Merge branch 'master' of /git/ansible
This commit is contained in:
Jan Kaluža
commit
eb6a021114
35 changed files with 147 additions and 100 deletions
|
|
@ -1,7 +1,7 @@
|
|||
[updates-testing]
|
||||
name=Fedora $releasever - $basearch - Test Updates
|
||||
failovermethod=priority
|
||||
baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/$basearch/
|
||||
baseurl=https://infrastructure.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/$basearch/
|
||||
#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch
|
||||
enabled=0
|
||||
gpgcheck=1
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
[updates]
|
||||
name=Fedora $releasever - $basearch - Updates
|
||||
failovermethod=priority
|
||||
baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/$releasever/$basearch/
|
||||
baseurl=https://infrastructure.fedoraproject.org/pub/fedora/linux/updates/$releasever/$basearch/
|
||||
#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch
|
||||
enabled=1
|
||||
gpgcheck=1
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
[fedora]
|
||||
name=Fedora $releasever - $basearch
|
||||
failovermethod=priority
|
||||
baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/$basearch/os/
|
||||
baseurl=https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/$basearch/os/
|
||||
#metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch
|
||||
enabled=1
|
||||
metadata_expire=7d
|
||||
gpgcheck=0
|
||||
gpgcheck=1
|
||||
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
|
||||
|
||||
[fedora-debuginfo]
|
||||
|
|
|
|||
|
|
@ -2,3 +2,8 @@
|
|||
vmhost: virthost04.phx2.fedoraproject.org
|
||||
eth0_ip: 10.5.128.84
|
||||
gw: 10.5.128.254
|
||||
|
||||
# Override these from the stg group because we need more mem/cpus to do compose channel stuff.
|
||||
mem_size: 15360
|
||||
max_mem_size: "{{ mem_size }}"
|
||||
num_cpus: 6
|
||||
|
|
|
|||
|
|
@ -7,8 +7,8 @@ dns: 10.5.126.21
|
|||
#
|
||||
libdir: /usr/lib64
|
||||
|
||||
ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-25
|
||||
ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/
|
||||
ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-27
|
||||
ks_repo: http://10.5.126.23/pub/fedora/linux/releases/27/Server/x86_64/os/
|
||||
virt_install_command: "{{ virt_install_command_two_nic }}"
|
||||
|
||||
lvm_size: 30000
|
||||
|
|
|
|||
|
|
@ -7,8 +7,8 @@ dns: 10.5.126.21
|
|||
#
|
||||
libdir: /usr/lib64
|
||||
|
||||
ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-26
|
||||
ks_repo: http://10.5.126.23/pub/fedora/linux/releases/26/Server/x86_64/os/
|
||||
ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-27
|
||||
ks_repo: http://10.5.126.23/pub/fedora/linux/releases/27/Server/x86_64/os/
|
||||
virt_install_command: "{{ virt_install_command_two_nic }}"
|
||||
|
||||
lvm_size: 262144
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ gw: 10.5.126.254
|
|||
dns: 10.5.126.21
|
||||
volgroup: /dev/vg_guests
|
||||
eth0_ip: 10.5.126.71
|
||||
vmhost: virthost02.phx2.fedoraproject.org
|
||||
vmhost: virthost06.phx2.fedoraproject.org
|
||||
datacenter: phx2
|
||||
|
||||
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
|
||||
|
|
|
|||
|
|
@ -9,6 +9,6 @@ ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
|
|||
eth0_ip: 10.5.126.130
|
||||
|
||||
volgroup: /dev/vg_guests
|
||||
vmhost: virthost19.phx2.fedoraproject.org
|
||||
vmhost: virthost21.phx2.fedoraproject.org
|
||||
|
||||
datacenter: phx2
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@ nm: 255.255.255.0
|
|||
gw: 10.5.126.254
|
||||
dns: 10.5.126.21
|
||||
|
||||
ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25
|
||||
ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Server/x86_64/os/
|
||||
ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7
|
||||
ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/
|
||||
|
||||
eth0_ip: 10.5.126.131
|
||||
|
||||
|
|
|
|||
|
|
@ -24,3 +24,4 @@ postfix_group: vpn
|
|||
nrpe_procs_warn: 1200
|
||||
nrpe_procs_crit: 1400
|
||||
vpn: true
|
||||
num_cpus: 8
|
||||
|
|
|
|||
|
|
@ -46,17 +46,13 @@ certgetter01.phx2.fedoraproject.org
|
|||
faf01.stg.phx2.fedoraproject.org
|
||||
|
||||
[freshmaker-frontend]
