Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Merge branch 'master' of /git/ansible

Browse source
This commit is contained in:
Stephen Smoogen 2015-02-20 18:13:06 +00:00
commit c25931d38e
93 changed files with 1220 additions and 161 deletions
Download patch file Download diff file Expand all files Collapse all files

7
files/fedora-cloud/hosts
View file

@ -10,8 +10,13 @@
# compute1 # compute1
{{ compute1_private_ip }} fed-cloud10.cloud.fedoraproject.org {{ compute1_private_ip }} fed-cloud10.cloud.fedoraproject.org
{{ compute2_private_ip }} fed-cloud11.cloud.fedoraproject.org
{{ compute3_private_ip }} fed-cloud12.cloud.fedoraproject.org
{{ compute4_private_ip }} fed-cloud13.cloud.fedoraproject.org
{{ compute5_private_ip }} fed-cloud14.cloud.fedoraproject.org
{{ compute6_private_ip }} fed-cloud15.cloud.fedoraproject.org
# #
# This is needed for 2fa to work correctly. # This is needed for 2fa to work correctly.
# #
209.132.181.6 infrastructure infrastructure.fedoraproject.org
209.132.181.32 fas-all.phx2.fedoraproject.org 209.132.181.32 fas-all.phx2.fedoraproject.org

2
inventory/backups
View file

@ -11,7 +11,7 @@ hosted04.fedoraproject.org
hosted-lists01.fedoraproject.org hosted-lists01.fedoraproject.org
lockbox01.phx2.fedoraproject.org lockbox01.phx2.fedoraproject.org
people03.fedoraproject.org people03.fedoraproject.org
pkgs01.phx2.fedoraproject.org pkgs02.phx2.fedoraproject.org
log01.phx2.fedoraproject.org log01.phx2.fedoraproject.org
qadevel.cloud.fedoraproject.org qadevel.cloud.fedoraproject.org
db-qa01.qa.fedoraproject.org db-qa01.qa.fedoraproject.org

2
inventory/group_vars/proxies
View file

@ -54,7 +54,7 @@ custom_rules: [
'-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.181.31 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.181.31 -j ACCEPT',
] ]
fas_client_groups: sysadmin-noc fas_client_groups: sysadmin-noc,fi-apprentice
# For the MOTD # For the MOTD
csi_security_category: Moderate csi_security_category: Moderate

2
inventory/group_vars/proxies-stg
View file

@ -53,7 +53,7 @@ custom_rules: [
'-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.181.31 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.181.31 -j ACCEPT',
] ]
fas_client_groups: sysadmin-noc fas_client_groups: sysadmin-noc,fi-apprentice
# For the MOTD # For the MOTD
csi_security_category: Moderate csi_security_category: Moderate

2
inventory/host_vars/arm01-releng00.arm.fedoraproject.org
View file

@ -3,3 +3,5 @@
# These are 32bit # These are 32bit
# #
libdir: /usr/lib libdir: /usr/lib
nfs_mount_opts: rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3

4
inventory/host_vars/compose-x86-01.phx2.fedoraproject.org
View file

@ -32,7 +32,7 @@ datacenter: phx2
fas_client_groups: sysadmin-noc,sysadmin-releng fas_client_groups: sysadmin-noc,sysadmin-releng
kojipkgs_url: koji.stg.fedoraproject.org kojipkgs_url: kojipkgs.fedoraproject.org
kojihub_url: koji.stg.fedoraproject.org/kojihub kojihub_url: koji.fedoraproject.org/kojihub
nfs_mount_opts: rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3 nfs_mount_opts: rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3

14
inventory/host_vars/fas01.phx2.fedoraproject.org Normal file
View file

@ -0,0 +1,14 @@
---
nm: 255.255.255.0
gw: 10.5.126.254
dns: 10.5.126.21
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6
ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/
volgroup: /dev/vg_guests00
eth0_ip: 10.5.126.25
vmhost: virthost15.phx2.fedoraproject.org
datacenter: phx2
# This is not the master production fas node, it doesn't do certs
master_fas_node: True
gen_cert: False

4
inventory/host_vars/pkgs01.phx2.fedoraproject.org
View file

@ -1,4 +0,0 @@
---
nm: 255.255.255.0
eth1_ip: 10.5.127.67
host_backup_targets: ['/srv']

2
inventory/host_vars/pkgs02.phx2.fedoraproject.org
View file

@ -23,3 +23,5 @@ virt_install_command: virt-install -n {{ inventory_hostname }} -r {{ mem_size }}
ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname }}-nfs:eth1:none" ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname }}-nfs:eth1:none"
--network=bridge=br0,model=virtio --network=bridge=br1,model=virtio --network=bridge=br0,model=virtio --network=bridge=br1,model=virtio
--autostart --noautoconsole --autostart --noautoconsole
host_backup_targets: ['/srv']

18
inventory/host_vars/proxy01.phx2.fedoraproject.org Normal file
View file

@ -0,0 +1,18 @@
---
nm: 255.255.255.0
gw: 10.5.126.254
dns: 10.5.126.21
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
vmhost: virthost05.phx2.fedoraproject.org
volgroup: /dev/vg_guests00
eth0_ip: 10.5.126.52
# This is consumed by the roles/fedora-web/main role
sponsor: redhat
nrpe_procs_warn: 900
nrpe_procs_crit: 1000

4
inventory/inventory
View file

@ -387,7 +387,6 @@ pkgdb02.phx2.fedoraproject.org
pkgdb01.stg.phx2.fedoraproject.org pkgdb01.stg.phx2.fedoraproject.org
[pkgs] [pkgs]
pkgs01.phx2.fedoraproject.org
pkgs02.phx2.fedoraproject.org pkgs02.phx2.fedoraproject.org
[pkgs-stg] [pkgs-stg]
@ -618,7 +617,7 @@ busgateway01.phx2.fedoraproject.org
fedimg01.phx2.fedoraproject.org fedimg01.phx2.fedoraproject.org
hotness01.phx2.fedoraproject.org hotness01.phx2.fedoraproject.org
notifs-backend01.phx2.fedoraproject.org notifs-backend01.phx2.fedoraproject.org
pkgs01.phx2.fedoraproject.org pkgs02.phx2.fedoraproject.org
summershum01.phx2.fedoraproject.org summershum01.phx2.fedoraproject.org
[fedmsg-hubs-stg] [fedmsg-hubs-stg]
@ -653,6 +652,7 @@ proxy06.fedoraproject.org
proxy07.fedoraproject.org proxy07.fedoraproject.org
proxy08.fedoraproject.org proxy08.fedoraproject.org
proxy09.fedoraproject.org proxy09.fedoraproject.org
proxy10.phx2.fedoraproject.org
[fedmsg-gateways-stg] [fedmsg-gateways-stg]
busgateway01.stg.phx2.fedoraproject.org busgateway01.stg.phx2.fedoraproject.org

2
playbooks/groups/datagrepper.yml
View file

@ -64,7 +64,7 @@
- datagrepper - datagrepper
- role: collectd/web-service - role: collectd/web-service
site: datagrepper site: datagrepper
url: "http://localhost/datagrepper/raw" url: "http://localhost/datagrepper/raw?delta=86400"
interval: 15 interval: 15
handlers: handlers:

4
playbooks/groups/fas.yml
View file

@ -3,7 +3,7 @@
# #
- name: make fas server - name: make fas server
hosts: fas-stg:fas02.phx2.fedoraproject.org:fas03.phx2.fedoraproject.org hosts: fas-stg:fas
user: root user: root
gather_facts: False gather_facts: False
accelerate: "{{ accelerated }}" accelerate: "{{ accelerated }}"
@ -20,7 +20,7 @@
- include: "{{ handlers }}/restart_services.yml" - include: "{{ handlers }}/restart_services.yml"
- name: make the box be real - name: make the box be real
hosts: fas-stg:fas02.phx2.fedoraproject.org:fas03.phx2.fedoraproject.org hosts: fas-stg:fas
user: root user: root
gather_facts: True gather_facts: True
accelerate: "{{ accelerated }}" accelerate: "{{ accelerated }}"

6
playbooks/groups/proxies.yml
View file

@ -1,7 +1,7 @@
# create a new proxy server # create a new proxy server
- name: make new proxy server - name: make new proxy server
hosts: proxies-stg:proxy03.fedoraproject.org:proxy04.fedoraproject.org:proxy06.fedoraproject.org:proxy08.fedoraproject.org:proxy09.fedoraproject.org:proxy10.phx2.fedoraproject.org hosts: proxies-stg:proxies:!proxy02.fedoraproject.org:!proxy07.fedoraproject.org
user: root user: root
gather_facts: False gather_facts: False
@ -17,7 +17,7 @@
- include: "{{ handlers }}/restart_services.yml" - include: "{{ handlers }}/restart_services.yml"
- name: make the box be real - name: make the box be real
hosts: proxies-stg:proxy03.fedoraproject.org:proxy04.fedoraproject.org:proxy06.fedoraproject.org:proxy08.fedoraproject.org:proxy09.fedoraproject.org:proxy10.phx2.fedoraproject.org hosts: proxies-stg:proxies:!proxy02.fedoraproject.org:!proxy07.fedoraproject.org
user: root user: root
gather_facts: True gather_facts: True
@ -73,7 +73,7 @@
- name: Set up the proxy basics - name: Set up the proxy basics
hosts: proxies-stg:proxy03.fedoraproject.org:proxy04.fedoraproject.org:proxy06.fedoraproject.org:proxy08.fedoraproject.org:proxy09.fedoraproject.org:proxy10.phx2.fedoraproject.org hosts: proxies-stg:proxies:!proxy02.fedoraproject.org:!proxy07.fedoraproject.org
user: root user: root
gather_facts: False gather_facts: False

