From 55b21049883e60c544952a76b8cefd0edfe9571f Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Fri, 17 Jul 2015 03:00:00 +0000 Subject: [PATCH 01/20] Weed out the openshift-master log messages for now. --- roles/epylog/files/merged/weed_local.cf | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/epylog/files/merged/weed_local.cf b/roles/epylog/files/merged/weed_local.cf index cdf374e62f..e9dab712a5 100644 --- a/roles/epylog/files/merged/weed_local.cf +++ b/roles/epylog/files/merged/weed_local.cf @@ -120,6 +120,7 @@ NetworkManager.*: \.*Unspecific failure nm-dispatcher: Dispatching action.* ntpd.*: synchronized.* ntpd.*: time reset.* +openshift-master.* openvpn.*: Auth read bytes.* openvpn.*: CLIENT_LIST.* openvpn.*: END From 588eb4185d8d5e413a66b81e1bfc854892c8c271 Mon Sep 17 00:00:00 2001 From: Mikolaj Izdebski Date: Fri, 17 Jul 2015 05:03:18 +0000 Subject: [PATCH 02/20] Increase Koschei full vacuum frequency --- roles/koschei/templates/cron-db-cleanup.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/koschei/templates/cron-db-cleanup.j2 b/roles/koschei/templates/cron-db-cleanup.j2 index 32fdf5fd58..c3f54c2a6b 100644 --- a/roles/koschei/templates/cron-db-cleanup.j2 +++ b/roles/koschei/templates/cron-db-cleanup.j2 @@ -1,2 +1,2 @@ 0 3 * * * koschei koschei-admin cleanup --older-than 6 -0 4 * * * koschei psql -h {{ koschei_pgsql_hostname }} -d koschei -U koscheiadmin -c 'VACUUM FULL ANALYZE package;' +0 4,10,16,22 * * * koschei psql -h {{ koschei_pgsql_hostname }} -d koschei -U koscheiadmin -c 'VACUUM FULL ANALYZE package;' From 190cfa1d8cee87dcae91a07cff50aba423a78568 Mon Sep 17 00:00:00 2001 From: Mikolaj Izdebski Date: Fri, 17 Jul 2015 05:06:12 +0000 Subject: [PATCH 03/20] Tag koschei config tasks --- roles/koschei/tasks/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/koschei/tasks/main.yml b/roles/koschei/tasks/main.yml index a7854dd282..306787697d 100644 --- a/roles/koschei/tasks/main.yml +++ b/roles/koschei/tasks/main.yml @@ -106,6 +106,7 @@ template: src=cron-db-cleanup.j2 dest=/etc/cron.d/cron-db-cleanup tags: - koschei + - config # See https://github.com/msimacek/koschei/issues/16 - name: HOTFIX koschei resolver.py @@ -125,6 +126,7 @@ owner=koschei group=koschei mode=0600 tags: - koschei + - config - name: Create libexec/koschei dir file: path=/usr/libexec/koschei state=directory From 9849b6cbe8fccdc693a967ff115fbaa211a15261 Mon Sep 17 00:00:00 2001 From: Peter Robinson Date: Fri, 17 Jul 2015 08:59:11 +0000 Subject: [PATCH 04/20] add secondary koji infra to kojibuilder hosts --- roles/hosts/files/kojibuilder-hosts | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/roles/hosts/files/kojibuilder-hosts b/roles/hosts/files/kojibuilder-hosts index 9db5ed50ea..f2e91ca5ec 100644 --- a/roles/hosts/files/kojibuilder-hosts +++ b/roles/hosts/files/kojibuilder-hosts @@ -1,8 +1,14 @@ 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.5.126.23 infrastructure.fedoraproject.org +10.5.126.51 mirrors.fedoraproject.org admin.fedoraproject.org +# primary koji infra 10.5.125.63 koji.fedoraproject.org 10.5.125.36 kojipkgs.fedoraproject.org -10.5.124.138 arm.koji.fedoraproject.org armpkgs.fedoraproject.org 10.5.125.44 pkgs.fedoraproject.org pkgs -10.5.126.51 mirrors.fedoraproject.org admin.fedoraproject.org +# arm koji infra +10.5.124.138 arm.koji.fedoraproject.org armpkgs.fedoraproject.org +# ppc koji infra +10.5.124.182 ppc.koji.fedoraproject.org ppcpkgs.fedoraproject.org +# s390 koji infra +10.5.124.191 s390.koji.fedoraproject.org s390pkgs.fedoraproject.org From 5bcf26c89febb897a1ed4a3395c2b964fde45693 Mon Sep 17 00:00:00 2001 From: Peter Robinson Date: Fri, 17 Jul 2015 09:04:22 +0000 Subject: [PATCH 05/20] add new aarch64 builder host entries --- .../dhcpd.conf.noc01.phx2.fedoraproject.org | 88 +++++++++++++++++++ 1 file changed, 88 insertions(+) diff --git a/roles/dhcp_server/files/dhcpd.conf.noc01.phx2.fedoraproject.org b/roles/dhcp_server/files/dhcpd.conf.noc01.phx2.fedoraproject.org index 331887bd14..16d8266cdc 100644 --- a/roles/dhcp_server/files/dhcpd.conf.noc01.phx2.fedoraproject.org +++ b/roles/dhcp_server/files/dhcpd.conf.noc01.phx2.fedoraproject.org @@ -1424,6 +1424,94 @@ subnet 10.5.78.0 netmask 255.255.255.0 { filename "grubaa64.efi"; } + host aarch64-05a { + hardware ethernet 00:01:73:02:0d:2f; + fixed-address 10.5.78.150; + option host-name "aarch64-05a"; + next-server 10.5.126.41; + filename "grubaa64.efi"; + } + + host aarch64-06a { + hardware ethernet 00:01:73:02:0c:fb; + fixed-address 10.5.78.155; + option host-name "aarch64-06a"; + next-server 10.5.126.41; + filename "grubaa64.efi"; + } + + host aarch64-07a { + hardware ethernet 00:01:73:02:0a:b3; + fixed-address 10.5.78.160; + option host-name "aarch64-07a"; + next-server 10.5.126.41; + filename "grubaa64.efi"; + } + + host aarch64-08a { + hardware ethernet 00:01:73:02:08:83; + fixed-address 10.5.78.165; + option host-name "aarch64-08a"; + next-server 10.5.126.41; + filename "grubaa64.efi"; + } + + host aarch64-09a { + hardware ethernet 00:01:73:02:09:c3; + fixed-address 10.5.78.170; + option host-name "aarch64-09a"; + next-server 10.5.126.41; + filename "grubaa64.efi"; + } + + host aarch64-10a { + hardware ethernet 00:01:73:02:08:ff; + fixed-address 10.5.78.175; + option host-name "aarch64-10a"; + next-server 10.5.126.41; + filename "grubaa64.efi"; + } + + host aarch64-11a { + hardware ethernet 2c:59:e5:36:9a:48; + fixed-address 10.5.78.180; + option host-name "aarch64-11a"; + next-server 10.5.126.41; + filename "grubaa64.efi"; + } + + host aarch64-12a { + hardware ethernet 2c:59:e5:36:9a:4a; + fixed-address 10.5.78.185; + option host-name "aarch64-12a"; + next-server 10.5.126.41; + filename "grubaa64.efi"; + } + + host aarch64-13a { + hardware ethernet 2c:59:e5:36:9a:4b; + fixed-address 10.5.78.190; + option host-name "aarch64-13a"; + next-server 10.5.126.41; + filename "grubaa64.efi"; + } + + host aarch64-14a { + hardware ethernet 2c:59:e5:36:9a:4e; + fixed-address 10.5.78.195; + option host-name "aarch64-14a"; + next-server 10.5.126.41; + filename "grubaa64.efi"; + } + + host aarch64-15a { + hardware ethernet 2c:59:e5:36:9a:51; + fixed-address 10.5.78.200; + option host-name "aarch64-15a"; + next-server 10.5.126.41; + filename "grubaa64.efi"; + } + } From 638f1c6510d509faece5d2497ba7f4d9a51597e2 Mon Sep 17 00:00:00 2001 From: Peter Robinson Date: Fri, 17 Jul 2015 10:44:40 +0000 Subject: [PATCH 06/20] add pungi branched/rawhide configs for aarch64, ppc64 and ppc64le --- .../fedora-branched-pungi-aarch64.cfg | 34 ++++++++++++++++++ .../builders/fedora-branched-pungi-ppc64.cfg | 34 ++++++++++++++++++ .../fedora-branched-pungi-ppc64le.cfg | 34 ++++++++++++++++++ .../builders/fedora-rawhide-pungi-aarch64.cfg | 35 +++++++++++++++++++ .../builders/fedora-rawhide-pungi-ppc64.cfg | 35 +++++++++++++++++++ .../builders/fedora-rawhide-pungi-ppc64le.cfg | 35 +++++++++++++++++++ 6 files changed, 207 insertions(+) create mode 100644 roles/koji_builder/files/builders/fedora-branched-pungi-aarch64.cfg create mode 100644 roles/koji_builder/files/builders/fedora-branched-pungi-ppc64.cfg create mode 100644 roles/koji_builder/files/builders/fedora-branched-pungi-ppc64le.cfg create mode 100644 roles/koji_builder/files/builders/fedora-rawhide-pungi-aarch64.cfg create mode 100644 roles/koji_builder/files/builders/fedora-rawhide-pungi-ppc64.cfg create mode 100644 roles/koji_builder/files/builders/fedora-rawhide-pungi-ppc64le.cfg diff --git a/roles/koji_builder/files/builders/fedora-branched-pungi-aarch64.cfg b/roles/koji_builder/files/builders/fedora-branched-pungi-aarch64.cfg new file mode 100644 index 0000000000..3d00881ab9 --- /dev/null +++ b/roles/koji_builder/files/builders/fedora-branched-pungi-aarch64.cfg @@ -0,0 +1,34 @@ +config_opts['root'] = 'fedora-branched-pungi-aarch64' +config_opts['target_arch'] = 'aarch64' +config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build' +config_opts['dist'] = 'fc9' +config_opts['plugin_conf']['root_cache_enable'] = False +config_opts['internal_dev_setup'] = False +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev', '/dev' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/pts', '/dev/pts' )) +config_opts['plugin_conf']['root_cache_enable'] = False +config_opts['plugin_conf']['yum_cache_enable'] = False +config_opts['plugin_conf']['ccache_enable'] = False + +config_opts['yum.conf'] = """ +[main] +cachedir=/var/cache/yum +debuglevel=1 +reposdir=/dev/null +logfile=/var/log/yum.log +retries=20 +obsoletes=1 +gpgcheck=0 +assumeyes=1 +http_caching=none + +# repos + +[fedora] +name=fedora +baseurl=http://armpkgs.fedoraproject.org/mash/branched/aarch64/os + +[buildroot] +name=buildroot +baseurl=http://armpkgs.fedoraproject.org/repos/f23-build/latest/aarch64/ +""" diff --git a/roles/koji_builder/files/builders/fedora-branched-pungi-ppc64.cfg b/roles/koji_builder/files/builders/fedora-branched-pungi-ppc64.cfg new file mode 100644 index 0000000000..18a07b9af6 --- /dev/null +++ b/roles/koji_builder/files/builders/fedora-branched-pungi-ppc64.cfg @@ -0,0 +1,34 @@ +config_opts['root'] = 'fedora-branched-pungi-ppc64' +config_opts['target_arch'] = 'ppc64' +config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build' +config_opts['dist'] = 'fc9' +config_opts['plugin_conf']['root_cache_enable'] = False +config_opts['internal_dev_setup'] = False +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev', '/dev' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/pts', '/dev/pts' )) +config_opts['plugin_conf']['root_cache_enable'] = False +config_opts['plugin_conf']['yum_cache_enable'] = False +config_opts['plugin_conf']['ccache_enable'] = False + +config_opts['yum.conf'] = """ +[main] +cachedir=/var/cache/yum +debuglevel=1 +reposdir=/dev/null +logfile=/var/log/yum.log +retries=20 +obsoletes=1 +gpgcheck=0 +assumeyes=1 +http_caching=none + +# repos + +[fedora] +name=fedora +baseurl=http://ppcpkgs.fedoraproject.org/mash/branched/ppc64/os + +[buildroot] +name=buildroot +baseurl=http://ppcpkgs.fedoraproject.org/repos/f23-build/latest/ppc64/ +""" diff --git a/roles/koji_builder/files/builders/fedora-branched-pungi-ppc64le.cfg b/roles/koji_builder/files/builders/fedora-branched-pungi-ppc64le.cfg