From c529380547879790c105224ea115b64ca767a9da Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 13 May 2020 14:02:41 -0700 Subject: [PATCH] Spring cleaning time. :) I removed all the old files, inventory, playbooks, roles and other from services we no longer run or use. There was a bunch of cruft in there and I hope that will make the repo cleaner and easier to look for things we actually do run and care about. Signed-off-by: Kevin Fenzi --- files/artboard/artboard-backup | 6 - files/artboard/artboard.conf | 16 - files/artboard/redirect.conf | 2 - files/mysql/my.cnf | 74 -- files/newcloud/rhos13.repo | 4 - files/phabricator/phabricator-vhost.conf | 19 - files/phabricator/phabricator.conf.php | 18 - files/trac/trac-vhost.conf | 10 - files/trac/trac.wsgi | 15 - files/twisted/ssh-pub-key | 1 - filter_plugins/openstack.py | 107 --- handlers/restart_services.yml | 18 - inventory/cloud | 18 - inventory/group_vars/OSv3 | 3 - inventory/group_vars/autosign | 11 +- inventory/group_vars/beaker | 51 -- inventory/group_vars/beaker_stg | 37 - inventory/group_vars/keys | 10 - inventory/group_vars/koji_not_yet_ansibilized | 19 - inventory/group_vars/libravatar | 9 - inventory/group_vars/libravatar_stg | 10 - inventory/group_vars/moonshot | 1 - inventory/group_vars/newcloud | 18 - inventory/group_vars/piwik_stg | 8 - inventory/group_vars/repospanner | 25 - inventory/group_vars/twisted_buildbots | 3 - .../batcomputer01.phx2.fedoraproject.org | 17 - .../beaker-stg01.qa.fedoraproject.org | 18 - .../bkernel01.phx2.fedoraproject.org | 4 - .../bkernel02.phx2.fedoraproject.org | 4 - .../buildppc-01.ppc.fedoraproject.org | 3 - .../buildppc-02.ppc.fedoraproject.org | 3 - .../buildppc-03.ppc.fedoraproject.org | 3 - .../buildppc-04.ppc.fedoraproject.org | 3 - .../buildppcle-01.ppc.fedoraproject.org | 3 - .../buildppcle-02.ppc.fedoraproject.org | 3 - .../buildppcle-03.ppc.fedoraproject.org | 3 - .../buildppcle-04.ppc.fedoraproject.org | 3 - .../host_vars/ci-cc-rdu01.fedoraproject.org | 20 - .../fas01.stg.phx2.fedoraproject.org | 14 - .../host_vars/fas03.phx2.fedoraproject.org | 19 - .../fas3-01.stg.phx2.fedoraproject.org | 21 - .../host_vars/ibiblio02.fedoraproject.org | 18 - .../host_vars/ibiblio04.fedoraproject.org | 15 - .../host_vars/infinote.fedoraproject.org | 26 - .../host_vars/kernel01.qa.fedoraproject.org | 5 - inventory/host_vars/keys01.fedoraproject.org | 16 - .../mirrorlist-host1plus.fedoraproject.org | 14 - .../mirrorlist-ibiblio02.fedoraproject.org | 15 - .../mirrorlist-phx2.phx2.fedoraproject.org | 10 - ...mirrorlist-phx2.stg.phx2.fedoraproject.org | 13 - .../host_vars/nagios01.phx2.fedoraproject.org | 32 - .../noc01.stg.phx2.fedoraproject.org | 33 - .../host_vars/pkgdb01.phx2.fedoraproject.org | 12 - .../pkgdb01.stg.phx2.fedoraproject.org | 12 - .../host_vars/pkgdb02.phx2.fedoraproject.org | 12 - inventory/host_vars/relay-stg.ci.centos.org | 71 -- inventory/host_vars/relay.ci.centos.org | 71 -- .../repospanner-cc-rdu01.fedoraproject.org | 26 - .../repospanner-ibiblio01.fedoraproject.org | 19 - .../repospanner-temp01.fedoraproject.org | 24 - .../repospanner-temp02.fedoraproject.org | 27 - .../repospanner-temp03.fedoraproject.org | 24 - .../repospanner01.phx2.fedoraproject.org | 10 - .../simple-koji-ci-prod.fedorainfracloud.org | 14 - .../summershum01.phx2.fedoraproject.org | 14 - .../summershum01.stg.phx2.fedoraproject.org | 14 - inventory/inventory | 6 - library/lvol.py | 401 ---------- playbooks/cloud_prep.yml | 14 - playbooks/destroy_cloud_inst.yml | 25 - playbooks/destroy_virt_inst.yml | 45 -- playbooks/fix_arm_soc.yml | 33 - playbooks/groups/koji-hub.yml | 1 - playbooks/groups/releng-compose.yml | 1 - .../hosts/respins.fedorainfracloud.org.yml | 31 - playbooks/include/proxies-fedora-web.yml | 2 - roles/ansible-ansible-awx/tasks/main.yml | 56 -- roles/ansible-ansible-awx/templates/inventory | 112 --- roles/apps-fp-o/files/apps.yaml | 13 - roles/autosigner/files/endpoints.py | 46 -- roles/autosigner/meta/main.yml | 4 - roles/autosigner/tasks/main.yml | 46 -- .../postfix/main.cf/main.cf.openstack-compute | 687 ------------------ ...main.cf.upstreamfirst.fedorainfracloud.org | 687 ------------------ roles/base/files/resolv.conf/cloud | 4 - roles/base/files/resolv.conf/serverbeach | 4 - roles/base/files/resolv.conf/telia | 4 - roles/base/files/resolv.conf/tummy | 4 - .../base/files/beaker-server-fedora.repo | 11 - roles/beaker/base/tasks/main.yml | 27 - .../base/templates/beaker-server-rhel.repo | 11 - roles/beaker/labcontroller/handlers/main.yml | 10 - roles/beaker/labcontroller/tasks/main.yml | 36 - .../etc/beaker/labcontroller.conf.j2 | 48 -- .../certificate.pem | 20 - .../beaker.qa.fedoraproject.org/metadata.xml | 35 - .../certificate.pem | 19 - .../idp-metadata.xml | 81 --- .../beaker.stg.fedoraproject.org/metadata.xml | 34 - roles/beaker/server/handlers/main.yml | 6 - roles/beaker/server/tasks/client.yml | 18 - roles/beaker/server/tasks/main.yml | 130 ---- .../server/templates/beaker-server.conf | 96 --- .../server/templates/etc/beaker/server.cfg.j2 | 152 ---- .../templates/root/beaker-client-config.j2 | 4 - roles/beaker/virthost/defaults/main.yml | 4 - roles/beaker/virthost/files/libvirt.conf | 18 - roles/beaker/virthost/tasks/main.yml | 149 ---- .../virthost/templates/10-libvirt.rules.j2 | 4 - .../virthost/templates/client-libvirt.xml.j2 | 51 -- .../beaker/virthost/templates/ifcfg-bridge.j2 | 18 - .../beaker/virthost/templates/ifcfg-device.j2 | 6 - .../virthost/templates/libvirtd.conf.j2 | 429 ----------- roles/certbot/README | 37 - roles/certbot/files/acme-challenge.conf | 3 - roles/certbot/tasks/main.yml | 14 - roles/fedora-web/magazine/tasks/main.yml | 11 - .../templates/fedoramagazine-web.conf | 18 - .../anitya-backend01.fedoraproject.org-hosts | 4 - .../anitya-frontend01.fedoraproject.org-hosts | 4 - ...rm01-builder22.arm.fedoraproject.org-hosts | 11 - ...rm01-builder23.arm.fedoraproject.org-hosts | 11 - .../files/ask01.phx2.fedoraproject.org-hosts | 6 - .../files/ask02.phx2.fedoraproject.org-hosts | 6 - ...ckend-libvirt.phx2.fedoraproject.org-hosts | 5 - ...-backend-vbox.phx2.fedoraproject.org-hosts | 3 - .../bodhi01.phx2.fedoraproject.org-hosts | 4 - .../bodhi02.phx2.fedoraproject.org-hosts | 4 - ...backend01.stg.phx2.fedoraproject.org-hosts | 8 - ...ocs-backend01.phx2.fedoraproject.org-hosts | 4 - .../fas01.stg.phx2.fedoraproject.org-hosts | 4 - .../hotness01.phx2.fedoraproject.org-hosts | 5 - ...hotness01.stg.phx2.fedoraproject.org-hosts | 9 - .../ppc-koji01.ppc.fedoraproject.org-hosts | 2 - ...repospanner01.phx2.fedoraproject.org-hosts | 7 - roles/hosts/files/serverbeach-hosts | 5 - .../summershum01.phx2.fedoraproject.org-hosts | 5 - ...undercloud01.cloud.fedoraproject.org-hosts | 3 - roles/koji_builder/meta/main.yml | 3 - roles/libravatar/files/cron.daily/backup | 18 - .../libravatar/files/cron.daily/certbot-renew | 3 - roles/libravatar/files/pg/pg_hba.conf | 9 - roles/libravatar/handlers/main.yml | 5 - roles/libravatar/tasks/main.yml | 157 ---- roles/libravatar/tasks/mount_fs.yml | 8 - .../templates/httpd/libravatar-app.include | 25 - .../templates/httpd/libravatar.conf | 83 --- roles/nginx/README.md | 72 -- roles/nginx/defaults/main.yml | 18 - roles/nginx/files/etc/logrotate.d/nginx | 13 - .../nginx/files/etc/nginx/conf.d/default.conf | 44 -- roles/nginx/handlers/main.yml | 5 - roles/nginx/tasks/main.yml | 5 - roles/nginx/tasks/nginx.yml | 33 - roles/nginx/tasks/ssl-setup.yml | 45 -- roles/nginx/templates/etc/nginx/nginx.conf.j2 | 50 -- roles/nginx/templates/example_ssl.conf.2 | 29 - roles/ntp/files/step-tickers | 7 - roles/ntp/tasks/main.yml | 27 - roles/ntp/templates/ntp.conf.j2 | 36 - roles/openstack/block_storage/tasks/main.yml | 2 - roles/openstack/compute/tasks/main.yml | 2 - roles/openstack/dashboard/tasks/main.yml | 2 - .../openstack/data_processing/tasks/main.yml | 2 - roles/openstack/database/tasks/main.yml | 7 - roles/openstack/identity/tasks/main.yml | 2 - roles/openstack/image/tasks/main.yml | 2 - roles/openstack/message_broker/tasks/main.yml | 2 - roles/openstack/networking/tasks/main.yml | 2 - roles/openstack/object/tasks/main.yml | 2 - roles/openstack/orchestration/tasks/main.yml | 2 - roles/openstack/prep/tasks/main.yml | 13 - .../shared_file_system/tasks/main.yml | 2 - roles/openstack/telemetry/tasks/main.yml | 2 - .../telemetry_alarming/tasks/main.yml | 2 - roles/openstack/test_suite/tasks/main.yml | 2 - .../time_series_database/tasks/main.yml | 2 - .../files/empty_publican_site.db | Bin 4096 -> 0 bytes roles/publican_webhost/files/fedwatch.conf | 26 - roles/publican_webhost/tasks/main.yml | 35 - .../templates/20-docs-trigger.sh | 36 - .../templates/koji-tag-package.repo | 7 - .../templates/publican-website.cfg | 6 - roles/rdbsync/tasks/main.yml | 26 - roles/rdbsync/templates/rdbsync.service | 14 - roles/repospanner/bridge/tasks/main.yml | 62 -- .../bridge/templates/repoBridge.json | 10 - roles/repospanner/server/tasks/main.yml | 127 ---- .../server/templates/repoSpanner.service | 13 - .../server/templates/repoSpanner.yml | 44 -- roles/summershum/files/patched-fedmsg-hub | 16 - roles/yum-cron/tasks/main.yml | 25 - roles/yum-cron/templates/yum-cron.conf.j2 | 76 -- tasks/cloud_setup_basic.yml | 89 --- tasks/growroot_cloud.yml | 31 - tasks/growroot_cloud_el7.yml | 30 - tasks/persistent_cloud.yml | 109 --- tasks/transient_cloud.yml | 55 -- tasks/transient_newcloud.yml | 52 -- 200 files changed, 4 insertions(+), 6667 deletions(-) delete mode 100755 files/artboard/artboard-backup delete mode 100644 files/artboard/artboard.conf delete mode 100644 files/artboard/redirect.conf delete mode 100644 files/mysql/my.cnf delete mode 100644 files/newcloud/rhos13.repo delete mode 100644 files/phabricator/phabricator-vhost.conf delete mode 100644 files/phabricator/phabricator.conf.php delete mode 100644 files/trac/trac-vhost.conf delete mode 100644 files/trac/trac.wsgi delete mode 100644 files/twisted/ssh-pub-key delete mode 100644 filter_plugins/openstack.py delete mode 100644 inventory/group_vars/OSv3 delete mode 100644 inventory/group_vars/beaker delete mode 100644 inventory/group_vars/beaker_stg delete mode 100644 inventory/group_vars/keys delete mode 100644 inventory/group_vars/koji_not_yet_ansibilized delete mode 100644 inventory/group_vars/libravatar delete mode 100644 inventory/group_vars/libravatar_stg delete mode 100644 inventory/group_vars/moonshot delete mode 100644 inventory/group_vars/newcloud delete mode 100644 inventory/group_vars/piwik_stg delete mode 100644 inventory/group_vars/repospanner delete mode 100644 inventory/group_vars/twisted_buildbots delete mode 100644 inventory/host_vars/batcomputer01.phx2.fedoraproject.org delete mode 100644 inventory/host_vars/beaker-stg01.qa.fedoraproject.org delete mode 100644 inventory/host_vars/bkernel01.phx2.fedoraproject.org delete mode 100644 inventory/host_vars/bkernel02.phx2.fedoraproject.org delete mode 100644 inventory/host_vars/buildppc-01.ppc.fedoraproject.org delete mode 100644 inventory/host_vars/buildppc-02.ppc.fedoraproject.org delete mode 100644 inventory/host_vars/buildppc-03.ppc.fedoraproject.org delete mode 100644 inventory/host_vars/buildppc-04.ppc.fedoraproject.org delete mode 100644 inventory/host_vars/buildppcle-01.ppc.fedoraproject.org delete mode 100644 inventory/host_vars/buildppcle-02.ppc.fedoraproject.org delete mode 100644 inventory/host_vars/buildppcle-03.ppc.fedoraproject.org delete mode 100644 inventory/host_vars/buildppcle-04.ppc.fedoraproject.org delete mode 100644 inventory/host_vars/ci-cc-rdu01.fedoraproject.org delete mode 100644 inventory/host_vars/fas01.stg.phx2.fedoraproject.org delete mode 100644 inventory/host_vars/fas03.phx2.fedoraproject.org delete mode 100644 inventory/host_vars/fas3-01.stg.phx2.fedoraproject.org delete mode 100644 inventory/host_vars/ibiblio02.fedoraproject.org delete mode 100644 inventory/host_vars/ibiblio04.fedoraproject.org delete mode 100644 inventory/host_vars/infinote.fedoraproject.org delete mode 100644 inventory/host_vars/kernel01.qa.fedoraproject.org delete mode 100644 inventory/host_vars/keys01.fedoraproject.org delete mode 100644 inventory/host_vars/mirrorlist-host1plus.fedoraproject.org delete mode 100644 inventory/host_vars/mirrorlist-ibiblio02.fedoraproject.org delete mode 100644 inventory/host_vars/mirrorlist-phx2.phx2.fedoraproject.org delete mode 100644 inventory/host_vars/mirrorlist-phx2.stg.phx2.fedoraproject.org delete mode 100644 inventory/host_vars/nagios01.phx2.fedoraproject.org delete mode 100644 inventory/host_vars/noc01.stg.phx2.fedoraproject.org delete mode 100644 inventory/host_vars/pkgdb01.phx2.fedoraproject.org delete mode 100644 inventory/host_vars/pkgdb01.stg.phx2.fedoraproject.org delete mode 100644 inventory/host_vars/pkgdb02.phx2.fedoraproject.org delete mode 100644 inventory/host_vars/relay-stg.ci.centos.org delete mode 100644 inventory/host_vars/relay.ci.centos.org delete mode 100644 inventory/host_vars/repospanner-cc-rdu01.fedoraproject.org delete mode 100644 inventory/host_vars/repospanner-ibiblio01.fedoraproject.org delete mode 100644 inventory/host_vars/repospanner-temp01.fedoraproject.org delete mode 100644 inventory/host_vars/repospanner-temp02.fedoraproject.org delete mode 100644 inventory/host_vars/repospanner-temp03.fedoraproject.org delete mode 100644 inventory/host_vars/repospanner01.phx2.fedoraproject.org delete mode 100644 inventory/host_vars/simple-koji-ci-prod.fedorainfracloud.org delete mode 100644 inventory/host_vars/summershum01.phx2.fedoraproject.org delete mode 100644 inventory/host_vars/summershum01.stg.phx2.fedoraproject.org delete mode 100644 library/lvol.py delete mode 100644 playbooks/cloud_prep.yml delete mode 100644 playbooks/destroy_cloud_inst.yml delete mode 100644 playbooks/destroy_virt_inst.yml delete mode 100644 playbooks/fix_arm_soc.yml delete mode 100644 playbooks/hosts/respins.fedorainfracloud.org.yml delete mode 100644 roles/ansible-ansible-awx/tasks/main.yml delete mode 100644 roles/ansible-ansible-awx/templates/inventory delete mode 100644 roles/autosigner/files/endpoints.py delete mode 100644 roles/autosigner/meta/main.yml delete mode 100644 roles/autosigner/tasks/main.yml delete mode 100644 roles/base/files/postfix/main.cf/main.cf.openstack-compute delete mode 100644 roles/base/files/postfix/main.cf/main.cf.upstreamfirst.fedorainfracloud.org delete mode 100644 roles/base/files/resolv.conf/cloud delete mode 100644 roles/base/files/resolv.conf/serverbeach delete mode 100644 roles/base/files/resolv.conf/telia delete mode 100644 roles/base/files/resolv.conf/tummy delete mode 100644 roles/beaker/base/files/beaker-server-fedora.repo delete mode 100644 roles/beaker/base/tasks/main.yml delete mode 100644 roles/beaker/base/templates/beaker-server-rhel.repo delete mode 100644 roles/beaker/labcontroller/handlers/main.yml delete mode 100644 roles/beaker/labcontroller/tasks/main.yml delete mode 100644 roles/beaker/labcontroller/templates/etc/beaker/labcontroller.conf.j2 delete mode 100644 roles/beaker/server/files/saml2/beaker.qa.fedoraproject.org/certificate.pem delete mode 100644 roles/beaker/server/files/saml2/beaker.qa.fedoraproject.org/metadata.xml delete mode 100644 roles/beaker/server/files/saml2/beaker.stg.fedoraproject.org/certificate.pem delete mode 100644 roles/beaker/server/files/saml2/beaker.stg.fedoraproject.org/idp-metadata.xml delete mode 100644 roles/beaker/server/files/saml2/beaker.stg.fedoraproject.org/metadata.xml delete mode 100644 roles/beaker/server/handlers/main.yml delete mode 100644 roles/beaker/server/tasks/client.yml delete mode 100644 roles/beaker/server/tasks/main.yml delete mode 100644 roles/beaker/server/templates/beaker-server.conf delete mode 100644 roles/beaker/server/templates/etc/beaker/server.cfg.j2 delete mode 100644 roles/beaker/server/templates/root/beaker-client-config.j2 delete mode 100644 roles/beaker/virthost/defaults/main.yml delete mode 100644 roles/beaker/virthost/files/libvirt.conf delete mode 100644 roles/beaker/virthost/tasks/main.yml delete mode 100644 roles/beaker/virthost/templates/10-libvirt.rules.j2 delete mode 100644 roles/beaker/virthost/templates/client-libvirt.xml.j2 delete mode 100644 roles/beaker/virthost/templates/ifcfg-bridge.j2 delete mode 100644 roles/beaker/virthost/templates/ifcfg-device.j2 delete mode 100644 roles/beaker/virthost/templates/libvirtd.conf.j2 delete mode 100644 roles/certbot/README delete mode 100644 roles/certbot/files/acme-challenge.conf delete mode 100644 roles/certbot/tasks/main.yml delete mode 100644 roles/fedora-web/magazine/tasks/main.yml delete mode 100644 roles/fedora-web/magazine/templates/fedoramagazine-web.conf delete mode 100644 roles/hosts/files/anitya-backend01.fedoraproject.org-hosts delete mode 100644 roles/hosts/files/anitya-frontend01.fedoraproject.org-hosts delete mode 100644 roles/hosts/files/arm01-builder22.arm.fedoraproject.org-hosts delete mode 100644 roles/hosts/files/arm01-builder23.arm.fedoraproject.org-hosts delete mode 100644 roles/hosts/files/ask01.phx2.fedoraproject.org-hosts delete mode 100644 roles/hosts/files/ask02.phx2.fedoraproject.org-hosts delete mode 100644 roles/hosts/files/autocloud-backend-libvirt.phx2.fedoraproject.org-hosts delete mode 100644 roles/hosts/files/autocloud-backend-vbox.phx2.fedoraproject.org-hosts delete mode 100644 roles/hosts/files/bodhi01.phx2.fedoraproject.org-hosts delete mode 100644 roles/hosts/files/bodhi02.phx2.fedoraproject.org-hosts delete mode 100644 roles/hosts/files/darkserver-backend01.stg.phx2.fedoraproject.org-hosts delete mode 100644 roles/hosts/files/docs-backend01.phx2.fedoraproject.org-hosts delete mode 100644 roles/hosts/files/fas01.stg.phx2.fedoraproject.org-hosts delete mode 100644 roles/hosts/files/hotness01.phx2.fedoraproject.org-hosts delete mode 100644 roles/hosts/files/hotness01.stg.phx2.fedoraproject.org-hosts delete mode 100644 roles/hosts/files/ppc-koji01.ppc.fedoraproject.org-hosts delete mode 100644 roles/hosts/files/repospanner01.phx2.fedoraproject.org-hosts delete mode 100644 roles/hosts/files/serverbeach-hosts delete mode 100644 roles/hosts/files/summershum01.phx2.fedoraproject.org-hosts delete mode 100644 roles/hosts/files/undercloud01.cloud.fedoraproject.org-hosts delete mode 100644 roles/koji_builder/meta/main.yml delete mode 100755 roles/libravatar/files/cron.daily/backup delete mode 100755 roles/libravatar/files/cron.daily/certbot-renew delete mode 100644 roles/libravatar/files/pg/pg_hba.conf delete mode 100644 roles/libravatar/handlers/main.yml delete mode 100644 roles/libravatar/tasks/main.yml delete mode 100644 roles/libravatar/tasks/mount_fs.yml delete mode 100644 roles/libravatar/templates/httpd/libravatar-app.include delete mode 100644 roles/libravatar/templates/httpd/libravatar.conf delete mode 100644 roles/nginx/README.md delete mode 100644 roles/nginx/defaults/main.yml delete mode 100644 roles/nginx/files/etc/logrotate.d/nginx delete mode 100644 roles/nginx/files/etc/nginx/conf.d/default.conf delete mode 100644 roles/nginx/handlers/main.yml delete mode 100644 roles/nginx/tasks/main.yml delete mode 100644 roles/nginx/tasks/nginx.yml delete mode 100644 roles/nginx/tasks/ssl-setup.yml delete mode 100644 roles/nginx/templates/etc/nginx/nginx.conf.j2 delete mode 100644 roles/nginx/templates/example_ssl.conf.2 delete mode 100644 roles/ntp/files/step-tickers delete mode 100644 roles/ntp/tasks/main.yml delete mode 100644 roles/ntp/templates/ntp.conf.j2 delete mode 100644 roles/openstack/block_storage/tasks/main.yml delete mode 100644 roles/openstack/compute/tasks/main.yml delete mode 100644 roles/openstack/dashboard/tasks/main.yml delete mode 100644 roles/openstack/data_processing/tasks/main.yml delete mode 100644 roles/openstack/database/tasks/main.yml delete mode 100644 roles/openstack/identity/tasks/main.yml delete mode 100644 roles/openstack/image/tasks/main.yml delete mode 100644 roles/openstack/message_broker/tasks/main.yml delete mode 100644 roles/openstack/networking/tasks/main.yml delete mode 100644 roles/openstack/object/tasks/main.yml delete mode 100644 roles/openstack/orchestration/tasks/main.yml delete mode 100644 roles/openstack/prep/tasks/main.yml delete mode 100644 roles/openstack/shared_file_system/tasks/main.yml delete mode 100644 roles/openstack/telemetry/tasks/main.yml delete mode 100644 roles/openstack/telemetry_alarming/tasks/main.yml delete mode 100644 roles/openstack/test_suite/tasks/main.yml delete mode 100644 roles/openstack/time_series_database/tasks/main.yml delete mode 100644 roles/publican_webhost/files/empty_publican_site.db delete mode 100644 roles/publican_webhost/files/fedwatch.conf delete mode 100644 roles/publican_webhost/tasks/main.yml delete mode 100755 roles/publican_webhost/templates/20-docs-trigger.sh delete mode 100644 roles/publican_webhost/templates/koji-tag-package.repo delete mode 100644 roles/publican_webhost/templates/publican-website.cfg delete mode 100644 roles/rdbsync/tasks/main.yml delete mode 100644 roles/rdbsync/templates/rdbsync.service delete mode 100644 roles/repospanner/bridge/tasks/main.yml delete mode 100644 roles/repospanner/bridge/templates/repoBridge.json delete mode 100644 roles/repospanner/server/tasks/main.yml delete mode 100644 roles/repospanner/server/templates/repoSpanner.service delete mode 100644 roles/repospanner/server/templates/repoSpanner.yml delete mode 100644 roles/summershum/files/patched-fedmsg-hub delete mode 100644 roles/yum-cron/tasks/main.yml delete mode 100644 roles/yum-cron/templates/yum-cron.conf.j2 delete mode 100644 tasks/cloud_setup_basic.yml delete mode 100644 tasks/growroot_cloud.yml delete mode 100644 tasks/growroot_cloud_el7.yml delete mode 100644 tasks/persistent_cloud.yml delete mode 100644 tasks/transient_cloud.yml delete mode 100644 tasks/transient_newcloud.yml diff --git a/files/artboard/artboard-backup b/files/artboard/artboard-backup deleted file mode 100755 index dd5e18952a..0000000000 --- a/files/artboard/artboard-backup +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh -SNAPSHOTTIME=$(date +"%m-%d-%Y") -cd /srv/persist -echo "Snapshot taken $SNAPSHOTTIME.\n" >> /var/www/html/artboard/artboard-backup-summary.log -tar -zcvf "artboard-backup.tar.gz" artboard - diff --git a/files/artboard/artboard.conf b/files/artboard/artboard.conf deleted file mode 100644 index 2728550aba..0000000000 --- a/files/artboard/artboard.conf +++ /dev/null @@ -1,16 +0,0 @@ - - Options Indexes FollowSymLinks - - AllowOverride All - - - # Apache 2.4 - Require all granted - - - # Apache 2.2 - Order deny,allow - Allow from all - - - diff --git a/files/artboard/redirect.conf b/files/artboard/redirect.conf deleted file mode 100644 index fad4ddfa41..0000000000 --- a/files/artboard/redirect.conf +++ /dev/null @@ -1,2 +0,0 @@ -RedirectMatch "^/$" /artboard/ - diff --git a/files/mysql/my.cnf b/files/mysql/my.cnf deleted file mode 100644 index fb4a7de97d..0000000000 --- a/files/mysql/my.cnf +++ /dev/null @@ -1,74 +0,0 @@ -[mysqld] -datadir=/var/lib/mysql -socket=/var/lib/mysql/mysql.sock -user=mysql -# Default to using old password format for compatibility with mysql 3.x -# clients (those using the mysqlclient10 compatibility package). -old_passwords=1 -max_connections=900 -query_cache_size=64M -query_cache_limit=2M -ft_min_word_len=3 - -log-slow-queries=/var/log/mysqld/slow-queries.log -long_query_time = 2 -general_log = 1 -general_log_file = /var/log/mysqld/mysql-transfer.log - -skip-locking -key_buffer = 384M -key_buffer_size=64M -max_allowed_packet = 16M -table_cache = 2048 -sort_buffer_size = 8M -join_buffer_size = 8M -read_buffer_size = 2M -read_rnd_buffer_size = 16M -bulk_insert_buffer_size = 64M -myisam_sort_buffer_size = 128M -myisam_max_sort_file_size=15G -myisam_max_extra_sort_file_size = 10G -thread_cache_size = 8 -# Try number of CPU's*2 for thread_concurrency -thread_concurrency = 16 -thread_stack = 192K - -transaction_isolation = REPEATABLE-READ - -back_log = 50 -binlog_cache_size = 1M -max_heap_table_size = 128M - -tmp_table_size = 128M - -innodb_additional_mem_pool_size = 16M -innodb_buffer_pool_size = 4G -innodb_file_io_threads = 4 -innodb_thread_concurrency = 16 -innodb_flush_log_at_trx_commit = 1 -innodb_log_buffer_size = 8M -#innodb_log_file_size = 2G -#innodb_log_files_in_group = 3 -innodb_max_dirty_pages_pct = 90 - - -[mysqld_safe] -log-error=/var/log/mysqld.log -pid-file=/var/run/mysqld/mysqld.pid -open-files-limit = 8192 - -[isamchk] -key_buffer = 512M -sort_buffer_size = 512M -read_buffer = 8M -write_buffer = 8M - -[myisamchk] -key_buffer = 512M -sort_buffer_size = 512M -read_buffer = 8M -write_buffer = 8M - -[mysqlhotcopy] -interactive-timeout - diff --git a/files/newcloud/rhos13.repo b/files/newcloud/rhos13.repo deleted file mode 100644 index c2000cdabc..0000000000 --- a/files/newcloud/rhos13.repo +++ /dev/null @@ -1,4 +0,0 @@ -[rhel7-rhos13] -name = rhel7 openstack $basearch -baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-openstack-13-rpms -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release diff --git a/files/phabricator/phabricator-vhost.conf b/files/phabricator/phabricator-vhost.conf deleted file mode 100644 index abf1d6f3a6..0000000000 --- a/files/phabricator/phabricator-vhost.conf +++ /dev/null @@ -1,19 +0,0 @@ -NameVirtualHost *:80 - - - Options All - AllowOverride All - Require all granted - - - - ServerName {{domain}} - DocumentRoot /srv/www/facebook/phabricator/webroot - - RewriteEngine on - RewriteRule ^/rsrc/(.