20
playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml
View file

@ -254,55 +254,55 @@
register: SERVICE_ID register: SERVICE_ID
- shell: source /root/keystonerc_admin && keystone endpoint-list | grep {{SERVICE_ID.stdout}} | awk '{print $2}' - shell: source /root/keystonerc_admin && keystone endpoint-list | grep {{SERVICE_ID.stdout}} | awk '{print $2}'
register: ENDPOINT_ID register: ENDPOINT_ID
- shell: source /root/keystonerc_admin && keystone endpoint-list |grep {{SERVICE_ID.stdout}} |grep -v {{ controller_private_ip }} && (keystone endpoint-delete {{ENDPOINT_ID.stdout}} && keystone endpoint-create --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl 'http://{{controller_public_ip}}:8777' --adminurl 'http://{{controller_private_ip}}:8777' --internalurl 'http://{{controller_private_ip}}:8777' ) || true - shell: source /root/keystonerc_admin && keystone endpoint-list |grep {{SERVICE_ID.stdout}} |grep -v fed-cloud09.cloud.fedoraproject.org && (keystone endpoint-delete {{ENDPOINT_ID.stdout}} && keystone endpoint-create --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl 'http://fed-cloud09.cloud.fedoraproject.org:8777' --adminurl 'http://fed-cloud09.cloud.fedoraproject.org:8777' --internalurl 'http://fed-cloud09.cloud.fedoraproject.org:8777' ) || true
# cinder # cinder
- shell: source /root/keystonerc_admin && keystone service-list | grep 'cinder ' | awk '{print $2}' - shell: source /root/keystonerc_admin && keystone service-list | grep 'cinder ' | awk '{print $2}'
register: SERVICE_ID register: SERVICE_ID
- shell: source /root/keystonerc_admin && keystone endpoint-list | grep {{SERVICE_ID.stdout}} | awk '{print $2}' - shell: source /root/keystonerc_admin && keystone endpoint-list | grep {{SERVICE_ID.stdout}} | awk '{print $2}'
register: ENDPOINT_ID register: ENDPOINT_ID
- shell: source /root/keystonerc_admin && keystone endpoint-list |grep {{SERVICE_ID.stdout}} |grep -v {{ controller_private_ip }} && (keystone endpoint-delete {{ENDPOINT_ID.stdout}} && keystone endpoint-create --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl 'http://{{controller_public_ip}}:8776/v1/%(tenant_id)s' --adminurl 'http://{{controller_private_ip}}:8776/v1/%(tenant_id)s' --internalurl 'http://{{controller_private_ip}}:8776/v1/%(tenant_id)s' ) || true - shell: source /root/keystonerc_admin && keystone endpoint-list |grep {{SERVICE_ID.stdout}} |grep -v fed-cloud09.cloud.fedoraproject.org && (keystone endpoint-delete {{ENDPOINT_ID.stdout}} && keystone endpoint-create --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl 'http://fed-cloud09.cloud.fedoraproject.org:8776/v1/%(tenant_id)s' --adminurl 'http://fed-cloud09.cloud.fedoraproject.org:8776/v1/%(tenant_id)s' --internalurl 'http://fed-cloud09.cloud.fedoraproject.org:8776/v1/%(tenant_id)s' ) || true
# cinderv2 # cinderv2
- shell: source /root/keystonerc_admin && keystone service-list | grep 'cinderv2' | awk '{print $2}' - shell: source /root/keystonerc_admin && keystone service-list | grep 'cinderv2' | awk '{print $2}'
register: SERVICE_ID register: SERVICE_ID
- shell: source /root/keystonerc_admin && keystone endpoint-list | grep {{SERVICE_ID.stdout}} | awk '{print $2}' - shell: source /root/keystonerc_admin && keystone endpoint-list | grep {{SERVICE_ID.stdout}} | awk '{print $2}'
register: ENDPOINT_ID register: ENDPOINT_ID
- shell: source /root/keystonerc_admin && keystone endpoint-list |grep {{SERVICE_ID.stdout}} |grep -v {{ controller_private_ip }} && (keystone endpoint-delete {{ENDPOINT_ID.stdout}} && keystone endpoint-create --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl 'http://{{controller_public_ip}}:8776/v2/%(tenant_id)s' --adminurl 'http://{{controller_private_ip}}:8776/v2/%(tenant_id)s' --internalurl 'http://{{controller_private_ip}}:8776/v2/%(tenant_id)s' ) || true - shell: source /root/keystonerc_admin && keystone endpoint-list |grep {{SERVICE_ID.stdout}} |grep -v fed-cloud09.cloud.fedoraproject.org && (keystone endpoint-delete {{ENDPOINT_ID.stdout}} && keystone endpoint-create --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl 'http://fed-cloud09.cloud.fedoraproject.org:8776/v2/%(tenant_id)s' --adminurl 'http://fed-cloud09.cloud.fedoraproject.org:8776/v2/%(tenant_id)s' --internalurl 'http://fed-cloud09.cloud.fedoraproject.org:8776/v2/%(tenant_id)s' ) || true
# glance # glance
- shell: source /root/keystonerc_admin && keystone service-list | grep 'glance' | awk '{print $2}' - shell: source /root/keystonerc_admin && keystone service-list | grep 'glance' | awk '{print $2}'
register: SERVICE_ID register: SERVICE_ID
- shell: source /root/keystonerc_admin && keystone endpoint-list | grep {{SERVICE_ID.stdout}} | awk '{print $2}' - shell: source /root/keystonerc_admin && keystone endpoint-list | grep {{SERVICE_ID.stdout}} | awk '{print $2}'
register: ENDPOINT_ID register: ENDPOINT_ID
- shell: source /root/keystonerc_admin && keystone endpoint-list |grep {{SERVICE_ID.stdout}} |grep -v {{ controller_private_ip }} && (keystone endpoint-delete {{ENDPOINT_ID.stdout}} && keystone endpoint-create --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl 'http://{{controller_public_ip}}:9292' --adminurl 'http://{{controller_private_ip}}:9292' --internalurl 'http://{{controller_private_ip}}:9292' ) || true - shell: source /root/keystonerc_admin && keystone endpoint-list |grep {{SERVICE_ID.stdout}} |grep -v fed-cloud09.cloud.fedoraproject.org && (keystone endpoint-delete {{ENDPOINT_ID.stdout}} && keystone endpoint-create --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl 'http://fed-cloud09.cloud.fedoraproject.org:9292' --adminurl 'http://fed-cloud09.cloud.fedoraproject.org:9292' --internalurl 'http://fed-cloud09.cloud.fedoraproject.org:9292' ) || true
# keystone --- !!!!! we need to use ADMIN_TOKEN here # keystone --- !!!!! we need to use ADMIN_TOKEN here
- shell: source /root/keystonerc_admin && keystone service-list | grep 'keystone' | awk '{print $2}' - shell: source /root/keystonerc_admin && keystone service-list | grep 'keystone' | awk '{print $2}'
register: SERVICE_ID register: SERVICE_ID
- shell: source /root/keystonerc_admin && keystone endpoint-list | grep {{SERVICE_ID.stdout}} | awk '{print $2}' - shell: source /root/keystonerc_admin && keystone endpoint-list | grep {{SERVICE_ID.stdout}} | awk '{print $2}'
register: ENDPOINT_ID register: ENDPOINT_ID
- shell: source /root/keystonerc_admin && keystone endpoint-list |grep {{SERVICE_ID.stdout}} |grep -v {{ controller_private_ip }} && (keystone endpoint-delete {{ENDPOINT_ID.stdout}} && keystone --os-token '{{ADMIN_TOKEN}}' --os-endpoint 'http://{{controller_private_ip}}:35357/v2.0' endpoint-create --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl 'http://{{controller_public_ip}}:5000/v2.0' --adminurl 'http://{{controller_private_ip}}:35357/v2.0' --internalurl 'http://{{controller_private_ip}}:5000/v2.0' ) || true - shell: source /root/keystonerc_admin && keystone endpoint-list |grep {{SERVICE_ID.stdout}} |grep -v fed-cloud09.cloud.fedoraproject.org && (keystone endpoint-delete {{ENDPOINT_ID.stdout}} && keystone --os-token '{{ADMIN_TOKEN}}' --os-endpoint 'http://fed-cloud09.cloud.fedoraproject.org:35357/v2.0' endpoint-create --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl 'http://fed-cloud09.cloud.fedoraproject.org:5000/v2.0' --adminurl 'http://fed-cloud09.cloud.fedoraproject.org:35357/v2.0' --internalurl 'http://fed-cloud09.cloud.fedoraproject.org:5000/v2.0' ) || true
# neutron # neutron
- shell: source /root/keystonerc_admin && keystone service-list | grep 'neutron' | awk '{print $2}' - shell: source /root/keystonerc_admin && keystone service-list | grep 'neutron' | awk '{print $2}'
register: SERVICE_ID register: SERVICE_ID
- shell: source /root/keystonerc_admin && keystone endpoint-list | grep {{SERVICE_ID.stdout}} | awk '{print $2}' - shell: source /root/keystonerc_admin && keystone endpoint-list | grep {{SERVICE_ID.stdout}} | awk '{print $2}'
register: ENDPOINT_ID register: ENDPOINT_ID
- shell: source /root/keystonerc_admin && keystone endpoint-list |grep {{SERVICE_ID.stdout}} |grep -v {{ controller_private_ip }} && (keystone endpoint-delete {{ENDPOINT_ID.stdout}} && keystone endpoint-create --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl 'http://{{controller_public_ip}}:9696/' --adminurl 'http://{{controller_private_ip}}:9696/' --internalurl 'http://{{controller_private_ip}}:9696/' ) || true - shell: source /root/keystonerc_admin && keystone endpoint-list |grep {{SERVICE_ID.stdout}} |grep -v fed-cloud09.cloud.fedoraproject.org && (keystone endpoint-delete {{ENDPOINT_ID.stdout}} && keystone endpoint-create --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl 'http://fed-cloud09.cloud.fedoraproject.org:9696/' --adminurl 'http://fed-cloud09.cloud.fedoraproject.org:9696/' --internalurl 'http://fed-cloud09.cloud.fedoraproject.org:9696/' ) || true
# nova # nova
- shell: source /root/keystonerc_admin && keystone service-list | grep 'nova ' | awk '{print $2}' - shell: source /root/keystonerc_admin && keystone service-list | grep 'nova ' | awk '{print $2}'
register: SERVICE_ID register: SERVICE_ID
- shell: source /root/keystonerc_admin && keystone endpoint-list | grep {{SERVICE_ID.stdout}} | awk '{print $2}' - shell: source /root/keystonerc_admin && keystone endpoint-list | grep {{SERVICE_ID.stdout}} | awk '{print $2}'
register: ENDPOINT_ID register: ENDPOINT_ID
- shell: source /root/keystonerc_admin && keystone endpoint-list |grep {{SERVICE_ID.stdout}} |grep -v {{ controller_private_ip }} && (keystone endpoint-delete {{ENDPOINT_ID.stdout}} && keystone endpoint-create --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl 'http://{{controller_public_ip}}:8774/v2/%(tenant_id)s' --adminurl 'http://{{controller_private_ip}}:8774/v2/%(tenant_id)s' --internalurl 'http://{{controller_private_ip}}:8774/v2/%(tenant_id)s' ) || true - shell: source /root/keystonerc_admin && keystone endpoint-list |grep {{SERVICE_ID.stdout}} |grep -v fed-cloud09.cloud.fedoraproject.org && (keystone endpoint-delete {{ENDPOINT_ID.stdout}} && keystone endpoint-create --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl 'http://fed-cloud09.cloud.fedoraproject.org:8774/v2/%(tenant_id)s' --adminurl 'http://fed-cloud09.cloud.fedoraproject.org:8774/v2/%(tenant_id)s' --internalurl 'http://fed-cloud09.cloud.fedoraproject.org:8774/v2/%(tenant_id)s' ) || true
# nova_ec2 # nova_ec2
- shell: source /root/keystonerc_admin && keystone service-list | grep 'nova_ec2' | awk '{print $2}' - shell: source /root/keystonerc_admin && keystone service-list | grep 'nova_ec2' | awk '{print $2}'
register: SERVICE_ID register: SERVICE_ID
- shell: source /root/keystonerc_admin && keystone endpoint-list | grep {{SERVICE_ID.stdout}} | awk '{print $2}' - shell: source /root/keystonerc_admin && keystone endpoint-list | grep {{SERVICE_ID.stdout}} | awk '{print $2}'
register: ENDPOINT_ID register: ENDPOINT_ID
- shell: source /root/keystonerc_admin && keystone endpoint-list |grep {{SERVICE_ID.stdout}} |grep -v {{ controller_private_ip }} && (keystone endpoint-delete {{ENDPOINT_ID.stdout}} && keystone endpoint-create --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl 'http://{{controller_public_ip}}:8773/services/Cloud' --adminurl 'http://{{controller_private_ip}}:8773/services/Admin' --internalurl 'http://{{controller_private_ip}}:8773/services/Cloud' ) || true - shell: source /root/keystonerc_admin && keystone endpoint-list |grep {{SERVICE_ID.stdout}} |grep -v fed-cloud09.cloud.fedoraproject.org && (keystone endpoint-delete {{ENDPOINT_ID.stdout}} && keystone endpoint-create --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl 'http://fed-cloud09.cloud.fedoraproject.org:8773/services/Cloud' --adminurl 'http://fed-cloud09.cloud.fedoraproject.org:8773/services/Admin' --internalurl 'http://fed-cloud09.cloud.fedoraproject.org:8773/services/Cloud' ) || true
# novav3 # novav3
- shell: source /root/keystonerc_admin && keystone service-list | grep 'novav3' | awk '{print $2}' - shell: source /root/keystonerc_admin && keystone service-list | grep 'novav3' | awk '{print $2}'
register: SERVICE_ID register: SERVICE_ID
- shell: source /root/keystonerc_admin && keystone endpoint-list | grep {{SERVICE_ID.stdout}} | awk '{print $2}' - shell: source /root/keystonerc_admin && keystone endpoint-list | grep {{SERVICE_ID.stdout}} | awk '{print $2}'
register: ENDPOINT_ID register: ENDPOINT_ID
- shell: source /root/keystonerc_admin && keystone endpoint-list |grep {{SERVICE_ID.stdout}} |grep -v {{ controller_private_ip }} && (keystone endpoint-delete {{ENDPOINT_ID.stdout}} && keystone endpoint-create --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl 'http://{{controller_public_ip}}:8774/v3' --adminurl 'http://{{controller_private_ip}}:8774/v3' --internalurl 'http://{{controller_private_ip}}:8774/v3' ) || true - shell: source /root/keystonerc_admin && keystone endpoint-list |grep {{SERVICE_ID.stdout}} |grep -v fed-cloud09.cloud.fedoraproject.org && (keystone endpoint-delete {{ENDPOINT_ID.stdout}} && keystone endpoint-create --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl 'http://fed-cloud09.cloud.fedoraproject.org:8774/v3' --adminurl 'http://fed-cloud09.cloud.fedoraproject.org:8774/v3' --internalurl 'http://fed-cloud09.cloud.fedoraproject.org:8774/v3' ) || true
# swift - it actually only listen on public port! # swift - it actually only listen on public port!
#- shell: source /root/keystonerc_admin && keystone service-list | grep 'swift ' | awk '{print $2}' #- shell: source /root/keystonerc_admin && keystone service-list | grep 'swift ' | awk '{print $2}'
# register: SERVICE_ID # register: SERVICE_ID
@ -314,7 +314,7 @@
register: SERVICE_ID register: SERVICE_ID
- shell: source /root/keystonerc_admin && keystone endpoint-list | grep {{SERVICE_ID.stdout}} | awk '{print $2}' - shell: source /root/keystonerc_admin && keystone endpoint-list | grep {{SERVICE_ID.stdout}} | awk '{print $2}'
register: ENDPOINT_ID register: ENDPOINT_ID
- shell: source /root/keystonerc_admin && keystone endpoint-list |grep {{SERVICE_ID.stdout}} |grep -v {{ controller_private_ip }} && (keystone endpoint-delete {{ENDPOINT_ID.stdout}} && keystone endpoint-create --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl 'http://{{controller_public_ip}}:8080' --adminurl 'http://{{controller_private_ip}}:8080' --internalurl 'http://{{controller_private_ip}}:8080' ) || true - shell: source /root/keystonerc_admin && keystone endpoint-list |grep {{SERVICE_ID.stdout}} |grep -v fed-cloud09.cloud.fedoraproject.org && (keystone endpoint-delete {{ENDPOINT_ID.stdout}} && keystone endpoint-create --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl 'http://fed-cloud09.cloud.fedoraproject.org:8080' --adminurl 'http://fed-cloud09.cloud.fedoraproject.org:8080' --internalurl 'http://fed-cloud09.cloud.fedoraproject.org:8080' ) || true
# configure cider with multi back-end # configure cider with multi back-end
# https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/5/html/Cloud_Administrator_Guide/section_manage-volumes.html # https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/5/html/Cloud_Administrator_Guide/section_manage-volumes.html

2
playbooks/include/proxies-certificates.yml
View file

@ -1,5 +1,5 @@
- name: Set up those proxy certificates. Good gravy.. - name: Set up those proxy certificates. Good gravy..
hosts: proxies-stg:proxy03.fedoraproject.org:proxy04.fedoraproject.org:proxy06.fedoraproject.org:proxy08.fedoraproject.org:proxy09.fedoraproject.org:proxy10.phx2.fedoraproject.org hosts: proxies-stg:proxies:!proxy02.fedoraproject.org:!proxy07.fedoraproject.org
user: root user: root
gather_facts: True gather_facts: True

2
playbooks/include/proxies-fedora-web.yml
View file

@ -1,5 +1,5 @@
- name: Set up all that fedora-web goodness. What a wonder! - name: Set up all that fedora-web goodness. What a wonder!
hosts: proxies-stg:proxy03.fedoraproject.org:proxy04.fedoraproject.org:proxy06.fedoraproject.org:proxy08.fedoraproject.org:proxy09.fedoraproject.org:proxy10.phx2.fedoraproject.org hosts: proxies-stg:proxies:!proxy02.fedoraproject.org:!proxy07.fedoraproject.org
user: root user: root
gather_facts: True gather_facts: True

2
playbooks/include/proxies-haproxy.yml
View file

@ -1,5 +1,5 @@
- name: Set up all the haproxy stuff. - name: Set up all the haproxy stuff.
hosts: proxies-stg:proxy03.fedoraproject.org:proxy04.fedoraproject.org:proxy06.fedoraproject.org:proxy08.fedoraproject.org:proxy09.fedoraproject.org:proxy10.phx2.fedoraproject.org hosts: proxies-stg:proxies:!proxy02.fedoraproject.org:!proxy07.fedoraproject.org
user: root user: root
gather_facts: True gather_facts: True

2
playbooks/include/proxies-miscellaneous.yml
View file

@ -1,5 +1,5 @@
- name: Set up all the other proxy stuff -- miscellaneous - name: Set up all the other proxy stuff -- miscellaneous
hosts: proxies-stg:proxy03.fedoraproject.org:proxy04.fedoraproject.org:proxy06.fedoraproject.org:proxy08.fedoraproject.org:proxy09.fedoraproject.org:proxy10.phx2.fedoraproject.org hosts: proxies-stg:proxies:!proxy02.fedoraproject.org:!proxy07.fedoraproject.org
user: root user: root
gather_facts: True gather_facts: True

2
playbooks/include/proxies-redirects.yml
View file

@ -1,5 +1,5 @@
- name: Set up those proxy redirects. Wow! - name: Set up those proxy redirects. Wow!
hosts: proxies-stg:proxy03.fedoraproject.org:proxy04.fedoraproject.org:proxy06.fedoraproject.org:proxy08.fedoraproject.org:proxy09.fedoraproject.org:proxy10.phx2.fedoraproject.org hosts: proxies-stg:proxies:!proxy02.fedoraproject.org:!proxy07.fedoraproject.org
user: root user: root
gather_facts: True gather_facts: True

