Merge branch 'master' of /git/ansible

playbooks/include/proxies-reverseproxy.yml

@@ -605,6 +605,21 @@
     destname: os
     proxyurl: http://localhost:10064
     keephost: true
+    when: env != "staging"
+    tags:
+    - os.fedoraproject.org
+
+  - role: httpd/reverseproxy
+    website: os.fedoraproject.org
+    destname: os
+    proxyurl: http://localhost:10064
+    balancer_name: osmaster
+    balancer_members:
+    - "https://os-master01"
+    - "https://os-master02"
+    - "https://os-master03"
+    keephost: true
+    when: env == "staging"
     tags:
     - os.fedoraproject.org
 

playbooks/manual/upgrade/fedimg.yml

@@ -17,9 +17,6 @@
   - name: yum update fedimg packages from main repo
     yum: name="python-fedimg" state=latest
     when: not testing
-  - name: yum update fedfind package from main repo
-    yum: name="fedfind" state=latest
-    when: not testing
   - name: yum update fedimg packages from testing repo
     yum: name="python-fedimg" state=latest enablerepo=infrastructure-tags-stg
     when: testing
@@ -27,6 +24,46 @@
     yum: name="python2-libcloud" state=latest enablerepo=epel-testing
     when: not testing
 
+- name: update fedfind
+  hosts: fedimg:fedimg-stg
+  user: root
+  vars_files:
+   - /srv/web/infra/ansible/vars/global.yml
+   - "/srv/private/ansible/vars.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+  vars:
+    testing: False
+  handlers:
+  - include: "{{ handlers_path }}/restart_services.yml"
+
+  tasks:
+  - name: yum update fedfind packages from main repo
+    yum: name="fedfind" state=latest
+    when: not testing
+  - name: yum update fedfind packages from testing repo
+    yum: name="fedfind" state=latest enablerepo=infrastructure-tags-stg
+    when: testing
+
+- name: update python2-fedfind
+  hosts: fedimg:fedimg-stg
+  user: root
+  vars_files:
+   - /srv/web/infra/ansible/vars/global.yml
+   - "/srv/private/ansible/vars.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+  vars:
+    testing: False
+  handlers:
+  - include: "{{ handlers_path }}/restart_services.yml"
+
+  tasks:
+  - name: yum update fedfind packages from main repo
+    yum: name="python2-fedfind" state=latest
+    when: not testing
+  - name: yum update fedfind packages from testing repo
+    yum: name="python2-fedfind" state=latest enablerepo=infrastructure-tags-stg
+    when: testing
+
 - name: verify the backend and restart it
   hosts: fedimg:fedimg-stg
   user: root

playbooks/update_ticketkey.yml

@@ -12,10 +12,10 @@
 
   tasks:
   - name: create new production ticket key
-    command: dd if=/dev/random of=/root/ticketkey_production.tkey bs=1 count=48
+    command: /usr/local/bin/generate_ticketkey /root/ticketkey_production.tkey fpprod
 
   - name: create new staging ticket key
-    command: dd if=/dev/random of=/root/ticketkey_staging.tkey bs=1 count=48
+    command: /usr/local/bin/generate_ticketkey /root/ticketkey_staging.tkey fpstag
 
 - name: Push out new ticket key
   hosts: proxies:proxies-stg

roles/batcave/files/generate_ticketkey

@@ -0,0 +1,13 @@
+#!/bin/python
+from datetime import datetime
+import sys
+
+if len(sys.argv) != 3:
+    raise Exception('Provide output file name and environment')
+if len(sys.argv[2]) != 6:
+    raise Exception('Environment name must be exactly 6 characters')
+
+with open(sys.argv[1], 'wb') as tkey:
+    tkey.write('%s%s' % (sys.argv[2], datetime.utcnow().strftime('%Y%m%d%H')))
+    with open('/dev/random', 'rb') as rand:
+        tkey.write(rand.read(32))

roles/batcave/tasks/main.yml

@@ -88,6 +88,12 @@
   - batcave
   - config
 
+- name: Install program for generating ticket key
+  copy: src=generate_ticketkey dest=/usr/local/bin/generate_ticketkey mode=0755
+  tags:
+  - batcave
+  - config
+
 - name: setup cron for daily ticketkey reollover
   copy: src=ticketkey.cron dest=/etc/cron.hourly/ticketkey.cron mode=0755
   tags:

roles/httpd/reverseproxy/templates/reversepassproxy.conf

@@ -17,5 +17,14 @@ RequestHeader unset Expect early
 ProxyPreserveHost On
 {% endif %}
 
+{% if balancer_name is defined %}
+<Proxy "balancer://{{balancer_name}}">
+  {% for member in balancer_members %}
+    BalancerMember "{{ member }}/{{remotepath}}"
+  {% endfor %}
+</Proxy>
+ProxyPass {{ localpath }} "balancer://{{balancer_name}}"
+{% else %}
 ProxyPass {{ localpath }} {{ proxyurl }}{{remotepath}}
+{% endif %}
 ProxyPassReverse {{ localpath }} {{ proxyurl }}{{remotepath}}

roles/openshift-apps/greenwave/files/deploymentconfig.yml

@@ -1,3 +1,4 @@
+---
 apiVersion: v1
 kind: DeploymentConfig
 metadata:
@@ -44,6 +45,17 @@ spec:
       - name: config-volume
         configMap:
           name: greenwave-configmap
+  triggers:
+  - type: ImageChange
+    imageChangeParams:
+      automatic: true
+      containerNames:
+      - web
+      from:
+        kind: ImageStreamTag
+        name: greenwave:latest
+  - type: ConfigChange
+---
 # For fedmsg consumers
 apiVersion: v1
 kind: DeploymentConfig
@@ -64,10 +76,11 @@ spec:
     spec:
       containers:
       - name: fedmsg-consumers
-        image: 172.30.53.136:5000/greenwave/greenwave:latest
+        image: registry/greenwave:latest
         ports:
         - containerPort: 8081
-        command: /usr/bin/fedmsg-hub
+        command:
+        - '/usr/bin/fedmsg-hub'
         volumeMounts:
         - name: fedmsg-config-volume
           mountPath: /etc/fedmsg.d
@@ -84,9 +97,9 @@ spec:
     imageChangeParams:
       automatic: true
       containerNames:
-      - web
       - fedmsg-consumers
       from:
         kind: ImageStreamTag
         name: greenwave:latest
   - type: ConfigChange
+ 

roles/openshift-apps/greenwave/files/service.yml

@@ -1,3 +1,4 @@
+---
 apiVersion: v1
 kind: Service
 metadata:
@@ -12,6 +13,7 @@ spec:
   - name: web
     port: 8080
     targetPort: 8080
+---
 apiVersion: v1
 kind: Service
 metadata:

roles/postgresql_server/files/backup-database

@@ -2,7 +2,7 @@
 # Backup a database *locally* to /backups/.
 
 # Sleep a bit so we do not have a thundering herd on db hosts
-sleep $[ ( $RANDOM % 3600 )  + 1 ]s
+sleep $[ ( $RANDOM % 7200 )  + 1 ]s
 
 DB=$1