/cgit/ansible.git/plain/files/common/fedora-infra-tags-stg.repo {% endif %} {% if deployment_type == 'dev' %} - - https://copr.fedorainfracloud.org/coprs/kparal/taskotron-dev/repo/fedora-27/kparal-taskotron-dev-fedora-27.repo + - copr:kparal/taskotron-dev {% endif %} diff --git a/roles/taskotron/taskotron-client/templates/taskotron.yaml.j2.dev b/roles/taskotron/taskotron-client/templates/taskotron.yaml.j2.dev deleted file mode 100644 index 23c0cb4704..0000000000 --- a/roles/taskotron/taskotron-client/templates/taskotron.yaml.j2.dev +++ /dev/null @@ -1,198 +0,0 @@ -## Main configuration file for Taskotron -## The file is in YAML syntax, read more about it at: -## http://en.wikipedia.org/wiki/Yaml -## libtaskotron docs live at: -## https://docs.qa.fedoraproject.org/libtaskotron/latest/ - - -## ==== GENERAL section ==== -## Config profile selection. -## There are two major config profiles in Taskotron - development and -## production. -## Development profile is used for developing libtaskotron, developing checks -## based on libtaskotron and local execution of these checks. -## Production profile is used for deploying Taskotron as a service on a -## server, periodically executing the checks and reporting results to relevant -## result consumers. -## The default profile is 'development'. If you want to switch to the -## 'production' profile, uncomment the following line. -## You can also switch a profile temporarily by using TASKOTRON_PROFILE=name -## environment variable, it has a higher priority. All other options set in this -## file still apply of course. -## [choices: production, development; default: development] -profile: production - -## Task execution mode. The tasks can be executed locally (on the current -## machine) or remotely in a disposable virtual machine. Local execution is -## dangerous with destructive or untrusted tasks, remote execution requires -## some additional setup (see Taskotron documentation). -## Remote execution is done through libvirt, it creates a throwaway virtual -## machine from a specified disk image, executes the task and deletes the -## machine. -## Local execution is the default mode for development profile and remote -## execution for production profile. -## [choices: local, libvirt; default: local for development, libvirt for production] -{% if deployment_type in ['dev', 'stg', 'prod'] %} -runtask_mode: libvirt -{% elif deployment_type in ['local'] %} -runtask_mode: local -{% endif %} - -## Supported machine architectures. This is mostly used by generic, -## arch-independent tasks to determine which arches to test and report against. -## You can still run an arch-specific task on any other arch using the command -## line. -#supported_arches: ['x86_64', 'armhfp'] - - -## ==== SCHEDULING section ==== -## This section holds options related to the scheduling and execution system, -## currently we use Buildbot - -## name of step in buildbot that executes the task -buildbot_task_step: 'runtask' - - -## ==== REPORTING section ==== -## This section controls which result reports you want to send after the test -## execution is complete. - -## Whether to send test results to the configured ResultsDB server. -## [default: True for production, False for development] -report_to_resultsdb: True - - -## ==== RESOURCES section ==== -## This section specifies access details to various external services. -## -## Note: Try to keep custom URL addresses without a trailing slash. Otherwise -## the rendered URLs might end up containing double slashes, which some -## application servers don't handle gracefully (e.g. Flask's internal app -## server werkzeug). - -## URL of Koji instance used for querying about new builds -koji_url: {{ kojihub_url }} - -## URL of repository of all the RPM packages built in Koji -pkg_url: {{ kojipkg_url }} - -## Whether to use staging Bodhi instance instead of production (the -## default one). -#bodhi_staging: False - -## URL of ResultsDB server API interface, which can store all test results. -## Please make sure the URL doesn't have a trailing slash. -resultsdb_server: {{ resultsdb_server }} - -## URL of ResultsDB frontend, which displays results from ResultsDB. -## Please make sure the URL doesn't have a trailing slash. -resultsdb_frontend: {{ resultsdb_external_url }} - -## URL of ExecDB server API interface, which tracks task execution status. -## Please make sure the URL doesn't have a trailing slash. -execdb_server: {{ execdb_external_url }} - -## URL of taskotron buildmaster, to construct log URLs from. -## Please make sure the URL doesn't have a trailing slash. -taskotron_master: {{ taskotron_master }} - -## URL of artifacts base directory, to construct artifacts URLs from. -## Please make sure the URL doesn't have a trailing slash. -artifacts_baseurl: {{ artifacts_base_url }} - -## Whether to cache downloaded files to speed up subsequent downloads. If True, -## files will be downloaded to a common directory specified by "cachedir". At -## the moment, Taskotron only supports Koji RPM downloads to be cached. -## [default: False for production, True for development] -#download_cache_enabled: False - - -## ==== PATHS section ==== -## Location of various pieces of the project. - -## The location of log files for Taskotron -#logdir: /var/log/taskotron - -## The location of task files (git checkout) when running in disposable clients mode -#client_taskdir: /var/tmp/taskotron/taskdir - -## The location of temporary files for Taskotron -#tmpdir: /var/tmp/taskotron - -## The location of artifacts produced by checks -#artifactsdir: /var/lib/taskotron/artifacts - -## The location of cached files downloaded by Taskotron -#cachedir: /var/cache/taskotron - -## The location of images for disposable clients -## File names need to adhere to the naming standard of: -## YYMMDD_HHMM-fedora-RELEASE-FLAVOR-ARCH.