2
playbooks/include/proxies-reverseproxy.yml
View file

@ -1,5 +1,5 @@
- name: Set up those ProxyPassReverse statements. Somebody get me a cup of coffee.. - name: Set up those ProxyPassReverse statements. Somebody get me a cup of coffee..
hosts: proxies-stg:proxy03.fedoraproject.org:proxy04.fedoraproject.org:proxy06.fedoraproject.org:proxy08.fedoraproject.org:proxy09.fedoraproject.org:proxy10.phx2.fedoraproject.org hosts: proxies-stg:proxies:!proxy02.fedoraproject.org:!proxy07.fedoraproject.org
user: root user: root
gather_facts: True gather_facts: True

2
playbooks/include/proxies-rewrites.yml
View file

@ -1,5 +1,5 @@
- name: Set up some domain rewrites. - name: Set up some domain rewrites.
hosts: proxies-stg:proxy03.fedoraproject.org:proxy04.fedoraproject.org:proxy06.fedoraproject.org:proxy08.fedoraproject.org:proxy09.fedoraproject.org:proxy10.phx2.fedoraproject.org hosts: proxies-stg:proxies:!proxy02.fedoraproject.org:!proxy07.fedoraproject.org
user: root user: root
gather_facts: True gather_facts: True

13
playbooks/include/proxies-websites.yml
View file

@ -1,5 +1,5 @@
- name: Set up those proxy websites. My, my.. - name: Set up those proxy websites. My, my..
hosts: proxies-stg:proxy03.fedoraproject.org:proxy04.fedoraproject.org:proxy06.fedoraproject.org:proxy08.fedoraproject.org:proxy09.fedoraproject.org:proxy10.phx2.fedoraproject.org hosts: proxies-stg:proxies:!proxy02.fedoraproject.org:!proxy07.fedoraproject.org
user: root user: root
gather_facts: True gather_facts: True
@ -25,6 +25,7 @@
- "[2610:28:3090:3001:dead:beef:cafe:fed3]" - "[2610:28:3090:3001:dead:beef:cafe:fed3]"
- "213.175.193.205" - "213.175.193.205"
- "[2001:2030:0:2::2]" - "[2001:2030:0:2::2]"
- "10.5.126.51"
- "10.5.126.52" - "10.5.126.52"
- "85.236.55.6" - "85.236.55.6"
- "[2001:4178:2:1269::fed2]" - "[2001:4178:2:1269::fed2]"
@ -41,6 +42,7 @@
- "10.5.126.88" - "10.5.126.88"
# Production # Production
- "10.5.126.51"
- "10.5.126.52" - "10.5.126.52"
- "85.236.55.6" - "85.236.55.6"
- "[2001:4178:2:1269::fed2]" - "[2001:4178:2:1269::fed2]"
@ -216,14 +218,6 @@
ips: "{{wildcard_fpo_ips}}" ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}" cert_name: "{{wildcard_cert_name}}"
- role: httpd/website
name: fas.fedoraproject.org
server_aliases:
- fas.stg.fedoraproject.org
- accounts.fedoraproject.org
ips: "{{wildcard_fpo_ips}}"
cert_name: "{{wildcard_cert_name}}"
- role: httpd/website - role: httpd/website
name: fedoracommunity.org name: fedoracommunity.org
server_aliases: server_aliases:
@ -413,6 +407,7 @@
name: id.fedoraproject.org name: id.fedoraproject.org
server_aliases: server_aliases:
- "*.id.fedoraproject.org" - "*.id.fedoraproject.org"
sslonly: true
ips: "{{wildcard_fpo_ips}}" ips: "{{wildcard_fpo_ips}}"
cert_name: wildcard-2014.id.fedoraproject.org cert_name: wildcard-2014.id.fedoraproject.org
SSLCertificateChainFile: wildcard-2014.id.fedoraproject.org.intermediate.cert SSLCertificateChainFile: wildcard-2014.id.fedoraproject.org.intermediate.cert

685
roles/base/files/postfix/main.cf/main.cf.koschei.cloud.fedoraproject.org Normal file
View file

@ -0,0 +1,685 @@
# "false"
# Global Postfix configuration file. This file lists only a subset
# of all parameters. For the syntax, and for a complete parameter
# list, see the postconf(5) manual page (command: "man 5 postconf").
#
# For common configuration examples, see BASIC_CONFIGURATION_README
# and STANDARD_CONFIGURATION_README. To find these documents, use
# the command "postconf html_directory readme_directory", or go to
# http://www.postfix.org/.
#
# For best results, change no more than 2-3 parameters at a time,
# and test if Postfix still works after every change.
# SOFT BOUNCE
#
# The soft_bounce parameter provides a limited safety net for
# testing. When soft_bounce is enabled, mail will remain queued that
# would otherwise bounce. This parameter disables locally-generated
# bounces, and prevents the SMTP server from rejecting mail permanently
# (by changing 5xx replies into 4xx replies). However, soft_bounce
# is no cure for address rewriting mistakes or mail routing mistakes.
#
#soft_bounce = no
# LOCAL PATHNAME INFORMATION
#
# The queue_directory specifies the location of the Postfix queue.
# This is also the root directory of Postfix daemons that run chrooted.
# See the files in examples/chroot-setup for setting up Postfix chroot
# environments on different UNIX systems.
#
queue_directory = /var/spool/postfix
# The command_directory parameter specifies the location of all
# postXXX commands.
#
command_directory = /usr/sbin
# The daemon_directory parameter specifies the location of all Postfix
# daemon programs (i.e. programs listed in the master.cf file). This
# directory must be owned by root.
#
daemon_directory = /usr/libexec/postfix
# QUEUE AND PROCESS OWNERSHIP
#
# The mail_owner parameter specifies the owner of the Postfix queue
# and of most Postfix daemon processes. Specify the name of a user
# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In
# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
# USER.
#
mail_owner = postfix
# The default_privs parameter specifies the default rights used by
# the local delivery agent for delivery to external file or command.
# These rights are used in the absence of a recipient user context.
# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
#
#default_privs = nobody
# INTERNET HOST AND DOMAIN NAMES
#
# The myhostname parameter specifies the internet hostname of this
# mail system. The default is to use the fully-qualified domain name
# from gethostname(). $myhostname is used as a default value for many
# other configuration parameters.
#
#myhostname = host.domain.tld
#myhostname = virtual.domain.tld
# The mydomain parameter specifies the local internet domain name.
# The default is to use $myhostname minus the first component.
# $mydomain is used as a default value for many other configuration
# parameters.
#
#mydomain = domain.tld
# SENDING MAIL
#
# The myorigin parameter specifies the domain that locally-posted
# mail appears to come from. The default is to append $myhostname,
# which is fine for small sites. If you run a domain with multiple
# machines, you should (1) change this to $mydomain and (2) set up
# a domain-wide alias database that aliases each user to
# user@that.users.mailhost.
#
# For the sake of consistency between sender and recipient addresses,
# myorigin also specifies the default domain name that is appended
# to recipient addresses that have no @domain part.
#
#myorigin = $myhostname
#myorigin = $mydomain
mydomain = fedoraproject.org
myorigin = fedoraproject.org
# RECEIVING MAIL
# The inet_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on. By default,
# the software claims all active interfaces on the machine. The
# parameter also controls delivery of mail to user@[ip.address].
#
# See also the proxy_interfaces parameter, for network addresses that
# are forwarded to us via a proxy or network address translator.
#
# Note: you need to stop/start Postfix when this parameter changes.
#
#inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
inet_interfaces = all
# The proxy_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on by way of a
# proxy or network address translation unit. This setting extends
# the address list specified with the inet_interfaces parameter.
#
# You must specify your proxy/NAT addresses when your system is a
# backup MX host for other domains, otherwise mail delivery loops
# will happen when the primary MX host is down.
#
#proxy_interfaces =
#proxy_interfaces = 1.2.3.4
# The mydestination parameter specifies the list of domains that this
# machine considers itself the final destination for.
#
# These domains are routed to the delivery agent specified with the
# local_transport parameter setting. By default, that is the UNIX
# compatible delivery agent that lookups all recipients in /etc/passwd
# and /etc/aliases or their equivalent.
#
# The default is $myhostname + localhost.$mydomain. On a mail domain
# gateway, you should also include $mydomain.
#
# Do not specify the names of virtual domains - those domains are
# specified elsewhere (see VIRTUAL_README).
#
# Do not specify the names of domains that this machine is backup MX
# host for. Specify those names via the relay_domains settings for
# the SMTP server, or use permit_mx_backup if you are lazy (see
# STANDARD_CONFIGURATION_README).
#
# The local machine is always the final destination for mail addressed
# to user@[the.net.work.address] of an interface that the mail system
# receives mail on (see the inet_interfaces parameter).
#
# Specify a list of host or domain names, /file/name or type:table
# patterns, separated by commas and/or whitespace. A /file/name
# pattern is replaced by its contents; a type:table is matched when
# a name matches a lookup key (the right-hand side is ignored).
# Continue long lines by starting the next line with whitespace.
#
# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
#
mydestination = $myhostname, localhost.$mydomain, fedora.redhat.com, localhost
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
# mail.$mydomain, www.$mydomain, ftp.$mydomain
# REJECTING MAIL FOR UNKNOWN LOCAL USERS
#
# The local_recipient_maps parameter specifies optional lookup tables
# with all names or addresses of users that are local with respect
# to $mydestination, $inet_interfaces or $proxy_interfaces.
#
# If this parameter is defined, then the SMTP server will reject
# mail for unknown local users. This parameter is defined by default.
#
# To turn off local recipient checking in the SMTP server, specify
# local_recipient_maps = (i.e. empty).
#
# The default setting assumes that you use the default Postfix local
# delivery agent for local delivery. You need to update the
# local_recipient_maps setting if:
#
# - You define $mydestination domain recipients in files other than
# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
# For example, you define $mydestination domain recipients in
# the $virtual_mailbox_maps files.
#
# - You redefine the local delivery agent in master.cf.
#
# - You redefine the "local_transport" setting in main.cf.
#
# - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
# feature of the Postfix local delivery agent (see local(8)).
#
# Details are described in the LOCAL_RECIPIENT_README file.
#
# Beware: if the Postfix SMTP server runs chrooted, you probably have
# to access the passwd file via the proxymap service, in order to
# overcome chroot restrictions. The alternative, having a copy of
# the system passwd file in the chroot jail is just not practical.
#
# The right-hand side of the lookup tables is conveniently ignored.
# In the left-hand side, specify a bare username, an @domain.tld
# wild-card, or specify a user@domain.tld address.
#
#local_recipient_maps = unix:passwd.byname $alias_maps
#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
#local_recipient_maps =
# The unknown_local_recipient_reject_code specifies the SMTP server
# response code when a recipient domain matches $mydestination or
# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty
# and the recipient address or address local-part is not found.
#
# The default setting is 550 (reject mail) but it is safer to start
# with 450 (try again later) until you are certain that your
# local_recipient_maps settings are OK.
#
unknown_local_recipient_reject_code = 550
# TRUST AND RELAY CONTROL
# The mynetworks parameter specifies the list of "trusted" SMTP
# clients that have more privileges than "strangers".
#
# In particular, "trusted" SMTP clients are allowed to relay mail
# through Postfix. See the smtpd_recipient_restrictions parameter
# in postconf(5).
#
# You can specify the list of "trusted" network addresses by hand
# or you can let Postfix do it for you (which is the default).
#
# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
# clients in the same IP subnetworks as the local machine.
# On Linux, this does works correctly only with interfaces specified
# with the "ifconfig" command.
#
# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
# clients in the same IP class A/B/C networks as the local machine.
# Don't do this with a dialup site - it would cause Postfix to "trust"
# your entire provider's network. Instead, specify an explicit
# mynetworks list by hand, as described below.
#
# Specify "mynetworks_style = host" when Postfix should "trust"
# only the local machine.
#
#mynetworks_style = class
#mynetworks_style = subnet
#mynetworks_style = host
# Alternatively, you can specify the mynetworks list by hand, in
# which case Postfix ignores the mynetworks_style setting.
#
# Specify an explicit list of network/netmask patterns, where the
# mask specifies the number of bits in the network part of a host
# address.
#
# You can also specify the absolute pathname of a pattern file instead
# of listing the patterns here. Specify type:table for table-based lookups
# (the value on the table right-hand side is not used).
#
#mynetworks = 168.100.189.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table
# The relay_domains parameter restricts what destinations this system will
# relay mail to. See the smtpd_recipient_restrictions description in
# postconf(5) for detailed information.
#
# By default, Postfix relays mail
# - from "trusted" clients (IP address matches $mynetworks) to any destination,
# - from "untrusted" clients to destinations that match $relay_domains or
# subdomains thereof, except addresses with sender-specified routing.
# The default relay_domains value is $mydestination.
#
# In addition to the above, the Postfix SMTP server by default accepts mail
# that Postfix is final destination for:
# - destinations that match $inet_interfaces or $proxy_interfaces,
# - destinations that match $mydestination
# - destinations that match $virtual_alias_domains,
# - destinations that match $virtual_mailbox_domains.
# These destinations do not need to be listed in $relay_domains.
#
# Specify a list of hosts or domains, /file/name patterns or type:name
# lookup tables, separated by commas and/or whitespace. Continue
# long lines by starting the next line with whitespace. A file name
# is replaced by its contents; a type:name table is matched when a
# (parent) domain appears as lookup key.
#
# NOTE: Postfix will not automatically forward mail for domains that
# list this system as their primary or backup MX host. See the
# permit_mx_backup restriction description in postconf(5).
#
#relay_domains = $mydestination