new file mode 100644 index 0000000000..18a07b9af6 --- /dev/null +++ b/roles/koji_builder/files/builders/fedora-branched-pungi-ppc64le.cfg @@ -0,0 +1,34 @@ +config_opts['root'] = 'fedora-branched-pungi-ppc64' +config_opts['target_arch'] = 'ppc64' +config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build' +config_opts['dist'] = 'fc9' +config_opts['plugin_conf']['root_cache_enable'] = False +config_opts['internal_dev_setup'] = False +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev', '/dev' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/pts', '/dev/pts' )) +config_opts['plugin_conf']['root_cache_enable'] = False +config_opts['plugin_conf']['yum_cache_enable'] = False +config_opts['plugin_conf']['ccache_enable'] = False + +config_opts['yum.conf'] = """ +[main] +cachedir=/var/cache/yum +debuglevel=1 +reposdir=/dev/null +logfile=/var/log/yum.log +retries=20 +obsoletes=1 +gpgcheck=0 +assumeyes=1 +http_caching=none + +# repos + +[fedora] +name=fedora +baseurl=http://ppcpkgs.fedoraproject.org/mash/branched/ppc64/os + +[buildroot] +name=buildroot +baseurl=http://ppcpkgs.fedoraproject.org/repos/f23-build/latest/ppc64/ +""" diff --git a/roles/koji_builder/files/builders/fedora-rawhide-pungi-aarch64.cfg b/roles/koji_builder/files/builders/fedora-rawhide-pungi-aarch64.cfg new file mode 100644 index 0000000000..be3834227d --- /dev/null +++ b/roles/koji_builder/files/builders/fedora-rawhide-pungi-aarch64.cfg @@ -0,0 +1,35 @@ +config_opts['root'] = 'fedora-rawhide-pungi-aarch64' +config_opts['target_arch'] = 'aarch64' +config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build' +config_opts['dist'] = 'fc9' +config_opts['plugin_conf']['root_cache_enable'] = False +config_opts['internal_dev_setup'] = False +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev', '/dev' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/pts', '/dev/pts' )) +config_opts['plugin_conf']['root_cache_enable'] = False +config_opts['plugin_conf']['yum_cache_enable'] = False +config_opts['plugin_conf']['ccache_enable'] = False + + +config_opts['yum.conf'] = """ +[main] +cachedir=/var/cache/yum +debuglevel=1 +reposdir=/dev/null +logfile=/var/log/yum.log +retries=20 +obsoletes=1 +gpgcheck=0 +assumeyes=1 +http_caching=none + +# repos + +[fedora] +name=fedora +baseurl=http://armpkgs.fedoraproject.org/mash/rawhide/aarch64/os + +[buildroot] +name=buildroot +baseurl=http://armpkgs.fedoraproject.org/repos/f24-build/latest/aarch64/ +""" diff --git a/roles/koji_builder/files/builders/fedora-rawhide-pungi-ppc64.cfg b/roles/koji_builder/files/builders/fedora-rawhide-pungi-ppc64.cfg new file mode 100644 index 0000000000..f227e4659e --- /dev/null +++ b/roles/koji_builder/files/builders/fedora-rawhide-pungi-ppc64.cfg @@ -0,0 +1,35 @@ +config_opts['root'] = 'fedora-rawhide-pungi-ppc64le' +config_opts['target_arch'] = 'ppc64le' +config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build' +config_opts['dist'] = 'fc9' +config_opts['plugin_conf']['root_cache_enable'] = False +config_opts['internal_dev_setup'] = False +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev', '/dev' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/pts', '/dev/pts' )) +config_opts['plugin_conf']['root_cache_enable'] = False +config_opts['plugin_conf']['yum_cache_enable'] = False +config_opts['plugin_conf']['ccache_enable'] = False + + +config_opts['yum.conf'] = """ +[main] +cachedir=/var/cache/yum +debuglevel=1 +reposdir=/dev/null +logfile=/var/log/yum.log +retries=20 +obsoletes=1 +gpgcheck=0 +assumeyes=1 +http_caching=none + +# repos + +[fedora] +name=fedora +baseurl=http://ppcpkgs.fedoraproject.org/mash/rawhide/ppc64le/os + +[buildroot] +name=buildroot +baseurl=http://ppcpkgs.fedoraproject.org/repos/f24-build/latest/ppc64le/ +""" diff --git a/roles/koji_builder/files/builders/fedora-rawhide-pungi-ppc64le.cfg b/roles/koji_builder/files/builders/fedora-rawhide-pungi-ppc64le.cfg new file mode 100644 index 0000000000..f227e4659e --- /dev/null +++ b/roles/koji_builder/files/builders/fedora-rawhide-pungi-ppc64le.cfg @@ -0,0 +1,35 @@ +config_opts['root'] = 'fedora-rawhide-pungi-ppc64le' +config_opts['target_arch'] = 'ppc64le' +config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build' +config_opts['dist'] = 'fc9' +config_opts['plugin_conf']['root_cache_enable'] = False +config_opts['internal_dev_setup'] = False +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev', '/dev' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/pts', '/dev/pts' )) +config_opts['plugin_conf']['root_cache_enable'] = False +config_opts['plugin_conf']['yum_cache_enable'] = False +config_opts['plugin_conf']['ccache_enable'] = False + + +config_opts['yum.conf'] = """ +[main] +cachedir=/var/cache/yum +debuglevel=1 +reposdir=/dev/null +logfile=/var/log/yum.log +retries=20 +obsoletes=1 +gpgcheck=0 +assumeyes=1 +http_caching=none + +# repos + +[fedora] +name=fedora +baseurl=http://ppcpkgs.fedoraproject.org/mash/rawhide/ppc64le/os + +[buildroot] +name=buildroot +baseurl=http://ppcpkgs.fedoraproject.org/repos/f24-build/latest/ppc64le/ +""" From 56c4f1766dde10a53613812ffe5a4de4f922a6ae Mon Sep 17 00:00:00 2001 From: Peter Robinson Date: Fri, 17 Jul 2015 11:27:34 +0000 Subject: [PATCH 07/20] remove redundant ppc-koji.conf, it'll use templates like the rest --- roles/koji_builder/files/ppc-koji.conf | 23 ----------------------- 1 file changed, 23 deletions(-) delete mode 100644 roles/koji_builder/files/ppc-koji.conf diff --git a/roles/koji_builder/files/ppc-koji.conf b/roles/koji_builder/files/ppc-koji.conf deleted file mode 100644 index d36bf7641f..0000000000 --- a/roles/koji_builder/files/ppc-koji.conf +++ /dev/null @@ -1,23 +0,0 @@ -[koji] - -;configuration for koji cli tool - -;url of XMLRPC server -server = http://ppc.koji.fedoraproject.org/kojihub - -;url of web interface -weburl = http://ppc.koji.fedoraproject.org/koji - -;path to the koji top directory -;topdir = /mnt/koji - -;configuration for SSL athentication - -;client certificate -;cert = ~/.koji/client.crt - -;certificate of the CA that issued the client certificate -;ca = ~/.koji/clientca.crt - -;certificate of the CA that issued the HTTP server certificate -;serverca = ~/.koji/serverca.crt From fb76bcf3acb813008bcde38a8d0c0aebc24ef3c0 Mon Sep 17 00:00:00 2001 From: Peter Robinson Date: Fri, 17 Jul 2015 12:36:38 +0000 Subject: [PATCH 08/20] add sysadmin-secondary group to the secondary builders config --- inventory/group_vars/buildaarch64 | 2 +- inventory/group_vars/buildppc64 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/inventory/group_vars/buildaarch64 b/inventory/group_vars/buildaarch64 index 8705cac1e9..c87ba0b0b1 100644 --- a/inventory/group_vars/buildaarch64 +++ b/inventory/group_vars/buildaarch64 @@ -1,6 +1,6 @@ --- host_group: kojibuilder -fas_client_groups: sysadmin-releng +fas_client_groups: sysadmin-releng,sysadmin-secondary sudoers: "{{ private }}/files/sudo/buildaarch64-sudoers" koji_server_url: "http://arm.koji.fedoraproject.org/kojihub" diff --git a/inventory/group_vars/buildppc64 b/inventory/group_vars/buildppc64 index 2a69cb003e..5861afe8c5 100644 --- a/inventory/group_vars/buildppc64 +++ b/inventory/group_vars/buildppc64 @@ -1,6 +1,6 @@ --- host_group: kojibuilder -fas_client_groups: sysadmin-releng +fas_client_groups: sysadmin-releng,sysadmin-secondary #sudoers: "{{ private }}/files/sudo/buildppc64-sudoers" koji_server_url: "http://ppc.koji.fedoraproject.org/kojihub" From 27853cefeea640fd9b094fd544e5cb4d29efc166 Mon Sep 17 00:00:00 2001 From: Tim Flink Date: Fri, 17 Jul 2015 13:35:34 +0000 Subject: [PATCH 09/20] adding f23 repos to taskotron clients --- .../taskotron-client/files/yumrepoinfo.conf | 20 +++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/roles/taskotron/taskotron-client/files/yumrepoinfo.conf b/roles/taskotron/taskotron-client/files/yumrepoinfo.conf index b3d6f746ef..1a3ad2ae09 100644 --- a/roles/taskotron/taskotron-client/files/yumrepoinfo.conf +++ b/roles/taskotron/taskotron-client/files/yumrepoinfo.conf @@ -33,8 +33,24 @@ release_status = [rawhide] url = %(rawhideurl)s path = development/rawhide -tag = f23 -release_status = rawhide +tag = f24 +release_status = rawhida + +# Fedora 23 +[f23] +url = %(rawhideurl)s +path = development/23 +release_status = stable + +[f23-updates] +url = %(updatesurl)s +path = 23 +parent = f23 + +[f23-updates-testing] +url = %(updatesurl)s +path = testing/23 +parent = f23-updates # Fedora 22 [f22] From 856c3b9e31a1d07d94b178a93f1bfc43f472e7ea Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Fri, 17 Jul 2015 14:14:47 +0000 Subject: [PATCH 10/20] Switch out which unbound server cloud uses. The ibiblio one doesn't allow 53/udp. --- roles/base/files/resolv.conf/cloud | 2 +- .../base/files/resolv.conf/fed-cloud09.cloud.fedoraproject.org | 2 +- roles/base/files/resolv.conf/fedorainfracloud | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/base/files/resolv.conf/cloud b/roles/base/files/resolv.conf/cloud index 1d8fdfec7c..4d417eea20 100644 --- a/roles/base/files/resolv.conf/cloud +++ b/roles/base/files/resolv.conf/cloud @@ -1,4 +1,4 @@ search cloud.fedoraproject.org fedoraproject.org nameserver 66.35.62.163 -nameserver 152.19.134.150 +nameserver 140.211.169.201 options rotate timeout:1 diff --git a/roles/base/files/resolv.conf/fed-cloud09.cloud.fedoraproject.org b/roles/base/files/resolv.conf/fed-cloud09.cloud.fedoraproject.org index 1d8fdfec7c..4d417eea20 100644 --- a/roles/base/files/resolv.conf/fed-cloud09.cloud.fedoraproject.org +++ b/roles/base/files/resolv.conf/fed-cloud09.cloud.fedoraproject.org @@ -1,4 +1,4 @@ search cloud.fedoraproject.org fedoraproject.org nameserver 66.35.62.163 -nameserver 152.19.134.150 +nameserver 140.211.169.201 options rotate timeout:1 diff --git a/roles/base/files/resolv.conf/fedorainfracloud b/roles/base/files/resolv.conf/fedorainfracloud index 3def2ca343..377f82a5ef 100644 --- a/roles/base/files/resolv.conf/fedorainfracloud +++ b/roles/base/files/resolv.conf/fedorainfracloud @@ -1,4 +1,4 @@ search fedorainfracloud.org cloud.fedoraproject.org fedoraproject.org nameserver 66.35.62.163 -nameserver 152.19.134.150 +nameserver 140.211.169.201 options rotate timeout:1 From 924af99bf1108fa3f417088069704dc4e02b41aa Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Fri, 17 Jul 2015 14:44:48 +0000 Subject: [PATCH 11/20] Increase the number of threads and processes for Ipsilon Signed-off-by: Patrick Uiterwijk --- roles/ipsilon/files/ipsilon-httpd.