|
||||
# not prod yet, until patrick finishes his audit.
|
||||
# https://pagure.io/fedora-infrastructure/issue/6183
|
||||
#freshmaker-frontend01.phx2.fedoraproject.org
|
||||
freshmaker-frontend01.phx2.fedoraproject.org
|
||||
|
||||
[freshmaker-frontend-stg]
|
||||
freshmaker-frontend01.stg.phx2.fedoraproject.org
|
||||
|
||||
[freshmaker-backend]
|
||||
# not prod yet, until patrick finishes his audit.
|
||||
# https://pagure.io/fedora-infrastructure/issue/6183
|
||||
#freshmaker-backend01.phx2.fedoraproject.org
|
||||
freshmaker-backend01.phx2.fedoraproject.org
|
||||
|
||||
[freshmaker-backend-stg]
|
||||
freshmaker-backend01.stg.phx2.fedoraproject.org
|
||||
|
|
@ -66,10 +62,8 @@ freshmaker-frontend-stg
|
|||
freshmaker-backend-stg
|
||||
|
||||
[freshmaker:children]
|
||||
# not prod yet, until patrick finishes his audit.
|
||||
# https://pagure.io/fedora-infrastructure/issue/6183
|
||||
#freshmaker-frontend
|
||||
#freshmaker-backend
|
||||
freshmaker-frontend
|
||||
freshmaker-backend
|
||||
|
||||
[ask]
|
||||
ask01.phx2.fedoraproject.org
|
||||
|
|
@ -495,14 +489,6 @@ memcached02.phx2.fedoraproject.org
|
|||
[memcached-stg]
|
||||
memcached01.stg.phx2.fedoraproject.org
|
||||
|
||||
[mirrorlist2]
|
||||
mirrorlist-host1plus.fedoraproject.org
|
||||
mirrorlist-ibiblio02.fedoraproject.org
|
||||
mirrorlist-phx2.phx2.fedoraproject.org
|
||||
|
||||
[mirrorlist2-stg]
|
||||
mirrorlist-phx2.stg.phx2.fedoraproject.org
|
||||
|
||||
[mirrorlist-proxies]
|
||||
proxy01.phx2.fedoraproject.org
|
||||
proxy02.fedoraproject.org
|
||||
|
|
@ -817,7 +803,6 @@ tagger01.stg.phx2.fedoraproject.org
|
|||
taskotron-stg01.qa.fedoraproject.org
|
||||
value01.stg.phx2.fedoraproject.org
|
||||
wiki01.stg.phx2.fedoraproject.org
|
||||
mirrorlist-phx2.stg.phx2.fedoraproject.org
|
||||
mm-frontend01.stg.phx2.fedoraproject.org
|
||||
mm-backend01.stg.phx2.fedoraproject.org
|
||||
mm-crawler01.stg.phx2.fedoraproject.org
|
||||
|
|
|
|||
|
|
@ -548,6 +548,20 @@
|
|||
src: "{{files}}/osbs/cleanup-old-osbs-builds"
|
||||
dest: "/etc/cron.d/cleanup-old-osbs-builds"
|
||||
|
||||
- name: post-install osbs control tasks
|
||||
hosts: osbs-control
|
||||
tags: osbs-post-install
|
||||
vars_files:
|
||||
- /srv/web/infra/ansible/vars/global.yml
|
||||
- /srv/private/ansible/vars.yml
|
||||
- /srv/private/ansible/files/openstack/passwords.yml
|
||||
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
||||
tasks:
|
||||
- name: enable nrpe for monitoring (noc01)
|
||||
iptables: action=insert chain=INPUT destination_port=5666 protocol=tcp source=10.5.126.41 state=present jump=ACCEPT
|
||||
tags:
|
||||
- iptables
|
||||
|
||||
|
||||
- name: post-install osbs tasks
|
||||
hosts: osbs-masters-stg:osbs-nodes-stg:osbs-masters:osbs-nodes
|
||||
|
|
|
|||
|
|
@ -50,16 +50,15 @@
|
|||
|
||||
roles:
|
||||
- basessh
|
||||
- certbot
|
||||
|
||||
- role: hubs
|
||||
main_user: fedora
|
||||