# INTERNET OR INTRANET
# The relayhost parameter specifies the default host to send mail to
# when no entry is matched in the optional transport(5) table. When
# no relayhost is given, mail is routed directly to the destination.
#
# On an intranet, specify the organizational domain name. If your
# internal DNS uses no MX records, specify the name of the intranet
# gateway host instead.
#
# In the case of SMTP, specify a domain, host, host:port, [host]:port,
# [address] or [address]:port; the form [host] turns off MX lookups.
#
# If you're connected via UUCP, see also the default_transport parameter.
#
#relayhost = $mydomain
#relayhost = [gateway.my.domain]
#relayhost = [mailserver.isp.tld]
#relayhost = uucphost
#relayhost = [an.ip.add.ress]
# REJECTING UNKNOWN RELAY USERS
#
# The relay_recipient_maps parameter specifies optional lookup tables
# with all addresses in the domains that match $relay_domains.
#
# If this parameter is defined, then the SMTP server will reject
# mail for unknown relay users. This feature is off by default.
#
# The right-hand side of the lookup tables is conveniently ignored.
# In the left-hand side, specify an @domain.tld wild-card, or specify
# a user@domain.tld address.
#
#relay_recipient_maps = hash:/etc/postfix/relay_recipients
# INPUT RATE CONTROL
#
# The in_flow_delay configuration parameter implements mail input
# flow control. This feature is turned on by default, although it
# still needs further development (it's disabled on SCO UNIX due
# to an SCO bug).
#
# A Postfix process will pause for $in_flow_delay seconds before
# accepting a new message, when the message arrival rate exceeds the
# message delivery rate. With the default 100 SMTP server process
# limit, this limits the mail inflow to 100 messages a second more
# than the number of messages delivered per second.
#
# Specify 0 to disable the feature. Valid delays are 0..10.
#
#in_flow_delay = 1s
# ADDRESS REWRITING
#
# The ADDRESS_REWRITING_README document gives information about
# address masquerading or other forms of address rewriting including
# username->Firstname.Lastname mapping.
masquerade_domains = redhat.com
masquerade_exceptions = root apache
# ADDRESS REDIRECTION (VIRTUAL DOMAIN)
#
# The VIRTUAL_README document gives information about the many forms
# of domain hosting that Postfix supports.
# "USER HAS MOVED" BOUNCE MESSAGES
#
# See the discussion in the ADDRESS_REWRITING_README document.
# TRANSPORT MAP
#
# See the discussion in the ADDRESS_REWRITING_README document.
# ALIAS DATABASE
#
# The alias_maps parameter specifies the list of alias databases used
# by the local delivery agent. The default list is system dependent.
#
# On systems with NIS, the default is to search the local alias
# database, then the NIS alias database. See aliases(5) for syntax
# details.
#
# If you change the alias database, run "postalias /etc/aliases" (or
# wherever your system stores the mail alias file), or simply run
# "newaliases" to build the necessary DBM or DB file.
#
# It will take a minute or so before changes become visible. Use
# "postfix reload" to eliminate the delay.
#
#alias_maps = dbm:/etc/aliases
alias_maps = hash:/etc/aliases
#alias_maps = hash:/etc/aliases, nis:mail.aliases
#alias_maps = netinfo:/aliases
# The alias_database parameter specifies the alias database(s) that
# are built with "newaliases" or "sendmail -bi". This is a separate
# configuration parameter, because alias_maps (see above) may specify
# tables that are not necessarily all under control by Postfix.
#
#alias_database = dbm:/etc/aliases
#alias_database = dbm:/etc/mail/aliases
alias_database = hash:/etc/aliases
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
# ADDRESS EXTENSIONS (e.g., user+foo)
#
# The recipient_delimiter parameter specifies the separator between
# user names and address extensions (user+foo). See canonical(5),
# local(8), relocated(5) and virtual(5) for the effects this has on
# aliases, canonical, virtual, relocated and .forward file lookups.
# Basically, the software tries user+foo and .forward+foo before
# trying user and .forward.
#
recipient_delimiter = +
# DELIVERY TO MAILBOX
#
# The home_mailbox parameter specifies the optional pathname of a
# mailbox file relative to a user's home directory. The default
# mailbox file is /var/spool/mail/user or /var/mail/user. Specify
# "Maildir/" for qmail-style delivery (the / is required).
#
#home_mailbox = Mailbox
#home_mailbox = Maildir/
# The mail_spool_directory parameter specifies the directory where
# UNIX-style mailboxes are kept. The default setting depends on the
# system type.
#
#mail_spool_directory = /var/mail
#mail_spool_directory = /var/spool/mail
# The mailbox_command parameter specifies the optional external
# command to use instead of mailbox delivery. The command is run as
# the recipient with proper HOME, SHELL and LOGNAME environment settings.
# Exception: delivery for root is done as $default_user.
#
# Other environment variables of interest: USER (recipient username),
# EXTENSION (address extension), DOMAIN (domain part of address),
# and LOCAL (the address localpart).
#
# Unlike other Postfix configuration parameters, the mailbox_command
# parameter is not subjected to $parameter substitutions. This is to
# make it easier to specify shell syntax (see example below).
#
# Avoid shell meta characters because they will force Postfix to run
# an expensive shell process. Procmail alone is expensive enough.
#
# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
#
#mailbox_command = /usr/bin/procmail
#mailbox_command = /some/where/procmail -a "$EXTENSION"
# The mailbox_transport specifies the optional transport in master.cf
# to use after processing aliases and .forward files. This parameter
# has precedence over the mailbox_command, fallback_transport and
# luser_relay parameters.
#
# Specify a string of the form transport:nexthop, where transport is
# the name of a mail delivery transport defined in master.cf. The
# :nexthop part is optional. For more details see the sample transport
# configuration file.
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must update the "local_recipient_maps" setting in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
#mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
# If using the cyrus-imapd IMAP server deliver local mail to the IMAP
# server using LMTP (Local Mail Transport Protocol), this is prefered
# over the older cyrus deliver program by setting the
# mailbox_transport as below:
#
# mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
#
# The efficiency of LMTP delivery for cyrus-imapd can be enhanced via
# these settings.
#
# local_destination_recipient_limit = 300
# local_destination_concurrency_limit = 5
#
# Of course you should adjust these settings as appropriate for the
# capacity of the hardware you are using. The recipient limit setting
# can be used to take advantage of the single instance message store
# capability of Cyrus. The concurrency limit can be used to control
# how many simultaneous LMTP sessions will be permitted to the Cyrus
# message store.
#
# To use the old cyrus deliver program you have to set:
#mailbox_transport = cyrus
# The fallback_transport specifies the optional transport in master.cf
# to use for recipients that are not found in the UNIX passwd database.
# This parameter has precedence over the luser_relay parameter.
#
# Specify a string of the form transport:nexthop, where transport is
# the name of a mail delivery transport defined in master.cf. The
# :nexthop part is optional. For more details see the sample transport
# configuration file.
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must update the "local_recipient_maps" setting in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp
#fallback_transport =
#transport_maps = hash:/etc/postfix/transport
# The luser_relay parameter specifies an optional destination address
# for unknown recipients. By default, mail for unknown@$mydestination,
# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned
# as undeliverable.
#
# The following expansions are done on luser_relay: $user (recipient
# username), $shell (recipient shell), $home (recipient home directory),
# $recipient (full recipient address), $extension (recipient address
# extension), $domain (recipient domain), $local (entire recipient
# localpart), $recipient_delimiter. Specify ${name?value} or
# ${name:value} to expand value only when $name does (does not) exist.
#
# luser_relay works only for the default Postfix local delivery agent.
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must specify "local_recipient_maps =" (i.e. empty) in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
#luser_relay = $user@other.host
#luser_relay = $local@other.host
#luser_relay = admin+$local
# JUNK MAIL CONTROLS
#
# The controls listed here are only a very small subset. The file
# SMTPD_ACCESS_README provides an overview.
# The header_checks parameter specifies an optional table with patterns
# that each logical message header is matched against, including
# headers that span multiple physical lines.
#
# By default, these patterns also apply to MIME headers and to the
# headers of attached messages. With older Postfix versions, MIME and
# attached message headers were treated as body text.
#
# For details, see "man header_checks".
#
header_checks = regexp:/etc/postfix/header_checks
# FAST ETRN SERVICE
#
# Postfix maintains per-destination logfiles with information about
# deferred mail, so that mail can be flushed quickly with the SMTP
# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".
# See the ETRN_README document for a detailed description.
#
# The fast_flush_domains parameter controls what destinations are
# eligible for this service. By default, they are all domains that
# this server is willing to relay mail to.
#
#fast_flush_domains = $relay_domains
# SHOW SOFTWARE VERSION OR NOT
#
# The smtpd_banner parameter specifies the text that follows the 220
# code in the SMTP server's greeting banner. Some people like to see
# the mail version advertised. By default, Postfix shows no version.
#
# You MUST specify $myhostname at the start of the text. That is an
# RFC requirement. Postfix itself does not care.
#
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
# PARALLEL DELIVERY TO THE SAME DESTINATION
#
# How many parallel deliveries to the same user or domain? With local
# delivery, it does not make sense to do massively parallel delivery
# to the same user, because mailbox updates must happen sequentially,
# and expensive pipelines in .forward files can cause disasters when
# too many are run at the same time. With SMTP deliveries, 10
# simultaneous connections to the same domain could be sufficient to
# raise eyebrows.
#
# Each message delivery transport has its XXX_destination_concurrency_limit
# parameter. The default is $default_destination_concurrency_limit for
# most delivery transports. For the local delivery agent the default is 2.
#local_destination_concurrency_limit = 2
#default_destination_concurrency_limit = 20
# DEBUGGING CONTROL
#
# The debug_peer_level parameter specifies the increment in verbose
# logging level when an SMTP client or server host name or address
# matches a pattern in the debug_peer_list parameter.
#
debug_peer_level = 2
# The debug_peer_list parameter specifies an optional list of domain
# or network patterns, /file/name patterns or type:name tables. When
# an SMTP client or server host name or address matches a pattern,
# increase the verbose logging level by the amount specified in the
# debug_peer_level parameter.
#
#debug_peer_list = 127.0.0.1
#debug_peer_list = some.domain
# The debugger_command specifies the external command that is executed
# when a Postfix daemon program is run with the -D option.
#
# Use "command .. & sleep 5" so that the debugger can attach before
# the process marches on. If you use an X-based debugger, be sure to
# set up your XAUTHORITY environment variable before starting Postfix.
#
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
# If you can't use X, use this to capture the call stack when a
# daemon crashes. The result is in a file in the configuration
# directory, and is named after the process name and the process ID.
#
# debugger_command =
# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
# >$config_directory/$process_name.$process_id.log & sleep 5
#
# Another possibility is to run gdb under a detached screen session.
# To attach to the screen sesssion, su root and run "screen -r
# <id_string>" where <id_string> uniquely matches one of the detached
# sessions (from "screen -list").
#
# debugger_command =
# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen
# -dmS $process_name gdb $daemon_directory/$process_name
# $process_id & sleep 1
# INSTALL-TIME CONFIGURATION INFORMATION
#
# The following parameters are used when installing a new Postfix version.
#
# sendmail_path: The full pathname of the Postfix sendmail command.
# This is the Sendmail-compatible mail posting interface.
#
sendmail_path = /usr/sbin/sendmail.postfix
# newaliases_path: The full pathname of the Postfix newaliases command.
# This is the Sendmail-compatible command to build alias databases.
#
newaliases_path = /usr/bin/newaliases.postfix
# mailq_path: The full pathname of the Postfix mailq command. This
# is the Sendmail-compatible mail queue listing command.
#
mailq_path = /usr/bin/mailq.postfix
# setgid_group: The group for mail submission and queue management
# commands. This must be a group name with a numerical group ID that
# is not shared with other accounts, not even with the Postfix account.
#
setgid_group = postdrop
# html_directory: The location of the Postfix HTML documentation.
#
html_directory = no
# manpage_directory: The location of the Postfix on-line manual pages.
#
manpage_directory = /usr/share/man
# sample_directory: The location of the Postfix sample configuration files.
# This parameter is obsolete as of Postfix 2.1.
#
sample_directory = /usr/share/doc/postfix-2.4.5/samples
# readme_directory: The location of the Postfix README files.
#
readme_directory = /usr/share/doc/postfix-2.4.5/README_FILES
# add this to new postfix to get it to add proper message-id and other
# headers to outgoing emails via the gateway.
message_size_limit = 20971520