(qcow2|raw|img) -## For example: -## 160301_1030-fedora-25-taskotron_cloud-x86_64.img -## Variables disposable_(release|flavor|arch) set in this config file -## define what kind of image is looked for. -## The newest (by YYMMDD_HHMM) image of the respective R-F-A is used. -imagesdir: {{ imagesdir }} - -## If set to False, latest image from imagesdir will be used instead of one at imageurl -## [default: True] -force_imageurl: False - -## Url of an image to download and use for disposable client, if force_imageurl was set -#imageurl: - -## Default distro/release/flavor/arch for the disposable images discovery -#default_disposable_distro: fedora -default_disposable_release: '27' -#default_disposable_flavor: taskotron_cloud -#default_disposable_arch: x86_64 - -## Number of retries when disposable client fails to boot within timeout -#spawn_vm_retries: 3 - -## Additional DNF repos to set up on the minion. -## You can use a special syntax 'copr:reponame' to enable Fedora COPR repo on -## minion by running 'dnf copr enable reponame' on it. -minion_repos: - - https://fedorapeople.org/groups/qa/taskotron-repos/taskotron-production-override/taskotron-production-override.repo - - https://infrastructure.fedoraproject.org/cgit/ansible.git/plain/files/common/fedora-infra-tags.repo -{% if deployment_type == 'stg' %} - - https://fedorapeople.org/groups/qa/taskotron-repos/taskotron-stg-override/taskotron-stg-override.repo - - https://infrastructure.fedoraproject.org/cgit/ansible.git/plain/files/common/fedora-infra-tags-stg.repo -{% endif %} -{% if deployment_type == 'dev' %} - - copr:kparal/taskotron-dev -{% endif %} - - -## ==== LOGGING section ==== -## This section contains configuration of logging. - -## Configuration of logging level. Here can be configured which messages -## will be logged. You can specify different level for logging to standard -## output (option log_level_stream) and logging to file (log_level_file). -## Possible values can be found here: -## https://docs.python.org/2.7/library/logging.html#logging-levels -{% if deployment_type == 'dev' %} -log_level_stream: DEBUG -{% elif deployment_type in ['stg', 'prod', 'local'] %} -log_level_stream: INFO -{% endif %} -#log_level_file: DEBUG - -## If True, logging to file will be enabled. -## [default: True for production, False for development] -#log_file_enabled: True - - -## ==== SECRETS section ==== -## All login credentials and other secrets are here. If you add some secret -## here, make sure you make this file readable just for the right user accounts. - -## SSH private key location. Used for remote task execution, when connecting to -## VMs and remote machines. If your systems are not configured for automatic -## connection (private keys located in SSH's standard search path), specify a -## path to the private key here. An empty value (the default) means to rely on -## the standard search path only. -#ssh_privkey: /path/to/private.key From 54136b60c97ed863b5051cd426bf68321a802300 Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Thu, 5 Apr 2018 11:47:45 +0000 Subject: [PATCH 02/22] Restore old taskotron messaging settings. --- roles/taskotron/resultsdb-backend/templates/settings.py.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/taskotron/resultsdb-backend/templates/settings.py.j2 b/roles/taskotron/resultsdb-backend/templates/settings.py.j2 index 8da290f859..9c6dd4150e 100644 --- a/roles/taskotron/resultsdb-backend/templates/settings.py.j2 +++ b/roles/taskotron/resultsdb-backend/templates/settings.py.j2 @@ -13,4 +13,5 @@ MESSAGE_BUS_PUBLISH = True {% endif %} MESSAGE_BUS_PLUGIN = 'fedmsg' -MESSAGE_BUS_KWARGS = {'modname': 'taskotron'} +MESSAGE_BUS_KWARGS = {} +MESSAGE_BUS_PUBLISH_TASKOTRON = True From 14c64f25f7551729bc57d1acd7648f88188f94b3 Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Thu, 5 Apr 2018 11:54:50 +0000 Subject: [PATCH 03/22] Looks like this really needs a modname argument. --- roles/taskotron/resultsdb-backend/templates/settings.py.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/taskotron/resultsdb-backend/templates/settings.py.j2 b/roles/taskotron/resultsdb-backend/templates/settings.py.j2 index 9c6dd4150e..4f6b00b81b 100644 --- a/roles/taskotron/resultsdb-backend/templates/settings.py.j2 +++ b/roles/taskotron/resultsdb-backend/templates/settings.py.j2 @@ -13,5 +13,5 @@ MESSAGE_BUS_PUBLISH = True {% endif %} MESSAGE_BUS_PLUGIN = 'fedmsg' -MESSAGE_BUS_KWARGS = {} +MESSAGE_BUS_KWARGS = {'modname': 'resultsdb'} MESSAGE_BUS_PUBLISH_TASKOTRON = True From 35178bbbe0e046458abba6a10c46031cf020e30f Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Thu, 5 Apr 2018 13:54:29 +0200 Subject: [PATCH 04/22] Add explicitly empty datanommer.py This is needed because otherwise every package update we get a datanommer.py with a broken database_url. Signed-off-by: Patrick Uiterwijk --- roles/datagrepper/tasks/main.yml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/roles/datagrepper/tasks/main.yml b/roles/datagrepper/tasks/main.yml index 5ab91ea9e9..cadef30c42 100644 --- a/roles/datagrepper/tasks/main.yml +++ b/roles/datagrepper/tasks/main.yml @@ -27,16 +27,24 @@ - config - datagrepper -- name: remove bum default config files +- name: remove bum compiled default config file file: dest="/etc/fedmsg.d/{{item}}" state=absent with_items: - - datanommer.py - datanommer.pyc - datanommer.pyo tags: - config - datagrepper +# This file is in the package, empty, and we need to make sure we don't get that one. +- name: empty out default config file + copy: + path=/etc/fedmsg.d/datanommer.py + content="config={}" + tags: + - config + - datagrepper + - name: installing memcached package for /topics package: name=python-memcached state=present tags: From f6d0d1762f9a2c8618fc3571fd4f312588508b9d Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Thu, 5 Apr 2018 13:56:21 +0200 Subject: [PATCH 05/22] dest != path Signed-off-by: Patrick Uiterwijk --- roles/datagrepper/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/datagrepper/tasks/main.yml b/roles/datagrepper/tasks/main.yml index cadef30c42..ccf35a3d01 100644 --- a/roles/datagrepper/tasks/main.yml +++ b/roles/datagrepper/tasks/main.yml @@ -39,7 +39,7 @@ # This file is in the package, empty, and we need to make sure we don't get that one. - name: empty out default config file copy: - path=/etc/fedmsg.d/datanommer.py + dest=/etc/fedmsg.d/datanommer.py content="config={}" tags: - config From f4a05f3fae69b429a98a9b05ab203cedf8d738a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Franti=C5=A1ek=20Zatloukal?