*) - [L,QSA] - RewriteRule ^/favicon.ico - [L,QSA] - RewriteRule ^(.*)$ /index.php?__path__=$1 [B,L,QSA] - - SetEnv PHABRICATOR_ENV custom/myconfig - diff --git a/files/phabricator/phabricator.conf.php b/files/phabricator/phabricator.conf.php deleted file mode 100644 index f15abc8ded..0000000000 --- a/files/phabricator/phabricator.conf.php +++ /dev/null @@ -1,18 +0,0 @@ - 'http://{{domain}}/', - - 'mysql.host' => 'localhost', - 'mysql.user' => 'root', - - 'metamta.default-address' => 'phabricator@{{domain}}', - 'metamta.domain' => '{{domain}}', - - 'phabricator.timezone' => 'America/New_York', - 'pygments.enabled' => true, - - // NOTE: Check default.conf.php for detailed explanations of all the - // configuration options, including these. - -) + phabricator_read_config_file('production'); diff --git a/files/trac/trac-vhost.conf b/files/trac/trac-vhost.conf deleted file mode 100644 index 113ce3dff9..0000000000 --- a/files/trac/trac-vhost.conf +++ /dev/null @@ -1,10 +0,0 @@ - - ServerName trac-dev.cloud.fedoraproject.org - WSGIScriptAlias / /srv/www/trac/trac.wsgi - - - WSGIProcessGroup %{GLOBAL} - Order deny,allow - Allow from all - - diff --git a/files/trac/trac.wsgi b/files/trac/trac.wsgi deleted file mode 100644 index 2162930d9e..0000000000 --- a/files/trac/trac.wsgi +++ /dev/null @@ -1,15 +0,0 @@ -import __main__ -if hasattr(__main__, '__requires__'): - if isinstance(__main__.__requires__, basestring): - __main__.__requires__ = [__main__.__requires__] -else: - __main__.__requires__ = [] -__main__.__requires__.append('Trac') - -import os - -os.environ['TRAC_ENV_PARENT_DIR'] = '/srv/www/trac/projects' -os.environ['PYTHON_EGG_CACHE'] = '/var/cache/trac' - -import trac.web.main -application = trac.web.main.dispatch_request diff --git a/files/twisted/ssh-pub-key b/files/twisted/ssh-pub-key deleted file mode 100644 index 01232559f6..0000000000 --- a/files/twisted/ssh-pub-key +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDxFYkms3bEGIGpH0Dg0JgvsdHI/pWkS4ynCn/poyVcKc+SL1StKoOFPzzFh7dGVIeQ6q8MLbm246H8Swx57R13Q3bhtTs5Gpy5bNC7HejkWbrrMEJuKxVKhIintbC+tT04OFBFklVePuxacsc3EBdTHSnz9o41MfJnjv58VxJB5bwfgsV7FMDLHnBpujlPPH1hZG5A0fwD8VgCwaRVirIs9Kw35yKEUm8D76vOxjAqm7UTexEcPNFb4tYGzI00hbPS374FzoO4ZuXxv1ymakw9iyL54Hwbyj8JxBbgfZ6TvgLSSN9OU+KRqz1NqfepSj+y8up0Q+W8J5UObvf02VZrJKVgnIVe5gw4iDx/5E7F4qmf8qa5YUlJnP3LWRz6jhtQE+m6Ro7zItnoqPR3EtQZ9rMgaS1+/qPX7hcB35hlGZbhj0IDY+HE98ehUivUuxSoLOp8c+COaJ2b5+wSQigi9jRYx0qPeCOCCtA8vF8z4SOmD3I6IsPzlCiejeC5y3tWoQqJPR430TPBJ7CMNbbHPNF8GyzM7vFukqSpgacLq1f/YgBwqiRLVk+ktgUM/+fHuE6mUDMdE+Ag2lfwHnLI7DOwaJdr7JoAoSi6R+uTRhx1d4AET1sMv/HXKD+4Abu0WyaT3l/xO+hBABz+KO33gPUdCsKOw7lvJFZRC+OSyQ== diff --git a/filter_plugins/openstack.py b/filter_plugins/openstack.py deleted file mode 100644 index 81407f0ab6..0000000000 --- a/filter_plugins/openstack.py +++ /dev/null @@ -1,107 +0,0 @@ -from ansible import errors -from glanceclient import Client as GlanceClient -from keystoneclient import session -from keystoneclient.auth.identity import v2 as identity -from neutronclient.neutron.client import Client as NeutronClient -from novaclient.v3.client import Client -import glanceclient.exc -import json -import novaclient.exceptions - -def flavor_id_to_name(host_vars, user, password, tenant, auth_url): - nt = Client(user, password, tenant, auth_url, service_type="compute") - try: - flavor = nt.flavors.get(host_vars) - except novaclient.exceptions.NotFound: - raise errors.AnsibleFilterError('There is no flavor of name {0} accessible for tenant {1}'.format(host_vars, tenant)) - return flavor.name - - -def flavor_name_to_id(host_vars, user, password, tenant, auth_url): - nt = Client(user, password, tenant, auth_url, service_type="compute") - for i in nt.flavors.list(): - if i.name == host_vars: - return i.id - raise errors.AnsibleFilterError('There is no flavor of id {0} accessible for tenant {1}'.format(host_vars, tenant)) - -def image_id_to_name(host_vars, user, password, tenant, auth_url): - auth = identity.Password(auth_url=auth_url, username=user, - password=password, tenant_name=tenant) - sess = session.Session(auth=auth) - token = auth.get_token(sess) - endpoint = auth.get_endpoint(sess, service_name='glance', service_type='image') - glance = GlanceClient('2', endpoint=endpoint, token=token) - try: - return glance.images.get(host_vars).name - except glanceclient.exc.HTTPNotFound: - raise errors.AnsibleFilterError('There is no image of id {0} accessible for tenant {1}'.format(host_vars, tenant)) - -def image_name_to_id(host_vars, user, password, tenant, auth_url): - auth = identity.Password(auth_url=auth_url, username=user, - password=password, tenant_name=tenant) - sess = session.Session(auth=auth) - token = auth.get_token(sess) - endpoint = auth.get_endpoint(sess, service_name='glance', service_type='image') - glance = GlanceClient('2', endpoint=endpoint, token=token) - for i in glance.images.list(): - if i.name == host_vars: - return i.id - raise errors.AnsibleFilterError('There is no image of name {0} accessible for tenant {1}'.format(host_vars, tenant)) - -def network_name_to_id(host_vars, user, password, tenant, auth_url): - """ Accept one name of network or list of names of networks and return the same - structure, but names replaced by ids of the network(s). """ - auth = identity.Password(auth_url=auth_url, username=user, - password=password, tenant_name=tenant) - sess = session.Session(auth=auth) - token = auth.get_token(sess) - endpoint = auth.get_endpoint(sess, service_name='neutron', service_type='network') - neutron = NeutronClient('2.0', endpoint_url=endpoint, token=token) - result_as_list = isinstance(host_vars, list) - if not result_as_list: - host_vars = [host_vars] - result = [] - for net in host_vars: - networks = neutron.list_networks(name=net, fields='name')["networks"] - if networks: - result += [networks[0]['id']] - else: - raise errors.AnsibleFilterError('There is no network of name {0} accessible for tenant {1}'.format(net, tenant)) - if result_as_list: - return result - else: - return result[0] - -def network_id_to_name(host_vars, user, password, tenant, auth_url): - """ Accept one id of network or list of ids of networks and return the same - structure, but ids replaced by name of the network(s). """ - auth = identity.Password(auth_url=auth_url, username=user, - password=password, tenant_name=tenant) - sess = session.Session(auth=auth) - token = auth.get_token(sess) - endpoint = auth.get_endpoint(sess, service_name='neutron', service_type='network') - neutron = NeutronClient('2.0', endpoint_url=endpoint, token=token) - result_as_list = isinstance(host_vars, list) - if not result_as_list: - host_vars = [host_vars] - result = [] - for net in host_vars: - networks = neutron.list_networks(id=net, fields='name')["networks"] - if networks: - result += [networks[0]['name']] - else: - raise errors.AnsibleFilterError('There is no network of id {0} accessible for tenant {1}'.format(net, tenant)) - if result_as_list: - return result - else: - return result[0] - -class FilterModule (object): - def filters(self): - return {"flavor_id_to_name": flavor_id_to_name, - "flavor_name_to_id": flavor_name_to_id, - "image_id_to_name": image_id_to_name, - "image_name_to_id": image_name_to_id, - "network_name_to_id": network_name_to_id, - "network_id_to_name": network_id_to_name, - } diff --git a/handlers/restart_services.yml b/handlers/restart_services.yml index 33c4efa5bb..df87e9e200 100644 --- a/handlers/restart_services.yml +++ b/handlers/restart_services.yml @@ -86,9 +86,6 @@ - name: fix openvpn routing action: shell /etc/openvpn/fix-routes.sh -- name: restart xinetd - action: service name=xinetd state=restarted - - name: restart netapproute action: command /etc/sysconfig/network-scripts/ifup-routes eth1 @@ -110,9 +107,6 @@ - name: restart glusterd service: name=glusterd state=restarted -- name: restart supervisord - service: name=supervisord state=restarted - - name: run rkhunter command: rkhunter --propupd @@ -145,15 +139,6 @@ - name: restart stunnel service: name=stunnel state=restarted -- name: restart cinder api - service: name=openstack-cinder-api state=restarted - -- name: restart cinder scheduler - service: name=openstack-cinder-scheduler state=restarted - -- name: restart cinder volume - service: name=openstack-cinder-volume state=restarted - - name: restart mirrorlist-server service: name=mirrorlist-server state=restarted @@ -187,6 +172,3 @@ name: rabbitmq-server state: restarted daemon_reload: yes - -- name: restart repoSpanner - action: service name=repoSpanner state=restarted diff --git a/inventory/cloud b/inventory/cloud index e35a1d9a1b..d7a651d8a7 100644 --- a/inventory/cloud +++ b/inventory/cloud @@ -1,16 +1,3 @@ -#[cloud_phx2] -## -## Hardware -## -#virthost-aarch64-os01.fedorainfracloud.org -#virthost-aarch64-os02.fedorainfracloud.org -#virthost-cloud01.fedorainfracloud.org -#virthost-os01.fedorainfracloud.org -#virthost-os02.fedorainfracloud.org -#virthost-os03.fedorainfracloud.org -#storinator01.fedorainfracloud.org -#cloudvmhost-aarch64-01.fedorainfracloud.org - ## ## New Community Hardware ## @@ -55,11 +42,6 @@ el7-test.fedorainfracloud.org #aarch64-test02.fedorainfracloud.org # iddev iddev.fedorainfracloud.org -# respins -# exists in aws, we don't manage it. -#respins01.fedorainfracloud.org -# koji simple ci development - ticket 6419 -simple-koji-ci-prod.fedorainfracloud.org retrace-stg.aws.fedoraproject.org # This is not in aws, but here is good enough for now ppc64le-test.fedorainfracloud.org diff --git a/inventory/group_vars/OSv3 b/inventory/group_vars/OSv3 deleted file mode 100644 index 9a8bacd348..0000000000 --- a/inventory/group_vars/OSv3 +++ /dev/null @@ -1,3 +0,0 @@ ---- -ansible_ssh_user: root -deployment_type: origin diff --git a/inventory/group_vars/autosign b/inventory/group_vars/autosign index 38ed1ba7b1..ec8f65fe29 100644 --- a/inventory/group_vars/autosign +++ b/inventory/group_vars/autosign @@ -27,11 +27,8 @@ csi_security_category: High csi_primary_contact: Release Engineering - rel-eng@lists.fedoraproject.org csi_purpose: Automatically sign Rawhide and Branched packages csi_relationship: | - This host will run the autosigner.py script which should automatically sign - new rawhide and branched builds. It listens to koji over fedmsg for - notifications of new builds, and then asks sigul, the signing server, to - sign the rpms and store the new rpm header back in Koji. + This host will run the robosignatory application which should automatically sign + builds. It listens to koji over fedora-messaging for notifications of new builds, + and then asks sigul, the signing server, to sign the rpms and store the new rpm + header back in Koji. - The script[1] currently runs in the foreground from a git checkout. - - [1] https://pagure.io/releng/blob/master/f/scripts/autosigner.py diff --git a/inventory/group_vars/beaker b/inventory/group_vars/beaker deleted file mode 100644 index 1f51c08b65..0000000000 --- a/inventory/group_vars/beaker +++ /dev/null @@ -1,51 +0,0 @@ ---- -lvm_size: 50000 -mem_size: 4096 -num_cpus: 2 - -tcp_ports: [ 80, 443, 8000 ] -udp_ports: [ 69 ] -fas_client_groups: sysadmin-qa,sysadmin-main,fi-apprentice,sysadmin-noc,sysadmin-veteran -nrpe_procs_warn: 250 -nrpe_procs_crit: 300 - -freezes: false - -virt_install_command: "{{ virt_install_command_one_nic }}" - -# settings for the beaker db, server and lab controller -beaker_db_host: localhost -beaker_db_name: beaker -beaker_db_user: "{{ prod_beaker_db_user }}" -beaker_db_password: "{{ prod_beaker_db_password }}" -mariadb_root_password: "{{ prod_beaker_mariadb_root_password }}" - -beaker_server_url: "https://beaker.qa.fedoraproject.org" -beaker_server_cname: "beaker.qa.fedoraproject.org" -beaker_server_hostname: "beaker01.qa.fedoraproject.org" -beaker_server_admin_user: "{{ prod_beaker_server_admin_user }}" -beaker_server_admin_pass: "{{ prod_beaker_server_admin_pass }}" -beaker_server_email: "sysadmin-qa-members@fedoraproject.org" - -beaker_oidc_token_info_url: "https://id.fedoraproject.org/openidc/TokenInfo" -beaker_oidc_client_id: "beaker-prod" -beaker_oidc_client_secret: "{{ prod_beaker_oidc_client_secret }}" - -beaker_lab_controller_username: "host/beaker01.qa.fedoraproject.org" -beaker_lab_controller_password: "{{ prod_beaker_lab_controller_password }}" - -extra_enablerepos: '' - -# These variables are pushed into /etc/system_identification by the base role. -# Groups and individual hosts should ovveride them with specific info. -# See http://infrastructure.fedoraproject.org/csi/security-policy/ - -csi_security_category: Low -csi_primary_contact: Fedora Admins - admin@fedoraproject.org -csi_purpose: Manage and automate labs of test computers -csi_relationship: | - There are a couple of things running here. - - beaker lab controller which serves files for network booting, monitors - console logs, and executes fence commands to reboot systems. - - tftp server run by the lab controller for pxe booting provisioned systems - . libvirt for virtualization capabilities diff --git a/inventory/group_vars/beaker_stg b/inventory/group_vars/beaker_stg deleted file mode 100644 index 2866daf988..0000000000 --- a/inventory/group_vars/beaker_stg +++ /dev/null @@ -1,37 +0,0 @@ ---- -lvm_size: 50000 -mem_size: 4096 -num_cpus: 2 - -tcp_ports: [ 80, 443, 8000 ] -udp_ports: [ 69 ] -fas_client_groups: sysadmin-qa,sysadmin-main,fi-apprentice,sysadmin-noc,sysadmin-veteran -nrpe_procs_warn: 250 -nrpe_procs_crit: 300 - -freezes: false - -virt_install_command: "{{ virt_install_command_rhel6 }}" - -# settings for the beaker db, server and lab controller -beaker_db_host: localhost -beaker_db_name: beaker -beaker_db_user: "{{ stg_beaker_db_user }}" -beaker_db_password: "{{ stg_beaker_db_password }}" -mariadb_root_password: "{{ stg_beaker_mariadb_root_password }}" - -beaker_server_url: "https://beaker.stg.qa.fedoraproject.org" -beaker_server_cname: "beaker.stg.fedoraproject.org" -beaker_server_hostname: "beaker-stg01.qa.fedoraproject.org" -beaker_server_admin_user: "{{ stg_beaker_server_admin_user }}" -beaker_server_admin_pass: "{{ stg_beaker_server_admin_pass }}" -beaker_server_email: "sysadmin-qa-members@fedoraproject.org" - -beaker_oidc_token_info_url: "https://id.stg.fedoraproject.org/openidc/TokenInfo" -beaker_oidc_client_id: "beaker-stg" -beaker_oidc_client_secret: "{{ stg_beaker_oidc_client_secret }}" - -beaker_lab_controller_username: "host/beaker-stg01.qa.fedoraproject.org" -beaker_lab_controller_password: "{{ stg_beaker_lab_controller_password }}" - -extra_enablerepos: '' diff --git a/inventory/group_vars/keys b/inventory/group_vars/keys deleted file mode 100644 index d648277826..0000000000 --- a/inventory/group_vars/keys +++ /dev/null @@ -1,10 +0,0 @@ ---- -freezes: false -lvm_size: 40000 -mem_size: 4096 -num_cpus: 4 -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file - -tcp_ports: [ 80, 443, 11370, 11371 ] -fas_client_groups: sysadmin-noc,sysadmin-keys,sysadmin-veteran diff --git a/inventory/group_vars/koji_not_yet_ansibilized b/inventory/group_vars/koji_not_yet_ansibilized deleted file mode 100644 index dffe7d5fb2..0000000000 --- a/inventory/group_vars/koji_not_yet_ansibilized +++ /dev/null @@ -1,19 +0,0 @@ -# See the comment with the explanation of this group in ``inventory/inventory`` -fedmsg_certs: -- service: shell - owner: root - group: sysadmin - can_send: - - logger.log -- service: koji - owner: root - group: apache - can_send: - - buildsys.build.state.change - - buildsys.package.list.change - - buildsys.repo.done - - buildsys.repo.init - - buildsys.rpm.sign - - buildsys.tag - - buildsys.task.state.change - - buildsys.untag diff --git a/inventory/group_vars/libravatar b/inventory/group_vars/libravatar deleted file mode 100644 index b8aa26bfdd..0000000000 --- a/inventory/group_vars/libravatar +++ /dev/null @@ -1,9 +0,0 @@ -resolvconf: "resolv.conf/cloud" -git_branch: master -server_name: www.libravatar.org -cdn_server_name: cdn.libravatar.org -cdn_server_alias: seccdn.libravatar.org -server_redirect_name: "libravatar.org libravatar.com www.libravatar.com" -server_cert_name: libravatar.org -cdn_server_cert_name: cdn.libravatar.org -mail_to: clime@fedoraproject.org diff --git a/inventory/group_vars/libravatar_stg b/inventory/group_vars/libravatar_stg deleted file mode 100644 index d67517ed7c..0000000000 --- a/inventory/group_vars/libravatar_stg +++ /dev/null @@ -1,10 +0,0 @@ -resolvconf: "resolv.conf/cloud" -git_branch: devel -server_name: libravatar-stg.fedorainfracloud.org -cdn_server_name: libravatar-stg.fedorainfracloud.org -cdn_server_alias: libravatar-stg.fedorainfracloud.org -server_redirect_name: libravatar-stg.fedorainfracloud.org -server_cert_name: libravatar-stg.fedorainfracloud.org -cdn_server_cert_name: libravatar-stg.fedorainfracloud.org -prod_pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzOpYy2W3hqlvrdpbprv1BAvxh9IsjlVizzxKBo7FvKcj6Xwk1UZXqQqQTBSgEAsuYhTiTIcHK3V4y6xwrSvVQJy0ciqBtPdrAp8z8S+2xBx4uvdc8sb2n8XQGIEkJHel6wIHE+0mCv/PoHn9OPc+bjNFQkncmb7SKbiojll7kiWGdmVzgutrwUULqXcDbsZ1u+HL8Edh7v43IwmK9nVAeA8K8W9rab1EIlFL1oh5z1rrgxV7Gv9OVLbh4NI95DFrHHNEaeH2PpWrdVAYypMSGg2rTOH+mbgYsHhCbA9KRCKkJAqXlOBymGsQuO0yFv2gTzLx+8BkJ3IrXYdhFvoLt root@libravatar.fedorainfracloud.org" -mail_to: clime@fedoraproject.org diff --git a/inventory/group_vars/moonshot b/inventory/group_vars/moonshot deleted file mode 100644 index ed97d539c0..0000000000 --- a/inventory/group_vars/moonshot +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/inventory/group_vars/newcloud b/inventory/group_vars/newcloud deleted file mode 100644 index 9aca60028b..0000000000 --- a/inventory/group_vars/newcloud +++ /dev/null @@ -1,18 +0,0 @@ ---- -datacenter: cloud -nm: 255.255.254.0 -gw: 209.132.184.254 -eth1_nm: 255.255.254.0 -eth1_gw: 172.23.1.254 -fas_client_groups: sysadmin-main -dns: 8.8.8.8 -freezes: false -ansible_ifcfg_whitelist: ['eth1'] -baseiptables: false -ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q cloud-noc01.fedorainfracloud.org"' -nagios_Check_Services: - mail: false - nrpe: false - sshd: false - swap: false - ping: false diff --git a/inventory/group_vars/piwik_stg b/inventory/group_vars/piwik_stg deleted file mode 100644 index 44d9280ef3..0000000000 --- a/inventory/group_vars/piwik_stg +++ /dev/null @@ -1,8 +0,0 @@ ---- -lvm_size: 20000 -mem_size: 8192 -# probably 4 in prod: -num_cpus: 2 - -tcp_ports: [ 80 ] -fas_client_groups: sysadmin-noc,sysadmin-web,sysadmin-veteran diff --git a/inventory/group_vars/repospanner b/inventory/group_vars/repospanner deleted file mode 100644 index b30d1a2c87..0000000000 --- a/inventory/group_vars/repospanner +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Define resources for this group of hosts here. -lvm_size: 500000 -mem_size: 32768 -max_mem_size: 32768 -num_cpus: 8 - -# For the MOTD -csi_security_category: High -csi_primary_contact: admin@fedoraproject.org / sysadmin-main-members -csi_purpose: repospanner git syncing host - -custom_rules: [ '-A INPUT -p tcp -m tcp -s 8.43.84.211 --dport 8443:8445 -j ACCEPT', - '-A INPUT -p tcp -m tcp -s 8.43.84.212 --dport 8443:8445 -j ACCEPT', - '-A INPUT -p tcp -m tcp -s 8.43.85.76 --dport 8443:8445 -j ACCEPT', - '-A INPUT -p tcp -m tcp -s 152.19.134.149 --dport 8443:8445 -j ACCEPT', - '-A INPUT -p tcp -m tcp -s 209.132.181.20 --dport 8443:8445 -j ACCEPT', - '-A INPUT -p tcp -m tcp -s 192.168.1.180 --dport 8443:8445 -j ACCEPT', - '-A INPUT -p tcp -m tcp -s 192.168.1.184 --dport 8443:8445 -j ACCEPT', - '-A INPUT -p tcp -m tcp -s 192.168.1.185 --dport 8443:8445 -j ACCEPT', - '-A INPUT -p tcp -m tcp -s 10.5.126.23 --dport 8443:8445 -j ACCEPT', - '-A INPUT -p tcp -m tcp -s 192.168.1.41 --dport 8442:8443 -j ACCEPT', - '-A INPUT -p tcp -m tcp -s 192.168.100.8 --dport 8442:8443 -j ACCEPT'] - -## End of file diff --git a/inventory/group_vars/twisted_buildbots b/inventory/group_vars/twisted_buildbots deleted file mode 100644 index 954d613a97..0000000000 --- a/inventory/group_vars/twisted_buildbots +++ /dev/null @@ -1,3 +0,0 @@ ---- -freezes: false -datacenter: cloud diff --git a/inventory/host_vars/batcomputer01.phx2.fedoraproject.org b/inventory/host_vars/batcomputer01.phx2.fedoraproject.org deleted file mode 100644 index 6472fcd44f..0000000000 --- a/inventory/host_vars/batcomputer01.phx2.fedoraproject.org +++ /dev/null @@ -1,17 +0,0 @@ ---- -nm: 255.255.255.0 -gw: 10.5.126.254 -dns: 10.5.126.21 - -ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 -ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ - -volgroup: /dev/vg_guests -eth0_ip: 10.5.126.6 -vmhost: virthost22.phx2.fedoraproject.org -datacenter: phx2 - -lvm_size: 50g -mem_size: 8192 -max_mem_size: 16384 -num_cpus: 4 diff --git a/inventory/host_vars/beaker-stg01.qa.fedoraproject.org b/inventory/host_vars/beaker-stg01.qa.fedoraproject.org deleted file mode 100644 index 5dd94ed023..0000000000 --- a/inventory/host_vars/beaker-stg01.qa.fedoraproject.org +++ /dev/null @@ -1,18 +0,0 @@ ---- -nm: 255.255.255.0 -gw: 10.5.124.254 -dns: 10.5.126.21 -ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 -ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ -volgroup: /dev/vg_guests -eth0_ip: 10.5.124.141 -eth0_nm: 255.255.255.128 -vmhost: virthost-comm04.qa.fedoraproject.org -datacenter: phx2 -fas_client_groups: sysadmin-qa,sysadmin-main -collectd_apache: "" - -# it'd be nice to have this done automagically but I don't know of a reasonable easy way to do that -beaker_virthost_signatures: - - hostname: 'qa04.qa.fedoraproject.org,10.5.124.154' - signature: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcv0X3KnCYYn5xowtKEYcnroNkihoyyfyVhRU8xt3nLmxSbmUHdjd1FWlhUuaOziKxLKe2NPQOS6ExDhgZKkqOTl73KJWIYPx8Uz3MITvGoYLIJ1EhFwEkVb2dlLsbsgKTVMnIht4Ri8HUZf4pHMmTUgWfS6Te32DJwF8dbpe7Xc45fjzWOYH3PcLxrKWR94Qaz228H+pWQuVBYwsk7evZA9NMmChiJG9rCXAynCbGCpEMyW46uDGAPSBDGdAGvSq9+9MrXmQQzWsLcGpWh9zomzkwhO4aOvN7lWI442JO594MCpp9OZfxT9D0JsTcCq6nGaQV/Sqj3hZwh0APb//x' diff --git a/inventory/host_vars/bkernel01.phx2.fedoraproject.org b/inventory/host_vars/bkernel01.phx2.fedoraproject.org deleted file mode 100644 index c07c1e5ed4..0000000000 --- a/inventory/host_vars/bkernel01.phx2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -gw: 10.5.125.254 -eth0_ip: 10.5.125.51 -eth1_ip: 10.5.127.30 diff --git a/inventory/host_vars/bkernel02.phx2.fedoraproject.org b/inventory/host_vars/bkernel02.phx2.fedoraproject.org deleted file mode 100644 index 7d2eb61d02..0000000000 --- a/inventory/host_vars/bkernel02.phx2.fedoraproject.org +++ /dev/null @@ -1,4 +0,0 @@ ---- -gw: 10.5.125.254 -eth0_ip: 10.5.125.52 -eth1_ip: 10.5.127.31 diff --git a/inventory/host_vars/buildppc-01.ppc.fedoraproject.org b/inventory/host_vars/buildppc-01.ppc.fedoraproject.org deleted file mode 100644 index cfd338712f..0000000000 --- a/inventory/host_vars/buildppc-01.ppc.fedoraproject.org +++ /dev/null @@ -1,3 +0,0 @@ ---- -vmhost: ppc8-02.ppc.fedoraproject.org -eth0_ip: 10.5.129.64 diff --git a/inventory/host_vars/buildppc-02.ppc.fedoraproject.org b/inventory/host_vars/buildppc-02.ppc.fedoraproject.org deleted file mode 100644 index 492c67abdb..0000000000 --- a/inventory/host_vars/buildppc-02.ppc.fedoraproject.org +++ /dev/null @@ -1,3 +0,0 @@ ---- -vmhost: ppc8-03.ppc.fedoraproject.org -eth0_ip: 10.5.129.66 diff --git a/inventory/host_vars/buildppc-03.ppc.fedoraproject.org b/inventory/host_vars/buildppc-03.ppc.fedoraproject.org deleted file mode 100644 index 3d9e063ef1..0000000000 --- a/inventory/host_vars/buildppc-03.ppc.fedoraproject.org +++ /dev/null @@ -1,3 +0,0 @@ ---- -vmhost: ppc8-01.ppc.fedoraproject.org -eth0_ip: 10.5.129.67 diff --git a/inventory/host_vars/buildppc-04.ppc.fedoraproject.org b/inventory/host_vars/buildppc-04.ppc.fedoraproject.org deleted file mode 100644 index 7aad71eae3..0000000000 --- a/inventory/host_vars/buildppc-04.ppc.fedoraproject.org +++ /dev/null @@ -1,3 +0,0 @@ ---- -vmhost: ppc8-03.ppc.fedoraproject.org -eth0_ip: 10.5.129.68 diff --git a/inventory/host_vars/buildppcle-01.ppc.fedoraproject.org b/inventory/host_vars/buildppcle-01.ppc.fedoraproject.org deleted file mode 100644 index 63087cc2f1..0000000000 --- a/inventory/host_vars/buildppcle-01.ppc.fedoraproject.org +++ /dev/null @@ -1,3 +0,0 @@ ---- -vmhost: ppc8-02.ppc.fedoraproject.org -eth0_ip: 10.5.129.65 diff --git a/inventory/host_vars/buildppcle-02.ppc.fedoraproject.org b/inventory/host_vars/buildppcle-02.ppc.fedoraproject.org deleted file mode 100644 index 5cd7816d10..0000000000 --- a/inventory/host_vars/buildppcle-02.ppc.fedoraproject.org +++ /dev/null @@ -1,3 +0,0 @@ ---- -vmhost: ppc8-03.ppc.fedoraproject.org -eth0_ip: 10.5.129.69 diff --git a/inventory/host_vars/buildppcle-03.ppc.fedoraproject.org b/inventory/host_vars/buildppcle-03.ppc.fedoraproject.org deleted file mode 100644 index 17fc9f121a..0000000000 --- a/inventory/host_vars/buildppcle-03.ppc.fedoraproject.org +++ /dev/null @@ -1,3 +0,0 @@ ---- -vmhost: ppc8-01.ppc.fedoraproject.org -eth0_ip: 10.5.129.70 diff --git a/inventory/host_vars/buildppcle-04.ppc.fedoraproject.org b/inventory/host_vars/buildppcle-04.ppc.fedoraproject.org deleted file mode 100644 index a69618af30..0000000000 --- a/inventory/host_vars/buildppcle-04.ppc.fedoraproject.org +++ /dev/null @@ -1,3 +0,0 @@ ---- -vmhost: ppc8-03.ppc.fedoraproject.org -eth0_ip: 10.5.129.71 diff --git a/inventory/host_vars/ci-cc-rdu01.fedoraproject.org b/inventory/host_vars/ci-cc-rdu01.fedoraproject.org deleted file mode 100644 index 8d83973095..0000000000 --- a/inventory/host_vars/ci-cc-rdu01.fedoraproject.org +++ /dev/null @@ -1,20 +0,0 @@ ---- -nrpe_procs_warn: 900 -nrpe_procs_crit: 1000 -datacenter: rdu-cc -eth0_ip: 8.43.85.69 -eth0_nm: 255.255.255.0 -gw: 8.43.85.254 -nm: 255.255.255.0 -dns: 8.8.8.8 -postfix_group: vpn -vpn: true -volgroup: /dev/vg_guests -vmhost: virthost-cc-rdu01.fedoraproject.org -deployment_type: prod -db_backup_dir: ['/backups'] -dbs_to_backup: ['resultsdb'] - -ks_url: http://209.132.181.6/repo/rhel/ks/kvm-fedora-28-ext -#ks_repo: http://209.132.181.6/pub/fedora/linux/releases/28/Server/x86_64/os/ -ks_repo: http://download-cc-rdu01.fedoraproject.org/pub/fedora/linux/releases/28/Server/x86_64/os/ diff --git a/inventory/host_vars/fas01.stg.phx2.fedoraproject.org b/inventory/host_vars/fas01.stg.phx2.fedoraproject.org deleted file mode 100644 index c70e5a77c7..0000000000 --- a/inventory/host_vars/fas01.stg.phx2.fedoraproject.org +++ /dev/null @@ -1,14 +0,0 @@ ---- -nm: 255.255.255.0 -gw: 10.5.128.254 -dns: 10.5.126.21 -ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 -ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ -volgroup: /dev/vg_guests -eth0_ip: 10.5.128.129 -vmhost: virthost04.stg.phx2.fedoraproject.org -datacenter: phx2 - -# There's only this server in stg, so it does certs. -master_fas_node: True -gen_cert: True diff --git a/inventory/host_vars/fas03.phx2.fedoraproject.org b/inventory/host_vars/fas03.phx2.fedoraproject.org deleted file mode 100644 index c376c7a5b9..0000000000 --- a/inventory/host_vars/fas03.phx2.fedoraproject.org +++ /dev/null @@ -1,19 +0,0 @@ ---- -nm: 255.255.255.0 -gw: 10.5.126.254 -dns: 10.5.126.21 -ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 -ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ -volgroup: /dev/vg_guests -eth0_ip: 10.5.126.30 -vmhost: virthost06.phx2.fedoraproject.org -datacenter: phx2 - -# This is not the master production fas node, it doesn't do certs -master_fas_node: False -gen_cert: False - -# GDPR SAR variables -sar_script: "echo \"https://admin.fedoraproject.org/accounts/user/view/${SAR_USERNAME}\"" -sar_script_user: nobody -sar_output_file: fas.link diff --git a/inventory/host_vars/fas3-01.stg.phx2.fedoraproject.org b/inventory/host_vars/fas3-01.stg.phx2.fedoraproject.org deleted file mode 100644 index 032f6906ac..0000000000 --- a/inventory/host_vars/fas3-01.stg.phx2.fedoraproject.org +++ /dev/null @@ -1,21 +0,0 @@ ---- -nm: 255.255.255.0 -gw: 10.5.128.254 -dns: 10.5.126.21 - -ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 -ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ - -volgroup: /dev/vg_guests -eth0_ip: 10.5.128.130 -vmhost: virthost04.stg.phx2.fedoraproject.org -datacenter: phx2 - -nagios_Check_Services: - mail: false - nrpe: false - swap: false - -tcp_ports: -- 22 -- 80 diff --git a/inventory/host_vars/ibiblio02.fedoraproject.org b/inventory/host_vars/ibiblio02.fedoraproject.org deleted file mode 100644 index 81490b0194..0000000000 --- a/inventory/host_vars/ibiblio02.fedoraproject.org +++ /dev/null @@ -1,18 +0,0 @@ ---- -nrpe_procs_warn: 900 -nrpe_procs_crit: 1000 -datacenter: ibiblio -nm: 255.255.255.0 -gw: 152.19.134.129 -fas_client_groups: sysadmin-main -dns: 8.8.8.8 -br0_ip: 152.19.134.138 -br0_nm: 255.255.255.128 -has_ipv6: yes -br0_ipv6: "2610:28:3090:3001:dead:beef:cafe:fe02" -br0_ipv6_gw: "2610:28:3090:3001::1" - -postfix_group: vpn -vpn: true - -freezes: true diff --git a/inventory/host_vars/ibiblio04.fedoraproject.org b/inventory/host_vars/ibiblio04.fedoraproject.org deleted file mode 100644 index 55ba9fb3b2..0000000000 --- a/inventory/host_vars/ibiblio04.fedoraproject.org +++ /dev/null @@ -1,15 +0,0 @@ ---- -nrpe_procs_warn: 900 -nrpe_procs_crit: 1000 -datacenter: ibiblio -nm: 255.255.255.128 -gw: 152.19.134.129 -dns: 152.2.21.1 -br0_ip: 152.19.134.136 -br0_nm: 255.255.255.128 -has_ipv6: yes -br0_ipv6: "2610:28:3090:3001:dead:beef:cafe:fe04" -br0_ipv6_gw: "2610:28:3090:3001::1" - -postfix_group: vpn -vpn: true diff --git a/inventory/host_vars/infinote.fedoraproject.org b/inventory/host_vars/infinote.fedoraproject.org deleted file mode 100644 index 86ebeacc3d..0000000000 --- a/inventory/host_vars/infinote.fedoraproject.org +++ /dev/null @@ -1,26 +0,0 @@ ---- -nrpe_procs_warn: 900 -nrpe_procs_crit: 1000 -eth0_ip: 8.43.85.68 -eth0_nm: 255.255.255.0 -gw: 8.43.85.254 -nm: 255.255.255.0 -dns: 8.8.8.8 -deployment_type: prod - -volgroup: /dev/vg_guests -vmhost: virthost-cc-rdu02.fedoraproject.org -datacenter: rdu-cc - -has_ipv6: yes -eth0_ipv6: "2620:52:3:1:dead:beef:cafe:fed4" -eth0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" - -postfix_group: vpn -vpn: true - - -ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext -ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/ - -host_backup_targets: ['/srv'] diff --git a/inventory/host_vars/kernel01.qa.fedoraproject.org b/inventory/host_vars/kernel01.qa.fedoraproject.org deleted file mode 100644 index 18e138bc93..0000000000 --- a/inventory/host_vars/kernel01.qa.fedoraproject.org +++ /dev/null @@ -1,5 +0,0 @@ ---- -nm: 255.255.255.0 -gw: 10.5.124.254 -dns: 10.5.126.21 -eth0_ip: 10.5.124.173 diff --git a/inventory/host_vars/keys01.fedoraproject.org b/inventory/host_vars/keys01.fedoraproject.org deleted file mode 100644 index 0452e4d281..0000000000 --- a/inventory/host_vars/keys01.fedoraproject.org +++ /dev/null @@ -1,16 +0,0 @@ ---- -nm: 255.255.255.128 -gw: 140.211.169.193 -dns: 8.8.8.8 -ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-ext -ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ -volgroup: /dev/vg_guests -eth0_ip: 140.211.169.207 -eth0_nm: 255.255.255.128 -has_ipv6: yes -eth0_ipv6: "2605:bc80:3010:600:dead:beef:cafe:fedc" -eth0_ipv6_gw: "2605:bc80:3010:600::1" -lvm_size: 80000 - -vmhost: osuosl02.fedoraproject.org -datacenter: osuosl diff --git a/inventory/host_vars/mirrorlist-host1plus.fedoraproject.org b/inventory/host_vars/mirrorlist-host1plus.fedoraproject.org deleted file mode 100644 index 03682070eb..0000000000 --- a/inventory/host_vars/mirrorlist-host1plus.fedoraproject.org +++ /dev/null @@ -1,14 +0,0 @@ ---- -# This is now a cloud instance provided by host1plus -# vmhost: none -datacenter: host1plus - -ansible_ifcfg_blacklist: true - -nagios_Check_Services: - nrpe: true - sshd: true - named: false - dhcpd: false - httpd: true - swap: false diff --git a/inventory/host_vars/mirrorlist-ibiblio02.fedoraproject.org b/inventory/host_vars/mirrorlist-ibiblio02.fedoraproject.org deleted file mode 100644 index 5d362acae1..0000000000 --- a/inventory/host_vars/mirrorlist-ibiblio02.fedoraproject.org +++ /dev/null @@ -1,15 +0,0 @@ ---- -nm: 255.255.255.128 -gw: 152.19.134.129 -dns: 152.2.21.1 -ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-ext -ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ -volgroup: /dev/vg_guests -eth0_ip: 152.19.134.197 -eth0_nm: 255.255.255.128 -has_ipv6: yes -eth0_ipv6: "2610:28:3090:3001:5054:ff:feb5:5472" -eth0_ipv6_gw: "2610:28:3090:3001::1" - -vmhost: ibiblio05.fedoraproject.org -datacenter: ibiblio diff --git a/inventory/host_vars/mirrorlist-phx2.phx2.fedoraproject.org b/inventory/host_vars/mirrorlist-phx2.phx2.fedoraproject.org deleted file mode 100644 index 55807ae464..0000000000 --- a/inventory/host_vars/mirrorlist-phx2.phx2.fedoraproject.org +++ /dev/null @@ -1,10 +0,0 @@ ---- -nm: 255.255.255.0 -gw: 10.5.126.254 -dns: 10.5.126.21 -ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 -ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ -volgroup: /dev/vg_guests00 -eth0_ip: 10.5.126.50 -vmhost: virthost14.phx2.fedoraproject.org -datacenter: phx2 diff --git a/inventory/host_vars/mirrorlist-phx2.stg.phx2.fedoraproject.org b/inventory/host_vars/mirrorlist-phx2.stg.phx2.fedoraproject.org deleted file mode 100644 index fca101118b..0000000000 --- a/inventory/host_vars/mirrorlist-phx2.stg.phx2.fedoraproject.org +++ /dev/null @@ -1,13 +0,0 @@ ---- -lvm_size: 20000 -mem_size: 2048 -num_cpus: 2 -nm: 255.255.255.0 -gw: 10.5.128.254 -dns: 10.5.126.21 -ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 -ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ -volgroup: /dev/vg_virthost16 -eth0_ip: 10.5.128.149 -vmhost: virthost05.stg.phx2.fedoraproject.org -datacenter: phx2 diff --git a/inventory/host_vars/nagios01.phx2.fedoraproject.org b/inventory/host_vars/nagios01.phx2.fedoraproject.org deleted file mode 100644 index 65c31d5a4e..0000000000 --- a/inventory/host_vars/nagios01.phx2.fedoraproject.org +++ /dev/null @@ -1,32 +0,0 @@ ---- -nm: 255.255.255.0 -gw: 10.5.126.254 -dns: 10.5.126.21 -eth0_ip: 10.5.126.241 - -ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 -ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ -volgroup: /dev/vg_virthost -vmhost: virthost18.phx2.fedoraproject.org -datacenter: phx2 - -tcp_ports: ['22', '80', '443', '67', '68'] -udp_ports: ['67','68','69'] -custom_rules: [ - '-A INPUT -p tcp -m tcp -s 192.168.1.20 --dport 5666 -j ACCEPT', - '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', - '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', -] - -csi_relationship: | - nagios01 is a test mode for monitoring nagios instance to the phx datacenter. - - * This host relies on: - - the virthost it's hosted on (virthost17.phx2.fedoraproject.org) - - FAS to authenticate users - - VPN connectivity - - * Things that rely on this host: - - Infrastructure team to be awair of the infra status. operations control process will fail - - if this host is down, it will be difficult to know the status of infra and provide reactive/proactive support - - if this host is down, dhcp/bootp leases/renew will fail. pxe booting will fail as well diff --git a/inventory/host_vars/noc01.stg.phx2.fedoraproject.org b/inventory/host_vars/noc01.stg.phx2.fedoraproject.org deleted file mode 100644 index 584b8e808a..0000000000 --- a/inventory/host_vars/noc01.stg.phx2.fedoraproject.org +++ /dev/null @@ -1,33 +0,0 @@ ---- -nm: 255.255.255.0 -gw: 10.5.128.254 -dns: 10.5.126.21 - -ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 -ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ -volgroup: /dev/vg_virthost16 -vmhost: virthost05.stg.phx2.fedoraproject.org -datacenter: phx2 - -tcp_ports: ['22', '80', '443', '67', '68'] -udp_ports: ['67','68','69'] -custom_rules: [ - '-A INPUT -p tcp -m tcp -s 192.168.1.20 --dport 5666 -j ACCEPT', - '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', - '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', -] - -eth0_ip: 10.5.128.38 -csi_relationship: | - noc01.stg is the internal monitoring nagios instance to the phx datacenter. - - * This host relies on: - - the virthost it's hosted on (virthost17.phx2.fedoraproject.org) - - FAS to authenticate users - - VPN connectivity - - * Things that rely on this host: - - Infrastructure team to be awair of the infra status. operations control process will fail - - if this host is down, it will be difficult to know the status of infra and provide reactive/proactive support - - if this host is down, dhcp/bootp leases/renew will fail. pxe booting will fail as well - diff --git a/inventory/host_vars/pkgdb01.phx2.fedoraproject.org b/inventory/host_vars/pkgdb01.phx2.fedoraproject.org deleted file mode 100644 index 3cea2def49..0000000000 --- a/inventory/host_vars/pkgdb01.phx2.fedoraproject.org +++ /dev/null @@ -1,12 +0,0 @@ ---- -nm: 255.255.255.0 -gw: 10.5.126.254 -dns: 10.5.126.21 - -ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 -ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ - -volgroup: /dev/vg_guests -eth0_ip: 10.5.126.15 -vmhost: virthost14.phx2.fedoraproject.org -datacenter: phx2 diff --git a/inventory/host_vars/pkgdb01.stg.phx2.fedoraproject.org b/inventory/host_vars/pkgdb01.stg.phx2.fedoraproject.org deleted file mode 100644 index de9cb9196f..0000000000 --- a/inventory/host_vars/pkgdb01.stg.phx2.fedoraproject.org +++ /dev/null @@ -1,12 +0,0 @@ ---- -nm: 255.255.255.0 -gw: 10.5.128.254 -dns: 10.5.126.21 - -ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 -ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ - -volgroup: /dev/vg_guests -eth0_ip: 10.5.128.174 -vmhost: virthost01.stg.phx2.fedoraproject.org -datacenter: phx2 diff --git a/inventory/host_vars/pkgdb02.phx2.fedoraproject.org b/inventory/host_vars/pkgdb02.phx2.fedoraproject.org deleted file mode 100644 index e6a6515b20..0000000000 --- a/inventory/host_vars/pkgdb02.phx2.fedoraproject.org +++ /dev/null @@ -1,12 +0,0 @@ ---- -nm: 255.255.255.0 -gw: 10.5.126.254 -dns: 10.5.126.21 - -ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 -ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ - -volgroup: /dev/vg_guests -eth0_ip: 10.5.126.16 -vmhost: virthost12.phx2.fedoraproject.org -datacenter: phx2 diff --git a/inventory/host_vars/relay-stg.ci.centos.org b/inventory/host_vars/relay-stg.ci.centos.org deleted file mode 100644 index ea4935d576..0000000000 --- a/inventory/host_vars/relay-stg.ci.centos.org +++ /dev/null @@ -1,71 +0,0 @@ ---- -# These are consumed by a task in roles/fedmsg/base/main.yml -fedmsg_certs: -- service: shell - owner: root - group: sysadmin - can_send: - - logger.log -- service: fedmsg - owner: root - group: root - can_send: - - ci.pipeline.allpackages-build.complete - - ci.pipeline.allpackages-build.image.complete - - ci.pipeline.allpackages-build.image.queued - - ci.pipeline.allpackages-build.image.running - - ci.pipeline.allpackages-build.package.complete - - ci.pipeline.allpackages-build.package.ignore - - ci.pipeline.allpackages-build.package.ignored - - ci.pipeline.allpackages-build.package.queued - - ci.pipeline.allpackages-build.package.running - - ci.pipeline.allpackages-build.package.test.functional.complete - - ci.pipeline.allpackages-build.package.test.functional.queued - - ci.pipeline.allpackages-build.package.test.functional.running - - ci.pipeline.allpackages-pr.complete - - ci.pipeline.allpackages-pr.ignore - - ci.pipeline.allpackages-pr.ignored - - ci.pipeline.allpackages-pr.image.complete - - ci.pipeline.allpackages-pr.image.ignore - - ci.pipeline.allpackages-pr.image.ignored - - ci.pipeline.allpackages-pr.image.queued - - ci.pipeline.allpackages-pr.image.running - - ci.pipeline.allpackages-pr.package.complete - - ci.pipeline.allpackages-pr.package.ignore - - ci.pipeline.allpackages-pr.package.ignored - - ci.pipeline.allpackages-pr.package.queued - - ci.pipeline.allpackages-pr.package.running - - ci.pipeline.allpackages-pr.package.test.functional.complete - - ci.pipeline.allpackages-pr.package.test.functional.ignore - - ci.pipeline.allpackages-pr.package.test.functional.ignored - - ci.pipeline.allpackages-pr.package.test.functional.queued - - ci.pipeline.allpackages-pr.package.test.functional.running - - ci.pipeline.allpackages-pr.queued - - ci.pipeline.allpackages-pr.running - - ci.pipeline.complete - - ci.pipeline.compose.complete - - ci.pipeline.compose.running - - ci.pipeline.compose.test.integration.complete - - ci.pipeline.compose.test.integration.queued - - ci.pipeline.compose.test.integration.running - - ci.pipeline.image.complete - - ci.pipeline.image.running - - ci.pipeline.image.test.smoke.complete - - ci.pipeline.image.test.smoke.running - - ci.pipeline.package.complete - - ci.pipeline.package.ignore - - ci.pipeline.package.ignored - - ci.pipeline.package.queued - - ci.pipeline.package.running - -fedmsg_prefix: org.centos -fedmsg_env: stg - -nagios_Can_Connect: false - -nagios_Check_Services: - mail: false - nrpe: false - sshd: false - swap: false - ping: false diff --git a/inventory/host_vars/relay.ci.centos.org b/inventory/host_vars/relay.ci.centos.org deleted file mode 100644 index 7cf82a6f73..0000000000 --- a/inventory/host_vars/relay.ci.centos.org +++ /dev/null @@ -1,71 +0,0 @@ ---- -# These are consumed by a task in roles/fedmsg/base/main.yml -fedmsg_certs: -- service: shell - owner: root - group: sysadmin - can_send: - - logger.log -- service: fedmsg - owner: root - group: root - can_send: - - ci.pipeline.allpackages-build.complete - - ci.pipeline.allpackages-build.image.complete - - ci.pipeline.allpackages-build.image.queued - - ci.pipeline.allpackages-build.image.running - - ci.pipeline.allpackages-build.package.complete - - ci.pipeline.allpackages-build.package.ignore - - ci.pipeline.allpackages-build.package.ignored - - ci.pipeline.allpackages-build.package.queued - - ci.pipeline.allpackages-build.package.running - - ci.pipeline.allpackages-build.package.test.functional.complete - - ci.pipeline.allpackages-build.package.test.functional.queued - - ci.pipeline.allpackages-build.package.test.functional.running - - ci.pipeline.allpackages-pr.complete - - ci.pipeline.allpackages-pr.ignore - - ci.pipeline.allpackages-pr.ignored - - ci.pipeline.allpackages-pr.image.complete - - ci.pipeline.allpackages-pr.image.ignore - - ci.pipeline.allpackages-pr.image.ignored - - ci.pipeline.allpackages-pr.image.queued - - ci.pipeline.allpackages-pr.image.running - - ci.pipeline.allpackages-pr.package.complete - - ci.pipeline.allpackages-pr.package.ignore - - ci.pipeline.allpackages-pr.package.ignored - - ci.pipeline.allpackages-pr.package.queued - - ci.pipeline.allpackages-pr.package.running - - ci.pipeline.allpackages-pr.package.test.functional.complete - - ci.pipeline.allpackages-pr.package.test.functional.ignore - - ci.pipeline.allpackages-pr.package.test.functional.ignored - - ci.pipeline.allpackages-pr.package.test.functional.queued - - ci.pipeline.allpackages-pr.package.test.functional.running - - ci.pipeline.allpackages-pr.queued - - ci.pipeline.allpackages-pr.running - - ci.pipeline.complete - - ci.pipeline.compose.complete - - ci.pipeline.compose.running - - ci.pipeline.compose.test.integration.complete - - ci.pipeline.compose.test.integration.queued - - ci.pipeline.compose.test.integration.running - - ci.pipeline.image.complete - - ci.pipeline.image.running - - ci.pipeline.image.test.smoke.complete - - ci.pipeline.image.test.smoke.running - - ci.pipeline.package.complete - - ci.pipeline.package.ignore - - ci.pipeline.package.ignored - - ci.pipeline.package.queued - - ci.pipeline.package.running - -fedmsg_prefix: org.centos -fedmsg_env: prod - -nagios_Can_Connect: false - -nagios_Check_Services: - mail: false - nrpe: false - sshd: false - swap: false - ping: false diff --git a/inventory/host_vars/repospanner-cc-rdu01.fedoraproject.org b/inventory/host_vars/repospanner-cc-rdu01.fedoraproject.org deleted file mode 100644 index fd1c3cc2be..0000000000 --- a/inventory/host_vars/repospanner-cc-rdu01.fedoraproject.org +++ /dev/null @@ -1,26 +0,0 @@ ---- -nrpe_procs_warn: 900 -nrpe_procs_crit: 1000 -eth0_ip: 8.43.85.76 -eth0_nm: 255.255.255.0 -gw: 8.43.85.254 -nm: 255.255.255.0 -dns: 8.8.8.8 -deployment_type: prod - -volgroup: /dev/vg_guests -vmhost: virthost-cc-rdu02.fedoraproject.org -datacenter: rdu-cc - -has_ipv6: yes -eth0_ipv6: "2620:52:3:1:dead:beef:cafe:fed2" -eth0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" - -postfix_group: vpn -vpn: true - -ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext -ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/ - - - diff --git a/inventory/host_vars/repospanner-ibiblio01.fedoraproject.org b/inventory/host_vars/repospanner-ibiblio01.fedoraproject.org deleted file mode 100644 index 4bbb749625..0000000000 --- a/inventory/host_vars/repospanner-ibiblio01.fedoraproject.org +++ /dev/null @@ -1,19 +0,0 @@ ---- -nm: 255.255.255.128 -gw: 152.19.134.129 -dns: 8.8.8.8 - -ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-ext -ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ - -volgroup: /dev/vg_guests - -eth0_ip: 152.19.134.149 -eth0_nm: 255.255.255.128 - -has_ipv6: yes -eth0_ipv6: "2610:28:3090:3001:dead:beef:cafe:fedf" -eth0_ipv6_gw: "2610:28:3090:3001::1" - -vmhost: ibiblio01.fedoraproject.org -datacenter: ibiblio diff --git a/inventory/host_vars/repospanner-temp01.fedoraproject.org b/inventory/host_vars/repospanner-temp01.fedoraproject.org deleted file mode 100644 index a03c308448..0000000000 --- a/inventory/host_vars/repospanner-temp01.fedoraproject.org +++ /dev/null @@ -1,24 +0,0 @@ ---- -nrpe_procs_warn: 900 -nrpe_procs_crit: 1000 -eth0_ip: 8.43.85.78 -eth0_nm: 255.255.255.0 -gw: 8.43.85.254 -nm: 255.255.255.0 -dns: 8.8.8.8 -max_mem_size: 8192 -deployment_type: dev - -volgroup: /dev/vg_guests -vmhost: virthost-cc-rdu02.fedoraproject.org -datacenter: rdu-cc - -has_ipv6: yes -eth0_ipv6: "2620:52:3:1:dead:beef:cafe:fee0" -eth0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe" - -vpn: false - -ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext -ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/ - diff --git a/inventory/host_vars/repospanner-temp02.fedoraproject.org b/inventory/host_vars/repospanner-temp02.fedoraproject.org deleted file mode 100644 index af5b80ad8b..0000000000 --- a/inventory/host_vars/repospanner-temp02.fedoraproject.org +++ /dev/null @@ -1,27 +0,0 @@ ---- -nrpe_procs_warn: 900 -nrpe_procs_crit: 1000 -eth0_ip: 152.19.134.191 -eth0_nm: 255.255.255.128 -nm: 255.255.255.128 -gw: 152.19.134.129 -dns: 8.8.8.8 -max_mem_size: 8192 -deployment_type: dev - -volgroup: /dev/vg_guests -vmhost: ibiblio01.fedoraproject.org -datacenter: ibiblio - -has_ipv6: yes -eth0_ipv6: "2610:28:3090:3001:dead:beef:cafe:fee0" -eth0_ipv6_gw: "2610:28:3090:3001::1" - -vpn: false - -ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-ext -ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/ - - - - diff --git a/inventory/host_vars/repospanner-temp03.fedoraproject.org b/inventory/host_vars/repospanner-temp03.fedoraproject.org deleted file mode 100644 index 912e8b38a7..0000000000 --- a/inventory/host_vars/repospanner-temp03.fedoraproject.org +++ /dev/null @@ -1,24 +0,0 @@ ---- -nrpe_procs_warn: 900 -nrpe_procs_crit: 1000 -eth0_ip: 140.211.169.199 -eth0_nm: 255.255.255.128 -nm: 255.255.255.192 -gw: 140.211.169.193 -dns: 8.8.8.8 -max_mem_size: 8192 -deployment_type: dev - -volgroup: /dev/vg_guests -vmhost: osuosl01.fedoraproject.org -datacenter: osuosl - -has_ipv6: yes -eth0_ipv6: "2605:bc80:3010:600:dead:beef:cafe:fee0" -eth0_ipv6_gw: "2605:bc80:3010:600::1" - -vpn: false - -ks_url: http://209.132.181.6/repo/rhel/ks/kvm-rhel-7-ext -ks_repo: http://209.132.181.6/repo/rhel/RHEL7-x86_64/ - diff --git a/inventory/host_vars/repospanner01.phx2.fedoraproject.org b/inventory/host_vars/repospanner01.phx2.fedoraproject.org deleted file mode 100644 index 085c4829da..0000000000 --- a/inventory/host_vars/repospanner01.phx2.fedoraproject.org +++ /dev/null @@ -1,10 +0,0 @@ ---- -eth0_ip: 10.5.126.60 -nm: 255.255.255.0 -gw: 10.5.128.254 -dns: 10.5.126.21 -ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 -ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ -volgroup: /dev/vg_guests -vmhost: virthost01.phx2.fedoraproject.org -datacenter: phx2 diff --git a/inventory/host_vars/simple-koji-ci-prod.fedorainfracloud.org b/inventory/host_vars/simple-koji-ci-prod.fedorainfracloud.org deleted file mode 100644 index 2258d98eac..0000000000 --- a/inventory/host_vars/simple-koji-ci-prod.fedorainfracloud.org +++ /dev/null @@ -1,14 +0,0 @@ ---- -tcp_ports: [22] -datacenter: aws - -nagios_Check_Services: - mail: false - nrpe: false - sshd: false - named: false - dhcpd: false - httpd: false - swap: false - ping: false - raid: false diff --git a/inventory/host_vars/summershum01.phx2.fedoraproject.org b/inventory/host_vars/summershum01.phx2.fedoraproject.org deleted file mode 100644 index b97f91149d..0000000000 --- a/inventory/host_vars/summershum01.phx2.fedoraproject.org +++ /dev/null @@ -1,14 +0,0 @@ ---- -nm: 255.255.255.0 -gw: 10.5.126.254 -dns: 10.5.126.21 - -ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 -ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ - -eth0_ip: 10.5.126.205 - -volgroup: /dev/vg_guests -vmhost: virthost14.phx2.fedoraproject.org - -datacenter: phx2 diff --git a/inventory/host_vars/summershum01.stg.phx2.fedoraproject.org b/inventory/host_vars/summershum01.stg.phx2.fedoraproject.org deleted file mode 100644 index e72c2fc0c0..0000000000 --- a/inventory/host_vars/summershum01.stg.phx2.fedoraproject.org +++ /dev/null @@ -1,14 +0,0 @@ ---- -nm: 255.255.255.0 -gw: 10.5.128.254 -dns: 10.5.126.21 - -ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7 -ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/ - -eth0_ip: 10.5.128.184 - -volgroup: /dev/vg_guests -vmhost: virthost04.stg.phx2.fedoraproject.org - -datacenter: phx2 diff --git a/inventory/inventory b/inventory/inventory index b9f8945d7e..6f4b811c73 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -1071,12 +1071,6 @@ copr_keygen_dev_aws # virthost-aarch64-os01.fedorainfracloud.org # virthost-aarch64-os02.fedorainfracloud.org -#[libravatar] -#libravatar.fedorainfracloud.org - -#[libravatar_stg] -#libravatar-stg.fedorainfracloud.org - [pagure] pagure01.fedoraproject.org diff --git a/library/lvol.py b/library/lvol.py deleted file mode 100644 index 75d8c56ac9..0000000000 --- a/library/lvol.py +++ /dev/null @@ -1,401 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- - -# (c) 2013, Jeroen Hoekx , Alexander Bulimov -# -# This file is part of Ansible -# -# Ansible is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Ansible is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -DOCUMENTATION = ''' ---- -author: - - "Jeroen Hoekx (@jhoekx)" - - "Alexander Bulimov (@abulimov)" -module: lvol -short_description: Configure LVM logical volumes -description: - - This module creates, removes or resizes logical volumes. -version_added: "1.1" -options: - vg: - description: - - The volume group this logical volume is part of. - required: true - lv: - description: - - The name of the logical volume. - required: true - size: - description: - - The size of the logical volume, according to lvcreate(8) --size, by - default in megabytes or optionally with one of [bBsSkKmMgGtTpPeE] units; or - according to lvcreate(8) --extents as a percentage of [VG|PVS|FREE]; - Float values must begin with a digit. - Resizing using percentage values was not supported prior to 2.1. - state: - choices: [ "present", "absent" ] - default: present - description: - - Control if the logical volume exists. If C(present) the C(size) option - is required. - required: false - force: - version_added: "1.5" - choices: [ "yes", "no" ] - default: "no" - description: - - Shrink or remove operations of volumes requires this switch. Ensures that - that filesystems get never corrupted/destroyed by mistake. - required: false - opts: - version_added: "2.0" - description: - - Free-form options to be passed to the lvcreate command - snapshot: - version_added: "2.1" - description: - - The name of the snapshot volume - required: false - pvs: - version_added: "2.2" - description: - - Comma separated list of physical volumes e.g. /dev/sda,/dev/sdb - required: false - shrink: - version_added: "2.2" - description: - - shrink if current size is higher than size requested - required: false - default: yes -notes: - - Filesystems on top of the volume are not resized. -''' - -EXAMPLES = ''' -# Create a logical volume of 512m. -- lvol: vg=firefly lv=test size=512 - -# Create a logical volume of 512m with disks /dev/sda and /dev/sdb -- lvol: vg=firefly lv=test size=512 pvs=/dev/sda,/dev/sdb - -# Create cache pool logical volume -- lvol: vg=firefly lv=lvcache size=512m opts='--type cache-pool' - -# Create a logical volume of 512g. -- lvol: vg=firefly lv=test size=512g - -# Create a logical volume the size of all remaining space in the volume group -- lvol: vg=firefly lv=test size=100%FREE - -# Create a logical volume with special options -- lvol: vg=firefly lv=test size=512g opts="-r 16" - -# Extend the logical volume to 1024m. -- lvol: vg=firefly lv=test size=1024 - -# Extend the logical volume to consume all remaining space in the volume group -- lvol: vg=firefly lv=test size=+100%FREE - -# Extend the logical volume to take all remaining space of the PVs -- lvol: vg=firefly lv=test size=100%PVS - -# Resize the logical volume to % of VG -- lvol: vg-firefly lv=test size=80%VG force=yes - -# Reduce the logical volume to 512m -- lvol: vg=firefly lv=test size=512 force=yes - -# Set the logical volume to 512m and do not try to shrink if size is lower than current one -- lvol: vg=firefly lv=test size=512 shrink=no - -# Remove the logical volume. -- lvol: vg=firefly lv=test state=absent force=yes - -# Create a snapshot volume of the test logical volume. -- lvol: vg=firefly lv=test snapshot=snap1 size=100m -''' - -import re - -decimal_point = re.compile(r"(\d+)") - -def mkversion(major, minor, patch): - return (1000 * 1000 * int(major)) + (1000 * int(minor)) + int(patch) - -def parse_lvs(data): - lvs = [] - for line in data.splitlines(): - parts = line.strip().split(';') - lvs.append({ - 'name': parts[0].replace('[','').replace(']',''), - 'size': int(decimal_point.match(parts[1]).group(1)) - }) - return lvs - -def parse_vgs(data): - vgs = [] - for line in data.splitlines(): - parts = line.strip().split(';') - vgs.append({ - 'name': parts[0], - 'size': int(decimal_point.match(parts[1]).group(1)), - 'free': int(decimal_point.match(parts[2]).group(1)), - 'ext_size': int(decimal_point.match(parts[3]).group(1)) - }) - return vgs - - -def get_lvm_version(module): - ver_cmd = module.get_bin_path("lvm", required=True) - rc, out, err = module.run_command("%s version" % (ver_cmd)) - if rc != 0: - return None - m = re.search("LVM version:\s+(\d+)\.(\d+)\.(\d+).*(\d{4}-\d{2}-\d{2})", out) - if not m: - return None - return mkversion(m.group(1), m.group(2), m.group(3)) - - -def main(): - module = AnsibleModule( - argument_spec=dict( - vg=dict(required=True), - lv=dict(required=True), - size=dict(type='str'), - opts=dict(type='str'), - state=dict(choices=["absent", "present"], default='present'), - force=dict(type='bool', default='no'), - shrink=dict(type='bool', default='yes'), - snapshot=dict(type='str', default=None), - pvs=dict(type='str') - ), - supports_check_mode=True, - ) - - # Determine if the "--yes" option should be used - version_found = get_lvm_version(module) - if version_found == None: - module.fail_json(msg="Failed to get LVM version number") - version_yesopt = mkversion(2, 2, 99) # First LVM with the "--yes" option - if version_found >= version_yesopt: - yesopt = "--yes" - else: - yesopt = "" - - vg = module.params['vg'] - lv = module.params['lv'] - size = module.params['size'] - opts = module.params['opts'] - state = module.params['state'] - force = module.boolean(module.params['force']) - shrink = module.boolean(module.params['shrink']) - size_opt = 'L' - size_unit = 'm' - snapshot = module.params['snapshot'] - pvs = module.params['pvs'] - - if pvs is None: - pvs = "" - else: - pvs = pvs.replace(",", " ") - - if opts is None: - opts = "" - - # Add --test option when running in check-mode - if module.check_mode: - test_opt = ' --test' - else: - test_opt = '' - - if size: - # LVCREATE(8) -l --extents option with percentage - if '%' in size: - size_parts = size.split('%', 1) - size_percent = int(size_parts[0]) - if size_percent > 100: - module.fail_json(msg="Size percentage cannot be larger than 100%") - size_whole = size_parts[1] - if size_whole == 'ORIGIN': - module.fail_json(msg="Snapshot Volumes are not supported") - elif size_whole not in ['VG', 'PVS', 'FREE']: - module.fail_json(msg="Specify extents as a percentage of VG|PVS|FREE") - size_opt = 'l' - size_unit = '' - - if not '%' in size: - # LVCREATE(8) -L --size option unit - if size[-1].lower() in 'bskmgtpe': - size_unit = size[-1].lower() - size = size[0:-1] - - try: - float(size) - if not size[0].isdigit(): raise ValueError() - except ValueError: - module.fail_json(msg="Bad size specification of '%s'" % size) - - # when no unit, megabytes by default - if size_opt == 'l': - unit = 'm' - else: - unit = size_unit - - # Get information on volume group requested - vgs_cmd = module.get_bin_path("vgs", required=True) - rc, current_vgs, err = module.run_command( - "%s --noheadings -o vg_name,size,free,vg_extent_size --units %s --separator ';' %s" % (vgs_cmd, unit, vg)) - - if rc != 0: - if state == 'absent': - module.exit_json(changed=False, stdout="Volume group %s does not exist." % vg, stderr=False) - else: - module.fail_json(msg="Volume group %s does not exist." % vg, rc=rc, err=err) - - vgs = parse_vgs(current_vgs) - this_vg = vgs[0] - - # Get information on logical volume requested - lvs_cmd = module.get_bin_path("lvs", required=True) - rc, current_lvs, err = module.run_command( - "%s -a --noheadings --nosuffix -o lv_name,size --units %s --separator ';' %s" % (lvs_cmd, unit, vg)) - - if rc != 0: - if state == 'absent': - module.exit_json(changed=False, stdout="Volume group %s does not exist." % vg, stderr=False) - else: - module.fail_json(msg="Volume group %s does not exist." % vg, rc=rc, err=err) - - changed = False - - lvs = parse_lvs(current_lvs) - - if snapshot is None: - check_lv = lv - else: - check_lv = snapshot - for test_lv in lvs: - if test_lv['name'] == check_lv: - this_lv = test_lv - break - else: - this_lv = None - - if state == 'present' and not size: - if this_lv is None: - module.fail_json(msg="No size given.") - else: - module.exit_json(changed=False, vg=vg, lv=this_lv['name'], size=this_lv['size']) - - msg = '' - if this_lv is None: - if state == 'present': - ### create LV - lvcreate_cmd = module.get_bin_path("lvcreate", required=True) - if snapshot is not None: - cmd = "%s %s %s -%s %s%s -s -n %s %s %s/%s" % (lvcreate_cmd, test_opt, yesopt, size_opt, size, size_unit, snapshot, opts, vg, lv) - else: - cmd = "%s %s %s -n %s -%s %s%s %s %s %s" % (lvcreate_cmd, test_opt, yesopt, lv, size_opt, size, size_unit, opts, vg, pvs) - rc, _, err = module.run_command(cmd) - if rc == 0: - changed = True - else: - module.fail_json(msg="Creating logical volume '%s' failed" % lv, rc=rc, err=err) - else: - if state == 'absent': - ### remove LV - if not force: - module.fail_json(msg="Sorry, no removal of logical volume %s without force=yes." % (this_lv['name'])) - lvremove_cmd = module.get_bin_path("lvremove", required=True) - rc, _, err = module.run_command("%s %s --force %s/%s" % (lvremove_cmd, test_opt, vg, this_lv['name'])) - if rc == 0: - module.exit_json(changed=True) - else: - module.fail_json(msg="Failed to remove logical volume %s" % (lv), rc=rc, err=err) - - elif size_opt == 'l': - ### Resize LV based on % value - tool = None - size_free = this_vg['free'] - if size_whole == 'VG' or size_whole == 'PVS': - size_requested = size_percent * this_vg['size'] / 100 - else: # size_whole == 'FREE': - size_requested = size_percent * this_vg['free'] / 100 - if '+' in size: - size_requested += this_lv['size'] - if this_lv['size'] < size_requested: - if (size_free > 0) and (('+' not in size) or (size_free >= (size_requested - this_lv['size']))): - tool = module.get_bin_path("lvextend", required=True) - else: - module.fail_json(msg="Logical Volume %s could not be extended. Not enough free space left (%s%s required / %s%s available)" % (this_lv['name'], (size_requested - this_lv['size']), unit, size_free, unit)) - elif shrink and this_lv['size'] > size_requested + this_vg['ext_size']: # more than an extent too large - if size_requested == 0: - module.fail_json(msg="Sorry, no shrinking of %s to 0 permitted." % (this_lv['name'])) - elif not force: - module.fail_json(msg="Sorry, no shrinking of %s without force=yes" % (this_lv['name'])) - else: - tool = module.get_bin_path("lvreduce", required=True) - tool = '%s %s' % (tool, '--force') - - if tool: - cmd = "%s %s -%s %s%s %s/%s %s" % (tool, test_opt, size_opt, size, size_unit, vg, this_lv['name'], pvs) - rc, out, err = module.run_command(cmd) - if "Reached maximum COW size" in out: - module.fail_json(msg="Unable to resize %s to %s%s" % (lv, size, size_unit), rc=rc, err=err, out=out) - elif rc == 0: - changed = True - msg="Volume %s resized to %s%s" % (this_lv['name'], size_requested, unit) - elif "matches existing size" in err: - module.exit_json(changed=False, vg=vg, lv=this_lv['name'], size=this_lv['size']) - elif "not larger than existing size" in err: - module.exit_json(changed=False, vg=vg, lv=this_lv['name'], size=this_lv['size'], msg="Original size is larger than requested size", err=err) - else: - module.fail_json(msg="Unable to resize %s to %s%s" % (lv, size, size_unit), rc=rc, err=err) - - else: - ### resize LV based on absolute values - tool = None - if int(size) > this_lv['size']: - tool = module.get_bin_path("lvextend", required=True) - elif shrink and int(size) < this_lv['size']: - if int(size) == 0: - module.fail_json(msg="Sorry, no shrinking of %s to 0 permitted." % (this_lv['name'])) - if not force: - module.fail_json(msg="Sorry, no shrinking of %s without force=yes." % (this_lv['name'])) - else: - tool = module.get_bin_path("lvreduce", required=True) - tool = '%s %s' % (tool, '--force') - - if tool: - cmd = "%s %s -%s %s%s %s/%s %s" % (tool, test_opt, size_opt, size, size_unit, vg, this_lv['name'], pvs) - rc, out, err = module.run_command(cmd) - if "Reached maximum COW size" in out: - module.fail_json(msg="Unable to resize %s to %s%s" % (lv, size, size_unit), rc=rc, err=err, out=out) - elif rc == 0: - changed = True - elif "matches existing size" in err: - module.exit_json(changed=False, vg=vg, lv=this_lv['name'], size=this_lv['size']) - elif "not larger than existing size" in err: - module.exit_json(changed=False, vg=vg, lv=this_lv['name'], size=this_lv['size'], msg="Original size is larger than requested size", err=err) - else: - module.fail_json(msg="Unable to resize %s to %s%s" % (lv, size, size_unit), rc=rc, err=err) - - module.exit_json(changed=changed, msg=msg) - -# import module snippets -from ansible.module_utils.basic import * - -if __name__ == '__main__': - main() diff --git a/playbooks/cloud_prep.yml b/playbooks/cloud_prep.yml deleted file mode 100644 index 3cb6f6c08e..0000000000 --- a/playbooks/cloud_prep.yml +++ /dev/null @@ -1,14 +0,0 @@ -# restricted to run on cloud instances only -- hosts: 209.132.184.* - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" - - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/destroy_cloud_inst.yml b/playbooks/destroy_cloud_inst.yml deleted file mode 100644 index fc1cec723a..0000000000 --- a/playbooks/destroy_cloud_inst.yml +++ /dev/null @@ -1,25 +0,0 @@ -#DIE DIE DIE -# there is no way this could work so fail -# -# only works with -e target= -# requires --extra-vars="target=hostspec" - -- name: destroy the cloud instance - hosts: "{{ target }}" - user: root - gather_facts: false - - tasks: - - name: fail if the host/ip is not up - local_action: wait_for host={{ inventory_hostname }} port=22 delay=0 timeout=10 - when: inventory_hostname not in result.list_vms - - - name: pause for 30s before doing it - pause: seconds=30 prompt="Destroying vm now {{ target }}, abort if this is wrong" - - - name: find the instance id from the builder - command: curl -s http://169.254.169.254/latest/meta-data/instance-id - register: instanceid - - - name: destroy the vm - command: /usr/sbin/halt -p diff --git a/playbooks/destroy_virt_inst.yml b/playbooks/destroy_virt_inst.yml deleted file mode 100644 index 3dd25baf6f..0000000000 --- a/playbooks/destroy_virt_inst.yml +++ /dev/null @@ -1,45 +0,0 @@ -# only works with -e target= -# read configs from host_vars -# check for host already existing -# if it exists -# kill it -# lvremove disk? -# if not -# exit with failure - -# requires --extra-vars="target=hostspec" - -- name: destroy and undefine vm - hosts: "{{ target }}" - user: root - gather_facts: false - - tasks: - - name: get vm list on the vmhost - delegate_to: "{{ vmhost }}" - virt: command=list_vms - register: result - - - name: fail if the host is not already defined/existent - local_action: fail msg="host does not exist on {{ vmhost }}" - when: inventory_hostname not in result.list_vms - - - name: schedule 30m host downtime in nagios - nagios: action=downtime minutes=60 service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.phx2.fedoraproject.org - ignore_errors: true - - - name: pause for 30s before doing it - pause: seconds=30 prompt="Destroying (and lvremove for) vm now {{ target }}, abort if this is wrong" - - - name: destroy the vm - virt: name={{ inventory_hostname }} command=destroy - delegate_to: "{{ vmhost }}" - - - name: undefine the vm - virt: name={{ inventory_hostname }} command=undefine - delegate_to: "{{ vmhost }}" - - - name: destroy the lv - command: /sbin/lvremove -f {{volgroup}}/{{inventory_hostname}} - delegate_to: "{{ vmhost }}" diff --git a/playbooks/fix_arm_soc.yml b/playbooks/fix_arm_soc.yml deleted file mode 100644 index 23140ba4a5..0000000000 --- a/playbooks/fix_arm_soc.yml +++ /dev/null @@ -1,33 +0,0 @@ -# -# This playbook power cycles an arm soc, sets time and runs playbook on it. -# -# requires -e "target=arm0N-builderXX.arm.fedoraproject.org" -l arm0N-builderXX.arm.fedoraproject.org - -- name: power cycle instance - hosts: "{{ target }}" - gather_facts: False - user: root - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - tasks: - - name: power off - delegate_to: noc01.phx2.fedoraproject.org - command: /opt/calxeda/bin/ipmitool -U admin -P "{{ armsocipmipass }}" -H "{{inventory_hostname_short}}-mgmt.arm.fedoraproject.org" power off -# no_log: True - - - name: power on - delegate_to: noc01.phx2.fedoraproject.org - command: /opt/calxeda/bin/ipmitool -U admin -P "{{ armsocipmipass }}" -H "{{inventory_hostname_short}}-mgmt.arm.fedoraproject.org" power on -# no_log: True - - - name: wait for soc ssh to come back up - local_action: wait_for delay=10 host={{ target }} port=22 state=started timeout=1200 - - - name: make sure time is set - delegate_to: "{{target}}" - command: ntpdate -u bastion01.phx2.fedoraproject.org - -- include_playbook: groups/buildhw.yml hosts="{{target}}" diff --git a/playbooks/groups/koji-hub.yml b/playbooks/groups/koji-hub.yml index f1ad420861..66890e7f7e 100644 --- a/playbooks/groups/koji-hub.yml +++ b/playbooks/groups/koji-hub.yml @@ -28,7 +28,6 @@ - nagios_client - hosts - fas_client - - builder_repo - collectd/base - apache - role: keytab/service diff --git a/playbooks/groups/releng-compose.yml b/playbooks/groups/releng-compose.yml index 6e69d07566..03299b7a01 100644 --- a/playbooks/groups/releng-compose.yml +++ b/playbooks/groups/releng-compose.yml @@ -23,7 +23,6 @@ roles: - base - hosts - - builder_repo - fas_client - rkhunter - nagios_client diff --git a/playbooks/hosts/respins.fedorainfracloud.org.yml b/playbooks/hosts/respins.fedorainfracloud.org.yml deleted file mode 100644 index 93726bd80d..0000000000 --- a/playbooks/hosts/respins.fedorainfracloud.org.yml +++ /dev/null @@ -1,31 +0,0 @@ -- name: check/create instance - hosts: respins.fedorainfracloud.org - gather_facts: False - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/private/ansible/files/openstack/passwords.yml - - tasks: - - import_tasks: "{{ tasks_path }}/persistent_cloud.yml" - - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - -- name: setup all the things - hosts: respins.fedorainfracloud.org - gather_facts: True - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - /srv/private/ansible/vars.yml - - /srv/private/ansible/files/openstack/passwords.yml - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - pre_tasks: - - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml" - - name: set hostname (required by some services, at least postfix need it) - hostname: name="{{inventory_hostname}}" - - roles: - - basessh diff --git a/playbooks/include/proxies-fedora-web.yml b/playbooks/include/proxies-fedora-web.yml index 79a6eee86e..cb1fa812b3 100644 --- a/playbooks/include/proxies-fedora-web.yml +++ b/playbooks/include/proxies-fedora-web.yml @@ -27,8 +27,6 @@ website: fedoracommunity.org - role: fedora-web/fudcon website: fudcon.fedoraproject.org - - role: fedora-web/magazine - website: fedoramagazine.org - role: fedora-web/getfedora website: getfedora.org - role: fedora-web/flocktofedora diff --git a/roles/ansible-ansible-awx/tasks/main.yml b/roles/ansible-ansible-awx/tasks/main.yml deleted file mode 100644 index 0e6c376ab7..0000000000 --- a/roles/ansible-ansible-awx/tasks/main.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- - -- name: Install required packages - package: name="{{ item }}" state=present - with_items: - - ansible - - git - - pyOpenSSL - - docker - - python-docker-py - tags: - - awxinstall - -- name: Start and enable docker - service: name=docker enabled=yes state=started - -- name: git clone the awx repo - git: - repo: https://github.com/ansible/awx.git - dest: /srv/awx - version: devel - tags: - - awxinstall - -- name: git clone the awx-logos repo - git: - repo: https://github.com/ansible/awx-logos.git - dest: /srv/awx-logos - version: master - tags: - - awxinstall - -- name: Copy inventory file over - template: src=inventory dest=/srv/awx/installer/inventory - tags: - - awxinstall - -#- name: run ansible -# shell: "ansible-playbook install.yml -i inventory" -# args: -# chdir: "/srv/awx/installer" -# register: run_ansible_out -# tags: -# - awxinstall -# -#- name: display run ansible stdout_lines -# debug: -# var: run_ansible_out.stdout_lines -# tags: -# - awxinstall -# -#- name: display run ansible stderr -# debug: -# var: run_ansible_out.stderr -# tags: -# - awxinstall diff --git a/roles/ansible-ansible-awx/templates/inventory b/roles/ansible-ansible-awx/templates/inventory deleted file mode 100644 index 205a0b8a1d..0000000000 --- a/roles/ansible-ansible-awx/templates/inventory +++ /dev/null @@ -1,112 +0,0 @@ -localhost ansible_connection=local ansible_python_interpreter="/usr/bin/env python" - -[all:vars] - -# Remove these lines if you want to run a local image build -# Otherwise the setup playbook will install the official Ansible images. Versions may -# be selected based on: latest, 1, 1.0, 1.0.0, 1.0.0.123 -# by default the base will be used to search for ansible/awx_web and ansible/awx_task -dockerhub_base=ansible -dockerhub_version=latest - -# Openshift Install -# Will need to set -e openshift_password=developer -e docker_registry_password=$(oc whoami -t) -# openshift_host=127.0.0.1:8443 -# awx_openshift_project=awx -# openshift_user=developer -# awx_node_port=30083 - -# Kubernetes Install -# kubernetes_context=test-cluster -# awx_kubernetes_namespace=awx - -# Kubernetes and Openshift Install Resource Requests -# This is the request value for a pod's "task" container, which is the container -# used to run jobs. The other containers have a fixed resource request. The total amount -# of requested resources for a pod is the sum of all resources requested by all containers -# in the pod -# A cpu_request of 1500 is 1.5 cores for the task container -# A mem_request of 2 is for 2 gigabytes of memory for the task container -# awx_task_cpu_request=1500 -# awx_task_mem_request=2 - -# Common Docker parameters -postgres_data_dir=/tmp/pgdocker -host_port=80 - -# Docker Compose Install -# use_docker_compose=false -# The docker_compose.yml file will be created in this directory -# The name of the directory (here "awx") will be the prefix of the docker containers -docker_compose_dir=/var/lib/awx - -# Required for Openshift when building the image on your own -# Optional for Openshift if using Dockerhub or another prebuilt registry -# Required for Standalone Docker Install if building the image on your own -# Optional for Standalone Docker Install if using Dockerhub or another prebuilt registry -# Required for Docker Compose Install if building the image on your own -# Optional for Docker Compose Install if using Dockerhub or another prebuilt registry -# Define if you want the image pushed to a registry. The container definition will also use these images -# docker_registry=172.30.1.1:5000 -# docker_registry_repository=awx -# docker_registry_username=developer - - -# Docker_image will not attempt to push to remote if the image already exists locally -# Set this to true to delete images from docker on the build host so that they are pushed to the remote repository -# docker_remove_local_images=False - -# Set pg_hostname if you have an external postgres server, otherwise -# a new postgres service will be created -pg_hostname=db-fas01.phx2.fedoraproject.org -pg_username={{awx_db_user}} -pg_password={{awx_db_pass}} -pg_database={{awx_db}} -pg_port=5432 - -# Use a local distribution build container image for building the AWX package -# This is helpful if you don't want to bother installing the build-time dependencies as -# it is taken care of already. -# NOTE: IMPORTANT: If you are running a mininshift install, using this container might not work -# if you are using certain drivers like KVM where the source tree can't be mapped -# into the build container. -# Thus this setting must be set to False which will trigger a local build. To view the -# typical dependencies that you might need to install see: -# installer/image_build/files/Dockerfile.sdist -# use_container_for_build=true - -# This will create or update a default admin (superuser) account in AWX, if not provided -# then these default values are used -default_admin_user={{awx_admin}} -default_admin_password={{awx_admin_pw}} - -# AWX Secret key -# It's *very* important that this stay the same between upgrades or you will lose the ability to decrypt -# your credentials -awx_secret_key={{awx_secret_key}} - -# Build AWX with official logos -# Requires cloning awx-logos repo into the project root. -# Review the trademark guidelines at https://github.com/ansible/awx-logos/blob/master/TRADEMARKS.md -awx_official=true - -# Proxy -#http_proxy=http://proxy:3128 -#https_proxy=http://proxy:3128 -#no_proxy=mycorp.org - -# Container networking configuration -# Set the awx_task and awx_web containers' search domain(s) -#awx_container_search_domains=example.com,ansible.com -# Alternate DNS servers -#awx_alternate_dns_servers="10.1.2.3,10.2.3.4" - -# AWX project data folder. If you need access to the location where AWX stores the projects -# it manages from the docker host, you can set this to turn it into a volume for the container. -#project_data_dir=/var/lib/awx/projects - -# CA Trust directory. If you need to provide custom CA certificates, supplying -# this variable causes this directory on the host to be bind mounted over -# /etc/pki/ca-trust in the awx_task and awx_web containers. -# NOTE: only obeyed in local_docker install -#ca_trust_dir=/etc/pki/ca-trust diff --git a/roles/apps-fp-o/files/apps.yaml b/roles/apps-fp-o/files/apps.yaml index 8b7479b284..210b390936 100644 --- a/roles/apps-fp-o/files/apps.yaml +++ b/roles/apps-fp-o/files/apps.yaml @@ -122,19 +122,6 @@ children: description: > Maintain your own user profile page, contribute to documents about features, process, and governance. - - name: Fedora Magazine - data: - icon: magazine.png - url: http://fedoramagazine.org - docs_url: https://codex.wordpress.org/ - # We don't have a SOP for the magazine yet. - # https://fedorahosted.org/fedora-infrastructure/ticket/5149 - #sops: - # - put the url here - description: > - Fedora Magazine is a WordPress-based site which delivers all - the news of the Fedora Community. (It replaces the previous - Fedora Weekly News.) - name: The Planet data: icon: planet_logo.png diff --git a/roles/autosigner/files/endpoints.py b/roles/autosigner/files/endpoints.py deleted file mode 100644 index 3acc3f5f98..0000000000 --- a/roles/autosigner/files/endpoints.py +++ /dev/null @@ -1,46 +0,0 @@ -# This file is part of fedmsg. -# Copyright (C) 2012 Red Hat, Inc. -# -# fedmsg is free software; you can redistribute it and/or -# modify it under the terms of the GNU Lesser General Public -# License as published by the Free Software Foundation; either -# version 2.1 of the License, or (at your option) any later version. -# -# fedmsg is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with fedmsg; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -# -# Authors: Ralph Bean -# -import socket -hostname = socket.gethostname().split('.', 1)[0] - -config = dict( - # This is a dict of possible addresses from which fedmsg can send - # messages. fedmsg.init(...) requires that a 'name' argument be passed - # to it which corresponds with one of the keys in this dict. - endpoints={ - # These are here so your local box can listen to the upstream - # infrastructure's bus. Cool, right? :) - "fedora-infrastructure": [ - # proxy01, IP by Ralph Bean, the round-robin DNS pool - # hub.fedoraproject.org contains at least one IP autosign01 cannot - # connect to - "tcp://10.5.126.52:9940", - #"tcp://stg.fedoraproject.org:9940", - ], - - # For other, more 'normal' services, fedmsg will try to guess the - # name of it's calling module to determine which endpoint definition - # to use. This can be overridden by explicitly providing the name in - # the initial call to fedmsg.init(...). - #"bodhi.