From ae39b8778c771d204f9ee40c000b29b22f9e740e Mon Sep 17 00:00:00 2001 From: clime Date: Tue, 9 Jan 2018 11:49:29 +0100 Subject: [PATCH 01/10] copr-backend: try switching staging to f27 --- inventory/host_vars/copr-be-dev.cloud.fedoraproject.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory/host_vars/copr-be-dev.cloud.fedoraproject.org b/inventory/host_vars/copr-be-dev.cloud.fedoraproject.org index b218a085f6..22302e6fac 100644 --- a/inventory/host_vars/copr-be-dev.cloud.fedoraproject.org +++ b/inventory/host_vars/copr-be-dev.cloud.fedoraproject.org @@ -1,6 +1,6 @@ --- instance_type: m1.xlarge -image: "{{ fedora26_x86_64 }}" +image: "{{ fedora27_x86_64 }}" keypair: fedora-admin-20130801 security_group: web-80-anywhere-persistent,web-443-anywhere-persistent,ssh-anywhere-persistent,default,allow-nagios-persistent,fedmsg-relay-persistent zone: nova From f2ee5f642e5e14bf915978ee1f7f2c99a9b31210 Mon Sep 17 00:00:00 2001 From: clime Date: Tue, 9 Jan 2018 12:22:46 +0100 Subject: [PATCH 02/10] copr-stg: update backend ips --- inventory/group_vars/copr-keygen-stg | 8 ++++---- inventory/group_vars/copr-stg | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/inventory/group_vars/copr-keygen-stg b/inventory/group_vars/copr-keygen-stg index b05f7b7460..04795fa45e 100644 --- a/inventory/group_vars/copr-keygen-stg +++ b/inventory/group_vars/copr-keygen-stg @@ -3,10 +3,10 @@ copr_hostbase: copr-keygen-dev tcp_ports: [] # http + signd dest ports -custom_rules: [ '-A INPUT -p tcp -m tcp -s 172.25.32.206 --dport 80 -j ACCEPT', - '-A INPUT -p tcp -m tcp -s 172.25.159.112 --dport 80 -j ACCEPT', - '-A INPUT -p tcp -m tcp -s 172.25.32.206 --dport 5167 -j ACCEPT', - '-A INPUT -p tcp -m tcp -s 172.25.159.112 --dport 5167 -j ACCEPT'] +custom_rules: [ '-A INPUT -p tcp -m tcp -s 172.25.32.11 --dport 80 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 172.25.153.203 --dport 80 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 172.25.32.211 --dport 5167 -j ACCEPT', + '-A INPUT -p tcp -m tcp -s 172.25.153.203 --dport 5167 -j ACCEPT'] datacenter: cloud diff --git a/inventory/group_vars/copr-stg b/inventory/group_vars/copr-stg index 2ee315d3d0..f807347699 100644 --- a/inventory/group_vars/copr-stg +++ b/inventory/group_vars/copr-stg @@ -5,7 +5,7 @@ _forward_src: "forward_dev" # don't forget to update ip in ./copr-keygen-stg, due to custom firewall rules -copr_backend_ips: ["172.25.32.206", "172.25.159.112"] +copr_backend_ips: ["172.25.32.211", "172.25.153.203"] keygen_host: "172.25.32.205" resolvconf: "resolv.conf/cloud" From 199de030b6ae1a0128e979a51c65decfd0f9a98c Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Tue, 9 Jan 2018 12:13:49 +0000 Subject: [PATCH 03/10] Also deploy certs for managing registry to prod Signed-off-by: Patrick Uiterwijk --- playbooks/groups/releng-compose.