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/ipsilon/files/ipsilon-httpd.conf b/roles/ipsilon/files/ipsilon-httpd.conf index a8eab66a32..d7babee241 100644 --- a/roles/ipsilon/files/ipsilon-httpd.conf +++ b/roles/ipsilon/files/ipsilon-httpd.conf @@ -1,7 +1,7 @@ Alias /ui /usr/share/ipsilon/ui Alias /.well-known /etc/ipsilon/wellknown WSGIScriptAlias / /usr/libexec/ipsilon -WSGIDaemonProcess ipsilon user=ipsilon group=ipsilon home=/var/lib/ipsilon +WSGIDaemonProcess ipsilon user=ipsilon group=ipsilon home=/var/lib/ipsilon processes=2 threads=2 maximum-requests=1000 From 43017c255fe4ed2443f1cd39e2f215206354e816 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Fri, 17 Jul 2015 16:19:17 +0000 Subject: [PATCH 12/20] Add a darkserver-dev instance to new cloud. Also create a el7 growroot that handles the partitioning and xfs in our rhel7 image. Drop the old darkserver-dev.cloud playbook and host vars. Update master playbook. --- .../darkserver-dev.cloud.fedoraproject.org | 16 ---------- .../darkserver-dev.fedorainfracloud.org | 18 +++++++++++ inventory/inventory | 4 +-- master.yml | 2 +- ...darkserver-dev.cloud.fedoraproject.org.yml | 28 ----------------- .../darkserver-dev.fedorainfracloud.org.yml | 27 +++++++++++++++++ tasks/growroot_cloud_el7.yml | 30 +++++++++++++++++++ 7 files changed, 78 insertions(+), 47 deletions(-) delete mode 100644 inventory/host_vars/darkserver-dev.cloud.fedoraproject.org create mode 100644 inventory/host_vars/darkserver-dev.fedorainfracloud.org delete mode 100644 playbooks/hosts/darkserver-dev.cloud.fedoraproject.org.yml create mode 100644 playbooks/hosts/darkserver-dev.fedorainfracloud.org.yml create mode 100644 tasks/growroot_cloud_el7.yml diff --git a/inventory/host_vars/darkserver-dev.cloud.fedoraproject.org b/inventory/host_vars/darkserver-dev.cloud.fedoraproject.org deleted file mode 100644 index 65c26f1421..0000000000 --- a/inventory/host_vars/darkserver-dev.cloud.fedoraproject.org +++ /dev/null @@ -1,16 +0,0 @@ -# 2cpus, 3GB of ram 20GB of ephemeral space -instance_type: m1.large -# image id -image: "{{ el6_qcow_id }}" -keypair: fedora-admin-20130801 -# what security group to add the host to -security_group: webserver -zone: fedoracloud -# instance id will be appended -hostbase: darkserver-dev- -# ip should be in the 209.132.184.XXX range -public_ip: 209.132.184.148 -# users/groups who should have root ssh access -root_auth_users: kushal @sysadmin-main sayanchowdhury -description: darkserver dev server -freezes: false diff --git a/inventory/host_vars/darkserver-dev.fedorainfracloud.org b/inventory/host_vars/darkserver-dev.fedorainfracloud.org new file mode 100644 index 0000000000..cad5fcbe6b --- /dev/null +++ b/inventory/host_vars/darkserver-dev.fedorainfracloud.org @@ -0,0 +1,18 @@ +--- +image: rhel7-20141015 +instance_type: m1.large +keypair: fedora-admin-20130801 +security_group: ssh-anywhere-persistent,web-80-anywhere-persistent,default +zone: nova +tcp_ports: [22, 80, 443] + +inventory_tenant: persistent +inventory_instance_name: darkserver-dev +hostbase: darkserver-dev +public_ip: 209.132.184.171 +root_auth_users: kushal +description: darkserver development instance + +cloud_networks: + # persistent-net + - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f" diff --git a/inventory/inventory b/inventory/inventory index bc9e63b8eb..15b08dafbc 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -805,8 +805,6 @@ fed-cloud15.cloud.fedoraproject.org [persistent-cloud] #shogun-ca.cloud.fedoraproject.org (oldcloud) 209.132.184.157 -# darkserver-dev (oldcloud) -darkserver-dev.cloud.fedoraproject.org # DevPi test instance - ticket 4524 (oldcloud) 209.132.184.166 # @@ -835,6 +833,8 @@ fas2-dev.fedorainfracloud.org fas3-dev.fedorainfracloud.org # faitout faitout.fedorainfracloud.org +# darkserver development instance +darkserver-dev.fedorainfracloud.org [jenkins-slaves] # EL-6 builder diff --git a/master.yml b/master.yml index c48e15bbb6..337d2299a6 100644 --- a/master.yml +++ b/master.yml @@ -110,7 +110,7 @@ - include: /srv/web/infra/ansible/playbooks/hosts/artboard.fedorainfracloud.org.yml - include: /srv/web/infra/ansible/playbooks/hosts/cloud-noc01.cloud.fedoraproject.org.yml -- include: /srv/web/infra/ansible/playbooks/hosts/darkserver-dev.cloud.fedoraproject.org.yml +- include: /srv/web/infra/ansible/playbooks/hosts/darkserver-dev.fedorainfracloud.org.yml - include: /srv/web/infra/ansible/playbooks/hosts/devpi.cloud.fedoraproject.org.yml - include: /srv/web/infra/ansible/playbooks/hosts/dopr-dev.cloud.fedoraproject.org.yml - include: /srv/web/infra/ansible/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml diff --git a/playbooks/hosts/darkserver-dev.cloud.fedoraproject.org.yml b/playbooks/hosts/darkserver-dev.cloud.fedoraproject.org.yml