%s" % hostname: ["tcp://127.0.0.1:3001"], - #"fas.%s" % hostname: ["tcp://127.0.0.1:3002"], - #"fedoratagger.%s" % hostname: ["tcp://127.0.0.1:3003"], - }, -) diff --git a/roles/autosigner/meta/main.yml b/roles/autosigner/meta/main.yml deleted file mode 100644 index a8628190c2..0000000000 --- a/roles/autosigner/meta/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -dependencies: - - { role: builder_repo } - - { role: hosts } diff --git a/roles/autosigner/tasks/main.yml b/roles/autosigner/tasks/main.yml deleted file mode 100644 index 15d6811a0a..0000000000 --- a/roles/autosigner/tasks/main.yml +++ /dev/null @@ -1,46 +0,0 @@ -- name: install dependencies - package: state=present pkg={{ item }} - with_items: - - sigul - tags: - - autosigner - - packages - -# fedora-packager is required for /etc/koji/$arch-config -- name: install dependencies - package: state=present pkg={{ item }} - with_items: - - fedmsg - - fedmsg-hub - - fedora-packager - - python2-fedmsg-meta-fedora-infrastructure - tags: - - autosigner - - packages - -# sigul config for secondary archs: -# https://fedoraproject.org/wiki/Sigul_Client_Setup_SOP -- name: sigul config koji instances - ini_file: dest=/etc/sigul/client.conf section=koji option=koji-instances - value="arm ppc s390" - tags: - - autosigner - - config - -- name: sigul config koji config - ini_file: dest=/etc/sigul/client.conf section=koji - option=koji-config-{{ item }} value="/etc/koji/{{ item }}-config" - with_items: - - arm - - ppc - - s390 - tags: - - autosigner - - config - -- name: fedmsg endpoints config - copy: src=endpoints.py dest=/etc/fedmsg.d/endpoints.py - tags: - - autosigner - - config - - fedmsgdconfig diff --git a/roles/base/files/postfix/main.cf/main.cf.openstack-compute b/roles/base/files/postfix/main.cf/main.cf.openstack-compute deleted file mode 100644 index 293c0c1652..0000000000 --- a/roles/base/files/postfix/main.cf/main.cf.openstack-compute +++ /dev/null @@ -1,687 +0,0 @@ -# "false" -# Global Postfix configuration file. This file lists only a subset -# of all parameters. For the syntax, and for a complete parameter -# list, see the postconf(5) manual page (command: "man 5 postconf"). -# -# For common configuration examples, see BASIC_CONFIGURATION_README -# and STANDARD_CONFIGURATION_README. To find these documents, use -# the command "postconf html_directory readme_directory", or go to -# http://www.postfix.org/. -# -# For best results, change no more than 2-3 parameters at a time, -# and test if Postfix still works after every change. - -# SOFT BOUNCE -# -# The soft_bounce parameter provides a limited safety net for -# testing. When soft_bounce is enabled, mail will remain queued that -# would otherwise bounce. This parameter disables locally-generated -# bounces, and prevents the SMTP server from rejecting mail permanently -# (by changing 5xx replies into 4xx replies). However, soft_bounce -# is no cure for address rewriting mistakes or mail routing mistakes. -# -#soft_bounce = no - -# LOCAL PATHNAME INFORMATION -# -# The queue_directory specifies the location of the Postfix queue. -# This is also the root directory of Postfix daemons that run chrooted. -# See the files in examples/chroot-setup for setting up Postfix chroot -# environments on different UNIX systems. -# -queue_directory = /var/spool/postfix - -# The command_directory parameter specifies the location of all -# postXXX commands. -# -command_directory = /usr/sbin - -# The daemon_directory parameter specifies the location of all Postfix -# daemon programs (i.e. programs listed in the master.cf file). This -# directory must be owned by root. -# -daemon_directory = /usr/libexec/postfix - -# QUEUE AND PROCESS OWNERSHIP -# -# The mail_owner parameter specifies the owner of the Postfix queue -# and of most Postfix daemon processes. Specify the name of a user -# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS -# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In -# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED -# USER. -# -mail_owner = postfix - -# The default_privs parameter specifies the default rights used by -# the local delivery agent for delivery to external file or command. -# These rights are used in the absence of a recipient user context. -# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER. -# -#default_privs = nobody - -# INTERNET HOST AND DOMAIN NAMES -# -# The myhostname parameter specifies the internet hostname of this -# mail system. The default is to use the fully-qualified domain name -# from gethostname(). $myhostname is used as a default value for many -# other configuration parameters. -# -#myhostname = host.domain.tld -#myhostname = virtual.domain.tld - -# The mydomain parameter specifies the local internet domain name. -# The default is to use $myhostname minus the first component. -# $mydomain is used as a default value for many other configuration -# parameters. -# -#mydomain = domain.tld - -# SENDING MAIL -# -# The myorigin parameter specifies the domain that locally-posted -# mail appears to come from. The default is to append $myhostname, -# which is fine for small sites. If you run a domain with multiple -# machines, you should (1) change this to $mydomain and (2) set up -# a domain-wide alias database that aliases each user to -# user@that.users.mailhost. -# -# For the sake of consistency between sender and recipient addresses, -# myorigin also specifies the default domain name that is appended -# to recipient addresses that have no @domain part. -# -#myorigin = $myhostname -#myorigin = $mydomain - -mydomain = fedoraproject.org -myorigin = fedoraproject.org - -# RECEIVING MAIL - -# The inet_interfaces parameter specifies the network interface -# addresses that this mail system receives mail on. By default, -# the software claims all active interfaces on the machine. The -# parameter also controls delivery of mail to user@[ip.address]. -# -# See also the proxy_interfaces parameter, for network addresses that -# are forwarded to us via a proxy or network address translator. -# -# Note: you need to stop/start Postfix when this parameter changes. -# -#inet_interfaces = all -#inet_interfaces = $myhostname -#inet_interfaces = $myhostname, localhost -inet_interfaces = all - -# The proxy_interfaces parameter specifies the network interface -# addresses that this mail system receives mail on by way of a -# proxy or network address translation unit. This setting extends -# the address list specified with the inet_interfaces parameter. -# -# You must specify your proxy/NAT addresses when your system is a -# backup MX host for other domains, otherwise mail delivery loops -# will happen when the primary MX host is down. -# -#proxy_interfaces = -#proxy_interfaces = 1.2.3.4 - -# The mydestination parameter specifies the list of domains that this -# machine considers itself the final destination for. -# -# These domains are routed to the delivery agent specified with the -# local_transport parameter setting. By default, that is the UNIX -# compatible delivery agent that lookups all recipients in /etc/passwd -# and /etc/aliases or their equivalent. -# -# The default is $myhostname + localhost.$mydomain. On a mail domain -# gateway, you should also include $mydomain. -# -# Do not specify the names of virtual domains - those domains are -# specified elsewhere (see VIRTUAL_README). -# -# Do not specify the names of domains that this machine is backup MX -# host for. Specify those names via the relay_domains settings for -# the SMTP server, or use permit_mx_backup if you are lazy (see -# STANDARD_CONFIGURATION_README). -# -# The local machine is always the final destination for mail addressed -# to user@[the.net.work.address] of an interface that the mail system -# receives mail on (see the inet_interfaces parameter). -# -# Specify a list of host or domain names, /file/name or type:table -# patterns, separated by commas and/or whitespace. A /file/name -# pattern is replaced by its contents; a type:table is matched when -# a name matches a lookup key (the right-hand side is ignored). -# Continue long lines by starting the next line with whitespace. -# -# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS". -# -mydestination = $myhostname, localhost.$mydomain, fedora.redhat.com, localhost -#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain -#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, -# mail.$mydomain, www.$mydomain, ftp.$mydomain - -# REJECTING MAIL FOR UNKNOWN LOCAL USERS -# -# The local_recipient_maps parameter specifies optional lookup tables -# with all names or addresses of users that are local with respect -# to $mydestination, $inet_interfaces or $proxy_interfaces. -# -# If this parameter is defined, then the SMTP server will reject -# mail for unknown local users. This parameter is defined by default. -# -# To turn off local recipient checking in the SMTP server, specify -# local_recipient_maps = (i.e. empty). -# -# The default setting assumes that you use the default Postfix local -# delivery agent for local delivery. You need to update the -# local_recipient_maps setting if: -# -# - You define $mydestination domain recipients in files other than -# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files. -# For example, you define $mydestination domain recipients in -# the $virtual_mailbox_maps files. -# -# - You redefine the local delivery agent in master.cf. -# -# - You redefine the "local_transport" setting in main.cf. -# -# - You use the "luser_relay", "mailbox_transport", or "fallback_transport" -# feature of the Postfix local delivery agent (see local(8)). -# -# Details are described in the LOCAL_RECIPIENT_README file. -# -# Beware: if the Postfix SMTP server runs chrooted, you probably have -# to access the passwd file via the proxymap service, in order to -# overcome chroot restrictions. The alternative, having a copy of -# the system passwd file in the chroot jail is just not practical. -# -# The right-hand side of the lookup tables is conveniently ignored. -# In the left-hand side, specify a bare username, an @domain.tld -# wild-card, or specify a user@domain.tld address. -# -#local_recipient_maps = unix:passwd.byname $alias_maps -#local_recipient_maps = proxy:unix:passwd.byname $alias_maps -#local_recipient_maps = - -# The unknown_local_recipient_reject_code specifies the SMTP server -# response code when a recipient domain matches $mydestination or -# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty -# and the recipient address or address local-part is not found. -# -# The default setting is 550 (reject mail) but it is safer to start -# with 450 (try again later) until you are certain that your -# local_recipient_maps settings are OK. -# -unknown_local_recipient_reject_code = 550 - -# TRUST AND RELAY CONTROL - -# The mynetworks parameter specifies the list of "trusted" SMTP -# clients that have more privileges than "strangers". -# -# In particular, "trusted" SMTP clients are allowed to relay mail -# through Postfix. See the smtpd_recipient_restrictions parameter -# in postconf(5). -# -# You can specify the list of "trusted" network addresses by hand -# or you can let Postfix do it for you (which is the default). -# -# By default (mynetworks_style = subnet), Postfix "trusts" SMTP -# clients in the same IP subnetworks as the local machine. -# On Linux, this does works correctly only with interfaces specified -# with the "ifconfig" command. -# -# Specify "mynetworks_style = class" when Postfix should "trust" SMTP -# clients in the same IP class A/B/C networks as the local machine. -# Don't do this with a dialup site - it would cause Postfix to "trust" -# your entire provider's network. Instead, specify an explicit -# mynetworks list by hand, as described below. -# -# Specify "mynetworks_style = host" when Postfix should "trust" -# only the local machine. -# -#mynetworks_style = class -#mynetworks_style = subnet -#mynetworks_style = host - -# Alternatively, you can specify the mynetworks list by hand, in -# which case Postfix ignores the mynetworks_style setting. -# -# Specify an explicit list of network/netmask patterns, where the -# mask specifies the number of bits in the network part of a host -# address. -# -# You can also specify the absolute pathname of a pattern file instead -# of listing the patterns here. Specify type:table for table-based lookups -# (the value on the table right-hand side is not used). -# -#mynetworks = 168.100.189.0/28, 127.0.0.0/8 -#mynetworks = $config_directory/mynetworks -#mynetworks = hash:/etc/postfix/network_table - - -# The relay_domains parameter restricts what destinations this system will -# relay mail to. See the smtpd_recipient_restrictions description in -# postconf(5) for detailed information. -# -# By default, Postfix relays mail -# - from "trusted" clients (IP address matches $mynetworks) to any destination, -# - from "untrusted" clients to destinations that match $relay_domains or -# subdomains thereof, except addresses with sender-specified routing. -# The default relay_domains value is $mydestination. -# -# In addition to the above, the Postfix SMTP server by default accepts mail -# that Postfix is final destination for: -# - destinations that match $inet_interfaces or $proxy_interfaces, -# - destinations that match $mydestination -# - destinations that match $virtual_alias_domains, -# - destinations that match $virtual_mailbox_domains. -# These destinations do not need to be listed in $relay_domains. -# -# Specify a list of hosts or domains, /file/name patterns or type:name -# lookup tables, separated by commas and/or whitespace. Continue -# long lines by starting the next line with whitespace. A file name -# is replaced by its contents; a type:name table is matched when a -# (parent) domain appears as lookup key. -# -# NOTE: Postfix will not automatically forward mail for domains that -# list this system as their primary or backup MX host. See the -# permit_mx_backup restriction description in postconf(5). -# -#relay_domains = $mydestination - - - -# INTERNET OR INTRANET - -# The relayhost parameter specifies the default host to send mail to -# when no entry is matched in the optional transport(5) table. When -# no relayhost is given, mail is routed directly to the destination. -# -# On an intranet, specify the organizational domain name. If your -# internal DNS uses no MX records, specify the name of the intranet -# gateway host instead. -# -# In the case of SMTP, specify a domain, host, host:port, [host]:port, -# [address] or [address]:port; the form [host] turns off MX lookups. -# -# If you're connected via UUCP, see also the default_transport parameter. -# -#relayhost = $mydomain -#relayhost = [gateway.my.domain] -#relayhost = [mailserver.isp.tld] -#relayhost = uucphost -#relayhost = [an.ip.add.ress] -#relayhost = bastion - - -# REJECTING UNKNOWN RELAY USERS -# -# The relay_recipient_maps parameter specifies optional lookup tables -# with all addresses in the domains that match $relay_domains. -# -# If this parameter is defined, then the SMTP server will reject -# mail for unknown relay users. This feature is off by default. -# -# The right-hand side of the lookup tables is conveniently ignored. -# In the left-hand side, specify an @domain.tld wild-card, or specify -# a user@domain.tld address. -# -#relay_recipient_maps = hash:/etc/postfix/relay_recipients - -# INPUT RATE CONTROL -# -# The in_flow_delay configuration parameter implements mail input -# flow control. This feature is turned on by default, although it -# still needs further development (it's disabled on SCO UNIX due -# to an SCO bug). -# -# A Postfix process will pause for $in_flow_delay seconds before -# accepting a new message, when the message arrival rate exceeds the -# message delivery rate. With the default 100 SMTP server process -# limit, this limits the mail inflow to 100 messages a second more -# than the number of messages delivered per second. -# -# Specify 0 to disable the feature. Valid delays are 0..10. -# -#in_flow_delay = 1s - -# ADDRESS REWRITING -# -# The ADDRESS_REWRITING_README document gives information about -# address masquerading or other forms of address rewriting including -# username->Firstname.Lastname mapping. - -masquerade_domains = redhat.com -masquerade_exceptions = root apache - -# ADDRESS REDIRECTION (VIRTUAL DOMAIN) -# -# The VIRTUAL_README document gives information about the many forms -# of domain hosting that Postfix supports. - -# "USER HAS MOVED" BOUNCE MESSAGES -# -# See the discussion in the ADDRESS_REWRITING_README document. - -# TRANSPORT MAP -# -# See the discussion in the ADDRESS_REWRITING_README document. - -# ALIAS DATABASE -# -# The alias_maps parameter specifies the list of alias databases used -# by the local delivery agent. The default list is system dependent. -# -# On systems with NIS, the default is to search the local alias -# database, then the NIS alias database. See aliases(5) for syntax -# details. -# -# If you change the alias database, run "postalias /etc/aliases" (or -# wherever your system stores the mail alias file), or simply run -# "newaliases" to build the necessary DBM or DB file. -# -# It will take a minute or so before changes become visible. Use -# "postfix reload" to eliminate the delay. -# -#alias_maps = dbm:/etc/aliases -alias_maps = hash:/etc/aliases -#alias_maps = hash:/etc/aliases, nis:mail.aliases -#alias_maps = netinfo:/aliases - -# The alias_database parameter specifies the alias database(s) that -# are built with "newaliases" or "sendmail -bi". This is a separate -# configuration parameter, because alias_maps (see above) may specify -# tables that are not necessarily all under control by Postfix. -# -#alias_database = dbm:/etc/aliases -#alias_database = dbm:/etc/mail/aliases -alias_database = hash:/etc/aliases -#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases - -# ADDRESS EXTENSIONS (e.g., user+foo) -# -# The recipient_delimiter parameter specifies the separator between -# user names and address extensions (user+foo). See canonical(5), -# local(8), relocated(5) and virtual(5) for the effects this has on -# aliases, canonical, virtual, relocated and .forward file lookups. -# Basically, the software tries user+foo and .forward+foo before -# trying user and .forward. -# -recipient_delimiter = + - -# DELIVERY TO MAILBOX -# -# The home_mailbox parameter specifies the optional pathname of a -# mailbox file relative to a user's home directory. The default -# mailbox file is /var/spool/mail/user or /var/mail/user. Specify -# "Maildir/" for qmail-style delivery (the / is required). -# -#home_mailbox = Mailbox -#home_mailbox = Maildir/ - -# The mail_spool_directory parameter specifies the directory where -# UNIX-style mailboxes are kept. The default setting depends on the -# system type. -# -#mail_spool_directory = /var/mail -#mail_spool_directory = /var/spool/mail - -# The mailbox_command parameter specifies the optional external -# command to use instead of mailbox delivery. The command is run as -# the recipient with proper HOME, SHELL and LOGNAME environment settings. -# Exception: delivery for root is done as $default_user. -# -# Other environment variables of interest: USER (recipient username), -# EXTENSION (address extension), DOMAIN (domain part of address), -# and LOCAL (the address localpart). -# -# Unlike other Postfix configuration parameters, the mailbox_command -# parameter is not subjected to $parameter substitutions. This is to -# make it easier to specify shell syntax (see example below). -# -# Avoid shell meta characters because they will force Postfix to run -# an expensive shell process. Procmail alone is expensive enough. -# -# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN -# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER. -# -#mailbox_command = /usr/bin/procmail -#mailbox_command = /some/where/procmail -a "$EXTENSION" - -# The mailbox_transport specifies the optional transport in master.cf -# to use after processing aliases and .forward files. This parameter -# has precedence over the mailbox_command, fallback_transport and -# luser_relay parameters. -# -# Specify a string of the form transport:nexthop, where transport is -# the name of a mail delivery transport defined in master.cf. The -# :nexthop part is optional. For more details see the sample transport -# configuration file. -# -# NOTE: if you use this feature for accounts not in the UNIX password -# file, then you must update the "local_recipient_maps" setting in -# the main.cf file, otherwise the SMTP server will reject mail for -# non-UNIX accounts with "User unknown in local recipient table". -# -#mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp - -# If using the cyrus-imapd IMAP server deliver local mail to the IMAP -# server using LMTP (Local Mail Transport Protocol), this is prefered -# over the older cyrus deliver program by setting the -# mailbox_transport as below: -# -# mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp -# -# The efficiency of LMTP delivery for cyrus-imapd can be enhanced via -# these settings. -# -# local_destination_recipient_limit = 300 -# local_destination_concurrency_limit = 5 -# -# Of course you should adjust these settings as appropriate for the -# capacity of the hardware you are using. The recipient limit setting -# can be used to take advantage of the single instance message store -# capability of Cyrus. The concurrency limit can be used to control -# how many simultaneous LMTP sessions will be permitted to the Cyrus -# message store. -# -# To use the old cyrus deliver program you have to set: -#mailbox_transport = cyrus - -# The fallback_transport specifies the optional transport in master.cf -# to use for recipients that are not found in the UNIX passwd database. -# This parameter has precedence over the luser_relay parameter. -# -# Specify a string