With f41's elfutils-debuginfod-0.192-5, we're finally ready to start
serving per-file IMA signatures to remote debuginfo clients. This
additional flag is needed because fedora/koji stores stripped rpm-ima
signatures in a nearby file rather than in the retained RPM.
Using `git grep el6` and `git grep el7` and variants like EL-7 or
el-7, I found various entries and files which were no longer needed
with the current ansible. I updated text or tests to later versions of
RHEL as needed.
found entries for the fedora ami's for the original cloud and removed
those entries also.
Signed-off-by: Stephen Smoogen <ssmoogen@redhat.com>
This removes osbs and allmost all it's associated playbooks and files.
It served long and well, but we no longer need it.
flatpaks are building with a koji-flatpak plugin.
base/minimal/toolbox containers are building with kiwi.
We aren't building any other containers right now, and we did they could
be added to kiwi.
This is the end of an era... I look with nostolga on
ansible-ansible-openshift-ansible (a role to setup ansible on a control
host and run it from our ansible).
Good bye osbs!
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
There's no reason any of these should be http.
https://infrastructure.fedoraproject.org should be valid and work
everywhere.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Thanks to the recently shrunken database schema (~150GB for all of
fedora 35+) and generous storage on the VM servers (~1TB available),
we can dramatically increase the cache size. Along with debuginfod
upstream improvements (brought in via a copr build), this should
drastically improve the responsiveness of the debuginfod service.
Currently, I (Stephen Smoogen) do not have the time to work on Fedora
system administration items. However, I get a lot of email and people
see my email address in various places to ping me for working on
things. I feel it would be better to remove myself from those places
and let Fedora Infrastructure add someone else to replace me when it
is possible to do so.
Signed-off-by: Stephen Smoogen <ssmoogen@redhat.com>
We had centos stream and altarches and centos linux under /srv/pub on
external download servers. However, this breaks people who sync buffet
or the like from them because they suddenly get centos content that they
want to just get directly elsewhere. So, just move these up a leave so
they are out of the buffet target and people who want them can get them
elsewhere.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
reg runs and gathers information from the container registry to make a
'pretty' web page at https://registry.fedoraproject.org. However, this
page is pretty useless and really only needs to update after branching
(if then). We may look at redirecting this to a static websites page
that has information on our containers at some point.
In the mean time reg sometimes creates a empty file that syncs out and
causes alerts. So, lets just completely disable it.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Normalize RHEL image names to RHEL-X.Y. Since RHEL images are
produced quite frequently it is sufficient to keep just one
RHEL <major>.<minor> after the log expires.
Also add contacts to Linux system roles maintainers.
Signed-off-by: Jiri Kucera <jkucera@redhat.com>
Yesterdays fix: a script that restarted networking to bring back a ipv6
route on proxy11, causes:
Todays bug: restarting the interface every minute causes the nameserver
to burp and not find sundries01, so all the rsyncs fail. It seems to
handle this just fine now, so lets retire this glorious hack.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
My last commit wasn't correct. It turns out we still need to:
a) drop the dracut made bogus "Wired Connection". We do this in
nbde_client-network-flush by removing the default connection file.
b) We also need to tell NetworkManager to not make 'Wired Connection 43'
for any non configured interfaces. We only want to use the ones we
configure and not any of the others that may or may not have link.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
In RHEL8.0->8.2 this all worked fine, because dracut was using legacy
networking. So, needsneed=1 would bring up network, it would not save it
to ifcfg files due to removing that dracut module all then NM would take
over. However, on RHEL8.3+ dracut started using NetworkManager. So, it
would bring up network, nbde_client would flush those so they had no
ip's on them, but dracut would hand off a "Wired Connection" NM profile
(even tho the interface had no ips now). It would then of course
activate it and boom, mess up your real Networking. It seems the logic
for handing off this network config is pivoting on needsnet=1. So, if we
switch to just 'ip=dhcp' it works and doesn't mess with your real
networking.
TODO: report this and try and get a real fix in either nbde_client or
dracut or both.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
We had an import snapshot task get stuck and we don't have permission to
cancel it. This will enable us to run something like:
```
aws ec2 cancel-import-task --import-task-id import-snap-071b6e456e60146b7
```
Already in effect on prod & stg, formalize these configuration tweaks
that limit overload, improve cgroup monitoring, and build tolerance to
transient fileserver problems.