deleted file mode 100644 index 5e23506a0c..0000000000 --- a/playbooks/hosts/darkserver-dev.cloud.fedoraproject.org.yml +++ /dev/null @@ -1,28 +0,0 @@ -- name: check/create instance - hosts: darkserver-dev.cloud.fedoraproject.org - user: root - gather_facts: False - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - tasks: - - include: "{{ tasks }}/persistent_cloud.yml" - -- name: provision instance - hosts: darkserver-dev.cloud.fedoraproject.org - user: root - gather_facts: True - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars//{{ ansible_distribution }}.yml - - tasks: - - include: "{{ tasks }}/cloud_setup_basic.yml" - # fill in other actions/includes/etc here - # - # handlers: - # - include: "{{ handlers }}/restart_services.yml diff --git a/playbooks/hosts/darkserver-dev.fedorainfracloud.org.yml b/playbooks/hosts/darkserver-dev.fedorainfracloud.org.yml new file mode 100644 index 0000000000..cb1b22ca7b --- /dev/null +++ b/playbooks/hosts/darkserver-dev.fedorainfracloud.org.yml @@ -0,0 +1,27 @@ +- name: check/create instance + hosts: darkserver-dev.fedorainfracloud.org + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/web/infra/ansible/vars/fedora-cloud.yml + - /srv/private/ansible/files/openstack/passwords.yml + + tasks: + - include: "{{ tasks }}/persistent_cloud_new.yml" + - include: "{{ tasks }}/growroot_cloud_el7.yml" + +- name: setup all the things + hosts: darkserver-dev.fedorainfracloud.org + gather_facts: True + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - /srv/private/ansible/vars.yml + - /srv/private/ansible/files/openstack/passwords.yml + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + pre_tasks: + - include: "{{ tasks }}/cloud_setup_basic.yml" + - name: set hostname (required by some services, at least postfix need it) + shell: "hostname {{inventory_hostname}}" diff --git a/tasks/growroot_cloud_el7.yml b/tasks/growroot_cloud_el7.yml new file mode 100644 index 0000000000..0879d95ecd --- /dev/null +++ b/tasks/growroot_cloud_el7.yml @@ -0,0 +1,30 @@ +- name: add infra repo + action: get_url url=http://infrastructure.fedoraproject.org/el/infrastructure.repo dest=/etc/yum.repos.d/ + when: is_rhel is defined + tags: + - config + +- name: install cloud-utils + yum: name=cloud-utils state=present + tags: + - packages + +- name: growpart the first partition (/) to full size + command: growpart /dev/vda 1 + register: growpart + always_run: true + changed_when: "growpart.rc != 1" + failed_when: growpart.rc == 2 + +- name: reboot the box + command: /sbin/reboot + when: growpart.rc == 0 + ignore_errors: true + +- name: wait for it to come back (should be quick) + local_action: wait_for host={{ inventory_hostname }} port=22 delay=10 timeout=120 + when: growpart.rc == 0 + +- name: resize the /dev/vda 1 fs + command: xfs_growfs / + when: growpart.rc == 0 From b0c2c0242083838073a4e468a09a96535966d80e Mon Sep 17 00:00:00 2001 From: Tim Flink Date: Fri, 17 Jul 2015 19:41:56 +0000 Subject: [PATCH 13/20] adding static site virtualhosts to qadevel-stg --- files/httpd/newvirtualhost.conf.j2 | 71 ++++++++++++++++++++++++++++++ inventory/group_vars/qadevel-stg | 5 +++ playbooks/groups/qadevel-stg.yml | 30 +++++++++++++ 3 files changed, 106 insertions(+) create mode 100644 files/httpd/newvirtualhost.conf.j2 diff --git a/files/httpd/newvirtualhost.conf.j2 b/files/httpd/newvirtualhost.conf.j2 new file mode 100644 index 0000000000..96e2969434 --- /dev/null +++ b/files/httpd/newvirtualhost.conf.j2 @@ -0,0 +1,71 @@ + + # Change this to the domain which points to your host. + ServerName {{ item.name }} + + # Use separate log files for the SSL virtual host; note that LogLevel + # is not inherited from httpd.conf. + ErrorLog logs/{{ item.name }}_error_log + TransferLog logs/{{ item.name }}_access_log + LogLevel warn + + # SSL Engine Switch: + # Enable/Disable SSL for this virtual host. + SSLEngine on + + # SSL Protocol support: + # List the enable protocol levels with which clients will be able to + # connect. Disable SSLv2 access by default: + SSLProtocol all -SSLv2 + + # SSL Cipher Suite: + # List the ciphers that the client is permitted to negotiate. + # See the mod_ssl documentation for a complete list. + #SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW + SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 + + # Server Certificate: + # Point SSLCertificateFile at a PEM encoded certificate. If + # the certificate is encrypted, then you will be prompted for a + # pass phrase. Note that a kill -HUP will prompt again. A new + # certificate can be generated using the genkey(1) command. + SSLCertificateFile /etc/pki/tls/certs/{{ sslcertfile }} + + # Server Private Key: + # If the key is not combined with the certificate, use this + # directive to point at the key file. Keep in mind that if + # you've both a RSA and a DSA private key you can configure + # both in parallel (to also allow the use of DSA ciphers, etc.) + SSLCertificateKeyFile /etc/pki/tls/private/{{ sslkeyfile }} + + # Server Certificate Chain: + # Point SSLCertificateChainFile at a file containing