of the form transport:nexthop, where transport is -# the name of a mail delivery transport defined in master.cf. The -# :nexthop part is optional. For more details see the sample transport -# configuration file. -# -# NOTE: if you use this feature for accounts not in the UNIX password -# file, then you must update the "local_recipient_maps" setting in -# the main.cf file, otherwise the SMTP server will reject mail for -# non-UNIX accounts with "User unknown in local recipient table". -# -#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp -#fallback_transport = - -#transport_maps = hash:/etc/postfix/transport -# The luser_relay parameter specifies an optional destination address -# for unknown recipients. By default, mail for unknown@$mydestination, -# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned -# as undeliverable. -# -# The following expansions are done on luser_relay: $user (recipient -# username), $shell (recipient shell), $home (recipient home directory), -# $recipient (full recipient address), $extension (recipient address -# extension), $domain (recipient domain), $local (entire recipient -# localpart), $recipient_delimiter. Specify ${name?value} or -# ${name:value} to expand value only when $name does (does not) exist. -# -# luser_relay works only for the default Postfix local delivery agent. -# -# NOTE: if you use this feature for accounts not in the UNIX password -# file, then you must specify "local_recipient_maps =" (i.e. empty) in -# the main.cf file, otherwise the SMTP server will reject mail for -# non-UNIX accounts with "User unknown in local recipient table". -# -#luser_relay = $user@other.host -#luser_relay = $local@other.host -#luser_relay = admin+$local - -# JUNK MAIL CONTROLS -# -# The controls listed here are only a very small subset. The file -# SMTPD_ACCESS_README provides an overview. - -# The header_checks parameter specifies an optional table with patterns -# that each logical message header is matched against, including -# headers that span multiple physical lines. -# -# By default, these patterns also apply to MIME headers and to the -# headers of attached messages. With older Postfix versions, MIME and -# attached message headers were treated as body text. -# -# For details, see "man header_checks". -# -header_checks = regexp:/etc/postfix/header_checks - -# FAST ETRN SERVICE -# -# Postfix maintains per-destination logfiles with information about -# deferred mail, so that mail can be flushed quickly with the SMTP -# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld". -# See the ETRN_README document for a detailed description. -# -# The fast_flush_domains parameter controls what destinations are -# eligible for this service. By default, they are all domains that -# this server is willing to relay mail to. -# -#fast_flush_domains = $relay_domains - -# SHOW SOFTWARE VERSION OR NOT -# -# The smtpd_banner parameter specifies the text that follows the 220 -# code in the SMTP server's greeting banner. Some people like to see -# the mail version advertised. By default, Postfix shows no version. -# -# You MUST specify $myhostname at the start of the text. That is an -# RFC requirement. Postfix itself does not care. -# -#smtpd_banner = $myhostname ESMTP $mail_name -#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) - -# PARALLEL DELIVERY TO THE SAME DESTINATION -# -# How many parallel deliveries to the same user or domain? With local -# delivery, it does not make sense to do massively parallel delivery -# to the same user, because mailbox updates must happen sequentially, -# and expensive pipelines in .forward files can cause disasters when -# too many are run at the same time. With SMTP deliveries, 10 -# simultaneous connections to the same domain could be sufficient to -# raise eyebrows. -# -# Each message delivery transport has its XXX_destination_concurrency_limit -# parameter. The default is $default_destination_concurrency_limit for -# most delivery transports. For the local delivery agent the default is 2. - -#local_destination_concurrency_limit = 2 -#default_destination_concurrency_limit = 20 - -# DEBUGGING CONTROL -# -# The debug_peer_level parameter specifies the increment in verbose -# logging level when an SMTP client or server host name or address -# matches a pattern in the debug_peer_list parameter. -# -debug_peer_level = 2 - -# The debug_peer_list parameter specifies an optional list of domain -# or network patterns, /file/name patterns or type:name tables. When -# an SMTP client or server host name or address matches a pattern, -# increase the verbose logging level by the amount specified in the -# debug_peer_level parameter. -# -#debug_peer_list = 127.0.0.1 -#debug_peer_list = some.domain - -# The debugger_command specifies the external command that is executed -# when a Postfix daemon program is run with the -D option. -# -# Use "command .. & sleep 5" so that the debugger can attach before -# the process marches on. If you use an X-based debugger, be sure to -# set up your XAUTHORITY environment variable before starting Postfix. -# -debugger_command = - PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin - xxgdb $daemon_directory/$process_name $process_id & sleep 5 - -# If you can't use X, use this to capture the call stack when a -# daemon crashes. The result is in a file in the configuration -# directory, and is named after the process name and the process ID. -# -# debugger_command = -# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont; -# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1 -# >$config_directory/$process_name.$process_id.log & sleep 5 -# -# Another possibility is to run gdb under a detached screen session. -# To attach to the screen sesssion, su root and run "screen -r -# " where uniquely matches one of the detached -# sessions (from "screen -list"). -# -# debugger_command = -# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen -# -dmS $process_name gdb $daemon_directory/$process_name -# $process_id & sleep 1 - -# INSTALL-TIME CONFIGURATION INFORMATION -# -# The following parameters are used when installing a new Postfix version. -# -# sendmail_path: The full pathname of the Postfix sendmail command. -# This is the Sendmail-compatible mail posting interface. -# -sendmail_path = /usr/sbin/sendmail.postfix - -# newaliases_path: The full pathname of the Postfix newaliases command. -# This is the Sendmail-compatible command to build alias databases. -# -newaliases_path = /usr/bin/newaliases.postfix - -# mailq_path: The full pathname of the Postfix mailq command. This -# is the Sendmail-compatible mail queue listing command. -# -mailq_path = /usr/bin/mailq.postfix - -# setgid_group: The group for mail submission and queue management -# commands. This must be a group name with a numerical group ID that -# is not shared with other accounts, not even with the Postfix account. -# -setgid_group = postdrop - -# html_directory: The location of the Postfix HTML documentation. -# -html_directory = no - -# manpage_directory: The location of the Postfix on-line manual pages. -# -manpage_directory = /usr/share/man - -# sample_directory: The location of the Postfix sample configuration files. -# This parameter is obsolete as of Postfix 2.1. -# -sample_directory = /usr/share/doc/postfix-2.4.5/samples - -# readme_directory: The location of the Postfix README files. -# -readme_directory = /usr/share/doc/postfix-2.4.5/README_FILES - -# add this to new postfix to get it to add proper message-id and other -# headers to outgoing emails via the gateway. - - -message_size_limit = 20971520 -#inet_protocols = ipv4 diff --git a/roles/base/files/postfix/main.cf/main.cf.upstreamfirst.fedorainfracloud.org b/roles/base/files/postfix/main.cf/main.cf.upstreamfirst.fedorainfracloud.org deleted file mode 100644 index 293c0c1652..0000000000 --- a/roles/base/files/postfix/main.cf/main.cf.upstreamfirst.fedorainfracloud.org +++ /dev/null @@ -1,687 +0,0 @@ -# "false" -# Global Postfix configuration file. This file lists only a subset -# of all parameters. For the syntax, and for a complete parameter -# list, see the postconf(5) manual page (command: "man 5 postconf"). -# -# For common configuration examples, see BASIC_CONFIGURATION_README -# and STANDARD_CONFIGURATION_README. To find these documents, use -# the command "postconf html_directory readme_directory", or go to -# http://www.postfix.org/. -# -# For best results, change no more than 2-3 parameters at a time, -# and test if Postfix still works after every change. - -# SOFT BOUNCE -# -# The soft_bounce parameter provides a limited safety net for -# testing. When soft_bounce is enabled, mail will remain queued that -# would otherwise bounce. This parameter disables locally-generated -# bounces, and prevents the SMTP server from rejecting mail permanently -# (by changing 5xx replies into 4xx replies). However, soft_bounce -# is no cure for address rewriting mistakes or mail routing mistakes. -# -#soft_bounce = no - -# LOCAL PATHNAME INFORMATION -# -# The queue_directory specifies the location of the Postfix queue. -# This is also the root directory of Postfix daemons that run chrooted. -# See the files in examples/chroot-setup for setting up Postfix chroot -# environments on different UNIX systems. -# -queue_directory = /var/spool/postfix - -# The command_directory parameter specifies the location of all -# postXXX commands. -# -command_directory = /usr/sbin - -# The daemon_directory parameter specifies the location of all Postfix -# daemon programs (i.e. programs listed in the master.cf file). This -# directory must be owned by root. -# -daemon_directory = /usr/libexec/postfix - -# QUEUE AND PROCESS OWNERSHIP -# -# The mail_owner parameter specifies the owner of the Postfix queue -# and of most Postfix daemon processes. Specify the name of a user -# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS -# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In -# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED -# USER. -# -mail_owner = postfix - -# The default_privs parameter specifies the default rights used by -# the local delivery agent for delivery to external file or command. -# These rights are used in the absence of a recipient user context. -# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER. -# -#default_privs = nobody - -# INTERNET HOST AND DOMAIN NAMES -# -# The myhostname parameter specifies the internet hostname of this -# mail system. The default is to use the fully-qualified domain name -# from gethostname(). $myhostname is used as a default value for many -# other configuration parameters. -# -#myhostname = host.domain.tld -#myhostname = virtual.domain.tld - -# The mydomain parameter specifies the local internet domain name. -# The default is to use $myhostname minus the first component. -# $mydomain is used as a default value for many other configuration -# parameters. -# -#mydomain = domain.tld - -# SENDING MAIL -# -# The myorigin parameter specifies the domain that locally-posted -# mail appears to come from. The default is to append $myhostname, -# which is fine for small sites. If you run a domain with multiple -# machines, you should (1) change this to $mydomain and (2) set up -# a domain-wide alias database that aliases each user to -# user@that.users.mailhost. -# -# For the sake of consistency between sender and recipient addresses, -# myorigin also specifies the default domain name that is appended -# to recipient addresses that have no @domain part. -# -#myorigin = $myhostname -#myorigin = $mydomain - -mydomain = fedoraproject.org -myorigin = fedoraproject.org - -# RECEIVING MAIL - -# The inet_interfaces parameter specifies the network interface -# addresses that this mail system receives mail on. By default, -# the software claims all active interfaces on the machine. The -# parameter also controls delivery of mail to user@[ip.address]. -# -# See also the proxy_interfaces parameter, for network addresses that -# are forwarded to us via a proxy or network address translator. -# -# Note: you need to stop/start Postfix when this parameter changes. -# -#inet_interfaces = all -#inet_interfaces = $myhostname -#inet_interfaces = $myhostname, localhost -inet_interfaces = all - -# The proxy_interfaces parameter specifies the network interface -# addresses that this mail system receives mail on by way of a -# proxy or network address translation unit. This setting extends -# the address list specified with the inet_interfaces parameter. -# -# You must specify your proxy/NAT addresses when your system is a -# backup MX host for other domains, otherwise mail delivery loops -# will happen when the primary MX host is down. -# -#proxy_interfaces = -#proxy_interfaces = 1.2.3.4 - -# The mydestination parameter specifies the list of domains that this -# machine considers itself the final destination for. -# -# These domains are routed to the delivery agent specified with the -# local_transport parameter setting. By default, that is the UNIX -# compatible delivery agent that lookups all recipients in /etc/passwd -# and /etc/aliases or their equivalent. -# -# The default is $myhostname + localhost.$mydomain. On a mail domain -# gateway, you should also include $mydomain. -# -# Do not specify the names of virtual domains - those domains are -# specified elsewhere (see VIRTUAL_README). -# -# Do not specify the names of domains that this machine is backup MX -# host for. Specify those names via the relay_domains settings for -# the SMTP server, or use permit_mx_backup if you are lazy (see -# STANDARD_CONFIGURATION_README). -# -# The local machine is always the final destination for mail addressed -# to user@[the.net.work.address] of an interface that the mail system -# receives mail on (see the inet_interfaces parameter). -# -# Specify a list of host or domain names, /file/name or type:table -# patterns, separated by commas and/or whitespace. A /file/name -# pattern is replaced by its contents; a type:table is matched when -# a name matches a lookup key (the right-hand side is ignored). -# Continue long lines by starting the next line with whitespace. -# -# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS". -# -mydestination = $myhostname, localhost.$mydomain, fedora.redhat.com, localhost -#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain -#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, -# mail.$mydomain, www.$mydomain, ftp.$mydomain - -# REJECTING MAIL FOR UNKNOWN LOCAL USERS -# -# The local_recipient_maps parameter specifies optional lookup tables -# with all names or addresses of users that are local with respect -# to $mydestination, $inet_interfaces or $proxy_interfaces. -# -# If this parameter is defined, then the SMTP server will reject -# mail for unknown local users. This parameter is defined by default. -# -# To turn off local recipient checking in the SMTP server, specify -# local_recipient_maps = (i.e. empty). -# -# The default setting assumes that you use the default Postfix local -# delivery agent for local delivery. You need to update the -# local_recipient_maps setting if: -# -# - You define $mydestination domain recipients in files other than -# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files. -# For example, you define $mydestination domain recipients in -# the $virtual_mailbox_maps files. -# -# - You redefine the local delivery agent in master.cf. -# -# - You redefine the "local_transport" setting in main.cf. -# -# - You use the "luser_relay", "mailbox_transport", or "fallback_transport" -# feature of the Postfix local delivery agent (see local(8)). -# -# Details are described in the LOCAL_RECIPIENT_README file. -# -# Beware: if the Postfix SMTP server runs chrooted, you probably have -# to access the passwd file via the proxymap service, in order to -# overcome chroot restrictions. The alternative, having a copy of -# the system passwd file in the chroot jail is just not practical. -# -# The right-hand side of the lookup tables is conveniently ignored. -# In the left-hand side, specify a bare username, an @domain.tld -# wild-card, or specify a user@domain.tld address. -# -#local_recipient_maps = unix:passwd.byname $alias_maps -#local_recipient_maps = proxy:unix:passwd.byname $alias_maps -#local_recipient_maps = - -# The unknown_local_recipient_reject_code specifies the SMTP server -# response code when a recipient domain matches $mydestination or -# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty -# and the recipient address or address local-part is not found. -# -# The default setting is 550 (reject mail) but it is safer to start -# with 450 (try again later) until you are certain that your -# local_recipient_maps settings are OK. -# -unknown_local_recipient_reject_code = 550 - -# TRUST AND RELAY CONTROL - -# The mynetworks parameter specifies the list of "trusted" SMTP -# clients that have more privileges than "strangers". -# -# In particular, "trusted" SMTP clients are allowed to relay mail -# through Postfix. See the smtpd_recipient_restrictions parameter -# in postconf(5). -# -# You can specify the list of "trusted" network addresses by hand -# or you can let Postfix do it for you (which is the default). -# -# By default (mynetworks_style = subnet), Postfix "trusts" SMTP -# clients in the same IP subnetworks as the local machine. -# On Linux, this does works correctly only with interfaces specified -# with the "ifconfig" command. -# -# Specify "mynetworks_style = class" when Postfix should "trust" SMTP -# clients in the same IP class A/B/C networks as the local machine. -# Don't do this with a dialup site - it would cause Postfix to "trust" -# your entire provider's network. Instead, specify an explicit -# mynetworks list by hand, as described below. -# -# Specify "mynetworks_style = host" when Postfix should "trust" -# only the local machine. -# -#mynetworks_style = class -#mynetworks_style = subnet -#mynetworks_style = host - -# Alternatively, you can specify the mynetworks list by hand, in -# which case Postfix ignores the mynetworks_style setting. -# -# Specify an explicit list of network/netmask patterns, where the -# mask specifies the number of bits in the network part of a host -# address. -# -# You can also specify the absolute pathname of a pattern file instead -# of listing the patterns here. Specify type:table for table-based lookups -# (the value on the table right-hand side is not used). -# -#mynetworks = 168.100.189.0/28, 127.0.0.0/8 -#mynetworks = $config_directory/mynetworks -#mynetworks = hash:/etc/postfix/network_table - - -# The relay_domains parameter restricts what destinations this system will -# relay mail to. See the smtpd_recipient_restrictions description in -# postconf(5) for detailed information. -# -# By default, Postfix relays mail -# - from "trusted" clients (IP address matches $mynetworks) to any destination, -# - from "untrusted" clients to destinations that match $relay_domains or -# subdomains thereof, except addresses with sender-specified routing. -# The default relay_domains value is $mydestination. -# -# In addition to the above, the Postfix SMTP server by default accepts mail -# that Postfix is final destination for: -# - destinations that match $inet_interfaces or $proxy_interfaces, -# - destinations that match $mydestination -# - destinations that match $virtual_alias_domains, -# - destinations that match $virtual_mailbox_domains. -# These destinations do not need to be listed in $relay_domains. -# -# Specify a list of hosts or domains, /file/name patterns or type:name -# lookup tables, separated by commas and/or whitespace. Continue -# long lines by starting the next line with whitespace. A file name -# is replaced by its contents; a type:name table is matched when a -# (parent) domain appears as lookup key. -# -# NOTE: Postfix will not automatically forward mail for domains that -# list this system as their primary or backup MX host. See the -# permit_mx_backup restriction description in postconf(5). -# -#relay_domains = $mydestination - - - -# INTERNET OR INTRANET - -# The relayhost parameter specifies the default host to send mail to -# when no entry is matched in the optional transport(5) table. When -# no relayhost is given, mail is routed directly to the destination. -# -# On an intranet, specify the organizational domain name. If your -# internal DNS uses no MX records, specify the name of the intranet -# gateway host instead. -# -# In the case of SMTP, specify a domain, host, host:port, [host]:port, -# [address] or [address]:port; the form [host] turns off MX lookups. -# -# If you're connected via UUCP, see also the default_transport parameter. -# -#relayhost = $mydomain -#relayhost = [gateway.my.domain] -#relayhost = [mailserver.isp.tld] -#relayhost = uucphost -#relayhost = [an.ip.add.ress] -#relayhost = bastion - - -# REJECTING UNKNOWN RELAY USERS -# -# The relay_recipient_maps parameter specifies optional lookup tables -# with all addresses in the domains that match $relay_domains. -# -# If this parameter is defined, then the SMTP server will reject -# mail for unknown relay users. This feature is off by default. -# -# The right-hand side of the lookup tables is conveniently ignored. -# In the left-hand side, specify an @domain.tld wild-card, or specify -# a user@domain.tld address. -# -#relay_recipient_maps = hash:/etc/postfix/relay_recipients - -# INPUT RATE CONTROL -# -# The in_flow_delay configuration parameter implements mail input -# flow control. This feature is turned on by default, although it -# still needs further development (it's disabled on SCO UNIX due -# to an SCO bug). -# -# A Postfix process will pause for $in_flow_delay seconds before -# accepting a new message, when the message arrival rate exceeds the -# message delivery rate. With the default 100 SMTP server process -# limit, this limits the mail inflow to 100 messages a second more -# than the number of messages delivered per second. -# -# Specify 0 to disable the feature. Valid delays are 0..10. -# -#in_flow_delay = 1s - -# ADDRESS REWRITING -# -# The ADDRESS_REWRITING_README document gives information about -# address masquerading or other forms of address rewriting including -# username->Firstname.Lastname mapping. - -masquerade_domains = redhat.com -masquerade_exceptions = root apache - -# ADDRESS REDIRECTION (VIRTUAL DOMAIN) -# -# The VIRTUAL_README document gives information about the many forms -# of domain hosting that Postfix supports. - -# "USER HAS MOVED" BOUNCE MESSAGES -# -# See the discussion in the ADDRESS_REWRITING_README document. - -# TRANSPORT MAP -# -# See the discussion in the ADDRESS_REWRITING_README document. - -# ALIAS DATABASE -# -# The alias_maps parameter specifies the list of alias databases used -# by the local delivery agent. The default list is system dependent. -# -# On systems with NIS, the default is to search the local alias -# database, then the NIS alias database. See aliases(5) for syntax -# details. -# -# If you change the alias database, run "postalias /etc/aliases" (or -# wherever your system stores the mail alias file), or simply run -# "newaliases" to build the necessary DBM or DB file. -# -# It will take a minute or so before changes become visible. Use -# "postfix reload" to eliminate the delay. -# -#alias_maps = dbm:/etc/aliases -alias_maps = hash:/etc/aliases -#alias_maps = hash:/etc/aliases, nis:mail.aliases -#alias_maps = netinfo:/aliases - -# The alias_database parameter specifies the alias database(s) that -# are built with "newaliases" or "sendmail -bi". This is a separate -# configuration parameter, because alias_maps (see above) may specify -# tables that are not necessarily all under control by Postfix. -# -#alias_database = dbm:/etc/aliases -#alias_database = dbm:/etc/mail/aliases -alias_database = hash:/etc/aliases -#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases - -# ADDRESS EXTENSIONS (e.g., user+foo) -# -# The recipient_delimiter parameter specifies the separator between -# user names and address extensions (user+foo). See canonical(5), -# local(8), relocated(5) and virtual(5) for the effects this has on -# aliases, canonical, virtual, relocated and .forward file lookups. -# Basically, the software tries user+foo and .forward+foo before -# trying user and .forward. -# -recipient_delimiter = + - -# DELIVERY TO MAILBOX -# -# The home_mailbox parameter specifies the optional pathname of a -# mailbox file relative to a user's home directory. The default -# mailbox file is /var/spool/mail/user or /var/mail/user. Specify -# "Maildir/" for qmail-style delivery (the / is required). -# -#home_mailbox = Mailbox -#home_mailbox = Maildir/ - -# The mail_spool_directory parameter specifies the directory where -# UNIX-style mailboxes are kept. The default setting depends on the -# system type. -# -#mail_spool_directory = /var/mail -#mail_spool_directory = /var/spool/mail - -# The mailbox_command parameter specifies the optional external -# command to use instead of mailbox delivery. The command is run as -# the recipient with