21
roles/cloud_compute/tasks/main.yml
View file

@ -2,6 +2,8 @@
# Configure another compute node for Fedora Cloud # Configure another compute node for Fedora Cloud
- authorized_key: user=root key="{{ lookup('file', files + '/fedora-cloud/fed09-ssh-key.pub') }}" - authorized_key: user=root key="{{ lookup('file', files + '/fedora-cloud/fed09-ssh-key.pub') }}"
- template: src={{ files }}/fedora-cloud/hosts dest=/etc/hosts owner=root mode=0644
- lineinfile: dest=/etc/hosts line="{{ controller_private_ip }} fed-cloud09.cloud.fedoraproject.org"
- lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-eth1 regexp="^ONBOOT=" line="ONBOOT=yes" - lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-eth1 regexp="^ONBOOT=" line="ONBOOT=yes"
notify: notify:
@ -33,11 +35,11 @@
- ini_file: dest=/etc/nova/nova.conf section=keystone_authtoken option=auth_protocol value=http - ini_file: dest=/etc/nova/nova.conf section=keystone_authtoken option=auth_protocol value=http
- ini_file: dest=/etc/nova/nova.conf section=keystone_authtoken option=auth_port value=35357 - ini_file: dest=/etc/nova/nova.conf section=keystone_authtoken option=auth_port value=35357
- ini_file: dest=/etc/nova/nova.conf section=keystone_authtoken option=admin_user value=nova - ini_file: dest=/etc/nova/nova.conf section=keystone_authtoken option=admin_user value=nova
- ini_file: dest=/etc/nova/nova.conf section=keystone_authtoken option=admin_tenant_name value=service - ini_file: dest=/etc/nova/nova.conf section=keystone_authtoken option=admin_tenant_name value=services
- name: set admin_password - name: set admin_password
ini_file: dest=/etc/nova/nova.conf section=keystone_authtoken option=admin_password value={{NOVA_PASS}} ini_file: dest=/etc/nova/nova.conf section=keystone_authtoken option=admin_password value={{NOVA_PASS}}
- ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=rpc_backend value=rabbit - ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=rpc_backend value=nova.openstack.common.rpc.impl_kombu
- ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=rabbit_host value={{controller_private_ip}} - ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=rabbit_host value={{controller_private_ip}}
- ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=rabbit_hosts value={{controller_private_ip}}:5672 - ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=rabbit_hosts value={{controller_private_ip}}:5672
- ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=rabbit_userid value=amqp_user - ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=rabbit_userid value=amqp_user
@ -73,11 +75,11 @@
- ini_file: dest=/etc/neutron/neutron.conf section=keystone_authtoken option=auth_protocol value=http - ini_file: dest=/etc/neutron/neutron.conf section=keystone_authtoken option=auth_protocol value=http
- ini_file: dest=/etc/neutron/neutron.conf section=keystone_authtoken option=auth_port value=35357 - ini_file: dest=/etc/neutron/neutron.conf section=keystone_authtoken option=auth_port value=35357
- ini_file: dest=/etc/neutron/neutron.conf section=keystone_authtoken option=admin_user value=neutron - ini_file: dest=/etc/neutron/neutron.conf section=keystone_authtoken option=admin_user value=neutron
- ini_file: dest=/etc/neutron/neutron.conf section=keystone_authtoken option=admin_tenant_name value=service - ini_file: dest=/etc/neutron/neutron.conf section=keystone_authtoken option=admin_tenant_name value=services
- name: set admin_password - name: set admin_password
ini_file: dest=/etc/neutron/neutron.conf section=keystone_authtoken option=admin_password value={{NEUTRON_PASS}} ini_file: dest=/etc/neutron/neutron.conf section=keystone_authtoken option=admin_password value={{NEUTRON_PASS}}
- ini_file: dest=/etc/neutron/neutron.conf section=DEFAULT option=rpc_backend value=neutron.openstack.common.rpc.impl_qpid - ini_file: dest=/etc/neutron/neutron.conf section=DEFAULT option=rpc_backend value=neutron.openstack.common.rpc.impl_kombu
- ini_file: dest=/etc/neutron/neutron.conf section=DEFAULT option=rabbit_host value={{controller_private_ip}} - ini_file: dest=/etc/neutron/neutron.conf section=DEFAULT option=rabbit_host value={{controller_private_ip}}
- ini_file: dest=/etc/neutron/neutron.conf section=DEFAULT option=rabbit_hosts value={{controller_private_ip}}:5672 - ini_file: dest=/etc/neutron/neutron.conf section=DEFAULT option=rabbit_hosts value={{controller_private_ip}}:5672
- ini_file: dest=/etc/neutron/neutron.conf section=DEFAULT option=rabbit_userid value=amqp_user - ini_file: dest=/etc/neutron/neutron.conf section=DEFAULT option=rabbit_userid value=amqp_user
@ -86,26 +88,29 @@
# uncomment if you want to debug compute instance # uncomment if you want to debug compute instance
#- ini_file: dest=/etc/neutron/neutron.conf section=DEFAULT option=verbose value=True #- ini_file: dest=/etc/neutron/neutron.conf section=DEFAULT option=verbose value=True
- ini_file: dest=/etc/neutron/neutron.conf section=DEFAULT option=core_plugin value=ml2 - ini_file: dest=/etc/neutron/neutron.conf section=DEFAULT option=core_plugin value=neutron.plugins.ml2.plugin.Ml2Plugin
- ini_file: dest=/etc/neutron/neutron.conf section=DEFAULT option=service_plugins value=router - ini_file: dest=/etc/neutron/neutron.conf section=DEFAULT option=service_plugins value=neutron.services.l3_router.l3_router_plugin.L3RouterPlugin
- ini_file: dest=/etc/neutron/plugins/ml2/ml2_conf.ini section=ml2 option=type_drivers value=local,flat,gre - ini_file: dest=/etc/neutron/plugins/ml2/ml2_conf.ini section=ml2 option=type_drivers value=local,flat,gre
- ini_file: dest=/etc/neutron/plugins/ml2/ml2_conf.ini section=ml2 option=tenant_network_types value=gre - ini_file: dest=/etc/neutron/plugins/ml2/ml2_conf.ini section=ml2 option=tenant_network_types value=gre
- ini_file: dest=/etc/neutron/plugins/ml2/ml2_conf.ini section=ml2 option=mechanism_drivers value=openvswitch - ini_file: dest=/etc/neutron/plugins/ml2/ml2_conf.ini section=ml2 option=mechanism_drivers value=openvswitch
- ini_file: dest=/etc/neutron/plugins/ml2/ml2_conf.ini section=ml2_type_gre option=tunnel_id_ranges value=1:1000 - ini_file: dest=/etc/neutron/plugins/ml2/ml2_conf.ini section=ml2_type_gre option=tunnel_id_ranges value=1:1000
- ini_file: dest=/etc/neutron/plugins/ml2/ml2_conf.ini section=ovs option=local_ip value={{compute_private_ip}} - ini_file: dest=/etc/neutron/plugins/ml2/ml2_conf.ini section=ovs option=local_ip value={{compute_private_ip}}
- ini_file: dest=/etc/neutron/plugins/ml2/ml2_conf.ini section=ovs option=tunnel_type value=gre - ini_file: dest=/etc/neutron/plugins/ml2/ml2_conf.ini section=ovs option=tunnel_types value=gre
- ini_file: dest=/etc/neutron/plugins/ml2/ml2_conf.ini section=ovs option=enable_tunneling value=True - ini_file: dest=/etc/neutron/plugins/ml2/ml2_conf.ini section=ovs option=enable_tunneling value=True
- ini_file: dest=/etc/neutron/plugins/ml2/ml2_conf.ini section=securitygroup option=firewall_driver value=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver - ini_file: dest=/etc/neutron/plugins/ml2/ml2_conf.ini section=securitygroup option=firewall_driver value=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
- ini_file: dest=/etc/neutron/plugins/ml2/ml2_conf.ini section=securitygroup option=enable_security_group value=True - ini_file: dest=/etc/neutron/plugins/ml2/ml2_conf.ini section=securitygroup option=enable_security_group value=True
# WORKAROUND https://ask.openstack.org/en/question/28734/instance-failed-to-spawn-you-must-call-aug-init-first-to-initialize-augeas/
- ini_file: dest=/usr/lib/systemd/system/neutron-openvswitch-agent.service section=Service option=ExecStart value="/usr/bin/neutron-openvswitch-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini --log-file /var/log/neutron/openvswitch-agent.log"
- service: name=openvswitch state=started enabled=yes - service: name=openvswitch state=started enabled=yes
- command: ovs-vsctl --may-exist add-br br-int - command: ovs-vsctl --may-exist add-br br-int
- ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=network_api_class value=nova.network.neutronv2.api.API - ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=network_api_class value=nova.network.neutronv2.api.API
- ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=neutron_url value=http://{{controller_private_ip}}:9696 - ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=neutron_url value=http://{{controller_private_ip}}:9696
- ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=neutron_auth_strategy value=keystone - ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=neutron_auth_strategy value=keystone
- ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=neutron_admin_tenant_name value=service - ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=neutron_admin_tenant_name value=services
- ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=neutron_admin_username value=neutron - ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=neutron_admin_username value=neutron
- name: set neutron_admin_password - name: set neutron_admin_password
ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=neutron_admin_password value={{NEUTRON_PASS}} ini_file: dest=/etc/nova/nova.conf section=DEFAULT option=neutron_admin_password value={{NEUTRON_PASS}}

6
roles/distgit/files/dist-git-upload.cgi
View file

@ -156,6 +156,10 @@ def main():
hash_dir = os.path.join(module_dir, filename, checksum) hash_dir = os.path.join(module_dir, filename, checksum)
msgpath = os.path.join(name, module_dir, filename, checksum, filename) msgpath = os.path.join(name, module_dir, filename, checksum, filename)
unwanted_prefix = '/srv/cache/lookaside/pkgs/'
if msgpath.startswith(unwanted_prefix):
msgpath = msgpath[len(unwanted_prefix):]
# first test if the module really exists # first test if the module really exists
git_dir = os.path.join(GITREPO, '%s.git' % name) git_dir = os.path.join(GITREPO, '%s.git' % name)
if not os.path.isdir(git_dir): if not os.path.isdir(git_dir):
@ -224,7 +228,7 @@ def main():
fedmsg.init(name="relay_inbound", cert_prefix="lookaside", **config) fedmsg.init(name="relay_inbound", cert_prefix="lookaside", **config)
topic = "lookaside.new" topic = "lookaside.new"
msg = dict(name=name, md5sum=checksum, filename=filename, msg = dict(name=name, md5sum=checksum, filename=filename.split('/')[-1],
agent=username, path=msgpath) agent=username, path=msgpath)
fedmsg.publish(modname="git", topic=topic, msg=msg) fedmsg.publish(modname="git", topic=topic, msg=msg)
except Exception as e: except Exception as e:

3
roles/distgit/files/setup_git_package
View file

@ -100,11 +100,12 @@ git config --add hooks.maildomain fedoraproject.org
popd >/dev/null popd >/dev/null
# Now clone that repo and create the .gitignore and sources file # Now clone that repo and create the .gitignore and sources file
git clone -q /srv/git/rpms/$PACKAGE.git $TMPDIR/$PACKAGE git init -q $TMPDIR/$PACKAGE
pushd $TMPDIR/$PACKAGE >/dev/null pushd $TMPDIR/$PACKAGE >/dev/null
touch .gitignore sources touch .gitignore sources
git add . git add .
git commit -q -m 'Initial setup of the repo' --author "$AUTHOR" git commit -q -m 'Initial setup of the repo' --author "$AUTHOR"
git remote add origin $GITROOT/$PACKAGE.git
git push -q origin master git push -q origin master
popd >/dev/null popd >/dev/null

7
roles/distgit/tasks/main.yml
View file

@ -243,6 +243,13 @@
- config - config
- selinux - selinux
- name: set the selinux boolean git_cgi_use_nfs
seboolean: name=git_cgi_use_nfs persistent=yes state=yes
tags:
- distgit
- config
- selinux
- name: check the selinux context of the Lookaside Cache root directory - name: check the selinux context of the Lookaside Cache root directory
command: matchpathcon /srv/cache command: matchpathcon /srv/cache
register: lcachecontext register: lcachecontext

12
roles/distgit/templates/genacls.pkgdb
View file

@ -23,12 +23,12 @@ if __name__ == '__main__':
# Set the active branches to create ACLs for # Set the active branches to create ACLs for
# Give them the git branch eqiv until pkgdb follows suite # Give them the git branch eqiv until pkgdb follows suite
ACTIVE = {'OLPC-2': 'olpc2', 'OLPC-3': 'olpc3', 'EL-4': 'el4', ACTIVE = {'OLPC-2': 'olpc2', 'OLPC-3': 'olpc3', 'EL-4': 'el4',
'EL-5': 'el5', 'el5': 'el5', 'el6': 'el6', 'EL-6': 'el6', 'EL-5': 'el5', 'el5': 'el5', 'el6': 'el6', 'EL-6': 'el6',
'epel7': 'epel7', 'epel7': 'epel7',
'F-11': 'f11', 'F-12': 'f12', 'F-13': 'f13', 'f14': 'f14', 'f15': 'F-11': 'f11', 'F-12': 'f12', 'F-13': 'f13', 'f14': 'f14', 'f15':
'f15', 'f16': 'f16', 'f17': 'f17', 'f18': 'f18', 'f19': 'f19', 'f15', 'f16': 'f16', 'f17': 'f17', 'f18': 'f18', 'f19': 'f19',
'f20': 'f20', 'f21': 'f21', 'f20': 'f20', 'f21': 'f21', 'f22': 'f22',
'devel': 'master', 'master': 'master'} 'devel': 'master', 'master': 'master'}
# Create a "regex"ish list 0f the reserved branches # Create a "regex"ish list 0f the reserved branches
RESERVED = ['f[0-9][0-9]', 'epel[0-9]', 'epel[0-9][0-9]', 'el[0-9]', 'olpc[0-9]'] RESERVED = ['f[0-9][0-9]', 'epel[0-9]', 'epel[0-9][0-9]', 'el[0-9]', 'olpc[0-9]']

24
roles/distgit/templates/pkgdb_sync_git_branches.py
View file

@ -56,12 +56,6 @@ GIT_FOLDER = '/srv/git/rpms/'
MKBRANCH = '/usr/local/bin/mkbranch' MKBRANCH = '/usr/local/bin/mkbranch'
SETUP_PACKAGE = '/usr/local/bin/setup_git_package' SETUP_PACKAGE = '/usr/local/bin/setup_git_package'
BRANCHES_FROM = {
'epel7': 'f19',
'olpc2': 'f7',
'olpc3': 'f11',
'master': None,
}
VERBOSE = False VERBOSE = False
@ -114,23 +108,16 @@ def _create_branch(pkgname, branch):
:arg branch: Name of the branch to create :arg branch: Name of the branch to create
''' '''
if branch == 'master':
if branch in BRANCHES_FROM: print 'ERROR: Proudly refusing to create master branch. Invalid repo?'
branch_from = BRANCHES_FROM[branch] print 'INFO: Please check %s repo' % pkgname
else: return
branch_from = 'master'
# Fall back to branching from master.
frombranchpath = os.path.join(
GIT_FOLDER, '%s.git' % pkgname, 'refs/heads', branch_from)
if not os.path.exists(frombranchpath):
branch_from = 'master'
branchpath = os.path.join( branchpath = os.path.join(
GIT_FOLDER, '%s.git' % pkgname, 'refs/heads', branch) GIT_FOLDER, '%s.git' % pkgname, 'refs/heads', branch)
if not os.path.exists(branchpath): if not os.path.exists(branchpath):
try: try:
_invoke(MKBRANCH, ['-s', branch_from, branch, pkgname]) _invoke(MKBRANCH, [branch, pkgname])
except ProcessError, e: except ProcessError, e:
if e.returnCode == 255: if e.returnCode == 255:
# This is a warning, not an error # This is a warning, not an error
@ -202,6 +189,7 @@ def branch_package(pkgname, branches):
if not os.path.exists( if not os.path.exists(
os.path.join(GIT_FOLDER, '%s.git' % pkgname)): os.path.join(GIT_FOLDER, '%s.git' % pkgname)):
_invoke(SETUP_PACKAGE, [pkgname]) _invoke(SETUP_PACKAGE, [pkgname])
branches.remove('master') # SETUP_PACKAGE creates master
# Create all the required branches for the package # Create all the required branches for the package
# Use the translated branch name until pkgdb falls inline # Use the translated branch name until pkgdb falls inline

4
roles/epylog/files/merged/weed_local.cf
View file

@ -271,6 +271,9 @@ sshd.*: Starting session: subsystem 'sftp' for root from 10.5.126.23 port.*
sshd.*: Corrupted MAC on input. sshd.*: Corrupted MAC on input.
sshd.*: pam_systemd(sshd:session): Failed to create session: No such file or directory sshd.*: pam_systemd(sshd:session): Failed to create session: No such file or directory
sshd.*: fatal: Write failed: Connection reset by peer sshd.*: fatal: Write failed: Connection reset by peer
sshd.*: pam_succeed_if\(sshd:auth\): requirement.*
sshd.*: pam_unix\(sshd:auth\): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=.*
sshd.*: PAM .* more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=.*
stunnel:.*websockets connected remote.* stunnel:.*websockets connected remote.*
stunnel:.*SSL_read.* stunnel:.*SSL_read.*
stunnel:.*Connection reset.* stunnel:.*Connection reset.*
@ -293,6 +296,7 @@ systemd.*: Created slice user-0.slice.
systemd.*: Removed slice user-0.slice. systemd.*: Removed slice user-0.slice.
systemd.*: Received SIGRTMIN\+24 from PID.* systemd.*: Received SIGRTMIN\+24 from PID.*
unix_chkpwd.*: account .* has password changed in future unix_chkpwd.*: account .* has password changed in future
unix_chkpwd.*: password check failed for user \(root\)
userhelper.*: running \'/usr/sbin/mock.* userhelper.*: running \'/usr/sbin/mock.*
groupadd.*: new group.* groupadd.*: new group.*
groupadd.*: group added to /etc/g.* groupadd.*: group added to /etc/g.*

6
roles/fedmsg/base/templates/ssl.py.j2
View file

@ -78,13 +78,13 @@ config = dict(
for i in range(1, 3) for i in range(1, 3)
] + [ ] + [
("shell.pkgs0%i" % i, "shell-pkgs0%i.%s" % (i, suffix)) ("shell.pkgs0%i" % i, "shell-pkgs0%i.%s" % (i, suffix))
for i in range(1, 2) for i in range(1, 3)
] + [ ] + [
("scm.pkgs0%i" % i, "scm-pkgs0%i.%s" % (i, suffix)) ("scm.pkgs0%i" % i, "scm-pkgs0%i.%s" % (i, suffix))
for i in range(1, 2) for i in range(1, 3)
] + [ ] + [
("lookaside.pkgs0%i" % i, "lookaside-pkgs0%i.%s" % (i, suffix)) ("lookaside.pkgs0%i" % i, "lookaside-pkgs0%i.%s" % (i, suffix))
for i in range(1, 2) for i in range(1, 3)
] + [ ] + [
("shell.relepel01", "shell-relepel01.%s" % suffix), ("shell.relepel01", "shell-relepel01.%s" % suffix),
("shell.branched-composer", "shell-branched-composer.%s" % suffix), ("shell.branched-composer", "shell-branched-composer.%s" % suffix),