the + # concatenation of PEM encoded CA certificates which form the + # certificate chain for the server certificate. Alternatively + # the referenced file can be the same as SSLCertificateFile + # when the CA certificates are directly appended to the server + # certificate for convinience. + #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt + {% if sslintermediatecertfile is defined %} + SSLCertificateChainFile /etc/pki/tls/certs/{{ sslintermediatecertfile }} + {% endif %} + + # Certificate Authority (CA): + # Set the CA certificate verification path where to find CA + # certificates for client authentication or alternatively one + # huge file containing all of them (file must be PEM encoded) + #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt + + DocumentRoot {{ item.document_root }} + + + + + + # Change this to the domain which points to your host. + ServerName {{ item.name }} + {% if sslonly %} + RewriteEngine On + RewriteCond %{HTTPS} off + RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE] + {% endif %} + diff --git a/inventory/group_vars/qadevel-stg b/inventory/group_vars/qadevel-stg index fa67d354a3..4c522f9048 100644 --- a/inventory/group_vars/qadevel-stg +++ b/inventory/group_vars/qadevel-stg @@ -75,4 +75,9 @@ buildslave_name: 'qadevel-stg' deployment_type: qadevel-stg tcp_ports: [ 80, 222, 443, "{{ buildslave_port }}", 3306 ] +# static sites +static_sites: + - name: docs.{{ external_hostname }} + document_root: /var/www/docs + freezes: false diff --git a/playbooks/groups/qadevel-stg.yml b/playbooks/groups/qadevel-stg.yml index b1e15159c2..d253b1219a 100644 --- a/playbooks/groups/qadevel-stg.yml +++ b/playbooks/groups/qadevel-stg.yml @@ -52,6 +52,7 @@ - name: configure phabricator hosts: qadevel-stg user: root + gather_facts: True vars_files: @@ -85,3 +86,32 @@ handlers: - include: "{{ handlers }}/restart_services.yml" + +- name: configure static sites for qadevel-stg + hosts: qadevel-stg + user: root + gather_facts: True + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - "/srv/private/ansible/vars.yml" + - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + + handlers: + - include: "{{ handlers }}/restart_services.yml" + + tasks: + - name: ensure ServerName is set in ssl.conf + replace: dest=/etc/httpd/conf.d/ssl.conf regexp='^#ServerName .*$' replace='ServerName {{ external_hostname }}:443' + + - name: ensure ServerName is set in httpd.conf + replace: dest=/etc/httpd/conf/httpd.conf regexp='^#ServerName .*$' replace='ServerName {{ external_hostname }}:443' + + + - name: create dirs for static sites + file: path={{ item.document_root }} state=directory owner=apache group=apache mode=1755 + with_items: static_sites + + - name: generate virtualhosts for static sites + template: src={{ files }}/httpd/newvirtualhost.conf.j2 dest=/etc/httpd/conf.d/{{ item.name }}.conf owner=root group=root mode=0644 + with_items: static_sites From e564e11fe0563605b7dc55618ebb8fd69c2bbe4e Mon Sep 17 00:00:00 2001 From: Tim Flink Date: Fri, 17 Jul 2015 19:47:08 +0000 Subject: [PATCH 14/20] fixing yaml error in qadevel-stg playbook, making more standard --- playbooks/groups/qadevel-stg.yml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/playbooks/groups/qadevel-stg.yml b/playbooks/groups/qadevel-stg.yml index d253b1219a..5984888fb8 100644 --- a/playbooks/groups/qadevel-stg.yml +++ b/playbooks/groups/qadevel-stg.yml @@ -97,9 +97,6 @@ - "/srv/private/ansible/vars.yml" - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - include: "{{ handlers }}/restart_services.yml" - tasks: - name: ensure ServerName is set in ssl.conf replace: dest=/etc/httpd/conf.d/ssl.conf regexp='^#ServerName .*$' replace='ServerName {{ external_hostname }}:443' @@ -107,11 +104,15 @@ - name: ensure ServerName is set in httpd.conf replace: dest=/etc/httpd/conf/httpd.conf regexp='^#ServerName .*$' replace='ServerName {{ external_hostname }}:443' - - name: create dirs for static sites file: path={{ item.document_root }} state=directory owner=apache group=apache mode=1755 with_items: static_sites - - name: generate virtualhosts for static sites - template: src={{ files }}/httpd/newvirtualhost.conf.j2 dest=/etc/httpd/conf.d/{{ item.name }}.conf owner=root group=root mode=0644 - with_items: static_sites + - name: generate virtualhosts for static sites + template: src={{ files }}/httpd/newvirtualhost.conf.j2 dest=/etc/httpd/conf.d/{{ item.name }}.conf owner=root group=root mode=0644 + with_items: static_sites + + handlers: + - include: "{{ handlers }}/restart_services.yml" + + From d776400d46d7b9f2e7e1056b949ad77f8a60f95b Mon Sep 17 00:00:00 2001 From: Tim Flink Date: Fri, 17 Jul 2015 20:03:13 +0000 Subject: [PATCH 15/20] setting value for sslonly on qadevel-stg --- inventory/group_vars/qadevel-stg | 1 + 1 file changed, 1 insertion(+) diff --git a/inventory/group_vars/qadevel-stg b/inventory/group_vars/qadevel-stg index 4c522f9048..83107ae046 100644 --- a/inventory/group_vars/qadevel-stg +++ b/inventory/group_vars/qadevel-stg @@ -79,5 +79,6 @@ tcp_ports: [ 80, 222, 443, "{{ buildslave_port }}", 3306 ] static_sites: - name: docs.