hubs_url_hostname: hubs-dev.fedorainfracloud.org
|
||||
hubs_url_hostname: "{{ ansible_fqdn }}"
|
||||
hubs_secret_key: demotestinghubsmachine
|
||||
hubs_db_type: sqlite
|
||||
hubs_dev_mode: false
|
||||
hubs_ssl_cert: /etc/letsencrypt/live/hubs-dev.fedorainfracloud.org/cert.pem
|
||||
hubs_ssl_key: /etc/letsencrypt/live/hubs-dev.fedorainfracloud.org/privkey.pem
|
||||
hubs_ssl_cert: /etc/letsencrypt/live/{{ ansible_fqdn }}/fullchain.pem
|
||||
hubs_ssl_key: /etc/letsencrypt/live/{{ ansible_fqdn }}/privkey.pem
|
||||
|
||||
|
||||
tasks:
|
||||
|
|
|
|||
|
|
@ -42,10 +42,10 @@
|
|||
|
||||
pre_tasks:
|
||||
- name: clean all metadata
|
||||
command: dnf clean all
|
||||
command: yum clean all
|
||||
check_mode: no
|
||||
- name: dnf update PDC packages
|
||||
dnf: name="{{item}}" state=latest
|
||||
- name: yum update PDC packages
|
||||
yum: name="{{item}}" state=latest
|
||||
with_items:
|
||||
- python-pdc
|
||||
- python-productmd
|
||||
|
|
|
|||
|
|
@ -46,6 +46,10 @@
|
|||
-A OUTPUT --dst 10.5.126.51 -p tcp -m tcp --dport 443 -j ACCEPT
|
||||
-A OUTPUT --dst 10.5.126.52 -p tcp -m tcp --dport 443 -j ACCEPT
|
||||
|
||||
# Allow VPN access
|
||||
-A OUTPUT --dst 10.5.126.11 -p udp -m udp --dport 1194 -j ACCEPT
|
||||
-A OUTPUT --dst 10.5.126.12 -p udp -m udp --dport 1194 -j ACCEPT
|
||||
|
||||
# otherwise kick everything out
|
||||
-A INPUT -j REJECT --reject-with icmp-host-prohibited
|
||||
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
|
||||
|
|
|
|||
|
|
@ -102,6 +102,9 @@ require ip 8.43.85.67
|
|||
require ip 8.43.85.68
|
||||
require ip 8.43.85.69
|
||||
|
||||
# bodhost
|
||||
require ip 174.141.234.172
|
||||
|
||||
|
||||
#
|
||||
# We put this at the end because it fails for hosts with no reverse dns
|
||||
|
|
|
|||
|
|
@ -56,24 +56,8 @@ frontend mirror-lists-frontend
|
|||
backend mirror-lists-backend
|
||||
balance hdr(appserver)
|
||||
timeout connect 30s
|
||||
{% if env == "staging" %}
|
||||
server mirrorlist-local1 localhost:18081 check inter 1s rise 2 fall 3 weight 100
|
||||
server mirrorlist-local2 localhost:18082 check inter 1s rise 2 fall 3 weight 100
|
||||
server mirrorlist-phx2 mirrorlist-phx2:80 check inter 5s rise 2 fall 3 backup
|
||||
{% endif %}
|
||||
{% if env == "production" %}
|
||||
{% if 'mirrorlist-proxies' in group_names %}
|
||||
server mirrorlist-local1 localhost:18081 check inter 1s rise 2 fall 3 weight 100
|
||||
server mirrorlist-local2 localhost:18082 check inter 1s rise 2 fall 3 weight 100
|
||||
server mirrorlist-phx2 mirrorlist-phx2:80 check inter 5s rise 2 fall 3 backup
|
||||
server mirrorlist-host1plus mirrorlist-host1plus:80 check inter 5s rise 2 fall 3 backup
|
||||
server mirrorlist-ibiblio02 mirrorlist-ibiblio02:80 check inter 5s rise 2 fall 3 backup
|
||||
{% else %}
|
||||
server mirrorlist-phx2 mirrorlist-phx2:80 check inter 5s rise 2 fall 3
|
||||
server mirrorlist-ibiblio02 mirrorlist-ibiblio02:80 check inter 5s rise 2 fall 3