= Date: Thu, 5 Apr 2018 14:13:18 +0200 Subject: [PATCH 06/22] Taskotron-prod: Update vars to latest libtaskotron --- inventory/group_vars/taskotron-prod-client-hosts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory/group_vars/taskotron-prod-client-hosts b/inventory/group_vars/taskotron-prod-client-hosts index c4b173c756..1af3fb65f1 100644 --- a/inventory/group_vars/taskotron-prod-client-hosts +++ b/inventory/group_vars/taskotron-prod-client-hosts @@ -44,7 +44,7 @@ kojihub_url: https://koji.fedoraproject.org/kojihub kojipkg_url: https://kojipkgs.fedoraproject.org/packages taskotron_master: https://taskotron.fedoraproject.org/taskmaster/ resultsdb_external_url: https://taskotron.fedoraproject.org/resultsdb -artifacts_base_url: https://taskotron.fedoraproject.org/artifacts +artifacts_base_url: https://taskotron.fedoraproject.org/artifacts/all client_report_to_bodhi: 'False' From 4734a630511c41391645328763aca9b2f3c825f1 Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Thu, 5 Apr 2018 12:29:08 +0000 Subject: [PATCH 07/22] Add libmodulemd to the list of things to update. --- playbooks/manual/upgrade/pdc.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/playbooks/manual/upgrade/pdc.yml b/playbooks/manual/upgrade/pdc.yml index 0f33cd1e35..bc191a5b49 100644 --- a/playbooks/manual/upgrade/pdc.yml +++ b/playbooks/manual/upgrade/pdc.yml @@ -17,6 +17,7 @@ with_items: - pdc-client - pdc-updater + - libmodulemd - python2-productmd roles: From 804bf00dd358bd532aadf8e6f5f2ff8e6863ba40 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Kalu=C5=BEa?= Date: Thu, 5 Apr 2018 13:22:09 +0000 Subject: [PATCH 08/22] MBS: Add default-modules.production. --- .../platform-f28.yaml | 27 +++++++++++++++++++ .../platform-f29.yaml | 27 +++++++++++++++++++ 2 files changed, 54 insertions(+) create mode 100644 roles/mbs/common/files/default-modules.production/platform-f28.yaml create mode 100644 roles/mbs/common/files/default-modules.production/platform-f29.yaml diff --git a/roles/mbs/common/files/default-modules.production/platform-f28.yaml b/roles/mbs/common/files/default-modules.production/platform-f28.yaml new file mode 100644 index 0000000000..a4614ea076 --- /dev/null +++ b/roles/mbs/common/files/default-modules.production/platform-f28.yaml @@ -0,0 +1,27 @@ +data: + description: Fedora 28 traditional base + license: + module: [MIT] + name: platform + profiles: + buildroot: + rpms: [bash, bzip2, coreutils, cpio, diffutils, fedora-release, findutils, gawk, + gcc, gcc-c++, grep, gzip, info, make, patch, redhat-rpm-config, rpm-build, + sed, shadow-utils, tar, unzip, util-linux, which, xz] + srpm-buildroot: + rpms: [bash, fedora-release, fedpkg-minimal, gnupg2, redhat-rpm-config, rpm-build, + shadow-utils] + stream: f28 + summary: Fedora 28 traditional base + version: 4 + context: 00000000 + xmd: + mbs: + buildrequires: {} + commit: virtual + requires: {} + koji_tag: module-f28-build + mse: TRUE +document: modulemd +version: 1 + diff --git a/roles/mbs/common/files/default-modules.production/platform-f29.yaml b/roles/mbs/common/files/default-modules.production/platform-f29.yaml new file mode 100644 index 0000000000..cf427285b4 --- /dev/null +++ b/roles/mbs/common/files/default-modules.production/platform-f29.yaml @@ -0,0 +1,27 @@ +data: + description: Fedora 29 traditional base + license: + module: [MIT] + name: platform + profiles: + buildroot: + rpms: [bash, bzip2, coreutils, cpio, diffutils, fedora-release, findutils, gawk, + gcc, gcc-c++, grep, gzip, info, make, patch, redhat-rpm-config, rpm-build, + sed, shadow-utils, tar, unzip, util-linux, which, xz] + srpm-buildroot: + rpms: [bash, fedora-release, fedpkg-minimal, gnupg2, redhat-rpm-config, rpm-build, + shadow-utils] + stream: f29 + summary: Fedora 29 traditional base + context: 00000000 + version: 4 + xmd: + mbs: + buildrequires: {} + commit: virtual + requires: {} + koji_tag: module-f29-build + mse: TRUE +document: modulemd +version: 1 + From a675df7cc59547617065f6f1e1f0f9c90eff842f Mon Sep 17 00:00:00 2001 From: Clement Verna Date: Thu, 5 Apr 2018 16:39:42 +0200 Subject: [PATCH 09/22] Use composer.stg for staging hosts Signed-off-by: Clement Verna --- inventory/group_vars/osbs-masters | 2 ++ inventory/group_vars/osbs-masters-stg | 1 + playbooks/groups/osbs-cluster.yml | 12 ++++++------ 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/inventory/group_vars/osbs-masters b/inventory/group_vars/osbs-masters index 41acc4f101..ea6cc65368 100644 --- a/inventory/group_vars/osbs-masters +++ b/inventory/group_vars/osbs-masters @@ -23,6 +23,8 @@ osbs_client_conf_path: /etc/osbs.conf openshift_node_labels: {'region':'infra'} openshift_schedulable: False +composer: compose-x86-01.phx2.fedoraproject.org + nagios_Check_Services: nrpe: true sshd: true diff --git a/inventory/group_vars/osbs-masters-stg b/inventory/group_vars/osbs-masters-stg index 2ed3811191..7f17ef3499 100644 --- a/inventory/group_vars/osbs-masters-stg +++ b/inventory/group_vars/osbs-masters-stg @@ -51,6 +51,7 @@ osbs_worker_clusters: openshift_url: https://osbs.fedoraproject.org/ verify_ssl: 'false' +composer: composer.stg.phx2.fedoraproject.org nagios_Check_Services: nrpe: true diff --git a/playbooks/groups/osbs-cluster.yml b/playbooks/groups/osbs-cluster.yml index ec4f05a6f4..19180bd823 100644 --- a/playbooks/groups/osbs-cluster.yml +++ b/playbooks/groups/osbs-cluster.yml @@ -550,20 +550,20 @@ - name: pull fedora required docker images shell: "docker pull {{item}}" with_items: "{{fedora_required_images}}" - delegate_to: compose-x86-01.phx2.fedoraproject.org + delegate_to: "{{ composer }}" register: docker_pull_fedora_delegated changed_when: "'Downloaded newer image' in docker_pull_fedora_delegated.stdout" - name: tag fedora required docker images for our registry shell: "docker tag {{item}} {{docker_registry}}/{{item}}" with_items: "{{fedora_required_images}}" - delegate_to: compose-x86-01.phx2.fedoraproject.org + delegate_to: "{{ composer }}" when: docker_pull_fedora_delegated|changed - name: push fedora required docker images to our registry shell: "docker push {{docker_registry}}/{{item}}" with_items: "{{fedora_required_images}}" - delegate_to: compose-x86-01.phx2.fedoraproject.org + delegate_to: "{{ composer }}" when: docker_pull_fedora_delegated|changed - name: register origin_version_out rpm query @@ -578,20 +578,20 @@ - name: pull openshift required docker images shell: "docker pull {{item}}:v{{origin_version}}" with_items: "{{openshift_required_images}}" - delegate_to: compose-x86-01.phx2.fedoraproject.org + delegate_to: "{{ composer }}" register: docker_pull_openshift_delegated changed_when: "'Downloaded newer image' in docker_pull_openshift_delegated.stdout" - name: tag openshift required docker images for our registry shell: "docker tag {{item}}:v{{origin_version}} {{docker_registry}}/{{item}}:v{{origin_version}}" with_items: "{{openshift_required_images}}" - delegate_to: compose-x86-01.phx2.fedoraproject.org + delegate_to: "{{ composer }}" when: docker_pull_openshift_delegated|changed - name: push openshift required docker images to our registry shell: "docker push {{docker_registry}}/{{item}}:v{{origin_version}}" with_items: "{{openshift_required_images}}" - delegate_to: compose-x86-01.phx2.fedoraproject.org + delegate_to: "{{ composer }}" when: docker_pull_openshift_delegated|changed - name: create fedora image stream for OpenShift From 6a49c82511056f6f7ac67a4d11bdffe9f7cbbaec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Kalu=C5=BEa?