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/playbooks/groups/releng-compose.yml b/playbooks/groups/releng-compose.yml index 8474051fdd..48d4aa5595 100644 --- a/playbooks/groups/releng-compose.yml +++ b/playbooks/groups/releng-compose.yml @@ -55,17 +55,15 @@ - fedmsg/base - { role: "manage-container-images", - cert_dest_dir: "/etc/docker/certs.d/registry.stg.fedoraproject.org", + cert_dest_dir: "/etc/docker/certs.d/registry{{ env_suffix }}.fedoraproject.org", cert_src: "{{private}}/files/docker-registry/{{env}}/docker-registry-internal.pem", key_src: "{{private}}/files/docker-registry/{{env}}/docker-registry-internal.key", - when: env == "staging" } - { role: "manage-container-images", - cert_dest_dir: "/etc/docker/certs.d/candidate-registry.stg.fedoraproject.org", + cert_dest_dir: "/etc/docker/certs.d/candidate-registry{{ env_suffix }}.fedoraproject.org", cert_src: "{{private}}/files/docker-registry/{{env}}/docker-registry-internal.pem", key_src: "{{private}}/files/docker-registry/{{env}}/docker-registry-internal.key", - when: env == "staging" } From 99948b9d6927b175d5f8a1732d94a98748f6f2ca Mon Sep 17 00:00:00 2001 From: Tim Flink Date: Tue, 9 Jan 2018 22:48:04 +0000 Subject: [PATCH 04/10] updating taskotron prod bits for redeployment --- inventory/host_vars/qa12.qa.fedoraproject.org | 32 ++--- inventory/host_vars/qa13.qa.fedoraproject.org | 32 ++--- .../taskotron01.qa.fedoraproject.org | 124 +++++++++--------- .../buildslave-configure/tasks/main.yml | 2 +- roles/taskotron/buildslave/tasks/main.yml | 2 +- 5 files changed, 96 insertions(+), 96 deletions(-) diff --git a/inventory/host_vars/qa12.qa.fedoraproject.org b/inventory/host_vars/qa12.qa.fedoraproject.org index 3856ad1349..a007e654dd 100644 --- a/inventory/host_vars/qa12.qa.fedoraproject.org +++ b/inventory/host_vars/qa12.qa.fedoraproject.org @@ -7,20 +7,20 @@ nrpe_procs_crit: 1000 eth0_ip: 10.5.131.20 gw: 10.5.131.254 -short_hostname: qa12.qa +short_hostname: qa12 slaves: - - { user: "{{ short_hostname }}-1", home: "/home/{{ short_hostname }}-1", dir: "/home/{{ short_hostname }}-1/slave" } - - { user: "{{ short_hostname }}-2", home: "/home/{{ short_hostname }}-2", dir: "/home/{{ short_hostname }}-2/slave" } - - { user: "{{ short_hostname }}-3", home: "/home/{{ short_hostname }}-3", dir: "/home/{{ short_hostname }}-3/slave" } - - { user: "{{ short_hostname }}-4", home: "/home/{{ short_hostname }}-4", dir: "/home/{{ short_hostname }}-4/slave" } - - { user: "{{ short_hostname }}-5", home: "/home/{{ short_hostname }}-5", dir: "/home/{{ short_hostname }}-5/slave" } - - { user: "{{ short_hostname }}-6", home: "/home/{{ short_hostname }}-6", dir: "/home/{{ short_hostname }}-6/slave" } - - { user: "{{ short_hostname }}-7", home: "/home/{{ short_hostname }}-7", dir: "/home/{{ short_hostname }}-7/slave" } - - { user: "{{ short_hostname }}-8", home: "/home/{{ short_hostname }}-8", dir: "/home/{{ short_hostname }}-8/slave" } - - { user: "{{ short_hostname }}-9", home: "/home/{{ short_hostname }}-9", dir: "/home/{{ short_hostname }}-9/slave" } - - { user: "{{ short_hostname }}-10", home: "/home/{{ short_hostname }}-10", dir: "/home/{{ short_hostname }}-10/slave" } - - { user: "{{ short_hostname }}-11", home: "/home/{{ short_hostname }}-11", dir: "/home/{{ short_hostname }}-11/slave" } - - { user: "{{ short_hostname }}-12", home: "/home/{{ short_hostname }}-12", dir: "/home/{{ short_hostname }}-12/slave" } - - { user: "{{ short_hostname }}-13", home: "/home/{{ short_hostname }}-13", dir: "/home/{{ short_hostname }}-13/slave" } - - { user: "{{ short_hostname }}-14", home: "/home/{{ short_hostname }}-14", dir: "/home/{{ short_hostname }}-14/slave" } - - { user: "{{ short_hostname }}-15", home: "/home/{{ short_hostname }}-15", dir: "/home/{{ short_hostname }}-15/slave" } + - { user: "{{ short_hostname }}-1", home: "/srv/buildslaves/{{ short_hostname }}-1", dir: "/srv/buildslaves/{{ short_hostname }}-1/slave" } + - { user: "{{ short_hostname }}-2", home: "/srv/buildslaves/{{ short_hostname }}-2", dir: "/srv/buildslaves/{{ short_hostname }}-2/slave" } + - { user: "{{ short_hostname }}-3", home: "/srv/buildslaves/{{ short_hostname }}-3", dir: "/srv/buildslaves/{{ short_hostname }}-3/slave" } + - { user: "{{ short_hostname }}-4", home: "/srv/buildslaves/{{ short_hostname }}-4", dir: "/srv/buildslaves/{{ short_hostname }}-4/slave" } + - { user: "{{ short_hostname }}-5", home: "/srv/buildslaves/{{ short_hostname }}-5", dir: "/srv/buildslaves/{{ short_hostname }}-5/slave" } + - { user: "{{ short_hostname }}-6", home: "/srv/buildslaves/{{ short_hostname }}-6", dir: "/srv/buildslaves/{{ short_hostname }}-6/slave" } + - { user: "{{ short_hostname }}-7", home: "/srv/buildslaves/{{ short_hostname }}-7", dir: "/srv/buildslaves/{{ short_hostname }}-7/slave" } + - { user: "{{ short_hostname }}-8", home: "/srv/buildslaves/{{ short_hostname }}-8", dir: "/srv/buildslaves/{{ short_hostname }}-8/slave" } + - { user: "{{ short_hostname }}-9", home: "/srv/buildslaves/{{ short_hostname }}-9", dir: "/srv/buildslaves/{{ short_hostname }}-9/slave" } + - { user: "{{ short_hostname }}-10", home: "/srv/buildslaves/{{ short_hostname }}-10", dir: "/srv/buildslaves/{{ short_hostname }}-10/slave" } + - { user: "{{ short_hostname }}-11", home: "/srv/buildslaves/{{ short_hostname }}-11", dir: "/srv/buildslaves/{{ short_hostname }}-11/slave" } + - { user: "{{ short_hostname }}-12", home: "/srv/buildslaves/{{ short_hostname }}-12", dir: "/srv/buildslaves/{{ short_hostname }}-12/slave" } + - { user: "{{ short_hostname }}-13", home: "/srv/buildslaves/{{ short_hostname }}-13", dir: "/srv/buildslaves/{{ short_hostname }}-13/slave" } + - { user: "{{ short_hostname }}-14", home: "/srv/buildslaves/{{ short_hostname }}-14", dir: "/srv/buildslaves/{{ short_hostname }}-14/slave" } + - { user: "{{ short_hostname }}-15", home: "/srv/buildslaves/{{ short_hostname }}-15", dir: "/srv/buildslaves/{{ short_hostname }}-15/slave" } diff --git a/inventory/host_vars/qa13.qa.fedoraproject.org b/inventory/host_vars/qa13.qa.fedoraproject.org index 0ae3319483..d01b8949cf 100644 --- a/inventory/host_vars/qa13.qa.fedoraproject.org +++ b/inventory/host_vars/qa13.qa.fedoraproject.org @@ -7,20 +7,20 @@ nrpe_procs_crit: 1000 eth0_ip: 10.5.131.21 gw: 10.5.131.254 -short_hostname: qa13.qa +short_hostname: qa13 slaves: - - { user: "{{ short_hostname }}-1", home: "/home/{{ short_hostname }}-1", dir: "/home/{{ short_hostname }}-1/slave" } - - { user: "{{ short_hostname }}-2", home: "/home/{{ short_hostname }}-2", dir: "/home/{{ short_hostname }}-2/slave" } - - { user: "{{ short_hostname }}-3", home: "/home/{{ short_hostname }}-3", dir: "/home/{{ short_hostname }}-3/slave" } - - { user: "{{ short_hostname }}-4", home: "/home/{{ short_hostname }}-4", dir: "/home/{{ short_hostname }}-4/slave" } - - { user: "{{ short_hostname }}-5", home: "/home/{{ short_hostname }}-5", dir: "/home/{{ short_hostname }}-5/slave" } - - { user: "{{ short_hostname }}-6", home: "/home/{{ short_hostname }}-6", dir: "/home/{{ short_hostname }}-6/slave" } - - { user: "{{ short_hostname }}-7", home: "/home/{{ short_hostname }}-7", dir: "/home/{{ short_hostname }}-7/slave" } - - { user: "{{ short_hostname }}-8", home: "/home/{{ short_hostname }}-8", dir: "/home/{{ short_hostname }}-8/slave" } - - { user: "{{ short_hostname }}-9", home: "/home/{{ short_hostname }}-9", dir: "/home/{{ short_hostname }}-9/slave" } - - { user: "{{ short_hostname }}-10", home: "/home/{{ short_hostname }}-10", dir: "/home/{{ short_hostname }}-10/slave" } - - { user: "{{ short_hostname }}-11", home: "/home/{{ short_hostname }}-11", dir: "/home/{{ short_hostname }}-11/slave" } - - { user: "{{ short_hostname }}-12", home: "/home/{{ short_hostname }}-12", dir: "/home/{{ short_hostname }}-12/slave" } - - { user: "{{ short_hostname }}-13", home: "/home/{{ short_hostname }}-13", dir: "/home/{{ short_hostname }}-13/slave" } - - { user: "{{ short_hostname }}-14", home: "/home/{{ short_hostname }}-14", dir: "/home/{{ short_hostname }}-14/slave" } - - { user: "{{ short_hostname }}-15", home: "/home/{{ short_hostname }}-15", dir: "/home/{{ short_hostname }}-15/slave" } + - { user: "{{ short_hostname }}-1", home: "/srv/buildslaves/{{ short_hostname }}-1", dir: "/srv/buildslaves/{{ short_hostname }}-1/slave" } + - { user: "{{ short_hostname }}-2", home: "/srv/buildslaves/{{ short_hostname }}-2", dir: "/srv/buildslaves/{{ short_hostname }}-2/slave" } + - { user: "{{ short_hostname }}-3", home: "/srv/buildslaves/{{ short_hostname }}-3", dir: "/srv/buildslaves/{{ short_hostname }}-3/slave" } + - { user: "{{ short_hostname }}-4", home: "/srv/buildslaves/{{ short_hostname }}-4", dir: "/srv/buildslaves/{{ short_hostname }}-4/slave" } + - { user: "{{ short_hostname }}-5", home: "/srv/buildslaves/{{ short_hostname }}-5", dir: "/srv/buildslaves/{{ short_hostname }}-5/slave" } + - { user: "{{ short_hostname }}-6", home: "/srv/buildslaves/{{ short_hostname }}-6", dir: "/srv/buildslaves/{{ short_hostname }}-6/slave" } + - { user: "{{ short_hostname }}-7", home: "/srv/buildslaves/{{ short_hostname }}-7", dir: "/srv/buildslaves/{{ short_hostname }}-7/slave" } + - { user: "{{ short_hostname }}-8", home: "/srv/buildslaves/{{ short_hostname }}-8", dir: "/srv/buildslaves/{{ short_hostname }}-8/slave" } + - { user: "{{ short_hostname }}-9", home: "/srv/buildslaves/{{ short_hostname }}-9", dir: "/srv/buildslaves/{{ short_hostname }}-9/slave" } + - { user: "{{ short_hostname }}-10", home: "/srv/buildslaves/{{ short_hostname }}-10", dir: "/srv/buildslaves/{{ short_hostname }}-10/slave" } + - { user: "{{ short_hostname }}-11", home: "/srv/buildslaves/{{ short_hostname }}-11", dir: "/srv/buildslaves/{{ short_hostname }}-11/slave" } + - { user: "{{ short_hostname }}-12", home: "/srv/buildslaves/{{ short_hostname }}-12", dir: "/srv/buildslaves/{{ short_hostname }}-12/slave" } + - { user: "{{ short_hostname }}-13", home: "/srv/buildslaves/{{ short_hostname }}-13", dir: "/srv/buildslaves/{{ short_hostname }}-13/slave" } + - { user: "{{ short_hostname }}-14", home: "/srv/buildslaves/{{ short_hostname }}-14", dir: "/srv/buildslaves/{{ short_hostname }}-14/slave" } + - { user: "{{ short_hostname }}-15", home: "/srv/buildslaves/{{ short_hostname }}-15", dir: "/srv/buildslaves/{{ short_hostname }}-15/slave" } diff --git a/inventory/host_vars/taskotron01.qa.fedoraproject.org b/inventory/host_vars/taskotron01.qa.fedoraproject.org index 433bcd8dac..67cde31ea8 100644 --- a/inventory/host_vars/taskotron01.qa.fedoraproject.org +++ b/inventory/host_vars/taskotron01.qa.fedoraproject.org @@ -19,8 +19,8 @@ eth0_ip: 10.5.124.206 # install ############################################################ -ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25-taskotron-master -ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/ +ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-27-taskotron-master +ks_repo: http://10.5.126.23/pub/fedora/linux/releases/27/Server/x86_64/os/ sudoers: "{{ private }}/files/sudo/qavirt-sudoers" vmhost: virthost-comm03.qa.fedoraproject.org volgroup: /dev/VirtGuests @@ -44,65 +44,65 @@ public_hostname: taskotron.fedoraproject.org buildmaster: 10.5.124.206 buildslaves: - - qa12.qa-1 - - qa12.qa-2 - - qa12.qa-3 - - qa12.qa-4 - - qa12.qa-5 - - qa12.qa-6 - - qa12.qa-7 - - qa12.qa-8 - - qa12.qa-9 - - qa12.qa-10 - - qa12.qa-11 - - qa12.qa-12 - - qa12.qa-13 - - qa12.qa-14 - - qa12.qa-15 - - qa13.qa-1 - - qa13.qa-2 - - qa13.qa-3 - - qa13.qa-4 - - qa13.qa-5 - - qa13.qa-6 - - qa13.qa-7 - - qa13.qa-8 - - qa13.qa-9 - - qa13.qa-10 - - qa13.qa-11 - - qa13.qa-12 - - qa13.qa-13 - - qa13.qa-14 - - qa13.qa-15 + - qa12-1 + - qa12-2 + - qa12-3 + - qa12-4 + - qa12-5 + - qa12-6 + - qa12-7 + - qa12-8 + - qa12-9 + - qa12-10 + - qa12-11 + - qa12-12 + - qa12-13 + - qa12-14 + - qa12-15 + - qa13-1 + - qa13-2 + - qa13-3 + - qa13-4 + - qa13-5 + - qa13-6 + - qa13-7 + - qa13-8 + - qa13-9 + - qa13-10 + - qa13-11 + - qa13-12 + - qa13-13 + - qa13-14 + - qa13-15 i386_buildslaves: - - qa13.qa-10 + - qa13-10 x86_64_buildslaves: - - qa12.qa-1 - - qa12.qa-2 - - qa12.qa-3 - - qa12.qa-4 - - qa12.qa-5 - - qa12.qa-6 - - qa12.qa-7 - - qa12.qa-8 - - qa12.qa-9 - - qa12.qa-10 - - qa12.qa-11 - - qa12.qa-12 - - qa12.qa-13 - - qa12.qa-14 - - qa12.qa-15 - - qa13.qa-1 - - qa13.qa-2 - - qa13.qa-3 - - qa13.qa-4 - - qa13.qa-5 - - qa13.qa-6 - - qa13.qa-7 - - qa13.qa-8 - - qa13.qa-9 - - qa13.qa-11 - - qa13.qa-12 - - qa13.qa-13 - - qa13.qa-14 - - qa13.qa-15 + - qa12-1 + - qa12-2 + - qa12-3 + - qa12-4 + - qa12-5 + - qa12-6 + - qa12-7 + - qa12-8 + - qa12-9 + - qa12-10 + - qa12-11 + - qa12-12 + - qa12-13 + - qa12-14 + - qa12-15 + - qa13-1 + - qa13-2 + - qa13-3 + - qa13-4 + - qa13-5 + - qa13-6 + - qa13-7 + - qa13-8 + - qa13-9 + - qa13-11 + - qa13-12 + - qa13-13 + - qa13-14 + - qa13-15 diff --git a/roles/taskotron/buildslave-configure/tasks/main.yml b/roles/taskotron/buildslave-configure/tasks/main.yml index cc82e59357..a31d00fc49 100644 --- a/roles/taskotron/buildslave-configure/tasks/main.yml +++ b/roles/taskotron/buildslave-configure/tasks/main.yml @@ -110,7 +110,7 @@ file: path={{ item.home }}/slave setype=var_lib_t owner={{ item.user }} group={{ slaves_group }} mode=0700 state=directory with_items: - '{{ slaves|default([dict(user="", home="", dir="")]) }}' - when: deployment_type in ['dev', 'stg'] + when: deployment_type in ['dev', 'stg', 'prod'] - name: generate buildslave service file template: src=buildslave@.service.j2 dest=/lib/systemd/system/buildslave@.service owner=root group=root mode=0644 diff --git a/roles/taskotron/buildslave/tasks/main.yml b/roles/taskotron/buildslave/tasks/main.yml index 45e8174ea9..57baa7e191 100644 --- a/roles/taskotron/buildslave/tasks/main.yml +++ b/roles/taskotron/buildslave/tasks/main.yml @@ -60,7 +60,7 @@ - name: set the selinux fcontext type for the buildslave dir to var_lib_t command: semanage fcontext -a -t var_lib_t "{{ item.dir }}" with_items: "{{ slaves }}" - when: slaves is defined and deployment_type in ['prod', 'qa-prod', 'qa-stg'] + when: slaves is defined and deployment_type in ['qa-prod', 'qa-stg'] - name: make sure the selinux fcontext is restored command: restorecon -R "{{ item.dir }}" From 7b111b6ab36c3dad9d89c82ca0443892cd52f694 Mon Sep 17 00:00:00 2001 From: Tim Flink Date: Tue, 9 Jan 2018 23:57:43 +0000 Subject: [PATCH 05/10] updating buildmaster pubkey for taskotron-prod-client-hosts --- inventory/group_vars/taskotron-prod-client-hosts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory/group_vars/taskotron-prod-client-hosts b/inventory/group_vars/taskotron-prod-client-hosts index 11aa83c9b8..c4b173c756 100644 --- a/inventory/group_vars/taskotron-prod-client-hosts +++ b/inventory/group_vars/taskotron-prod-client-hosts @@ -66,7 +66,7 @@ buildslave_pubkey: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA3Fhg7qUJ1+3N2YficTWQGEPm buildslave_private_sshkey_file: prod-buildslave-sshkey/prod_buildslave buildslave_public_sshkey_file: prod-buildslave-sshkey/prod_buildslave.pub -buildmaster_pubkey: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9yMRz2GMoYSqlzVejI+SHR8CwTT9j3ecMwPrNQt6QHwNtrEvydU5coyP+ptIgRtlvcC14LA8usy/zmxSiI3H0GkCi7AanwuzoSh/PJfDBteDyhtvw5hoD+spFk1wZjhZ+p4zzLoCMsZg2XsASHaRlIwq1vAmMNSwZuQC/q4nHEEPnQbWYIms0Umwa+ztixmw7gSYJiHxByrEb3r1djRZoBubJsCOU48EyMBmNdCvHCGr1LLVtYdRun+qBm8kCLBUYRcpFstg/A4T9YBSH9svTL1tWnqodBN25NWtO3Fvk/Fv5MhU/SPgYSP9+KwWM/LdnbbN4oqHbBj+sIcJ8hjGj' +buildmaster_pubkey: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDT5q1z+tQ4gaIlmgOa2NXnVlaRX2tQito6bHkCy6r6CZYgB4CEWomAjSAzVKCaywTh9zGYPKvlvecs1w+r7R8p0RMejfKNdYnukhnKNzlarrSMk6D/caRs8zgvrMBVGM0rTrhamf2rs38ZZcxc8LkMdrbGkWDB9cjNLfgYCt+/coCMzpi0m9chJLr/sQ+pSCI/clW5b29n7FFXXYwMqkH/wJ/9BNmP4uHM3Q9FzwyAEyWa2edLHbKai2LWW+c2pBGPsa+mLLW3qZYpai7aWonMTd29w4dcy1Frk7sOSZ4z1MN2+zZ74WsJxolCdhTrOj17qAP5K8kA6+q01Zhwqbrn' ############################################################ # imagefactory config From 4046affc6984695405441c9ccd9a04c3ee06e588 Mon Sep 17 00:00:00 2001 From: Tim Flink Date: Wed, 10 Jan 2018 01:15:28 +0000 Subject: [PATCH 06/10] removing old buildslave service stuff for taskotron prod --- .../buildslave-configure/templates/buildslave@.service.j2 | 8 -------- 1 file changed, 8 deletions(-) diff --git a/roles/taskotron/buildslave-configure/templates/buildslave@.service.j2 b/roles/taskotron/buildslave-configure/templates/buildslave@.service.j2 index 6c63f14b2b..a66b743384 100644 --- a/roles/taskotron/buildslave-configure/templates/buildslave@.service.j2 +++ b/roles/taskotron/buildslave-configure/templates/buildslave@.service.j2 @@ -4,18 +4,10 @@ After=network.target [Service] Type=forking -{% if deployment_type in ['prod'] %} # disabled because of https://pagure.io/taskotron/issue/236 #PIDFile=/home/%i/slave/twistd.pid -ExecStart=/bin/buildslave start /home/%i/slave/ -ExecStop=/bin/buildslave stop /home/%i/slave/ -{% endif %} -{% if deployment_type in ['dev', 'stg'] %} -# disabled because of https://pagure.io/taskotron/issue/236 -#PIDFile=/srv/buildslaves/%i/slave/twistd.pid ExecStart=/bin/buildslave start /srv/buildslaves/%i/slave/ ExecStop=/bin/buildslave stop /srv/buildslaves/%i/slave/ -{% endif %} User=%i Group={{ slaves_group }} From 404980c319256794d6a4cf164a6bc436c1aab423 Mon Sep 17 00:00:00 2001 From: Tim Flink Date: Wed, 10 Jan 2018 01:35:06 +0000 Subject: [PATCH 07/10] fixing old selinux context setting --- roles/taskotron/buildmaster/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/taskotron/buildmaster/tasks/main.yml b/roles/taskotron/buildmaster/tasks/main.yml index 96d16d62b0..e59a417e77 100644 --- a/roles/taskotron/buildmaster/tasks/main.yml +++ b/roles/taskotron/buildmaster/tasks/main.yml @@ -47,11 +47,11 @@ - name: set the selinux fcontext type for the buildmaster_home to var_lib_t command: semanage fcontext -a -t var_lib_t "{{ buildmaster_home }}(/.*)?" - when: deployment_type in ['prod', 'qa-stg'] + when: deployment_type in ['qa-stg'] - name: ensure correct fcontext for buildmaster home (new) file: path="{{ buildmaster_home }}(/. *)?" setype=var_lib_t owner=buildmaster group=buildmaster mode=0775 state=directory - when: deployment_type in ['dev', 'stg'] + when: deployment_type in ['dev', 'stg', 'prod'] #- name: make sure the selinux fcontext is restored # command: restorecon -R "{{ buildmaster_home }}" From 16d7c30208f7c05f7fbb602ecf650ea4965c1720 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Wed, 10 Jan 2018 14:43:25 +0000 Subject: [PATCH 08/10] CPU host is no longer needed with new qemu-kvm Signed-off-by: Patrick Uiterwijk --- inventory/group_vars/all | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/inventory/group_vars/all b/inventory/group_vars/all index 2e13911491..1adcf0d772 100644 --- a/inventory/group_vars/all +++ b/inventory/group_vars/all @@ -78,7 +78,7 @@ virt_install_command_one_nic: virt-install -n {{ inventory_hostname }} hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio - --autostart --noautoconsole --watchdog