|
||||
server mirrorlist-host1plus mirrorlist-host1plus:80 check inter 5s rise 2 fall 3 backup
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
option httpchk GET /mirrorlist
|
||||
option allbackups
|
||||
|
||||
|
|
|
|||
|
|
@ -5,6 +5,9 @@ SetEnv proxy-nokeepalive 1
|
|||
</Location>
|
||||
|
||||
{% if env != "staging" %}
|
||||
# Checkins are slowish, unfortunately this needs to be on the Server Config level
|
||||
ProxyTimeout 180
|
||||
|
||||
ProxyPass "/mirrormanager/xmlrpc" "http://mm-frontend-checkin01/mirrormanager/xmlrpc"
|
||||
ProxyPassReverse "/mirrormanager/xmlrpc" "http://mm-frontend-checkin01/mirrormanager/xmlrpc"
|
||||
{% endif %}
|
||||
|
|
|
|||
|
|
@ -1,13 +0,0 @@
|
|||
<Location {{remotepath}}>
|
||||
RequestHeader set CP-Location {{remotepath}}
|
||||
SetEnv force-proxy-request-1.0 1
|
||||
SetEnv proxy-nokeepalive 1
|
||||
</Location>
|
||||
|
||||
{% if env != "staging" %}
|
||||
ProxyPass "/mirrormanager/xmlrpc" "http://mm-frontend-checkin01/mirrormanager/xmlrpc"
|
||||
ProxyPassReverse "/mirrormanager/xmlrpc" "http://mm-frontend-checkin01/mirrormanager/xmlrpc"
|
||||
{% endif %}
|
||||
|
||||
ProxyPass {{ localpath }} {{ proxyurl }}{{remotepath}}
|
||||
ProxyPassReverse {{ localpath }} {{ proxyurl }}{{remotepath}}
|
||||
3
roles/hubs/meta/main.yml
Normal file
3
roles/hubs/meta/main.yml
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
dependencies:
|
||||
- certbot
|
||||
- mongodb
|
||||
|
|
@ -157,13 +157,27 @@
|
|||
chdir: "{{ hubs_code_dir }}/hubs/static/client"
|
||||
|
||||
- name: Build JavaScript assests
|
||||
command: node_modules/.bin/webpack
|
||||
command: npm run build
|
||||
become_user: "{{ main_user }}"
|
||||
args:
|
||||
chdir: "{{ hubs_code_dir }}/hubs/static/client"
|
||||
creates: "{{ hubs_code_dir }}/hubs/static/js/build/common.js"
|
||||
|
||||
|
||||
- name: Fix permissions if necessary
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
owner: "{{ main_user }}"
|
||||
group: "{{ main_user }}"
|
||||
recurse: yes
|
||||
#setype: httpd_sys_content_rw_t
|
||||
with_items:
|
||||
- "{{ hubs_base_dir }}"
|
||||
- "{{ hubs_conf_dir }}"
|
||||
- "{{ hubs_var_dir }}"
|
||||
|
||||
|
||||
# Services
|
||||
- name: Disable the system-wide fedmsg-hub
|
||||
service: name=fedmsg-hub state=stopped enabled=no
|
||||
|
|
|
|||
|
|
@ -8,17 +8,6 @@
|
|||
- libsemanage-python
|
||||
|
||||
|
||||
- name: Generate SSL certificate and key
|
||||
shell:
|
||||
echo -e "--\nSomeState\nSomeCity\nSomeOrganization\nSomeOrganizationalUnit\nlocalhost.localdomain\nroot@localhost.localdomain"
|
||||
| openssl req -utf8 -newkey rsa:2048
|
||||
-keyout /etc/pki/tls/private/localhost.key
|
||||
-nodes -x509 -days 365
|
||||
-out /etc/pki/tls/certs/localhost.crt
|
||||
args:
|
||||
creates: /etc/pki/tls/certs/localhost.crt
|
||||
|
||||
|
||||
- name: Gunicorn logging configuration
|
||||
copy:
|
||||