= Date: Thu, 5 Apr 2018 14:52:36 +0000 Subject: [PATCH 10/22] MBS: Use 'db' RESOLVER also for prod. --- roles/mbs/common/templates/config.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/mbs/common/templates/config.py b/roles/mbs/common/templates/config.py index 9768d69acc..a24f7751a8 100644 --- a/roles/mbs/common/templates/config.py +++ b/roles/mbs/common/templates/config.py @@ -142,7 +142,6 @@ class ProdConfiguration(BaseConfiguration): 'git+https://src.stg.fedoraproject.org/modules/', 'https://src.stg.fedoraproject.org/modules/', 'https://src.stg.fedoraproject.org/git/modules/'] - RESOLVER = "db" {% else %} KOJI_PROFILE = 'production' @@ -156,6 +155,8 @@ class ProdConfiguration(BaseConfiguration): 'https://src.fedoraproject.org/git/modules/'] {% endif %} + RESOLVER = "db" + # Made possible by https://pagure.io/releng/issue/6799 KOJI_ENABLE_CONTENT_GENERATOR = True From 9a20193464e2745a3b1756386088442997325c1e Mon Sep 17 00:00:00 2001 From: Clement Verna Date: Thu, 5 Apr 2018 17:20:35 +0200 Subject: [PATCH 11/22] Give sudo before collectd Signed-off-by: Clement Verna --- playbooks/groups/osbs-cluster.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/groups/osbs-cluster.yml b/playbooks/groups/osbs-cluster.yml index 19180bd823..9ea4f06857 100644 --- a/playbooks/groups/osbs-cluster.yml +++ b/playbooks/groups/osbs-cluster.yml @@ -23,9 +23,9 @@ - nagios_client - hosts - fas_client + - sudo - collectd/base - rsyncd - - sudo tasks: - import_tasks: "{{ tasks_path }}/2fa_client.yml" From c9c32b806da8583efd3c2995355b3ebaf8e8a2e0 Mon Sep 17 00:00:00 2001 From: Clement Verna Date: Thu, 5 Apr 2018 17:29:14 +0200 Subject: [PATCH 12/22] Make osbs-master01.stg an f27 box Signed-off-by: Clement Verna --- inventory/host_vars/osbs-master01.stg.phx2.fedoraproject.org | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/inventory/host_vars/osbs-master01.stg.phx2.fedoraproject.org b/inventory/host_vars/osbs-master01.stg.phx2.fedoraproject.org index 61a1be5850..b4d7894be5 100644 --- a/inventory/host_vars/osbs-master01.stg.phx2.fedoraproject.org +++ b/inventory/host_vars/osbs-master01.stg.phx2.fedoraproject.org @@ -2,8 +2,8 @@ nm: 255.255.255.0 gw: 10.5.128.254 dns: 10.5.126.21 -ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-26 -ks_repo: http://10.5.126.23/pub/fedora/linux/releases/26/Server/x86_64/os/ +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-27 +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/27/Server/x86_64/os/ volgroup: /dev/vg_guests eth0_ip: 10.5.128.161 vmhost: virthost20.phx2.fedoraproject.org From c7133fefadf9ee5eb61a504146d614d7b057dc29 Mon Sep 17 00:00:00 2001 From: Pierre-Yves Chibon Date: Thu, 5 Apr 2018 19:02:04 +0200 Subject: [PATCH 13/22] Let's disable the cron on staging dist-git until they are fixed Signed-off-by: Pierre-Yves Chibon --- roles/distgit/pagure/tasks/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/distgit/pagure/tasks/main.yml b/roles/distgit/pagure/tasks/main.yml index bb5935cf82..da7867b711 100644 --- a/roles/distgit/pagure/tasks/main.yml +++ b/roles/distgit/pagure/tasks/main.yml @@ -267,6 +267,7 @@ - pagure - name: Configure cron job for a hourly pagure_poc + when: env != 'staging' cron: name: pagure-poc user: root @@ -278,6 +279,7 @@ - pagure - name: Configure cron job for a hourly pagure_bz + when: env != 'staging' cron: name: pagure-poc user: root @@ -289,6 +291,7 @@ - pagure - name: Configure cron job for a hourly pagure_owner_alias + when: env != 'staging' cron: name: pagure-poc user: root From caf130a42273e00550aff99ea2231906074aaa34 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Thu, 5 Apr 2018 18:08:24 +0000 Subject: [PATCH 14/22] lets see if the problem here is the name keyword --- playbooks/groups/ask.yml | 8 ++++---- playbooks/groups/docker-registry.yml | 4 ++-- playbooks/groups/nuancier.yml | 8 ++++---- roles/gluster/client/tasks/main.yml | 4 ++-- roles/gluster/server/tasks/main.yml | 2 +- 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/playbooks/groups/ask.yml b/playbooks/groups/ask.yml index d5cdd3c5e1..79c332a678 100644 --- a/playbooks/groups/ask.yml +++ b/playbooks/groups/ask.yml @@ -45,7 +45,7 @@ roles: - role: gluster/server - name: gluster + glusterservername: gluster username: "{{ ask_gluster_username }}" password: "{{ ask_gluster_password }}" owner: root @@ -53,7 +53,7 @@ datadir: /srv/glusterfs/ask-stg - role: gluster/client - name: gluster + glusterservername: gluster servers: - ask01.stg.phx2.fedoraproject.org username: "{{ ask_gluster_username }}" @@ -74,7 +74,7 @@ roles: - role: gluster/server - name: gluster + glusterservername: gluster username: "{{ ask_gluster_username }}" password: "{{ ask_gluster_password }}" owner: root @@ -82,7 +82,7 @@ datadir: /srv/glusterfs/ask - role: gluster/client - name: gluster + glusterservername: gluster servers: - ask01.phx2.fedoraproject.org - ask02.phx2.fedoraproject.org diff --git a/playbooks/groups/docker-registry.yml b/playbooks/groups/docker-registry.yml index 5e227d3ab7..c4f60ae24e 100644 --- a/playbooks/groups/docker-registry.yml +++ b/playbooks/groups/docker-registry.yml @@ -67,7 +67,7 @@ roles: - role: gluster/server - name: gluster + glusterservername: gluster username: "{{ registry_gluster_username_prod }}" password: "{{ registry_gluster_password_prod }}" owner: root @@ -75,7 +75,7 @@ datadir: /srv/glusterfs/registry - role: gluster/client - name: gluster + glusterservername: gluster servers: - docker-registry02.phx2.fedoraproject.org - docker-registry03.phx2.fedoraproject.org diff --git a/playbooks/groups/nuancier.yml b/playbooks/groups/nuancier.yml index acf8c66a0a..32e5a2e0f7 100644 --- a/playbooks/groups/nuancier.yml +++ b/playbooks/groups/nuancier.yml @@ -63,7 +63,7 @@ roles: - role: gluster/server - name: gluster + glusterservername: gluster username: "{{ nuancier_gluster_username }}" password: "{{ nuancier_gluster_password }}" owner: root @@ -71,7 +71,7 @@ datadir: /srv/glusterfs/nuancier-stg - role: gluster/client - name: gluster + glusterservername: gluster servers: - nuancier01.stg.phx2.fedoraproject.org - nuancier02.stg.phx2.fedoraproject.org @@ -93,7 +93,7 @@ roles: - role: gluster/server - name: gluster + glusterservername: gluster username: "{{ nuancier_gluster_username }}" password: "{{ nuancier_gluster_password }}" owner: root @@ -101,7 +101,7 @@ datadir: /srv/glusterfs/nuancier - role: gluster/client - name: gluster + glusterservername: gluster servers: - nuancier01.phx2.fedoraproject.org - nuancier02.phx2.fedoraproject.org diff --git a/roles/gluster/client/tasks/main.yml b/roles/gluster/client/tasks/main.yml index b596f19021..ff2a5d94d4 100644 --- a/roles/gluster/client/tasks/main.yml +++ b/roles/gluster/client/tasks/main.yml @@ -19,14 +19,14 @@ - name: copy over the client config template: src: client.config - dest: /etc/glusterfs/glusterfs.{{name}}.vol + dest: /etc/glusterfs/glusterfs.{{glusterservername}}.vol mode: 0640 #notify: #- remount? no idea... - name: mount it up mount: - src: /etc/glusterfs/glusterfs.{{name}}.vol + src: /etc/glusterfs/glusterfs.{{glusterservername}}.vol state: mounted fstype: glusterfs name: "{{mountdir}}" diff --git a/roles/gluster/server/tasks/main.yml b/roles/gluster/server/tasks/main.yml index a530aa6175..47b9b85a50 100644 --- a/roles/gluster/server/tasks/main.yml +++ b/roles/gluster/server/tasks/main.yml @@ -13,7 +13,7 @@ - restart glusterd - name: make the datapath - file: dest={{ datadir }}/{{ name }} state=directory + file: dest={{ datadir }}/{{ glusterservername }} state=directory notify: - restart glusterd From c12a30acceeb352b8dd75fb05e2bc8f99a446a97 Mon Sep 17 00:00:00 2001 From: Jeremy Cline Date: Thu, 5 Apr 2018 18:19:49 +0000 Subject: [PATCH 15/22] Add the release-monitoring stage db to the config Signed-off-by: Jeremy Cline --- roles/openshift-apps/release-monitoring/templates/configmap.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openshift-apps/release-monitoring/templates/configmap.yml b/roles/openshift-apps/release-monitoring/templates/configmap.yml index 753aa06f03..2392fe8294 100644 --- a/roles/openshift-apps/release-monitoring/templates/configmap.yml +++ b/roles/openshift-apps/release-monitoring/templates/configmap.yml @@ -20,7 +20,7 @@ data: permanent_session_lifetime = 3600 {% if env == 'staging' %} - db_url = "sqlite:////var/tmp/anitya-dev.sqlite" + db_url = "postgresql://{{ anitya_stg_db_user }}:{{ anitya_stg_db_pass }}@{{ anitya_stg_db_host }}/{{ anitya_stg_db_name }}" {% else %} db_url = "postgresql://{{ anitya_db_user }}:{{ anitya_db_pass }}@{{ anitya_db_host }}/{{ anitya_db_name }}" {% endif %} From 81edf503cd0c75dc80653a3484105e794b2a9918 Mon Sep 17 00:00:00 2001 From: Jeremy Cline Date: Thu, 5 Apr 2018 18:23:14 +0000 Subject: [PATCH 16/22] Install python-social-auth for release-monitoring Signed-off-by: Jeremy Cline --- .../release-monitoring/files/buildconfig.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/roles/openshift-apps/release-monitoring/files/buildconfig.yml b/roles/openshift-apps/release-monitoring/files/buildconfig.yml index 436c5d0a2e..e9b007e31e 100644 --- a/roles/openshift-apps/release-monitoring/files/buildconfig.yml +++ b/roles/openshift-apps/release-monitoring/files/buildconfig.yml @@ -15,7 +15,7 @@ items: name="release-monitoring-web" \ vendor="Fedora Infrastructure" \ license="MIT" - RUN dnf install -y \ + RUN dnf install -y --enable-repo=updates-testing \ git \ python3-blinker \ python3-dateutil \ @@ -30,18 +30,17 @@ items: python3-pip \ python3-psycopg2 \ python3-setuptools \ + python3-social-auth-app-flask-sqlalchemy \ python3-straight-plugin \ python3-sqlalchemy \ python3-wtforms && \ dnf autoremove -y && \ dnf clean all -y - RUN pip-3 install social-auth-app-flask social-auth-app-flask-sqlalchemy RUN pip-3 install git+https://github.com/release-monitoring/anitya.git ENV USER=anitya EXPOSE 8080 EXPOSE 9940 - ENTRYPOINT python3 -c "from anitya.config import config; from anitya.lib import utilities; utilities.init('sqlite:////var/tmp/anitya-dev.sqlite', None, debug=True, create=True)" \ - && python3-gunicorn --bind 0.0.0.0:8080 --access-logfile=- anitya.wsgi:application + ENTRYPOINT python3-gunicorn --bind 0.0.0.0:8080 --access-logfile=- anitya.wsgi:application type: Dockerfile strategy: type: Docker From 0dbe0cf95d24fe42bf0084367b527618b1873c0d Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Thu, 5 Apr 2018 18:29:31 +0000 Subject: [PATCH 17/22] also change vars here --- roles/gluster/client/templates/client.config | 2 +- roles/gluster/server/templates/server.config | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/gluster/client/templates/client.config b/roles/gluster/client/templates/client.config index ffd059e6e3..f5614a3eec 100644 --- a/roles/gluster/client/templates/client.config +++ b/roles/gluster/client/templates/client.config @@ -1,4 +1,4 @@ -# Config for {{ name }} +# Config for {{ glusterservername }} # Generated by ansible {% for server in servers %} diff --git a/roles/gluster/server/templates/server.config b/roles/gluster/server/templates/server.config index 787494c235..c74091be55 100644 --- a/roles/gluster/server/templates/server.config +++ b/roles/gluster/server/templates/server.config @@ -1,9 +1,9 @@ -# Config for {{ name }} +# Config for {{ glusterservername }} # Generated by ansible volume posix type storage/posix - option directory {{ datadir }}/{{ name }} + option directory {{ datadir }}/{{ glusterservername }} end-volume volume locks @@ -22,8 +22,8 @@ volume server-tcp type protocol/server subvolumes iothreads option transport-type tcp - option auth.login.iothreads.allow {{ username }} - option auth.login.{{ username }}.password {{ password }} + option auth.login.iothreads.allow {{ userglusterservername }} + option auth.login.{{ userglusterservername }}.password {{ password }} option transport.socket.listen-port 6996 option transport.socket.nodelay on end-volume From 75d7bbc738416fa5a70698dbde00f33ce5f7f1f7 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Thu, 5 Apr 2018 18:45:27 +0000 Subject: [PATCH 18/22] bad global replace --- roles/gluster/server/templates/server.config | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/gluster/server/templates/server.config b/roles/gluster/server/templates/server.config index c74091be55..7b74b56af4 100644 --- a/roles/gluster/server/templates/server.config +++ b/roles/gluster/server/templates/server.config @@ -22,8 +22,8 @@ volume server-tcp type protocol/server subvolumes iothreads option transport-type tcp - option auth.login.iothreads.allow {{ userglusterservername }} - option auth.login.