17
roles/fedmsg/gateway/slave/templates/fedmsg-gateway-slave.py.j2
View file

@ -15,3 +15,20 @@ config = {
} }
} }
# This option adds an IPC socket by which we can monitor hub health.
try:
import os
import psutil
pid = os.getpid()
proc = [p for p in psutil.process_iter() if p.pid == pid][0]
config['moksha.monitoring.socket'] = \
'ipc:///var/run/fedmsg/monitoring-%s.socket' % proc.name
config['moksha.monitoring.socket.mode'] = '770'
except (OSError, ImportError):
# We run into issues when trying to import psutil from mod_wsgi on rhel7
# but this feature is of no concern in that context, so just fail quietly.
# https://github.com/jmflinuxtx/kerneltest-harness/pull/17#issuecomment-48007837
pass

5
roles/git/hooks/files/post-receive-fedmsg
View file

@ -88,6 +88,11 @@ for line in lines:
def _build_commit(rev): def _build_commit(rev):
commit = repo.revparse_single(rev) commit = repo.revparse_single(rev)
# Tags are a little funny, and vary between versions of pygit2, so we'll
# just ignore them as far as fedmsg is concerned.
if isinstance(commit, pygit2.Tag):
return None
files, total = build_stats(commit) files, total = build_stats(commit)
return dict( return dict(

14
roles/git/hooks/tasks/main.yml
View file

@ -7,11 +7,19 @@
- git - git
- moreutils - moreutils
- python-kitchen - python-kitchen
tags:
- git
- git/hooks
- packages
- name: install needed packages from epel testing - name: install needed packages from epel testing
yum: pkg={{item}} state=present enablerepo=epel-testing yum: pkg={{item}} state=present enablerepo=epel-testing
with_items: with_items:
- python-pygit2 - python-pygit2
tags:
- git
- git/hooks
- packages
- name: install the git hooks - name: install the git hooks
copy: src={{item}} dest=/usr/share/git-core/ mode=0755 copy: src={{item}} dest=/usr/share/git-core/ mode=0755
@ -19,6 +27,9 @@
- post-receive-fedmsg - post-receive-fedmsg
- post-receive-chained - post-receive-chained
- update-block-push-origin - update-block-push-origin
tags:
- git
- git/hooks
- name: install the git mail hooks - name: install the git mail hooks
copy: src={{item}} dest=/usr/share/git-core/mail-hooks/ mode=0755 copy: src={{item}} dest=/usr/share/git-core/mail-hooks/ mode=0755
@ -26,3 +37,6 @@
- util.py - util.py
- git.py - git.py
- gnome-post-receive-email - gnome-post-receive-email
tags:
- git
- git/hooks

25
roles/git/server/tasks/main.yml
View file

@ -1,16 +1,31 @@
--- ---
# tasklist for setting up a git server (git:// access) # tasklist for setting up a git server (git:// access)
- name: install the needed packages - name: install the git-daemon package
yum: pkg={{item}} state=present yum: pkg=git-daemon state=present
with_items:
- git-daemon # If NOT using xinetd
- xinetd - name: delete stock git daemon config
file: path="/usr/lib/systemd/system/git.service" state=absent
when: ansible_distribution_major_version == '7'
- name: configure git daemon
template: >
src="git@.service.j2"
dest="/usr/lib/systemd/system/git@.service"
mode=0644
when: ansible_distribution_major_version == '7'
# If using xinetd
- name: install xinetd
yum: pkg=xinetd state=present
when: ansible_distribution_major_version == '6'
- name: install the xinetd config file - name: install the xinetd config file
template: > template: >
src="git.j2" src="git.j2"
dest="/etc/xinetd.d/git" dest="/etc/xinetd.d/git"
mode=0644 mode=0644
when: ansible_distribution_major_version == '6'
notify: notify:
- restart xinetd - restart xinetd

9
roles/git/server/templates/git@.service.j2 Normal file
View file

@ -0,0 +1,9 @@
[Unit]
Description=Git Repositories Server Daemon
Documentation=man:git-daemon(1)
Wants=git.socket
[Service]
User=nobody
ExecStart=/usr/libexec/git-core/git-daemon --base-path={{ git_basepath }} --export-all --user-path=public_git --syslog --inetd --verbose
StandardInput=socket

4
roles/hosts/files/arm.fedoraproject.org-hosts
View file

@ -9,5 +9,5 @@
# #
# This is proxy01.phx2.fedoraproject.org # This is proxy01.phx2.fedoraproject.org
# #
10.5.126.52 mirrors.fedoraproject.org 10.5.126.51 mirrors.fedoraproject.org
10.5.126.52 admin.fedoraproject.org 10.5.126.51 admin.fedoraproject.org

2
roles/hosts/files/ask01.phx2.fedoraproject.org-hosts
View file

@ -1,7 +1,7 @@
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.5.126.52 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org 10.5.126.51 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org
10.5.126.23 infrastructure.fedoraproject.org 10.5.126.23 infrastructure.fedoraproject.org
10.5.126.71 db-ask 10.5.126.71 db-ask

2
roles/hosts/files/ask02.phx2.fedoraproject.org-hosts
View file

@ -1,7 +1,7 @@
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.5.126.52 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org 10.5.126.51 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org
10.5.126.23 infrastructure.fedoraproject.org 10.5.126.23 infrastructure.fedoraproject.org
10.5.126.71 db-ask 10.5.126.71 db-ask

6
roles/hosts/files/autosign-hosts
View file

@ -2,9 +2,9 @@
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.5.126.23 infrastructure.fedoraproject.org 10.5.126.23 infrastructure.fedoraproject.org
10.5.126.23 puppet.fedoraproject.org puppet infrastructure.fedoraproject.org 10.5.126.23 puppet.fedoraproject.org puppet infrastructure.fedoraproject.org
10.5.126.52 admin.fedoraproject.org 10.5.126.51 admin.fedoraproject.org
10.5.125.44 pkgs.fedoraproject.org pkgs 10.5.125.44 pkgs.fedoraproject.org pkgs
10.5.126.52 download.fedora.redhat.com 10.5.126.51 download.fedora.redhat.com
10.5.126.27 archives.fedoraproject.org 10.5.126.27 archives.fedoraproject.org
10.5.125.63 koji.fedoraproject.org 10.5.125.63 koji.fedoraproject.org
10.5.125.36 kojipkgs.fedoraproject.org 10.5.125.36 kojipkgs.fedoraproject.org
@ -19,5 +19,5 @@
10.5.124.145 secondary-signer 10.5.124.145 secondary-signer
10.5.124.138 arm.koji.fedoraproject.org 10.5.124.138 arm.koji.fedoraproject.org
10.5.124.138 armpkgs.fedoraproject.org 10.5.124.138 armpkgs.fedoraproject.org
10.5.126.52 apps.fedoraproject.org 10.5.126.51 apps.fedoraproject.org

2
roles/hosts/files/badges-backend01.phx2.fedoraproject.org-hosts
View file

@ -1,6 +1,6 @@
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.5.126.23 infrastructure.fedoraproject.org 10.5.126.23 infrastructure.fedoraproject.org
10.5.126.52 admin.fedoraproject.org 10.5.126.51 admin.fedoraproject.org
10.5.126.111 db-datanommer db-datanommer02 10.5.126.111 db-datanommer db-datanommer02
10.5.126.71 db-tahrir db-tahrir 10.5.126.71 db-tahrir db-tahrir

2
roles/hosts/files/badges-web01.phx2.fedoraproject.org-hosts
View file

@ -1,5 +1,5 @@
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.5.126.52 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org 10.5.126.51 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org
10.5.126.23 infrastructure.fedoraproject.org 10.5.126.23 infrastructure.fedoraproject.org
10.5.126.71 db-tahrir db-tahrir 10.5.126.71 db-tahrir db-tahrir

2
roles/hosts/files/badges-web02.phx2.fedoraproject.org-hosts
View file

@ -1,5 +1,5 @@
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.5.126.52 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org 10.5.126.51 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org
10.5.126.23 infrastructure.fedoraproject.org 10.5.126.23 infrastructure.fedoraproject.org
10.5.126.71 db-tahrir db-tahrir 10.5.126.71 db-tahrir db-tahrir

2
roles/hosts/files/bodhi01.phx2.fedoraproject.org-hosts
View file

@ -2,6 +2,6 @@
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.5.126.23 infrastructure.fedoraproject.org 10.5.126.23 infrastructure.fedoraproject.org
10.5.126.23 puppet.fedoraproject.org puppet infrastructure.fedoraproject.org 10.5.126.23 puppet.fedoraproject.org puppet infrastructure.fedoraproject.org
10.5.126.52 admin.fedoraproject.org 10.5.126.51 admin.fedoraproject.org
10.5.125.63 koji.fedoraproject.org 10.5.125.63 koji.fedoraproject.org
10.5.125.36 kojipkgs.fedoraproject.org 10.5.125.36 kojipkgs.fedoraproject.org

2
roles/hosts/files/bodhi02.phx2.fedoraproject.org-hosts
View file

@ -2,6 +2,6 @@
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.5.126.23 infrastructure.fedoraproject.org 10.5.126.23 infrastructure.fedoraproject.org
10.5.126.23 puppet.fedoraproject.org puppet infrastructure.fedoraproject.org 10.5.126.23 puppet.fedoraproject.org puppet infrastructure.fedoraproject.org
10.5.126.52 admin.fedoraproject.org 10.5.126.51 admin.fedoraproject.org
10.5.125.63 koji.fedoraproject.org 10.5.125.63 koji.fedoraproject.org
10.5.125.36 kojipkgs.fedoraproject.org 10.5.125.36 kojipkgs.fedoraproject.org

2
roles/hosts/files/docs-backend01.phx2.fedoraproject.org-hosts
View file

@ -2,5 +2,5 @@
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.5.126.23 infrastructure.fedoraproject.org 10.5.126.23 infrastructure.fedoraproject.org
10.5.126.23 puppet.fedoraproject.org puppet infrastructure.fedoraproject.org 10.5.126.23 puppet.fedoraproject.org puppet infrastructure.fedoraproject.org
10.5.126.52 admin.fedoraproject.org 10.5.126.51 admin.fedoraproject.org
10.5.125.36 kojipkgs.fedoraproject.org kojipkgs 10.5.125.36 kojipkgs.fedoraproject.org kojipkgs

2
roles/hosts/files/elections01.phx2.fedoraproject.org-hosts
View file

@ -1,7 +1,7 @@
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.5.126.52 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org 10.5.126.51 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org
10.5.126.23 infrastructure.fedoraproject.org 10.5.126.23 infrastructure.fedoraproject.org
10.5.126.71 db-elections db-elections 10.5.126.71 db-elections db-elections

2
roles/hosts/files/elections02.phx2.fedoraproject.org-hosts
View file

@ -1,7 +1,7 @@
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.5.126.52 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org 10.5.126.51 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org
10.5.126.23 infrastructure.fedoraproject.org 10.5.126.23 infrastructure.fedoraproject.org
10.5.126.71 db-elections db-elections 10.5.126.71 db-elections db-elections

2
roles/hosts/files/fedimg01.stg.phx2.fedoraproject.org-hosts
View file

@ -2,7 +2,7 @@
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.5.126.23 infrastructure.fedoraproject.org 10.5.126.23 infrastructure.fedoraproject.org
10.5.126.23 puppet.fedoraproject.org puppet puppet01 puppet01.phx2.fedoraproject.org 10.5.126.23 puppet.fedoraproject.org puppet puppet01 puppet01.phx2.fedoraproject.org
10.5.126.52 admin.fedoraproject.org 10.5.126.51 admin.fedoraproject.org
10.5.126.88 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org 10.5.126.88 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org
10.5.126.83 pkgs.fedoraproject.org pkgs pkgs01 10.5.126.83 pkgs.fedoraproject.org pkgs pkgs01
10.5.126.81 app01.phx2.fedoraproject.org app1 app3 app5 bapp1 app01 app03 app05 bapp01 bapp02 10.5.126.81 app01.phx2.fedoraproject.org app1 app3 app5 bapp1 app01 app03 app05 bapp01 bapp02

4
roles/hosts/files/fedocal01.phx2.fedoraproject.org-hosts
View file

@ -1,8 +1,8 @@
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.5.126.52 admin.fedoraproject.org 10.5.126.51 admin.fedoraproject.org
10.5.126.52 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org 10.5.126.51 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org
10.5.126.23 infrastructure.fedoraproject.org 10.5.126.23 infrastructure.fedoraproject.org
10.5.126.71 db-fedocal db-fedocal 10.5.126.71 db-fedocal db-fedocal

4
roles/hosts/files/fedocal02.phx2.fedoraproject.org-hosts
View file

@ -1,8 +1,8 @@
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.5.126.52 admin.fedoraproject.org 10.5.126.51 admin.fedoraproject.org
10.5.126.52 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org 10.5.126.51 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org
10.5.126.23 infrastructure.fedoraproject.org 10.5.126.23 infrastructure.fedoraproject.org
10.5.126.71 db-fedocal db-fedocal 10.5.126.71 db-fedocal db-fedocal

2
roles/hosts/files/github2fedmsg01.phx2.fedoraproject.org-hosts
View file

@ -1,5 +1,5 @@
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.5.126.52 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org 10.5.126.51 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org
10.5.126.23 infrastructure.fedoraproject.org 10.5.126.23 infrastructure.fedoraproject.org
10.5.126.71 db-github2fedmsg 10.5.126.71 db-github2fedmsg

2
roles/hosts/files/hotness01.phx2.fedoraproject.org-hosts
View file

@ -1,6 +1,6 @@
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.5.126.52 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org admin.fedoraproject.org 10.5.126.51 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org admin.fedoraproject.org
10.5.126.23 infrastructure.fedoraproject.org 10.5.126.23 infrastructure.fedoraproject.org
10.5.125.44 pkgs.fedoraproject.org 10.5.125.44 pkgs.fedoraproject.org
10.5.125.63 koji.fedoraproject.org 10.5.125.63 koji.fedoraproject.org

2
roles/hosts/files/koji01.phx2.fedoraproject.org-hosts
View file

@ -5,4 +5,4 @@
10.5.125.36 kojipkgs.fedoraproject.org 10.5.125.36 kojipkgs.fedoraproject.org
10.5.124.182 ppc.koji.fedoraproject.org 10.5.124.182 ppc.koji.fedoraproject.org
10.5.124.191 s390.koji.fedoraproject.org 10.5.124.191 s390.koji.fedoraproject.org
10.5.126.52 admin.fedoraproject.org 10.5.126.51 admin.fedoraproject.org