default --cpu host + --autostart --noautoconsole --watchdog default virt_install_command_two_nic: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio @@ -89,7 +89,7 @@ virt_install_command_two_nic: virt-install -n {{ inventory_hostname }} ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname }}-nfs:eth1:none' --network bridge={{ main_bridge }},model=virtio --network=bridge={{ nfs_bridge }},model=virtio - --autostart --noautoconsole --watchdog default --cpu host + --autostart --noautoconsole --watchdog default virt_install_command_aarch64_one_nic: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio @@ -128,7 +128,7 @@ virt_install_command_rhel6: virt-install -n {{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x "ksdevice=eth0 ks={{ ks_url }} ip={{ eth0_ip }} netmask={{ nm }} gateway={{ gw }} dns={{ dns }} console=tty0 console=ttyS0 - hostname={{ inventory_hostname }}" --cpu host + hostname={{ inventory_hostname }}" --network=bridge=br0 --autostart --noautoconsole --watchdog default max_mem_size: "{{ mem_size * 5 }}" From 7f76bc4ceaffef59c78608f4d6bd776093e4a74d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kamil=20P=C3=A1ral?= Date: Wed, 10 Jan 2018 15:59:39 +0100 Subject: [PATCH 09/10] taskotron-master: enable httpd_use_nfs even on dev It's using NFS now as well. --- roles/taskotron/taskotron-master/tasks/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/taskotron/taskotron-master/tasks/main.yml b/roles/taskotron/taskotron-master/tasks/main.yml index 61c4d2838f..90374bc284 100644 --- a/roles/taskotron/taskotron-master/tasks/main.yml +++ b/roles/taskotron/taskotron-master/tasks/main.yml @@ -21,7 +21,6 @@ - name: allow httpd to read artifacts on nfs seboolean: name=httpd_use_nfs state=yes persistent=yes - when: deployment_type in ['stg', 'prod'] - name: copy cronjob for cleaning old taskotron artifacts and buildmaster logs template: src=taskotron-clean.cron.j2 dest=/etc/cron.d/taskotron-clean.cron owner=root group=root mode=0644 From e82dafaafd774f6d30e619ce3728410b0b66622e Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Wed, 10 Jan 2018 15:47:26 +0000 Subject: [PATCH 10/10] Mount kojid secrets by default in runroot Signed-off-by: Patrick Uiterwijk --- roles/koji_builder/templates/runroot.conf.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/koji_builder/templates/runroot.conf.j2 b/roles/koji_builder/templates/runroot.conf.j2 index 05e1813ef4..72efb3f377 100644 --- a/roles/koji_builder/templates/runroot.conf.j2 +++ b/roles/koji_builder/templates/runroot.conf.j2 @@ -8,7 +8,7 @@ default_mounts = /mnt/koji {% elif env == 'staging' %} ; In staging we also need the production split volume -default_mounts = /mnt/koji,/mnt/fedora_koji_prod/koji +default_mounts = /mnt/koji,/mnt/fedora_koji_prod/koji,/etc/kojid/secrets {% endif %} ; comma-delimited list of safe roots. @@ -52,8 +52,8 @@ options = ro,bind ; Directory for secrets to be used by certain builds [path3] -mountpoint = /etc/kojid/secrets/ -path = /etc/kojid/secrets/ +mountpoint = /etc/kojid/secrets +path = /etc/kojid/secrets fstype = bind options = ro,bind {% endif %}