src: logging.ini
|
||||
|
|
@ -48,6 +37,17 @@
|
|||
- restart nginx
|
||||
|
||||
|
||||
- name: install python2-certbot-nginx
|
||||
dnf: name=python2-certbot-nginx state=present
|
||||
|
||||
- name: get the letencrypt cert
|
||||
command: certbot certonly -n --nginx -d {{ ansible_fqdn }} --agree-tos --email admin@fedoraproject.org
|
||||
args:
|
||||
creates: /etc/letsencrypt/live/{{ ansible_fqdn }}/privkey.pem
|
||||
notify:
|
||||
- restart nginx
|
||||
|
||||
|
||||
- name: Nginx proxy configuration
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
|
|
|
|||
|
|
@ -1,3 +1,5 @@
|
|||
ssl on;
|
||||
ssl_certificate {{ hubs_ssl_cert }};
|
||||
ssl_certificate_key {{ hubs_ssl_key }};
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
#!/bin/sh
|
||||
|
||||
MIRRORLIST_SERVERS="{% for host in groups['mirrorlist2'] %} {{ host }} {% endfor %}"
|
||||
MIRRORLIST_PROXIES="{% for host in groups['mirrorlist-proxies'] %} {{ host }} {% endfor %}"
|
||||
FRONTENDS="{% for host in groups['mm-frontend'] %} {{ host }} {% endfor %}"
|
||||
|
||||
|
|
@ -24,10 +23,6 @@ OUTPUT=`mktemp -d`
|
|||
|
||||
trap "rm -f ${OUTPUT}/*; rmdir ${OUTPUT}" QUIT TERM INT HUP EXIT
|
||||
|
||||
# Fetch compressed log files
|
||||
for s in ${MIRRORLIST_SERVERS}; do
|
||||
ssh $s "( xzcat $INFILE | gzip -4 )" >> ${OUTPUT}/mirrorlist.log.gz
|
||||
done
|
||||
for s in ${MIRRORLIST_PROXIES}; do
|
||||
ssh $s "( cat $CONTAINER1 | gzip -4 )" >> ${OUTPUT}/mirrorlist.log.gz
|
||||
ssh $s "( cat $CONTAINER2 | gzip -4 )" >> ${OUTPUT}/mirrorlist.log.gz
|
||||
|
|
|
|||
|
|
@ -1,12 +1,5 @@
|
|||
#!/bin/bash
|
||||
|
||||
MIRRORLIST_SERVERS="{% for host in groups['mirrorlist2'] %} {{ host }} {% endfor %}"
|
||||
|
||||
for s in ${MIRRORLIST_SERVERS}; do
|
||||
rsync -az --delete-delay --delay-updates --delete /var/lib/mirrormanager/{*pkl,*txt} ${s}:/var/lib/mirrormanager/
|
||||
ssh $s 'kill -HUP $(cat /var/run/mirrormanager/mirrorlist_server.pid)'
|
||||
done
|
||||
|
||||
# sync also to new mirrorlist containers on proxies
|
||||
|
||||
MIRRORLIST_PROXY="{% for host in groups['mirrorlist-proxies'] %} {{ host }} {% endfor %}"
|
||||
|
|
|
|||
Binary file not shown.
|
|
@ -1,11 +1,15 @@
|
|||
module fi-nrpe 1.0;
|
||||
module fi-nrpe 1.1;
|
||||
|
||||
require {
|
||||
type nagios_system_plugin_t;
|
||||
type nagios_admin_plugin_t;
|
||||
type nrpe_exec_t;
|
||||
class file getattr;
|
||||
type bin_t;
|
||||
class file { getattr map execute };
|
||||
}
|
||||
|
||||
#============= nagios_system_plugin_t ==============
|
||||
allow nagios_system_plugin_t nrpe_exec_t:file getattr;
|
||||
|
||||
# This is needed for e.g. check_file_age, which is a perl script
|
||||
allow nagios_admin_plugin_t bin_t:file { map execute };
|
||||
|
|
|
|||
BIN
roles/nagios_client/files/selinux/mirrormanager_container.pp
Normal file
BIN
roles/nagios_client/files/selinux/mirrormanager_container.pp
Normal file
Binary file not shown.