proper HOME, SHELL and LOGNAME environment settings. -# Exception: delivery for root is done as $default_user. -# -# Other environment variables of interest: USER (recipient username), -# EXTENSION (address extension), DOMAIN (domain part of address), -# and LOCAL (the address localpart). -# -# Unlike other Postfix configuration parameters, the mailbox_command -# parameter is not subjected to $parameter substitutions. This is to -# make it easier to specify shell syntax (see example below). -# -# Avoid shell meta characters because they will force Postfix to run -# an expensive shell process. Procmail alone is expensive enough. -# -# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN -# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER. -# -#mailbox_command = /usr/bin/procmail -#mailbox_command = /some/where/procmail -a "$EXTENSION" - -# The mailbox_transport specifies the optional transport in master.cf -# to use after processing aliases and .forward files. This parameter -# has precedence over the mailbox_command, fallback_transport and -# luser_relay parameters. -# -# Specify a string of the form transport:nexthop, where transport is -# the name of a mail delivery transport defined in master.cf. The -# :nexthop part is optional. For more details see the sample transport -# configuration file. -# -# NOTE: if you use this feature for accounts not in the UNIX password -# file, then you must update the "local_recipient_maps" setting in -# the main.cf file, otherwise the SMTP server will reject mail for -# non-UNIX accounts with "User unknown in local recipient table". -# -#mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp - -# If using the cyrus-imapd IMAP server deliver local mail to the IMAP -# server using LMTP (Local Mail Transport Protocol), this is prefered -# over the older cyrus deliver program by setting the -# mailbox_transport as below: -# -# mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp -# -# The efficiency of LMTP delivery for cyrus-imapd can be enhanced via -# these settings. -# -# local_destination_recipient_limit = 300 -# local_destination_concurrency_limit = 5 -# -# Of course you should adjust these settings as appropriate for the -# capacity of the hardware you are using. The recipient limit setting -# can be used to take advantage of the single instance message store -# capability of Cyrus. The concurrency limit can be used to control -# how many simultaneous LMTP sessions will be permitted to the Cyrus -# message store. -# -# To use the old cyrus deliver program you have to set: -#mailbox_transport = cyrus - -# The fallback_transport specifies the optional transport in master.cf -# to use for recipients that are not found in the UNIX passwd database. -# This parameter has precedence over the luser_relay parameter. -# -# Specify a string of the form transport:nexthop, where transport is -# the name of a mail delivery transport defined in master.cf. The -# :nexthop part is optional. For more details see the sample transport -# configuration file. -# -# NOTE: if you use this feature for accounts not in the UNIX password -# file, then you must update the "local_recipient_maps" setting in -# the main.cf file, otherwise the SMTP server will reject mail for -# non-UNIX accounts with "User unknown in local recipient table". -# -#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp -#fallback_transport = - -#transport_maps = hash:/etc/postfix/transport -# The luser_relay parameter specifies an optional destination address -# for unknown recipients. By default, mail for unknown@$mydestination, -# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned -# as undeliverable. -# -# The following expansions are done on luser_relay: $user (recipient -# username), $shell (recipient shell), $home (recipient home directory), -# $recipient (full recipient address), $extension (recipient address -# extension), $domain (recipient domain), $local (entire recipient -# localpart), $recipient_delimiter. Specify ${name?value} or -# ${name:value} to expand value only when $name does (does not) exist. -# -# luser_relay works only for the default Postfix local delivery agent. -# -# NOTE: if you use this feature for accounts not in the UNIX password -# file, then you must specify "local_recipient_maps =" (i.e. empty) in -# the main.cf file, otherwise the SMTP server will reject mail for -# non-UNIX accounts with "User unknown in local recipient table". -# -#luser_relay = $user@other.host -#luser_relay = $local@other.host -#luser_relay = admin+$local - -# JUNK MAIL CONTROLS -# -# The controls listed here are only a very small subset. The file -# SMTPD_ACCESS_README provides an overview. - -# The header_checks parameter specifies an optional table with patterns -# that each logical message header is matched against, including -# headers that span multiple physical lines. -# -# By default, these patterns also apply to MIME headers and to the -# headers of attached messages. With older Postfix versions, MIME and -# attached message headers were treated as body text. -# -# For details, see "man header_checks". -# -header_checks = regexp:/etc/postfix/header_checks - -# FAST ETRN SERVICE -# -# Postfix maintains per-destination logfiles with information about -# deferred mail, so that mail can be flushed quickly with the SMTP -# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld". -# See the ETRN_README document for a detailed description. -# -# The fast_flush_domains parameter controls what destinations are -# eligible for this service. By default, they are all domains that -# this server is willing to relay mail to. -# -#fast_flush_domains = $relay_domains - -# SHOW SOFTWARE VERSION OR NOT -# -# The smtpd_banner parameter specifies the text that follows the 220 -# code in the SMTP server's greeting banner. Some people like to see -# the mail version advertised. By default, Postfix shows no version. -# -# You MUST specify $myhostname at the start of the text. That is an -# RFC requirement. Postfix itself does not care. -# -#smtpd_banner = $myhostname ESMTP $mail_name -#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) - -# PARALLEL DELIVERY TO THE SAME DESTINATION -# -# How many parallel deliveries to the same user or domain? With local -# delivery, it does not make sense to do massively parallel delivery -# to the same user, because mailbox updates must happen sequentially, -# and expensive pipelines in .forward files can cause disasters when -# too many are run at the same time. With SMTP deliveries, 10 -# simultaneous connections to the same domain could be sufficient to -# raise eyebrows. -# -# Each message delivery transport has its XXX_destination_concurrency_limit -# parameter. The default is $default_destination_concurrency_limit for -# most delivery transports. For the local delivery agent the default is 2. - -#local_destination_concurrency_limit = 2 -#default_destination_concurrency_limit = 20 - -# DEBUGGING CONTROL -# -# The debug_peer_level parameter specifies the increment in verbose -# logging level when an SMTP client or server host name or address -# matches a pattern in the debug_peer_list parameter. -# -debug_peer_level = 2 - -# The debug_peer_list parameter specifies an optional list of domain -# or network patterns, /file/name patterns or type:name tables. When -# an SMTP client or server host name or address matches a pattern, -# increase the verbose logging level by the amount specified in the -# debug_peer_level parameter. -# -#debug_peer_list = 127.0.0.1 -#debug_peer_list = some.domain - -# The debugger_command specifies the external command that is executed -# when a Postfix daemon program is run with the -D option. -# -# Use "command .. & sleep 5" so that the debugger can attach before -# the process marches on. If you use an X-based debugger, be sure to -# set up your XAUTHORITY environment variable before starting Postfix. -# -debugger_command = - PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin - xxgdb $daemon_directory/$process_name $process_id & sleep 5 - -# If you can't use X, use this to capture the call stack when a -# daemon crashes. The result is in a file in the configuration -# directory, and is named after the process name and the process ID. -# -# debugger_command = -# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont; -# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1 -# >$config_directory/$process_name.$process_id.log & sleep 5 -# -# Another possibility is to run gdb under a detached screen session. -# To attach to the screen sesssion, su root and run "screen -r -# " where uniquely matches one of the detached -# sessions (from "screen -list"). -# -# debugger_command = -# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen -# -dmS $process_name gdb $daemon_directory/$process_name -# $process_id & sleep 1 - -# INSTALL-TIME CONFIGURATION INFORMATION -# -# The following parameters are used when installing a new Postfix version. -# -# sendmail_path: The full pathname of the Postfix sendmail command. -# This is the Sendmail-compatible mail posting interface. -# -sendmail_path = /usr/sbin/sendmail.postfix - -# newaliases_path: The full pathname of the Postfix newaliases command. -# This is the Sendmail-compatible command to build alias databases. -# -newaliases_path = /usr/bin/newaliases.postfix - -# mailq_path: The full pathname of the Postfix mailq command. This -# is the Sendmail-compatible mail queue listing command. -# -mailq_path = /usr/bin/mailq.postfix - -# setgid_group: The group for mail submission and queue management -# commands. This must be a group name with a numerical group ID that -# is not shared with other accounts, not even with the Postfix account. -# -setgid_group = postdrop - -# html_directory: The location of the Postfix HTML documentation. -# -html_directory = no - -# manpage_directory: The location of the Postfix on-line manual pages. -# -manpage_directory = /usr/share/man - -# sample_directory: The location of the Postfix sample configuration files. -# This parameter is obsolete as of Postfix 2.1. -# -sample_directory = /usr/share/doc/postfix-2.4.5/samples - -# readme_directory: The location of the Postfix README files. -# -readme_directory = /usr/share/doc/postfix-2.4.5/README_FILES - -# add this to new postfix to get it to add proper message-id and other -# headers to outgoing emails via the gateway. - - -message_size_limit = 20971520 -#inet_protocols = ipv4 diff --git a/roles/base/files/resolv.conf/cloud b/roles/base/files/resolv.conf/cloud deleted file mode 100644 index 9661da5d33..0000000000 --- a/roles/base/files/resolv.conf/cloud +++ /dev/null @@ -1,4 +0,0 @@ -search cloud.fedoraproject.org fedoraproject.org -nameserver 8.8.8.8 -nameserver 8.8.4.4 -options rotate timeout:1 diff --git a/roles/base/files/resolv.conf/serverbeach b/roles/base/files/resolv.conf/serverbeach deleted file mode 100644 index 01d5c06952..0000000000 --- a/roles/base/files/resolv.conf/serverbeach +++ /dev/null @@ -1,4 +0,0 @@ -search vpn.fedoraproject.org fedoraproject.org -nameserver 8.8.8.8 -nameserver 8.8.4.4 -options rotate timeout:1 diff --git a/roles/base/files/resolv.conf/telia b/roles/base/files/resolv.conf/telia deleted file mode 100644 index 11dff40bd1..0000000000 --- a/roles/base/files/resolv.conf/telia +++ /dev/null @@ -1,4 +0,0 @@ -search vpn.fedoraproject.org fedoraproject.org -nameserver 213.248.76.210 -nameserver 152.3.182.5 -options rotate timeout:1 diff --git a/roles/base/files/resolv.conf/tummy b/roles/base/files/resolv.conf/tummy deleted file mode 100644 index 246626e3f0..0000000000 --- a/roles/base/files/resolv.conf/tummy +++ /dev/null @@ -1,4 +0,0 @@ -search vpn.fedoraproject.org fedoraproject.org -nameserver 198.49.126.1 -nameserver 66.35.36.133 -options rotate timeout:1 diff --git a/roles/beaker/base/files/beaker-server-fedora.repo b/roles/beaker/base/files/beaker-server-fedora.repo deleted file mode 100644 index d5668d3000..0000000000 --- a/roles/beaker/base/files/beaker-server-fedora.repo +++ /dev/null @@ -1,11 +0,0 @@ -[beaker-server] -name=Beaker Server - Fedora$releasever -baseurl=https://beaker-project.org/yum/server/Fedora$releasever/ -enabled=1 -gpgcheck=0 - -[beaker-server-testing] -name=Beaker Server -Fedora$releasever - Testing -baseurl=https://beaker-project.org/yum/server-testing/Fedora$releasever/ -enabled=0 -gpgcheck=0 diff --git a/roles/beaker/base/tasks/main.yml b/roles/beaker/base/tasks/main.yml deleted file mode 100644 index c1a87a1f10..0000000000 --- a/roles/beaker/base/tasks/main.yml +++ /dev/null @@ -1,27 +0,0 @@ -# -# This is the base beaker role - mostly installing repos for beaker -# ---- - -- name: put beaker server repos on Rhel systems - template: - src: "{{ item }}" - dest: "/etc/yum.repos.d/{{ item }}" - owner: root - group: root - mode: 0644 - with_items: - - beaker-server-rhel.repo - when: ansible_distribution == 'RedHat' - -- name: put beaker server repos on Fedora systems - copy: - src: "{{ item }}" - dest: "/etc/yum.repos.d/{{ item }}" - owner: root - group: root - mode: 0644 - with_items: - - beaker-server-fedora.repo - when: ansible_distribution == 'Fedora' - diff --git a/roles/beaker/base/templates/beaker-server-rhel.repo b/roles/beaker/base/templates/beaker-server-rhel.repo deleted file mode 100644 index 96b2e52414..0000000000 --- a/roles/beaker/base/templates/beaker-server-rhel.repo +++ /dev/null @@ -1,11 +0,0 @@ -[beaker-server] -name=Beaker Server - RedHatEnterpriseLinux{{ ansible_distribution_major_version }} -baseurl=https://beaker-project.org/yum/server/RedHatEnterpriseLinux{{ ansible_distribution_major_version }}/ -enabled=1 -gpgcheck=0 - -[beaker-server-testing] -name=Beaker Server - RedHatEnterpriseLinux{{ ansible_distribution_major_version }} - Testing -baseurl=https://beaker-project.org/yum/server-testing/RedHatEnterpriseLinux{{ ansible_distribution_major_version }}/ -enabled=0 -gpgcheck=0 diff --git a/roles/beaker/labcontroller/handlers/main.yml b/roles/beaker/labcontroller/handlers/main.yml deleted file mode 100644 index d584be115a..0000000000 --- a/roles/beaker/labcontroller/handlers/main.yml +++ /dev/null @@ -1,10 +0,0 @@ -##################################################################### -# Handlers for restarting services specific to beaker lab controllers -# - -- name: restart beaker lab controller - service: name={{ item }} state=restarted - with_items: - - beaker-proxy - - beaker-provision - - beaker-watchdog diff --git a/roles/beaker/labcontroller/tasks/main.yml b/roles/beaker/labcontroller/tasks/main.yml deleted file mode 100644 index 72107b62f8..0000000000 --- a/roles/beaker/labcontroller/tasks/main.yml +++ /dev/null @@ -1,36 +0,0 @@ -# -# This is a beaker_labcontroller role. -# ---- -- name: install packages needed for beaker lab-controller - package: name={{ item }} state=present - with_items: - - beaker-lab-controller - - tftp-server - -- name: Replace default labcontroller.conf file - template: - src: etc/beaker/labcontroller.conf.j2 - dest: /etc/beaker/labcontroller.conf - owner: apache - group: root - mode: 0660 - backup: yes - force: yes - notify: - - reload httpd - - restart beaker lab controller - tags: - - beaker_lab_controller - -- name: start required services - service: name={{ item }} state=started enabled=yes - with_items: - - httpd - - tftp.socket - - beaker-proxy - - beaker-provision - - beaker-watchdog - # beaker-transfer is left disabled, since we have no log archive server - tags: - - beaker_lab_controller diff --git a/roles/beaker/labcontroller/templates/etc/beaker/labcontroller.conf.j2 b/roles/beaker/labcontroller/templates/etc/beaker/labcontroller.conf.j2 deleted file mode 100644 index bf81256222..0000000000 --- a/roles/beaker/labcontroller/templates/etc/beaker/labcontroller.conf.j2 +++ /dev/null @@ -1,48 +0,0 @@ -# Hub xml-rpc address. -#HUB_URL = "https://localhost:8080" -HUB_URL = "http://{{beaker_server_hostname}}/" - -# Hub authentication method. Example: krbv, password, worker_key -AUTH_METHOD = "password" -#AUTH_METHOD = "krbv" - -# Username and password -USERNAME = "{{beaker_lab_controller_username}}" -PASSWORD = "{{beaker_lab_controller_password}}" - -# Kerberos service prefix. Example: host, HTTP -KRB_SERVICE = "HTTP" - -# Kerberos realm. If commented, last two parts of domain name are used. Example: MYDOMAIN.COM. -KRB_REALM = "DOMAIN.COM" - -#Uncomment and change the following two lines if using krb with qpid -#QPID_KRB_PRINCIPAL='HTTP/localhost' - -#QPID_KRB_KEYTAB='/etc/my/file.keytab' - -# By default, job logs are stored locally on the lab controller. -# If you have set up an archive server to store job logs, uncomment and -# configure the following settings. You will also need to enable the -# beaker-transfer daemon to move logs to the archive server. -#ARCHIVE_SERVER = "http://archive-example.domain.com/beaker" -#ARCHIVE_BASEPATH = "/var/www/html/beaker" -#ARCHIVE_RSYNC = "rsync://USER@HOST/var/www/html/beaker" -#RSYNC_FLAGS = "-ar --password-file /root/rsync-secret.txt" - -# How often to renew our session on the server -#RENEW_SESSION_INTERVAL = 300 - -# Root directory served by the TFTP server. Netboot images and configs will be -# placed here. -TFTP_ROOT = "/var/lib/tftpboot" - -# URL scheme used to generate absolute URLs for this lab controller. -# It is used for job logs served by Apache. Set it to 'https' if you have -# configured Apache for SSL and you want logs to be served over SSL. -#URL_SCHEME = "http" - -# Fully qualified domain name of *this* system (not the Beaker server). -# Defaults to socket.gethostname(). Ordinarily that is sufficient, unless you -# have registered this lab controller with Beaker under a CNAME. -URL_DOMAIN = "{{beaker_server_cname}}" diff --git a/roles/beaker/server/files/saml2/beaker.qa.fedoraproject.org/certificate.pem b/roles/beaker/server/files/saml2/beaker.qa.fedoraproject.org/certificate.pem deleted file mode 100644 index cc73bf9037..0000000000 --- a/roles/beaker/server/files/saml2/beaker.qa.fedoraproject.org/certificate.pem +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDHzCCAgegAwIBAgIJAIJYzzIqyTO3MA0GCSqGSIb3DQEBCwUAMCYxJDAiBgNV -BAMMG2JlYWtlci5xYS5mZWRvcmFwcm9qZWN0Lm9yZzAeFw0xNjA0MDcxNTI4MDNa -Fw0yMTA0MDYxNTI4MDNaMCYxJDAiBgNVBAMMG2JlYWtlci5xYS5mZWRvcmFwcm9q -ZWN0Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO0EiJo2tuXP -T7TMPRHvsJ2Rt0RmcEIlYUAUsyDyJd14zrxpX6XNh5k11MNR/K3gtylpMsXnryGR -ZxV9QEERVD+eOrHWYgKBW+XxUkWvU3+5g6MJrnBK/4MahEOTCuj5dt06hABMgrip -3i5wm/NCa8tu98IB3mP6ApX35nGG7zNgy+pycolzo00Nss1FW/wygZukAG+DDrGz -QUHKx5dGIq3VTd6X/0jnTDh83gmM2IItYorKr6ZgG+Wzjtjr+eAVJbKaOuL895Wv -1D7vpHpnac2pKxKB5Pd81tSDf++tInBKSSN7rb+0+YkV/aHa5zm2XqMZ8YOu8hX0 -67TXZLmzYIkCAwEAAaNQME4wHQYDVR0OBBYEFHwukZpuQ6Y0qoK22fyVSvUzRK9G -MB8GA1UdIwQYMBaAFHwukZpuQ6Y0qoK22fyVSvUzRK9GMAwGA1UdEwQFMAMBAf8w -DQYJKoZIhvcNAQELBQADggEBAHzMR0NYdK/B2MzDk2nw056/ijebeVfOpawdFbkV -5srXnlexUwZFroC90I5dkd9nPz3mT9A35DTv43j86UgK60RJhJhkoMRQC+nU2YBM -SmxKl2OzsjNY4w0FW3DJhxfahGAy4whvhJYmQuAGdrvh657GPxfOP1OwUcIT4nco -nFr/QRVWvuYE6RsJoBE60eIka1G5mJxz5IlnBqG13Zx/C71a969E2StXVBOIx0cE -gr8IZUw+rCFiM3Pv1ihTqagzydNtQM1OdUIcYYH1nfnm5sbBTaJ9VXrS+xs2lBOg -Z8kuhm+XT1TOvIwyCRxf1vH6cnSmsOHMXnWfZN1YwI9uCS0= ------END CERTIFICATE----- - diff --git a/roles/beaker/server/files/saml2/beaker.qa.fedoraproject.org/metadata.xml b/roles/beaker/server/files/saml2/beaker.qa.fedoraproject.org/metadata.xml deleted file mode 100644 index 1849b4f433..0000000000 --- a/roles/beaker/server/files/saml2/beaker.qa.fedoraproject.org/metadata.xml +++ /dev/null @@ -1,35 +0,0 @@ - - - - - - - MIIDHzCCAgegAwIBAgIJAIJYzzIqyTO3MA0GCSqGSIb3DQEBCwUAMCYxJDAiBgNV - BAMMG2JlYWtlci5xYS5mZWRvcmFwcm9qZWN0Lm9yZzAeFw0xNjA0MDcxNTI4MDNa - Fw0yMTA0MDYxNTI4MDNaMCYxJDAiBgNVBAMMG2JlYWtlci5xYS5mZWRvcmFwcm9q - ZWN0Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO0EiJo2tuXP - T7TMPRHvsJ2Rt0RmcEIlYUAUsyDyJd14zrxpX6XNh5k11MNR/K3gtylpMsXnryGR - ZxV9QEERVD+eOrHWYgKBW+XxUkWvU3+5g6MJrnBK/4MahEOTCuj5dt06hABMgrip - 3i5wm/NCa8tu98IB3mP6ApX35nGG7zNgy+pycolzo00Nss1FW/wygZukAG+DDrGz - QUHKx5dGIq3VTd6X/0jnTDh83gmM2IItYorKr6ZgG+Wzjtjr+eAVJbKaOuL895Wv - 1D7vpHpnac2pKxKB5Pd81tSDf++tInBKSSN7rb+0+YkV/aHa5zm2XqMZ8YOu8hX0 - 67TXZLmzYIkCAwEAAaNQME4wHQYDVR0OBBYEFHwukZpuQ6Y0qoK22fyVSvUzRK9G - MB8GA1UdIwQYMBaAFHwukZpuQ6Y0qoK22fyVSvUzRK9GMAwGA1UdEwQFMAMBAf8w - DQYJKoZIhvcNAQELBQADggEBAHzMR0NYdK/B2MzDk2nw056/ijebeVfOpawdFbkV - 5srXnlexUwZFroC90I5dkd9nPz3mT9A35DTv43j86UgK60RJhJhkoMRQC+nU2YBM - SmxKl2OzsjNY4w0FW3DJhxfahGAy4whvhJYmQuAGdrvh657GPxfOP1OwUcIT4nco - nFr/QRVWvuYE6RsJoBE60eIka1G5mJxz5IlnBqG13Zx/C71a969E2StXVBOIx0cE - gr8IZUw+rCFiM3Pv1ihTqagzydNtQM1OdUIcYYH1nfnm5sbBTaJ9VXrS+xs2lBOg - Z8kuhm+XT1TOvIwyCRxf1vH6cnSmsOHMXnWfZN1YwI9uCS0= - - - - - - - - - urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified - - - diff --git a/roles/beaker/server/files/saml2/beaker.stg.fedoraproject.org/certificate.pem b/roles/beaker/server/files/saml2/beaker.stg.fedoraproject.org/certificate.pem deleted file mode 100644 index bd691a96c1..0000000000 --- a/roles/beaker/server/files/saml2/beaker.stg.fedoraproject.org/certificate.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDITCCAgmgAwIBAgIJANePJb/F64UnMA0GCSqGSIb3DQEBCwUAMCcxJTAjBgNV -BAMMHGJlYWtlci5zdGcuZmVkb3JhcHJvamVjdC5vcmcwHhcNMTUxMDEzMjM0MTEy -WhcNMjAxMDExMjM0MTEyWjAnMSUwIwYDVQQDDBxiZWFrZXIuc3RnLmZlZG9yYXBy -b2plY3Qub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ldJi2fS -MkriCEsesaaMCSHXyPdYufGfdmgKxKhDEjwXLWj/V7fU5P6nmaACXkbbCb+IXTAr -hSt6PxEZBtBqMn6gccuwIC18xJs1bT5dlt2Xfo0BZWQWaFyqMOZeaj7A3TK1JyuH -rKUVOm/HQASUdZEVG/nzvEZPfNZEljylFTHix37JLAPVjyWJeDwVAATriWi0T+FT -J0kgMzzM29ffXIVrK30BylKpIoILhfM4FYUN78GoXFpAnJL/tqNG0LnKSIAYpiz8 -qSKMU04R/FyxzCeymCuZmq7yqh+GvT8ZxfdhyRoIpPqpWs568/NUCkQbfWDyt76t -d2OI585vN1iLXQIDAQABo1AwTjAdBgNVHQ4EFgQU099ELHHVooBjYIH5cOfAk2wH -lrowHwYDVR0jBBgwFoAU099ELHHVooBjYIH5cOfAk2wHlrowDAYDVR0TBAUwAwEB -/zANBgkqhkiG9w0BAQsFAAOCAQEAcHCzouLDuAfaReCo8Tt0gtblf/Ko5bj+LgbD -7KN7JgPZN3gEt+kbD3/zkfCMOgxwPSDACT2eddfTNOvEvjOfYWINsncryyw4P/Yz -eOf5Lmy2MahZ9PCmBZ3PtNrwniHkeZjVQoZ7vnhTvWtj2zY+E5witIX+oT7TGwej -JBbqBzqIJiahlB1/tEHY2vPMKLRi6fvTaKEBiiD+OscdAwYcIGWfpHLpmtMfhcar -ilPZqFHO+yfFpbmqe8FhaFp37j2g3SyZfZUpS7vJgQyc6EWJE84vZ2XuCHXE1wbF -uTmuWwmvjmEUblL+a6LueUIm4qDy7/I/ghGo3o8Ryj6dGBluqw== ------END CERTIFICATE----- diff --git a/roles/beaker/server/files/saml2/beaker.stg.fedoraproject.org/idp-metadata.xml b/roles/beaker/server/files/saml2/beaker.stg.fedoraproject.org/idp-metadata.xml deleted file mode 100644 index ac0c4ab07d..0000000000 --- a/roles/beaker/server/files/saml2/beaker.stg.fedoraproject.org/idp-metadata.xml +++ /dev/null @@ -1,81 +0,0 @@ - - - - - - - MIIFOTCCAyGgAwIBAgIJAOtrg+MpYNUgMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNV - BAMMKGlkLmZlZG9yYXByb2plY3Qub3JnIFNURyBURU1QT1JBUlkgU0FNTDIwHhcN - MTUwOTMwMDkxMzU3WhcNMTUxMDMwMDkxMzU3WjAzMTEwLwYDVQQDDChpZC5mZWRv - cmFwcm9qZWN0Lm9yZyBTVEcgVEVNUE9SQVJZIFNBTUwyMIICIjANBgkqhkiG9w0B - AQEFAAOCAg8AMIICCgKCAgEAt1mvOsVxRm9O+dT0QIYxl0vmqQQ4MhQA3wboEeBp - sQYjM2te+2Q/7OOwklVdD5g/rgXuDwOH6ztt1Y6UJmMC9RQCSJ5YNFe95hOE0H+P - ar9/9xm6hlwqxp9S1NftO7G6x7Zad/QHURcQit2EeDJAox/LEk3FEti03Q2tSPBa - wpNk/AUwkXnGn+bQ142JxvfJaO8sdxPpww1955SxKnJ3ClaPw3Qs0SLbD7cQQnyu - gQne0jBNPS5LkXS7DKmPBXY7R7der2gx3Wr6TxHNCcqMruL/RHmGKEB/KnFqxDK1 - zNrcUyyghHGBRtGqbJw37kQBWtuoE67iyAiHQWnn4onNHTFeP1SfpzFIM3ya8Iew - Awh93IH2YAAd3SxNsCE27iZej2+8OikkWp6rpG36apskwKLAmOTKATqAII49u32o - aYqMe3LEORzmoR45/FGmQ8fPTxIXoT9kkA8nS3Xa1f6BaGnlxPu+VNAYEQx5hzX1 - yhjSEiIcyowIx4/Frp+XHn7USQHb0jBkBGTWlo3QRO3LDarTmcoJZIrMK1fISggv - KJ1jUisrboFm0hX4O0F6TAx9UbWGIpgTiEjynDbBgIWsElGaTOfafPOFAVVusW5W - 6na5R0sKDiaw5Ej3tMz5gTlSLk+0Vfc/tQphqIgXu1BIQ5gghyDUAEZRIe7iFEnu - LqUCAwEAAaNQME4wHQYDVR0OBBYEFFIneEZsGOpk6nVXammdrrRVyG5/MB8GA1Ud - IwQYMBaAFFIneEZsGOpk6nVXammdrrRVyG5/MAwGA1UdEwQFMAMBAf8wDQYJKoZI - hvcNAQELBQADggIBAGqXB//gUKBAUFHB4i45/70vWID2lYMu2nFvd7SWI1oc0n78 - DTlqFDYDyV05V/qCnezjAb+6KUyyeyAevgZPaDswCVd2aygYGDE9RsvOy60UhZ1c - yfgVx2l/YLzO4bWNKllxpfbLVHTfKo8MfFa99ClN6Y+t8+fucTS2+WOq5MYd5lKS - /4FY7QYq645oYHAlQzOV2PHAcMDbhtaEJJ4CXh4//ArM/NE73NYaH4SGQW1xVD7D - 8zS/0TGYDX6MNQvRwzihtKVEtUAGj1zIZZUYFd9+mx4Ir3OBnRozSe8LkfaWYd13 - hlRLINzOEQ3ebSGGRlgeFYXw+cTpn64KoyE56CcL//dxZS27LGBIMAul0eARoa6U - Y1DYkZ178QugycphmLCkxe2/Qe9xZjn0ghycxiYAlPqGFG87pW8UC162B7eklOuR - GO/BqcKZcO5GPyWkuslUpx8w0bOnCgXKxVzbt5BGBMvSMxe/QCw9x4sXnKGUtHaV - FqnKqa/sxkfQ8HltSvft8goNw13/I+J5ERHdif0EyI83ba+CyGwEjCe8uZYjp2G3 - DqtUXjiYReHTYZr6R9Xgts0RKf44wVJ3D7Fs7P2dBGI7b/R/8HHv9HM+/HcbkRhA - 25vdCBgg+KF3u3bZZlUp82PkOtRFcr4kb3GwS4FAaxRC5i/8Z4qI2ICNZFPN - - - - - - - - MIIFOTCCAyGgAwIBAgIJAOtrg+MpYNUgMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNV - BAMMKGlkLmZlZG9yYXByb2plY3Qub3JnIFNURyBURU1QT1JBUlkgU0FNTDIwHhcN - MTUwOTMwMDkxMzU3WhcNMTUxMDMwMDkxMzU3WjAzMTEwLwYDVQQDDChpZC5mZWRv - cmFwcm9qZWN0Lm9yZyBTVEcgVEVNUE9SQVJZIFNBTUwyMIICIjANBgkqhkiG9w0B - AQEFAAOCAg8AMIICCgKCAgEAt1mvOsVxRm9O+dT0QIYxl0vmqQQ4MhQA3wboEeBp - sQYjM2te+2Q/7OOwklVdD5g/rgXuDwOH6ztt1Y6UJmMC9RQCSJ5YNFe95hOE0H+P - ar9/9xm6hlwqxp9S1NftO7G6x7Zad/QHURcQit2EeDJAox/LEk3FEti03Q2tSPBa - wpNk/AUwkXnGn+bQ142JxvfJaO8sdxPpww1955SxKnJ3ClaPw3Qs0SLbD7cQQnyu - gQne0jBNPS5LkXS7DKmPBXY7R7der2gx3Wr6TxHNCcqMruL/RHmGKEB/KnFqxDK1 - zNrcUyyghHGBRtGqbJw37kQBWtuoE67iyAiHQWnn4onNHTFeP1SfpzFIM3ya8Iew - Awh93IH2YAAd3SxNsCE27iZej2+8OikkWp6rpG36apskwKLAmOTKATqAII49u32o - aYqMe3LEORzmoR45/FGmQ8fPTxIXoT9kkA8nS3Xa1f6BaGnlxPu+VNAYEQx5hzX1 - yhjSEiIcyowIx4/Frp+XHn7USQHb0jBkBGTWlo3QRO3LDarTmcoJZIrMK1fISggv - KJ1jUisrboFm0hX4O0F6TAx9UbWGIpgTiEjynDbBgIWsElGaTOfafPOFAVVusW5W - 6na5R0sKDiaw5Ej3tMz5gTlSLk+0Vfc/tQphqIgXu1BIQ5gghyDUAEZRIe7iFEnu - LqUCAwEAAaNQME4wHQYDVR0OBBYEFFIneEZsGOpk6nVXammdrrRVyG5/MB8GA1Ud - IwQYMBaAFFIneEZsGOpk6nVXammdrrRVyG5/MAwGA1UdEwQFMAMBAf8wDQYJKoZI - hvcNAQELBQADggIBAGqXB//gUKBAUFHB4i45/70vWID2lYMu2nFvd7SWI1oc0n78 - DTlqFDYDyV05V/qCnezjAb+6KUyyeyAevgZPaDswCVd2aygYGDE9RsvOy60UhZ1c - yfgVx2l/YLzO4bWNKllxpfbLVHTfKo8MfFa99ClN6Y+t8+fucTS2+WOq5MYd5lKS - /4FY7QYq645oYHAlQzOV2PHAcMDbhtaEJJ4CXh4//ArM/NE73NYaH4SGQW1xVD7D - 8zS/0TGYDX6MNQvRwzihtKVEtUAGj1zIZZUYFd9+mx4Ir3OBnRozSe8LkfaWYd13 - hlRLINzOEQ3ebSGGRlgeFYXw+cTpn64KoyE56CcL//dxZS27LGBIMAul0eARoa6U - Y1DYkZ178QugycphmLCkxe2/Qe9xZjn0ghycxiYAlPqGFG87pW8UC162B7eklOuR - GO/BqcKZcO5GPyWkuslUpx8w0bOnCgXKxVzbt5BGBMvSMxe/QCw9x4sXnKGUtHaV - FqnKqa/sxkfQ8HltSvft8goNw13/I+J5ERHdif0EyI83ba+CyGwEjCe8uZYjp2G3 - DqtUXjiYReHTYZr6R9Xgts0RKf44wVJ3D7Fs7P2dBGI7b/R/8HHv9HM+/HcbkRhA - 25vdCBgg+KF3u3bZZlUp82PkOtRFcr4kb3GwS4FAaxRC5i/8Z4qI2ICNZFPN - - - - - - - - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent - urn:oasis:names:tc:SAML:2.0:nameid-format:transient - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress - - diff --git a/roles/beaker/server/files/saml2/beaker.stg.fedoraproject.org/metadata.xml b/roles/beaker/server/files/saml2/beaker.stg.fedoraproject.org/metadata.xml deleted file mode 100644 index d3c5fd84bd..0000000000 --- a/roles/beaker/server/files/saml2/beaker.stg.fedoraproject.org/metadata.xml +++ /dev/null @@ -1,34 +0,0 @@ - - - - - - - MIIDITCCAgmgAwIBAgIJANePJb/F64UnMA0GCSqGSIb3DQEBCwUAMCcxJTAjBgNV - BAMMHGJlYWtlci5zdGcuZmVkb3JhcHJvamVjdC5vcmcwHhcNMTUxMDEzMjM0MTEy - WhcNMjAxMDExMjM0MTEyWjAnMSUwIwYDVQQDDBxiZWFrZXIuc3RnLmZlZG9yYXBy - b2plY3Qub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ldJi2fS - MkriCEsesaaMCSHXyPdYufGfdmgKxKhDEjwXLWj/V7fU5P6nmaACXkbbCb+IXTAr - hSt6PxEZBtBqMn6gccuwIC18xJs1bT5dlt2Xfo0BZWQWaFyqMOZeaj7A3TK1JyuH - rKUVOm/HQASUdZEVG/nzvEZPfNZEljylFTHix37JLAPVjyWJeDwVAATriWi0T+FT - J0kgMzzM29ffXIVrK30BylKpIoILhfM4FYUN78GoXFpAnJL/tqNG0LnKSIAYpiz8 - qSKMU04R/FyxzCeymCuZmq7yqh+GvT8ZxfdhyRoIpPqpWs568/NUCkQbfWDyt76t - d2OI585vN1iLXQIDAQABo1AwTjAdBgNVHQ4EFgQU099ELHHVooBjYIH5cOfAk2wH - lrowHwYDVR0jBBgwFoAU099ELHHVooBjYIH5cOfAk2wHlrowDAYDVR0TBAUwAwEB - /zANBgkqhkiG9w0BAQsFAAOCAQEAcHCzouLDuAfaReCo8Tt0gtblf/Ko5bj+LgbD - 7KN7JgPZN3gEt+kbD3/zkfCMOgxwPSDACT2eddfTNOvEvjOfYWINsncryyw4P/Yz - eOf5Lmy2MahZ9PCmBZ3PtNrwniHkeZjVQoZ7vnhTvWtj2zY+E5witIX+oT7TGwej - JBbqBzqIJiahlB1/tEHY2vPMKLRi6fvTaKEBiiD+OscdAwYcIGWfpHLpmtMfhcar - ilPZqFHO+yfFpbmqe8FhaFp37j2g3SyZfZUpS7vJgQyc6EWJE84vZ2XuCHXE1wbF - uTmuWwmvjmEUblL+a6LueUIm4qDy7/I/ghGo3o8Ryj6dGBluqw== - - - - - - - - - urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified - - diff --git a/roles/beaker/server/handlers/main.yml b/roles/beaker/server/handlers/main.yml deleted file mode 100644 index 89d3de0304..0000000000 --- a/roles/beaker/server/handlers/main.yml +++ /dev/null @@ -1,6 +0,0 @@ -############################################################# -# Handlers for restarting services specific to beaker servers -# - -- name: restart beaker server - service: name=beakerd state=restarted diff --git a/roles/beaker/server/tasks/client.yml b/roles/beaker/server/tasks/client.yml deleted file mode 100644 index 73b7499afa..0000000000 --- a/roles/beaker/server/tasks/client.