{{ userglusterservername }}.password {{ password }} + option auth.login.iothreads.allow {{ username }} + option auth.login.{{ username }}.password {{ password }} option transport.socket.listen-port 6996 option transport.socket.nodelay on end-volume From 066c97690efd915aa3e6977ab85ee83cd9a032a7 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Thu, 5 Apr 2018 19:58:10 +0000 Subject: [PATCH 19/22] tell ansible these are vars --- playbooks/openshift-apps/greenwave.yml | 16 ++++++++-------- .../openshift-apps/librariesio2fedmsg.yml | 12 ++++++------ playbooks/openshift-apps/modernpaste.yml | 18 +++++++++--------- .../openshift-apps/release-monitoring.yml | 16 ++++++++-------- playbooks/openshift-apps/transtats.yml | 16 ++++++++-------- playbooks/openshift-apps/waiverdb.yml | 16 ++++++++-------- 6 files changed, 47 insertions(+), 47 deletions(-) diff --git a/playbooks/openshift-apps/greenwave.yml b/playbooks/openshift-apps/greenwave.yml index 2c828d3db0..7539272de7 100644 --- a/playbooks/openshift-apps/greenwave.yml +++ b/playbooks/openshift-apps/greenwave.yml @@ -42,11 +42,11 @@ key: fedmsg-greenwave.crt privatefile: fedmsg-certs/keys/greenwave-greenwave-web-greenwave.app.os.fedoraproject.org.crt when: env != "staging" - - { role: openshift/object, app: greenwave, file: imagestream.yml } - - { role: openshift/object, app: greenwave, template: buildconfig.yml } - - { role: openshift/start-build, app: greenwave, name: greenwave-docker-build } - - { role: openshift/object, app: greenwave, template: configmap.yml } - - { role: openshift/object, app: greenwave, file: service.yml } - - { role: openshift/object, app: greenwave, file: route.yml } - - { role: openshift/object, app: greenwave, file: deploymentconfig.yml } - - { role: openshift/rollout, app: greenwave, name: greenwave-web } + - { role: openshift/object, vars: {app: greenwave, file: imagestream.yml }} + - { role: openshift/object, vars: {app: greenwave, template: buildconfig.yml }} + - { role: openshift/start-build, vars: {app: greenwave, name: greenwave-docker-build }} + - { role: openshift/object, vars: {app: greenwave, template: configmap.yml }} + - { role: openshift/object, vars: {app: greenwave, file: service.yml }} + - { role: openshift/object, vars: {app: greenwave, file: route.yml }} + - { role: openshift/object, vars: {app: greenwave, file: deploymentconfig.yml }} + - { role: openshift/rollout, vars: {app: greenwave, name: greenwave-web }} diff --git a/playbooks/openshift-apps/librariesio2fedmsg.yml b/playbooks/openshift-apps/librariesio2fedmsg.yml index fedac41ada..667199150f 100644 --- a/playbooks/openshift-apps/librariesio2fedmsg.yml +++ b/playbooks/openshift-apps/librariesio2fedmsg.yml @@ -24,9 +24,9 @@ secret_name: librariesio2fedmsg-fedmsg-crt key: fedmsg-librariesio2fedmsg.crt privatefile: fedmsg-certs/keys/librariesio2fedmsg-librariesio2fedmsg.app.os.fedoraproject.org.crt - - { role: openshift/object, app: librariesio2fedmsg, file: imagestream.yml } - - { role: openshift/object, app: librariesio2fedmsg, file: buildconfig.yml } - - { role: openshift/start-build, app: librariesio2fedmsg, name: sse2fedmsg-docker-build } - - { role: openshift/object, app: librariesio2fedmsg, template: configmap.yml } - - { role: openshift/object, app: librariesio2fedmsg, file: deploymentconfig.yml } - - { role: openshift/rollout, app: librariesio2fedmsg, name: librariesio2fedmsg } + - { role: openshift/object, vars: {app: librariesio2fedmsg, file: imagestream.yml }} + - { role: openshift/object, vars: {app: librariesio2fedmsg, file: buildconfig.yml }} + - { role: openshift/start-build, vars: {app: librariesio2fedmsg, name: sse2fedmsg-docker-build }} + - { role: openshift/object, vars: {app: librariesio2fedmsg, template: configmap.yml }} + - { role: openshift/object, vars: {app: librariesio2fedmsg, file: deploymentconfig.yml }} + - { role: openshift/rollout, vars: {app: librariesio2fedmsg, name: librariesio2fedmsg }} diff --git a/playbooks/openshift-apps/modernpaste.yml b/playbooks/openshift-apps/modernpaste.yml index 260281eb2a..69d46755ae 100644 --- a/playbooks/openshift-apps/modernpaste.yml +++ b/playbooks/openshift-apps/modernpaste.yml @@ -14,12 +14,12 @@ description: modernpaste appowners: - codeblock - - { role: openshift/object, app: modernpaste, file: imagestream.yml } - - { role: openshift/object, app: modernpaste, template: secret.yml } - - { role: openshift/object, app: modernpaste, file: buildconfig.yml } - - { role: openshift/start-build, app: modernpaste, name: modernpaste-docker-build } - - { role: openshift/object, app: modernpaste, template: configmap.yml } - - { role: openshift/object, app: modernpaste, file: service.yml } - - { role: openshift/object, app: modernpaste, file: route.yml } - - { role: openshift/object, app: modernpaste, file: deploymentconfig.yml } - - { role: openshift/rollout, app: modernpaste, name: modernpaste-web } + - { role: openshift/object, vars: {app: modernpaste, file: imagestream.yml }} + - { role: openshift/object, vars: {app: modernpaste, template: secret.yml }} + - { role: openshift/object, vars: {app: modernpaste, file: buildconfig.yml }} + - { role: openshift/start-build, vars: {app: modernpaste, name: modernpaste-docker-build }} + - { role: openshift/object, vars: {app: modernpaste, template: configmap.yml }} + - { role: openshift/object, vars: {app: modernpaste, file: service.yml }} + - { role: openshift/object, vars: {app: modernpaste, file: route.yml }} + - { role: openshift/object, vars: {app: modernpaste, file: deploymentconfig.yml }} + - { role: openshift/rollout, vars: {app: modernpaste, name: modernpaste-web }} diff --git a/playbooks/openshift-apps/release-monitoring.yml b/playbooks/openshift-apps/release-monitoring.yml index 7f4e866352..c7d591792a 100644 --- a/playbooks/openshift-apps/release-monitoring.yml +++ b/playbooks/openshift-apps/release-monitoring.yml @@ -14,11 +14,11 @@ description: release-monitoring appowners: - jcline - - { role: openshift/object, app: release-monitoring, file: imagestream.yml } - - { role: openshift/object, app: release-monitoring, file: buildconfig.yml } - - { role: openshift/start-build, app: release-monitoring, name: release-monitoring-web-build } - - { role: openshift/object, app: release-monitoring, template: configmap.yml } - - { role: openshift/object, app: release-monitoring, file: service.yml } - - { role: openshift/object, app: release-monitoring, file: route.yml } - - { role: openshift/object, app: release-monitoring, file: deploymentconfig.yml } - - { role: openshift/rollout, app: release-monitoring, name: release-monitoring-web } + - { role: openshift/object, vars: {app: release-monitoring, file: imagestream.yml }} + - { role: openshift/object, vars: {app: release-monitoring, file: buildconfig.yml }} + - { role: openshift/start-build, vars: {app: release-monitoring, name: release-monitoring-web-build }} + - { role: openshift/object, vars: {app: release-monitoring, template: configmap.yml }} + - { role: openshift/object, vars: {app: release-monitoring, file: service.yml }} + - { role: openshift/object, vars: {app: release-monitoring, file: route.yml }} + - { role: openshift/object, vars: {app: release-monitoring, file: deploymentconfig.yml }} + - { role: openshift/rollout, vars: {app: release-monitoring, name: release-monitoring-web }} diff --git a/playbooks/openshift-apps/transtats.yml b/playbooks/openshift-apps/transtats.yml index 237ca2839a..f18bc14384 100644 --- a/playbooks/openshift-apps/transtats.yml +++ b/playbooks/openshift-apps/transtats.yml @@ -14,11 +14,11 @@ description: transtats appowners: - suanand - - { role: openshift/object, app: transtats, template: secret.yml } - - { role: openshift/object, app: transtats, file: imagestream.yml } - - { role: openshift/object, app: transtats, file: buildconfig.yml } - - { role: openshift/start-build, app: transtats, name: transtats-build } - - { role: openshift/object, app: transtats, file: service.yml } - - { role: openshift/object, app: transtats, file: route.yml } - - { role: openshift/object, app: transtats, file: deploymentconfig.yml } - - { role: openshift/rollout, app: transtats, name: transtats-web } + - { role: openshift/object, vars: {app: transtats, template: secret.yml }} + - { role: openshift/object, vars: {app: transtats, file: imagestream.yml }} + - { role: openshift/object, vars: {app: transtats, file: buildconfig.yml }} + - { role: openshift/start-build, vars: {app: transtats, name: transtats-build }} + - { role: openshift/object, vars: {app: transtats, file: service.yml }} + - { role: openshift/object, vars: {app: transtats, file: route.yml }} + - { role: openshift/object, vars: {app: transtats, file: deploymentconfig.yml }} + - { role: openshift/rollout, vars: {app: transtats, name: transtats-web }} diff --git a/playbooks/openshift-apps/waiverdb.yml b/playbooks/openshift-apps/waiverdb.yml index cc8ff823f5..2f7af5f085 100644 --- a/playbooks/openshift-apps/waiverdb.yml +++ b/playbooks/openshift-apps/waiverdb.yml @@ -49,11 +49,11 @@ key: fedmsg-waiverdb.crt privatefile: fedmsg-certs/keys/waiverdb-waiverdb-web-waiverdb.app.os.fedoraproject.org.crt when: env != "staging" - - { role: openshift/object, app: waiverdb, file: imagestream.yml } - - { role: openshift/object, app: waiverdb, file: buildconfig.yml } - - { role: openshift/start-build, app: waiverdb, name: waiverdb-docker-build } - - { role: openshift/object, app: waiverdb, template: configmap.yml } - - { role: openshift/object, app: waiverdb, file: service.yml } - - { role: openshift/object, app: waiverdb, file: route.yml } - - { role: openshift/object, app: waiverdb, template: deploymentconfig.yml } - - { role: openshift/rollout, app: waiverdb, name: waiverdb-web } + - { role: openshift/object, vars: {app: waiverdb, file: imagestream.yml }} + - { role: openshift/object, vars: {app: waiverdb, file: buildconfig.yml }} + - { role: openshift/start-build, vars: {app: waiverdb, name: waiverdb-docker-build }} + - { role: openshift/object, vars: {app: waiverdb, template: configmap.yml }} + - { role: openshift/object, vars: {app: waiverdb, file: service.yml }} + - { role: openshift/object, vars: {app: waiverdb, file: route.yml }} + - { role: openshift/object, vars: {app: waiverdb, template: deploymentconfig.yml }} + - { role: openshift/rollout, vars: {app: waiverdb, name: waiverdb-web }} From c7f95e7c9e36debe3b6d798188a57b15a072bb19 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Thu, 5 Apr 2018 20:48:29 +0000 Subject: [PATCH 20/22] try and deal with name scoping some more --- playbooks/groups/batcave.yml | 4 ++- playbooks/groups/people.yml | 2 +- playbooks/groups/secondary.yml | 11 ++++---- playbooks/groups/torrent.yml | 9 +++---- playbooks/include/proxies-certificates.yml | 30 +++++++++++----------- roles/httpd/certificate/tasks/main.yml | 8 +++--- 6 files changed, 32 insertions(+), 32 deletions(-) diff --git a/playbooks/groups/batcave.yml b/playbooks/groups/batcave.yml index 2444497020..85c06ce1e2 100644 --- a/playbooks/groups/batcave.yml +++ b/playbooks/groups/batcave.yml @@ -26,7 +26,9 @@ - rsyncd - apache - httpd/mod_ssl - - { role: httpd/certificate, name: "{{wildcard_cert_name}}", SSLCertificateChainFile: "{{wildcard_int_file}}" } + - role: httpd/certificate + certname: "{{wildcard_cert_name}}" + SSLCertificateChainFile: "{{wildcard_int_file}}" - openvpn/client - batcave diff --git a/playbooks/groups/people.yml b/playbooks/groups/people.yml index 8dbaa957b6..e7661b4b41 100644 --- a/playbooks/groups/people.yml +++ b/playbooks/groups/people.yml @@ -75,7 +75,7 @@ - role: apache - role: httpd/certificate - name: wildcard-2017.fedorapeople.org + certname: wildcard-2017.fedorapeople.org SSLCertificateChainFile: wildcard-2017.fedorapeople.org.intermediate.cert - people diff --git a/playbooks/groups/secondary.yml b/playbooks/groups/secondary.yml index d01b35d9f4..05df30fe35 100644 --- a/playbooks/groups/secondary.yml +++ b/playbooks/groups/secondary.yml @@ -37,15 +37,16 @@ - role: httpd/mod_ssl - role: httpd/certificate - name: "{{wildcard_cert_name}}" + certname: "{{wildcard_cert_name}}" SSLCertificateChainFile: "{{wildcard_int_file}}" - - role: httpd/website - name: secondary.fedoraproject.org - cert_name: "{{wildcard_cert_name}}" + - { role: httpd/website + vars: + - name: secondary.fedoraproject.org + - cert_name: "{{wildcard_cert_name}}" server_aliases: - archive.fedoraproject.org - - archives.fedoraproject.org + - archives.fedoraproject.org } tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" - import_tasks: "{{ tasks_path }}/2fa_client.yml" diff --git a/playbooks/groups/torrent.yml b/playbooks/groups/torrent.yml index f80e989edb..f0bb95844f 100644 --- a/playbooks/groups/torrent.yml +++ b/playbooks/groups/torrent.yml @@ -26,13 +26,10 @@ - role: httpd/mod_ssl - role: httpd/certificate - name: "{{wildcard_cert_name}}" - SSLCertificateChainFile: "{{wildcard_int_file}}" + certname: "{{wildcard_cert_name}}" + SSLCertificateChainFile: "{{wildcard_int_file}}"}} - - role: httpd/website - name: torrent.fedoraproject.org - cert_name: "{{wildcard_cert_name}}" - sslonly: true + - {role: httpd/website, vars: {name: torrent.fedoraproject.org, cert_name: "{{wildcard_cert_name}}", sslonly: true}} tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" diff --git a/playbooks/include/proxies-certificates.yml b/playbooks/include/proxies-certificates.yml index 65d86804d0..9a68eb7e5e 100644 --- a/playbooks/include/proxies-certificates.yml +++ b/playbooks/include/proxies-certificates.yml @@ -16,72 +16,72 @@ - role: httpd/mod_ssl - role: httpd/certificate - name: wildcard-2017.fedoraproject.org + certname: wildcard-2017.fedoraproject.org SSLCertificateChainFile: wildcard-2017.fedoraproject.org.intermediate.cert - role: httpd/certificate - name: wildcard-2017.fedorahosted.org + certname: wildcard-2017.fedorahosted.org SSLCertificateChainFile: wildcard-2017.fedorahosted.org.intermediate.cert - role: httpd/certificate - name: wildcard-2017.id.fedoraproject.org + certname: wildcard-2017.id.fedoraproject.org SSLCertificateChainFile: wildcard-2017.id.fedoraproject.org.intermediate.cert - role: httpd/certificate - name: wildcard-2017.stg.fedoraproject.org + certname: wildcard-2017.stg.fedoraproject.org SSLCertificateChainFile: wildcard-2017.stg.fedoraproject.org.intermediate.cert when: env == "staging" - role: httpd/certificate - name: wildcard-2017.app.os.stg.fedoraproject.org + certname: wildcard-2017.app.os.stg.fedoraproject.org SSLCertificateChainFile: wildcard-2017.app.os.stg.fedoraproject.org.intermediate.cert when: env == "staging" tags: - app.os.fedoraproject.org - role: httpd/certificate - name: wildcard-2017.app.os.fedoraproject.org + certname: wildcard-2017.app.os.fedoraproject.org SSLCertificateChainFile: wildcard-2017.app.os.fedoraproject.org.intermediate.cert tags: - app.os.fedoraproject.org - role: httpd/certificate - name: fedoramagazine.org + certname: fedoramagazine.org SSLCertificateChainFile: fedoramagazine.org.intermediate.cert - role: httpd/certificate - name: fpaste.org + certname: fpaste.org SSLCertificateChainFile: fpaste.org.intermediate.cert - role: httpd/certificate - name: getfedora.org + certname: getfedora.org SSLCertificateChainFile: getfedora.org.intermediate.cert - role: httpd/certificate - name: flocktofedora.org + certname: flocktofedora.org SSLCertificateChainFile: flocktofedora.org.intermediate.cert - role: httpd/certificate - name: qa.stg.fedoraproject.org + certname: qa.stg.fedoraproject.org SSLCertificateChainFile: qa.stg.fedoraproject.org.intermediate.cert when: env == "staging" - role: httpd/certificate - name: qa.fedoraproject.org + certname: qa.fedoraproject.org SSLCertificateChainFile: qa.fedoraproject.org.intermediate.cert - role: httpd/certificate - name: secondary.koji.fedoraproject.org.letsencrypt + certname: secondary.koji.fedoraproject.org.letsencrypt SSLCertificateChainFile: secondary.koji.fedoraproject.org.letsencrypt.intermediate.crt - role: httpd/certificate - name: whatcanidoforfedora.org + certname: whatcanidoforfedora.org SSLCertificateChainFile: whatcanidoforfedora.org.intermediate.crt tags: - whatcanidoforfedora.org - role: httpd/certificate - name: fedoracommunity.org + certname: fedoracommunity.org SSLCertificateChainFile: fedoracommunity.org.intermediate.cert tags: - fedoracommunity.org diff --git a/roles/httpd/certificate/tasks/main.yml b/roles/httpd/certificate/tasks/main.yml index afae3243eb..afad02c105 100644 --- a/roles/httpd/certificate/tasks/main.yml +++ b/roles/httpd/certificate/tasks/main.yml @@ -18,7 +18,7 @@ - httpd - httpd/certificate -- name: Copy {{name}}.cert +- name: Copy {{certname}}.cert copy: > src={{item}} dest=/etc/pki/tls/certs/{{item | basename}} @@ -27,14 +27,14 @@ mode=0644 with_first_found: - "{{private}}/files/httpd/{{cert}}.cert" - - "{{private}}/files/httpd/{{name}}.cert" + - "{{private}}/files/httpd/{{certname}}.cert" notify: - reload proxyhttpd tags: - httpd - httpd/certificate -- name: Copy {{name}}.key +- name: Copy {{certname}}.key copy: > src={{item}} dest=/etc/pki/tls/private/{{item | basename}} @@ -43,7 +43,7 @@ mode=0600 with_first_found: - "{{private}}/files/httpd/{{key}}.key" - - "{{private}}/files/httpd/{{name}}.key" + - "{{private}}/files/httpd/{{certname}}.key" notify: - reload proxyhttpd tags: From 874887227248febb65333b45a2ad3789a5e7391e Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Thu, 5 Apr 2018 20:50:24 +0000 Subject: [PATCH 21/22] clean up some leftover }s --- playbooks/groups/secondary.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/playbooks/groups/secondary.yml b/playbooks/groups/secondary.yml index 05df30fe35..56a62e2f26 100644 --- a/playbooks/groups/secondary.yml +++ b/playbooks/groups/secondary.yml @@ -40,13 +40,13 @@ certname: "{{wildcard_cert_name}}" SSLCertificateChainFile: "{{wildcard_int_file}}" - - { role: httpd/website + - role: httpd/website vars: - name: secondary.fedoraproject.org - cert_name: "{{wildcard_cert_name}}" server_aliases: - archive.fedoraproject.org - - archives.fedoraproject.org } + - archives.fedoraproject.org tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" - import_tasks: "{{ tasks_path }}/2fa_client.yml" From 109a1fd2431f8b20228903db7697274d6df27d1f Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Thu, 5 Apr 2018 20:52:19 +0000 Subject: [PATCH 22/22] drop stray }}s --- playbooks/groups/torrent.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/groups/torrent.yml b/playbooks/groups/torrent.yml index f0bb95844f..85be8e054d 100644 --- a/playbooks/groups/torrent.yml +++ b/playbooks/groups/torrent.yml @@ -27,7 +27,7 @@ - role: httpd/certificate certname: "{{wildcard_cert_name}}" - SSLCertificateChainFile: "{{wildcard_int_file}}"}} + SSLCertificateChainFile: "{{wildcard_int_file}}" - {role: httpd/website, vars: {name: torrent.fedoraproject.org, cert_name: "{{wildcard_cert_name}}", sslonly: true}}