2
roles/hosts/files/koji02.phx2.fedoraproject.org-hosts
View file

@ -5,4 +5,4 @@
10.5.125.36 kojipkgs.fedoraproject.org 10.5.125.36 kojipkgs.fedoraproject.org
10.5.124.182 ppc.koji.fedoraproject.org 10.5.124.182 ppc.koji.fedoraproject.org
10.5.124.191 s390.koji.fedoraproject.org 10.5.124.191 s390.koji.fedoraproject.org
10.5.126.52 admin.fedoraproject.org 10.5.126.51 admin.fedoraproject.org

2
roles/hosts/files/kojibuilder-hosts
View file

@ -5,4 +5,4 @@
10.5.125.36 kojipkgs.fedoraproject.org 10.5.125.36 kojipkgs.fedoraproject.org
10.5.124.138 arm.koji.fedoraproject.org armpkgs.fedoraproject.org 10.5.124.138 arm.koji.fedoraproject.org armpkgs.fedoraproject.org
10.5.125.44 pkgs.fedoraproject.org pkgs 10.5.125.44 pkgs.fedoraproject.org pkgs
10.5.126.52 mirrors.fedoraproject.org admin.fedoraproject.org 10.5.126.51 mirrors.fedoraproject.org admin.fedoraproject.org

2
roles/hosts/files/notifs-backend01.phx2.fedoraproject.org-hosts
View file

@ -1,6 +1,6 @@
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.5.126.52 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org admin.fedoraproject.org 10.5.126.51 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org admin.fedoraproject.org
10.5.126.23 infrastructure.fedoraproject.org 10.5.126.23 infrastructure.fedoraproject.org
10.5.126.71 db-notifs db-notifs 10.5.126.71 db-notifs db-notifs
10.5.126.111 db-datanommer db-datanommer02 10.5.126.111 db-datanommer db-datanommer02

2
roles/hosts/files/notifs-web01.phx2.fedoraproject.org-hosts
View file

@ -1,6 +1,6 @@
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.5.126.52 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org 10.5.126.51 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org
10.5.126.23 infrastructure.fedoraproject.org 10.5.126.23 infrastructure.fedoraproject.org
10.5.126.71 db-notifs db-notifs 10.5.126.71 db-notifs db-notifs
10.5.126.111 db-datanommer db-datanommer02 10.5.126.111 db-datanommer db-datanommer02

2
roles/hosts/files/notifs-web02.phx2.fedoraproject.org-hosts
View file

@ -1,6 +1,6 @@
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.5.126.52 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org 10.5.126.51 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org
10.5.126.23 infrastructure.fedoraproject.org 10.5.126.23 infrastructure.fedoraproject.org
10.5.126.71 db-notifs db-notifs 10.5.126.71 db-notifs db-notifs
10.5.126.111 db-datanommer db-datanommer02 10.5.126.111 db-datanommer db-datanommer02

2
roles/hosts/files/nuancier01.phx2.fedoraproject.org-hosts
View file

@ -1,7 +1,7 @@
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.5.126.52 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org 10.5.126.51 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org
10.5.126.23 infrastructure.fedoraproject.org 10.5.126.23 infrastructure.fedoraproject.org
10.5.126.71 nuancier_db nuancier_db 10.5.126.71 nuancier_db nuancier_db

2
roles/hosts/files/nuancier02.phx2.fedoraproject.org-hosts
View file

@ -1,7 +1,7 @@
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.5.126.52 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org 10.5.126.51 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org
10.5.126.23 infrastructure.fedoraproject.org 10.5.126.23 infrastructure.fedoraproject.org
10.5.126.71 nuancier_db nuancier_db 10.5.126.71 nuancier_db nuancier_db

4
roles/hosts/files/packages03.phx2.fedoraproject.org-hosts
View file

@ -12,5 +12,5 @@
10.5.126.23 lockbox01.phx2.fedoraproject.org infrastructure.fedoraproject.org 10.5.126.23 lockbox01.phx2.fedoraproject.org infrastructure.fedoraproject.org
10.5.124.191 s390.koji.fedoraproject.org 10.5.124.191 s390.koji.fedoraproject.org
10.5.124.182 ppc.koji.fedoraproject.org 10.5.124.182 ppc.koji.fedoraproject.org
10.5.126.52 apps.fedoraproject.org 10.5.126.51 apps.fedoraproject.org
10.5.126.52 admin.fedoraproject.org 10.5.126.51 admin.fedoraproject.org

2
roles/hosts/files/packages03.stg.phx2.fedoraproject.org-hosts
View file

@ -2,7 +2,7 @@
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.5.126.23 infrastructure.fedoraproject.org 10.5.126.23 infrastructure.fedoraproject.org
10.5.126.23 puppet.fedoraproject.org puppet puppet01 puppet01.phx2.fedoraproject.org 10.5.126.23 puppet.fedoraproject.org puppet puppet01 puppet01.phx2.fedoraproject.org
10.5.126.52 admin.fedoraproject.org 10.5.126.51 admin.fedoraproject.org
10.5.126.88 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org 10.5.126.88 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org
10.5.126.83 pkgs.fedoraproject.org pkgs pkgs01 10.5.126.83 pkgs.fedoraproject.org pkgs pkgs01
10.5.126.81 app01.phx2.fedoraproject.org app1 app3 app5 bapp1 app01 app03 app05 bapp01 bapp02 10.5.126.81 app01.phx2.fedoraproject.org app1 app3 app5 bapp1 app01 app03 app05 bapp01 bapp02

4
roles/hosts/files/packages04.phx2.fedoraproject.org-hosts
View file

@ -11,5 +11,5 @@
10.5.126.23 lockbox01.phx2.fedoraproject.org infrastructure.fedoraproject.org 10.5.126.23 lockbox01.phx2.fedoraproject.org infrastructure.fedoraproject.org
10.5.124.191 s390.koji.fedoraproject.org 10.5.124.191 s390.koji.fedoraproject.org
10.5.124.182 ppc.koji.fedoraproject.org 10.5.124.182 ppc.koji.fedoraproject.org
10.5.126.52 apps.fedoraproject.org 10.5.126.51 apps.fedoraproject.org
10.5.126.52 admin.fedoraproject.org 10.5.126.51 admin.fedoraproject.org

4
roles/hosts/files/pkgdb01.phx2.fedoraproject.org-hosts
View file

@ -1,8 +1,8 @@
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.5.126.52 admin.fedoraproject.org 10.5.126.51 admin.fedoraproject.org
10.5.126.52 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org 10.5.126.51 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org
10.5.126.23 infrastructure.fedoraproject.org 10.5.126.23 infrastructure.fedoraproject.org
10.5.125.44 pkgs.fedoraproject.org 10.5.125.44 pkgs.fedoraproject.org

4
roles/hosts/files/pkgdb02.phx2.fedoraproject.org-hosts
View file

@ -1,8 +1,8 @@
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.5.126.52 admin.fedoraproject.org 10.5.126.51 admin.fedoraproject.org
10.5.126.52 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org 10.5.126.51 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org
10.5.126.23 infrastructure.fedoraproject.org 10.5.126.23 infrastructure.fedoraproject.org
10.5.125.44 pkgs.fedoraproject.org 10.5.125.44 pkgs.fedoraproject.org

6
roles/hosts/files/qa.fedoraproject.org-hosts
View file

@ -7,9 +7,9 @@
# #
# This is proxy01.phx2.fedoraproject.org # This is proxy01.phx2.fedoraproject.org
# #
10.5.126.52 mirrors.fedoraproject.org 10.5.126.51 mirrors.fedoraproject.org
10.5.126.52 admin.fedoraproject.org 10.5.126.51 admin.fedoraproject.org
10.5.126.52 hub.fedoraproject.org 10.5.126.51 hub.fedoraproject.org
# for VPN # for VPN
10.5.126.12 gateway.phx2.fedoraproject.org gateway bastion01.phx2.fedoraproject.org bastion01 10.5.126.12 gateway.phx2.fedoraproject.org gateway bastion01.phx2.fedoraproject.org bastion01

2
roles/hosts/files/releng-hosts
View file

@ -5,4 +5,4 @@
10.5.125.36 kojipkgs.fedoraproject.org 10.5.125.36 kojipkgs.fedoraproject.org
10.5.124.138 arm.koji.fedoraproject.org armpkgs.fedoraproject.org 10.5.124.138 arm.koji.fedoraproject.org armpkgs.fedoraproject.org
10.5.125.44 pkgs.fedoraproject.org pkgs 10.5.125.44 pkgs.fedoraproject.org pkgs
10.5.126.52 mirrors.fedoraproject.org admin.fedoraproject.org 10.5.126.51 mirrors.fedoraproject.org admin.fedoraproject.org

2
roles/hosts/files/sign-hosts
View file

@ -1,7 +1,7 @@
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.5.126.23 infrastructure.fedoraproject.org 10.5.126.23 infrastructure.fedoraproject.org
10.5.126.52 admin.fedoraproject.org 10.5.126.51 admin.fedoraproject.org
# #
# Here for historical reasons due to cert names. # Here for historical reasons due to cert names.
# #

2
roles/hosts/files/summershum01.phx2.fedoraproject.org-hosts
View file

@ -1,6 +1,6 @@
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.5.126.52 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org 10.5.126.51 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org
10.5.126.23 infrastructure.fedoraproject.org 10.5.126.23 infrastructure.fedoraproject.org
10.5.125.44 pkgs.fedoraproject.org 10.5.125.44 pkgs.fedoraproject.org
10.5.126.71 db-summershum db-summershum 10.5.126.71 db-summershum db-summershum

2
roles/hosts/files/tagger01.phx2.fedoraproject.org-hosts
View file

@ -1,7 +1,7 @@
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.5.126.52 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org 10.5.126.51 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org
10.5.126.23 infrastructure.fedoraproject.org 10.5.126.23 infrastructure.fedoraproject.org
10.5.125.63 koji.fedoraproject.org 10.5.125.63 koji.fedoraproject.org

2
roles/hosts/files/tagger02.phx2.fedoraproject.org-hosts
View file

@ -1,7 +1,7 @@
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.5.126.52 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org 10.5.126.51 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 fedoraproject.org
10.5.126.23 infrastructure.fedoraproject.org 10.5.126.23 infrastructure.fedoraproject.org
10.5.125.63 koji.fedoraproject.org 10.5.125.63 koji.fedoraproject.org

2
roles/hosts/files/value01.phx2.fedoraproject.org-hosts
View file

@ -2,5 +2,5 @@
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.5.126.23 infrastructure.fedoraproject.org 10.5.126.23 infrastructure.fedoraproject.org
10.5.126.23 puppet.fedoraproject.org puppet infrastructure.fedoraproject.org 10.5.126.23 puppet.fedoraproject.org puppet infrastructure.fedoraproject.org
10.5.126.52 admin.fedoraproject.org 10.5.126.51 admin.fedoraproject.org
10.5.125.63 koji.fedoraproject.org 10.5.125.63 koji.fedoraproject.org

16
roles/hotness/templates/hotness.py
View file

@ -12,14 +12,14 @@ More information about the service that created this bug can be found at: %(expl
""" """
config = { config = {
{% if env == 'staging' %} #{% if env == 'staging' %}
# Establish a loop from prod anitya back into the staging hotness. ## Establish a loop from prod anitya back into the staging hotness.
'endpoints': { #'endpoints': {
'anitya-public-relay': [ # 'anitya-public-relay': [
'tcp://release-monitoring.org:9940', # 'tcp://release-monitoring.org:9940',
], # ],
}, #},
{% endif %} #{% endif %}
'hotness.bugzilla.enabled': True, 'hotness.bugzilla.enabled': True,

4
roles/httpd/proxy/templates/00-namevirtualhost.conf
View file

@ -47,6 +47,10 @@ NameVirtualHost [2607:f188::dead:beef:cafe:fed1]:443
NameVirtualHost 192.168.122.2:80 NameVirtualHost 192.168.122.2:80
NameVirtualHost 192.168.122.2:443 NameVirtualHost 192.168.122.2:443
# proxy10
NameVirtualHost 10.5.126.51:80
NameVirtualHost 10.5.126.51:443
#proxy01.stg #proxy01.stg
NameVirtualHost 10.5.126.88:80 NameVirtualHost 10.5.126.88:80
NameVirtualHost 10.5.126.88:443 NameVirtualHost 10.5.126.88:443

2
roles/kojipkgs/files/kojipkgs.conf
View file

@ -58,3 +58,5 @@ Alias /rhel /mnt/fedora_koji/rhel
Require all granted Require all granted
</Directory> </Directory>
# Set HSTS header via HTTP since it cannot be easily set in squid, which terminates HTTPS
Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"

12
roles/mediawiki/templates/LocalSettings.php.fp.j2
View file

@ -354,6 +354,18 @@ $wgSquidServers = array(
# proxy07 # proxy07
"213.175.193.205", "213.175.193.205",
"192.168.1.52", "192.168.1.52",
# proxy08
"67.203.2.67",
"192.168.1.78",
# proxy09
"66.135.62.187",
"192.168.1.15",
# proxy10
"10.5.126.51",
"192.168.1.17",
{% endif %} {% endif %}
); );
$wgSquidServersNoPurge = array('127.0.0.1'); $wgSquidServersNoPurge = array('127.0.0.1');

123
roles/nagios_client/files/scripts/check_lock_file_age Executable file
View file

@ -0,0 +1,123 @@
#! /usr/bin/perl -w
# check_lock_file_age.pl Copyright (C) 2010 Ricky Elrod <codeblock@fedoraproject.org>
#
# Fork of check_file_age.pl
#
# Checks a lock file's size and modification time to make sure it's not empty
# and that it's sufficiently recent.
#
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty
# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# you should have received a copy of the GNU General Public License
# along with this program (or with Nagios); if not, write to the
# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
# Boston, MA 02111-1307, USA
use strict;
use English;
use Getopt::Long;
use File::stat;
use vars qw($PROGNAME);
use lib "/usr/lib64/nagios/plugins";
use utils qw (%ERRORS &print_revision &support);
sub print_help ();
sub print_usage ();
my ($opt_c, $opt_f, $opt_w, $opt_h, $opt_V);
my ($result, $message, $age, $size, $st);
$PROGNAME="check_lock_file_age";
$opt_w = 1;
$opt_c = 5;
$opt_f = "";
Getopt::Long::Configure('bundling');
GetOptions(
"V" => \$opt_V, "version" => \$opt_V,
"h" => \$opt_h, "help" => \$opt_h,
"f=s" => \$opt_f, "file" => \$opt_f,
"w=f" => \$opt_w, "warning-age=f" => \$opt_w,
"c=f" => \$opt_c, "critical-age=f" => \$opt_c);
if ($opt_V) {
print_revision($PROGNAME, '1.4.14');
exit $ERRORS{'OK'};
}
if ($opt_h) {
print_help();
exit $ERRORS{'OK'};
}
if (($opt_c and $opt_w) and ($opt_c < $opt_w)) {
print "Warning time must be less than Critical time.\n";
exit $ERRORS{'UNKNOWN'};
}
$opt_f = shift unless ($opt_f);
if (! $opt_f) {
print "LOCK_FILE_AGE UNKNOWN: No file specified\n";
exit $ERRORS{'UNKNOWN'};
}
# Check that file exists (can be directory or link)
unless (-e $opt_f) {
print "LOCK_FILE_AGE OK: File not found (Lock file removed) - $opt_f\n";
exit $ERRORS{'OK'};
}
$st = File::stat::stat($opt_f);
$age = time - $st->mtime;
$result = 'OK';
# Convert minutes to seconds
if($opt_c) { $opt_c *= 60; }
if($opt_w) { $opt_w *= 60; }
if ($opt_c and $age > $opt_c) {
$result = 'CRITICAL';
}
elsif ($opt_w and $age > $opt_w) {
$result = 'WARNING';
}
# If the age is higher than 2 minutes, convert seconds -> minutes
# If it's higher than a day, use days.
# Just a nicety, to make people not have to do math ;)
if($age > 86400) { $age = int(($age/86400))." days"; }
elsif($age > 120) { $age = int(($age/60))." minutes"; }
else { $age = "$age seconds"; }
print "LOCK_FILE_AGE $result: $opt_f is $age old.\n";
exit $ERRORS{$result};
sub print_usage () {
print "Usage:\n";
print " $PROGNAME [-w <secs>] [-c <secs>] -f <file>\n";
print " $PROGNAME [-h | --help]\n";
print " $PROGNAME [-V | --version]\n";
}
sub print_help () {
print_revision($PROGNAME, '1.4.14');
print "Copyright (c) 2010 Ricky Elrod\n\n";
print_usage();
print "\n";
print " <mins> File must be no more than this many minutes old (default: warn 1m, crit 5m)\n";
print "\n";
support();
}