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Configures the bkr client on the server itself. We can use this from Ansible -# to perform various administrative tasks. - -- name: install bkr client - package: name=beaker-client state=present - tags: - - beaker-server - -- name: create /root/.beaker_client - file: path=/root/.beaker_client state=directory - tags: - - beaker-server - -- name: configure bkr client - template: src=root/beaker-client-config.j2 dest=/root/.beaker_client/config mode=0600 - tags: - - beaker-server diff --git a/roles/beaker/server/tasks/main.yml b/roles/beaker/server/tasks/main.yml deleted file mode 100644 index 261a7b3c1e..0000000000 --- a/roles/beaker/server/tasks/main.yml +++ /dev/null @@ -1,130 +0,0 @@ -# -# This is a beaker_server role. -# ---- - -# it's unfortunate, but the beaker devs say that this is required until -# https://bugzilla.redhat.com/show_bug.cgi?id=1074384 is solved -- name: switch selinux off - selinux: state=disabled - tags: - - selinux - - beaker-server - -- name: install packages required for beaker-server - package: name={{ item }} state=present - with_items: - - beaker-server - - mod_auth_mellon - - libvirt-client - tags: - - beaker-server - - MySQL-python - -- name: create /etc/httpd/saml2/{{ beaker_server_cname }} - file: > - path="/etc/httpd/saml2/{{ beaker_server_cname }}" - state=directory owner=apache group=apache mode=0700 - tags: - - beaker-server - -- name: copy SAML identity provider metadata - copy: > - src="{{ private }}/files/saml2/idp-{{env}}.xml" - dest="/etc/httpd/saml2/{{ beaker_server_cname }}/idp-metadata.xml" - owner="apache" group="apache" mode=0600 - notify: - - reload httpd - tags: - - beaker-server - -- name: copy SAML files - copy: > - src="{{ item }}" dest="/etc/httpd/{{ item }}" - owner="apache" group="apache" mode=0644 - with_items: - - "saml2/{{ beaker_server_cname }}/metadata.xml" - - "saml2/{{ beaker_server_cname }}/certificate.pem" - notify: - - reload httpd - tags: - - beaker-server - -- name: copy SAML private key - copy: > - src="{{ private}}/files/saml2/{{ beaker_server_cname }}/certificate.key" - dest="/etc/httpd/saml2/{{ beaker_server_cname }}/certificate.key" - owner="apache" group="apache" mode=0600 - notify: - - reload httpd - tags: - - beaker-server - -- name: Replace default apache beaker-server.conf - template: - src: beaker-server.conf - dest: /etc/httpd/conf.d/beaker-server.conf - owner: root - group: root - mode: 0644 - notify: - - reload httpd - tags: - - beaker-server - -- name: Replace default beaker_server.cfg file - template: - src: etc/beaker/server.cfg.j2 - dest: /etc/beaker/server.cfg - owner: apache - group: root - mode: 0660 - backup: yes - force: yes - register: setup_beaker_conf - notify: - - restart beaker server - - reload httpd - tags: - - beaker-server - -- name: create the beaker database - mysql_db: name={{ beaker_db_name }} state=present - -- name: create beaker database user - mysql_user: - name: "{{ beaker_db_user }}" - password: "{{ beaker_db_password }}" - priv: "{{ beaker_db_name }}.*:ALL,GRANT" - state: present - -- name: initialize beaker database - command: "beaker-init -u {{beaker_server_admin_user}} -p {{beaker_server_admin_pass}} -e {{beaker_server_email}}" - when: setup_beaker_conf is success - tags: - - beaker-init - - beaker-server - -# workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1327051 -- name: create /var/run/beaker - command: systemd-tmpfiles --create beaker-server.conf - tags: - - beaker-server - -- name: ensure the Apache server and the Beaker daemon are running - service: name={{ item }} state=started enabled=yes - with_items: - - httpd - - beakerd - tags: - - beaker-server - -- import_tasks: client.yml - -- name: ensure beaker server has all relevant virthost ssh signatures in known_hosts - lineinfile: dest=/root/.ssh/known_hosts regexp='{{ item.hostname }}' line='{{ item.hostname }} {{ item.signature }}' create=yes owner=root group=root - with_items: - - '{{ beaker_virthost_signatures }}' - tags: - - beaker-server - diff --git a/roles/beaker/server/templates/beaker-server.conf b/roles/beaker/server/templates/beaker-server.conf deleted file mode 100644 index 0e8d4f6ee4..0000000000 --- a/roles/beaker/server/templates/beaker-server.conf +++ /dev/null @@ -1,96 +0,0 @@ -# Unencrypted access is bad -# Un-comment the following to force https connections -RewriteEngine on -#RewriteCond %{REQUEST_URI} !^/rpms/.* [NC] -#RewriteCond %{REQUEST_URI} !^/repos/.* [NC] -#RewriteCond %{REQUEST_URI} !^/harness/.* [NC] -#RewriteCond %{REQUEST_URI} !^/kickstart/.* [NC] -#RewriteCond %{REQUEST_URI} !/ipxe-script$ [NC] -#RewriteCond %{HTTPS} off -#RewriteRule ^/(.*) https://%{HTTP_HOST}%{REQUEST_URI} -#RewriteRule ^/bkr$ /bkr/ [R] - -Alias /static /usr/share/bkr/server/static -Alias /assets/generated /var/cache/beaker/assets -Alias /assets /usr/share/bkr/server/assets -Redirect permanent /apidoc http://beaker-project.org/docs/server-api -Alias /logs /var/www/beaker/logs -Alias /rpms /var/www/beaker/rpms -Alias /repos /var/www/beaker/repos -Alias /harness /var/www/beaker/harness - - - - ForceType text/plain - - - -# To work around a thread safety issue in TurboGears where HTTP requests will -# sometimes fail with NoApplicableMethods during application startup, it is -# recommended to set threads=1 here. -# See https://bugzilla.redhat.com/show_bug.cgi?id=796037 for details. -WSGIDaemonProcess beaker-server user=apache group=apache display-name=beaker-server maximum-requests=1000 processes=8 threads=1 -WSGISocketPrefix /var/run/wsgi -WSGIRestrictStdout On -WSGIRestrictSignal Off -WSGIPythonOptimize 2 -WSGIPassAuthorization On - -WSGIScriptAlias / /usr/share/bkr/beaker-server.wsgi - - - WSGIApplicationGroup beaker-server - WSGIProcessGroup beaker-server - - # Apache 2.4 - Require all granted - - - # Apache 2.2 - Order deny,allow - Allow from all - - - - - - # Apache 2.4 - Require all granted - - - # Apache 2.2 - Order deny,allow - Allow from all - - # Generated assets have a content hash in their filename so they can - # safely be cached forever. - ExpiresActive on - ExpiresDefault "access plus 1 year" - - -# Humans will be accessing the application using a CNAME through a reverse -# proxy doing SSL termination. We need to make mellon aware of that since it -# does some sanity checks on the destination URL. -ServerName https://{{ beaker_server_cname }} -UseCanonicalName on - - - MellonEnable "info" - MellonSPPrivateKeyFile "/etc/httpd/saml2/{{ beaker_server_cname }}/certificate.key" - MellonSPCertFile "/etc/httpd/saml2/{{ beaker_server_cname }}/certificate.pem" - MellonSPMetadataFile "/etc/httpd/saml2/{{ beaker_server_cname }}/metadata.xml" - MellonIdPMetadataFile "/etc/httpd/saml2/{{ beaker_server_cname }}/idp-metadata.xml" - MellonEndpointPath /saml2 - MellonVariable "saml-sesion-cookie" - MellonsecureCookie On - MellonUser "NAME_ID" - MellonIdP "IDP" - MellonSetEnvNoPrefix "REMOTE_USER_FULLNAME" "fullname" - MellonSetEnvNoPrefix "REMOTE_USER_EMAIL" "email" - MellonSessionLength 3600 - - - - MellonEnable "auth" - Header append Cache-Control "no-cache" - diff --git a/roles/beaker/server/templates/etc/beaker/server.cfg.j2 b/roles/beaker/server/templates/etc/beaker/server.cfg.j2 deleted file mode 100644 index 854b9cf60e..0000000000 --- a/roles/beaker/server/templates/etc/beaker/server.cfg.j2 +++ /dev/null @@ -1,152 +0,0 @@ -[global] -# This defines the URL prefix under which the Beaker web application will be -# served. This must match the prefix used in the Alias and WSGIScriptAlias -# directives in /etc/httpd/conf.d/beaker-server.conf. -# The default configuration places the application at: http://example.com/bkr/ -# server.webpath = "/" - -# Database connection URI for Beaker's database, in the form: -# ://:@:/? -# The charset=utf8 option is required for proper Unicode support. -# The pool_recycle setting is required for MySQL, which will (by default) -# terminate idle client connections after 10 hours. -sqlalchemy.dburi="mysql://{{beaker_db_user}}:{{beaker_db_password}}@{{beaker_db_host}}/{{beaker_db_name}}?charset=utf8" -sqlalchemy.pool_recycle = 3600 - -# If you want to send read-only report queries to a separate slave -# database, configure it here. If not configured, report queries will -# fall back to using the main Beaker database (above). -#reports_engine.dburi = "mysql://beaker_ro:beaker_ro@dbslave/beaker?charset=utf8" -#reports_engine.pool_recycle = 3600 - -# Set to True to enable sending emails. -mail.on = True - -# TurboMail transport to use. The default 'smtp' sends mails over SMTP to the -# server configured below. Other transports may be available as TurboMail -# extension packages. -#mail.transport = "smtp" -# SMTP server where mails should be sent. By default we assume there is an -# SMTP-capable MTA running on the local host. -#mail.smtp.server = "127.0.0.1" - -# The address which will appear as the From: address in emails sent by Beaker. -#beaker_email = "root@localhost.localdomain" - -# If this is set to a value greater than zero, Beaker will enforce a limit on -# the number of concurrently running power/provision commands in each lab. Set -# this option if you have a lab with many machines and are concerned about -# a flood of commands overwhelming your lab controller. -#beaker.max_running_commands = 10 - -# Timeout for authentication tokens. After this many minutes of inactivity -# users will be required to re-authenticate. -#visit.timeout = 360 - -# Secret key for encrypting authentication tokens. Set this to a very long -# random string and DO NOT disclose it. Changing this value will invalidate all -# existing tokens and force users to re-authenticate. -# If not set, a secret key will be generated and stored in /var/lib/beaker, -# however this configuration impacts performance therefore you should supply -# a secret key here. -#visit.token_secret_key = "" - -# Enable LDAP for user account lookup and password authentication. -#identity.ldap.enabled = False -# URI of LDAP directory. -#identity.soldapprovider.uri = "ldaps://ldap.domain.com" -# Base DN for looking up user accounts. -#identity.soldapprovider.basedn = "dc=domain,dc=com" -# If set to True, Beaker user acounts will be automatically created on demand -# if they exist in LDAP. Account attributes are populated from LDAP. -#identity.soldapprovider.autocreate = False -# Timeout (seconds) for LDAP lookups. -#identity.soldapprovider.timeout = 20 -# Server principal and keytab for Kerberos authentication. If using Kerberos -# authentication, this must match the mod_auth_kerb configuration in -# /etc/httpd/conf.d/beaker-server.conf. -#identity.krb_auth_principal = "HTTP/hostname@EXAMPLE.COM" -#identity.krb_auth_keytab = "/etc/krb5.keytab" -# OpenID Connect authentication -identity.oauth2_token_info_url = "{{ beaker_oidc_token_info_url }}" -identity.oauth2_client_id = "{{ beaker_oidc_client_id }}" -identity.oauth2_client_secret = "{{ beaker_oidc_client_secret }}" - -# These are used when generating absolute URLs (e.g. in e-mails sent by Beaker) -# You should only have to set this if socket.gethostname() returns the wrong -# name, for example if you are using CNAMEs. -tg.url_domain = '{{beaker_server_cname}}' -tg.url_scheme = "https" -# If your scheduler is multi-homed and has a different hostname for your test -# machines you can use the tg.lab_domain variable here to specify it. -# If tg.lab_domain is not set it will fall back to tg.url_domain, and if that's -# not set it will fall back to socket.gethostname(). -tg.lab_domain = '{{beaker_server_hostname}}' - -# Tag for distros which are considered "reliable". -# Broken system detection logic will be activated for distros with this tag -# (see the bkr.server.model:System.suspicious_abort method). Leave this unset -# to deactivate broken system detection. -#beaker.reliable_distro_tag = "RELEASED" - -# The contents of this file will be displayed to users on every page in Beaker. -# If it exists, it must contain a valid HTML fragment (e.g. ...). -#beaker.motd = "/etc/beaker/motd.xml" - -# The URL of a page describing your organisation's policies for reserving -# Beaker machines. If configured, a message will appear on the reserve workflow -# page, warning users to adhere to the policy with a hyperlink to this URL. By -# default no message is shown. -#beaker.reservation_policy_url = "http://example.com/reservation-policy" - -# If both of these options are set, the Piwik tracking javascript snippet will -# be embedded in all pages, reporting statistics back to the given Piwik -# installation. -# Make sure that piwik.base_url is a protocol-relative URL starting with // -#piwik.base_url = "//analytics.example.invalid/piwik/" -#piwik.site_id = 123 - -# These install options are used as global defaults for every provision. They -# can be overriden by options on the distro tree, the system, or the recipe. -#beaker.ks_meta = "" -#beaker.kernel_options = "ksdevice=bootif" -#beaker.kernel_options_post = "" - -# See BZ#1000861 -#beaker.deprecated_job_group_permissions.on = True - -# When generating MAC addresses for virtual systems, Beaker will always pick -# the lowest free address starting from this base address. -#beaker.base_mac_addr = "52:54:00:00:00:00" - -# Beaker increases the priority of recipes when it detects that they match only -# one candidate system. You can disable this behaviour here. -#beaker.priority_bumping_enabled = True - -# When generating RPM repos, we can configure what utility -# to use. So far, only 'createrepo' and 'createrepo_c' have been -# tested. See https://github.com/Tojaj/createrepo_c -#beaker.createrepo_command = "createrepo" - -# If you have set up a log archive server (with beaker-transfer) and it -# requires HTTP digest authentication for deleting old logs, set the username -# and password here. -#beaker.log_delete_user = "log-delete" -#beaker.log_delete_password = "examplepassword" - -# If carbon.address is set, Beaker will send various metrics to carbon -# (collection daemon for Graphite) at the given address. The address must be -# a tuple of (hostname, port). -# The value of carbon.prefix is prepended to all names used by Beaker. -#carbon.address = ('graphite.example.invalid', 2023) -#carbon.prefix = 'beaker.' - -# Use OpenStack for running recipes on dynamically created guests. -#openstack.identity_api_url = 'https://openstack.example.com:5000/v2.0' -#openstack.dashboard_url = 'https://openstack.example.com/dashboard/' - -# Set this to limit the Beaker web application's address space to the given -# size (in bytes). This may be helpful to catch excessive memory consumption by -# Beaker. On large deployments 1500000000 is a reasonable value. -# By default no address space limit is enforced. -#rlimit_as= diff --git a/roles/beaker/server/templates/root/beaker-client-config.j2 b/roles/beaker/server/templates/root/beaker-client-config.j2 deleted file mode 100644 index 4f8ee31545..0000000000 --- a/roles/beaker/server/templates/root/beaker-client-config.j2 +++ /dev/null @@ -1,4 +0,0 @@ -HUB_URL = "http://localhost" -AUTH_METHOD = "password" -USERNAME = "{{ beaker_server_admin_user }}" -PASSWORD = "{{ beaker_server_admin_pass }}" diff --git a/roles/beaker/virthost/defaults/main.yml b/roles/beaker/virthost/defaults/main.yml deleted file mode 100644 index 69e8863972..0000000000 --- a/roles/beaker/virthost/defaults/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -bridge_name: br0 -eth_interface: eth0 -libvirt_group: kvm diff --git a/roles/beaker/virthost/files/libvirt.conf b/roles/beaker/virthost/files/libvirt.conf deleted file mode 100644 index 1ff0ec641f..0000000000 --- a/roles/beaker/virthost/files/libvirt.conf +++ /dev/null @@ -1,18 +0,0 @@ -# -# This can be used to setup URI aliases for frequently -# used connection URIs. Aliases may contain only the -# characters a-Z, 0-9, _, -. -# -# Following the '=' may be any valid libvirt connection -# URI, including arbitrary parameters - -#uri_aliases = [ -# "hail=qemu+ssh://root@hail.cloud.example.com/system", -# "sleet=qemu+ssh://root@sleet.cloud.example.com/system", -#] - -# -# This can be used to prevent probing of the hypervisor -# driver when no URI is supplied by the application. - -uri_default = "qemu:///system" diff --git a/roles/beaker/virthost/tasks/main.yml b/roles/beaker/virthost/tasks/main.yml deleted file mode 100644 index 2058e1adca..0000000000 --- a/roles/beaker/virthost/tasks/main.yml +++ /dev/null @@ -1,149 +0,0 @@ ---- -# This is somewhat a duplication of the virthost task used by other virthosts -# doing things this way isn't ideal but for this application, we need a local -# non-root user which can control VMs and the other infra virthosts are locked -# down in a way which makes that impossible. -# -# If it's possible to unify the two tasks/roles, that's probably for the best -# but for now, we're left with the duplication :( - - -- name: install libvirt packages on rhel7 virthosts - package: name={{ item }} state=present - with_items: - - qemu-kvm - - libvirt - - virt-install - tags: - - packages - when: ansible_distribution == 'RedHat' and ansible_distribution_major_version|int == 7 - -# install libvirtd.conf -# -# This provides us with the ability to control VMs with non-root and -# non-fas accounts -# -- name: generate libvirtd.conf - template: src=libvirtd.conf.j2 dest=/etc/libvirt/libvirtd.conf - notify: - - restart libvirtd - tags: - - config - -- name: enable libvirtd - service: name=libvirtd state=started enabled=yes - -# -# Disable lvmetad as it causes lots of problems with iscsi shared lvm and caching. -# -- name: disable lvmetad - lineinfile: dest=/etc/lvm/lvm.conf regexp="^ use_lvmetad = 1" line=" use_lvmetad = 0" backrefs=yes - -- name: set bridging to work right - copy: src="{{ files }}/virthost/99-bridge.rules" dest=/etc/udev/rules.d/99-bridge.rules - notify: - - restart bridge - tags: - - config - when: ansible_distribution == 'RedHat' and ansible_distribution_major_version|int == 7 - -- name: generate config for ethernet device - template: - src: ifcfg-device.j2 - dest: /etc/sysconfig/network-scripts/ifcfg-{{ eth_interface }} - owner: root - group: root - mode: 0644 - notify: - - restart bridge - - restart network - -- name: generate config for ethernet bridge - template: - src: ifcfg-bridge.j2 - dest: /etc/sysconfig/network-scripts/ifcfg-{{ bridge_name }} - owner: root - group: root - mode: 0644 - notify: - - restart bridge - - restart network - -# -# This is where the duplication with regular virthosts stops -# -- name: add libvirt remote user - user: - name: "{{ libvirt_user }}" - groups: kvm - -- name: add ssh key for libvirt remote user - authorized_key: - user: "{{ libvirt_user }}" - path: /home/{{ libvirt_user }}/.ssh/authorized_keys - key: "{{ libvirt_remote_pubkey }}" - -# -# For some reason, virsh will always find qemu:///session instead -# of the qemu:///system that we need, so force a new default -# -- name: ensure libvirt user has config dir for libvirt - file: - path: /home/{{ libvirt_user }}/.config/libvirt - state: directory - owner: "{{ libvirt_user }}" - group: "{{ libvirt_user }}" - mode: 1775 - -- name: create libvirt config for libvirt remote user - copy: - src: libvirt.conf - dest: /home/{{ libvirt_user }}/.config/libvirt/libvirt.conf - owner: "{{ libvirt_user }}" - group: "{{ libvirt_user }}" - mode: 0644 - -- name: create libvirt config for root user - copy: - src: libvirt.conf - dest: /etc/libvirt/libvirt.conf - owner: root - group: root - mode: 0644 - -- name: add polkit rule for users in kvm group - template: - src: 10-libvirt.rules.j2 - dest: /etc/polkit-1/rules.d/10-libvirt.rules - owner: root - group: root - mode: 0644 - -- name: get vm list - virt: command=list_vms - register: result - check_mode: no - -- name: generate libvirt xml files for clients - template: - src: client-libvirt.xml.j2 - dest: /home/{{ libvirt_user }}/{{ item.hostname }}.libvirt.xml - owner: "{{ libvirt_user }}" - group: "{{ libvirt_user }}" - when: item.hostname not in result.list_vms - with_items: "{{ clients }}" - become: true - become_user: "{{ libvirt_user }}" - -- name: ensure the guest lvs are created - lvol: lv={{ item.hostname }} vg={{ volgroup }} size={{ item.lvm_size }} state=present - when: item.hostname not in result.list_vms - with_items: "{{ clients }}" - -- name: ensure vms are defined - command: "virsh define --file /home/{{ libvirt_user }}/{{ item.hostname }}.libvirt.xml" - when: item.hostname not in result.list_vms - with_items: "{{ clients }}" - become: true - become_user: "{{ libvirt_user }}" - diff --git a/roles/beaker/virthost/templates/10-libvirt.rules.j2 b/roles/beaker/virthost/templates/10-libvirt.rules.j2 deleted file mode 100644 index c93cca6335..0000000000 --- a/roles/beaker/virthost/templates/10-libvirt.rules.j2 +++ /dev/null @@ -1,4 +0,0 @@ -polkit.addRule(function (action, subject) { - if (action.id == "org.libvirt.unix.manage" && subject.isInGroup("kvm")) - return polkit.Result.YES; -}); diff --git a/roles/beaker/virthost/templates/client-libvirt.xml.j2 b/roles/beaker/virthost/templates/client-libvirt.xml.j2 deleted file mode 100644 index d143e85c91..0000000000 --- a/roles/beaker/virthost/templates/client-libvirt.xml.j2 +++ /dev/null @@ -1,51 +0,0 @@ - - {{ item.hostname }} - {{ item.memsize }} - {{ item.num_cpus }} - - hvm - - - - - - - - destroy - restart - restart - - - - - - -
- - -
- - - - - - -
- - - - - - - - -