15
roles/nagios_client/files/selinux/mirrormanager_container.te
Normal file
15
roles/nagios_client/files/selinux/mirrormanager_container.te
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
module mirrormanager_container 1.0;
|
||||
|
||||
require {
|
||||
type container_t;
|
||||
type container_file_t;
|
||||
type mirrormanager_log_t;
|
||||
type nrpe_t;
|
||||
class file { append getattr };
|
||||
}
|
||||
|
||||
# Allow mirrorlist to append to its log
|
||||
allow container_t mirrormanager_log_t:file append;
|
||||
# Allow nrpe to check file age of mirrorlist pkl files
|
||||
allow nrpe_t container_file_t:file getattr;
|
||||
|
||||
|
|
@ -94,10 +94,35 @@
|
|||
- name: copy over our custom selinux module
|
||||
copy: src=selinux/fi-nrpe.pp dest=/usr/share/nrpe/fi-nrpe.pp
|
||||
register: selinux_module
|
||||
tags:
|
||||
- config
|
||||
- nagios_client
|
||||
- selinux
|
||||
|
||||
- name: install our custom selinux module
|
||||
command: semodule -i /usr/share/nrpe/fi-nrpe.pp
|
||||
when: ansible_distribution_major_version|int == 7 and selinux_module|changed
|
||||
tags:
|
||||
- config
|
||||
- nagios_client
|
||||
- selinux
|
||||
|
||||
- name: copy over our custom selinux module for mirrorlist
|
||||
copy: src=selinux/fi-nrpe.pp dest=/usr/share/nrpe/mirrormanager_container.pp
|
||||
register: selinux_module_mirrorlist
|
||||
when: "'proxy' in inventory_hostname"
|
||||
tags:
|
||||
- config
|
||||
- nagios_client
|
||||
- selinux
|
||||
|
||||
- name: install our custom selinux module for mirrorlist
|
||||
command: semodule -i /usr/share/nrpe/mirrormanager_container.pp
|
||||
when: "'proxy' in inventory_hostname and selinux_module|changed"
|
||||
tags:
|
||||
- config
|
||||
- nagios_client
|
||||
- selinux
|
||||
|
||||
|
||||
# Set up our base config.
|
||||
|
|
@ -147,6 +172,7 @@
|
|||
- check_koschei_watcher_proc.cfg
|
||||
- check_testcloud.cfg
|
||||
- check_mirrorlist_docker_proxy.cfg
|
||||
- check_mirrorlist_cache.cfg
|
||||
- check_celery_redis_queue.cfg
|
||||
- check_odcs_backend_proc.cfg
|
||||
notify:
|
||||
|
|
|
|||
|
|
@ -1 +1,2 @@
|
|||
command[check_mirrorlist_cache]={{ libdir }}/nagios/plugins/check_file_age -w 14400 -c 129600 -f /var/lib/mirrormanager/mirrorlist_cache.pkl
|
||||
command[check_mirrorlist1_cache]={{ libdir }}/nagios/plugins/check_file_age -w 14400 -c 129600 -f /srv/mirrorlist/data/mirrorlist1/mirrorlist_cache.pkl
|
||||
command[check_mirrorlist2_cache]={{ libdir }}/nagios/plugins/check_file_age -w 14400 -c 129600 -f /srv/mirrorlist/data/mirrorlist2/mirrorlist_cache.pkl
|
||||
|
|
|
|||
|
|
@ -1,7 +1,16 @@
|
|||
define service {
|
||||
hostgroup_name mirrorlist2
|
||||
service_description Check MirrorList Cache
|
||||
check_command check_by_nrpe!check_mirrorlist_cache
|
||||
hostgroup_name proxies
|
||||
service_description Check MirrorList 1 Cache
|
||||
check_command check_by_nrpe!check_mirrorlist1_cache
|
||||
use defaulttemplate
|
||||
check_interval 120
|
||||
notification_interval 130
|
||||
}
|
||||
|
||||
define service {
|
||||
hostgroup_name proxies
|
||||
service_description Check MirrorList 2 Cache
|
||||