{{ external_hostname }} document_root: /var/www/docs +sslonly: false freezes: false From 506485a596cad8db44b9ddd67b97f1e80705282d Mon Sep 17 00:00:00 2001 From: Tim Flink Date: Fri, 17 Jul 2015 20:03:31 +0000 Subject: [PATCH 16/20] tagging static site setup bits for qadevel-stg --- playbooks/groups/qadevel-stg.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/playbooks/groups/qadevel-stg.yml b/playbooks/groups/qadevel-stg.yml index 5984888fb8..08136971a6 100644 --- a/playbooks/groups/qadevel-stg.yml +++ b/playbooks/groups/qadevel-stg.yml @@ -100,17 +100,25 @@ tasks: - name: ensure ServerName is set in ssl.conf replace: dest=/etc/httpd/conf.d/ssl.conf regexp='^#ServerName .*$' replace='ServerName {{ external_hostname }}:443' + tags: + - qadevelstaticsites - name: ensure ServerName is set in httpd.conf replace: dest=/etc/httpd/conf/httpd.conf regexp='^#ServerName .*$' replace='ServerName {{ external_hostname }}:443' + tags: + - qadevelstaticsites - name: create dirs for static sites file: path={{ item.document_root }} state=directory owner=apache group=apache mode=1755 with_items: static_sites + tags: + - qadevelstaticsites - name: generate virtualhosts for static sites template: src={{ files }}/httpd/newvirtualhost.conf.j2 dest=/etc/httpd/conf.d/{{ item.name }}.conf owner=root group=root mode=0644 with_items: static_sites + tags: + - qadevelstaticsites handlers: - include: "{{ handlers }}/restart_services.yml" From 6a128dc86b50a02f3fb7cdcfa04792c1a583925d Mon Sep 17 00:00:00 2001 From: Tim Flink Date: Fri, 17 Jul 2015 20:28:20 +0000 Subject: [PATCH 17/20] adding restart httpd notifier where needed for qadevel-stg --- playbooks/groups/qadevel-stg.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/playbooks/groups/qadevel-stg.yml b/playbooks/groups/qadevel-stg.yml index 08136971a6..b24c01a204 100644 --- a/playbooks/groups/qadevel-stg.yml +++ b/playbooks/groups/qadevel-stg.yml @@ -100,11 +100,15 @@ tasks: - name: ensure ServerName is set in ssl.conf replace: dest=/etc/httpd/conf.d/ssl.conf regexp='^#ServerName .*$' replace='ServerName {{ external_hostname }}:443' + notify: + - restart httpd tags: - qadevelstaticsites - name: ensure ServerName is set in httpd.conf replace: dest=/etc/httpd/conf/httpd.conf regexp='^#ServerName .*$' replace='ServerName {{ external_hostname }}:443' + notify: + - restart httpd tags: - qadevelstaticsites @@ -117,6 +121,8 @@ - name: generate virtualhosts for static sites template: src={{ files }}/httpd/newvirtualhost.conf.j2 dest=/etc/httpd/conf.d/{{ item.name }}.conf owner=root group=root mode=0644 with_items: static_sites + notify: + - restart httpd tags: - qadevelstaticsites From 246c398692f6d50acac3b99e397fc5959eb130f3 Mon Sep 17 00:00:00 2001 From: Mike Ruckman Date: Fri, 17 Jul 2015 20:56:14 +0000 Subject: [PATCH 18/20] allow indexing to follow symlinks on qadevel --- files/httpd/newvirtualhost.conf.j2 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/files/httpd/newvirtualhost.conf.j2 b/files/httpd/newvirtualhost.conf.j2 index 96e2969434..7b70b78f42 100644 --- a/files/httpd/newvirtualhost.conf.j2 +++ b/files/httpd/newvirtualhost.conf.j2 @@ -57,6 +57,8 @@ DocumentRoot {{ item.document_root }} + Options Index FollowSymLinks + @@ -67,5 +69,7 @@ RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE] + {% else %} + Options Index FollowSymLinks {% endif %} From 7ed79ba3e8b511ae944caf45e7aabde4f518fd67 Mon Sep 17 00:00:00 2001 From: Mike Ruckman Date: Fri, 17 Jul 2015 21:03:58 +0000 Subject: [PATCH 19/20] fix: fixed typo in last commit (246c398) --- files/httpd/newvirtualhost.conf.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/files/httpd/newvirtualhost.conf.j2 b/files/httpd/newvirtualhost.conf.j2 index 7b70b78f42..11fddcc60d 100644 --- a/files/httpd/newvirtualhost.conf.j2 +++ b/files/httpd/newvirtualhost.conf.j2 @@ -57,7 +57,7 @@ DocumentRoot {{ item.document_root }} - Options Index FollowSymLinks + Options Indexes FollowSymLinks @@ -70,6 +70,6 @@ RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE] {% else %} - Options Index FollowSymLinks + Options Indexes FollowSymLinks {% endif %} From 6020cedaa6cbfb74848156f24cf5430223708abf Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Fri, 17 Jul 2015 21:11:33 +0000 Subject: [PATCH 20/20] Add sudoers for sundries. --- inventory/group_vars/sundries | 2 ++ inventory/group_vars/sundries-stg | 2 ++ 2 files changed, 4 insertions(+) diff --git a/inventory/group_vars/sundries b/inventory/group_vars/sundries index 414df5e62b..6f294078ef 100644 --- a/inventory/group_vars/sundries +++ b/inventory/group_vars/sundries @@ -18,3 +18,5 @@ rsync_group: sundries nrpe_procs_warn: 300 nrpe_procs_crit: 500 + +sudoers: "{{ private }}/files/sudo/sundries-sudoers" diff --git a/inventory/group_vars/sundries-stg b/inventory/group_vars/sundries-stg index 414df5e62b..6f294078ef 100644 --- a/inventory/group_vars/sundries-stg +++ b/inventory/group_vars/sundries-stg @@ -18,3 +18,5 @@ rsync_group: sundries nrpe_procs_warn: 300 nrpe_procs_crit: 500 + +sudoers: "{{ private }}/files/sudo/sundries-sudoers"