84
roles/nagios_client/files/scripts/check_readonly_fs Executable file
View file

@ -0,0 +1,84 @@
#!/bin/bash
# check_readonlyfs: Check for readonly filesystems
# Copyright (C) 2010 Davide Madrisan <davide.madrisan@gmail.com>
PROGNAME=`/bin/basename $0`
PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'`
REVISION=`echo '$Revision: 1 $' | sed -e 's/[^0-9.]//g'`
. $PROGPATH/utils.sh
print_usage() {
echo "Usage: $PROGNAME --no-network-fs"
echo "Usage: $PROGNAME --help"
echo "Usage: $PROGNAME --version"
}
print_help() {
print_revision $PROGNAME $REVISION
echo ""
print_usage
echo ""
echo "readonly filesystem checker plugin for Nagios"
echo ""
support
}
NETFS=1
# Grab the command line arguments
exitstatus=$STATE_WARNING #default
while test -n "$1"; do
case "$1" in
--help|-h)
print_help
exit $STATE_OK
;;
--version|-V)
print_revision $PROGNAME $REVISION
exit $STATE_OK
;;
--no-network-fs|-n)
NETFS="0"
;;
*)
echo "Unknown argument: $1"
print_usage
exit $STATE_UNKNOWN
;;
esac
shift
done
[ -r /proc/mounts ] || { echo "cannot read /proc/mounts!"; exit $STATE_UNKNOWN; }
nerr=0
IFS_SAVE="$IFS"
rofs_list=""
while read dev mp fs mopt ignore; do
[ "$dev" = none ] && continue
case $fs in binfmt_misc|devpts|iso9660|proc|selinuxfs|rpc_pipefs|sysfs|tmpfs|usbfs)
continue ;;
esac
case $fs in autofs|nfs|nfs4|smbfs)
# skip the network filesystems
[ "$NETFS" = 0 ] && continue ;;
esac
IFS=","; set -- $mopt; IFS="$IFS_SAVE"
while :; do
case "$1" in
ro) rofs_list="$rofs_list $mp"; nerr=$(( $nerr + 1 )) ;;
"") shift; break ;;
esac
shift
done
done < <(LC_ALL=C /bin/cat /proc/mounts 2>/dev/null)
[ $nerr -eq 0 ] && { echo OK; exit $STATE_OK; } || echo "$rofs_list: read only fs"
exit $exitstatus

4
roles/nagios_client/tasks/main.yml
View file

@ -33,6 +33,8 @@
- check_supybot_plugin - check_supybot_plugin
- check_datanommer_timesince.py - check_datanommer_timesince.py
- check_memcache_connect - check_memcache_connect
- check_readonly_fs
- check_lock_file_age
when: not inventory_hostname.startswith('noc') when: not inventory_hostname.startswith('noc')
tags: tags:
- nagios_client - nagios_client
@ -78,6 +80,7 @@
with_items: with_items:
- check_mirrorlist_cache.cfg - check_mirrorlist_cache.cfg
- check_raid.cfg - check_raid.cfg
- check_readonly_fs.cfg
- check_cron.cfg - check_cron.cfg
- check_disk.cfg - check_disk.cfg
- check_swap.cfg - check_swap.cfg
@ -94,6 +97,7 @@
- check_supybot_fedmsg_plugin.cfg - check_supybot_fedmsg_plugin.cfg
- check_datanommer_history.cfg - check_datanommer_history.cfg
- check_memcache.cfg - check_memcache.cfg
- check_lock_file_age.cfg
notify: notify:
- restart nrpe - restart nrpe
tags: tags:

1
roles/nagios_client/templates/check_disk.cfg.j2
View file

@ -1,2 +1,3 @@
command[check_disk_/]={{ libdir }}/nagios/plugins/check_disk -w 15% -c 10% -p / command[check_disk_/]={{ libdir }}/nagios/plugins/check_disk -w 15% -c 10% -p /
command[check_disk_/boot]={{ libdir }}/nagios/plugins/check_disk -w 15% -c 10% -p /boot command[check_disk_/boot]={{ libdir }}/nagios/plugins/check_disk -w 15% -c 10% -p /boot
command[check_disk_/srv/cache/lookaside]={{ libdir }}/nagios/plugins/check_disk -w 20% -c 10% -p /srv/cache/lookaside

1
roles/nagios_client/templates/check_lock_file_age.cfg.j2 Normal file
View file

@ -0,0 +1 @@
command[check_lock_file_age]={{ libdir }}/nagios/plugins/check_lock_file_age -w 1 -c 5 -f /var/lock/fedora-ca/lock

1
roles/nagios_client/templates/check_readonly_fs.cfg.j2 Normal file
View file

@ -0,0 +1 @@
command[check_readonly_fs]=/usr/lib64/nagios/plugins/check_readonly_fs

7
roles/nagios_server/files/nagios/hosts/pkgs01.cfg
View file

@ -1,7 +0,0 @@
define host {
host_name pkgs01
alias pkgs01.phx2.fedoraproject.org
use defaulttemplate
address pkgs01.phx2.fedoraproject.org
parents bvirthost07
}

7
roles/nagios_server/files/nagios/hosts/pkgs02.cfg Normal file
View file

@ -0,0 +1,7 @@
define host {
host_name pkgs02
alias pkgs02.phx2.fedoraproject.org
use defaulttemplate
address pkgs02.phx2.fedoraproject.org
parents bvirthost07
}

4
roles/nagios_server/files/nagios/services/disk.cfg
View file

@ -49,14 +49,14 @@ define service {
#} #}
define service { define service {
host_name pkgs01 host_name pkgs02
service_description Check read-only filesystem service_description Check read-only filesystem
check_command check_by_nrpe!check_readonly_fs check_command check_by_nrpe!check_readonly_fs
use disktemplate use disktemplate
} }
define service { define service {
host_name pkgs01 host_name pkgs02
service_description Disk space /srv/cache/lookaside service_description Disk space /srv/cache/lookaside
check_command check_by_nrpe!check_disk_/srv/cache/lookaside check_command check_by_nrpe!check_disk_/srv/cache/lookaside
use disktemplate use disktemplate

36
roles/nagios_server/files/nagios/services/fedmsg.cfg
View file

@ -31,6 +31,13 @@ define service {
use defaulttemplate use defaulttemplate
} }
define service {
host_name proxy01,proxy02,proxy03,proxy04,proxy06,proxy07,proxy08,proxy09
service_description Check for existence fedmsg-gateway proc
check_command check_by_nrpe!check_fedmsg_gateway_proc
use defaulttemplate
}
define service { define service {
host_name anitya-frontend01 host_name anitya-frontend01
service_description Check for fedmsg-relay proc service_description Check for fedmsg-relay proc
@ -60,7 +67,7 @@ define service {
} }
define service { define service {
host_name pkgs01 host_name pkgs02
service_description Check for fedmsg-hub proc service_description Check for fedmsg-hub proc
check_command check_by_nrpe!check_fedmsg_hub_proc check_command check_by_nrpe!check_fedmsg_hub_proc
use defaulttemplate use defaulttemplate
@ -284,6 +291,13 @@ define service {
use defaulttemplate use defaulttemplate
} }
define service {
host_name proxy01,proxy02,proxy03,proxy04,proxy06,proxy07,proxy08,proxy09
service_description Check fedmsg consumers and producers gateway
check_command check_by_nrpe!check_fedmsg_cp_busgateway_gateway
use defaulttemplate
}
define service { define service {
host_name anitya-frontend01 host_name anitya-frontend01
service_description Check fedmsg consumers and producers relay service_description Check fedmsg consumers and producers relay
@ -299,7 +313,7 @@ define service {
} }
define service { define service {
host_name pkgs01 host_name pkgs02
service_description Check fedmsg consumers and producers hub service_description Check fedmsg consumers and producers hub
check_command check_by_nrpe!check_fedmsg_cp_pkgs check_command check_by_nrpe!check_fedmsg_cp_pkgs
use defaulttemplate use defaulttemplate
@ -370,6 +384,13 @@ define service {
use defaulttemplate use defaulttemplate
} }
define service {
host_name proxy01,proxy02,proxy03,proxy04,proxy06,proxy07,proxy08,proxy09
service_description Check fedmsg-gateway consumers exceptions
check_command check_by_nrpe!check_fedmsg_cexceptions_busgateway_gateway
use defaulttemplate
}
define service { define service {
host_name anitya-frontend01 host_name anitya-frontend01
service_description Check fedmsg-relay consumers exceptions service_description Check fedmsg-relay consumers exceptions
@ -385,7 +406,7 @@ define service {
} }
define service { define service {
host_name pkgs01 host_name pkgs02
service_description Check fedmsg-hub consumers exceptions service_description Check fedmsg-hub consumers exceptions
check_command check_by_nrpe!check_fedmsg_cexceptions_pkgs check_command check_by_nrpe!check_fedmsg_cexceptions_pkgs
use defaulttemplate use defaulttemplate
@ -456,6 +477,13 @@ define service {
use defaulttemplate use defaulttemplate
} }
define service {
host_name proxy01,proxy02,proxy03,proxy04,proxy06,proxy07,proxy08,proxy09
service_description Check fedmsg-gateway consumers backlog
check_command check_by_nrpe!check_fedmsg_cbacklog_busgateway_gateway
use defaulttemplate
}
define service { define service {
host_name anitya-frontend01 host_name anitya-frontend01
service_description Check fedmsg-relay consumers backlog service_description Check fedmsg-relay consumers backlog
@ -471,7 +499,7 @@ define service {
} }
define service { define service {
host_name pkgs01 host_name pkgs02
service_description Check fedmsg-hub consumers backlog service_description Check fedmsg-hub consumers backlog
check_command check_by_nrpe!check_fedmsg_cbacklog_pkgs check_command check_by_nrpe!check_fedmsg_cbacklog_pkgs
use defaulttemplate use defaulttemplate

2
roles/nagios_server/files/nagios/services/ssl.cfg
View file

@ -27,7 +27,7 @@ define service {
} }
define service { define service {
host_name pkgs01 host_name pkgs02
service_description Pkgs SSL Cert service_description Pkgs SSL Cert
check_command check_ssl_cert!pkgs.fedoraproject.org!60 check_command check_ssl_cert!pkgs.fedoraproject.org!60
use defaulttemplate use defaulttemplate

8
roles/nagios_server/files/nagios/services/websites.cfg
View file

@ -140,7 +140,7 @@ define service {
define service { define service {
host_name datagrepper01,datagrepper02 host_name datagrepper01,datagrepper02
service_description datagrepper-db-query service_description datagrepper-db-query
check_command check_website!localhost!/datagrepper/raw/?user=ralph&start=0!timestamp check_command check_website!localhost!/datagrepper/raw/?delta=86400!timestamp
max_check_attempts 8 max_check_attempts 8
use internalwebsitetemplate use internalwebsitetemplate
} }
@ -238,9 +238,9 @@ define service {
} }
define service { define service {
host_name pkgs01 host_name pkgs02
service_description Cgit on pkgs01 service_description Cgit on pkgs02
check_command check_website!pkgs01.phx2.fedoraproject.org!/cgit/!Description check_command check_website!pkgs02.phx2.fedoraproject.org!/cgit/!Description
use websitetemplate use websitetemplate
} }

2
roles/openvpn/server/files/ccd/proxy10.phx2.fedoraproject.org Normal file
View file

@ -0,0 +1,2 @@
# ifconfig-push actualIP PtPIP
ifconfig-push 192.168.1.17 192.168.0.17

2
roles/totpcgi/tasks/main.yml
View file

@ -50,7 +50,7 @@
owner=fas group=fas mode=0400 owner=fas group=fas mode=0400
with_items: with_items:
- {file: 2fa-certs/keys/fas-all.phx2.fedoraproject.org.crt, dest: /etc/pki/totpcgi/totpcgi-server.crt } - {file: 2fa-certs/keys/fas-all.phx2.fedoraproject.org.crt, dest: /etc/pki/totpcgi/totpcgi-server.crt }
- {file: 2fa-certs/keys/fas-all.phx2.fedoraproject.org.key, dest: /etc/pki/totpcgi/private/totpcgi-server.key } - {file: 2fa-certs/keys/fas-all.phx2.fedoraproject.org.key, dest: /etc/pki/totpcgi/totpcgi-server.key }
- {file: 2fa-certs/keys/ca.crt, dest: /etc/pki/totpcgi/totpcgi-ca.crt } - {file: 2fa-certs/keys/ca.crt, dest: /etc/pki/totpcgi/totpcgi-ca.crt }
when: master_fas_node == True and not '.stg.' in inventory_hostname when: master_fas_node == True and not '.stg.' in inventory_hostname
tags: tags:

11
vars/fedora-cloud.yml
View file

@ -20,6 +20,17 @@ compute1_private_ip: 172.24.0.10
compute2_public_ip: 209.132.184.11 compute2_public_ip: 209.132.184.11
compute2_private_ip: 172.24.0.11 compute2_private_ip: 172.24.0.11
compute3_public_ip: 209.132.184.12
compute3_private_ip: 172.24.0.12
compute4_public_ip: 209.132.184.13
compute4_private_ip: 172.24.0.13
compute5_public_ip: 209.132.184.14
compute5_private_ip: 172.24.0.14
compute6_public_ip: 209.132.184.15
compute6_private_ip: 172.24.0.15
#Dell Equalogic public variables #Dell Equalogic public variables
EQLX_GROUP: cloud-equallogics EQLX_GROUP: cloud-equallogics