check_command check_by_nrpe!check_mirrorlist2_cache
|
||||
use defaulttemplate
|
||||
check_interval 120
|
||||
notification_interval 130
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
define hostgroup {
|
||||
hostgroup_name nomail
|
||||
alias No Mail
|
||||
members *, !status, !registry-cdn, !phx2-gw, !ibiblio-gw, !cloud-gw, !bodhost-gw, !coloamer-gw, !dedicated-gw, !host1plus-gw, !internetx-gw, !osuosl-gw, !rdu-gw, !rdu-cc-gw, !tummy-gw, !proxy05.fedoraproject.org, !mirrorlist-host1plus.fedoraproject.org, !download-rdu01.fedoraproject.org, !virthost-rdu01.fedoraproject.org, !fas3-01.stg.phx2.fedoraproject.org, !osbs-control01.phx2.fedoraproject.org, {% for host in groups['bastion'] %}!{{host}}, {% endfor %}{% for host in groups['smtp-mm'] %}!{{host}}, {% endfor %} {% for host in groups['builders'] %}!{{host}},{% endfor %} {% for host in groups['builders-stg'] %}!{{host}},{% endfor %} {% for host in groups['cloud'] %}!{{host}}, {% endfor %} {% for host in vars['phx2_management_limited'] %}!{{host}},{% endfor %} {% for host in vars['phx2_management_hosts'] %}!{{host}}{% if not loop.last %},{% endif %} {% endfor %}
|
||||
members *, !status, !registry-cdn, !phx2-gw, !ibiblio-gw, !cloud-gw, !bodhost-gw, !coloamer-gw, !dedicated-gw, !host1plus-gw, !internetx-gw, !osuosl-gw, !rdu-gw, !rdu-cc-gw, !tummy-gw, !proxy05.fedoraproject.org, !download-rdu01.fedoraproject.org, !virthost-rdu01.fedoraproject.org, !fas3-01.stg.phx2.fedoraproject.org, !osbs-control01.phx2.fedoraproject.org, {% for host in groups['bastion'] %}!{{host}}, {% endfor %}{% for host in groups['smtp-mm'] %}!{{host}}, {% endfor %} {% for host in groups['builders'] %}!{{host}},{% endfor %} {% for host in groups['builders-stg'] %}!{{host}},{% endfor %} {% for host in groups['cloud'] %}!{{host}}, {% endfor %} {% for host in vars['phx2_management_limited'] %}!{{host}},{% endfor %} {% for host in vars['phx2_management_hosts'] %}!{{host}}{% if not loop.last %},{% endif %} {% endfor %}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
- when: {message_type: KojiBuildPackageCompleted}
|
||||
do:
|
||||
- {tasks: [rpmlint, rpmgrill]}
|
||||
- {tasks: [rpmlint, rpmgrill, python-versions]}
|
||||
|
||||
- when:
|
||||
message_type: KojiBuildPackageCompleted
|
||||
|
|
|
|||
|
|
@ -16,5 +16,5 @@ scp db01.phx2.fedoraproject.org:/backups/mailman-$(date +%F).dump.xz /srv/web/in
|
|||
scp db01.phx2.fedoraproject.org:/backups/mbs-$(date +%F).dump.xz /srv/web/infra/db-dumps/mbs.dump.xz
|
||||
scp db01.phx2.fedoraproject.org:/backups/odcs-$(date +%F).dump.xz /srv/web/infra/db-dumps/odcs.dump.xz
|
||||
scp db01.phx2.fedoraproject.org:/backups/hyperkitty-$(date +%F).dump.xz /srv/web/infra/db-dumps/hyperkitty.dump.xz
|
||||
scp db-qa01.qa.fedoraproject.org:/backups/resultsdb-$(date +%F).dump.xz /srv/web/infra/db-dumps/resultsdb.dump.xz
|
||||
scp db-qa02.qa.fedoraproject.org:/backups/resultsdb-$(date +%F).dump.xz /srv/web/infra/db-dumps/resultsdb.dump.xz
|
||||
scp db01.phx2.fedoraproject.org:/backups/waiverdb-$(date +%F).dump.xz /srv/web/infra/db-dumps/waiverdb.dump.xz
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue